aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,716 Commits
8 Branches
159 Tags
195 MiB
master
dependabot/github_actions/github/codeql-action-3.29.2
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

1134 Commits (master)

Author SHA1 Message Date
Victor Julien 278dc24cd0 doc/userguide: document smb cache size limit options 
Ticket: #5672.
 8 months ago
Sascha Steinbiss 285cc29ec0 redis: add automatic trimming support for streams 8 months ago
Sascha Steinbiss d3d9f1c395 redis: implement XADD stream support 
Ticket: #7082
 8 months ago
Juliana Fajardini 1860aa81e6 userguide: fix integer keyword matches list format 
List wasn't being properly rendered.
 8 months ago
Jason Ish cc519beb91 suricata.yaml: add missing custom tls fields 
Also update the suricata.yaml in the userguide.
 8 months ago
Juliana Fajardini 55b922ceed tls/conf: clarify usage of custom vs extended logs 
Since enabling custom logging will replace the extended logging, thus
possibly leading to certain fields disappearing from the logs, mention
this aspect.

Related to
Bug #7333
 9 months ago
Jeff Lucovsky 1e0d3435db doc: add napatech plugin upgrade notes 
Issue: 7165
 9 months ago
Jason Ish 6ae5ae701b doc/userguide: generate eve documentation 
Add EVE documentation for QUIC and Pgsql to their respective sections of
the userguide.

Also add a complete EVE reference as an appendix.

Other protocols can be done, but its a manual process to document in the
schema, then add the glue to pull them into the documentation.

The documentation is generated during "make dist", or if it doesn't
exist, "conf.py" will attempt to generate the eve documentation for
building on Readthedocs.
 9 months ago
Philippe Antoine bb714c9178 http: have a headers limit 
Ticket: 7191

So as to avoid quadratic complexity in libhtp.
Make the limit configurable from suricata.yaml,
and have an event when network traffic goes over the limit.
 9 months ago
Philippe Antoine e47598110a detect/datasets: implement unset command 
Ticket: 7195

Otherwise, Suricata aborted on such a rule
 9 months ago
Juliana Fajardini 18e0d23ed3 docs: remove mentions to Suricata-6 
Task #7262
 9 months ago
Juliana Fajardini d1d1c8cdac doc/conf/yaml: replace underscore with dashes 
Use sed + regex to replace all occurrences of suricata.yaml terms that
used underscore for their up-to-date dash version.

Also search for such terms in the eve-log.yaml partials file, as that
is referenced in the configuration section.

commands used:

sed -i 's/\(^ *[a-z]*\)_\([a-z]*:\)/\1-\2/g'
sed -i 's/\(^ *[a-z]*\)_\([a-z]*\)_\([a-z]*:\)/\1-\2-\3/g'

Some other instances were found manually.

Task #7260
 9 months ago
Philippe Antoine 7ab833471e doc/rfb: mention accidental fix for security_result log 
Ticket: 7198
 9 months ago
Giuseppe Longo 036b68b0a9 doc: add new sip keywords 9 months ago
Juliana Fajardini ef63aa50e2 doc/configuration: improve emergency-recovery docs 
When removing mentions to `prune-flows` a few inconsistencies for how
we write and refer to `emergency-recovery` were left behind, still.
 10 months ago
Philippe Antoine de9413c654 detect: safety for app-layer logging of stream-only rules 
If a stream-only rule matches, and we find a tx where we
want to log the app-layer data, store into the tx data that
we already logged, so that we do not log again the app-layer metadata

Ticket: 7085
 10 months ago
jason taylor f46a8776ec doc: add note about big endian for icmp_seq match 10 months ago
Juliana Fajardini 1420c83a87 doc/configuration: remove mention to prune-flows 
Although the `prune-flows` option was removed with a5587fec2e,
when documentation for the suricata.yaml config file was added with
b252b0d, this option was also included - as has remained until now.
 10 months ago
Jeff Lucovsky 8064847fc6 doc: Document reference config setting 
Issue: 4974
 10 months ago
Philippe Antoine 0ebb84538e http2: add frames support 
Ticket: 5743

Why ? To add detection capabilities
 10 months ago
Jason Ish 685baa9680 output-filedata: rename and document registration function 
Prefix registration function and pointer function type with SC, as
well as document.

Ticket: #7227
 10 months ago
Jason Ish b51eeb3ab5 output-file: rename and document registration function 
Rename OutputRegisterFileLogger to SCOutputRegisterFileLogger, add
function documentation and include in userguide.

Ticket: #7227
 10 months ago
Jason Ish 14b648f286 output-streaming: rename and document registration 
Prefix the registration function and types with "SC", and add function
documentation.

Ticket: #7227
 10 months ago
Jason Ish 1ebf33b3c9 output-tx: rename and document transaction logger registration 
Rename OutputRegisterTxLogger to SCOutputRegisterTxLogger to make it
part of the public API as well as document.

Ticket: #7227
 10 months ago
Jason Ish bb128e3959 devguide: more on low level logging 
Use the extending/output section to introduce the low level logging
API.

