aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,384 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '55b922ceed'
${ noResults }
Commit Graph

1043 Commits (55b922ceed868a4bf6c5d8e662b8c98876cc15d1)

Author SHA1 Message Date
Philippe Antoine 4933b817aa doc: fix byte_test examples 
As this keyword has 4 mandatory arguments, and some examples
had only three...

Ticket: 6629
 1 year ago
Juliana Fajardini a37fa62710 devguide: explain example-rule container usage 
Have these options documented, so that whoever writes rule-related
documentation can easily know what they could use to make the doc look
better.
 1 year ago
Juliana Fajardini fc2acf8cb0 devguide: fix main channels list 
Sphinx and RtD sometimes render lists in weird ways. The communication
channels list barely looked like one, at all...
 1 year ago
Juliana Fajardini d15877b2c0 devguide: update branches, refer to backports guide 
Update the list of active branches to include 7 renaming and new master,
link to backports document.
 1 year ago
Juliana Fajardini 9fbdfd219c devguide: add chapter with backports guide 
Task #6568
 1 year ago
Juliana Fajardini de8bffd244 devguide: doc from behavior changes needs ticket # 
If a commit introduces code that changes Suricata behavior, the related
documentation changes should go in a separate commit, but refer to the
same ticket number.
This reduces the chances of said changes being lost if there are backports
while still keeping the backporting process a bit less bulky, for each
commit.

Related to
Task #6568
 1 year ago
Juliana Fajardini 71e4ca81ef devguide: reorganize pr-workflow section 
This section seemed to aim both at PR reviewers and PR authors at the
same time, even though some info is probably of low value for
contributors.

Created new section for PR reviewers and maintainers, and kept the info
for PR authors separated. Also highlighted information on requested
changes and stale PRs.
 1 year ago
Juliana Fajardini 08eb67f74c devguide: make 'contributing' a chapter 
This could be justified from a semantic point of view, and also can help
in bringing more attention to where this information is, as it is less
hidden, now.

Also add Dev Guide as one of our resources in our Readme.
 1 year ago
Jason Ish 5d5b0509a5 requires: add requires keyword 
Add a new rule keyword "requires" that allows a rule to require specific
Suricata versions and/or Suricata features to be enabled.

Example:

  requires: feature geoip, version >= 7.0.0, version < 8;
  requires: version >= 7.0.3 < 8
  requires: version >= 7.0.3 < 8 | >= 8.0.3

Feature: #5972

Co-authored-by: Philippe Antoine <pantoine@oisf.net>
 1 year ago
Juliana Fajardini bba3d4fc63 userguide/eve: explain pgsql requests & responses 
Add a more visible explanation of that requests, responses, frontend and
and backend are, in Pgsql context, to avoid having to repeat that over
different portions of the docs.
 1 year ago
Juliana Fajardini 30ac77ce65 pgsql: add cancel request message 
A CanceldRequest can occur after any query request, and is sent over a
new connection, leading to a new flow. It won't take any reply, but, if
processed by the backend, will lead to an ErrorResponse.

Task #6577
 1 year ago
Juliana Fajardini 7dcc2e7a71 doc/eve-format: break pgsql section to char limit 1 year ago
Jason Ish c1a8dbcb72 doc/userguide: document dns.query.name, dns.answer.name 
With some other minor cleanups in the DNS keyword section.
 1 year ago
Jason Ish b11bb1c412 detect: rename DetectAppLayerInspectEngineRegister2 
Rename DetectAppLayerInspectEngineRegister2 to
DetectAppLayerInspectEngineRegister as there is no other variant of
this function, and the versioning with lack of supporting
documentation can lead to confusion.
 1 year ago
Jason Ish 50be098839 detect: rename DetectAppLayerMpmRegister2 to DetectAppLayerMpmRegister 
The old DetectAppLayerMpmRegister has not been around since 4.1.x.
Rename the v2 of this function to a versionless function as there is no
documentation referring to what the 2 means.
 1 year ago
Victor Julien 3456dea276 doc/userguide: update guidance on 5 to 6 upgrading 
TCP memory use can be higher than expected in certain configs.

