10 Commits (7627756360f6153eccaa0b2d3ee2ceefcb148281)

Author	SHA1	Message	Date
Ofer Dagan	7627756360	detect/detection_filter: add unique_on option ... Add optional unique_on {src_port|dst_port} to detection_filter for exact distinct port counting within the seconds window. Features: - Runtime uses a single 64k-bit (8192 bytes) union bitmap per threshold entry with O(1) updates. - Follows detection_filter semantics: alerting starts after the threshold (> count), not at it. - On window expiry, the window is reset and the current packet's port is recorded as the first distinct of the new window. Validation: - unique_on requires a ported transport protocol; reject rules that are not tcp/udp/sctp or that use ip (protocol any). Memory management: - Bitmap memory is bounded by detect.thresholds.memcap. - New counters: bitmap_memuse and bitmap_alloc_fail. Tests: - C unit tests for parsing, distinct counting, window reset, and allocation failure fallback. - suricata-verify tests for distinct src/dst port counting. Task #7928	3 months ago
Juliana Fajardini	907f4faff8	doc/thresholding: minor fix for backoff subsection	5 months ago
Jeff Lucovsky	e9128e66e6	doc/threshold: Threshold keyword clarifications ... Issue: 7129	1 year ago
Victor Julien	afc318737a	doc/userguide: document threshold backoff type	2 years ago
Victor Julien	e362a01f8d	doc/userguide: document new threshold config options	2 years ago
Victor Julien	405491c3fc	detect/detection_filter: add support for track by_flow	2 years ago
Victor Julien	3f04af7c7f	doc: add thresholding by_flow	2 years ago
Todd Mortimer	6b4d32c6bb	doc: Update documentation for by_rule and by_both thresholds.	6 years ago
Ralph Broenink	722cff1862	doc: Restructure ToC ... * All sections up to 2 levels deep are now shown regardless of whether they are a separate page * Rename Xbits and Thresholding for more consistent naming * Minor adjustment in the Payload Keywords section	8 years ago
Jason Ish	2751baae46	doc: rename from "sphinx" to "userguide"	10 years ago