Ticket: #7227
 10 months ago
Juliana Fajardini f3e1095244 userguide: update Security Onion docs reference 
They have updated their docs domain, leading to the link we had
returning a 404.

Also checked the other links. Although some seem to only contain old
traffic, they all still work.
 10 months ago
Sascha Steinbiss cb14e44780 userguide: fix spelling of `security_result` EVE field 
This ensures that the correct spelling of the `security_result` EVE
field for RFB (as opposed to `security-result`) is also reflected in the
documentation.

Ticket: #7210
 10 months ago
Shivani Bhardwaj 1345c6d1cb doc/file-extraction: fix highlight syntax 10 months ago
Juliana Fajardini 682b199ea0 userguide: expand documentation for rule profiling 
The page about performance and rule profiling showed the table generated
by rules profiling but didn't inform how to achieve nor find it.

Task #4359
 10 months ago
Jason Ish 15fe844ae7 syslog: deprecate 
The standalone syslog output is now deprecated for Suricata 8. Display
a warning on use and add notes to the userguide.

Ticket: #6544
 10 months ago
Jason Ish 5853fb922d tls-log: deprecate 
tls-log is now deprecated and will be removed in Suricata 9.0. Display
a deprecation notice on use, and add notes to the user guide.

Ticket: #6542
 10 months ago
Jason Ish ab26323a96 http-log: deprecate 
http-log is now deprecated and will be removed in Suricata
9.0. Display a deprecation notice on use, and add notes to the
userguide.

Issue: #6543
 10 months ago
Victor Julien 688bd538cf pcap: implement pcap-file-buffer-size option 
Allows easy specification of buffer size on the commandline.

Ticket: #7155.
 10 months ago
Juliana Fajardini 246acc7140 userguide: clarify flow:stateless explanation 
While not incorrect, the previous wording made the sentence almost
paradoxical. While at it, also highlight a side effect that might not be
so clear to users.

Related to
Bug #6976
 11 months ago
Philippe Antoine 62a186ceef detect/rfb: move keywords to rust 
Ticket: 7178

On the way, convert rfb.secresult to a generic integer with enumeration
cf ticket 6723
 11 months ago
Victor Julien fa9cae3899 doc/userguide: document logging changes from 6 to 7 
Minor other logging related improvements like clarifying language and
improving formatting for pdf output.
 11 months ago
Philippe Antoine 0b2ed97f36 ssh: frames support 
Ticket: 5734

Adds frames for SSH records, that come after banner, and before
the data is encrypted.
These records may contain cipher lists for instance.
 11 months ago
Giuseppe Longo 70ed9f91d8 doc: add ldap protocol 12 months ago
Philippe Antoine bce8f4b853 detect/ssh: remove deprecated keywords 
Ticket: 2377
 12 months ago
Philippe Antoine 0a1062fad2 detect/mqtt: move keywords to rust 
Ticket: 4863

On the way, convert some keywords to use the first-class integer
support.
And helpers for pure rust the support for multi-buffer.

Move the C unit tests about keyword mqtt.protocol_version
to unit tests for generic integer parsing, and test version 5
instead of testing twice version 3.

Also iterate all tx's messages for reason code as is done for other
keywords.

And allow detection on empty topics.
 12 months ago
Jason Ish 5f516c5896 doc: add pf-ring plugin upgrade notes 
Ticket: #7162
 12 months ago
Philippe Antoine e0fd59a20d doc: state that payload-length includes the gaps 12 months ago
Jason Ish 4d3d57249a doc: update dns section of the eve format documentation 12 months ago
Jason Ish d3c08b9643 doc: upgrade guide for dns logging changes 
Bug: #6281
 12 months ago
Sascha Steinbiss 53c62432c6 doc: update MQTT configuration 12 months ago
Shivani Bhardwaj c66f1f4488 doc: add note about datasets string memcaps 
Bug 3910
 1 year ago
Victor Julien afc318737a doc/userguide: document threshold backoff type 1 year ago
Victor Julien e362a01f8d doc/userguide: document new threshold config options 1 year ago
Victor Julien 405491c3fc detect/detection_filter: add support for track by_flow 1 year ago
Victor Julien 3f04af7c7f doc: add thresholding by_flow 1 year ago
Jeff Lucovsky 01e20c91fb doc/transform: Correct typo 1 year ago
Jeff Lucovsky d205ff82d0 doc/transform: Describe the from_base64 transform 
Issue: 6487

Document the new transform and indicate that it's the preferred way to
perform base64 decoding (preferred over base64_decode)
 1 year ago
Philippe Antoine c9ce43b31e output: configurable payload_length field for alerts 
Ticket: 7098
 1 year ago
Victor Julien 3d059611c3 detect: add tls.alpn keyword 
Ticket: #7108.
 1 year ago
Victor Julien c79a382e42 eve/tls: log ALPN for client and server 
Part of the extended logging.

Logs `client_alpns` and `server_alpns` arrays in the tls object.

Ticket: #7055.
 1 year ago
Philippe Antoine ae72376ebe detect/snmp: move keywords to rust 
Ticket: 4863

On the way, convert unit test DetectSNMPCommunityTest to a SV test.

