suricata

Commit Graph

Author	SHA1	Message	Date
jason taylor	f6375e487e	doc: update http.accept_enc keyword information Ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	7e3288f5a7	doc: update http keyword normalization notes Ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	9e87d89d2e	doc: update http.accept keyword information Ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	8307168ae7	doc: update http.user_agent keyword Ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	75c4cdfa1c	doc: update http.cookie keyword information Ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	7a28874c8d	doc: update http.header keyword information Ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	b3af723486	doc: remove legacy description/duplicated data Ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	292b3eb9b3	doc: update http.request_line keyword information Ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	c7f351bd6e	doc: update http.protocol keyword documentation Ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	2d0ceedeba	doc: update urilen keyword documentation ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	ef118aa582	doc: remove legacy uricontent information ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	96e8c10276	doc: update http.uri and http.uri.raw keywords ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	bf192926a8	doc: update http.method keyword ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	0cce5ba447	doc: add http keyword links ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	fd46175203	doc: update http primer information ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
jason taylor	54fd35c5b4	doc: remove legacy tables and image references ticket: 3025 Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
Victor Julien	34f53f85bc	systemd: reimplement sd_notify logic using UNIX socket One of the lessons of the XZ backdoor story was that just linking to libsystemd to call sd_notify is discouraged by the systemd project: Lennart Poettering: "PSA: In context of the xzpocalypse we now added an example reimplementation of sd_notify() to our man page: https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html#Notes It's pretty comprehensive (i.e. uses it for reload notification too), but still relatively short. In the past, I have been telling anyone who wanted to listen that if all you want is sd_notify() then don't bother linking to libsystemd, since the protocol is stable and should be considered the API, not our C wrapper around it. After all, the protocol is so trivial" From: https://mastodon.social/@pid_eins/112202687764571433 This commit takes the example code and uses it to reimplement the notify logic. The code is enabled if Linux is detected in configure. Since the code won't do anything if the NOTIFY_SOCKET env var isn't set, this should also work fine on systems w/o systemd. Ticket: #6913.	1 year ago
Jason Ish	51bf1c3510	docs/userguide: use a consistent date for reproducible builds By default, when Sphinx generates the man pages, the current date will be embedded in them. This can be set to a specific date with the "today" variable. Typically the date embedded in manpages in the release date. To achieve this, attempt to use the environment variable, RELEASE_DATE to set the "today" variable, reverting back to the empty string if not set. It is up to our build system to properly set this date. Ticket: #6911	1 year ago
Jason Ish	4c16032f63	docs/conf.py: fix python escape warning /home/jason/oisf/dev/suricata/master/doc/userguide/conf.py:74: SyntaxWarning: invalid escape sequence '\(' "AC_INIT\(\[suricata\],\s\[(.)?\]\)",	1 year ago
Jason Ish	8284df3ed4	devguide: add an upgrade section Add an upgrade section to the devguide. This should cover any changes to APIs that users might be using from plugins or as a library user.	1 year ago
Hadiqa Alamdar Bukhari	3aa313d0c5	dns: add dns.rcode keyword dns.rcode matches the rcode header field in DNS messages It's an unsigned integer valid ranges = [0-15] Does not support prefilter Supports matches in both flow directions Task #6621	1 year ago
Juliana Fajardini	7b2bef1bc6	devguide: add chapter and short intro to libsuricata With this, we intend to make more users aware of this use case, and that we are working towards this. Related to Task #2693	1 year ago
Hadiqa Alamdar Bukhari	4b81851097	dns: add dns.rrtype keyword It matches the rrtype field in DNS It's an unsigned integer match valid ranges = [0-65535] Does not support prefilter Supports flow in both directions Feature #6666	1 year ago
Giuseppe Longo	3dc24a967a	doc: add upgrade section for 8	1 year ago
Giuseppe Longo	add95002b9	suricata.yaml: define SIP_PORTS	1 year ago
Philippe Antoine	e22217bda8	doc: there is no right shift for integer bitmasks Ticket: 6628	1 year ago
Lukas Sismis	356f9ffa13	doc: mention the limited number of RX/TX descriptors on Intel NICs Ticket: 6748	1 year ago
jason taylor	e891ef3d4e	doc: add pcap file logging variable details Signed-off-by: jason taylor <jtfas90@gmail.com>	1 year ago
Jeff Lucovsky	ee6208be9d	config/nss: Remove libnspr/libnss traces Issue: 6712	2 years ago
Philippe Antoine	8f73a0ac55	smtp: config limit maximum number of live transactions Ticket: #6477	2 years ago
Philippe Antoine	4175680a8a	http1: configurable max number of live tx per flow Ticket: #5921 Co-authored-by: Jason Ish <jason.ish@oisf.net>	2 years ago
Philippe Antoine	f6e1a20215	detect: dns.opcode as first-class integer Ticket: 5446 That means it can accept ranges	2 years ago
Juliana Fajardini	244a35d539	userguide: fix explanation about bsize ranges Our code handles Uint ranges as exclusive, but for bsize, our documentation stated that they're inclusive. Cf. from uint.rs: DetectUintMode::DetectUintModeRange => { if val > x.arg1 && val < x.arg2 { return true; } } Task #6708	2 years ago
Philippe Antoine	b8bc2c7e0f	doc: integer keywords Ticket: 6628 Document the generic detection capabilities for integer keywords. and make every integer keyword pointing to this section.	2 years ago
Jason Ish	8bf8131c31	doc: note what version "requires" was added in	2 years ago
jason taylor	3cb7112aa5	detect: update smb.version keyword Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Eloy Pérez González	a4901a1f70	smb: add smb.keyword documentation	2 years ago
Juliana Fajardini	df6444822e	userguide: clarify midstream exception policy The description of behavior when midstream is enabled and exception policy is set to ignore wasn't descriptive enough. Fix typos.	2 years ago
Lukas Sismis	6e4cc79b39	doc: remove references to prehistoric versions Remove references that are mentioning Suricata 3 or less As a note - only one Suricata 4 reference found: (suricata-yaml.rst:"In 4.1.x") Fast pattern selection criteria can be internally found by inspecting SupportFastPatternForSigMatchList and SigTableSetup functions. Ticket: #6570	2 years ago
Lukas Sismis	2a2898053c	dpdk: add interrupt (power-saving) mode When the packet load is low, Suricata can run in interrupt mode. This more resembles the classic approach of processing packets - CPU cores run low and only fetch packets on interrupt. Ticket: #5839	2 years ago
