exception: parse config values, don't post process

Get the enum values from the config file. Update the new extracted
functions. Post-process the config values based on runmode and policy.
Also handle 'auto' enum value in these.

Related to
Bug #5825

(cherry picked from commit 7f8536b81c59205032676efda62a0b18ff0de224)

diff --git a/src/util-exception-policy.c b/src/util-exception-policy.c
index 18aaf8ffee70c43d164779982ee4e2a5a056e765..29955d5ea2f7a826e1a5ccb91639ce7fadc93f96 100644 (file)
--- a/src/util-exception-policy.c
+++ b/src/util-exception-policy.c
@@ -33,6 +33,8 @@ static const char *ExceptionPolicyEnumToString(enum ExceptionPolicy policy)
     switch (policy) {
         case EXCEPTION_POLICY_NOT_SET:
             return "ignore";
+        case EXCEPTION_POLICY_AUTO:
+            return "auto";
         case EXCEPTION_POLICY_REJECT:
             return "reject";
         case EXCEPTION_POLICY_BYPASS_FLOW:
@@ -64,6 +66,8 @@ void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDro
 {
     SCLogDebug("start: pcap_cnt %" PRIu64 ", policy %u", p->pcap_cnt, policy);
     switch (policy) {
+        case EXCEPTION_POLICY_AUTO:
+            break;
         case EXCEPTION_POLICY_NOT_SET:
             break;
         case EXCEPTION_POLICY_REJECT:
@@ -132,6 +136,8 @@ static enum ExceptionPolicy PickPacketAction(const char *option, enum ExceptionP
             break;
         case EXCEPTION_POLICY_NOT_SET:
             break;
+        case EXCEPTION_POLICY_AUTO:
+            break;
     }
     return p;
 }
@@ -151,13 +157,13 @@ static enum ExceptionPolicy ExceptionPolicyConfigValueParse(
 {
     enum ExceptionPolicy policy = EXCEPTION_POLICY_NOT_SET;
     if (strcmp(value_str, "drop-flow") == 0) {
-        policy = SetIPSOption(option, value_str, EXCEPTION_POLICY_DROP_FLOW);
+        policy = EXCEPTION_POLICY_DROP_FLOW;
     } else if (strcmp(value_str, "pass-flow") == 0) {
         policy = EXCEPTION_POLICY_PASS_FLOW;
     } else if (strcmp(value_str, "bypass") == 0) {
         policy = EXCEPTION_POLICY_BYPASS_FLOW;
     } else if (strcmp(value_str, "drop-packet") == 0) {
-        policy = SetIPSOption(option, value_str, EXCEPTION_POLICY_DROP_PACKET);
+        policy = EXCEPTION_POLICY_DROP_PACKET;
     } else if (strcmp(value_str, "pass-packet") == 0) {
         policy = EXCEPTION_POLICY_PASS_PACKET;
     } else if (strcmp(value_str, "reject") == 0) {
@@ -165,15 +171,11 @@ static enum ExceptionPolicy ExceptionPolicyConfigValueParse(
     } else if (strcmp(value_str, "ignore") == 0) { // TODO name?
         policy = EXCEPTION_POLICY_NOT_SET;
     } else if (strcmp(value_str, "auto") == 0) {
-        if (!EngineModeIsIPS()) {
-            policy = EXCEPTION_POLICY_NOT_SET;
-        } else {
-            policy = EXCEPTION_POLICY_DROP_FLOW;
-        }
+        policy = EXCEPTION_POLICY_AUTO;
     } else {
         FatalErrorOnInit(SC_ERR_INVALID_ARGUMENT,
                 "\"%s\" is not a valid exception policy value. Valid options are drop-flow, "
-                "pass-flow, bypass, reject, drop-packet, pass-packet or ignore.",
+                "pass-flow, bypass, reject, drop-packet, pass-packet, ignore or auto.",
                 value_str);
     }
 

diff --git a/src/util-exception-policy.h b/src/util-exception-policy.h
index ddf1d3690c07f060735ad5a5d697c428b8f8508d..41af1aabce95997741d2fa05c349bcbe0bb360f1 100644 (file)
--- a/src/util-exception-policy.h
+++ b/src/util-exception-policy.h
@@ -24,6 +24,7 @@
 
 enum ExceptionPolicy {
     EXCEPTION_POLICY_NOT_SET = 0,
+    EXCEPTION_POLICY_AUTO,
     EXCEPTION_POLICY_PASS_PACKET,
     EXCEPTION_POLICY_PASS_FLOW,
     EXCEPTION_POLICY_BYPASS_FLOW,