Ticket: #6552.
 1 year ago
Shivani Bhardwaj b9540df5ad doc: clarify IP-only with iprep 1 year ago
jason taylor fc81c99b58 doc: add file.name information to smtp keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 9d1ad0187e doc: add file.name information to nfs keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 327ba7397a doc: add file.name information to smb keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor e4077b8803 doc: update ftp keyword doc example rule format 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor bb1f7575d3 doc: add file.name information to ftp keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor bbc17b1c7d doc: add file.name information to http keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Shivani Bhardwaj 2b73a17bb0 detect: rename whitelist to score 
The term "whitelist" is actually used to store a list of DetectPort type
items for tcp and udp in detect.h. Using the same term for also keeping
the score that affects the grouping of rules is confusing. So, rename
the variable to "score".
 1 year ago
Jason Ish cc0adaaf4a userguide: remove old css files 
In our conf.py we reference some ReadTheDocs stylesheets that appear to
be old and break formatting of some items like bulletted lists.

Bug: #6589
 1 year ago
Philippe Antoine 32cce122e1 detect: header_lowercase transform 
Ticket: 6290
 1 year ago
jason taylor c50002978d doc: update file.data keyword documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Juliana Fajardini a649a92afd userguide: update tls not_after/not_before mentions 
Our tls fields not_after and not_before are actually logged as
`notafter` and `notbefore`, but were documented with the underscore.

Update the documentation, since updating the log format itself would be
a breaking change.

Task #5494
 1 year ago
Juliana Fajardini 58fb559594 userguide: document flow_id, with examples 
Flow_id explanation expanded from version shared by Peter Manev.

Task #6445
 1 year ago
Sascha Steinbiss 0c55fe3515 detect: add mqtt.connect.protocolstring 
Ticket:  OISF#6396
 1 year ago
Victor Julien 6b2c33990f doc/userguide: add tag keyword page 
Ticket: #3015.
 1 year ago
Victor Julien 4a02a14df1 doc/userguide: document host table yaml settings 1 year ago
Jeff Lucovsky 9ee55d2394 doc/transform: Document case-changing transforms. 
Issue: 6439
 1 year ago
Ralph Eastwood 9865164e75 napatech: update docs to remove hba reference 1 year ago
Philippe Antoine ab9b6e30b1 detect: adds flow integer keywords 
Ticket: #6164

flow.pkts_toclient
flow.pkts_toserver
flow.bytes_toclient
flow.bytes_toserver
 1 year ago
Kirjan Kohuladas c8a7204b15 doc/rule-profiling: fix suricatasc typo 1 year ago
Juliana Fajardini 54d8f45afc userguide: add proper label to RPM install section 
Use a reference label that is stable, instead of one that could change
in case a new section is added above it.
 1 year ago
Daniel Olatunji 0e5fdbb8fb doc: be consistent with the use of "sudo" 
Issue: #5720
 1 year ago
Comfort Amaechi cf8b630ed2 userguide: cover install-full and install-conf 
Ticket: #6342
 1 year ago
jason taylor 535938d7f6 doc: add tls.cert_chain_len docs 
Ticket: #6386

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Juliana Fajardini 1a132f454a docs: adjust readthedocs config to new options 
Our documentation was failing to build, seems connected to the new way
of indicating build options (cf
https://readthedocs.org/projects/suricata/builds/22112658/,
https://docs.readthedocs.io/en/stable/config-file/v2.html#build,
and https://docs.readthedocs.io/en/stable/config-file/v2.html#build-os).

Added the build.os required new field, and adjusted the way python
version is passed.

For the new configuration style for read the docs, one of the ways to
pass extra configuration for python is having a requirements file.
 1 year ago
Juliana Fajardini ffed5eb3d3 doc/quickstart: add software-properties instruction 
This is indicated in the `Installation` section, but not in the
quickstart, and it felt like a valid addition, here, too.
 1 year ago
Juliana Fajardini 4ab4f711de doc/install: link to devguide's install from git 
Although we have an updated version of instructions for installation
from git, our install guide was only referring to RedMine, which is less
up-to-date.

