[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-3.1.2-241-g3ca663d
OISF Git
noreply at openinfosecfoundation.org
Wed Sep 28 17:31:57 UTC 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 3ca663d7ffe98e9c77f18bc0efff3bad5753f24c (commit)
via e6bac998d9acfc9eac1f08ff255e8b72ff5c3364 (commit)
via 51bfe4960a1b55a7108ab0f6c6219d9d3fe2c7e5 (commit)
via 724069626d036adf2bff532b3275d501ea926409 (commit)
via 4cf887b4f7bbc68f814925e04d8e2fc6dc781ef2 (commit)
via 5b71b5834f8a319702685ef791c8b62ed6420c83 (commit)
via 07564c4e41cfcfdbcaaecf20d52d89159acc23f4 (commit)
via c19cd12620b8d5ce90f37f8c6b52681bb06eb3d3 (commit)
via 177df305d429079642f31c5aaa14b17899b22a24 (commit)
via 97783f81428049dec040f53207b2bd9743e266dc (commit)
via 285b4dd981c3d62997477f94fe267ccc7e525fc6 (commit)
via 68d9677eea1fce8553223c49e7d808d0deee200c (commit)
via 39c8786a8ef2f146cfaff04929d3a19617933bfc (commit)
via 07ef451c2b89f6785047b4855003895e002b9fcb (commit)
via 745dad9809bde03c6e3560e969b255321a241556 (commit)
via e88555caf96feb0a78552f02c48a4a5f294cf196 (commit)
via 616782aa986be1a5da6db405413cf9cda8d4645e (commit)
via 7011d8f34cc235eaeac2787c787041a07f1afcc7 (commit)
via 73b355e24a3dd9d4ec4b7cbe8870083dc243bf2a (commit)
via 43c2db0a557352e9f73d097f314269f48484a76a (commit)
via 1f2f1d70634221c637685b43fe50541ca7d52267 (commit)
via 879ab41ade086a05a4eacb3d3e0fe83f69b805e5 (commit)
via 7fa390de39b155b7e39f811bc6478d5856fab2e2 (commit)
via f511f863986db86d5b060bc1a92da1077cd6e3fb (commit)
via 7ad667f282aaa5b7dd580da317fa3fdda05b5401 (commit)
via 614e2f1d432ba5ba8eeeada3170a489f1b1b7002 (commit)
via 6149b014ec3ec8e3bec380212488761371a8b075 (commit)
via 2e78bf0ba81bcb8cebc25bd49f717daf301d8658 (commit)
via b1ced40ee437a964218fdb4eee4fd58c954e15f4 (commit)
via ab93eb97b9a61079afdfd66a52b1fe80b00040eb (commit)
via b8521a52f38e1ccc5607a9b13ba8fe6ce6043940 (commit)
via b9a7335ec4605ba41f257059541efb964669cb36 (commit)
via 15d2a7a49d07796007c4b9639b5cf5130e265a16 (commit)
via 6eedd0068b9af4f1480558aa3f6b1aef4ae6be21 (commit)
via 5e76a54714d41aac12818d4a535001a313689b3e (commit)
via 7f5ffeebada67d09a1dfa8e4f002510593e0d83d (commit)
via ba4931ddb64713bcadb7523dad83aa829783e073 (commit)
via 7806ae8f57155b94c95065b2002c3e7b21eecdd4 (commit)
via 0e63c9ca41ea13d12d630687dc8eb28326227b13 (commit)
via 7e3591e3ce1e3a59cd90882a3593f6a42e13528c (commit)
via 8e655cf107db515d6bcc601ccf9c45481cc56a09 (commit)
via a96225527a461b0809a68cbb94bac4bc08a6c89c (commit)
via 2751baae4641b4d3c9b0d53b7de40a8cbcea923a (commit)
via 16f6fab502a7d177dbdbfc516d9a744275a803f6 (commit)
via 8d47c13d2a7d3f6d1d26062132a43ad650a201e7 (commit)
via 11eb8640ddb32e44019089559c00851f0d07fc0d (commit)
via c0aacec9b77bdd59f0d928ca84abf4e3e081d44e (commit)
via 347e3b49726e0ad6e32c96f9779438855dc4900c (commit)
via 715485a42ba8ad07782f72ed34d792de584ffad4 (commit)
via 5a542a9934b0923140471a6b3d34fdef4ca3409c (commit)
via 398151ac765283e517da29c74e68d5b86a70f7ee (commit)
via 2fa4547197d584f36808184d2c696ab172df32ce (commit)
via 4b306fed14b3dee05ba9b7bf9282cf6aa0f064bf (commit)
via b252b0d84c95d884bdcba27a794f31f8085e65ad (commit)
via 253886b99f096d27d076e66598736807611ecc52 (commit)
via 1089ec1cd891067d3bda0646dfd50f0d28c95887 (commit)
via 7f1e0d82fc1c3195501a0eb7653d8723c80833ca (commit)
via a65b585cd53797fff0840bbdc639a1084c2435d5 (commit)
via 8618d824082d6579075d3b728948aace64f8e9a2 (commit)
via 504a7607997251f9b09532899cdf363847be4461 (commit)
via c8e5271c29d2d8c7e8bf367c857da6808c2d9ca2 (commit)
via d881f000f963904bd28a6590c7994cc6ed1c1138 (commit)
via ae6c0af4921aeac953bd7cee165eb12c226ef266 (commit)
via c04a60aaa0db8343e8bb863e1c9c2d47609c3d97 (commit)
via 630f3d3bc8c5dab83a83d6a94c5032114435c893 (commit)
via ba27602babb9ffbf1e305789ee48eb37e8967fd6 (commit)
via 07dac046d9578c0664ce6b8ea019e1a382dd570f (commit)
via 733f1a5842aa2f3244f7c54319e72c10d99a8539 (commit)
via aa6a975f1c2f5ff5006e071f13f8ac5c1172df4e (commit)
via f27e85e346dfa2c8a2c7b46f872827b282672bb7 (commit)
via f97c045bf11d4c579e44eed2a36bf533fc57c86a (commit)
via 38bf0df6f0c40c7e2d5529656ff23a0123a3c8ae (commit)
via fc9d6219219fd0af89dbc71e666078cb1d139957 (commit)
via 7b8aa62463b4694d259bae8947ec3f55c20fdbd5 (commit)
via 2574415a2d39aff73827d6f1f1d308c8f9f73dc3 (commit)
via 235498717127c369d349c8d2303cee1c53f8c3a9 (commit)
via ab69c93a28968d9e322d209090cf8cf9fc31d363 (commit)
via 6136ec583f105fc95913b443a5ef2d8001acaba6 (commit)
via 5e0c39be57fc4e69c6e25d3a54cd1657fde86bbf (commit)
via 4f9f9c09ec96fb9d295aeabe7726431385fd1d44 (commit)
via 80e6830dece8b76cde55cfc84f34b8a1ab3c90d1 (commit)
via b0c2d6c8ee0e693157652fefc1131e54d4c37f9e (commit)
via 7c9475e94debffc0d1da3327887c21be40e57c35 (commit)
via b1bc0038aeecce4184e6c1ad7e51dfee43d1698d (commit)
via 98f56f991673196340ffbd66dce9f5e7a5c6868b (commit)
via 9dea001c7da76813d9090288437ebbd520dcda8e (commit)
via 082758deae945b296e7dc1faeb718bdeb703de10 (commit)
via 30f3ecf22309df76efaecbb07aad31563ba151e0 (commit)
via 75662a16da053cbcf89774812728c33eb3eeaac8 (commit)
via 58691fbb48774aff719a781228948347d1f68457 (commit)
via 107c12afd6ed180e529f8be5c164559d4f5fcf2d (commit)
via 3366571eebc70183325f173c324ad24872c0b173 (commit)
via 1e6df87ecb92d068ae72d28950ac0f2191f159cc (commit)
via 62e0f6a3e3864cc0ec89dbbc37e2fc83f71e22fd (commit)
via b3b5e333e4a1c206242c9bb130d0f3a1e43ff243 (commit)
via 5537c0f63cca56e1a38a055f821ff7b0e2f9e1bd (commit)
via 5f9d265fdf509ee339dac37170d4dc7bbb5bd37c (commit)
via 0c602c5f19d69b3a9e14557b0a0d0878d49c2b35 (commit)
via 7c36361aacb3ca6fb602a2d410c4f0105c1afe11 (commit)
via 3f2b1277d12f58c394b0f419631e5135875005eb (commit)
via 33e96c508768b6d4b7c519d1ed9925c23efe4d96 (commit)
via a4645732307177970ceea6380fa87d2e2d3f01f5 (commit)
via 6d7c0e827441ea1bb18c4b7d25fa8a3881d61a17 (commit)
via 1f4725fcaba4ecd2e68f032a5056377d538a0519 (commit)
via 44c846f2f8558094344344142d04e71d72b7466c (commit)
via c0f93503b76b4b567b64fe7c8d7220a85a0f1770 (commit)
via d6f051cdf94a060139580377074982e85506aba3 (commit)
from a194dfbd5b1ac6b2b2db594267cf3caac7686618 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3ca663d7ffe98e9c77f18bc0efff3bad5753f24c
Author: Eric Leblond <eric at regit.org>
Date: Wed Sep 28 13:50:01 2016 +0200
output-json-flow: display bypass method
In the case of a bypassed flow we add a 'bypass' key that can
be 'local' or 'capture'. This will allow the user to know if
capture bypass method is failing by looking at the 'bypass' key.