And also, make snmp.pdu_type use a generic uint32 for detection,
allowing operators, instead of just equality.
 1 year ago
Lukas Sismis bd9608771e doc: port user install and build instruction from master-6.0.x 
Ticket: #6686
 1 year ago
Lukas Sismis 521d1cb8e7 doc: update eBPF compilation instructions 
Ticket: #6599
 1 year ago
Victor Julien 8b42182fee doc/userguide: document iprep isset/isnotset 1 year ago
Victor Julien 2f74d435d3 doc/userguide: add more operators to iprep 1 year ago
Victor Julien 50ef646d45 doc/userguide: add noalert/alert keyword docs 1 year ago
Victor Julien c83e3285ae doc/userguide: give pcre1 to pcre2 proper heading 1 year ago
Juliana Fajardini 43b998aa73 userguide/upgrade: add note about alerts' increase 
With triggering stream reassembly early, since for certain types of
rules there may be more alerts triggered - even in IPS mode, make this
clear in the upgrading section.

Bug #7026
 1 year ago
Philippe Antoine 82c03f72c3 enip: convert to rust 
Ticket: 3958

- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
    enip.product_name, enip.protocol_version, enip.revision,
    enip.identity_status, enip.state, enip.serial, enip.product_code,
    enip.device_type, enip.vendor_id, enip.capabilities,
    enip.cip_attribute, enip.cip_class, enip.cip_instance,
    enip.cip_status, enip.cip_extendedstatus
 1 year ago
Victor Julien 17b32f98d7 doc/userguide: fix rule container typo 
Fixes: 8781e9352a ("doc/userguide: add documentation for SMTP frames")
 1 year ago
Victor Julien 8781e9352a doc/userguide: add documentation for SMTP frames 1 year ago
Juliana Fajardini aeb200e001 devguide: highlight commit message example 
Although we have the example for a commit message in our Code Submission
Process sub-chapter, seems that people still oversee it a lot. It was
suggested that we put it in a note-box, to make it more visible.
 1 year ago
Jason Ish 3eb8c728fd doc: update lua sandbox docs for allowed packages/functions 1 year ago
Jason Ish bc011f2205 lua: use rust crate to vendor (bundle) lua 
Remove lua-dev(el) from all CI tests.
 1 year ago
Jo Johnson ba6a976e06 doc: Initial doc for lua sandbox 1 year ago
Jo Johnson 712496bb3f lua: Remove luajit support 
lua 5.4 support is not available in luajit

Ticket: #4776
 1 year ago
Jo Johnson 586c92d9d5 lua: require lua 5.4 
github-ci: Disable lua on debian 10 as it doesn't have Lua 5.4.

Ticket: #4776
 1 year ago
jason taylor 47d6c3a3ab doc: add source verification docs 
Ticket: #6908

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Shivani Bhardwaj 719fda3967 doc: add description about tls.subjectaltname 
Feature 5234
 1 year ago
Philippe Antoine 2c305ba37e pop3: protocol detection 
Ticket: #6366
 1 year ago
Philippe Antoine 7582b18a9f http: configures libhtp to allow spaces in uri 
Ticket: #2881
 1 year ago
Giuseppe Longo 8a171c9d74 doc: add arp changes 1 year ago
Philippe Antoine fcdd7f000a detect: add options to app-layer-protocol keyword 
Ticket: 4921

app-layer-protocol keyword accept an optional mode to precise
which protocol we want to match: toclient, toserver, final,
or original
 1 year ago
Philippe Antoine 715bf048ee frames: rust API makes tx_id explicit 
And set it right for SIP and websocket,
so that relevant tx app-layer metadata gets logged.

Ticket: 6973
 1 year ago
Shivani Bhardwaj 6d92596548 doc: add note about fast_pattern w base64_data 
Bug 5220
 1 year ago
jason taylor abb74245cc doc: update normalization notes 
Ticket: #6781

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 5dacf4d92b doc: add http.connection ref and fix location 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Victor Julien fcca5c7514 detect/iprep: update doc about 0 value 
A value of 0 was already allowed by the rule parser, but didn't
actually work.

Bug: #6834.
 1 year ago
jason taylor aa919f8081 doc: update flowbits information 
Ticket: #6991

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Giuseppe Longo 4f1e71bb4e doc: add sdp update 1 year ago
Juliana Fajardini bb59124063 yaml: unify 0 stats counter config option terms 
When we added feature #5976 (72146b969), we overlook that we also have
a config stats option for the human-readable stats logs to output
0 counters.
Due to not seeing this before, we now have two different setting names
for basically the same thing, but in different logs:
- zero-valued-counters for EVE
- null-values for stats.log

This ensures we use the same terminology, and change the recently added
one to `null-values`, as this one has been around for longer.

Task #6962
 1 year ago
Philippe Antoine 44b6aa5e4b app-layer: websockets protocol support 
Ticket: 2695
 1 year ago
Sascha Steinbiss 120313f4da ja4: implement for TLS and QUIC 
Ticket: OISF#6379
 1 year ago
Jeff Lucovsky 7a5a1e2560 doc: Describe noalert keyword 
Issue: 6685
 1 year ago
Juliana Fajardini 72146b969c eve/stats: allow hiding counters whose valued is 0 
Some stats can be quite verbose if logging all zero valued-counters.
This allows users to disable logging such counters. Default is still
true, as that's the expected behavior for the engine.

