From: Juliana Fajardini <jufajardini@oisf.net>
Date: Wed, 24 Aug 2022 20:36:47 +0000 (-0300)
Subject: exceptions: error out when invalid policy is used
X-Git-Tag: suricata-7.0.0-beta1~266
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58ef3cde7a01166a1ae56b814156e2cad02e1251;p=thirdparty%2Fsuricata.git

exceptions: error out when invalid policy is used

Before, if an invalid value was passed as exception policy, Suricata
would log a warning and set the exception policy to "ignore". This is a
very different result, than, say, dropping or bypassing a midstream flow.

Task #5504
---

diff --git a/src/util-exception-policy.c b/src/util-exception-policy.c
index a81f7660b1..a646c5e33a 100644
--- a/src/util-exception-policy.c
+++ b/src/util-exception-policy.c
@@ -88,7 +88,10 @@ enum ExceptionPolicy ExceptionPolicyParse(const char *option, const bool support
             policy = EXCEPTION_POLICY_IGNORE;
             SCLogConfig("%s: %s", option, value_str);
         } else {
-            SCLogConfig("%s: ignore", option);
+            FatalErrorOnInit(SC_ERR_INVALID_ARGUMENT,
+                    "\"%s\" is not a valid exception policy value. Valid options are drop-flow, "
+                    "pass-flow, bypass, drop-packet, pass-packet or ignore.",
+                    value_str);
         }
 
         if (!support_flow) {