commit e6bac998d9acfc9eac1f08ff255e8b72ff5c3364
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Mon Sep 26 16:45:15 2016 +0200
flow: add timeout for local bypass
This adds a new timeout value for local bypassed state. For user
simplication it is called only `bypassed`. The patch also adds
a emergency value so we can clean bypassed flows a bit faster.
commit 51bfe4960a1b55a7108ab0f6c6219d9d3fe2c7e5
Author: Eric Leblond <eric at regit.org>
Date: Mon Sep 26 13:35:44 2016 +0200
flow: discard packets belonging to bypassed flows
commit 724069626d036adf2bff532b3275d501ea926409
Author: Eric Leblond <eric at regit.org>
Date: Mon Sep 26 13:22:34 2016 +0200
flow: downgrade to local bypass if we see packets
If we see packets for a capture bypassed flow after some times, it
means that the capture method is not handling correctly the bypass
so it is better to switch to local bypass method.
commit 4cf887b4f7bbc68f814925e04d8e2fc6dc781ef2
Author: Eric Leblond <eric at regit.org>
Date: Mon Sep 26 13:17:01 2016 +0200
flow: update lastts in FlowHandlePacketUpdate
This allows to make it conditional to the state of packet and
then trigger modified behavior.
commit 5b71b5834f8a319702685ef791c8b62ed6420c83
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Mon Feb 8 13:21:54 2016 +0100
filestore: avoid conflict with bypass keyword
If a packet triggers a rule which contains both
bypass and filestore keywords,
it won't be stored since it's not inspected.
To avoid that, when a rule containing filestore keyword
we make sure that also bypass keyword is present.
commit 07564c4e41cfcfdbcaaecf20d52d89159acc23f4
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Tue Feb 2 11:37:23 2016 +0100
detect: add bypass keyword
This adds a new keyword which permits to call the
bypass callback when a sig is matched.
The callback must be called when the match of the sig
is complete.
commit c19cd12620b8d5ce90f37f8c6b52681bb06eb3d3
Author: Eric Leblond <eric at regit.org>
Date: Thu Jan 28 21:41:24 2016 +0100
flow: bypass encrypted and after stream depth flow
This patch activates bypass for encrypted flow and for flow
that have reached stream depth on both side.
For encrypted flow , suricata is stopping the inspection so
we can just get it out via bypass. The same logic apply
for flow that have reached the stream depth.
For a basic test of feature, use the following ruleset:
```
table ip filter {
chain output {
type filter hook output priority 0; policy accept;
ct mark 0x1 counter accept
oif lo counter queue num 0
}
chain connmark_save {
type filter hook output priority 1; policy accept;
mark 0x1 ct mark set mark counter
ct mark 0x1 counter
}
}
```
And use bypass mark and mask of 1 in nfq configuration. Then you
can test the system by scp big file to 127.0.0.1. You can also
use iperf to measure the performance on localhost. It is recommended
to lower the MTU to 1500 to get something more realistic by increasing
the number of packets..
commit 177df305d429079642f31c5aaa14b17899b22a24
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Mon May 23 09:53:08 2016 +0200
stream-tcp: enable bypass setting
This permits to enable/disable in suricata.yaml
and the bypass function will be called
when stream.depth is reached.
commit 97783f81428049dec040f53207b2bd9743e266dc
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Mon May 23 09:31:12 2016 +0200
nfq: introduce bypass function
commit 285b4dd981c3d62997477f94fe267ccc7e525fc6
Author: Eric Leblond <eric at regit.org>
Date: Mon Sep 19 16:21:55 2016 +0200
decode: implement bypass function
Call the packet bypass callback if necessary and update the flow
state. In case of failure we switch to local bypassed state and set
capture bypassed state if the callback is successful.
commit 68d9677eea1fce8553223c49e7d808d0deee200c
Author: Eric Leblond <eric at regit.org>
Date: Mon Sep 26 01:25:52 2016 +0200
flow: force reassembly for bypassed flows
As capture method like nfq will cut both side of the flow instantly
we will not get the hack for most data which have been received. So
it is better to force reassembly to be sure to get the timeout of
the entry.
commit 39c8786a8ef2f146cfaff04929d3a19617933bfc
Author: Eric Leblond <eric at regit.org>
Date: Mon Sep 26 01:25:32 2016 +0200
flow: get bypass info in get used flow function
commit 07ef451c2b89f6785047b4855003895e002b9fcb
Author: Eric Leblond <eric at regit.org>
Date: Sat Sep 24 12:12:09 2016 +0200
flow: add pruned bypassed flow counter
commit 745dad9809bde03c6e3560e969b255321a241556
Author: Eric Leblond <eric at regit.org>
Date: Fri Sep 16 00:49:35 2016 +0200
flow: display info about bypass in log
commit e88555caf96feb0a78552f02c48a4a5f294cf196
Author: Eric Leblond <eric at regit.org>
Date: Sat Sep 17 10:18:08 2016 +0200
flow: add bypassed states
This patch adds two new states to the flow:
* local bypass: for suricata only bypass, packets belonging to
a flow in this state will be discard fast
* capture bypass: capture method is handling the bypass and suricata
will discard packets that are currently queued
A bypassed state to flow that will be set on flow when a bypass
decision is taken. In the case of capture bypass this will allow
to remove faster the flow entry from the flow table instead of
waiting for the "established" timeout.
commit 616782aa986be1a5da6db405413cf9cda8d4645e
Author: Giuseppe Longo <glongo at stamus-networks.com>
Date: Wed Jul 20 11:46:00 2016 +0200
packet: add API for bypass
commit 7011d8f34cc235eaeac2787c787041a07f1afcc7
Author: Victor Julien <victor at inliniac.net>
Date: Wed Sep 28 15:14:00 2016 +0200
doc: remove/cleanup 'guides'
commit 73b355e24a3dd9d4ec4b7cbe8870083dc243bf2a
Author: Victor Julien <victor at inliniac.net>
Date: Wed Sep 28 14:47:23 2016 +0200
doc: fix lua keyword name
commit 43c2db0a557352e9f73d097f314269f48484a76a
Author: Victor Julien <victor at inliniac.net>
Date: Wed Sep 28 14:10:56 2016 +0200
doc: update what is suricata section
commit 1f2f1d70634221c637685b43fe50541ca7d52267
Author: Victor Julien <victor at inliniac.net>
Date: Wed Sep 28 13:45:55 2016 +0200
doc: commandline improvements
commit 879ab41ade086a05a4eacb3d3e0fe83f69b805e5
Author: Victor Julien <victor at inliniac.net>
Date: Wed Sep 28 13:33:46 2016 +0200
doc: move drop privs into configuration
commit 7fa390de39b155b7e39f811bc6478d5856fab2e2
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 20 21:16:05 2016 -0600
doc: bundle pre-built man page in distribution
commit f511f863986db86d5b060bc1a92da1077cd6e3fb
Author: Victor Julien <victor at inliniac.net>
Date: Wed Sep 21 07:39:09 2016 +0200
doc: rename to 'Suricata User Guide'
commit 7ad667f282aaa5b7dd580da317fa3fdda05b5401
Author: Victor Julien <victor at inliniac.net>
Date: Wed Sep 21 07:38:45 2016 +0200
doc: move snort compat to rule chapter
commit 614e2f1d432ba5ba8eeeada3170a489f1b1b7002
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 20 17:07:15 2016 -0600
doc: make target for pdf, and suricata.1 shortcut
commit 6149b014ec3ec8e3bec380212488761371a8b075
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 20 10:48:14 2016 -0600
doc: shorten some paths to satisfy distcheck
Long paths were being dropped from the source package.
