From: Lukas Sismis <lsismis@oisf.net>
Date: Sun, 2 Apr 2023 08:41:08 +0000 (+0200)
Subject: policy: postpone evaluation of exception policy after setting the engine mode
X-Git-Tag: suricata-7.0.0-rc2~303
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8f1c39bb1c5f12aa67036e8142ef1a1c06518869;p=thirdparty%2Fsuricata.git

policy: postpone evaluation of exception policy after setting the engine mode

Master exception policy queried engine mode earlier than it was
determined from the configuration file/command line. As a result it
used the default (IDS) mode. However, the engine mode could have been
reconfigured later on to the IPS mode. This lead into an undefined behavior
as master exception policy behaves according to the configured engine mode.

Ticket: #5960
---

diff --git a/src/suricata.c b/src/suricata.c
index 29494f8ebf..f2127d1a2e 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2671,13 +2671,13 @@ int PostConfLoadedSetup(SCInstance *suri)
 
     MacSetRegisterFlowStorage();
 
-    SetMasterExceptionPolicy();
-
     LiveDeviceFinalize(); // must be after EBPF extension registration
 
     RunModeEngineIsIPS(
             suricata.run_mode, suricata.runmode_custom_mode, suricata.capture_plugin_name);
 
+    SetMasterExceptionPolicy();
+
     AppLayerSetup();
 
     /* Suricata will use this umask if provided. By default it will use the