From: Victor Julien <vjulien@oisf.net>
Date: Wed, 11 Dec 2024 19:51:58 +0000 (+0100)
Subject: stream: mark urgent experimental; set safe defaults
X-Git-Tag: suricata-7.0.8~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55b4c1e6fdcce57eb866f60aca436f891f5fe80f;p=thirdparty%2Fsuricata.git

stream: mark urgent experimental; set safe defaults

Uncomment in default config. This will make the policy "inline",
which is the same behavior as prior to the urgent policy support.

Add line to docs that this is an experimental feature.
---

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index ed2e850140..2482d69ba7 100644
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -1275,6 +1275,8 @@ for example RFC 6093, 3.4).
 
 Several options are provided to control how to deal with the urgent pointer.
 
+.. note:: TCP urgent handling is considered experimental at this time
+
 ::
 
     stream:
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 05aa170d92..c329cc2be3 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1592,9 +1592,10 @@ stream:
   #midstream-policy: ignore
   inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
   reassembly:
-    urgent:
-      policy: oob              # drop, inline, oob (1 byte, see RFC 6093, 3.1), gap
-      oob-limit-policy: drop
+    # experimental TCP urgent handling logic
+    #urgent:
+    #  policy: inline           # drop, inline, oob (1 byte, see RFC 6093, 3.1), gap
+    #  oob-limit-policy: drop
     memcap: 256mb
     #memcap-policy: ignore
     depth: 1mb                  # reassemble 1mb into a stream