commit 2e78bf0ba81bcb8cebc25bd49f717daf301d8658
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 20 10:37:51 2016 -0600
doc: list files/directories in EXTRA_DIST
So files get included in the distribution and pass
make distcheck.
commit b1ced40ee437a964218fdb4eee4fd58c954e15f4
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 20 09:57:36 2016 -0600
doc: get Suricata version from autoconf vars
commit ab93eb97b9a61079afdfd66a52b1fe80b00040eb
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 20 09:29:17 2016 -0600
doc: use - instead of _ in filenames for consistency
commit b8521a52f38e1ccc5607a9b13ba8fe6ce6043940
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 20 09:28:09 2016 -0600
doc: link up hyperscan and packet capture
commit b9a7335ec4605ba41f257059541efb964669cb36
Author: Jason Ish <ish at unx.ca>
Date: Mon Mar 7 13:11:01 2016 -0600
doc: expose variables for substition in docs
commit 15d2a7a49d07796007c4b9639b5cf5130e265a16
Author: Jason Ish <ish at unx.ca>
Date: Fri Feb 26 17:30:15 2016 -0600
doc: minimal man page: suricata.1
commit 6eedd0068b9af4f1480558aa3f6b1aef4ae6be21
Author: Jason Ish <ish at unx.ca>
Date: Thu Feb 18 15:50:13 2016 -0600
doc: hook sphinx into build
commit 5e76a54714d41aac12818d4a535001a313689b3e
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 20 08:59:26 2016 -0600
doc: packet capture: sync up with wiki
commit 7f5ffeebada67d09a1dfa8e4f002510593e0d83d
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 20 08:59:10 2016 -0600
doc: dns: sync up with wiki
commit ba4931ddb64713bcadb7523dad83aa829783e073
Author: Jason Ish <ish at unx.ca>
Date: Fri Aug 19 10:20:49 2016 -0600
doc: flow:not_established not supported
commit 7806ae8f57155b94c95065b2002c3e7b21eecdd4
Author: Andreas Herz <andi at geekosphere.org>
Date: Wed Jul 13 22:51:05 2016 +0200
docs: sync up to recent redmine
commit 0e63c9ca41ea13d12d630687dc8eb28326227b13
Author: Jason Ish <ish at unx.ca>
Date: Wed Mar 30 10:52:19 2016 -0600
doc: add GPL and CC licenses
commit 7e3591e3ce1e3a59cd90882a3593f6a42e13528c
Author: brandonlattin <latt0050 at umn.edu>
Date: Wed Feb 24 11:55:46 2016 -0600
doc: performance: Replace 'medium' with 'custom'
I assume the intent was to use the custom-values that are being defined.
commit 8e655cf107db515d6bcc601ccf9c45481cc56a09
Author: Andi <andi at geekosphere.org>
Date: Fri Feb 26 23:56:30 2016 +0100
eve-json-format: add newest version from the wiki
This was added by pevma in the wiki, so should go into the sphinx doc as well.
commit a96225527a461b0809a68cbb94bac4bc08a6c89c
Author: Jason Ish <ish at unx.ca>
Date: Mon Feb 22 11:53:48 2016 -0600
doc: update url to modbus paper as advised by David Diallo.
commit 2751baae4641b4d3c9b0d53b7de40a8cbcea923a
Author: Jason Ish <ish at unx.ca>
Date: Thu Feb 18 14:46:21 2016 -0600
doc: rename from "sphinx" to "userguide"
commit 16f6fab502a7d177dbdbfc516d9a744275a803f6
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 20 15:57:31 2016 -0600
doc: user .. option:: for command line option formatting
commit 8d47c13d2a7d3f6d1d26062132a43ad650a201e7
Author: Jason Ish <ish at unx.ca>
Date: Thu Feb 4 10:18:20 2016 -0600
doc: new global threshold examples from Peter Manev.
commit 11eb8640ddb32e44019089559c00851f0d07fc0d
Author: Jason Ish <ish at unx.ca>
Date: Wed Jan 27 14:50:37 2016 -0600
doc: acknowledge doc/wiki authors
commit c0aacec9b77bdd59f0d928ca84abf4e3e081d44e
Author: Andreas Herz <andi at geekosphere.org>
Date: Tue Jan 5 20:55:12 2016 +0100
doc: reorder duplicates
commit 347e3b49726e0ad6e32c96f9779438855dc4900c
Author: Andreas Herz <andi at geekosphere.org>
Date: Tue Jan 5 20:47:50 2016 +0100
doc: fixed remaining FIXME
commit 715485a42ba8ad07782f72ed34d792de584ffad4
Author: Andreas Herz <andi at geekosphere.org>
Date: Tue Jan 5 20:19:10 2016 +0100
doc: finished remaining conversion for output
commit 5a542a9934b0923140471a6b3d34fdef4ca3409c
Author: Andreas Herz <andi at geekosphere.org>
Date: Tue Jan 5 03:23:54 2016 +0100
doc: minor fixes in configuration causing errors/warnings
commit 398151ac765283e517da29c74e68d5b86a70f7ee
Author: Andreas Herz <andi at geekosphere.org>
Date: Tue Jan 5 03:16:13 2016 +0100
doc: added output section (some fixes still to do)
commit 2fa4547197d584f36808184d2c696ab172df32ce
Author: Jason Ish <ish at unx.ca>
Date: Mon Jan 4 11:50:09 2016 -0600
doc: reference fixups
commit 4b306fed14b3dee05ba9b7bf9282cf6aa0f064bf
Author: Jason Ish <ish at unx.ca>
Date: Mon Jan 4 11:38:06 2016 -0600
doc: fixup references
commit b252b0d84c95d884bdcba27a794f31f8085e65ad
Author: Jason Ish <ish at unx.ca>
Date: Mon Jan 4 11:10:12 2016 -0600
doc: add configuration
commit 253886b99f096d27d076e66598736807611ecc52
Author: Andreas Herz <andi at geekosphere.org>
Date: Sun Jan 3 23:38:20 2016 +0100
doc: added file-extraction
commit 1089ec1cd891067d3bda0646dfd50f0d28c95887
Author: Andreas Herz <andi at geekosphere.org>
Date: Sun Jan 3 23:02:33 2016 +0100
doc: added capture hardware except for napatech with file
commit 7f1e0d82fc1c3195501a0eb7653d8723c80833ca
Author: Andreas Herz <andi at geekosphere.org>
Date: Sun Jan 3 23:02:26 2016 +0100
doc: added public data sets with file
commit a65b585cd53797fff0840bbdc639a1084c2435d5
Author: Andreas Herz <andi at geekosphere.org>
Date: Sun Jan 3 23:01:39 2016 +0100
doc: added capture hardware except for napatech
commit 8618d824082d6579075d3b728948aace64f8e9a2
Author: Andreas Herz <andi at geekosphere.org>
Date: Sun Jan 3 22:51:06 2016 +0100
doc: added public data sets
commit 504a7607997251f9b09532899cdf363847be4461
Author: Andreas Herz <andi at geekosphere.org>
Date: Sun Jan 3 22:48:50 2016 +0100
doc: update gitignore to ignore node_modules
commit c8e5271c29d2d8c7e8bf367c857da6808c2d9ca2
Author: Andreas Herz <andi at geekosphere.org>
Date: Sun Jan 3 22:48:16 2016 +0100
doc: added setting up ips inline
commit d881f000f963904bd28a6590c7994cc6ed1c1138
Author: Andreas Herz <andi at geekosphere.org>
Date: Sun Jan 3 01:22:42 2016 +0100
doc: add index for reputation to match wiki
commit ae6c0af4921aeac953bd7cee165eb12c226ef266
Author: Andreas Herz <andi at geekosphere.org>
Date: Sun Jan 3 01:05:13 2016 +0100
doc: added initscripts
commit c04a60aaa0db8343e8bb863e1c9c2d47609c3d97
Author: Andreas Herz <andi at geekosphere.org>
Date: Sun Jan 3 01:04:29 2016 +0100
doc: added ip reputation
commit 630f3d3bc8c5dab83a83d6a94c5032114435c893
Author: Andreas Herz <andi at geekosphere.org>
Date: Sun Jan 3 01:04:11 2016 +0100
doc: added ip reputation
commit ba27602babb9ffbf1e305789ee48eb37e8967fd6
Author: Andreas Herz <andi at geekosphere.org>
Date: Sun Jan 3 00:46:13 2016 +0100
