stream: mark urgent experimental; set safe defaults

Uncomment in default config. This will make the policy "inline",
which is the same behavior as prior to the urgent policy support.

Add line to docs that this is an experimental feature.

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index ed2e8501405bfc36f73ef8db9ddc183fbad8ac4a..2482d69ba78e4556ba156ea4da5e17052e0ea3c9 100644 (file)
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -1275,6 +1275,8 @@ for example RFC 6093, 3.4).
 
 Several options are provided to control how to deal with the urgent pointer.
 
+.. note:: TCP urgent handling is considered experimental at this time
+
 ::
 
     stream:

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 05aa170d9276cc1293d321d2bfa8f068cb8e240a..c329cc2be30745f7c82988a8c8be92d6020a6dba 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1592,9 +1592,10 @@ stream:
   #midstream-policy: ignore
   inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
   reassembly:
-    urgent:
-      policy: oob              # drop, inline, oob (1 byte, see RFC 6093, 3.1), gap
-      oob-limit-policy: drop
+    # experimental TCP urgent handling logic
+    #urgent:
+    #  policy: inline           # drop, inline, oob (1 byte, see RFC 6093, 3.1), gap
+    #  oob-limit-policy: drop
     memcap: 256mb
     #memcap-policy: ignore
     depth: 1mb                  # reassemble 1mb into a stream