From 55b4c1e6fdcce57eb866f60aca436f891f5fe80f Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Wed, 11 Dec 2024 20:51:58 +0100
Subject: [PATCH] stream: mark urgent experimental; set safe defaults

Uncomment in default config. This will make the policy "inline",
which is the same behavior as prior to the urgent policy support.

Add line to docs that this is an experimental feature.
---
 doc/userguide/configuration/suricata-yaml.rst | 2 ++
 suricata.yaml.in                              | 7 ++++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index ed2e8501405..2482d69ba78 100644
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -1275,6 +1275,8 @@ for example RFC 6093, 3.4).
 
 Several options are provided to control how to deal with the urgent pointer.
 
+.. note:: TCP urgent handling is considered experimental at this time
+
 ::
 
     stream:
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 05aa170d927..c329cc2be30 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1592,9 +1592,10 @@ stream:
   #midstream-policy: ignore
   inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
   reassembly:
-    urgent:
-      policy: oob              # drop, inline, oob (1 byte, see RFC 6093, 3.1), gap
-      oob-limit-policy: drop
+    # experimental TCP urgent handling logic
+    #urgent:
+    #  policy: inline           # drop, inline, oob (1 byte, see RFC 6093, 3.1), gap
+    #  oob-limit-policy: drop
     memcap: 256mb
     #memcap-policy: ignore
     depth: 1mb                  # reassemble 1mb into a stream