doc: fixed underline too short error
commit 07dac046d9578c0664ce6b8ea019e1a382dd570f
Author: Andi <andi at geekosphere.org>
Date: Thu Dec 31 22:12:42 2015 +0100
doc: Add ssl_state doc
See https://redmine.openinfosecfoundation.org/issues/589
commit 733f1a5842aa2f3244f7c54319e72c10d99a8539
Author: Andi <andi at geekosphere.org>
Date: Thu Dec 31 21:58:22 2015 +0100
doc: Document http_host and http_raw_host
Added doc for http_host and http_raw_host as mentioned in https://redmine.openinfosecfoundation.org/issues/756
commit aa6a975f1c2f5ff5006e071f13f8ac5c1172df4e
Author: Jason Ish <ish at unx.ca>
Date: Thu Dec 17 11:25:08 2015 -0600
doc: ignoring traffic
commit f27e85e346dfa2c8a2c7b46f872827b282672bb7
Author: Jason Ish <ish at unx.ca>
Date: Thu Dec 17 11:19:34 2015 -0600
doc: tcmalloc
commit f97c045bf11d4c579e44eed2a36bf533fc57c86a
Author: Jason Ish <ish at unx.ca>
Date: Thu Dec 17 11:18:04 2015 -0600
doc: runmodes
commit 38bf0df6f0c40c7e2d5529656ff23a0123a3c8ae
Author: Jason Ish <ish at unx.ca>
Date: Thu Dec 17 11:14:15 2015 -0600
doc: rule profiling
commit fc9d6219219fd0af89dbc71e666078cb1d139957
Author: Jason Ish <ish at unx.ca>
Date: Thu Dec 17 11:12:00 2015 -0600
doc: packet profiling
commit 7b8aa62463b4694d259bae8947ec3f55c20fdbd5
Author: Jason Ish <ish at unx.ca>
Date: Thu Dec 17 11:10:16 2015 -0600
doc: statistics
commit 2574415a2d39aff73827d6f1f1d308c8f9f73dc3
Author: Jason Ish <ish at unx.ca>
Date: Thu Dec 17 11:07:21 2015 -0600
doc: tuning considerations
commit 235498717127c369d349c8d2303cee1c53f8c3a9
Author: Jason Ish <ish at unx.ca>
Date: Thu Dec 17 11:05:57 2015 -0600
doc: high performance config
commit ab69c93a28968d9e322d209090cf8cf9fc31d363
Author: Jason Ish <ish at unx.ca>
Date: Thu Dec 17 10:53:59 2015 -0600
doc: making sense of alerts
commit 6136ec583f105fc95913b443a5ef2d8001acaba6
Author: Jason Ish <ish at unx.ca>
Date: Thu Dec 17 10:38:48 2015 -0600
doc: oinkmaster
commit 5e0c39be57fc4e69c6e25d3a54cd1657fde86bbf
Author: Jason Ish <ish at unx.ca>
Date: Sat Dec 5 11:38:56 2015 -0600
doc: snort compatibility
commit 4f9f9c09ec96fb9d295aeabe7726431385fd1d44
Author: Jason Ish <ish at unx.ca>
Date: Sat Dec 5 09:09:52 2015 -0600
doc: command line options
commit 80e6830dece8b76cde55cfc84f34b8a1ab3c90d1
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 12:04:46 2015 -0600
doc: restructure directory layout
commit b0c2d6c8ee0e693157652fefc1131e54d4c37f9e
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 11:50:35 2015 -0600
doc: restructure the rules section a little
commit 7c9475e94debffc0d1da3327887c21be40e57c35
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 11:45:41 2015 -0600
doc: add fixme to broken images
commit b1bc0038aeecce4184e6c1ad7e51dfee43d1698d
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 10:26:53 2015 -0600
doc: finish off the rules section
commit 98f56f991673196340ffbd66dce9f5e7a5c6868b
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 10:01:32 2015 -0600
doc: dnp3 keywords
commit 9dea001c7da76813d9090288437ebbd520dcda8e
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 09:58:11 2015 -0600
doc: modbus keyword
commit 082758deae945b296e7dc1faeb718bdeb703de10
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 09:55:09 2015 -0600
doc: rule profiling
commit 30f3ecf22309df76efaecbb07aad31563ba151e0
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 09:53:19 2015 -0600
doc: normalized buffers
commit 75662a16da053cbcf89774812728c33eb3eeaac8
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 09:52:02 2015 -0600
doc: tls keywords
commit 58691fbb48774aff719a781228948347d1f68457
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 09:40:47 2015 -0600
doc: live rule swap
commit 107c12afd6ed180e529f8be5c164559d4f5fcf2d
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 09:38:16 2015 -0600
doc: adding your own rules
commit 3366571eebc70183325f173c324ad24872c0b173
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 09:22:52 2015 -0600
doc: rule lua scripting
commit 1e6df87ecb92d068ae72d28950ac0f2191f159cc
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 09:11:52 2015 -0600
doc: rule lua scripting
commit 62e0f6a3e3864cc0ec89dbbc37e2fc83f71e22fd
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 09:07:37 2015 -0600
doc: thresholding
commit b3b5e333e4a1c206242c9bb130d0f3a1e43ff243
Author: Jason Ish <ish at unx.ca>
Date: Fri Dec 4 09:01:18 2015 -0600
doc: file-keywords
commit 5537c0f63cca56e1a38a055f821ff7b0e2f9e1bd
Author: Jason Ish <ish at unx.ca>
Date: Wed Dec 2 15:59:28 2015 -0600
doc: flowint
commit 5f9d265fdf509ee339dac37170d4dc7bbb5bd37c
Author: Jason Ish <ish at unx.ca>
Date: Wed Dec 2 15:55:17 2015 -0600
doc: flow-keywords
commit 0c602c5f19d69b3a9e14557b0a0d0878d49c2b35
Author: Jason Ish <ish at unx.ca>
Date: Wed Dec 2 15:24:12 2015 -0600
doc: pcre
commit 7c36361aacb3ca6fb602a2d410c4f0105c1afe11
Author: Jason Ish <ish at unx.ca>
Date: Wed Dec 2 15:23:52 2015 -0600
doc: helper tool to convert from wiki to sphinx
commit 3f2b1277d12f58c394b0f419631e5135875005eb
Author: Jason Ish <ish at unx.ca>
Date: Wed Dec 2 07:22:20 2015 -0600
doc: header-keywords
commit 33e96c508768b6d4b7c519d1ed9925c23efe4d96
Author: Jason Ish <ish at unx.ca>
Date: Wed Dec 2 07:12:02 2015 -0600
doc: fast-pattern
commit a4645732307177970ceea6380fa87d2e2d3f01f5
Author: Jason Ish <ish at unx.ca>
Date: Wed Dec 2 06:34:18 2015 -0600
doc: payload-keywords
commit 6d7c0e827441ea1bb18c4b7d25fa8a3881d61a17
Author: Jason Ish <ish at unx.ca>
Date: Fri Nov 6 19:01:15 2015 +0100
docs: sample of sphinx docs
commit 1f4725fcaba4ecd2e68f032a5056377d538a0519
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 27 09:38:42 2016 -0600
detect-tls: make check on fingerprint directional
commit 44c846f2f8558094344344142d04e71d72b7466c
Author: Jason Ish <ish at unx.ca>
Date: Tue Sep 27 09:07:10 2016 -0600
tls-json: make tls events direction sensitive
Previously the src/dest ips in TLS events would differ between
IDS and IPS modes. Make the header creation direction sensitive
so they are identical in both modes.
commit c0f93503b76b4b567b64fe7c8d7220a85a0f1770
Author: Mats Klepsland <mats.klepsland at gmail.com>
Date: Mon Sep 26 15:53:48 2016 +0200
util-decode-der-get: fix coverity warning
*** CID 1373380: Control flow issues (DEADCODE)
/src/util-decode-der-get.c: 126 in UtctimeToTime()
120 year = strtol(yy, NULL, 10);
121 if (year >= 50)
122 snprintf(buf, sizeof(buf), "%i%s", 19, utctime);
123 else if (year < 50)
124 snprintf(buf, sizeof(buf), "%i%s", 20, utctime);
125 else
>>> CID 1373380: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "goto error;".