Kept that reference, since it might still be useful for non-Ubuntu
cases.
 1 year ago
Shivani Bhardwaj 0a4011655f doc/code-submission: add commit sign guide 1 year ago
Travis Green 96a0e7016f doc: add tcp flags documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Jason Ish 2b57179d65 readthedocs: pin theme to sphinx_rtd_theme 
ReadTheDocs changed the default theme.
 2 years ago
Jason Ish ae3b1a9e36 configure: more idiomatic autoconf for sphinx-build checks 
- Use SPHINX_BUILD instead of HAVE_SPHINX_BUILD, as here we're
  actually using the path of the program.

- Wrap some elements in [] as is done in modern idiomatic autoconf
 2 years ago
Victor Julien c0201d3212 doc/userguide: add reload-tenant(s) doc 2 years ago
Victor Julien 6ba0956a75 multi-tenant: allow reload w/o yaml path 
Store yaml path in de ctx, for reloads w/o path.

This allows for a simpler `reload-tenant N`, where the previously
used yaml is reloaded.
 2 years ago
Victor Julien c87803ea0e detect: add multi-detect.config-path 
Add option to specify path from which to load the tenants.

Mostly meant to be used in testing.
 2 years ago
jason taylor be324d7856 doc: update file.magic information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 008cc78a03 doc: update fileext keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor e99b1787a2 doc: update file.name keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Alexandre Iooss c80941dd8d doc/userguide: improve SCStreamingBuffer example 
Add direction indication in SCStreamingBuffer usage example.
This adds documentation for the changes introduced by commit
5b1d8c7e94.
 2 years ago
Juliana Fajardini 5cef8fdfdf userguide/ppa: fix typo 
The launchpad repo for suricata-beta read 'oisd' instead of 'oisf'
 2 years ago
Juliana Fajardini 4fd3205bf0 userguide/install: add info on ubuntu ppa installs 
Bringing info that was only in our Redmine wiki to our documentation.

Task #6231
 2 years ago
Juliana Fajardini 765b05f139 docs: miscellanea updates 
- Fix a DPDK reference link, add some line breaks.
- Exemplify what a good commit message looks
like, for Suricata's commit style.
 2 years ago
Jason Ish 3e2a62915b doc/userguide: display version on front page 
When viewing the docs online at Readthedocs, or similar it might be
immediately apparent what version of the documentation is being
displayed. Display the version on the first line before the table of
contents to make it clear.
 2 years ago
Andreas Herz 26130d903f doc: add note about cpu prio overwrite behavior 2 years ago
Andreas Herz da68692547 doc: dataset - add type to be mandatory 2 years ago
Juliana Fajardini f16d428fd1 userguide/upgrade: link to exception policy FAQ 
With the release of 7, people are starting to have issues with traffic
being blocked. While we don't add a more expansive documentation for
this, add a link to the FAQ covering possible fixes for drops caused by
the fail closed default behavior of the exception policies.
 2 years ago
Juliana Fajardini 24745b3a73 doc/userguide: update ref to installation from git 
It was still pointing to the redmine wiki and the documentation to be
truthful to the new documentation.
 2 years ago
Jason Ish 500a7abf57 doc/support-status: add support status page 
Convert the wiki page,
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Support_Status
into a page that is versioned along with the user guide.

Includes many updates to reflect our current support status.
 2 years ago
Jason Ish ad94ebddb7 doc/userguide: avoid horizontal scroll on rtd 
Add CSS to avoid horizontal scroll in tables on ReadTheDocs. This will
wrap the text instead.

Also, vertically align to top so if a cell does wrap, other cells that
do not wrap don't place the text in the middle of the cell.
 2 years ago
Juliana Fajardini 9900bdc162 userguide/eve: format and reorganize alert section 
The `field action` portion seemed to be comprised of a more generic
section that followed it. Also formatted the section for lines to be
within the character limit.
 2 years ago
Juliana Fajardini 0437173848 output/drop: add verdict field 
Related to
Bug #5464
 2 years ago
Andreas Herz 24bcaf07ae doc/upgrade: add more 6 to 7 changes and minor improvements 
Issue: #5473
 2 years ago
jason taylor 62170d2fb9 doc: hyperscan information updated 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor c95fce39f0 doc: add multi buffer support note to keyword docs 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 88960e909d doc: add multiple buffer matching documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Jason Ish 0b5dc58e15 doc/userguide: more eve http upgrade notes 
Add more information with a examples of how the changes to EVE HTTP
logging may affect users.
 2 years ago
jason taylor 19a0b2b0d2 userguide: add details about tcp flow pass 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Jeff Lucovsky 47e268d609 detect/byte_math: Document bytes variable name 
Issue: 6145

