aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

exception: in ids mode, only REJECT the packet

Browse Source 
In case of 'EXCEPTION_POLICY_REJECT', we were applying the same behavior
regardless of being in IDS or IPS mode.
This meant that (at least) the 'flow.action' was changed to drop when we
hit an exception policy in IDS mode.

Bug #6109
pull/8994/head
Juliana Fajardini 2 years ago committed by Victor Julien
parent 531d99f4cf
commit 8f324e3b3d
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File

3
src/util-exception-policy.c
Unescape Escape View File

@ -72,6 +72,9 @@ void ExceptionPolicyApply(Packet *p, enum ExceptionPolicy policy, enum PacketDro
case EXCEPTION_POLICY_REJECT: case EXCEPTION_POLICY_REJECT:
SCLogDebug("EXCEPTION_POLICY_REJECT"); SCLogDebug("EXCEPTION_POLICY_REJECT");
PacketDrop(p, ACTION_REJECT, drop_reason); PacketDrop(p, ACTION_REJECT, drop_reason);
if (!EngineModeIsIPS()) {
break;
}
/* fall through */ /* fall through */
case EXCEPTION_POLICY_DROP_FLOW: case EXCEPTION_POLICY_DROP_FLOW:
SCLogDebug("EXCEPTION_POLICY_DROP_FLOW"); SCLogDebug("EXCEPTION_POLICY_DROP_FLOW");

Write Preview
Loading…
Cancel
Save