Commit Graph

788 Commits (d05f3ac791c25f789040e677cfa09c7e3fad7d60)

Author SHA1 Message Date
Juliana Fajardini ffed5eb3d3 doc/quickstart: add software-properties instruction
This is indicated in the `Installation` section, but not in the
quickstart, and it felt like a valid addition, here, too.
2 years ago
Juliana Fajardini 4ab4f711de doc/install: link to devguide's install from git
Although we have an updated version of instructions for installation
from git, our install guide was only referring to RedMine, which is less
up-to-date.

Kept that reference, since it might still be useful for non-Ubuntu
cases.
2 years ago
Shivani Bhardwaj 0a4011655f doc/code-submission: add commit sign guide 2 years ago
Travis Green 96a0e7016f doc: add tcp flags documentation
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Jason Ish 2b57179d65 readthedocs: pin theme to sphinx_rtd_theme
ReadTheDocs changed the default theme.
2 years ago
Jason Ish ae3b1a9e36 configure: more idiomatic autoconf for sphinx-build checks
- Use SPHINX_BUILD instead of HAVE_SPHINX_BUILD, as here we're
  actually using the path of the program.

- Wrap some elements in [] as is done in modern idiomatic autoconf
2 years ago
Victor Julien c0201d3212 doc/userguide: add reload-tenant(s) doc 2 years ago
Victor Julien 6ba0956a75 multi-tenant: allow reload w/o yaml path
Store yaml path in de ctx, for reloads w/o path.

This allows for a simpler `reload-tenant N`, where the previously
used yaml is reloaded.
2 years ago
Victor Julien c87803ea0e detect: add multi-detect.config-path
Add option to specify path from which to load the tenants.

Mostly meant to be used in testing.
2 years ago
jason taylor be324d7856 doc: update file.magic information
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
jason taylor 008cc78a03 doc: update fileext keyword information
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
jason taylor e99b1787a2 doc: update file.name keyword information
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Alexandre Iooss c80941dd8d doc/userguide: improve SCStreamingBuffer example
Add direction indication in SCStreamingBuffer usage example.
This adds documentation for the changes introduced by commit
5b1d8c7e94.
2 years ago
Juliana Fajardini 5cef8fdfdf userguide/ppa: fix typo
The launchpad repo for suricata-beta read 'oisd' instead of 'oisf'
2 years ago
Juliana Fajardini 4fd3205bf0 userguide/install: add info on ubuntu ppa installs
Bringing info that was only in our Redmine wiki to our documentation.

Task #6231
2 years ago
Juliana Fajardini 765b05f139 docs: miscellanea updates
- Fix a DPDK reference link, add some line breaks.
- Exemplify what a good commit message looks
like, for Suricata's commit style.
2 years ago
Jason Ish 3e2a62915b doc/userguide: display version on front page
When viewing the docs online at Readthedocs, or similar it might be
immediately apparent what version of the documentation is being
displayed. Display the version on the first line before the table of
contents to make it clear.
2 years ago
Andreas Herz 26130d903f doc: add note about cpu prio overwrite behavior 2 years ago
Andreas Herz da68692547 doc: dataset - add type to be mandatory 2 years ago
Juliana Fajardini f16d428fd1 userguide/upgrade: link to exception policy FAQ
With the release of 7, people are starting to have issues with traffic
being blocked. While we don't add a more expansive documentation for
this, add a link to the FAQ covering possible fixes for drops caused by
the fail closed default behavior of the exception policies.
2 years ago
Juliana Fajardini 24745b3a73 doc/userguide: update ref to installation from git
It was still pointing to the redmine wiki and the documentation to be
truthful to the new documentation.
2 years ago
Jason Ish 500a7abf57 doc/support-status: add support status page
Convert the wiki page,
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Support_Status
into a page that is versioned along with the user guide.

Includes many updates to reflect our current support status.
2 years ago
Jason Ish ad94ebddb7 doc/userguide: avoid horizontal scroll on rtd
Add CSS to avoid horizontal scroll in tables on ReadTheDocs. This will
wrap the text instead.