126 goto error;
127
128 time = GentimeToTime(buf);
129 if (time == -1)
130 goto error;
131
commit d6f051cdf94a060139580377074982e85506aba3
Author: Victor Julien <victor at inliniac.net>
Date: Tue Sep 27 17:10:16 2016 +0200
http: removed unused flags
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 13 +-
doc/Makefile.am | 2 +
doc/userguide/.gitignore | 1 +
doc/userguide/Makefile.am | 65 +
doc/userguide/Makefile.sphinx | 192 ++
doc/userguide/README.md | 20 +
config.rpath => doc/userguide/_static/.gitignore | 0
doc/userguide/acknowledgements.rst | 38 +
doc/userguide/capture-hardware/endace-dag.rst | 46 +
doc/userguide/capture-hardware/index.rst | 7 +
doc/userguide/capture-hardware/myricom.rst | 98 +
doc/userguide/command-line-options.rst | 136 ++
doc/userguide/conf.py | 302 +++
.../configuration/dropping-privileges.rst | 50 +
doc/userguide/configuration/global-thresholds.rst | 125 ++
doc/userguide/configuration/index.rst | 11 +
doc/userguide/configuration/log-rotation.rst | 23 +
doc/userguide/configuration/multi-tenant.rst | 167 ++
doc/userguide/configuration/snort-to-suricata.rst | 276 +++
doc/userguide/configuration/suricata-yaml.rst | 2036 ++++++++++++++++++++
.../configuration/suricata-yaml/IDS_chunk_size.png | Bin 0 -> 23331 bytes
.../Inline_reassembly_unackd_data.png | Bin 0 -> 21776 bytes
doc/userguide/configuration/suricata-yaml/MPM2.png | Bin 0 -> 8647 bytes
doc/userguide/configuration/suricata-yaml/NFQ.png | Bin 0 -> 34533 bytes
doc/userguide/configuration/suricata-yaml/NFQ1.png | Bin 0 -> 19438 bytes
doc/userguide/configuration/suricata-yaml/NFQ2.png | Bin 0 -> 20707 bytes
.../suricata-yaml/Normal_ids_ack_d.png | Bin 0 -> 23053 bytes
.../configuration/suricata-yaml/Tuple1.png | Bin 0 -> 11151 bytes
.../suricata-yaml/balancing_workload.png | Bin 0 -> 29055 bytes
doc/userguide/configuration/suricata-yaml/flow.png | Bin 0 -> 15914 bytes
.../configuration/suricata-yaml/grouping_tree.png | Bin 0 -> 26129 bytes
.../suricata-yaml/grouping_tree_detail.png | Bin 0 -> 62604 bytes
.../configuration/suricata-yaml/inline_mode.png | Bin 0 -> 15054 bytes
.../suricata-yaml/ipfw_reinjection.png | Bin 0 -> 27813 bytes
.../configuration/suricata-yaml/normal_ids.png | Bin 0 -> 8447 bytes
.../configuration/suricata-yaml/overlap.png | Bin 0 -> 27430 bytes
.../configuration/suricata-yaml/reassembly1.png | Bin 0 -> 23072 bytes
.../configuration/suricata-yaml/threading.png | Bin 0 -> 17401 bytes
doc/userguide/convert.py | 94 +
doc/userguide/file-extraction/file-extraction.rst | 101 +
.../filemd5-and-whiteblacklisting-with-md5.rst | 256 +++
doc/userguide/file-extraction/md5.rst | 141 ++
.../file-extraction/public-sha1-md5-data-sets.rst | 4 +
doc/userguide/index.rst | 24 +
doc/userguide/initscripts.rst | 15 +
doc/userguide/licenses/cc-nc-4.0.rst | 169 ++
doc/userguide/licenses/gnu-gpl-v2.0.rst | 340 ++++
doc/userguide/licenses/index.rst | 20 +
doc/userguide/make-sense-alerts.rst | 77 +
doc/userguide/manpages/index.rst | 7 +
doc/userguide/manpages/suricata.rst | 202 ++
doc/userguide/oinkmaster.rst | 187 ++
doc/userguide/oinkmaster/oinkmasterconf.png | Bin 0 -> 154852 bytes
doc/userguide/oinkmaster/suricata_yaml.png | Bin 0 -> 90428 bytes
doc/userguide/output/custom-http-logging.rst | 52 +
doc/userguide/output/eve/eve-json-examplesjq.rst | 80 +
doc/userguide/output/eve/eve-json-format.rst | 198 ++
doc/userguide/output/eve/eve-json-output.rst | 103 +
doc/userguide/output/eve/index.rst | 8 +
doc/userguide/output/files-json/elk.rst | 239 +++
doc/userguide/output/files-json/elk/Logstash1.png | Bin 0 -> 77479 bytes
doc/userguide/output/files-json/elk/Logstash2.png | Bin 0 -> 136602 bytes
doc/userguide/output/files-json/elk/Logstash3.png | Bin 0 -> 29420 bytes
doc/userguide/output/files-json/elk/Logstash4.png | Bin 0 -> 125520 bytes
doc/userguide/output/files-json/elk/Logstash5.png | Bin 0 -> 17819 bytes
doc/userguide/output/files-json/elk/Logstash6.png | Bin 0 -> 83024 bytes
doc/userguide/output/files-json/files-json.rst | 62 +
doc/userguide/output/files-json/mongodb.rst | 97 +
doc/userguide/output/files-json/mysql.rst | 36 +
doc/userguide/output/files-json/postgresql.rst | 79 +
.../output/files-json/script-follow-json.rst | 100 +
.../useful-queries-for-mysql-and-postgresql.rst | 138 ++
doc/userguide/output/index.rst | 9 +
doc/userguide/output/lua-output.rst | 656 +++++++
doc/userguide/output/syslog-alerting-comp.rst | 63 +
.../performance/high-performance-config.rst | 72 +
doc/userguide/performance/hyperscan.rst | 138 ++
doc/userguide/performance/ignoring-traffic.rst | 46 +
doc/userguide/performance/index.rst | 15 +
doc/userguide/performance/packet-capture.rst | 80 +
doc/userguide/performance/packet-profiling.rst | 59 +
doc/userguide/performance/rule-profiling.rst | 33 +
doc/userguide/performance/runmodes.rst | 35 +
.../performance/runmodes/Runmode_autofp.png | Bin 0 -> 51070 bytes
doc/userguide/performance/runmodes/threading1.png | Bin 0 -> 17080 bytes
doc/userguide/performance/statistics.rst | 161 ++
doc/userguide/performance/tcmalloc.rst | 39 +
.../performance/tuning-considerations.rst | 55 +
doc/userguide/public-data-sets.rst | 16 +
doc/userguide/reputation/index.rst | 6 +
.../ipreputation/ip-reputation-config.rst | 71 +
.../ipreputation/ip-reputation-format.rst | 52 +
.../ipreputation/ip-reputation-rules.rst | 43 +
.../reputation/ipreputation/ip-reputation.rst | 15 +
doc/userguide/rules/adding-your-own-rules.rst | 60 +
doc/userguide/rules/dnp3-keywords.rst | 151 ++
doc/userguide/rules/dns-keywords.rst | 25 +
doc/userguide/rules/dns-keywords/dns_query.png | Bin 0 -> 7022 bytes
doc/userguide/rules/fast-pattern-explained.rst | 186 ++
doc/userguide/rules/fast-pattern.rst | 63 +
doc/userguide/rules/fast-pattern/fast_pattern.png | Bin 0 -> 11808 bytes
doc/userguide/rules/file-keywords.rst | 139 ++
doc/userguide/rules/flow-keywords.rst | 121 ++
doc/userguide/rules/flow-keywords/Flow1.png | Bin 0 -> 24838 bytes
doc/userguide/rules/flow-keywords/Flow2.png | Bin 0 -> 26325 bytes
doc/userguide/rules/flow-keywords/Flowbit_3.png | Bin 0 -> 44901 bytes
doc/userguide/rules/flowint.rst | 144 ++
doc/userguide/rules/header-keywords.rst | 385 ++++
.../rules/header-keywords/ICMP_type_code.png | Bin 0 -> 138533 bytes
doc/userguide/rules/header-keywords/ICMP_types.png | Bin 0 -> 47309 bytes
doc/userguide/rules/header-keywords/Window.png | Bin 0 -> 26681 bytes
.../rules/header-keywords/Wireshark_ack.png | Bin 0 -> 134829 bytes
.../rules/header-keywords/Wireshark_seq.png | Bin 0 -> 134801 bytes
doc/userguide/rules/header-keywords/ack.png | Bin 0 -> 25305 bytes
doc/userguide/rules/header-keywords/fragbits.png | Bin 0 -> 42764 bytes
doc/userguide/rules/header-keywords/fragoffset.png | Bin 0 -> 45033 bytes
doc/userguide/rules/header-keywords/icmp_id.png | Bin 0 -> 19474 bytes
doc/userguide/rules/header-keywords/icmp_seq.png | Bin 0 -> 21191 bytes
doc/userguide/rules/header-keywords/icmp_type.png | Bin 0 -> 19622 bytes
doc/userguide/rules/header-keywords/icode.png | Bin 0 -> 16627 bytes
doc/userguide/rules/header-keywords/id.png | Bin 0 -> 55094 bytes
doc/userguide/rules/header-keywords/ip_proto.png | Bin 0 -> 21788 bytes
