stream: mark urgent experimental; set safe defaults

Uncomment in default config. This will make the policy "inline", which is the same behavior as prior to the urgent policy support. Add line to docs that this is an experimental feature.
OISF · Dec 12, 2024 · 55b4c1e · 55b4c1e
1 parent faf2613
commit 55b4c1e
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
@@ -1275,6 +1275,8 @@ for example RFC 6093, 3.4).
 
 Several options are provided to control how to deal with the urgent pointer.
 
+.. note:: TCP urgent handling is considered experimental at this time
+
 ::
 
     stream:

diff --git a/suricata.yaml.in b/suricata.yaml.in
@@ -1592,9 +1592,10 @@ stream:
   #midstream-policy: ignore
   inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
   reassembly:
-    urgent:
-      policy: oob              # drop, inline, oob (1 byte, see RFC 6093, 3.1), gap
-      oob-limit-policy: drop
+    # experimental TCP urgent handling logic
+    #urgent:
+    #  policy: inline           # drop, inline, oob (1 byte, see RFC 6093, 3.1), gap
+    #  oob-limit-policy: drop
     memcap: 256mb
     #memcap-policy: ignore
     depth: 1mb                  # reassemble 1mb into a stream
-Original file line number
+Diff line change
@@ Expand Up / @@ -1275,6 +1275,8 @@ for example RFC 6093, 3.4). @@
     Several options are provided to control how to deal with the urgent pointer.
+    .. note:: TCP urgent handling is considered experimental at this time
     ::
         stream:
@@ Expand Down @@