.. _exception policies:
Exception Policies
-==================
+##################
Suricata has a set of configuration variables to indicate what should the engine
do when certain exception conditions, such as hitting a memcap, are reached.
exposed in debug mode and passed via command-line. These exist to force or
simulate failures or errors and understand Suricata behavior under such conditions.
-Exception Policies
-------------------
-
.. _master-switch:
Master Switch
-~~~~~~~~~~~~~
+*************
It is possible to set all configuration policies via what we call "master
switch". This offers a quick way to define what the engine should do in case of
also defined in the yaml file.
Auto
-''''
+====
**In IPS mode**, the default behavior for most of the exception policies is to
fail close. This means droping the flow, or the packet, when the flow action is
``master-switch``, or ignoring the exception policies.
Specific settings
-~~~~~~~~~~~~~~~~~
+*****************
Exception policies are implemented for:
actions<suricata-yaml-action-order>`.
Exception Policies and Midstream Pick-up Sessions
--------------------------------------------------
+*************************************************
Suricata behavior can be difficult to track in case of midstream session
pick-ups. Consider this matrix illustrating the different interactions for
Notes:
* Not valid means that Suricata will error out and won't start.
- * ``REJECT`` will make Suricata send a Reset-packet unreach error to the sender of the matching packet.
+ * ``REJECT`` will make Suricata send a Reset-packet unreach error to the sender
+ of the matching packet.
Command-line Options for Simulating Exceptions
-----------------------------------------------
+==============================================
It is also possible to force specific exception scenarios, to check engine
behavior under failure or error conditions.
projects / thirdparty / suricata.git / commitdiff