Task #5976
 1 year ago
Juliana Fajardini 514e8b8b04 userguide: document exception policy stats 
Configuration options and defaults, existing counters etc.

Related to
Task #5816
 1 year ago
Juliana Fajardini 94b111283d userguide: highlight exception policy effects 
Some exception policies can only be applied to entire flows or
individual packets, for some exception scenarios. Make this easier to
read, in the documentation.

Related to
Task #5816
 1 year ago
jason taylor 7de16809ef doc: update http keyword listing order 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 8b3db3c3b5 doc: update file.name keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 49dba7bb94 doc: update file.data keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor bee3aa9709 doc: update http.response_header keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor dcb548106e doc: update http.request_header keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 3f5d228b9e doc: update http.host http.host.raw keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 739dfe5e5e doc: update http.location keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 9ddd8cf9e0 doc: update http.server keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 3af98f3b92 doc: update http.response_body keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 64760e2e75 doc: update http.response_line keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 566bc0d39c doc: update http.stat_msg keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 271321249f doc: update http.stat_code keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 71d8488cb5 doc: update http.request_body keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor c2783e9391 doc: update http.header_names keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 5eadbc2ff0 doc: update http.start keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 7e65554462 doc: update http.referer keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 876dfb99ca doc: update http.content_len keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 8ff06c1bc0 doc: update http.content_type keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor b2854486dd doc: update http.connection keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 75436dff9c doc: update http.accept_lang keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor f6375e487e doc: update http.accept_enc keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 7e3288f5a7 doc: update http keyword normalization notes 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 9e87d89d2e doc: update http.accept keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 8307168ae7 doc: update http.user_agent keyword 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 75c4cdfa1c doc: update http.cookie keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 7a28874c8d doc: update http.header keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor b3af723486 doc: remove legacy description/duplicated data 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 292b3eb9b3 doc: update http.request_line keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor c7f351bd6e doc: update http.protocol keyword documentation 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 2d0ceedeba doc: update urilen keyword documentation 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor ef118aa582 doc: remove legacy uricontent information 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 96e8c10276 doc: update http.uri and http.uri.raw keywords 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor bf192926a8 doc: update http.method keyword 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 0cce5ba447 doc: add http keyword links 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor fd46175203 doc: update http primer information 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 54fd35c5b4 doc: remove legacy tables and image references 
ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Victor Julien 34f53f85bc systemd: reimplement sd_notify logic using UNIX socket 
One of the lessons of the XZ backdoor story was that just linking to
libsystemd to call sd_notify is discouraged by the systemd project:

Lennart Poettering:
"PSA: In context of the xzpocalypse we now added an example reimplementation
of sd_notify() to our man page:

https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html#Notes

It's pretty comprehensive (i.e. uses it for reload notification too), but
still relatively short.

In the past, I have been telling anyone who wanted to listen that if all you
want is sd_notify() then don't bother linking to libsystemd, since the
protocol is stable and should be considered the API, not our C wrapper
around it. After all, the protocol is so trivial"

From: https://mastodon.social/@pid_eins/112202687764571433

This commit takes the example code and uses it to reimplement the notify
logic.

The code is enabled if Linux is detected in configure. Since the code
won't do anything if the NOTIFY_SOCKET env var isn't set, this should
also work fine on systems w/o systemd.

Ticket: #6913.
 1 year ago
Jason Ish 51bf1c3510 docs/userguide: use a consistent date for reproducible builds 
By default, when Sphinx generates the man pages, the current date will
be embedded in them. This can be set to a specific date with the
"today" variable. Typically the date embedded in manpages in the
release date.

To achieve this, attempt to use the environment variable, RELEASE_DATE
to set the "today" variable, reverting back to the empty string if not
set. It is up to our build system to properly set this date.

Ticket: #6911
 1 year ago
Jason Ish 4c16032f63 docs/conf.py: fix python escape warning 
/home/jason/oisf/dev/suricata/master/doc/userguide/conf.py:74: SyntaxWarning: invalid escape sequence '\('
  "AC_INIT\(\[suricata\],\s*\[(.*)?\]\)",
 1 year ago
Jason Ish 8284df3ed4 devguide: add an upgrade section 
Add an upgrade section to the devguide. This should cover any changes
to APIs that users might be using from plugins or as a library user.
 1 year ago
Hadiqa Alamdar Bukhari 3aa313d0c5 dns: add dns.rcode keyword 
dns.rcode matches the rcode header field in DNS messages
It's an unsigned integer
valid ranges = [0-15]
Does not support prefilter
Supports matches in both flow directions

Task #6621
 1 year ago
Juliana Fajardini 7b2bef1bc6 devguide: add chapter and short intro to libsuricata 
With this, we intend to make more users aware of this use case, and that
we are working towards this.

