Our tls fields not_after and not_before are actually logged as
`notafter` and `notbefore`, but were documented with the underscore.
Update the documentation, since updating the log format itself would be
a breaking change.
Task #5494
(cherry picked from commit a649a92afd)
Bringing info that was only in our Redmine wiki to our documentation,
and update package to Suricata-6.0, now that the stable points to
Suricata 7.
Task #6231
(cherry picked from commit 4fd3205bf0)
The `field action` portion seemed to be comprised of a more generic
section that followed it. Also formatted the section for lines to be
within the character limit.
(cherry picked from commit 9900bdc162)
If an exception policy wasn't set up individually, use the GetDefault
function to pick one. This will check for the master switch option and
handle 'auto' cases.
Instead of deciding what the auto value should be when we are parsing
the master switch, leave that for when some of the other policies is to
be set via the master switch, when since this can change for specific
exception policies - like for midstream, for instance.
Update exceptions policies documentation to clarify that the default
configuration in IPS when midstream is enabled is `ignore`, not
`drop-flow`.
Bug #6169
(cherry picked from commit e306bc6ecc)
Some exception policies can only be applied to the triggering packet or
only make sense considering the whole flow. Highlight such cases in the
table showing each exception policy.
Related to
Bug #5825
(cherry picked from commit c0db25d055)
The different interactions between midstream pick-up sessions and the
exception policy can be quite difficult to visualize. Add a section for
that in the userguide.
Related to
Bug #5825
(cherry picked from commit 0c2922f02e)
This allows all traffic Exception Policies to be set from one
configuration point. All exception policy options are available in IPS
mode. Bypass, pass and auto (disabled) are also available in iDS mode
Exception Policies set up individually will overwrite this setup for the
given traffic exception.
Task #5219
(cherry picked from commit 0d9289014b)
This commit adds brief discussion for additional cluster types for use
with the pf-ring packet source.
Newly added:
- cluster_inner_flow
- cluster_inner_flow_2_tuple
- cluster_inner_flow_4_tuple
- cluster_inner_flow_5_tuple
Issue: 5975
(cherry picked from commit b1918168f9)
As flow.memcap-policy and defrag.memcap-policy do not support flow
actions, clarify that in the documentation. Also fix some typos, and
add missing values in some places where the exception policies were
explained.
Related to
Bug #5940
(cherry picked from commit 31066c7c3b)
This package likely needs to be installed when starting with an Ubuntu
container or other minimal Ubuntu install.
Ticket: #5616
(cherry picked from commit 0a4e3d0f82)
This describes briefly what the exception policies are, what is the
engine's behavior, what options are available and to which parts are
they implemented.
Task #5475
Task #5515
Some of these were recently introduced, some were highlited after the
applayer sections got merged. Some paragraphs seem to have been changed
due to trying to respect character limits for lines. Also includes a
typo pointed out by one of our community members via Discord.
This enables the usage of 'reject' as an exception policy. As for both
IPS and IDS modes the intended result of sending a reject packet is to
reject the related flow, this will effectively mean setting the reject
action to the packet that triggered the exception condition, and then
dropping the associated flow.
Task #5503
(cherry picked from commit bbd968c738)
Added them in the configuration section so folks can be more aware of
them, while a more complete documentation isn't around.
Related to
Task #5475
(cherry picked from commit ef54f36e34)
We had two sections under the suricata.yaml configuration section
describing settings for application layer parsers. This merges them into
one and also fixes a few subsection title levels.
Task #5364
(cherry picked from commit 0cc040cf61)
sphinx-build 5.1.1 and above throws a warning which is treated as an
error while building.
Invalid configuration value found: 'language = None'. Update your configuration to a valid language code. Falling back to 'en' (English).
(cherry picked from commit 2c4d6b33ae)
Ralph Eastwood
Philippe Antoine
Lukas Sismis
jason taylor
Juliana Fajardini
Travis Green
Jason Ish
Shivani Bhardwaj
Morris Chan
Victor Julien
Andreas Herz
Wes Hurd
Jeff Lucovsky