Lukas Sismis	ca6f7c2d00	dpdk: rework hugepage hints to use per-numa information Previous integration of hugepage analysis only fetched data from /proc/meminfo. However this proved to be often deceiving mainly for providing only global information and not taking into account different hugepage sizes (e.g. 1GB hugepages) and different NUMA nodes. Ticket: #6419	2 years ago
Jeff Lucovsky	58f882db94	doc/pcap-log: Remove squil documentation Issue: 6347	2 years ago
Philippe Antoine	adf5e6da7b	detect: strip_pseudo_headers transform Ticket: 6546	2 years ago
Philippe Antoine	4933b817aa	doc: fix byte_test examples As this keyword has 4 mandatory arguments, and some examples had only three... Ticket: 6629	2 years ago
Juliana Fajardini	a37fa62710	devguide: explain example-rule container usage Have these options documented, so that whoever writes rule-related documentation can easily know what they could use to make the doc look better.	2 years ago
Juliana Fajardini	fc2acf8cb0	devguide: fix main channels list Sphinx and RtD sometimes render lists in weird ways. The communication channels list barely looked like one, at all...	2 years ago
Juliana Fajardini	d15877b2c0	devguide: update branches, refer to backports guide Update the list of active branches to include 7 renaming and new master, link to backports document.	2 years ago
Juliana Fajardini	9fbdfd219c	devguide: add chapter with backports guide Task #6568	2 years ago
Juliana Fajardini	de8bffd244	devguide: doc from behavior changes needs ticket # If a commit introduces code that changes Suricata behavior, the related documentation changes should go in a separate commit, but refer to the same ticket number. This reduces the chances of said changes being lost if there are backports while still keeping the backporting process a bit less bulky, for each commit. Related to Task #6568	2 years ago
Juliana Fajardini	71e4ca81ef	devguide: reorganize pr-workflow section This section seemed to aim both at PR reviewers and PR authors at the same time, even though some info is probably of low value for contributors. Created new section for PR reviewers and maintainers, and kept the info for PR authors separated. Also highlighted information on requested changes and stale PRs.	2 years ago
Juliana Fajardini	08eb67f74c	devguide: make 'contributing' a chapter This could be justified from a semantic point of view, and also can help in bringing more attention to where this information is, as it is less hidden, now. Also add Dev Guide as one of our resources in our Readme.	2 years ago
Jason Ish	5d5b0509a5	requires: add requires keyword Add a new rule keyword "requires" that allows a rule to require specific Suricata versions and/or Suricata features to be enabled. Example: requires: feature geoip, version >= 7.0.0, version < 8; requires: version >= 7.0.3 < 8 requires: version >= 7.0.3 < 8 \| >= 8.0.3 Feature: #5972 Co-authored-by: Philippe Antoine <pantoine@oisf.net>	2 years ago
Juliana Fajardini	bba3d4fc63	userguide/eve: explain pgsql requests & responses Add a more visible explanation of that requests, responses, frontend and and backend are, in Pgsql context, to avoid having to repeat that over different portions of the docs.	2 years ago
Juliana Fajardini	30ac77ce65	pgsql: add cancel request message A CanceldRequest can occur after any query request, and is sent over a new connection, leading to a new flow. It won't take any reply, but, if processed by the backend, will lead to an ErrorResponse. Task #6577	2 years ago
Juliana Fajardini	7dcc2e7a71	doc/eve-format: break pgsql section to char limit	2 years ago
Jason Ish	c1a8dbcb72	doc/userguide: document dns.query.name, dns.answer.name With some other minor cleanups in the DNS keyword section.	2 years ago
Jason Ish	b11bb1c412	detect: rename DetectAppLayerInspectEngineRegister2 Rename DetectAppLayerInspectEngineRegister2 to DetectAppLayerInspectEngineRegister as there is no other variant of this function, and the versioning with lack of supporting documentation can lead to confusion.	2 years ago
Jason Ish	50be098839	detect: rename DetectAppLayerMpmRegister2 to DetectAppLayerMpmRegister The old DetectAppLayerMpmRegister has not been around since 4.1.x. Rename the v2 of this function to a versionless function as there is no documentation referring to what the 2 means.	2 years ago
Victor Julien	3456dea276	doc/userguide: update guidance on 5 to 6 upgrading TCP memory use can be higher than expected in certain configs. Ticket: #6552.	2 years ago
Shivani Bhardwaj	b9540df5ad	doc: clarify IP-only with iprep	2 years ago
jason taylor	fc81c99b58	doc: add file.name information to smtp keyword doc Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	9d1ad0187e	doc: add file.name information to nfs keyword doc Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	327ba7397a	doc: add file.name information to smb keyword doc Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	e4077b8803	doc: update ftp keyword doc example rule format Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	bb1f7575d3	doc: add file.name information to ftp keyword doc Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	bbc17b1c7d	doc: add file.name information to http keyword doc Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Shivani Bhardwaj	2b73a17bb0	detect: rename whitelist to score The term "whitelist" is actually used to store a list of DetectPort type items for tcp and udp in detect.h. Using the same term for also keeping the score that affects the grouping of rules is confusing. So, rename the variable to "score".	2 years ago
Jason Ish	cc0adaaf4a	userguide: remove old css files In our conf.py we reference some ReadTheDocs stylesheets that appear to be old and break formatting of some items like bulletted lists. Bug: #6589	2 years ago
Philippe Antoine	32cce122e1	detect: header_lowercase transform Ticket: 6290	2 years ago
jason taylor	c50002978d	doc: update file.data keyword documentation Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Juliana Fajardini	a649a92afd	userguide: update tls not_after/not_before mentions Our tls fields not_after and not_before are actually logged as `notafter` and `notbefore`, but were documented with the underscore. Update the documentation, since updating the log format itself would be a breaking change. Task #5494	2 years ago
Juliana Fajardini	58fb559594	userguide: document flow_id, with examples Flow_id explanation expanded from version shared by Peter Manev. Task #6445	2 years ago
Sascha Steinbiss	0c55fe3515	detect: add mqtt.connect.protocolstring Ticket: OISF#6396	2 years ago
Victor Julien	6b2c33990f	doc/userguide: add tag keyword page Ticket: #3015.	2 years ago
Victor Julien	4a02a14df1	doc/userguide: document host table yaml settings	2 years ago
Jeff Lucovsky	9ee55d2394	doc/transform: Document case-changing transforms. Issue: 6439	2 years ago
Ralph Eastwood	9865164e75	napatech: update docs to remove hba reference	2 years ago