Related to
Task #2693
 1 year ago
Hadiqa Alamdar Bukhari 4b81851097 dns: add dns.rrtype keyword 
It matches the rrtype field in DNS
It's an unsigned integer match
valid ranges = [0-65535]
Does not support prefilter
Supports flow in both directions
Feature #6666
 1 year ago
Giuseppe Longo 3dc24a967a doc: add upgrade section for 8 1 year ago
Giuseppe Longo add95002b9 suricata.yaml: define SIP_PORTS 1 year ago
Philippe Antoine e22217bda8 doc: there is no right shift for integer bitmasks 
Ticket: 6628
 1 year ago
Lukas Sismis 356f9ffa13 doc: mention the limited number of RX/TX descriptors on Intel NICs 
Ticket: 6748
 1 year ago
jason taylor e891ef3d4e doc: add pcap file logging variable details 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Jeff Lucovsky ee6208be9d config/nss: Remove libnspr/libnss traces 
Issue: 6712
 1 year ago
Philippe Antoine 8f73a0ac55 smtp: config limit maximum number of live transactions 
Ticket: #6477
 1 year ago
Philippe Antoine 4175680a8a http1: configurable max number of live tx per flow 
Ticket: #5921

Co-authored-by: Jason Ish <jason.ish@oisf.net>
 1 year ago
Philippe Antoine f6e1a20215 detect: dns.opcode as first-class integer 
Ticket: 5446

That means it can accept ranges
 1 year ago
Juliana Fajardini 244a35d539 userguide: fix explanation about bsize ranges 
Our code handles Uint ranges as exclusive, but for bsize, our
documentation stated that they're inclusive.

Cf. from uint.rs:

    DetectUintMode::DetectUintModeRange => {
        if val > x.arg1 && val < x.arg2 {
            return true;
        }
    }

Task #6708
 1 year ago
Philippe Antoine b8bc2c7e0f doc: integer keywords 
Ticket: 6628

Document the generic detection capabilities for integer keywords.
and make every integer keyword pointing to this section.
 1 year ago
Jason Ish 8bf8131c31 doc: note what version "requires" was added in 1 year ago
jason taylor 3cb7112aa5 detect: update smb.version keyword 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
Eloy Pérez González a4901a1f70 smb: add smb.keyword documentation 1 year ago
Juliana Fajardini df6444822e userguide: clarify midstream exception policy 
The description of behavior when midstream is enabled and exception
policy is set to ignore wasn't descriptive enough.

Fix typos.
 1 year ago
Lukas Sismis 6e4cc79b39 doc: remove references to prehistoric versions 
Remove references that are mentioning Suricata 3 or less
As a note - only one Suricata 4 reference found:
(suricata-yaml.rst:"In 4.1.x")
Fast pattern selection criteria can be internally found by inspecting
SupportFastPatternForSigMatchList and SigTableSetup functions.

Ticket: #6570
 1 year ago
Lukas Sismis 2a2898053c dpdk: add interrupt (power-saving) mode 
When the packet load is low, Suricata can run in interrupt
mode. This more resembles the classic approach of processing
packets - CPU cores run low and only fetch packets
on interrupt.

Ticket: #5839
 1 year ago
Lukas Sismis ca6f7c2d00 dpdk: rework hugepage hints to use per-numa information 
Previous integration of hugepage analysis only fetched data
from /proc/meminfo. However this proved to be often
deceiving mainly for providing only global information and
not taking into account different hugepage sizes (e.g. 1GB
hugepages) and different NUMA nodes.

Ticket: #6419
 1 year ago
Jeff Lucovsky 58f882db94 doc/pcap-log: Remove squil documentation 
Issue: 6347
 1 year ago
Philippe Antoine adf5e6da7b detect: strip_pseudo_headers transform 
Ticket: 6546
 1 year ago
Philippe Antoine 4933b817aa doc: fix byte_test examples 
As this keyword has 4 mandatory arguments, and some examples
had only three...

Ticket: 6629
 2 years ago
Juliana Fajardini a37fa62710 devguide: explain example-rule container usage 
Have these options documented, so that whoever writes rule-related
documentation can easily know what they could use to make the doc look
better.
 2 years ago
Juliana Fajardini fc2acf8cb0 devguide: fix main channels list 
Sphinx and RtD sometimes render lists in weird ways. The communication
channels list barely looked like one, at all...
 2 years ago
Juliana Fajardini d15877b2c0 devguide: update branches, refer to backports guide 
Update the list of active branches to include 7 renaming and new master,
link to backports document.
 2 years ago
Juliana Fajardini 9fbdfd219c devguide: add chapter with backports guide 
Task #6568
 2 years ago
Juliana Fajardini de8bffd244 devguide: doc from behavior changes needs ticket # 
If a commit introduces code that changes Suricata behavior, the related
documentation changes should go in a separate commit, but refer to the
same ticket number.
This reduces the chances of said changes being lost if there are backports
while still keeping the backporting process a bit less bulky, for each
commit.

Related to
Task #6568
 2 years ago
Juliana Fajardini 71e4ca81ef devguide: reorganize pr-workflow section 
This section seemed to aim both at PR reviewers and PR authors at the
same time, even though some info is probably of low value for
contributors.