Also, vertically align to top so if a cell does wrap, other cells that
do not wrap don't place the text in the middle of the cell.
2 years ago
Juliana Fajardini 9900bdc162 userguide/eve: format and reorganize alert section
The `field action` portion seemed to be comprised of a more generic
section that followed it. Also formatted the section for lines to be
within the character limit.
2 years ago
Juliana Fajardini 0437173848 output/drop: add verdict field
Related to
Bug #5464
2 years ago
Andreas Herz 24bcaf07ae doc/upgrade: add more 6 to 7 changes and minor improvements
Issue: #5473
2 years ago
jason taylor 62170d2fb9 doc: hyperscan information updated
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
jason taylor c95fce39f0 doc: add multi buffer support note to keyword docs
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
jason taylor 88960e909d doc: add multiple buffer matching documentation
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Jason Ish 0b5dc58e15 doc/userguide: more eve http upgrade notes
Add more information with a examples of how the changes to EVE HTTP
logging may affect users.
2 years ago
jason taylor 19a0b2b0d2 userguide: add details about tcp flow pass
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Jeff Lucovsky 47e268d609 detect/byte_math: Document bytes variable name
Issue: 6145

Document that byte_math accepts a variable name for bytes (optional)
2 years ago
Jeff Lucovsky 3a4554fc2b detect/byte-jump: Document var usage for nbytes
Issue: 6105
2 years ago
Jeff Lucovsky 73b943276e doc/byte_test: Document byte_test variable usage
Issue: 6144

This commit updates the byte_test documentation now that a variable name
can be used for the nbytes value.
2 years ago
Lukas Sismis 5a3ecbde62 doc: update install instructions
Ticket: #5987
2 years ago
Shivani Bhardwaj b6f8f5eb3b doc/http: use "sticky buffer" where applicable 2 years ago
Jeff Lucovsky ac8f91f44f config: Document cluster_rollover deprecation
Issue: 6128

cluster_rollover is no longer permitted; using it will generate a
warning message and it'll be replaced with cluster_flow
2 years ago
Jeff Lucovsky 29621c7f0d doc/afpacket: Document rollover deprecation 2 years ago
Juliana Fajardini e306bc6ecc exception: fix use of master switch with default
If an exception policy wasn't set up individually, use the GetDefault
function to pick one. This will check for the master switch option and
handle 'auto' cases.

Instead of deciding what the auto value should be when we are parsing
the master switch, leave that for when some of the other policies is to
be set via the master switch, when since this can change for specific
exception policies - like for midstream, for instance.

Update exceptions policies documentation to clarify that the default
configuration in IPS when midstream is enabled is `ignore`, not
`drop-flow`.

Bug #6169
2 years ago
Shivani Bhardwaj 18947c01e0 suricatasc: update running instructions 2 years ago
Jeff Lucovsky d822ba58e1 doc/multi-tenant: Clarify live traffic support
Issue: 5930

This commit clarifies the live traffic support for multi-tenancy.
2 years ago
Shivani Bhardwaj aeb408dd9d doc: fix typo encryption-handling 2 years ago
Jason Ish 90bb73046c userguide/security: grammar fixes
Apply grammer fixes brought up in GitHub review comments by Juliana.
2 years ago
liaozhiyuan a748164d58 dpdk: support multiple same EAL arguments
DPDK apps can specify multiple arguments of the same
type. YAML format only allows unique keys within a single
node. This commit adds support for multiple EAL arguments
of the same type to be used within suricata.yaml.

Ticket: #5964
2 years ago
Jason Ish 5f598931ac doc/userguide: start on a security chapter
This is the start of a security consideration chapter, starting with
directions on how to run Suricata as a non-root user.
2 years ago
Jason Ish 14daa42e0b doc/userguide: dataset upgrade notes 2 years ago
Jason Ish 4a97461f9a doc/userguide: notes about Lua rules being disabled by default 2 years ago
Juliana Fajardini c0db25d055 userguide: update exception policy behaviors table
Some exception policies can only be applied to the triggering packet or
only make sense considering the whole flow. Highlight such cases in the
table showing each exception policy.