Philippe Antoine	ab9b6e30b1	detect: adds flow integer keywords Ticket: #6164 flow.pkts_toclient flow.pkts_toserver flow.bytes_toclient flow.bytes_toserver	2 years ago
Kirjan Kohuladas	c8a7204b15	doc/rule-profiling: fix suricatasc typo	2 years ago
Juliana Fajardini	54d8f45afc	userguide: add proper label to RPM install section Use a reference label that is stable, instead of one that could change in case a new section is added above it.	2 years ago
Daniel Olatunji	0e5fdbb8fb	doc: be consistent with the use of "sudo" Issue: #5720	2 years ago
Comfort Amaechi	cf8b630ed2	userguide: cover install-full and install-conf Ticket: #6342	2 years ago
jason taylor	535938d7f6	doc: add tls.cert_chain_len docs Ticket: #6386 Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Juliana Fajardini	1a132f454a	docs: adjust readthedocs config to new options Our documentation was failing to build, seems connected to the new way of indicating build options (cf https://readthedocs.org/projects/suricata/builds/22112658/, https://docs.readthedocs.io/en/stable/config-file/v2.html#build, and https://docs.readthedocs.io/en/stable/config-file/v2.html#build-os). Added the build.os required new field, and adjusted the way python version is passed. For the new configuration style for read the docs, one of the ways to pass extra configuration for python is having a requirements file.	2 years ago
Juliana Fajardini	ffed5eb3d3	doc/quickstart: add software-properties instruction This is indicated in the `Installation` section, but not in the quickstart, and it felt like a valid addition, here, too.	2 years ago
Juliana Fajardini	4ab4f711de	doc/install: link to devguide's install from git Although we have an updated version of instructions for installation from git, our install guide was only referring to RedMine, which is less up-to-date. Kept that reference, since it might still be useful for non-Ubuntu cases.	2 years ago
Shivani Bhardwaj	0a4011655f	doc/code-submission: add commit sign guide	2 years ago
Travis Green	96a0e7016f	doc: add tcp flags documentation Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Jason Ish	2b57179d65	readthedocs: pin theme to sphinx_rtd_theme ReadTheDocs changed the default theme.	2 years ago
Jason Ish	ae3b1a9e36	configure: more idiomatic autoconf for sphinx-build checks - Use SPHINX_BUILD instead of HAVE_SPHINX_BUILD, as here we're actually using the path of the program. - Wrap some elements in [] as is done in modern idiomatic autoconf	2 years ago
Victor Julien	c0201d3212	doc/userguide: add reload-tenant(s) doc	2 years ago
Victor Julien	6ba0956a75	multi-tenant: allow reload w/o yaml path Store yaml path in de ctx, for reloads w/o path. This allows for a simpler `reload-tenant N`, where the previously used yaml is reloaded.	2 years ago
Victor Julien	c87803ea0e	detect: add multi-detect.config-path Add option to specify path from which to load the tenants. Mostly meant to be used in testing.	2 years ago
jason taylor	be324d7856	doc: update file.magic information Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	008cc78a03	doc: update fileext keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	e99b1787a2	doc: update file.name keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Alexandre Iooss	c80941dd8d	doc/userguide: improve SCStreamingBuffer example Add direction indication in SCStreamingBuffer usage example. This adds documentation for the changes introduced by commit `5b1d8c7e94`.	2 years ago
Juliana Fajardini	5cef8fdfdf	userguide/ppa: fix typo The launchpad repo for suricata-beta read 'oisd' instead of 'oisf'	2 years ago
Juliana Fajardini	4fd3205bf0	userguide/install: add info on ubuntu ppa installs Bringing info that was only in our Redmine wiki to our documentation. Task #6231	2 years ago
Juliana Fajardini	765b05f139	docs: miscellanea updates - Fix a DPDK reference link, add some line breaks. - Exemplify what a good commit message looks like, for Suricata's commit style.	2 years ago
Jason Ish	3e2a62915b	doc/userguide: display version on front page When viewing the docs online at Readthedocs, or similar it might be immediately apparent what version of the documentation is being displayed. Display the version on the first line before the table of contents to make it clear.	2 years ago
Andreas Herz	26130d903f	doc: add note about cpu prio overwrite behavior	2 years ago
Andreas Herz	da68692547	doc: dataset - add type to be mandatory	2 years ago
Juliana Fajardini	f16d428fd1	userguide/upgrade: link to exception policy FAQ With the release of 7, people are starting to have issues with traffic being blocked. While we don't add a more expansive documentation for this, add a link to the FAQ covering possible fixes for drops caused by the fail closed default behavior of the exception policies.	2 years ago
Juliana Fajardini	24745b3a73	doc/userguide: update ref to installation from git It was still pointing to the redmine wiki and the documentation to be truthful to the new documentation.	2 years ago
Jason Ish	500a7abf57	doc/support-status: add support status page Convert the wiki page, https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Support_Status into a page that is versioned along with the user guide. Includes many updates to reflect our current support status.	2 years ago
Jason Ish	ad94ebddb7	doc/userguide: avoid horizontal scroll on rtd Add CSS to avoid horizontal scroll in tables on ReadTheDocs. This will wrap the text instead. Also, vertically align to top so if a cell does wrap, other cells that do not wrap don't place the text in the middle of the cell.	2 years ago
Juliana Fajardini	9900bdc162	userguide/eve: format and reorganize alert section The `field action` portion seemed to be comprised of a more generic section that followed it. Also formatted the section for lines to be within the character limit.	2 years ago
Juliana Fajardini	0437173848	output/drop: add verdict field Related to Bug #5464	2 years ago
Andreas Herz	24bcaf07ae	doc/upgrade: add more 6 to 7 changes and minor improvements Issue: #5473	2 years ago
jason taylor	62170d2fb9	doc: hyperscan information updated Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	c95fce39f0	doc: add multi buffer support note to keyword docs Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
jason taylor	88960e909d	doc: add multiple buffer matching documentation Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Jason Ish	0b5dc58e15	doc/userguide: more eve http upgrade notes Add more information with a examples of how the changes to EVE HTTP logging may affect users.	2 years ago
jason taylor	19a0b2b0d2	userguide: add details about tcp flow pass Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Jeff Lucovsky	47e268d609	detect/byte_math: Document bytes variable name Issue: 6145 Document that byte_math accepts a variable name for bytes (optional)	2 years ago
Jeff Lucovsky	3a4554fc2b	detect/byte-jump: Document var usage for nbytes Issue: 6105	2 years ago
Jeff Lucovsky	73b943276e	doc/byte_test: Document byte_test variable usage Issue: 6144 This commit updates the byte_test documentation now that a variable name can be used for the nbytes value.	2 years ago
