diff --git a/doc/userguide/configuration/exception-policies.rst b/doc/userguide/configuration/exception-policies.rst index 77095912dc..10af446e58 100644 --- a/doc/userguide/configuration/exception-policies.rst +++ b/doc/userguide/configuration/exception-policies.rst @@ -67,28 +67,26 @@ Exception policies are implemented for: - Expected behavior * - stream.memcap - memcap-policy - - If a stream memcap limit is reached, call the memcap policy on the packet - and flow. + - If a stream memcap limit is reached, apply the memcap policy to the packet and/or + flow. * - stream.midstream - midstream-policy - - If a session is picked up midstream, call the memcap policy on the packet - and flow. + - If a session is picked up midstream, apply the midstream policy to the flow. * - stream.reassembly.memcap - memcap-policy - - If stream reassembly reaches memcap limit, call the memcap policy on the - packet and flow. + - If stream reassembly reaches memcap limit, apply memcap policy to the + packet and/or flow. * - flow.memcap - memcap-policy - Apply policy when the memcap limit for flows is reached and no flow could - be freed up. Apply policy to the packet. + be freed up. **Policy can only be applied to the packet.** * - defrag.memcap - memcap-policy - Apply policy when the memcap limit for defrag is reached and no tracker - could be picked up. Apply policy to the packet. + could be picked up. **Policy can only be applied to the packet.** * - app-layer - error-policy - - Apply policy if a parser reaches an error state. Apply policy to the - packet and flow. + - Apply policy if a parser reaches an error state. Policy can be applied to packet and/or flow. To change any of these, go to the specific section in the suricata.yaml file (for more configuration details, check the :doc:`suricata.yaml's`