Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

devguide: add chapter about exception policies - v1 #14483

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jufajardini wants to merge 1 commit into
base: main
Choose a base branch
Loading
from
Open

devguide: add chapter about exception policies - v1 #14483

jufajardini wants to merge 1 commit into from
+140 −0

Conversation

@jufajardini
Copy link
Contributor

@jufajardini jufajardini commented Dec 12, 2025

Task #5612

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/5612

Built version of chapter: https://suri-rtd-test.readthedocs.io/en/devguide-5612-v1/devguide/extending/exception-policies/index.html

Describe changes:

  • add an extending/exception-policies chapter to the devguide. (Inspired by Philippe's approach to the chapter about adding a new app-layer proto)
  • add labels in referred sections
  • add comment tags to aid code inclusion in the docs

@jufajardini
devguide: add chapter about exception policies
37aa5d7 
Adds a chapter indicating what are the main steps when adding exception
policies, how is it possible to extend them, as well as main aspects and
files to consider when doing so.

Task OISF#5612
@jufajardini jufajardini added the typo/doc update No code change : only doc or typo fixes label Dec 12, 2025
jufajardini
jufajardini commented Dec 12, 2025
View reviewed changes
doc/userguide/devguide/extending/exception-policies/index.rst
For an example PR on adding a new exception policy, see:
https://github.com/OISF/suricata/pull/7791, especially commit
`aa5bb2c329aff5 <https://github.com/OISF/suricata/pull/7791/commits/aa5bb2c329aff59b7811b43258ffd4d95fe7364f>`_.

Copy link
Contributor Author

@jufajardini jufajardini Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could possibly also add a section or note about the command-line options for simulating exception scenarios...

@codecov
Copy link

codecov bot commented Dec 12, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.08%. Comparing base (50224f2) to head (37aa5d7).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14483      +/-   ##
==========================================
- Coverage   82.09%   82.08%   -0.01%     
==========================================
  Files        1013     1013              
  Lines      262402   262402              
==========================================
- Hits       215414   215398      -16     
- Misses      46988    47004      +16
Flag Coverage Δ
fuzzcorpus 59.27% <ø> (-0.01%) ⬇️
livemode 18.75% <ø> (-0.11%) ⬇️
pcap 44.61% <ø> (+0.02%) ⬆️
suricata-verify 64.96% <ø> (+<0.01%) ⬆️
unittests 59.24% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

suricata-qa commented Dec 13, 2025

WARNING:

field baseline test %
IPS_AFP_stats_chk
.decoder.unknown_ethertype 6 7 116.67%
.decoder.event.ethernet.unknown_ethertype 6 7 116.67%

Pipeline = 28748

@victorjulien victorjulien self-assigned this Dec 15, 2025
catenacyber
catenacyber reviewed Dec 17, 2025
View reviewed changes
doc/userguide/devguide/extending/exception-policies/index.rst

Exception Policies allow control on how the engine will behave when it reaches
exception scenarios where it could lose visibility into traffic being processed,
for instance.
Copy link
Contributor

@catenacyber catenacyber Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feels strange to end a sentence by , for instance

catenacyber
catenacyber reviewed Dec 17, 2025
View reviewed changes
doc/userguide/devguide/extending/exception-policies/index.rst

- hitting memory capacity limits;
- encountering application layer protocol errors;
- picking a TCP session midstream.
Copy link
Contributor

@catenacyber catenacyber Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can these exception policies be reachable from the rules language ? (from signatures)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@catenacyber catenacyber catenacyber left review comments

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@victorjulien victorjulien

Labels

typo/doc update No code change : only doc or typo fixes

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jufajardini @suricata-qa @catenacyber @victorjulien
Morty Proxy This is a proxified and sanitized view of the page, visit original site.