doc/userguide/rules/header-keywords/ipopts.png | Bin 0 -> 33790 bytes
.../rules/header-keywords/ipopts_rule.png | Bin 0 -> 18357 bytes
doc/userguide/rules/header-keywords/sameip.png | Bin 0 -> 27181 bytes
doc/userguide/rules/header-keywords/seq.png | Bin 0 -> 23340 bytes
doc/userguide/rules/header-keywords/ttl.png | Bin 0 -> 26909 bytes
doc/userguide/rules/http-keywords.rst | 363 ++++
.../rules/http-keywords/Legenda_rules.png | Bin 0 -> 13544 bytes
doc/userguide/rules/http-keywords/client_body.png | Bin 0 -> 18115 bytes
doc/userguide/rules/http-keywords/client_body1.png | Bin 0 -> 39183 bytes
doc/userguide/rules/http-keywords/cookie.png | Bin 0 -> 40424 bytes
doc/userguide/rules/http-keywords/cookie1.png | Bin 0 -> 48347 bytes
doc/userguide/rules/http-keywords/fast_pattern.png | Bin 0 -> 11808 bytes
doc/userguide/rules/http-keywords/file_data.png | Bin 0 -> 11858 bytes
doc/userguide/rules/http-keywords/header.png | Bin 0 -> 16340 bytes
doc/userguide/rules/http-keywords/header1.png | Bin 0 -> 38150 bytes
.../rules/http-keywords/http_server_body.png | Bin 0 -> 9187 bytes
doc/userguide/rules/http-keywords/http_uri.png | Bin 0 -> 54871 bytes
doc/userguide/rules/http-keywords/method.png | Bin 0 -> 15701 bytes
doc/userguide/rules/http-keywords/method1.png | Bin 0 -> 24326 bytes
doc/userguide/rules/http-keywords/method2.png | Bin 0 -> 18669 bytes
doc/userguide/rules/http-keywords/request.png | Bin 0 -> 70462 bytes
doc/userguide/rules/http-keywords/request2.png | Bin 0 -> 49677 bytes
doc/userguide/rules/http-keywords/response1.png | Bin 0 -> 80433 bytes
doc/userguide/rules/http-keywords/stat-code1.png | Bin 0 -> 25336 bytes
doc/userguide/rules/http-keywords/stat_code.png | Bin 0 -> 2295 bytes
doc/userguide/rules/http-keywords/stat_msg.png | Bin 0 -> 2009 bytes
doc/userguide/rules/http-keywords/stat_msg_1.png | Bin 0 -> 25055 bytes
doc/userguide/rules/http-keywords/uri.png | Bin 0 -> 23158 bytes
doc/userguide/rules/http-keywords/uri1.png | Bin 0 -> 5020 bytes
doc/userguide/rules/http-keywords/uricontent.png | Bin 0 -> 53276 bytes
doc/userguide/rules/http-keywords/uricontent1.png | Bin 0 -> 6263 bytes
doc/userguide/rules/http-keywords/urilen.png | Bin 0 -> 26395 bytes
doc/userguide/rules/http-keywords/urilen1.png | Bin 0 -> 49672 bytes
doc/userguide/rules/http-keywords/user_agent.png | Bin 0 -> 30094 bytes
.../rules/http-keywords/user_agent_match.png | Bin 0 -> 270675 bytes
doc/userguide/rules/http-uri-normalization.rst | 10 +
doc/userguide/rules/index.rst | 23 +
doc/userguide/rules/intro.rst | 183 ++
doc/userguide/rules/intro/Dest_port.png | Bin 0 -> 41492 bytes
doc/userguide/rules/intro/Direction.png | Bin 0 -> 41001 bytes
doc/userguide/rules/intro/Source-port.png | Bin 0 -> 40112 bytes
doc/userguide/rules/intro/Source.png | Bin 0 -> 40040 bytes
doc/userguide/rules/intro/TCP-session.png | Bin 0 -> 37144 bytes
doc/userguide/rules/intro/action.png | Bin 0 -> 40842 bytes
doc/userguide/rules/intro/destination.png | Bin 0 -> 42050 bytes
doc/userguide/rules/intro/intro_sig.png | Bin 0 -> 43552 bytes
doc/userguide/rules/intro/protocol.png | Bin 0 -> 38983 bytes
doc/userguide/rules/live-rule-swap.rst | 64 +
doc/userguide/rules/meta.rst | 187 ++
doc/userguide/rules/meta/classification.png | Bin 0 -> 41206 bytes
doc/userguide/rules/meta/classtype.png | Bin 0 -> 42404 bytes
doc/userguide/rules/meta/gid.png | Bin 0 -> 30298 bytes
doc/userguide/rules/meta/msg.png | Bin 0 -> 38884 bytes
doc/userguide/rules/meta/reference.png | Bin 0 -> 37896 bytes
doc/userguide/rules/meta/rev.png | Bin 0 -> 39811 bytes
doc/userguide/rules/meta/sid.png | Bin 0 -> 41173 bytes
doc/userguide/rules/modbus-keyword.rst | 87 +
doc/userguide/rules/normalized-buffers.rst | 18 +
.../rules/normalized-buffers/normalization1.png | Bin 0 -> 24182 bytes
doc/userguide/rules/payload-keywords.rst | 300 +++
.../rules/payload-keywords/Legenda_rules.png | Bin 0 -> 13544 bytes
doc/userguide/rules/payload-keywords/content.png | Bin 0 -> 41151 bytes
doc/userguide/rules/payload-keywords/content2.png | Bin 0 -> 16267 bytes
doc/userguide/rules/payload-keywords/content3.png | Bin 0 -> 17931 bytes
doc/userguide/rules/payload-keywords/content4.png | Bin 0 -> 20218 bytes
doc/userguide/rules/payload-keywords/content5.png | Bin 0 -> 17117 bytes
doc/userguide/rules/payload-keywords/content6.png | Bin 0 -> 28424 bytes
doc/userguide/rules/payload-keywords/distance.png | Bin 0 -> 17835 bytes
doc/userguide/rules/payload-keywords/distance1.png | Bin 0 -> 22147 bytes
doc/userguide/rules/payload-keywords/distance3.png | Bin 0 -> 11561 bytes
doc/userguide/rules/payload-keywords/distance4.png | Bin 0 -> 28159 bytes
doc/userguide/rules/payload-keywords/distance5.png | Bin 0 -> 18506 bytes
doc/userguide/rules/payload-keywords/dsize.png | Bin 0 -> 31300 bytes
doc/userguide/rules/payload-keywords/isdataat1.png | Bin 0 -> 18472 bytes
doc/userguide/rules/payload-keywords/replace.png | Bin 0 -> 5595 bytes
doc/userguide/rules/payload-keywords/replace1.png | Bin 0 -> 7628 bytes
doc/userguide/rules/payload-keywords/rpc.png | Bin 0 -> 24363 bytes
doc/userguide/rules/payload-keywords/within1.png | Bin 0 -> 18170 bytes
doc/userguide/rules/payload-keywords/within2.png | Bin 0 -> 25136 bytes
.../rules/payload-keywords/within_distance.png | Bin 0 -> 14888 bytes
.../rules/payload-keywords/within_distance2.png | Bin 0 -> 13234 bytes
doc/userguide/rules/pcre.rst | 135 ++
doc/userguide/rules/pcre/pcre.png | Bin 0 -> 41419 bytes
doc/userguide/rules/pcre/pcre3.png | Bin 0 -> 21204 bytes
doc/userguide/rules/pcre/pcre4.png | Bin 0 -> 22114 bytes
doc/userguide/rules/pcre/pcre5.png | Bin 0 -> 20860 bytes
doc/userguide/rules/pcre/pcre6.png | Bin 0 -> 22648 bytes
doc/userguide/rules/rule-lua-scripting.rst | 87 +
doc/userguide/rules/snort-compatibility.rst | 73 +
doc/userguide/rules/thresholding.rst | 118 ++
doc/userguide/rules/tls-keywords.rst | 79 +
doc/userguide/setting-up-ipsinline-for-linux.rst | 126 ++
.../setting-up-ipsinline-for-linux/IPtables.png | Bin 0 -> 12286 bytes
.../setting-up-ipsinline-for-linux/IPtables3.png | Bin 0 -> 11204 bytes
.../setting-up-ipsinline-for-linux/iptables1.png | Bin 0 -> 13223 bytes
.../setting-up-ipsinline-for-linux/iptables2.png | Bin 0 -> 15267 bytes
.../setting-up-ipsinline-for-linux/iptables4.png | Bin 0 -> 22821 bytes
.../iptables_vnL.png | Bin 0 -> 50980 bytes
doc/userguide/what-is-suricata.rst | 17 +
src/Makefile.am | 1 +
src/app-layer-htp.h | 17 -
src/decode.c | 17 +
src/decode.h | 5 +
src/detect-bypass.c | 238 +++
src/detect-bypass.h | 29 +
src/detect-filestore.c | 45 +-
src/detect-tls.c | 13 +-
src/detect.c | 2 +
src/detect.h | 3 +
src/flow-hash.c | 12 +-
src/flow-manager.c | 32 +-
src/flow-private.h | 7 +
src/flow-worker.c | 18 +-
src/flow.c | 117 +-
src/flow.h | 4 +
src/output-json-flow.c | 18 +
src/output-json-tls.c | 2 +-
src/source-nfq.c | 35 +-
src/stream-tcp-reassemble.c | 1 +
src/stream-tcp.c | 33 +
src/stream-tcp.h | 4 +-
src/util-decode-der-get.c | 4 +-
suricata.yaml.in | 19 +-
245 files changed, 11865 insertions(+), 56 deletions(-)
create mode 100644 doc/userguide/.gitignore
create mode 100644 doc/userguide/Makefile.am
