exceptions: error out when invalid policy is used

Before, if an invalid value was passed as exception policy, Suricata would log a warning and set the exception policy to "ignore". This is a very different result, than, say, dropping or bypassing a midstream flow. Task #5504
3 years ago · 58ef3cde7a
parent 61b73416e2
commit 58ef3cde7a
1 changed files with 4 additions and 1 deletions
--- a/src/util-exception-policy.c
+++ b/src/util-exception-policy.c
@ -88,7 +88,10 @@ enum ExceptionPolicy ExceptionPolicyParse(const char *option, const bool support
            policy = EXCEPTION_POLICY_IGNORE;
            SCLogConfig("%s: %s", option, value_str);
        } else {
-            SCLogConfig("%s: ignore", option);
+            FatalErrorOnInit(SC_ERR_INVALID_ARGUMENT,
+                    "\"%s\" is not a valid exception policy value. Valid options are drop-flow, "
+                    "pass-flow, bypass, drop-packet, pass-packet or ignore.",
+                    value_str);
        }

        if (!support_flow) {