Bug #4744
closedWarn if Absent app-layer protocol is always enabled by default
Description
If an applayer protocol's section is unavailable in suricata.yaml, it will get auto enabled.
e.g. say the following section for dnp3 was missing from the configuration file, it will still get auto enabled.
app-layer:
protocols:
# DNP3
dnp3:
enabled: no
detection-ports:
dp: 20000
But, this is not the desired behavior. To fix this, we explicitly demand a protocol defined in suricata.yaml if it is to be enabled in Suricata 7. See ticket https://redmine.openinfosecfoundation.org/issues/4739 and the linked PR.
However, since this may be too big of a behavioral change for the existing setups running Suricata versions up to 6.0.x, we set a warning that we are enabling the protocol despite it being absent in suricata.yaml and this must be changed to avoid issues with the latest versions.
NOTE: In order to avoid this warning, simply, add the protocol section to suricata.yaml
Updated by Jeff Lucovsky about 3 years ago
- Copied from Bug #4739: Absent app-layer protocol is always enabled by default added
Updated by Victor Julien about 3 years ago
- Target version changed from 6.0.4 to 6.0.5
Updated by Shivani Bhardwaj almost 3 years ago
- Status changed from Assigned to In Progress
Updated by Shivani Bhardwaj almost 3 years ago
- Status changed from In Progress to In Review
Updated by Shivani Bhardwaj almost 3 years ago
- Subject changed from Absent app-layer protocol is always enabled by default to Warn if Absent app-layer protocol is always enabled by default
Updated by Shivani Bhardwaj almost 3 years ago
- Status changed from In Review to Closed