Lukas Sismis	5a3ecbde62	doc: update install instructions Ticket: #5987	2 years ago
Shivani Bhardwaj	b6f8f5eb3b	doc/http: use "sticky buffer" where applicable	2 years ago
Jeff Lucovsky	ac8f91f44f	config: Document cluster_rollover deprecation Issue: 6128 cluster_rollover is no longer permitted; using it will generate a warning message and it'll be replaced with cluster_flow	2 years ago
Jeff Lucovsky	29621c7f0d	doc/afpacket: Document rollover deprecation	2 years ago
Juliana Fajardini	e306bc6ecc	exception: fix use of master switch with default If an exception policy wasn't set up individually, use the GetDefault function to pick one. This will check for the master switch option and handle 'auto' cases. Instead of deciding what the auto value should be when we are parsing the master switch, leave that for when some of the other policies is to be set via the master switch, when since this can change for specific exception policies - like for midstream, for instance. Update exceptions policies documentation to clarify that the default configuration in IPS when midstream is enabled is `ignore`, not `drop-flow`. Bug #6169	2 years ago
Shivani Bhardwaj	18947c01e0	suricatasc: update running instructions	2 years ago
Jeff Lucovsky	d822ba58e1	doc/multi-tenant: Clarify live traffic support Issue: 5930 This commit clarifies the live traffic support for multi-tenancy.	2 years ago
Shivani Bhardwaj	aeb408dd9d	doc: fix typo encryption-handling	2 years ago
Jason Ish	90bb73046c	userguide/security: grammar fixes Apply grammer fixes brought up in GitHub review comments by Juliana.	2 years ago
liaozhiyuan	a748164d58	dpdk: support multiple same EAL arguments DPDK apps can specify multiple arguments of the same type. YAML format only allows unique keys within a single node. This commit adds support for multiple EAL arguments of the same type to be used within suricata.yaml. Ticket: #5964	2 years ago
Jason Ish	5f598931ac	doc/userguide: start on a security chapter This is the start of a security consideration chapter, starting with directions on how to run Suricata as a non-root user.	2 years ago
Jason Ish	14daa42e0b	doc/userguide: dataset upgrade notes	2 years ago
Jason Ish	4a97461f9a	doc/userguide: notes about Lua rules being disabled by default	2 years ago
Juliana Fajardini	c0db25d055	userguide: update exception policy behaviors table Some exception policies can only be applied to the triggering packet or only make sense considering the whole flow. Highlight such cases in the table showing each exception policy. Related to Bug #5825	2 years ago
Juliana Fajardini	0c2922f02e	doc: add midstream scenarios for exception policy The different interactions between midstream pick-up sessions and the exception policy can be quite difficult to visualize. Add a section for that in the userguide. Related to Bug #5825	2 years ago
Philippe Antoine	415b036dca	http1: implement http.request_header So that it is generic for HTTP1 and HTTP2 Ticket: #5780	2 years ago
Philippe Antoine	7256ec8a6e	detect/http2: do not escape ':' in header name or value for keywords http.request_header and http.response_header Ticket: #5780	2 years ago
Philippe Antoine	656554f293	http2: rename http2.header to http.request_header Or http.response_header based on the direction http2.header had a different behavior than http.header and this was confusing. Ticket: #5780	2 years ago
Philippe Antoine	e30f4943ae	doc: GitHub PRs workflow	2 years ago
Jeremy MountainJohnson	435d74d744	userguide/install: add info on arch-based installs Add Arch AUR information for installation on Arch-based distros.	2 years ago
Philippe Antoine	5c419b79b7	doc: upgrade guide for logging http custom headers Ticket: #5320	2 years ago
Juliana Fajardini	f83c67bbb5	doc: add missing rule to engine-analysis section The first report didn't have an example rule to go with.	2 years ago
Lukas Sismis	11c3aa868d	doc: add DPDK Bond PMD docs Ticket: #6099	2 years ago
Philippe Antoine	9287cbc33a	http: logs custom headers in a subobject This subobject is request_headers or response_headers This especially avoids json keys collisions. Ticket: #5320 Also fixes typo referrer/referer	2 years ago
Jason Ish	5af73b3879	doc/userguide: document include files Document how to use include files, plus add a deprecation notice on the use of multiple "include" statements.	2 years ago
Jason Ish	a71dee5516	doc/userguide: merge logging changes in 7.0 upgrade notes Two "Logging changes" sections existed, merge.	2 years ago
Jason Ish	f8620d0ed2	docs: update url to docs.suricata.io	2 years ago
Victor Julien	3de687f30c	profiling/rules: doc updates	2 years ago
Eric Leblond	694bff11ac	doc: add rule profiling information	2 years ago
Jason Ish	b0c329da04	doc/userguide: provide more RPM doc - Address the various RPM distributions - User info - Systemd info Related issue: #5884	2 years ago
Eloy Pérez González	b3c7130749	krb5: update krb5_msg_type keyword docs	2 years ago
Lukas Sismis	1c3cb1e8cc	docs: refactor DPDK docs and add performance tuning section Ticket: #5857 Ticket: #5858	2 years ago
Lukas Sismis	03319263db	docs: wrap DPDK doc section at 80 chars	2 years ago
Lukas Sismis	d0bf3ba638	dpdk: add configure option Ticket: #5859	2 years ago
Victor Julien	0903536fd6	doc: spelling Thanks to Josh Soref.	2 years ago
Philippe Antoine	9bd2b72e2b	doc: explain where tls.store stores certificates By adding a reference/link to the doc about the suricata.yaml config section pecifying the directory where the certificates are stored	2 years ago
Victor Julien	c0d9b3c078	doc/userguide: spelling	2 years ago
Victor Julien	4dbdaf8a8e	doc/install: point to userguide	2 years ago
Victor Julien	19cabc9a02	doc: remove legacy windows install guide	2 years ago
Victor Julien	01f43604b9	doc: remove legacy pfring install guide	2 years ago
Wes Hurd	aee41957e1	doc: add docutils.conf to disable smart quotes	2 years ago
Andreas Herz	3045e75ee1	doc: add note on the hashsize recommendation for datasets	2 years ago
Victor Julien	a006aef4d0	doc: fix description of iptables rules	2 years ago
Bazzan Don	38b3fffbc7	doc/optimization: move "convert.py" to Python3 Ticket: #5596	2 years ago
Morris Chan	b9aac6dd18	yaml: grammar fixup	2 years ago
Juliana Fajardini	ae2a477978	devguide: clarify clang formatting changes policy It was pointed out by a contributor that our workflow mentioned rewrite-branch as the preferred way, while in fact our policy is to add said changes to a different commit. Updating documentation to prevent other situations like that.	2 years ago
Rafael Girão	6ec3bc189a	docs: remove obsolete af-packet warning	2 years ago
John Dewey	365bec3da6	netmap: Correct LB + Netmap YAML usage Corrected the example YAML configuration when using Netmap and LB.	2 years ago
Jeff Lucovsky	0ad6d4358f	add to doc/pfring: Document additional cluster types	2 years ago
Jeff Lucovsky	b1918168f9	doc/pfring: Document additional cluster types This commit adds brief discussion for additional cluster types for use with the pf-ring packet source. Newly added: - cluster_inner_flow - cluster_inner_flow_2_tuple - cluster_inner_flow_4_tuple - cluster_inner_flow_5_tuple Issue: 5975	2 years ago
