aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,073 Commits
7 Branches
161 Tags
206 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '300889a30b'
${ noResults }
Commit Graph

73 Commits (300889a30b712d51e4c39be4ce8127e6b0d2c03f)

Author SHA1 Message Date
Lukas Sismis 640d0985c2 dpdk: check for link up before full startup 
ICE card (Intel E810) was not receiving packets immediatelly
after startup, Suricata workers would act as processing while
it was not. This eliminates the problem by only continuing
in the initialization if the link is already up.

The setting can be turned off manually from the configuraiton
file.

Ticket: 7381
 4 months ago
Lukas Sismis cb997a64dc dpdk: replace global with per-thread mempools 
It turned out that having global (interface-specific) mempool
that is shared by the threads of the interface is slower than
having individual mempools per queue for each interface.

The commit brings this change and should be user-invisible,
the config setting remains still as a number of objects of
all mempools summed (of that interface).

Ticket: 7382
 4 months ago
Lukas Sismis 2ef2a9e26f dpdk: auto configure Rx/Tx descriptors and mempool size 
Ticket: 7380
Ticket: 7373
 4 months ago
Jason Ish 1a47fdfd46 doc/userguide: group af-packet upgrade notes together 
Also fix the rendering of the sip nest list.
 4 months ago
Jason Ish 080d48ba29 doc/userguide: upgrade note about defrag now off for inline use 
Ticket: #7617
 4 months ago
Jason Ish 8fe526006d doc/userguide: upgrade note about tpacket-v3 default for ids 
Ticket: #4798
 4 months ago
Juliana Fajardini 3985b24e1b upgrade: list inspection recursion default limit 
As the yaml indicated before that if no value was specified there were
no limits, and now there will be one.
 4 months ago
Juliana Fajardini e1f9e66af0 doc/upgrade: add datasets hash size limit note 4 months ago
Jason Ish c6d18fc871 doc/userguide: af-packet upgrade notes 
Add note about increased block size and how to change it back to old
defaults if needed.

Ticket: #7458
 4 months ago
Jason Ish f1d305b373 doc: add upgrade note about suricatasc and suricatactl 5 months ago
Jeff Lucovsky dd344bd07c ftp: Move config file handling to Rust 
Issue: 4082

Move the configuration file handling to Rust.

These changes will no longer terminate Suricata when there's an invalid
value for ftp.memcap. Like earlier Suricata releases, an error message
is logged "Invalid value <value> for ftp.memcap" but Suricata will no
longer terminate execution. It will use a default value of "0" instead.
 5 months ago
Jason Ish 97e01a8cc8 doc/userguide: upgrade notes for Lua 
- Sandboxed Lua for rules
- Search path changes for Lua output scripts
 5 months ago
Jeff Lucovsky cfbf8fda94 doc/csum: Stream checksum validation change 
Describe the change of behavior between the stream.checksum-validation
setting and checksum-based rule keywords.
 6 months ago
Philippe Antoine a499529477 doc: improve documentation about guess-applayer-tx 
Ticket: 7199
 7 months ago
Philippe Antoine f2c3776314 detect: log app-layer metadata in alert with single tx 
Ticket: 7199

Uses a config parameter detect.guess-applayer-tx to enable
this behavior (off by default)

This feature is requested for use cases with signatures not
using app-layer keywords but still targetting application
layer transactions, such as pass/drop rule combination,
or lua usage.

This overrides the previous behavior of checking if the signature
has a content match, by checking if there is only one live
transaction, in addition to the config parameter being set.
 8 months ago
Jason Ish 820a3e51b7 requires: treat unknown requires keywords as unmet requirements 
For example, "requires: foo bar" is an unknown requirement, however
its not tracked, nor an error as it follows the syntax. Instead,
record these unknown keywords, and fail the requirements check if any
are present.

A future version of Suricata may have new requires keywords, for
example a check for keywords.

Ticket: #7418
 8 months ago
Jeff Lucovsky 1e0d3435db doc: add napatech plugin upgrade notes 
Issue: 7165
 10 months ago
Philippe Antoine 7ab833471e doc/rfb: mention accidental fix for security_result log 
Ticket: 7198
 10 months ago
Giuseppe Longo 036b68b0a9 doc: add new sip keywords 10 months ago
Jason Ish 15fe844ae7 syslog: deprecate 
The standalone syslog output is now deprecated for Suricata 8. Display
a warning on use and add notes to the userguide.

Ticket: #6544
 11 months ago
Jason Ish 5853fb922d tls-log: deprecate 
tls-log is now deprecated and will be removed in Suricata 9.0. Display
a deprecation notice on use, and add notes to the user guide.