Document that byte_math accepts a variable name for bytes (optional)
 2 years ago
Jeff Lucovsky 3a4554fc2b detect/byte-jump: Document var usage for nbytes 
Issue: 6105
 2 years ago
Jeff Lucovsky 73b943276e doc/byte_test: Document byte_test variable usage 
Issue: 6144

This commit updates the byte_test documentation now that a variable name
can be used for the nbytes value.
 2 years ago
Lukas Sismis 5a3ecbde62 doc: update install instructions 
Ticket: #5987
 2 years ago
Shivani Bhardwaj b6f8f5eb3b doc/http: use "sticky buffer" where applicable 2 years ago
Jeff Lucovsky ac8f91f44f config: Document cluster_rollover deprecation 
Issue: 6128

cluster_rollover is no longer permitted; using it will generate a
warning message and it'll be replaced with cluster_flow
 2 years ago
Jeff Lucovsky 29621c7f0d doc/afpacket: Document rollover deprecation 2 years ago
Juliana Fajardini e306bc6ecc exception: fix use of master switch with default 
If an exception policy wasn't set up individually, use the GetDefault
function to pick one. This will check for the master switch option and
handle 'auto' cases.

Instead of deciding what the auto value should be when we are parsing
the master switch, leave that for when some of the other policies is to
be set via the master switch, when since this can change for specific
exception policies - like for midstream, for instance.

Update exceptions policies documentation to clarify that the default
configuration in IPS when midstream is enabled is `ignore`, not
`drop-flow`.

Bug #6169
 2 years ago
Shivani Bhardwaj 18947c01e0 suricatasc: update running instructions 2 years ago
Jeff Lucovsky d822ba58e1 doc/multi-tenant: Clarify live traffic support 
Issue: 5930

This commit clarifies the live traffic support for multi-tenancy.
 2 years ago
Shivani Bhardwaj aeb408dd9d doc: fix typo encryption-handling 2 years ago
Jason Ish 90bb73046c userguide/security: grammar fixes 
Apply grammer fixes brought up in GitHub review comments by Juliana.
 2 years ago
liaozhiyuan a748164d58 dpdk: support multiple same EAL arguments 
DPDK apps can specify multiple arguments of the same
type. YAML format only allows unique keys within a single
node. This commit adds support for multiple EAL arguments
of the same type to be used within suricata.yaml.

Ticket: #5964
 2 years ago
Jason Ish 5f598931ac doc/userguide: start on a security chapter 
This is the start of a security consideration chapter, starting with
directions on how to run Suricata as a non-root user.
 2 years ago
Jason Ish 14daa42e0b doc/userguide: dataset upgrade notes 2 years ago
Jason Ish 4a97461f9a doc/userguide: notes about Lua rules being disabled by default 2 years ago
Juliana Fajardini c0db25d055 userguide: update exception policy behaviors table 
Some exception policies can only be applied to the triggering packet or
only make sense considering the whole flow. Highlight such cases in the
table showing each exception policy.

Related to
Bug #5825
 2 years ago
Juliana Fajardini 0c2922f02e doc: add midstream scenarios for exception policy 
The different interactions between midstream pick-up sessions and the
exception policy can be quite difficult to visualize. Add a section for
that in the userguide.

Related to
Bug #5825
 2 years ago
Philippe Antoine 415b036dca http1: implement http.request_header 
So that it is generic for HTTP1 and HTTP2

Ticket: #5780
 2 years ago
Philippe Antoine 7256ec8a6e detect/http2: do not escape ':' in header name or value 
for keywords http.request_header and http.response_header

Ticket: #5780
 2 years ago
Philippe Antoine 656554f293 http2: rename http2.header to http.request_header 
Or http.response_header based on the direction

http2.header had a different behavior than http.header and this was
confusing.