Related to
Bug #5825
2 years ago
Juliana Fajardini 0c2922f02e doc: add midstream scenarios for exception policy
The different interactions between midstream pick-up sessions and the
exception policy can be quite difficult to visualize. Add a section for
that in the userguide.

Related to
Bug #5825
2 years ago
Philippe Antoine 415b036dca http1: implement http.request_header
So that it is generic for HTTP1 and HTTP2

Ticket: #5780
2 years ago
Philippe Antoine 7256ec8a6e detect/http2: do not escape ':' in header name or value
for keywords http.request_header and http.response_header

Ticket: #5780
2 years ago
Philippe Antoine 656554f293 http2: rename http2.header to http.request_header
Or http.response_header based on the direction

http2.header had a different behavior than http.header and this was
confusing.

Ticket: #5780
2 years ago
Philippe Antoine e30f4943ae doc: GitHub PRs workflow 2 years ago
Jeremy MountainJohnson 435d74d744 userguide/install: add info on arch-based installs
Add Arch AUR information for installation on Arch-based distros.
2 years ago
Philippe Antoine 5c419b79b7 doc: upgrade guide for logging http custom headers
Ticket: #5320
2 years ago
Juliana Fajardini f83c67bbb5 doc: add missing rule to engine-analysis section
The first report didn't have an example rule to go with.
2 years ago
Lukas Sismis 11c3aa868d doc: add DPDK Bond PMD docs
Ticket: #6099
2 years ago
Philippe Antoine 9287cbc33a http: logs custom headers in a subobject
This subobject is request_headers or response_headers

This especially avoids json keys collisions.

Ticket: #5320

Also fixes typo referrer/referer
2 years ago
Jason Ish 5af73b3879 doc/userguide: document include files
Document how to use include files, plus add a deprecation notice on
the use of multiple "include" statements.
2 years ago
Jason Ish a71dee5516 doc/userguide: merge logging changes in 7.0 upgrade notes
Two "Logging changes" sections existed, merge.
2 years ago
Jason Ish f8620d0ed2 docs: update url to docs.suricata.io 2 years ago
Victor Julien 3de687f30c profiling/rules: doc updates 2 years ago
Eric Leblond 694bff11ac doc: add rule profiling information 2 years ago
Jason Ish b0c329da04 doc/userguide: provide more RPM doc
- Address the various RPM distributions
- User info
- Systemd info

Related issue: #5884
2 years ago
Eloy Pérez González b3c7130749 krb5: update krb5_msg_type keyword docs 2 years ago
Lukas Sismis 1c3cb1e8cc docs: refactor DPDK docs and add performance tuning section
Ticket: #5857
Ticket: #5858
2 years ago
Lukas Sismis 03319263db docs: wrap DPDK doc section at 80 chars 2 years ago
Lukas Sismis d0bf3ba638 dpdk: add configure option
Ticket: #5859
2 years ago
Victor Julien 0903536fd6 doc: spelling
Thanks to Josh Soref.
2 years ago
Philippe Antoine 9bd2b72e2b doc: explain where tls.store stores certificates
By adding a reference/link to the doc about the suricata.yaml
config section pecifying the directory where the certificates
are stored
2 years ago
Victor Julien c0d9b3c078 doc/userguide: spelling 2 years ago
Wes Hurd aee41957e1 doc: add docutils.conf to disable smart quotes 2 years ago
Andreas Herz 3045e75ee1 doc: add note on the hashsize recommendation for datasets 2 years ago
Victor Julien a006aef4d0 doc: fix description of iptables rules 2 years ago
Bazzan Don 38b3fffbc7 doc/optimization: move "convert.py" to Python3
Ticket: #5596
2 years ago
Morris Chan b9aac6dd18 yaml: grammar fixup 2 years ago
Juliana Fajardini ae2a477978 devguide: clarify clang formatting changes policy
It was pointed out by a contributor that our workflow mentioned
rewrite-branch as the preferred way, while in fact our policy is to add
said changes to a different commit. Updating documentation to prevent
other situations like that.
2 years ago
Rafael Girão 6ec3bc189a docs: remove obsolete af-packet warning 2 years ago
John Dewey 365bec3da6 netmap: Correct LB + Netmap YAML usage
Corrected the example YAML configuration when using Netmap and
LB.
2 years ago
Jeff Lucovsky 0ad6d4358f add to doc/pfring: Document additional cluster types 2 years ago
Jeff Lucovsky b1918168f9 doc/pfring: Document additional cluster types
This commit adds brief discussion for additional cluster types for use
with the pf-ring packet source.

