For developers or for researching purposes, there are also simulation options
exposed in debug mode and passed via command-line. These exist to force or
simulate failures or errors and understand Suricata behavior under such conditions.
+See :any:`command-line-exception-policies` for those.
.. _master-switch:
- Midstream pick-up sessions ENABLED (stream.midstream=true)
- Midstream pick-up sessions DISABLED (stream.midstream=false)
* - Ignore
- - Session and app-layer traffic tracked and parsed, log app-layer traffic, do detection.
- - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+ - Session and app-layer traffic tracked and parsed, log app-layer traffic, **do** detection.
+ - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
* - Drop-flow
- Not valid.*
- Not valid.*
- Not valid.*
- Session not tracked, flow REJECTED.
* - Pass-flow
- - Session and app-layer traffic tracked and parsed, log app-layer traffic, no detection.
- - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+ - Session and app-layer traffic tracked and parsed, log app-layer traffic, **no** detection.
+ - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
* - Pass-packet
- Not valid.*
- Not valid.*
* - Bypass
- Not valid.*
- - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+ - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
* - Auto
- Midstream policy applied: "ignore". Same behavior.
- Midstream policy applied: "ignore". Same behavior.
- Midstream pick-up sessions ENABLED (stream.midstream=true)
- Midstream pick-up sessions DISABLED (stream.midstream=false)
* - Ignore
- - Session and app-layer traffic tracked and parsed, log app-layer traffic, do detection.
- - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+ - Session and app-layer traffic tracked and parsed, log app-layer traffic, **do** detection.
+ - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
* - Drop-flow
- Not valid.*
- - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+ - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
Flow DROPPED.
* - Drop-packet
- Not valid.*
- Not valid.*
- Session not tracked, flow DROPPED and REJECTED.
* - Pass-flow
- - Track session, parse and log app-layer traffic, no detection.
- - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+ - Track session, parse and log app-layer traffic, **no** detection.
+ - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
* - Pass-packet
- Not valid.*
- Not valid.*
* - Bypass
- Not valid.*
- - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+ - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
Packets ALLOWED.
* - Auto
- Midstream policy applied: "ignore". Same behavior.
* ``REJECT`` will make Suricata send a Reset-packet unreach error to the sender
of the matching packet.
+.. _command-line-exception-policies:
+
Command-line Options for Simulating Exceptions
==============================================
Common abbreviations
--------------------
-- applayer: application layer protocol
+- applayer/ app-layer: application layer protocol
- memcap: (maximum) memory capacity available
- defrag: defragmentation
projects / thirdparty / suricata.git / commitdiff