Philippe Antoine	59734d16a1	detect: use http.connection to client Ticket: #5746	2 years ago
Philippe Antoine	6bc7f02e13	doc: rules can have http1 as protocol Ticket: #5962	2 years ago
Jeff Lucovsky	fd46c93a8f	doc/byte_math: Add divide by 0 discussion. Issue: 5945	2 years ago
Juliana Fajardini	d314b57e6b	userguide/muti-tenant: fix typo	2 years ago
jason taylor	5abcd50142	doc: add tenant id value requirement Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Juliana Fajardini	31066c7c3b	docs: clarify exception policy's supported values As flow.memcap-policy and defrag.memcap-policy do not support flow actions, clarify that in the documentation. Also fix some typos, and add missing values in some places where the exception policies were explained. Related to Bug #5940	2 years ago
Jeff Lucovsky	35bbdf4124	doc/content: Add limits for distance/within Ticket: 5740	2 years ago
Philippe Antoine	8f9cd8ff1a	doc: security.limit-noproc upgrade note Ticket: #5621	2 years ago
Shivani Bhardwaj	0f3e7761da	doc: add dataset examples	2 years ago
Lancer Cheng	6142593a69	doc: add version filed in NTLMSSP documentation Bug OISF#5783	2 years ago
Haleema Khan	609df1776e	userguide: update tls keywords information Ticket #5544	3 years ago
jason taylor	8e5b1fe8e6	userguide: add DHCP EVE log information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Victor Julien	f4fa51986e	doc: warn IPS users on new exception policy default	3 years ago
Philippe Antoine	e3105a6614	ftp: adds a config option ftp-hash for autofp-scheduler This allows ftp-data and ftp flows to be processed by the same thread. Otherwise, there may be a concurrency issue where the would-be ftp-data flow is first processed, and thus not recognized as such. And the ftp flow gets processed later and the expectation coming from it is never found. To do so, the flow hash gets used as usual, except for flows that may be either ftp or ftp-data, that is either one port is 21, or both ports are high ones. Ticket: #5205	3 years ago
Jason Ish	1b844cd7f7	doc/userguide: document --include command line option	3 years ago
Philippe Antoine	b52293b609	dcerpc: config limit maximum number of live transactions As is done for other protocols Ticket: #5779	3 years ago
Juliana Fajardini	918bd7435c	userguide/config: update log format symbols list There were some possible format options missing after the recent changes in the log format.	3 years ago
Juliana Fajardini	0d9289014b	exceptions: add master switch config option This allows all traffic Exception Policies to be set from one configuration point. All exception policy options are available in IPS mode. Bypass, pass and auto (disabled) are also available in iDS mode Exception Policies set up individually will overwrite this setup for the given traffic exception. Task #5219	3 years ago
jason taylor	0632233791	userguide: update http.cookie description Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Philippe Antoine	55c4834e4e	smb: configurable max number of transactions per flow Ticket: #5753	3 years ago
Jason Ish	48f0fd3c74	doc/userguide: update logging section for time formats - Update fragment of configuration file to match suricata.yaml with new default-log-format. - Document new %z format specifier.	3 years ago
Juliana Fajardini	4c7ca2c367	devguide/install: add note about ubuntu version We want to make it clear with which system the instructions for installing from were tested with.	3 years ago
Juliana Fajardini	377885f420	exception-policies: fix typos	3 years ago
Bazzan Don	6e4a5cee7a	devguide: add page on installing suricata from git As part of the process of moving documentation from redmine to "Read the Docs", this commit moves installing Suricata using git page from redmine wiki into Suricata Developer Guide section. It also updates the necessary steps. Ticket: #5585	3 years ago
Jason Ish	0a4e3d0f82	doc/userguide: ubuntu: install software-properties-common This package likely needs to be installed when starting with an Ubuntu container or other minimal Ubuntu install. Ticket: #5616	3 years ago
Richard McConnell	b39a4c63fe	doc: document AF_XDP feature	3 years ago
Todd Mortimer	15c77be937	swf-decompression: Disable by default. Add an entry to the upgrade guide noting the change. Ticket: #5632	3 years ago
Jeff Lucovsky	197ad51138	doc: Update bsize documentation This commit updates the bsize documentation 1. Describe what happens when "content" immediately precedes "bsize" 2. Include the operators and 3. Include examples using the operators.	3 years ago
jason taylor	9dc8fffe05	userguide: update tos keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	1d9b91a987	userguide: update fragoffset keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	7c73144988	userguide: update fragbits information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	4be9793e36	userguide: update geoip information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	e8eba6e4a1	userguide: update id keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	cfd0da133e	userguide: update ipv6.hdr keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	150a04b597	userguide: update ipv4.hdr keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	298f59c2ba	userguide: update ip_proto keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	6226492976	userguide: update sameip keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	f97ba44339	userguide: update ipopts keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	9b4e6e5802	userguide: update ttl keyword information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Philippe Antoine	ce710181f6	doc: update doc for HTTP file.data to server Ticket: #4144 Completes `e587f6792a`	3 years ago
Jeff Lucovsky	5a6e68285b	doc/netmap: Describe Netmap IPS usage Issue: 5512 This commit summarizes Netmap usage with Suricata's IPS mode.	3 years ago
Jason Ish	9d653512f9	doc/userguide: update bittorrent-dht eve examples Update the bittorrent-dht examples using real log records with peers and nodes broken down into objects.	3 years ago
Jason Ish	065f3ab9f1	doc: rename bittorrent-dht to bittorrent_dht in eve output	3 years ago
Jason Ish	0ea9ba66d1	userguide/eve-log: remove mentions of requiring Rust Rust is required to build now.	3 years ago
Aaron Bungay	d166c48d28	docs: update for bittorrent-dht app-layer	3 years ago
Philippe Antoine	a003640ecf	security: prevents process creation with setrlimit NPROC. So that, if Suricata wants to execve or such to create a new process the OS will forbid it so that RCE exploits are more painful to write. Ticket: #5373	3 years ago
Richard McConnell	7f4c1d5e2f	doc/systemd: add documentation for sd_notify	3 years ago
Eric Leblond	9fb0137d9d	doc: add reference to ipaddr in IP matching	3 years ago
Eric Leblond	3bd48d9336	detect: doc link for ip.src and ip.dst	3 years ago
Eric Leblond	da8b16eaeb	doc: add ip.dst and ip.src doc	3 years ago
Eric Leblond	3599cbf1c4	doc: document new dataset types Feature: #5383	3 years ago
Eric Leblond	a1a22cccd2	doc: document dataset-lookup Ticket: #5184	3 years ago