create mode 100644 doc/userguide/Makefile.sphinx
create mode 100644 doc/userguide/README.md
copy config.rpath => doc/userguide/_static/.gitignore (100%)
create mode 100644 doc/userguide/acknowledgements.rst
create mode 100644 doc/userguide/capture-hardware/endace-dag.rst
create mode 100644 doc/userguide/capture-hardware/index.rst
create mode 100644 doc/userguide/capture-hardware/myricom.rst
create mode 100644 doc/userguide/command-line-options.rst
create mode 100644 doc/userguide/conf.py
create mode 100644 doc/userguide/configuration/dropping-privileges.rst
create mode 100644 doc/userguide/configuration/global-thresholds.rst
create mode 100644 doc/userguide/configuration/index.rst
create mode 100644 doc/userguide/configuration/log-rotation.rst
create mode 100644 doc/userguide/configuration/multi-tenant.rst
create mode 100644 doc/userguide/configuration/snort-to-suricata.rst
create mode 100644 doc/userguide/configuration/suricata-yaml.rst
create mode 100644 doc/userguide/configuration/suricata-yaml/IDS_chunk_size.png
create mode 100644 doc/userguide/configuration/suricata-yaml/Inline_reassembly_unackd_data.png
create mode 100644 doc/userguide/configuration/suricata-yaml/MPM2.png
create mode 100644 doc/userguide/configuration/suricata-yaml/NFQ.png
create mode 100644 doc/userguide/configuration/suricata-yaml/NFQ1.png
create mode 100644 doc/userguide/configuration/suricata-yaml/NFQ2.png
create mode 100644 doc/userguide/configuration/suricata-yaml/Normal_ids_ack_d.png
create mode 100644 doc/userguide/configuration/suricata-yaml/Tuple1.png
create mode 100644 doc/userguide/configuration/suricata-yaml/balancing_workload.png
create mode 100644 doc/userguide/configuration/suricata-yaml/flow.png
create mode 100644 doc/userguide/configuration/suricata-yaml/grouping_tree.png
create mode 100644 doc/userguide/configuration/suricata-yaml/grouping_tree_detail.png
create mode 100644 doc/userguide/configuration/suricata-yaml/inline_mode.png
create mode 100644 doc/userguide/configuration/suricata-yaml/ipfw_reinjection.png
create mode 100644 doc/userguide/configuration/suricata-yaml/normal_ids.png
create mode 100644 doc/userguide/configuration/suricata-yaml/overlap.png
create mode 100644 doc/userguide/configuration/suricata-yaml/reassembly1.png
create mode 100644 doc/userguide/configuration/suricata-yaml/threading.png
create mode 100755 doc/userguide/convert.py
create mode 100644 doc/userguide/file-extraction/file-extraction.rst
create mode 100644 doc/userguide/file-extraction/filemd5-and-whiteblacklisting-with-md5.rst
create mode 100644 doc/userguide/file-extraction/md5.rst
create mode 100644 doc/userguide/file-extraction/public-sha1-md5-data-sets.rst
create mode 100644 doc/userguide/index.rst
create mode 100644 doc/userguide/initscripts.rst
create mode 100644 doc/userguide/licenses/cc-nc-4.0.rst
create mode 100644 doc/userguide/licenses/gnu-gpl-v2.0.rst
create mode 100644 doc/userguide/licenses/index.rst
create mode 100644 doc/userguide/make-sense-alerts.rst
create mode 100644 doc/userguide/manpages/index.rst
create mode 100644 doc/userguide/manpages/suricata.rst
create mode 100644 doc/userguide/oinkmaster.rst
create mode 100644 doc/userguide/oinkmaster/oinkmasterconf.png
create mode 100644 doc/userguide/oinkmaster/suricata_yaml.png
create mode 100644 doc/userguide/output/custom-http-logging.rst
create mode 100644 doc/userguide/output/eve/eve-json-examplesjq.rst
create mode 100644 doc/userguide/output/eve/eve-json-format.rst
create mode 100644 doc/userguide/output/eve/eve-json-output.rst
create mode 100644 doc/userguide/output/eve/index.rst
create mode 100644 doc/userguide/output/files-json/elk.rst
create mode 100644 doc/userguide/output/files-json/elk/Logstash1.png
create mode 100644 doc/userguide/output/files-json/elk/Logstash2.png
create mode 100644 doc/userguide/output/files-json/elk/Logstash3.png
create mode 100644 doc/userguide/output/files-json/elk/Logstash4.png
create mode 100644 doc/userguide/output/files-json/elk/Logstash5.png
create mode 100644 doc/userguide/output/files-json/elk/Logstash6.png
create mode 100644 doc/userguide/output/files-json/files-json.rst
create mode 100644 doc/userguide/output/files-json/mongodb.rst
create mode 100644 doc/userguide/output/files-json/mysql.rst
create mode 100644 doc/userguide/output/files-json/postgresql.rst
create mode 100644 doc/userguide/output/files-json/script-follow-json.rst
create mode 100644 doc/userguide/output/files-json/useful-queries-for-mysql-and-postgresql.rst
create mode 100644 doc/userguide/output/index.rst
create mode 100644 doc/userguide/output/lua-output.rst
create mode 100644 doc/userguide/output/syslog-alerting-comp.rst
create mode 100644 doc/userguide/performance/high-performance-config.rst
create mode 100644 doc/userguide/performance/hyperscan.rst
create mode 100644 doc/userguide/performance/ignoring-traffic.rst
create mode 100644 doc/userguide/performance/index.rst
create mode 100644 doc/userguide/performance/packet-capture.rst
create mode 100644 doc/userguide/performance/packet-profiling.rst
create mode 100644 doc/userguide/performance/rule-profiling.rst
create mode 100644 doc/userguide/performance/runmodes.rst
create mode 100644 doc/userguide/performance/runmodes/Runmode_autofp.png
create mode 100644 doc/userguide/performance/runmodes/threading1.png
create mode 100644 doc/userguide/performance/statistics.rst
create mode 100644 doc/userguide/performance/tcmalloc.rst
create mode 100644 doc/userguide/performance/tuning-considerations.rst
create mode 100644 doc/userguide/public-data-sets.rst
create mode 100644 doc/userguide/reputation/index.rst
create mode 100644 doc/userguide/reputation/ipreputation/ip-reputation-config.rst
create mode 100644 doc/userguide/reputation/ipreputation/ip-reputation-format.rst
create mode 100644 doc/userguide/reputation/ipreputation/ip-reputation-rules.rst
create mode 100644 doc/userguide/reputation/ipreputation/ip-reputation.rst
create mode 100644 doc/userguide/rules/adding-your-own-rules.rst
create mode 100644 doc/userguide/rules/dnp3-keywords.rst
create mode 100644 doc/userguide/rules/dns-keywords.rst
create mode 100644 doc/userguide/rules/dns-keywords/dns_query.png
create mode 100644 doc/userguide/rules/fast-pattern-explained.rst
create mode 100644 doc/userguide/rules/fast-pattern.rst
create mode 100644 doc/userguide/rules/fast-pattern/fast_pattern.png
create mode 100644 doc/userguide/rules/file-keywords.rst
create mode 100644 doc/userguide/rules/flow-keywords.rst
create mode 100644 doc/userguide/rules/flow-keywords/Flow1.png
create mode 100644 doc/userguide/rules/flow-keywords/Flow2.png
create mode 100644 doc/userguide/rules/flow-keywords/Flowbit_3.png
create mode 100644 doc/userguide/rules/flowint.rst
create mode 100644 doc/userguide/rules/header-keywords.rst
create mode 100644 doc/userguide/rules/header-keywords/ICMP_type_code.png
create mode 100644 doc/userguide/rules/header-keywords/ICMP_types.png
create mode 100644 doc/userguide/rules/header-keywords/Window.png
create mode 100644 doc/userguide/rules/header-keywords/Wireshark_ack.png
create mode 100644 doc/userguide/rules/header-keywords/Wireshark_seq.png
