From feb47f9a896b049694f7b5ab40365fab8bbe9d51 Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Wed, 14 Jun 2023 20:58:44 -0300 Subject: [PATCH] exceptions: fix 'auto' for master switch in IDS If the master exception policy was set to 'auto' in IDS mode, instead of just setting the master switch to the default in this case, which is 'ignore', the engine would switch a warning saying that auto wasn't a valid config and then set the policy to ignore. This makes 'auto' work for the master switch in IDS, removes function for setting IPS option and handles the valid IDS options directly from the function that parses the master policy, as this was the only place where the function was still called. Bug #6149 --- src/util-exception-policy.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/src/util-exception-policy.c b/src/util-exception-policy.c index 585341cfae34..d346f0179576 100644 --- a/src/util-exception-policy.c +++ b/src/util-exception-policy.c @@ -114,16 +114,6 @@ void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDro SCLogDebug("end"); } -static enum ExceptionPolicy SetIPSOption( - const char *option, const char *value_str, enum ExceptionPolicy p) -{ - if (!EngineModeIsIPS()) { - SCLogWarning("%s: %s not a valid config in IDS mode. Ignoring it.", option, value_str); - return EXCEPTION_POLICY_NOT_SET; - } - return p; -} - static enum ExceptionPolicy PickPacketAction(const char *option, enum ExceptionPolicy p) { switch (p) { @@ -200,10 +190,15 @@ static enum ExceptionPolicy ExceptionPolicyPickAuto(bool midstream_enabled, bool static enum ExceptionPolicy ExceptionPolicyMasterParse(const char *value) { enum ExceptionPolicy policy = ExceptionPolicyConfigValueParse("exception-policy", value); - policy = SetIPSOption("exception-policy", value, policy); + if (policy == EXCEPTION_POLICY_AUTO) { + policy = ExceptionPolicyPickAuto(false, true); + } else if (!EngineModeIsIPS() && + (policy == EXCEPTION_POLICY_DROP_PACKET || policy == EXCEPTION_POLICY_DROP_FLOW)) { + policy = EXCEPTION_POLICY_NOT_SET; + } g_eps_have_exception_policy = true; - SCLogInfo("exception-policy set to: %s", ExceptionPolicyEnumToString(policy)); + SCLogInfo("master exception-policy set to: %s", ExceptionPolicyEnumToString(policy)); return policy; }