Eric Leblond	20973e9e6b	doc: add dataset-clear command Ticket: #5184	3 years ago
Eric Leblond	c5559cb68f	doc: document dataset-dump command Ticket: #5184	3 years ago
Victor Julien	2f6c014f70	doc/devguide: update packet (de)alloc in unittests	3 years ago
Lukas Sismis	37cf365e19	docs: remove outdated constraint of negation support for ssl_state Commit `487cdda93d` adds negation support for the SSL state.	3 years ago
Juliana Fajardini	e4b46e0763	doc/acknowledgements: add a few more names Added some names of known contributors to the documentation	3 years ago
Juliana Fajardini	3c25185e0b	devguide: add section about stale tickets policy Just to set the right expectations, and to have it registered for us, too.	3 years ago
Shivani Bhardwaj	2a0cb1f3da	doc: update base64_decode notes	3 years ago
Lukas Sismis	e101384e7b	transversal: remove suricata-ids.org references	3 years ago
Lukas Sismis	a4a69c3e71	doc/dpdk: add IPS setup docs for DPDK mode Ticket: #5511	3 years ago
Eric Leblond	f46f895e8d	rust/smb: import NT status code for Microsoft doc This patch updates the NT status code definition to use the status definition used on Microsoft documentation website. A first python script is building JSON object with code definition. ``` import json from bs4 import BeautifulSoup import requests ntstatus = requests.get('https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55') ntstatus_parsed = BeautifulSoup(ntstatus.text, 'html.parser') ntstatus_parsed = ntstatus_parsed.find('tbody') ntstatus_dict = {} for item in ntstatus_parsed.find_all('tr'): cell = item.find_all('td') if len(cell) == 0: continue code = cell[0].find_all('p') description_ps = cell[1].find_all('p') description_list = [] if len(description_ps): for desc in description_ps: if not desc.string is None: description_list.append(desc.string.replace('\n ', '')) else: description_list = ['Description not available'] if not code[0].string.lower() in ntstatus_dict: ntstatus_dict[code[0].string.lower()] = {"text": code[1].string, "desc": ' '.join(description_list)} print(json.dumps(ntstatus_dict)) ``` The second one is generating the code that is ready to be inserted into the source file: ``` import json ntstatus_file = open('ntstatus.json', 'r') ntstatus = json.loads(ntstatus_file.read()) declaration_format = 'pub const SMB_NT%s:%su32 = %s;\n' resolution_format = ' SMB_NT%s%s=> "%s",\n' declaration = "" resolution = "" text_max = len(max([ntstatus[x]['text'] for x in ntstatus.keys()], key=len)) for code in ntstatus.keys(): text = ntstatus[code]['text'] text_spaces = ' ' * (4 + text_max - len(text)) declaration += declaration_format % (text, text_spaces, code) resolution += resolution_format % (text, text_spaces, text) print(declaration) print('\n') print(''' pub fn smb_ntstatus_string(c: u32) -> String { match c { ''') print(resolution) print(''' _ => { return (c).to_string(); }, }.to_string() } ''') ``` Bug #5412.	3 years ago
jason taylor	db5cf1f8f9	userguide: Add rule file globbing option details Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Juliana Fajardini	7b0008d4f0	userguide: add section about exception policies This describes briefly what the exception policies are, what is the engine's behavior, what options are available and to which parts are they implemented. Task #5475 Task #5515	3 years ago
Juliana Fajardini	6f294f2f2d	userguide: minor rewording and typo fixes Some of these were recently introduced, some were highlited after the applayer sections got merged. Some paragraphs seem to have been changed due to trying to respect character limits for lines. Also includes a typo pointed out by one of our community members via Discord.	3 years ago
Jeff Lucovsky	33c424f9ed	doc/byte_math: Add byte_math differences with snort Issue: 5077	3 years ago
Jeff Lucovsky	192a31c74e	doc: Fixup byte* entries to display tables properly	3 years ago
Philippe Antoine	390cf9248f	detect: adds flow.age keyword Ticket: #5536	3 years ago
Philippe Antoine	af40873127	pgsql: config limit maximum number of live transactions As is done for other protocols Ticket: #5527	3 years ago
Eric Leblond	1b24f4d357	doc: document landlock feature	3 years ago
Philippe Antoine	fe91506320	doc/http2: suricata.yaml max-streams parameter Ticket: #4949	3 years ago
Juliana Fajardini	bbd968c738	exceptions: add reject support to exception policy This enables the usage of 'reject' as an exception policy. As for both IPS and IDS modes the intended result of sending a reject packet is to reject the related flow, this will effectively mean setting the reject action to the packet that triggered the exception condition, and then dropping the associated flow. Task #5503	3 years ago
Philippe Antoine	5ef259722b	dhcp: adds renewal-time keyword Ticket: #5507	3 years ago
Philippe Antoine	6faf6299e0	dhcp: adds rebinding-time keyword Ticket: #5506	3 years ago
Juliana Fajardini	ef54f36e34	userguide: briefly introduce exception policy opts Added them in the configuration section so folks can be more aware of them, while a more complete documentation isn't around. Related to Task #5475	3 years ago
Juliana Fajardini	3c74e443bd	userguide: update defrag settings options We were still mentioning that there were only three options.	3 years ago
Juliana Fajardini	0cc040cf61	userguide: merge sections about AppLayer Parsers We had two sections under the suricata.yaml configuration section describing settings for application layer parsers. This merges them into one and also fixes a few subsection title levels. Task #5364	3 years ago
Shivani Bhardwaj	a77977ec62	doc: add description for tls.random	3 years ago
jason taylor	c29942c029	userguide: update dsize documentation/examples Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Philippe Antoine	461725a9bf	dhcp: adds leasetime keyword As it is logged Ticket: #5435	3 years ago
Shivani Bhardwaj	2c4d6b33ae	doc/conf: fix sphinx language setting sphinx-build 5.1.1 and above throws a warning which is treated as an error while building. Invalid configuration value found: 'language = None'. Update your configuration to a valid language code. Falling back to 'en' (English).	3 years ago
Benjamin Wilkins	3b1b9a32fb	doc: Document SCByteVarGet lua function Add documentation for accessing results from byte_extract and byte_math in lua match functions Issue: 2871	3 years ago
Philippe Antoine	5c7b5c5fb5	krb: detection for ticket encryption As is done for logging. Ticket: #5442	3 years ago
Jufajardini Reichow	61f9f0df55	userguide/rules/meta: minor formatting adjustments	3 years ago
Jufajardini Reichow	45f14bb97c	userguide/rules: explain sid uniqueness within gid While Suri will throw an error if two signatures have the same `sid` and no `gid`, or same `sid` and same `gid`, it will just accept same `sid` for different `gid`s. Related to Task #5441	3 years ago
