exceptions: error out when invalid policy is used

Before, if an invalid value was passed as exception policy, Suricata would log a warning and set the exception policy to "ignore". This is a very different result, than, say, dropping or bypassing a midstream flow. Task OISF#5504
jufajardini · Aug 25, 2022 · 58ef3cd · 58ef3cd
1 parent 61b7341
commit 58ef3cd
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/util-exception-policy.c b/src/util-exception-policy.c
@@ -88,7 +88,10 @@ enum ExceptionPolicy ExceptionPolicyParse(const char *option, const bool support
             policy = EXCEPTION_POLICY_IGNORE;
             SCLogConfig("%s: %s", option, value_str);
         } else {
-            SCLogConfig("%s: ignore", option);
+            FatalErrorOnInit(SC_ERR_INVALID_ARGUMENT,
+                    "\"%s\" is not a valid exception policy value. Valid options are drop-flow, "
+                    "pass-flow, bypass, drop-packet, pass-packet or ignore.",
+                    value_str);
         }
 
         if (!support_flow) {