Newly added:
- cluster_inner_flow
- cluster_inner_flow_2_tuple
- cluster_inner_flow_4_tuple
- cluster_inner_flow_5_tuple

Issue: 5975
2 years ago
Philippe Antoine 59734d16a1 detect: use http.connection to client
Ticket: #5746
2 years ago
Philippe Antoine 6bc7f02e13 doc: rules can have http1 as protocol
Ticket: #5962
2 years ago
Jeff Lucovsky fd46c93a8f doc/byte_math: Add divide by 0 discussion.
Issue: 5945
2 years ago
Juliana Fajardini d314b57e6b userguide/muti-tenant: fix typo 2 years ago
jason taylor 5abcd50142 doc: add tenant id value requirement
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Juliana Fajardini 31066c7c3b docs: clarify exception policy's supported values
As flow.memcap-policy and defrag.memcap-policy do not support flow
actions, clarify that in the documentation. Also fix some typos, and
add missing values in some places where the exception policies were
explained.

Related to
Bug #5940
2 years ago
Jeff Lucovsky 35bbdf4124 doc/content: Add limits for distance/within
Ticket: 5740
2 years ago
Philippe Antoine 8f9cd8ff1a doc: security.limit-noproc upgrade note
Ticket: #5621
2 years ago
Shivani Bhardwaj 0f3e7761da doc: add dataset examples 2 years ago
Lancer Cheng 6142593a69 doc: add version filed in NTLMSSP documentation
Bug OISF#5783
2 years ago
Haleema Khan 609df1776e userguide: update tls keywords information
Ticket #5544
2 years ago
jason taylor 8e5b1fe8e6 userguide: add DHCP EVE log information
Signed-off-by: jason taylor <jtfas90@gmail.com>
2 years ago
Victor Julien f4fa51986e doc: warn IPS users on new exception policy default 3 years ago
Philippe Antoine e3105a6614 ftp: adds a config option ftp-hash for autofp-scheduler
This allows ftp-data and ftp flows to be processed by the same
thread. Otherwise, there may be a concurrency issue where the
would-be ftp-data flow is first processed, and thus not recognized
as such. And the ftp flow gets processed later and the expectation
coming from it is never found.

To do so, the flow hash gets used as usual, except for flows that
may be either ftp or ftp-data, that is either one port is 21, or
both ports are high ones.

Ticket: #5205
3 years ago
Jason Ish 1b844cd7f7 doc/userguide: document --include command line option 3 years ago
Philippe Antoine b52293b609 dcerpc: config limit maximum number of live transactions
As is done for other protocols

Ticket: #5779
3 years ago
Juliana Fajardini 918bd7435c userguide/config: update log format symbols list
There were some possible format options missing after the recent changes
in the log format.
3 years ago
Juliana Fajardini 0d9289014b exceptions: add master switch config option
This allows all traffic Exception Policies to be set from one
configuration point. All exception policy options are available in IPS
mode. Bypass, pass and auto (disabled) are also available in iDS mode

Exception Policies set up individually will overwrite this setup for the
given traffic exception.

Task #5219
3 years ago
jason taylor 0632233791 userguide: update http.cookie description
Signed-off-by: jason taylor <jtfas90@gmail.com>
3 years ago