jason taylor	87990b138c	doc: update priority wording userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	a7d739a05b	doc: update to 80 char formatting userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	9bd55ff81b	doc: metadata information update userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	563dc66837	doc: update priority information userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	f73a60eb89	doc: update reference section in userguide meta Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	e611ef5ccb	doc: update userguide meta classtype information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	39bc56ec97	doc: update rev and gid userguide meta wording Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	b9cb66c58f	doc: add clarity around userguide meta information Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	790ef9a53f	doc: add sid reserved range reference Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	38a179d89d	doc: add clarity to rule msg tips Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	299a931e49	doc: update example rule list Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	98c29da6ec	doc: add clarity to role wording Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	c0bdb6cc10	doc: meta keyword doc example rule update Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	ca9e9009ba	doc: add bsize keyword examples Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Jufajardini Reichow	f9c9091bb5	userguide: fix typo in inline mode illustration The image describing Suricata's sliding window had two of the "packets" with the same text. Now they actually give the sense of a sliding window. This was found by Zhiyuan-liao.	3 years ago
jason taylor	34e0a384ad	doc: update to include additional rule references Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	4405704372	doc: update intro direction content Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	3eeacf8a3d	doc: fixed HOME_NET/EXTERNAL example formatting Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	f2c7998903	doc: add clarity around HOME_NET/EXTERNAL_NET Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	76cca8b08a	doc: minor example rule description update Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	4f61a35fe7	doc: minor wording restructure Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	845ba154a6	doc: add tcp-pkt/tcp-stream to intro Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	56f49bfe8e	doc: minor punctuation update Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	ab300ab0ae	doc: intro example rule update to simpler example Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	2f240230f0	doc: minor intro wording update Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Philippe Antoine	c7214be99b	snmp: adds usm keyword as is logged Ticker: #5416	3 years ago
Juliana Fajardini	45b7aad2b5	devguide: incorporate contribution process page That page existed only in our redmine. Updated and added a few things, like a paragraph about our expectations for feature contributors. Also updated links, contacts and some other processes that may have changed since last edition. Added some section labels in related documents, for ease of referencing. Task #4929	3 years ago
Andreas Dolp	db73a12540	doc/tls: Add documentation for TLS logging	3 years ago
Andreas Dolp	f42bb45ccd	doc/tls: Remove redundant example	3 years ago
Andreas Dolp	324f5ec10c	doc: Add missing ")" in example	3 years ago
Andreas Dolp	e4163c4e02	doc: Fix typos	3 years ago
Andreas Dolp	49bd6cfa5d	doc: Fix broken link	3 years ago
Eric Leblond	6f06f7c22c	doc: add info about capture_file key	3 years ago
Eric Leblond	0c7e4c13a1	doc: add conditional pcap logging info	3 years ago
jason taylor	d799956348	doc: add note about file.data and file_data Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	83f2056d20	doc: update file_data to file.data keyword Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	cd54d0dbc8	doc: remove extra newline in order to match style Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
jason taylor	38bd775ca0	doc: remove extraneous + characters Signed-off-by: jason taylor <jtfas90@gmail.com>	3 years ago
Jason Ish	6ceeb08351	doc/userguide: updates for eve dns v1 removal Ticket: #4157	3 years ago
Juliana Fajardini	1956dc3d5d	userguide: explain alert queue behavior and stats Added sections along packet-alert-max config section explaining packet alert queue overflow (when Suri reaches packet alert max), when alerts are discarded etc. Since from the user perspective it shouldn't matter how we process the alert queue, the term "replace" is used, even though there's not exactly a replacing action happening, with the queue bein pre-processed before being appended to the Packet. Also described the associated stats and added an explanation on when to change packet-alert-max. Task #5178	3 years ago
Juliana Fajardini	49542d0f1b	doc/userguide: explain packet-alert-max config Task #4207	3 years ago
Jason Ish	7d6bc60abb	doc/userguide: document ftp max-line-length	3 years ago
Victor Julien	976748b777	doc/smb: add resource limits section	3 years ago
William Harding	f0528afc2d	doc/userguide: sphinx syntax correction	3 years ago
Juliana Fajardini	55843aee8e	devguide: update readme Use it to explain how to go about the sequence diagram images (generation, updating, what is mscgen etc). Also remove portion that referred to Sphinx builds, as these don't make sense now.	3 years ago
Juliana Fajardini	e0c8dba7ac	userguide: dynamically determine copyright date This uses the date of doc generation to determine the copyright date for the trailing date. Based on Jeff Lucovsky solution.	3 years ago
Juliana Fajardini	67af1504b3	devguide: drop use of mscgen script in builds/make Currently, it seems easier to upload the diagram images to git than to try to make the image generation script work with out of the tree builds and other corner cases. This means, however, that one must activelly remember to update msc diagram files, run the script and re-add new png files, if those ever need to be updated. To raise awareness to that, a watermark was added to the diagram images. Also removed configuration steps that added mscgen as dependency (locally and for workflow builds and readthedocs).	3 years ago
Juliana Fajardini	5d63613c4b	devguide: add watermark to sequence diagrams Make it more evident that the sequence diagrams in the transactions page are generated with Mscgen	3 years ago
Juliana Fajardini	6f77c722a2	devguide: move into userguide as last chapter Moved devguide dir into userguide dir. Since the devguide is now incorporated as the last chapter of the userguide, removed build and configuration files from the devguide dir, as these are no longer needed. Task #4909	3 years ago
Juliana Fajardini	69c6657127	devguide: clarify cargo test usage for modules The documentation was showing an invalid path for running single tests.	3 years ago
Philippe Antoine	cfcade58ad	http: move xff logging to alert object Ticket: 4860 instead of root field	3 years ago
Andreas Dolp	d4144c04cd	Doc: Fix typo in documentation of suricata.yaml.	3 years ago
Shivani Bhardwaj	015c9fe1e3	doc: add usage of flowbits OR op Ticket 5130	3 years ago
Juliana Fajardini	6c616d84b1	devguide: clarify style guide for getframe funcs As the GetFrameIdByName can be probed, we must warn developers not to leave any output in them, or misleading messages could be printed. Task #5129	3 years ago
