From 0a124f2d270687ed850aafba4965816123ddb643 Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Wed, 24 Aug 2022 17:36:47 -0300 Subject: [PATCH] exceptions: error out when invalid policy is used Before, if an invalid value was passed as exception policy, Suricata would log a warning and set the exception policy to "ignore". This is a very different result, than, say, dropping or bypassing a midstream flow. Task #5504 (cherry picked from commit 58ef3cde7a01166a1ae56b814156e2cad02e1251) --- src/util-exception-policy.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/util-exception-policy.c b/src/util-exception-policy.c index 9b828c6925..5ec66ea90f 100644 --- a/src/util-exception-policy.c +++ b/src/util-exception-policy.c @@ -87,7 +87,10 @@ enum ExceptionPolicy ExceptionPolicyParse(const char *option, const bool support policy = EXCEPTION_POLICY_IGNORE; SCLogConfig("%s: %s", option, value_str); } else { - SCLogConfig("%s: ignore", option); + FatalErrorOnInit(SC_ERR_INVALID_ARGUMENT, + "\"%s\" is not a valid exception policy value. Valid options are drop-flow, " + "pass-flow, bypass, drop-packet, pass-packet or ignore.", + value_str); } if (!support_flow) { -- 2.47.2