32 static bool g_eps_have_exception_policy =
false;
34 static const char *ExceptionPolicyEnumToString(
enum ExceptionPolicy policy)
63 static enum ExceptionPolicy GetMasterExceptionPolicy(
const char *option)
87 FlowSetNoPayloadInspectionFlag(p->
flow);
88 FlowSetNoPacketInspectionFlag(p->
flow);
94 DecodeSetNoPayloadInspectionFlag(p);
95 DecodeSetNoPacketInspectionFlag(p);
105 FlowSetNoPacketInspectionFlag(p->
flow);
110 DecodeSetNoPayloadInspectionFlag(p);
111 DecodeSetNoPacketInspectionFlag(p);
122 "flow actions not supported for %s, defaulting to \"drop-packet\"", option);
126 "flow actions not supported for %s, defaulting to \"pass-packet\"", option);
129 SCLogWarning(
"flow actions not supported for %s, defaulting to \"ignore\"", option);
148 const char *option,
const char *value_str)
151 if (strcmp(value_str,
"drop-flow") == 0) {
153 }
else if (strcmp(value_str,
"pass-flow") == 0) {
155 }
else if (strcmp(value_str,
"bypass") == 0) {
157 }
else if (strcmp(value_str,
"drop-packet") == 0) {
159 }
else if (strcmp(value_str,
"pass-packet") == 0) {
161 }
else if (strcmp(value_str,
"reject") == 0) {
163 }
else if (strcmp(value_str,
"ignore") == 0) {
165 }
else if (strcmp(value_str,
"auto") == 0) {
169 "\"%s\" is not a valid exception policy value. Valid options are drop-flow, "
170 "pass-flow, bypass, reject, drop-packet, pass-packet, ignore or auto.",
178 static enum ExceptionPolicy ExceptionPolicyPickAuto(
bool midstream_enabled,
bool support_flow)
191 static enum ExceptionPolicy ExceptionPolicyMasterParse(
const char *value)
193 enum ExceptionPolicy policy = ExceptionPolicyConfigValueParse(
"exception-policy", value);
198 g_eps_have_exception_policy =
true;
200 SCLogInfo(
"master exception-policy set to: %s", ExceptionPolicyEnumToString(policy));
206 const char *option,
bool support_flow,
bool midstream)
209 if (g_eps_have_exception_policy) {
210 p = GetMasterExceptionPolicy(option);
213 p = ExceptionPolicyPickAuto(midstream, support_flow);
217 p = PickPacketAction(option, p);
219 SCLogConfig(
"%s: %s (defined via 'exception-policy' master switch)", option,
220 ExceptionPolicyEnumToString(p));
225 SCLogConfig(
"%s: %s (defined via 'built-in default' for %s-mode)", option,
234 const char *value_str = NULL;
236 if ((
ConfGet(option, &value_str) == 1) && value_str != NULL) {
237 if (strcmp(option,
"exception-policy") == 0) {
238 policy = ExceptionPolicyMasterParse(value_str);
240 policy = ExceptionPolicyConfigValueParse(option, value_str);
242 policy = ExceptionPolicyPickAuto(
false, support_flow);
245 policy = PickPacketAction(option, policy);
247 SCLogConfig(
"%s: %s", option, ExceptionPolicyEnumToString(policy));
250 policy = ExceptionPolicyGetDefault(option, support_flow,
false);
259 const char *value_str = NULL;
261 if ((
ConfGet(
"stream.midstream-policy", &value_str)) == 1 && value_str != NULL) {
262 policy = ExceptionPolicyConfigValueParse(
"midstream-policy", value_str);
264 policy = ExceptionPolicyPickAuto(midstream_enabled,
true);
265 }
else if (midstream_enabled) {
268 "Error parsing stream.midstream-policy from config file. \"%s\" is "
269 "not a valid exception policy when midstream is enabled. Valid options "
270 "are pass-flow and ignore.",
277 "Error parsing stream.midstream-policy from config file. \"%s\" is "
278 "not a valid exception policy in IDS mode. See our documentation for a "
279 "list of all possible values.",
284 policy = ExceptionPolicyGetDefault(
"stream.midstream-policy",
true, midstream_enabled);
288 FatalErrorOnInit(
"Error parsing stream.midstream-policy from config file. \"%s\" is "
289 "not valid for this exception policy. See our documentation for a list of "
290 "all possible values.",
308 uint64_t g_eps_applayer_error_offset_ts = UINT64_MAX;
309 uint64_t g_eps_applayer_error_offset_tc = UINT64_MAX;
310 uint64_t g_eps_pcap_packet_loss = UINT64_MAX;
311 uint64_t g_eps_stream_ssn_memcap = UINT64_MAX;
312 uint64_t g_eps_stream_reassembly_memcap = UINT64_MAX;
313 uint64_t g_eps_flow_memcap = UINT64_MAX;
314 uint64_t g_eps_defrag_memcap = UINT64_MAX;
315 bool g_eps_is_alert_queue_fail_mode =
false;
320 if (strcmp(name,
"simulate-applayer-error-at-offset-ts") == 0) {
326 g_eps_applayer_error_offset_ts =
offset;
327 }
else if (strcmp(name,
"simulate-applayer-error-at-offset-tc") == 0) {
333 g_eps_applayer_error_offset_tc =
offset;
334 }
else if (strcmp(name,
"simulate-packet-loss") == 0) {
336 uint64_t pkt_num = 0;
340 g_eps_pcap_packet_loss = pkt_num;
341 }
else if (strcmp(name,
"simulate-packet-tcp-reassembly-memcap") == 0) {
343 uint64_t pkt_num = 0;
347 g_eps_stream_reassembly_memcap = pkt_num;
348 }
else if (strcmp(name,
"simulate-packet-tcp-ssn-memcap") == 0) {
350 uint64_t pkt_num = 0;
354 g_eps_stream_ssn_memcap = pkt_num;
355 }
else if (strcmp(name,
"simulate-packet-flow-memcap") == 0) {
357 uint64_t pkt_num = 0;
361 g_eps_flow_memcap = pkt_num;
362 }
else if (strcmp(name,
"simulate-packet-defrag-memcap") == 0) {
364 uint64_t pkt_num = 0;
368 g_eps_defrag_memcap = pkt_num;
369 }
else if (strcmp(name,
"simulate-alert-queue-realloc-failure") == 0) {
370 g_eps_is_alert_queue_fail_mode =
true;