From: Juliana Fajardini Date: Wed, 31 May 2023 14:56:43 +0000 (-0300) Subject: exception: parse config values, don't post process X-Git-Tag: suricata-6.0.14~37 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5116713e9514ea0a223a91b9f5163f95a1bd3fdb;p=thirdparty%2Fsuricata.git exception: parse config values, don't post process Get the enum values from the config file. Update the new extracted functions. Post-process the config values based on runmode and policy. Also handle 'auto' enum value in these. Related to Bug #5825 (cherry picked from commit 7f8536b81c59205032676efda62a0b18ff0de224) --- diff --git a/src/util-exception-policy.c b/src/util-exception-policy.c index 18aaf8ffee..29955d5ea2 100644 --- a/src/util-exception-policy.c +++ b/src/util-exception-policy.c @@ -33,6 +33,8 @@ static const char *ExceptionPolicyEnumToString(enum ExceptionPolicy policy) switch (policy) { case EXCEPTION_POLICY_NOT_SET: return "ignore"; + case EXCEPTION_POLICY_AUTO: + return "auto"; case EXCEPTION_POLICY_REJECT: return "reject"; case EXCEPTION_POLICY_BYPASS_FLOW: @@ -64,6 +66,8 @@ void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDro { SCLogDebug("start: pcap_cnt %" PRIu64 ", policy %u", p->pcap_cnt, policy); switch (policy) { + case EXCEPTION_POLICY_AUTO: + break; case EXCEPTION_POLICY_NOT_SET: break; case EXCEPTION_POLICY_REJECT: @@ -132,6 +136,8 @@ static enum ExceptionPolicy PickPacketAction(const char *option, enum ExceptionP break; case EXCEPTION_POLICY_NOT_SET: break; + case EXCEPTION_POLICY_AUTO: + break; } return p; } @@ -151,13 +157,13 @@ static enum ExceptionPolicy ExceptionPolicyConfigValueParse( { enum ExceptionPolicy policy = EXCEPTION_POLICY_NOT_SET; if (strcmp(value_str, "drop-flow") == 0) { - policy = SetIPSOption(option, value_str, EXCEPTION_POLICY_DROP_FLOW); + policy = EXCEPTION_POLICY_DROP_FLOW; } else if (strcmp(value_str, "pass-flow") == 0) { policy = EXCEPTION_POLICY_PASS_FLOW; } else if (strcmp(value_str, "bypass") == 0) { policy = EXCEPTION_POLICY_BYPASS_FLOW; } else if (strcmp(value_str, "drop-packet") == 0) { - policy = SetIPSOption(option, value_str, EXCEPTION_POLICY_DROP_PACKET); + policy = EXCEPTION_POLICY_DROP_PACKET; } else if (strcmp(value_str, "pass-packet") == 0) { policy = EXCEPTION_POLICY_PASS_PACKET; } else if (strcmp(value_str, "reject") == 0) { @@ -165,15 +171,11 @@ static enum ExceptionPolicy ExceptionPolicyConfigValueParse( } else if (strcmp(value_str, "ignore") == 0) { // TODO name? policy = EXCEPTION_POLICY_NOT_SET; } else if (strcmp(value_str, "auto") == 0) { - if (!EngineModeIsIPS()) { - policy = EXCEPTION_POLICY_NOT_SET; - } else { - policy = EXCEPTION_POLICY_DROP_FLOW; - } + policy = EXCEPTION_POLICY_AUTO; } else { FatalErrorOnInit(SC_ERR_INVALID_ARGUMENT, "\"%s\" is not a valid exception policy value. Valid options are drop-flow, " - "pass-flow, bypass, reject, drop-packet, pass-packet or ignore.", + "pass-flow, bypass, reject, drop-packet, pass-packet, ignore or auto.", value_str); } diff --git a/src/util-exception-policy.h b/src/util-exception-policy.h index ddf1d3690c..41af1aabce 100644 --- a/src/util-exception-policy.h +++ b/src/util-exception-policy.h @@ -24,6 +24,7 @@ enum ExceptionPolicy { EXCEPTION_POLICY_NOT_SET = 0, + EXCEPTION_POLICY_AUTO, EXCEPTION_POLICY_PASS_PACKET, EXCEPTION_POLICY_PASS_FLOW, EXCEPTION_POLICY_BYPASS_FLOW,