Created new section for PR reviewers and maintainers, and kept the info
for PR authors separated. Also highlighted information on requested
changes and stale PRs.
 2 years ago
Juliana Fajardini 08eb67f74c devguide: make 'contributing' a chapter 
This could be justified from a semantic point of view, and also can help
in bringing more attention to where this information is, as it is less
hidden, now.

Also add Dev Guide as one of our resources in our Readme.
 2 years ago
Jason Ish 5d5b0509a5 requires: add requires keyword 
Add a new rule keyword "requires" that allows a rule to require specific
Suricata versions and/or Suricata features to be enabled.

Example:

  requires: feature geoip, version >= 7.0.0, version < 8;
  requires: version >= 7.0.3 < 8
  requires: version >= 7.0.3 < 8 | >= 8.0.3

Feature: #5972

Co-authored-by: Philippe Antoine <pantoine@oisf.net>
 2 years ago
Juliana Fajardini bba3d4fc63 userguide/eve: explain pgsql requests & responses 
Add a more visible explanation of that requests, responses, frontend and
and backend are, in Pgsql context, to avoid having to repeat that over
different portions of the docs.
 2 years ago
Juliana Fajardini 30ac77ce65 pgsql: add cancel request message 
A CanceldRequest can occur after any query request, and is sent over a
new connection, leading to a new flow. It won't take any reply, but, if
processed by the backend, will lead to an ErrorResponse.

Task #6577
 2 years ago
Juliana Fajardini 7dcc2e7a71 doc/eve-format: break pgsql section to char limit 2 years ago
Jason Ish c1a8dbcb72 doc/userguide: document dns.query.name, dns.answer.name 
With some other minor cleanups in the DNS keyword section.
 2 years ago
Jason Ish b11bb1c412 detect: rename DetectAppLayerInspectEngineRegister2 
Rename DetectAppLayerInspectEngineRegister2 to
DetectAppLayerInspectEngineRegister as there is no other variant of
this function, and the versioning with lack of supporting
documentation can lead to confusion.
 2 years ago
Jason Ish 50be098839 detect: rename DetectAppLayerMpmRegister2 to DetectAppLayerMpmRegister 
The old DetectAppLayerMpmRegister has not been around since 4.1.x.
Rename the v2 of this function to a versionless function as there is no
documentation referring to what the 2 means.
 2 years ago
Victor Julien 3456dea276 doc/userguide: update guidance on 5 to 6 upgrading 
TCP memory use can be higher than expected in certain configs.

Ticket: #6552.
 2 years ago
Shivani Bhardwaj b9540df5ad doc: clarify IP-only with iprep 2 years ago
jason taylor fc81c99b58 doc: add file.name information to smtp keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 9d1ad0187e doc: add file.name information to nfs keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 327ba7397a doc: add file.name information to smb keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor e4077b8803 doc: update ftp keyword doc example rule format 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor bb1f7575d3 doc: add file.name information to ftp keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor bbc17b1c7d doc: add file.name information to http keyword doc 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Shivani Bhardwaj 2b73a17bb0 detect: rename whitelist to score 
The term "whitelist" is actually used to store a list of DetectPort type
items for tcp and udp in detect.h. Using the same term for also keeping
the score that affects the grouping of rules is confusing. So, rename
the variable to "score".
 2 years ago
Jason Ish cc0adaaf4a userguide: remove old css files 
In our conf.py we reference some ReadTheDocs stylesheets that appear to
be old and break formatting of some items like bulletted lists.

Bug: #6589
 2 years ago
Philippe Antoine 32cce122e1 detect: header_lowercase transform 
Ticket: 6290
 2 years ago
jason taylor c50002978d doc: update file.data keyword documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Juliana Fajardini a649a92afd userguide: update tls not_after/not_before mentions 
Our tls fields not_after and not_before are actually logged as
`notafter` and `notbefore`, but were documented with the underscore.

Update the documentation, since updating the log format itself would be
a breaking change.

Task #5494
 2 years ago
Juliana Fajardini 58fb559594 userguide: document flow_id, with examples 
Flow_id explanation expanded from version shared by Peter Manev.

Task #6445
 2 years ago
Sascha Steinbiss 0c55fe3515 detect: add mqtt.connect.protocolstring 
Ticket:  OISF#6396
 2 years ago
Victor Julien 6b2c33990f doc/userguide: add tag keyword page 
Ticket: #3015.
 2 years ago
Victor Julien 4a02a14df1 doc/userguide: document host table yaml settings 2 years ago
Jeff Lucovsky 9ee55d2394 doc/transform: Document case-changing transforms. 
Issue: 6439
 2 years ago
Ralph Eastwood 9865164e75 napatech: update docs to remove hba reference 2 years ago
Philippe Antoine ab9b6e30b1 detect: adds flow integer keywords 
Ticket: #6164

flow.pkts_toclient
flow.pkts_toserver
flow.bytes_toclient
flow.bytes_toserver
 2 years ago
Kirjan Kohuladas c8a7204b15 doc/rule-profiling: fix suricatasc typo 2 years ago
Juliana Fajardini 54d8f45afc userguide: add proper label to RPM install section 
Use a reference label that is stable, instead of one that could change
in case a new section is added above it.
 2 years ago
Daniel Olatunji 0e5fdbb8fb doc: be consistent with the use of "sudo" 
Issue: #5720
 2 years ago
Comfort Amaechi cf8b630ed2 userguide: cover install-full and install-conf 
Ticket: #6342
 2 years ago
jason taylor 535938d7f6 doc: add tls.cert_chain_len docs 
Ticket: #6386

Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Juliana Fajardini 1a132f454a docs: adjust readthedocs config to new options 
Our documentation was failing to build, seems connected to the new way
of indicating build options (cf
https://readthedocs.org/projects/suricata/builds/22112658/,
https://docs.readthedocs.io/en/stable/config-file/v2.html#build,
and https://docs.readthedocs.io/en/stable/config-file/v2.html#build-os).

Added the build.os required new field, and adjusted the way python
version is passed.

For the new configuration style for read the docs, one of the ways to
pass extra configuration for python is having a requirements file.
 2 years ago
Juliana Fajardini ffed5eb3d3 doc/quickstart: add software-properties instruction 
This is indicated in the `Installation` section, but not in the
quickstart, and it felt like a valid addition, here, too.
 2 years ago
Juliana Fajardini 4ab4f711de doc/install: link to devguide's install from git 
Although we have an updated version of instructions for installation
from git, our install guide was only referring to RedMine, which is less
up-to-date.

Kept that reference, since it might still be useful for non-Ubuntu
cases.
 2 years ago
Shivani Bhardwaj 0a4011655f doc/code-submission: add commit sign guide 2 years ago
Travis Green 96a0e7016f doc: add tcp flags documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Jason Ish 2b57179d65 readthedocs: pin theme to sphinx_rtd_theme 
ReadTheDocs changed the default theme.
 2 years ago
Jason Ish ae3b1a9e36 configure: more idiomatic autoconf for sphinx-build checks 
- Use SPHINX_BUILD instead of HAVE_SPHINX_BUILD, as here we're
  actually using the path of the program.

- Wrap some elements in [] as is done in modern idiomatic autoconf
 2 years ago
Victor Julien c0201d3212 doc/userguide: add reload-tenant(s) doc 2 years ago
Victor Julien 6ba0956a75 multi-tenant: allow reload w/o yaml path 
Store yaml path in de ctx, for reloads w/o path.

This allows for a simpler `reload-tenant N`, where the previously
used yaml is reloaded.
 2 years ago
Victor Julien c87803ea0e detect: add multi-detect.config-path 
Add option to specify path from which to load the tenants.

Mostly meant to be used in testing.
 2 years ago
jason taylor be324d7856 doc: update file.magic information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 008cc78a03 doc: update fileext keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor e99b1787a2 doc: update file.name keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Alexandre Iooss c80941dd8d doc/userguide: improve SCStreamingBuffer example 
Add direction indication in SCStreamingBuffer usage example.
This adds documentation for the changes introduced by commit
5b1d8c7e94.
 2 years ago
Juliana Fajardini 5cef8fdfdf userguide/ppa: fix typo 
The launchpad repo for suricata-beta read 'oisd' instead of 'oisf'
 2 years ago
Juliana Fajardini 4fd3205bf0 userguide/install: add info on ubuntu ppa installs 
Bringing info that was only in our Redmine wiki to our documentation.

Task #6231
 2 years ago
Juliana Fajardini 765b05f139 docs: miscellanea updates 
- Fix a DPDK reference link, add some line breaks.
- Exemplify what a good commit message looks
like, for Suricata's commit style.
 2 years ago
Jason Ish 3e2a62915b doc/userguide: display version on front page 
When viewing the docs online at Readthedocs, or similar it might be
immediately apparent what version of the documentation is being
displayed. Display the version on the first line before the table of
contents to make it clear.
 2 years ago
Andreas Herz 26130d903f doc: add note about cpu prio overwrite behavior 2 years ago
Andreas Herz da68692547 doc: dataset - add type to be mandatory 2 years ago
Juliana Fajardini f16d428fd1 userguide/upgrade: link to exception policy FAQ 
With the release of 7, people are starting to have issues with traffic
being blocked. While we don't add a more expansive documentation for
this, add a link to the FAQ covering possible fixes for drops caused by
the fail closed default behavior of the exception policies.
 2 years ago
Juliana Fajardini 24745b3a73 doc/userguide: update ref to installation from git 
It was still pointing to the redmine wiki and the documentation to be
truthful to the new documentation.
 2 years ago
Jason Ish 500a7abf57 doc/support-status: add support status page 
Convert the wiki page,
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Support_Status
into a page that is versioned along with the user guide.

Includes many updates to reflect our current support status.
 2 years ago
Jason Ish ad94ebddb7 doc/userguide: avoid horizontal scroll on rtd 
Add CSS to avoid horizontal scroll in tables on ReadTheDocs. This will
wrap the text instead.