Ticket: #5780
 2 years ago
Philippe Antoine e30f4943ae doc: GitHub PRs workflow 2 years ago
Jeremy MountainJohnson 435d74d744 userguide/install: add info on arch-based installs 
Add Arch AUR information for installation on Arch-based distros.
 2 years ago
Philippe Antoine 5c419b79b7 doc: upgrade guide for logging http custom headers 
Ticket: #5320
 2 years ago
Juliana Fajardini f83c67bbb5 doc: add missing rule to engine-analysis section 
The first report didn't have an example rule to go with.
 2 years ago
Lukas Sismis 11c3aa868d doc: add DPDK Bond PMD docs 
Ticket: #6099
 2 years ago
Philippe Antoine 9287cbc33a http: logs custom headers in a subobject 
This subobject is request_headers or response_headers

This especially avoids json keys collisions.

Ticket: #5320

Also fixes typo referrer/referer
 2 years ago
Jason Ish 5af73b3879 doc/userguide: document include files 
Document how to use include files, plus add a deprecation notice on
the use of multiple "include" statements.
 2 years ago
Jason Ish a71dee5516 doc/userguide: merge logging changes in 7.0 upgrade notes 
Two "Logging changes" sections existed, merge.
 2 years ago
Jason Ish f8620d0ed2 docs: update url to docs.suricata.io 2 years ago
Victor Julien 3de687f30c profiling/rules: doc updates 2 years ago
Eric Leblond 694bff11ac doc: add rule profiling information 2 years ago
Jason Ish b0c329da04 doc/userguide: provide more RPM doc 
- Address the various RPM distributions
- User info
- Systemd info

Related issue: #5884
 2 years ago
Eloy Pérez González b3c7130749 krb5: update krb5_msg_type keyword docs 2 years ago
Lukas Sismis 1c3cb1e8cc docs: refactor DPDK docs and add performance tuning section 
Ticket: #5857
Ticket: #5858
 2 years ago
Lukas Sismis 03319263db docs: wrap DPDK doc section at 80 chars 2 years ago
Lukas Sismis d0bf3ba638 dpdk: add configure option 
Ticket: #5859
 2 years ago
Victor Julien 0903536fd6 doc: spelling 
Thanks to Josh Soref.
 2 years ago
Philippe Antoine 9bd2b72e2b doc: explain where tls.store stores certificates 
By adding a reference/link to the doc about the suricata.yaml
config section pecifying the directory where the certificates
are stored
 2 years ago
Victor Julien c0d9b3c078 doc/userguide: spelling 2 years ago
Victor Julien 4dbdaf8a8e doc/install: point to userguide 2 years ago
Victor Julien 19cabc9a02 doc: remove legacy windows install guide 2 years ago
Victor Julien 01f43604b9 doc: remove legacy pfring install guide 2 years ago
Wes Hurd aee41957e1 doc: add docutils.conf to disable smart quotes 2 years ago
Andreas Herz 3045e75ee1 doc: add note on the hashsize recommendation for datasets 2 years ago
Victor Julien a006aef4d0 doc: fix description of iptables rules 2 years ago
Bazzan Don 38b3fffbc7 doc/optimization: move "convert.py" to Python3 
Ticket: #5596
 2 years ago
Morris Chan b9aac6dd18 yaml: grammar fixup 2 years ago
Juliana Fajardini ae2a477978 devguide: clarify clang formatting changes policy 
It was pointed out by a contributor that our workflow mentioned
rewrite-branch as the preferred way, while in fact our policy is to add
said changes to a different commit. Updating documentation to prevent
other situations like that.
 2 years ago
Rafael Girão 6ec3bc189a docs: remove obsolete af-packet warning 2 years ago
John Dewey 365bec3da6 netmap: Correct LB + Netmap YAML usage 
Corrected the example YAML configuration when using Netmap and
LB.
 2 years ago
Jeff Lucovsky 0ad6d4358f add to doc/pfring: Document additional cluster types 2 years ago
Jeff Lucovsky b1918168f9 doc/pfring: Document additional cluster types 
This commit adds brief discussion for additional cluster types for use
with the pf-ring packet source.

