]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 69311ab)
exceptions: extract 'auto' check to function
authorJuliana Fajardini <jufajardini@oisf.net>
Thu, 1 Jun 2023 01:52:48 +0000 (22:52 -0300)
committerVictor Julien <vjulien@oisf.net>
Tue, 13 Jun 2023 07:20:05 +0000 (09:20 +0200)
Part of
Bug #5825

src/util-exception-policy.c patch | blob | blame | history

diff --git a/src/util-exception-policy.c b/src/util-exception-policy.c
index 576cfa6250b9b3ea9d455f52dda7522daa61abf9..a1fc9d41bf3f788eec14be60837e534961be9b0d 100644 (file)
--- a/src/util-exception-policy.c
+++ b/src/util-exception-policy.c
@@ -184,6 +184,19 @@ static enum ExceptionPolicy ExceptionPolicyConfigValueParse(
     return policy;
 }
 
+static enum ExceptionPolicy ExceptionPolicyPickAuto(bool midstream_enabled, bool support_flow)
+{
+    enum ExceptionPolicy policy = EXCEPTION_POLICY_NOT_SET;
+    if (!midstream_enabled && EngineModeIsIPS()) {
+        if (support_flow) {
+            policy = EXCEPTION_POLICY_DROP_FLOW;
+        } else {
+            policy = EXCEPTION_POLICY_DROP_PACKET;
+        }
+    }
+    return policy;
+}
+
 static enum ExceptionPolicy ExceptionPolicyMasterParse(const char *value)
 {
     enum ExceptionPolicy policy = EXCEPTION_POLICY_NOT_SET;
@@ -228,6 +241,9 @@ enum ExceptionPolicy ExceptionPolicyParse(const char *option, bool support_flow)
             policy = ExceptionPolicyMasterParse(value_str);
         } else {
             policy = ExceptionPolicyConfigValueParse(option, value_str);
+            if (policy == EXCEPTION_POLICY_AUTO) {
+                policy = ExceptionPolicyPickAuto(false, support_flow);
+            }
             if (!support_flow) {
                 policy = PickPacketAction(option, policy);
             }
@@ -247,7 +263,9 @@ enum ExceptionPolicy ExceptionPolicyMidstreamParse(bool midstream_enabled)
     /* policy was set directly */
     if ((ConfGet("stream.midstream-policy", &value_str)) == 1 && value_str != NULL) {
         policy = ExceptionPolicyConfigValueParse("midstream-policy", value_str);
-        if (midstream_enabled) {
+        if (policy == EXCEPTION_POLICY_AUTO) {
+            policy = ExceptionPolicyPickAuto(midstream_enabled, true);
+        } else if (midstream_enabled) {
             if (policy != EXCEPTION_POLICY_NOT_SET && policy != EXCEPTION_POLICY_PASS_FLOW) {
                 FatalErrorOnInit(
                         "Error parsing stream.midstream-policy from config file. \"%s\" is "
Mirror of https://github.com/OISF/suricata.git