Jeff Lucovsky	117e11b0ae	doc: Describe per-thread stack size config setting Issue: 4550 This commit documents the new per-thread stack-size setting. Some systems have a small default value that is not suitable for Suricata's multi-threaded architecture and adjustment may be required.	3 years ago
Victor Julien	e04fcfcf2f	doc/userguide: minor rewording and reformatting for runmodes	4 years ago
Juliana Fajardini	28b5f4a555	devguide: add page about app-layer frame support This explains the frame support from the perspective of a developer, with introductory explanation on how to add frame support to an applayer proto. Doc #4697	4 years ago
Philippe Antoine	8adf172ab8	nfs: limits the number of active transactions per flow Ticket: 4530	4 years ago
Jason Ish	b9a429e6ce	devguide: move image generation into sphinx setup While ReadTheDocs can't execute arbitrary scripts, we can install mscgen in the container that builds the docs (see .readthedocs.yaml). Then instead of calling generate-images.sh from the Makefile, move this into the setup function defined on conf.yaml, which will generate the scripts as part of a normal Sphinx workflow. This should give us an image generation solution that works on ReadTheDocs, and locally within anyones build system provided they have mscgen installed.	4 years ago
Philippe Antoine	11d3af551b	doc: suricata.yaml fields about maximum transactions For HTTP2, MQTT and FTP.	4 years ago
Juliana Fajardini	579d7dcc01	pgsql: add initial support - add nom parsers for decoding most messages from StartupPhase and SimpleQuery subprotocols - add unittests - tests/fuzz: add pgsql to confyaml Feature: #4241	4 years ago
Victor Julien	cf4ddab6f4	doc/quic: update for new quic.version logic	4 years ago
Emmanuel Thompson	6641efb74f	doc/quic: Add documentation for QUIC keywords	4 years ago
Emmanuel Thompson	9ad60e7661	doc/quic: Add quic to eve json format	4 years ago
Andreas Dolp	f714484591	Doc: Fix typos in documentation of suricata.yaml.	4 years ago
Philippe Antoine	0cfdec1266	detect: xor transform Ticket: 3285 The xor transform applies xor decoding to a buffer, with a key specified as an option in hexadecimal. Arbitrary key sizes are accepted.	4 years ago
Jason Ish	cda11b8d97	doc/update: mention change of default rule path	4 years ago
Jason Ish	8071d8239e	doc: update rule section to current default Update the rule section to better describe whats seen in a default install of Suricata including a link to the rule management section.	4 years ago
Jeff Lucovsky	93842aa14a	doc/yaml: Signal-termination option description	4 years ago
Juliana Fajardini	6ae80b2819	doc: replace ohloh with openhub link	4 years ago
Juliana Fajardini	de0ce26e3f	userguide: update references to Suricata website Many places were still referencing the old Suricata page. Used git grep with replace to update them. Checked that new links work. Left old references when they were only documentation examples (for output or unittests). Task#4915	4 years ago
Juliana Fajardini	7b20488d4e	userguide: fix low-hanging typos Config page	4 years ago
Odin Jenseg	2a5d79e426	doc/eve-json-format/dns: Describing Z-bit	4 years ago
Lukas Sismis	dab3274263	dpdk: add documentation for the DPDK runmode Briefly present the DPDK runmode through configuration file.	4 years ago
Lukas Sismis	e4b5239202	doc: fix typo in "Stream engine" documentation	4 years ago
Philippe Antoine	27dd0c6b3d	eve/ftp-data: log alert metadata in ftp-data object Ticket: 4860 instead of directly in root	4 years ago
Juliana Fajardini	7c636d25c7	userguide: (nit) fix typo in lua-output page	4 years ago
Juliana Fajardini	4256c1ccd5	userguide: rename pg Lua Scripting->Lua Detection Since we can have scripts for output _or_ detection, it seems more clear to rename this page to add more meaning	4 years ago
Juliana Fajardini	59e5a21fca	userguide: update buffers list for lua-scripting	4 years ago
Juliana Fajardini	e7f1736f3a	userguide/lua: add explanation about `need` diffs The differences on how the `need` key works, depending on script usage (output or detection) confuses users, sometimes (cf doc#4725). While we don't fix that, just explain this behavior.	4 years ago
Andreas Dolp	b25350ee13	doc: Fix typo in documentation of rule keyword flow	4 years ago
Juliana Fajardini	c6e97222b7	devguide: add page about rust unittests Part of the task to offer better guidance on how and when to write unit tests or suricata-verify tests Also updated linking and index files, as well as testing page to refer to the unit tests pages Doc: #4590	4 years ago
Juliana Fajardini	747d225c84	devguide: repurpose unittests page to unittests-c Part of ongoing task to add more guidance on how to create unittests and suricata-verify tests for suri. There will also be a unittests-rust page. Doc: #4590	4 years ago
Juliana Fajardini	5b4c575f3b	devguide: add page about testing This page offers guidance about when to use unittests or s-v tests, and how to create input for those. Also lists other common ways to test Suri, such as fuzzing and the CI checks. Doc: #4590	4 years ago
Juliana Fajardini	fc958e9e89	userguide: update wiresharkwiki in public datasets	4 years ago
Juliana Fajardini	dbeb8bfa1f	doc/devguide: add few more explanations & details	4 years ago
Juliana Fajardini	2cd25e8105	devguide/app-layer: rename /img dir to /diagrams Semantically speaking it makes more sense, because it stores `msc` files for dynamic image generation. Updated files that refered to `img` accordingly, too.	4 years ago
Juliana Fajardini	f65b3908ed	devguide/transactions: add TSL_STATE enum snippet	4 years ago
Juliana Fajardini	d6c5dfacc7	devguide/transactions: update & refine diagrams - DNS sequence diagram was incorrect (transactions should be unidirectional). After changing it, it made sense to rename the file. Adjusted spacing, too. Updated transactions.rst accordingly. - TLS sequence diagram was refined to illustrate how Suricata actually implements the protocol.	4 years ago
Juliana Fajardini	84311ab151	devguide/transactions: fix wordings	4 years ago
Juliana Fajardini	2f3cee2429	devguide/code-style: fix typo in banned functions	4 years ago
Juliana Fajardini	a5b344e015	doc/devguide: add Transactions documentation page A guide on what is a transaction for Suricata engine, focusing on developers. - What's the purpose of a transaction; - transaction states and API callbacks; - Examples and sequence diagrams. - doc/devguide: add transactions.rst - doc/devguide/extending/app-layer/index.rst: add transactions.rst	4 years ago
Philippe Antoine	bce3c46874	pcre2: remove PCRE1 as dependency	4 years ago
Philippe Antoine	fae7389ae2	pcre2: document the behavioral changes	4 years ago
Juliana Fajardini	751906b71d	doc/lua-functions: add sha items to SCFileInfo doc	4 years ago
Jason Ish	2cff811609	doc: remove prelude and document as removed	4 years ago
Jason Ish	3e9d1e813a	doc/upgrade: move ike logging changes to 7.0 changes Was mistakenly put in 6.0 changes.	4 years ago

... 5 6 7 8 9 ...

1236 Commits (suricata-8.0.0-rc1)