policy: postpone evaluation of exception policy after setting the engine mode

Master exception policy queried engine mode earlier than it was
determined from the configuration file/command line. As a result it
used the default (IDS) mode. However, the engine mode could have been
reconfigured later on to the IPS mode. This lead into an undefined behavior
as master exception policy behaves according to the configured engine mode.

Ticket: #5960

diff --git a/src/suricata.c b/src/suricata.c
index 29494f8ebfb231adc1f2d77b3a887efbcf4050e4..f2127d1a2e23c1b99512ac64dea7d6e530e950a6 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2671,13 +2671,13 @@ int PostConfLoadedSetup(SCInstance *suri)
 
     MacSetRegisterFlowStorage();
 
-    SetMasterExceptionPolicy();
-
     LiveDeviceFinalize(); // must be after EBPF extension registration
 
     RunModeEngineIsIPS(
             suricata.run_mode, suricata.runmode_custom_mode, suricata.capture_plugin_name);
 
+    SetMasterExceptionPolicy();
+
     AppLayerSetup();
 
     /* Suricata will use this umask if provided. By default it will use the