Newly added:
- cluster_inner_flow
- cluster_inner_flow_2_tuple
- cluster_inner_flow_4_tuple
- cluster_inner_flow_5_tuple

Issue: 5975
 2 years ago
Philippe Antoine 59734d16a1 detect: use http.connection to client 
Ticket: #5746
 2 years ago
Philippe Antoine 6bc7f02e13 doc: rules can have http1 as protocol 
Ticket: #5962
 2 years ago
Jeff Lucovsky fd46c93a8f doc/byte_math: Add divide by 0 discussion. 
Issue: 5945
 2 years ago
Juliana Fajardini d314b57e6b userguide/muti-tenant: fix typo 2 years ago
jason taylor 5abcd50142 doc: add tenant id value requirement 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Juliana Fajardini 31066c7c3b docs: clarify exception policy's supported values 
As flow.memcap-policy and defrag.memcap-policy do not support flow
actions, clarify that in the documentation. Also fix some typos, and
add missing values in some places where the exception policies were
explained.

Related to
Bug #5940
 2 years ago
Jeff Lucovsky 35bbdf4124 doc/content: Add limits for distance/within 
Ticket: 5740
 2 years ago
Philippe Antoine 8f9cd8ff1a doc: security.limit-noproc upgrade note 
Ticket: #5621
 2 years ago
Shivani Bhardwaj 0f3e7761da doc: add dataset examples 2 years ago
Lancer Cheng 6142593a69 doc: add version filed in NTLMSSP documentation 
Bug OISF#5783
 2 years ago
Haleema Khan 609df1776e userguide: update tls keywords information 
Ticket #5544
 2 years ago
jason taylor 8e5b1fe8e6 userguide: add DHCP EVE log information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Victor Julien f4fa51986e doc: warn IPS users on new exception policy default 2 years ago
Philippe Antoine e3105a6614 ftp: adds a config option ftp-hash for autofp-scheduler 
This allows ftp-data and ftp flows to be processed by the same
thread. Otherwise, there may be a concurrency issue where the
would-be ftp-data flow is first processed, and thus not recognized
as such. And the ftp flow gets processed later and the expectation
coming from it is never found.

To do so, the flow hash gets used as usual, except for flows that
may be either ftp or ftp-data, that is either one port is 21, or
both ports are high ones.

Ticket: #5205
 2 years ago
Jason Ish 1b844cd7f7 doc/userguide: document --include command line option 2 years ago
Philippe Antoine b52293b609 dcerpc: config limit maximum number of live transactions 
As is done for other protocols

Ticket: #5779
 2 years ago
Juliana Fajardini 918bd7435c userguide/config: update log format symbols list 
There were some possible format options missing after the recent changes
in the log format.
 2 years ago
Juliana Fajardini 0d9289014b exceptions: add master switch config option 
This allows all traffic Exception Policies to be set from one
configuration point. All exception policy options are available in IPS
mode. Bypass, pass and auto (disabled) are also available in iDS mode

Exception Policies set up individually will overwrite this setup for the
given traffic exception.

Task #5219
 2 years ago
jason taylor 0632233791 userguide: update http.cookie description 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Philippe Antoine 55c4834e4e smb: configurable max number of transactions per flow 
Ticket: #5753
 2 years ago
Jason Ish 48f0fd3c74 doc/userguide: update logging section for time formats 
- Update fragment of configuration file to match suricata.yaml with
  new default-log-format.
- Document new %z format specifier.
 2 years ago
Juliana Fajardini 4c7ca2c367 devguide/install: add note about ubuntu version 
We want to make it clear with which system the instructions for
installing from were tested with.
 2 years ago
Juliana Fajardini 377885f420 exception-policies: fix typos 2 years ago
Bazzan Don 6e4a5cee7a devguide: add page on installing suricata from git 
As part of the process of moving documentation from redmine
to "Read the Docs", this commit moves installing Suricata using git
page from redmine wiki into Suricata Developer Guide section.
It also updates the necessary steps.

Ticket: #5585
 2 years ago
Jason Ish 0a4e3d0f82 doc/userguide: ubuntu: install software-properties-common 
This package likely needs to be installed when starting with an Ubuntu
container or other minimal Ubuntu install.

