32 static bool g_eps_have_exception_policy =
false;
34 static const char *ExceptionPolicyEnumToString(
enum ExceptionPolicy policy)
61 static enum ExceptionPolicy GetMasterExceptionPolicy(
const char *option)
80 FlowSetNoPayloadInspectionFlag(p->
flow);
81 FlowSetNoPacketInspectionFlag(p->
flow);
87 DecodeSetNoPayloadInspectionFlag(p);
88 DecodeSetNoPacketInspectionFlag(p);
98 FlowSetNoPacketInspectionFlag(p->
flow);
103 DecodeSetNoPayloadInspectionFlag(p);
104 DecodeSetNoPacketInspectionFlag(p);
114 SCLogConfig(
"%s: %s not a valid config in IDS mode. Ignoring it.", option, value_str);
125 "flow actions not supported for %s, defaulting to \"drop-packet\"", option);
129 "flow actions not supported for %s, defaulting to \"pass-packet\"", option);
132 SCLogWarning(
"flow actions not supported for %s, defaulting to \"ignore\"", option);
151 const char *value_str = NULL;
152 if ((
ConfGet(option, &value_str)) == 1 && value_str != NULL) {
153 if (strcmp(value_str,
"drop-flow") == 0) {
155 }
else if (strcmp(value_str,
"pass-flow") == 0) {
157 }
else if (strcmp(value_str,
"bypass") == 0) {
159 }
else if (strcmp(value_str,
"drop-packet") == 0) {
161 }
else if (strcmp(value_str,
"pass-packet") == 0) {
163 }
else if (strcmp(value_str,
"reject") == 0) {
165 }
else if (strcmp(value_str,
"ignore") == 0) {
167 }
else if (strcmp(value_str,
"auto") == 0) {
175 "\"%s\" is not a valid exception policy value. Valid options are drop-flow, "
176 "pass-flow, bypass, drop-packet, pass-packet or ignore.",
181 policy = PickPacketAction(option, policy);
184 if (strcmp(option,
"exception-policy") == 0) {
185 g_eps_have_exception_policy =
true;
187 if (strcmp(value_str,
"auto") == 0) {
188 SCLogConfig(
"%s: %s (because of 'auto' setting in %s-mode)", option,
189 ExceptionPolicyEnumToString(policy),
EngineModeIsIPS() ?
"IPS" :
"IDS");
191 SCLogConfig(
"%s: %s", option, ExceptionPolicyEnumToString(policy));
194 SCLogConfig(
"%s: %s", option, ExceptionPolicyEnumToString(policy));
197 }
else if (strcmp(option,
"exception-policy") == 0) {
205 SCLogConfig(
"%s: %s (%s-mode)", option, ExceptionPolicyEnumToString(policy),
210 policy = GetMasterExceptionPolicy(option);
211 if (g_eps_have_exception_policy) {
212 SCLogConfig(
"%s: %s (defined via 'exception-policy' master switch)", option,
213 ExceptionPolicyEnumToString(policy));
215 SCLogConfig(
"%s: %s (defined via 'built-in default' for %s-mode)", option,
216 ExceptionPolicyEnumToString(policy),
EngineModeIsIPS() ?
"IPS" :
"IDS");
234 uint64_t g_eps_applayer_error_offset_ts = UINT64_MAX;
235 uint64_t g_eps_applayer_error_offset_tc = UINT64_MAX;
236 uint64_t g_eps_pcap_packet_loss = UINT64_MAX;
237 uint64_t g_eps_stream_ssn_memcap = UINT64_MAX;
238 uint64_t g_eps_stream_reassembly_memcap = UINT64_MAX;
239 uint64_t g_eps_flow_memcap = UINT64_MAX;
240 uint64_t g_eps_defrag_memcap = UINT64_MAX;
241 bool g_eps_is_alert_queue_fail_mode =
false;
246 if (strcmp(name,
"simulate-applayer-error-at-offset-ts") == 0) {
252 g_eps_applayer_error_offset_ts =
offset;
253 }
else if (strcmp(name,
"simulate-applayer-error-at-offset-tc") == 0) {
259 g_eps_applayer_error_offset_tc =
offset;
260 }
else if (strcmp(name,
"simulate-packet-loss") == 0) {
262 uint64_t pkt_num = 0;
266 g_eps_pcap_packet_loss = pkt_num;
267 }
else if (strcmp(name,
"simulate-packet-tcp-reassembly-memcap") == 0) {
269 uint64_t pkt_num = 0;
273 g_eps_stream_reassembly_memcap = pkt_num;
274 }
else if (strcmp(name,
"simulate-packet-tcp-ssn-memcap") == 0) {
276 uint64_t pkt_num = 0;
280 g_eps_stream_ssn_memcap = pkt_num;
281 }
else if (strcmp(name,
"simulate-packet-flow-memcap") == 0) {
283 uint64_t pkt_num = 0;
287 g_eps_flow_memcap = pkt_num;
288 }
else if (strcmp(name,
"simulate-packet-defrag-memcap") == 0) {
290 uint64_t pkt_num = 0;
294 g_eps_defrag_memcap = pkt_num;
295 }
else if (strcmp(name,
"simulate-alert-queue-realloc-failure") == 0) {
296 g_eps_is_alert_queue_fail_mode =
true;