From 94b111283d66c7490632ef9545304fe0d6ed6e6c Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Thu, 1 Feb 2024 20:25:33 -0300 Subject: [PATCH] userguide: highlight exception policy effects Some exception policies can only be applied to entire flows or individual packets, for some exception scenarios. Make this easier to read, in the documentation. Related to Task #5816 --- doc/userguide/configuration/exception-policies.rst | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/doc/userguide/configuration/exception-policies.rst b/doc/userguide/configuration/exception-policies.rst index aae2acff5d..5fa8a3f8f8 100644 --- a/doc/userguide/configuration/exception-policies.rst +++ b/doc/userguide/configuration/exception-policies.rst @@ -62,33 +62,40 @@ Specific settings Exception policies are implemented for: .. list-table:: Exception Policy configuration variables - :widths: 20, 18, 62 + :widths: 18, 18, 18, 44 :header-rows: 1 * - Config setting - Policy variable + - Affects - Expected behavior * - stream.memcap - memcap-policy + - Flow or packet - If a stream memcap limit is reached, apply the memcap policy to the packet and/or flow. * - stream.midstream - midstream-policy + - Flow - If a session is picked up midstream, apply the midstream policy to the flow. * - stream.reassembly.memcap - memcap-policy + - Flow or packet - If stream reassembly reaches memcap limit, apply memcap policy to the packet and/or flow. * - flow.memcap - memcap-policy + - Packet - Apply policy when the memcap limit for flows is reached and no flow could be freed up. **Policy can only be applied to the packet.** * - defrag.memcap - memcap-policy + - Packet - Apply policy when the memcap limit for defrag is reached and no tracker could be picked up. **Policy can only be applied to the packet.** * - app-layer - error-policy + - Flow or packet - Apply policy if a parser reaches an error state. Policy can be applied to packet and/or flow. To change any of these, go to the specific section in the suricata.yaml file