create mode 100644 doc/userguide/rules/header-keywords/ack.png
create mode 100644 doc/userguide/rules/header-keywords/fragbits.png
create mode 100644 doc/userguide/rules/header-keywords/fragoffset.png
create mode 100644 doc/userguide/rules/header-keywords/icmp_id.png
create mode 100644 doc/userguide/rules/header-keywords/icmp_seq.png
create mode 100644 doc/userguide/rules/header-keywords/icmp_type.png
create mode 100644 doc/userguide/rules/header-keywords/icode.png
create mode 100644 doc/userguide/rules/header-keywords/id.png
create mode 100644 doc/userguide/rules/header-keywords/ip_proto.png
create mode 100644 doc/userguide/rules/header-keywords/ipopts.png
create mode 100644 doc/userguide/rules/header-keywords/ipopts_rule.png
create mode 100644 doc/userguide/rules/header-keywords/sameip.png
create mode 100644 doc/userguide/rules/header-keywords/seq.png
create mode 100644 doc/userguide/rules/header-keywords/ttl.png
create mode 100644 doc/userguide/rules/http-keywords.rst
create mode 100644 doc/userguide/rules/http-keywords/Legenda_rules.png
create mode 100644 doc/userguide/rules/http-keywords/client_body.png
create mode 100644 doc/userguide/rules/http-keywords/client_body1.png
create mode 100644 doc/userguide/rules/http-keywords/cookie.png
create mode 100644 doc/userguide/rules/http-keywords/cookie1.png
create mode 100644 doc/userguide/rules/http-keywords/fast_pattern.png
create mode 100644 doc/userguide/rules/http-keywords/file_data.png
create mode 100644 doc/userguide/rules/http-keywords/header.png
create mode 100644 doc/userguide/rules/http-keywords/header1.png
create mode 100644 doc/userguide/rules/http-keywords/http_server_body.png
create mode 100644 doc/userguide/rules/http-keywords/http_uri.png
create mode 100644 doc/userguide/rules/http-keywords/method.png
create mode 100644 doc/userguide/rules/http-keywords/method1.png
create mode 100644 doc/userguide/rules/http-keywords/method2.png
create mode 100644 doc/userguide/rules/http-keywords/request.png
create mode 100644 doc/userguide/rules/http-keywords/request2.png
create mode 100644 doc/userguide/rules/http-keywords/response1.png
create mode 100644 doc/userguide/rules/http-keywords/stat-code1.png
create mode 100644 doc/userguide/rules/http-keywords/stat_code.png
create mode 100644 doc/userguide/rules/http-keywords/stat_msg.png
create mode 100644 doc/userguide/rules/http-keywords/stat_msg_1.png
create mode 100644 doc/userguide/rules/http-keywords/uri.png
create mode 100644 doc/userguide/rules/http-keywords/uri1.png
create mode 100644 doc/userguide/rules/http-keywords/uricontent.png
create mode 100644 doc/userguide/rules/http-keywords/uricontent1.png
create mode 100644 doc/userguide/rules/http-keywords/urilen.png
create mode 100644 doc/userguide/rules/http-keywords/urilen1.png
create mode 100644 doc/userguide/rules/http-keywords/user_agent.png
create mode 100644 doc/userguide/rules/http-keywords/user_agent_match.png
create mode 100644 doc/userguide/rules/http-uri-normalization.rst
create mode 100644 doc/userguide/rules/index.rst
create mode 100644 doc/userguide/rules/intro.rst
create mode 100644 doc/userguide/rules/intro/Dest_port.png
create mode 100644 doc/userguide/rules/intro/Direction.png
create mode 100644 doc/userguide/rules/intro/Source-port.png
create mode 100644 doc/userguide/rules/intro/Source.png
create mode 100644 doc/userguide/rules/intro/TCP-session.png
create mode 100644 doc/userguide/rules/intro/action.png
create mode 100644 doc/userguide/rules/intro/destination.png
create mode 100644 doc/userguide/rules/intro/intro_sig.png
create mode 100644 doc/userguide/rules/intro/protocol.png
create mode 100644 doc/userguide/rules/live-rule-swap.rst
create mode 100644 doc/userguide/rules/meta.rst
create mode 100644 doc/userguide/rules/meta/classification.png
create mode 100644 doc/userguide/rules/meta/classtype.png
create mode 100644 doc/userguide/rules/meta/gid.png
create mode 100644 doc/userguide/rules/meta/msg.png
create mode 100644 doc/userguide/rules/meta/reference.png
create mode 100644 doc/userguide/rules/meta/rev.png
create mode 100644 doc/userguide/rules/meta/sid.png
create mode 100644 doc/userguide/rules/modbus-keyword.rst
create mode 100644 doc/userguide/rules/normalized-buffers.rst
create mode 100644 doc/userguide/rules/normalized-buffers/normalization1.png
create mode 100644 doc/userguide/rules/payload-keywords.rst
create mode 100644 doc/userguide/rules/payload-keywords/Legenda_rules.png
create mode 100644 doc/userguide/rules/payload-keywords/content.png
create mode 100644 doc/userguide/rules/payload-keywords/content2.png
create mode 100644 doc/userguide/rules/payload-keywords/content3.png
create mode 100644 doc/userguide/rules/payload-keywords/content4.png
create mode 100644 doc/userguide/rules/payload-keywords/content5.png
create mode 100644 doc/userguide/rules/payload-keywords/content6.png
create mode 100644 doc/userguide/rules/payload-keywords/distance.png
create mode 100644 doc/userguide/rules/payload-keywords/distance1.png
create mode 100644 doc/userguide/rules/payload-keywords/distance3.png
create mode 100644 doc/userguide/rules/payload-keywords/distance4.png
create mode 100644 doc/userguide/rules/payload-keywords/distance5.png
create mode 100644 doc/userguide/rules/payload-keywords/dsize.png
create mode 100644 doc/userguide/rules/payload-keywords/isdataat1.png
create mode 100644 doc/userguide/rules/payload-keywords/replace.png
create mode 100644 doc/userguide/rules/payload-keywords/replace1.png
create mode 100644 doc/userguide/rules/payload-keywords/rpc.png
create mode 100644 doc/userguide/rules/payload-keywords/within1.png
create mode 100644 doc/userguide/rules/payload-keywords/within2.png
create mode 100644 doc/userguide/rules/payload-keywords/within_distance.png
create mode 100644 doc/userguide/rules/payload-keywords/within_distance2.png
create mode 100644 doc/userguide/rules/pcre.rst
create mode 100644 doc/userguide/rules/pcre/pcre.png
create mode 100644 doc/userguide/rules/pcre/pcre3.png
create mode 100644 doc/userguide/rules/pcre/pcre4.png
create mode 100644 doc/userguide/rules/pcre/pcre5.png
create mode 100644 doc/userguide/rules/pcre/pcre6.png
create mode 100644 doc/userguide/rules/rule-lua-scripting.rst
create mode 100644 doc/userguide/rules/snort-compatibility.rst
create mode 100644 doc/userguide/rules/thresholding.rst
create mode 100644 doc/userguide/rules/tls-keywords.rst
create mode 100644 doc/userguide/setting-up-ipsinline-for-linux.rst
create mode 100644 doc/userguide/setting-up-ipsinline-for-linux/IPtables.png
create mode 100644 doc/userguide/setting-up-ipsinline-for-linux/IPtables3.png
create mode 100644 doc/userguide/setting-up-ipsinline-for-linux/iptables1.png
create mode 100644 doc/userguide/setting-up-ipsinline-for-linux/iptables2.png
create mode 100644 doc/userguide/setting-up-ipsinline-for-linux/iptables4.png
create mode 100644 doc/userguide/setting-up-ipsinline-for-linux/iptables_vnL.png
create mode 100644 doc/userguide/what-is-suricata.rst
create mode 100644 src/detect-bypass.c
create mode 100644 src/detect-bypass.h
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list