Also, vertically align to top so if a cell does wrap, other cells that
do not wrap don't place the text in the middle of the cell.
 2 years ago
Juliana Fajardini 9900bdc162 userguide/eve: format and reorganize alert section 
The `field action` portion seemed to be comprised of a more generic
section that followed it. Also formatted the section for lines to be
within the character limit.
 2 years ago
Juliana Fajardini 0437173848 output/drop: add verdict field 
Related to
Bug #5464
 2 years ago
Andreas Herz 24bcaf07ae doc/upgrade: add more 6 to 7 changes and minor improvements 
Issue: #5473
 2 years ago
jason taylor 62170d2fb9 doc: hyperscan information updated 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor c95fce39f0 doc: add multi buffer support note to keyword docs 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 88960e909d doc: add multiple buffer matching documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Jason Ish 0b5dc58e15 doc/userguide: more eve http upgrade notes 
Add more information with a examples of how the changes to EVE HTTP
logging may affect users.
 2 years ago
jason taylor 19a0b2b0d2 userguide: add details about tcp flow pass 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Jeff Lucovsky 47e268d609 detect/byte_math: Document bytes variable name 
Issue: 6145

Document that byte_math accepts a variable name for bytes (optional)
 2 years ago
Jeff Lucovsky 3a4554fc2b detect/byte-jump: Document var usage for nbytes 
Issue: 6105
 2 years ago
Jeff Lucovsky 73b943276e doc/byte_test: Document byte_test variable usage 
Issue: 6144

This commit updates the byte_test documentation now that a variable name
can be used for the nbytes value.
 2 years ago
Lukas Sismis 5a3ecbde62 doc: update install instructions 
Ticket: #5987
 2 years ago
Shivani Bhardwaj b6f8f5eb3b doc/http: use "sticky buffer" where applicable 2 years ago
Jeff Lucovsky ac8f91f44f config: Document cluster_rollover deprecation 
Issue: 6128

cluster_rollover is no longer permitted; using it will generate a
warning message and it'll be replaced with cluster_flow
 2 years ago
Jeff Lucovsky 29621c7f0d doc/afpacket: Document rollover deprecation 2 years ago
Juliana Fajardini e306bc6ecc exception: fix use of master switch with default 
If an exception policy wasn't set up individually, use the GetDefault
function to pick one. This will check for the master switch option and
handle 'auto' cases.

Instead of deciding what the auto value should be when we are parsing
the master switch, leave that for when some of the other policies is to
be set via the master switch, when since this can change for specific
exception policies - like for midstream, for instance.

Update exceptions policies documentation to clarify that the default
configuration in IPS when midstream is enabled is `ignore`, not
`drop-flow`.

Bug #6169
 2 years ago
Shivani Bhardwaj 18947c01e0 suricatasc: update running instructions 2 years ago
Jeff Lucovsky d822ba58e1 doc/multi-tenant: Clarify live traffic support 
Issue: 5930

This commit clarifies the live traffic support for multi-tenancy.
 2 years ago
Shivani Bhardwaj aeb408dd9d doc: fix typo encryption-handling 2 years ago
Jason Ish 90bb73046c userguide/security: grammar fixes 
Apply grammer fixes brought up in GitHub review comments by Juliana.
 2 years ago
liaozhiyuan a748164d58 dpdk: support multiple same EAL arguments 
DPDK apps can specify multiple arguments of the same
type. YAML format only allows unique keys within a single
node. This commit adds support for multiple EAL arguments
of the same type to be used within suricata.yaml.

Ticket: #5964
 2 years ago
Jason Ish 5f598931ac doc/userguide: start on a security chapter 
This is the start of a security consideration chapter, starting with
directions on how to run Suricata as a non-root user.
 2 years ago
Jason Ish 14daa42e0b doc/userguide: dataset upgrade notes 2 years ago
Jason Ish 4a97461f9a doc/userguide: notes about Lua rules being disabled by default 2 years ago
Juliana Fajardini c0db25d055 userguide: update exception policy behaviors table 
Some exception policies can only be applied to the triggering packet or
only make sense considering the whole flow. Highlight such cases in the
table showing each exception policy.

Related to
Bug #5825
 2 years ago
Juliana Fajardini 0c2922f02e doc: add midstream scenarios for exception policy 
The different interactions between midstream pick-up sessions and the
exception policy can be quite difficult to visualize. Add a section for
that in the userguide.

Related to
Bug #5825
 2 years ago
Philippe Antoine 415b036dca http1: implement http.request_header 
So that it is generic for HTTP1 and HTTP2

Ticket: #5780
 2 years ago
Philippe Antoine 7256ec8a6e detect/http2: do not escape ':' in header name or value 
for keywords http.request_header and http.response_header

Ticket: #5780
 2 years ago
Philippe Antoine 656554f293 http2: rename http2.header to http.request_header 
Or http.response_header based on the direction

http2.header had a different behavior than http.header and this was
confusing.

Ticket: #5780
 2 years ago
Philippe Antoine e30f4943ae doc: GitHub PRs workflow 2 years ago
Jeremy MountainJohnson 435d74d744 userguide/install: add info on arch-based installs 
Add Arch AUR information for installation on Arch-based distros.
 2 years ago