aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,766 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6a23fafa5f'
${ noResults }
Commit Graph

964 Commits (6a23fafa5f04ad65ba0a23a174aa3727dccad326)

Author SHA1 Message Date
Giuseppe Longo 4f1e71bb4e doc: add sdp update 10 months ago
Juliana Fajardini bb59124063 yaml: unify 0 stats counter config option terms 
When we added feature #5976 (72146b969), we overlook that we also have
a config stats option for the human-readable stats logs to output
0 counters.
Due to not seeing this before, we now have two different setting names
for basically the same thing, but in different logs:
- zero-valued-counters for EVE
- null-values for stats.log

This ensures we use the same terminology, and change the recently added
one to `null-values`, as this one has been around for longer.

Task #6962
 11 months ago
Philippe Antoine 44b6aa5e4b app-layer: websockets protocol support 
Ticket: 2695
 11 months ago
Sascha Steinbiss 120313f4da ja4: implement for TLS and QUIC 
Ticket: OISF#6379
 11 months ago
Jeff Lucovsky 7a5a1e2560 doc: Describe noalert keyword 
Issue: 6685
 11 months ago
Juliana Fajardini 72146b969c eve/stats: allow hiding counters whose valued is 0 
Some stats can be quite verbose if logging all zero valued-counters.
This allows users to disable logging such counters. Default is still
true, as that's the expected behavior for the engine.

Task #5976
 11 months ago
Juliana Fajardini 514e8b8b04 userguide: document exception policy stats 
Configuration options and defaults, existing counters etc.

Related to
Task #5816
 11 months ago
Juliana Fajardini 94b111283d userguide: highlight exception policy effects 
Some exception policies can only be applied to entire flows or
individual packets, for some exception scenarios. Make this easier to
read, in the documentation.

Related to
Task #5816
 11 months ago
jason taylor 7de16809ef doc: update http keyword listing order 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 8b3db3c3b5 doc: update file.name keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 49dba7bb94 doc: update file.data keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor bee3aa9709 doc: update http.response_header keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor dcb548106e doc: update http.request_header keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 3f5d228b9e doc: update http.host http.host.raw keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 739dfe5e5e doc: update http.location keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 9ddd8cf9e0 doc: update http.server keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 3af98f3b92 doc: update http.response_body keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 64760e2e75 doc: update http.response_line keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 566bc0d39c doc: update http.stat_msg keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 271321249f doc: update http.stat_code keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 71d8488cb5 doc: update http.request_body keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor c2783e9391 doc: update http.header_names keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 5eadbc2ff0 doc: update http.start keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 7e65554462 doc: update http.referer keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 876dfb99ca doc: update http.content_len keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 8ff06c1bc0 doc: update http.content_type keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor b2854486dd doc: update http.connection keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 75436dff9c doc: update http.accept_lang keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor f6375e487e doc: update http.accept_enc keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 7e3288f5a7 doc: update http keyword normalization notes 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 9e87d89d2e doc: update http.accept keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 8307168ae7 doc: update http.user_agent keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 75c4cdfa1c doc: update http.cookie keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 7a28874c8d doc: update http.header keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor b3af723486 doc: remove legacy description/duplicated data 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 292b3eb9b3 doc: update http.request_line keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor c7f351bd6e doc: update http.protocol keyword documentation 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 2d0ceedeba doc: update urilen keyword documentation 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor ef118aa582 doc: remove legacy uricontent information 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 96e8c10276 doc: update http.uri and http.uri.raw keywords 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor bf192926a8 doc: update http.method keyword 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 0cce5ba447 doc: add http keyword links 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor fd46175203 doc: update http primer information 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
jason taylor 54fd35c5b4 doc: remove legacy tables and image references 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 11 months ago
Victor Julien 34f53f85bc systemd: reimplement sd_notify logic using UNIX socket 
One of the lessons of the XZ backdoor story was that just linking to
libsystemd to call sd_notify is discouraged by the systemd project:

Lennart Poettering:
"PSA: In context of the xzpocalypse we now added an example reimplementation
of sd_notify() to our man page:

https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html#Notes

It's pretty comprehensive (i.e. uses it for reload notification too), but
still relatively short.

In the past, I have been telling anyone who wanted to listen that if all you
want is sd_notify() then don't bother linking to libsystemd, since the
protocol is stable and should be considered the API, not our C wrapper
around it. After all, the protocol is so trivial"

From: https://mastodon.social/@pid_eins/112202687764571433

This commit takes the example code and uses it to reimplement the notify
logic.

The code is enabled if Linux is detected in configure. Since the code
won't do anything if the NOTIFY_SOCKET env var isn't set, this should
also work fine on systems w/o systemd.

Ticket: #6913.
 11 months ago
Jason Ish 51bf1c3510 docs/userguide: use a consistent date for reproducible builds 
By default, when Sphinx generates the man pages, the current date will
be embedded in them. This can be set to a specific date with the
"today" variable. Typically the date embedded in manpages in the
release date.

To achieve this, attempt to use the environment variable, RELEASE_DATE
to set the "today" variable, reverting back to the empty string if not
set. It is up to our build system to properly set this date.

Ticket: #6911
 11 months ago
Jason Ish 4c16032f63 docs/conf.py: fix python escape warning 
/home/jason/oisf/dev/suricata/master/doc/userguide/conf.py:74: SyntaxWarning: invalid escape sequence '\('
  "AC_INIT\(\[suricata\],\s*\[(.*)?\]\)",
 11 months ago
Jason Ish 8284df3ed4 devguide: add an upgrade section 
Add an upgrade section to the devguide. This should cover any changes
to APIs that users might be using from plugins or as a library user.
 12 months ago
Hadiqa Alamdar Bukhari 3aa313d0c5 dns: add dns.rcode keyword 
dns.rcode matches the rcode header field in DNS messages
It's an unsigned integer
valid ranges = [0-15]
Does not support prefilter
Supports matches in both flow directions

Task #6621
 12 months ago
Juliana Fajardini 7b2bef1bc6 devguide: add chapter and short intro to libsuricata 
With this, we intend to make more users aware of this use case, and that
we are working towards this.

Related to
Task #2693
 12 months ago