Ticket: #5616
 2 years ago
Richard McConnell b39a4c63fe doc: document AF_XDP feature 2 years ago
Todd Mortimer 15c77be937 swf-decompression: Disable by default. 
Add an entry to the upgrade guide noting the change.

Ticket: #5632
 2 years ago
Jeff Lucovsky 197ad51138 doc: Update bsize documentation 
This commit updates the bsize documentation

1. Describe what happens when "content" immediately precedes "bsize"
2. Include the operators and
3. Include examples using the operators.
 2 years ago
jason taylor 9dc8fffe05 userguide: update tos keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 1d9b91a987 userguide: update fragoffset keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 7c73144988 userguide: update fragbits information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 4be9793e36 userguide: update geoip information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor e8eba6e4a1 userguide: update id keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor cfd0da133e userguide: update ipv6.hdr keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 150a04b597 userguide: update ipv4.hdr keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 298f59c2ba userguide: update ip_proto keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 6226492976 userguide: update sameip keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor f97ba44339 userguide: update ipopts keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 9b4e6e5802 userguide: update ttl keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Philippe Antoine ce710181f6 doc: update doc for HTTP file.data to server 
Ticket: #4144

Completes e587f6792a
 2 years ago
Jeff Lucovsky 5a6e68285b doc/netmap: Describe Netmap IPS usage 
Issue: 5512

This commit summarizes Netmap usage with Suricata's IPS mode.
 2 years ago
Jason Ish 9d653512f9 doc/userguide: update bittorrent-dht eve examples 
Update the bittorrent-dht examples using real log records with peers
and nodes broken down into objects.
 2 years ago
Jason Ish 065f3ab9f1 doc: rename bittorrent-dht to bittorrent_dht in eve output 2 years ago
Jason Ish 0ea9ba66d1 userguide/eve-log: remove mentions of requiring Rust 
Rust is required to build now.
 2 years ago
Aaron Bungay d166c48d28 docs: update for bittorrent-dht app-layer 2 years ago
Philippe Antoine a003640ecf security: prevents process creation 
with setrlimit NPROC.

So that, if Suricata wants to execve or such to create a new process
the OS will forbid it so that RCE exploits are more painful to write.

Ticket: #5373
 2 years ago
Richard McConnell 7f4c1d5e2f doc/systemd: add documentation for sd_notify 2 years ago
Eric Leblond 9fb0137d9d doc: add reference to ipaddr in IP matching 2 years ago
Eric Leblond 3bd48d9336 detect: doc link for ip.src and ip.dst 2 years ago
Eric Leblond da8b16eaeb doc: add ip.dst and ip.src doc 2 years ago
Eric Leblond 3599cbf1c4 doc: document new dataset types 
Feature: #5383
 2 years ago
Eric Leblond a1a22cccd2 doc: document dataset-lookup 
Ticket: #5184
 2 years ago
Eric Leblond 20973e9e6b doc: add dataset-clear command 
Ticket: #5184
 2 years ago
Eric Leblond c5559cb68f doc: document dataset-dump command 
Ticket: #5184
 2 years ago
Victor Julien 2f6c014f70 doc/devguide: update packet (de)alloc in unittests 2 years ago
Lukas Sismis 37cf365e19 docs: remove outdated constraint of negation support for ssl_state 
Commit 487cdda93d adds negation support for the SSL state.
 2 years ago
Juliana Fajardini e4b46e0763 doc/acknowledgements: add a few more names 
Added some names of known contributors to the documentation
 2 years ago
Juliana Fajardini 3c25185e0b devguide: add section about stale tickets policy 
Just to set the right expectations, and to have it registered for us,
too.
 2 years ago
Shivani Bhardwaj 2a0cb1f3da doc: update base64_decode notes 2 years ago
Lukas Sismis e101384e7b transversal: remove suricata-ids.org references 2 years ago
Lukas Sismis a4a69c3e71 doc/dpdk: add IPS setup docs for DPDK mode 
Ticket: #5511
 2 years ago
Eric Leblond f46f895e8d rust/smb: import NT status code for Microsoft doc 
This patch updates the NT status code definition to use the status
definition used on Microsoft documentation website. A first python
script is building JSON object with code definition.

```
import json
from bs4 import BeautifulSoup
import requests

ntstatus = requests.get('https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55')

ntstatus_parsed = BeautifulSoup(ntstatus.text, 'html.parser')

ntstatus_parsed = ntstatus_parsed.find('tbody')

ntstatus_dict = {}

for item in ntstatus_parsed.find_all('tr'):
    cell = item.find_all('td')
    if len(cell) == 0:
        continue
    code = cell[0].find_all('p')
    description_ps = cell[1].find_all('p')
    description_list = []
    if len(description_ps):
        for desc in description_ps:
            if not desc.string is None:
                description_list.append(desc.string.replace('\n ', ''))
    else:
        description_list = ['Description not available']
    if not code[0].string.lower() in ntstatus_dict:
        ntstatus_dict[code[0].string.lower()] = {"text": code[1].string, "desc": ' '.join(description_list)}

print(json.dumps(ntstatus_dict))
```

