From: Juliana Fajardini Date: Thu, 18 Jan 2024 20:24:33 +0000 (-0300) Subject: userguide: clarify midstream exception policy X-Git-Tag: suricata-8.0.0-beta1~1824 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df6444822eb7c094498d3986052ab1e33f4c8983;p=thirdparty%2Fsuricata.git userguide: clarify midstream exception policy The description of behavior when midstream is enabled and exception policy is set to ignore wasn't descriptive enough. Fix typos. --- diff --git a/doc/userguide/configuration/exception-policies.rst b/doc/userguide/configuration/exception-policies.rst index 5944f52942..aae2acff5d 100644 --- a/doc/userguide/configuration/exception-policies.rst +++ b/doc/userguide/configuration/exception-policies.rst @@ -46,7 +46,7 @@ Auto '''' **In IPS mode**, the default behavior for most of the exception policies is to -fail close. This means droping the flow, or the packet, when the flow action is +fail close. This means dropping the flow, or the packet, when the flow action is not supported. The default policy for the midstream exception will be ignore if midstream flows are accepted. @@ -131,7 +131,7 @@ midstream pick-ups enabled or not and the various exception policy values: - Midstream pick-up sessions ENABLED (stream.midstream=true) - Midstream pick-up sessions DISABLED (stream.midstream=false) * - Ignore - - Session tracket and parsed. + - Session tracked and parsed, inspect and log app-layer traffic, do detection. - Session not tracked. No app-layer inspection or logging. No detection. No stream reassembly. * - Drop-flow - Not valid.* @@ -169,7 +169,7 @@ whole flow. - Midstream pick-up sessions ENABLED (stream.midstream=true) - Midstream pick-up sessions DISABLED (stream.midstream=false) * - Ignore - - Session tracket and parsed. + - Session tracked and parsed, inspect and log app-layer traffic, do detection. - Session not tracked. No app-layer inspection or logging. No detection. No stream reassembly. * - Drop-flow - Not valid.*