Ticket: #6542
 11 months ago
Jason Ish ab26323a96 http-log: deprecate 
http-log is now deprecated and will be removed in Suricata
9.0. Display a deprecation notice on use, and add notes to the
userguide.

Issue: #6543
 11 months ago
Victor Julien fa9cae3899 doc/userguide: document logging changes from 6 to 7 
Minor other logging related improvements like clarifying language and
improving formatting for pdf output.
 12 months ago
Giuseppe Longo 70ed9f91d8 doc: add ldap protocol 1 year ago
Philippe Antoine bce8f4b853 detect/ssh: remove deprecated keywords 
Ticket: 2377
 1 year ago
Jason Ish 5f516c5896 doc: add pf-ring plugin upgrade notes 
Ticket: #7162
 1 year ago
Jason Ish d3c08b9643 doc: upgrade guide for dns logging changes 
Bug: #6281
 1 year ago
Shivani Bhardwaj c66f1f4488 doc: add note about datasets string memcaps 
Bug 3910
 1 year ago
Jeff Lucovsky d205ff82d0 doc/transform: Describe the from_base64 transform 
Issue: 6487

Document the new transform and indicate that it's the preferred way to
perform base64 decoding (preferred over base64_decode)
 1 year ago
Juliana Fajardini 43b998aa73 userguide/upgrade: add note about alerts' increase 
With triggering stream reassembly early, since for certain types of
rules there may be more alerts triggered - even in IPS mode, make this
clear in the upgrading section.

Bug #7026
 1 year ago
Philippe Antoine 7582b18a9f http: configures libhtp to allow spaces in uri 
Ticket: #2881
 1 year ago
Giuseppe Longo 8a171c9d74 doc: add arp changes 1 year ago
Giuseppe Longo 4f1e71bb4e doc: add sdp update 1 year ago
Juliana Fajardini 72146b969c eve/stats: allow hiding counters whose valued is 0 
Some stats can be quite verbose if logging all zero valued-counters.
This allows users to disable logging such counters. Default is still
true, as that's the expected behavior for the engine.

Task #5976
 1 year ago
Giuseppe Longo 3dc24a967a doc: add upgrade section for 8 1 year ago
Victor Julien 3456dea276 doc/userguide: update guidance on 5 to 6 upgrading 
TCP memory use can be higher than expected in certain configs.

Ticket: #6552.
 2 years ago
Shivani Bhardwaj 2b73a17bb0 detect: rename whitelist to score 
The term "whitelist" is actually used to store a list of DetectPort type
items for tcp and udp in detect.h. Using the same term for also keeping
the score that affects the grouping of rules is confusing. So, rename
the variable to "score".
 2 years ago
Juliana Fajardini f16d428fd1 userguide/upgrade: link to exception policy FAQ 
With the release of 7, people are starting to have issues with traffic
being blocked. While we don't add a more expansive documentation for
this, add a link to the FAQ covering possible fixes for drops caused by
the fail closed default behavior of the exception policies.
 2 years ago
Andreas Herz 24bcaf07ae doc/upgrade: add more 6 to 7 changes and minor improvements 
Issue: #5473
 2 years ago
Jason Ish 0b5dc58e15 doc/userguide: more eve http upgrade notes 
Add more information with a examples of how the changes to EVE HTTP
logging may affect users.
 2 years ago
Jeff Lucovsky ac8f91f44f config: Document cluster_rollover deprecation 
Issue: 6128

cluster_rollover is no longer permitted; using it will generate a
warning message and it'll be replaced with cluster_flow
 2 years ago
Jeff Lucovsky 29621c7f0d doc/afpacket: Document rollover deprecation 2 years ago
Jason Ish 14daa42e0b doc/userguide: dataset upgrade notes 2 years ago
Philippe Antoine 656554f293 http2: rename http2.header to http.request_header 
Or http.response_header based on the direction

http2.header had a different behavior than http.header and this was
confusing.

Ticket: #5780
 2 years ago
Philippe Antoine 5c419b79b7 doc: upgrade guide for logging http custom headers 
Ticket: #5320
 2 years ago
Jason Ish 5af73b3879 doc/userguide: document include files 
Document how to use include files, plus add a deprecation notice on
the use of multiple "include" statements.
 2 years ago
Jason Ish a71dee5516 doc/userguide: merge logging changes in 7.0 upgrade notes 
Two "Logging changes" sections existed, merge.
 2 years ago
Victor Julien 0903536fd6 doc: spelling 
Thanks to Josh Soref.
 2 years ago
Philippe Antoine 8f9cd8ff1a doc: security.limit-noproc upgrade note 
Ticket: #5621
 2 years ago
Victor Julien f4fa51986e doc: warn IPS users on new exception policy default 3 years ago