The second one is generating the code that is ready to be inserted into the
source file:

```
import json

ntstatus_file = open('ntstatus.json', 'r')

ntstatus = json.loads(ntstatus_file.read())

declaration_format = 'pub const SMB_NT%s:%su32 = %s;\n'
resolution_format = '        SMB_NT%s%s=> "%s",\n'

declaration = ""
resolution = ""

text_max = len(max([ntstatus[x]['text'] for x in ntstatus.keys()], key=len))

for code in ntstatus.keys():
    text = ntstatus[code]['text']
    text_spaces = ' ' * (4 + text_max - len(text))
    declaration += declaration_format % (text, text_spaces, code)
    resolution += resolution_format % (text, text_spaces, text)

print(declaration)
print('\n')
print('''
pub fn smb_ntstatus_string(c: u32) -> String {
    match c {
''')
print(resolution)
print('''
        _ => { return (c).to_string(); },
    }.to_string()
}
''')
```

Bug #5412.
 2 years ago
jason taylor db5cf1f8f9 userguide: Add rule file globbing option details 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Juliana Fajardini 7b0008d4f0 userguide: add section about exception policies 
This describes briefly what the exception policies are, what is the
engine's behavior, what options are available and to which parts are
they implemented.

Task #5475
Task #5515
 2 years ago
Juliana Fajardini 6f294f2f2d userguide: minor rewording and typo fixes 
Some of these were recently introduced, some were highlited after the
applayer sections got merged. Some paragraphs seem to have been changed
due to trying to respect character limits for lines. Also includes a
typo pointed out by one of our community members via Discord.
 2 years ago
Jeff Lucovsky 33c424f9ed doc/byte_math: Add byte_math differences with snort 
Issue: 5077
 2 years ago
Jeff Lucovsky 192a31c74e doc: Fixup byte* entries to display tables properly 2 years ago
Philippe Antoine 390cf9248f detect: adds flow.age keyword 
Ticket: #5536
 2 years ago
Philippe Antoine af40873127 pgsql: config limit maximum number of live transactions 
As is done for other protocols

Ticket: #5527
 2 years ago
Eric Leblond 1b24f4d357 doc: document landlock feature 3 years ago
Philippe Antoine fe91506320 doc/http2: suricata.yaml max-streams parameter 
Ticket: #4949
 3 years ago
Juliana Fajardini bbd968c738 exceptions: add reject support to exception policy 
This enables the usage of 'reject' as an exception policy. As for both
IPS and IDS modes the intended result of sending a reject packet is to
reject the related flow, this will effectively mean setting the reject
action to the packet that triggered the exception condition, and then
dropping the associated flow.

Task #5503
 3 years ago
Philippe Antoine 5ef259722b dhcp: adds renewal-time keyword 
Ticket: #5507
 3 years ago
Philippe Antoine 6faf6299e0 dhcp: adds rebinding-time keyword 
Ticket: #5506
 3 years ago
Juliana Fajardini ef54f36e34 userguide: briefly introduce exception policy opts 
Added them in the configuration section so folks can be more aware of
them, while a more complete documentation isn't around.

Related to
Task #5475
 3 years ago