From a0aa2307322cd47bbf416810ac0292925e03be87 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 19:39:49 +0200 Subject: Adding upstream version 1:7.0.3. Signed-off-by: Daniel Baumann --- doc/AUTHORS | 6 + doc/Basic_Setup.txt | 116 + doc/GITGUIDE | 90 + doc/INSTALL | 5 + doc/Makefile.am | 17 + doc/Makefile.in | 773 +++++ doc/NEWS | 1 + doc/README | 0 doc/Setting_up_IPSinline_for_Linux.txt | 83 + doc/TODO | 3 + doc/Third_Party_Installation_Guides.txt | 10 + doc/userguide/3rd-party-integration/index.rst | 6 + .../3rd-party-integration/symantec-sslv.rst | 90 + doc/userguide/Makefile.am | 95 + doc/userguide/Makefile.in | 663 +++++ doc/userguide/README.md | 15 + doc/userguide/_static/.gitignore | 0 doc/userguide/_static/css/suricata.css | 34 + doc/userguide/acknowledgements.rst | 43 + doc/userguide/capture-hardware/af-xdp.rst | 287 ++ doc/userguide/capture-hardware/dpdk.rst | 148 + doc/userguide/capture-hardware/ebpf-xdp.rst | 600 ++++ doc/userguide/capture-hardware/endace-dag.rst | 42 + doc/userguide/capture-hardware/index.rst | 12 + doc/userguide/capture-hardware/myricom.rst | 96 + doc/userguide/capture-hardware/napatech.rst | 534 ++++ doc/userguide/capture-hardware/netmap.rst | 223 ++ doc/userguide/command-line-options.rst | 21 + doc/userguide/conf.py | 336 +++ .../configuration/dropping-privileges.rst | 49 + doc/userguide/configuration/exception-policies.rst | 233 ++ doc/userguide/configuration/global-thresholds.rst | 210 ++ doc/userguide/configuration/includes.rst | 56 + doc/userguide/configuration/index.rst | 14 + doc/userguide/configuration/landlock.rst | 59 + doc/userguide/configuration/multi-tenant.rst | 249 ++ doc/userguide/configuration/snort-to-suricata.rst | 276 ++ doc/userguide/configuration/suricata-yaml.rst | 2795 ++++++++++++++++++ .../configuration/suricata-yaml/IDS_chunk_size.png | Bin 0 -> 23331 bytes .../Inline_reassembly_unackd_data.png | Bin 0 -> 21776 bytes doc/userguide/configuration/suricata-yaml/MPM2.png | Bin 0 -> 8647 bytes doc/userguide/configuration/suricata-yaml/NFQ.png | Bin 0 -> 34533 bytes doc/userguide/configuration/suricata-yaml/NFQ1.png | Bin 0 -> 19438 bytes doc/userguide/configuration/suricata-yaml/NFQ2.png | Bin 0 -> 20707 bytes .../suricata-yaml/Normal_ids_ack_d.png | Bin 0 -> 23053 bytes .../configuration/suricata-yaml/Tuple1.png | Bin 0 -> 11151 bytes .../suricata-yaml/balancing_workload.png | Bin 0 -> 29055 bytes doc/userguide/configuration/suricata-yaml/dpdk.png | Bin 0 -> 19781 bytes doc/userguide/configuration/suricata-yaml/flow.png | Bin 0 -> 15914 bytes .../configuration/suricata-yaml/grouping_tree.png | Bin 0 -> 26129 bytes .../suricata-yaml/grouping_tree_detail.png | Bin 0 -> 62604 bytes .../configuration/suricata-yaml/inline_mode.png | Bin 0 -> 19267 bytes .../suricata-yaml/ipfw_reinjection.png | Bin 0 -> 27813 bytes .../configuration/suricata-yaml/normal_ids.png | Bin 0 -> 8447 bytes .../configuration/suricata-yaml/overlap.png | Bin 0 -> 27430 bytes .../configuration/suricata-yaml/reassembly1.png | Bin 0 -> 23072 bytes .../configuration/suricata-yaml/threading.png | Bin 0 -> 17401 bytes doc/userguide/configuration/systemd-notify.rst | 57 + doc/userguide/devguide/README.md | 9 + doc/userguide/devguide/codebase/code-style.rst | 756 +++++ .../contributing/code-submission-process.rst | 68 + .../codebase/contributing/contribution-process.rst | 271 ++ .../codebase/contributing/github-pr-workflow.rst | 46 + .../devguide/codebase/contributing/index.rst | 9 + doc/userguide/devguide/codebase/fuzz-testing.rst | 31 + .../devguide/codebase/img/InputCaptureExample.png | Bin 0 -> 315383 bytes doc/userguide/devguide/codebase/index.rst | 13 + .../devguide/codebase/installation-from-git.rst | 154 + doc/userguide/devguide/codebase/testing.rst | 158 + doc/userguide/devguide/codebase/unittests-c.rst | 148 + doc/userguide/devguide/codebase/unittests-rust.rst | 91 + .../extending/app-layer/app-layer-frames.rst | 223 ++ .../diagrams/DnsUnidirectionalTransactions.msc | 19 + .../diagrams/DnsUnidirectionalTransactions.png | Bin 0 -> 12620 bytes .../diagrams/HTTP2BidirectionalTransaction.msc | 20 + .../diagrams/HTTP2BidirectionalTransaction.png | Bin 0 -> 9344 bytes .../app-layer/diagrams/TemplateTransaction.msc | 18 + .../app-layer/diagrams/TemplateTransaction.png | Bin 0 -> 11707 bytes .../extending/app-layer/diagrams/TlsHandshake.msc | 34 + .../extending/app-layer/diagrams/TlsHandshake.png | Bin 0 -> 27884 bytes .../extending/app-layer/img/StreamFrames.png | Bin 0 -> 103162 bytes .../devguide/extending/app-layer/index.rst | 9 + .../devguide/extending/app-layer/parser.rst | 98 + .../devguide/extending/app-layer/transactions.rst | 321 +++ doc/userguide/devguide/extending/capture/index.rst | 2 + doc/userguide/devguide/extending/decoder/index.rst | 2 + doc/userguide/devguide/extending/detect/index.rst | 2 + doc/userguide/devguide/extending/index.rst | 11 + doc/userguide/devguide/extending/output/index.rst | 7 + doc/userguide/devguide/index.rst | 9 + .../devguide/internals/datastructs/index.rst | 9 + doc/userguide/devguide/internals/engines/index.rst | 11 + doc/userguide/devguide/internals/index.rst | 10 + .../devguide/internals/pipeline/index.rst | 2 + .../devguide/internals/threading/index.rst | 2 + doc/userguide/file-extraction/config-update.rst | 41 + doc/userguide/file-extraction/file-extraction.rst | 177 ++ doc/userguide/file-extraction/md5.rst | 124 + .../file-extraction/public-sha1-md5-data-sets.rst | 4 + doc/userguide/index.rst | 36 + doc/userguide/initscripts.rst | 15 + doc/userguide/install.rst | 416 +++ doc/userguide/licenses/cc-nc-4.0.rst | 169 ++ doc/userguide/licenses/gnu-gpl-v2.0.rst | 340 +++ doc/userguide/licenses/index.rst | 20 + doc/userguide/lua/index.rst | 7 + doc/userguide/lua/lua-functions.rst | 1114 ++++++++ doc/userguide/lua/lua-usage.rst | 20 + doc/userguide/make-sense-alerts.rst | 70 + doc/userguide/manpages/index.rst | 10 + doc/userguide/manpages/suricata.rst | 91 + doc/userguide/manpages/suricatactl-filestore.rst | 67 + doc/userguide/manpages/suricatactl.rst | 43 + doc/userguide/manpages/suricatasc.rst | 40 + doc/userguide/output/custom-http-logging.rst | 50 + doc/userguide/output/custom-tls-logging.rst | 40 + doc/userguide/output/eve/eve-json-examplesjq.rst | 80 + doc/userguide/output/eve/eve-json-format.rst | 3004 ++++++++++++++++++++ doc/userguide/output/eve/eve-json-output.rst | 506 ++++ doc/userguide/output/eve/index.rst | 10 + doc/userguide/output/files-json/elk/Logstash1.png | Bin 0 -> 77479 bytes doc/userguide/output/files-json/elk/Logstash2.png | Bin 0 -> 136602 bytes doc/userguide/output/files-json/elk/Logstash3.png | Bin 0 -> 29420 bytes doc/userguide/output/files-json/elk/Logstash4.png | Bin 0 -> 125520 bytes doc/userguide/output/files-json/elk/Logstash5.png | Bin 0 -> 17819 bytes doc/userguide/output/files-json/elk/Logstash6.png | Bin 0 -> 83024 bytes doc/userguide/output/index.rst | 11 + doc/userguide/output/log-rotation.rst | 46 + doc/userguide/output/lua-output.rst | 101 + doc/userguide/output/syslog-alerting-comp.rst | 63 + doc/userguide/partials/commands-pcap-sc.rst | 38 + doc/userguide/partials/commands-sc.rst | 125 + doc/userguide/partials/eve-log.yaml | 187 ++ doc/userguide/partials/options-unittests.rst | 25 + doc/userguide/partials/options.rst | 330 +++ doc/userguide/performance/analysis.rst | 186 ++ .../performance/analysis/htopelephantflow.png | Bin 0 -> 35627 bytes doc/userguide/performance/analysis/perftop.png | Bin 0 -> 36521 bytes .../performance/high-performance-config.rst | 382 +++ doc/userguide/performance/hyperscan.rst | 84 + doc/userguide/performance/ignoring-traffic.rst | 106 + doc/userguide/performance/index.rst | 16 + doc/userguide/performance/packet-capture.rst | 77 + doc/userguide/performance/packet-profiling.rst | 58 + doc/userguide/performance/rule-profiling.rst | 33 + doc/userguide/performance/runmodes.rst | 66 + .../performance/runmodes/Runmode_autofp.png | Bin 0 -> 51070 bytes doc/userguide/performance/runmodes/autofp1.png | Bin 0 -> 42331 bytes doc/userguide/performance/runmodes/autofp2.png | Bin 0 -> 50616 bytes doc/userguide/performance/runmodes/single.png | Bin 0 -> 23671 bytes doc/userguide/performance/runmodes/threading1.png | Bin 0 -> 17080 bytes doc/userguide/performance/runmodes/workers.png | Bin 0 -> 30595 bytes doc/userguide/performance/statistics.rst | 161 ++ doc/userguide/performance/tcmalloc.rst | 39 + .../performance/tuning-considerations.rst | 133 + doc/userguide/public-data-sets.rst | 18 + doc/userguide/quickstart.rst | 163 ++ doc/userguide/reputation/index.rst | 6 + .../ipreputation/ip-reputation-config.rst | 71 + .../ipreputation/ip-reputation-format.rst | 56 + .../reputation/ipreputation/ip-reputation.rst | 14 + .../rule-management/adding-your-own-rules.rst | 77 + doc/userguide/rule-management/index.rst | 9 + doc/userguide/rule-management/rule-profiling.rst | 28 + doc/userguide/rule-management/rule-reload.rst | 32 + doc/userguide/rule-management/suricata-update.rst | 116 + .../suricata-update/suricata-update.png | Bin 0 -> 228312 bytes doc/userguide/rules/app-layer.rst | 80 + doc/userguide/rules/base64-keywords.rst | 64 + doc/userguide/rules/bypass-keyword.rst | 19 + doc/userguide/rules/config.rst | 44 + .../rules/dataset-examples/detect-unique-tlds.png | Bin 0 -> 28362 bytes doc/userguide/rules/datasets.rst | 350 +++ doc/userguide/rules/dcerpc-keywords.rst | 71 + doc/userguide/rules/dhcp-keywords.rst | 59 + doc/userguide/rules/differences-from-snort.rst | 705 +++++ doc/userguide/rules/dnp3-keywords.rst | 149 + doc/userguide/rules/dns-keywords.rst | 74 + doc/userguide/rules/dns-keywords/dns_query.png | Bin 0 -> 7022 bytes doc/userguide/rules/enip-keyword.rst | 40 + doc/userguide/rules/fast-pattern-explained.rst | 99 + doc/userguide/rules/fast-pattern/fast_pattern.png | Bin 0 -> 11808 bytes doc/userguide/rules/file-keywords.rst | 265 ++ doc/userguide/rules/flow-keywords.rst | 308 ++ doc/userguide/rules/flow-keywords/Flow1.png | Bin 0 -> 24838 bytes doc/userguide/rules/flow-keywords/Flow2.png | Bin 0 -> 26325 bytes doc/userguide/rules/flow-keywords/Flowbit_3.png | Bin 0 -> 57320 bytes doc/userguide/rules/ftp-keywords.rst | 31 + doc/userguide/rules/header-keywords.rst | 732 +++++ .../rules/header-keywords/Wireshark_ack.png | Bin 0 -> 134829 bytes .../rules/header-keywords/Wireshark_seq.png | Bin 0 -> 134801 bytes doc/userguide/rules/http-keywords.rst | 846 ++++++ .../rules/http-keywords/Legenda_rules.png | Bin 0 -> 13544 bytes doc/userguide/rules/http-keywords/client_body.png | Bin 0 -> 18115 bytes doc/userguide/rules/http-keywords/client_body1.png | Bin 0 -> 39183 bytes doc/userguide/rules/http-keywords/cookie.png | Bin 0 -> 40424 bytes doc/userguide/rules/http-keywords/cookie1.png | Bin 0 -> 48347 bytes doc/userguide/rules/http-keywords/fast_pattern.png | Bin 0 -> 11808 bytes doc/userguide/rules/http-keywords/file_data.png | Bin 0 -> 11858 bytes doc/userguide/rules/http-keywords/header.png | Bin 0 -> 16340 bytes doc/userguide/rules/http-keywords/header1.png | Bin 0 -> 38150 bytes .../rules/http-keywords/http_server_body.png | Bin 0 -> 9187 bytes doc/userguide/rules/http-keywords/http_uri.png | Bin 0 -> 54871 bytes doc/userguide/rules/http-keywords/method.png | Bin 0 -> 15701 bytes doc/userguide/rules/http-keywords/method1.png | Bin 0 -> 24326 bytes doc/userguide/rules/http-keywords/method2.png | Bin 0 -> 18669 bytes doc/userguide/rules/http-keywords/stat-code1.png | Bin 0 -> 25336 bytes doc/userguide/rules/http-keywords/stat_code.png | Bin 0 -> 2295 bytes doc/userguide/rules/http-keywords/stat_msg.png | Bin 0 -> 2009 bytes doc/userguide/rules/http-keywords/stat_msg_1.png | Bin 0 -> 25055 bytes doc/userguide/rules/http-keywords/uri.png | Bin 0 -> 23158 bytes doc/userguide/rules/http-keywords/uri1.png | Bin 0 -> 5020 bytes doc/userguide/rules/http-keywords/uricontent1.png | Bin 0 -> 6263 bytes doc/userguide/rules/http-keywords/urilen.png | Bin 0 -> 26395 bytes doc/userguide/rules/http-keywords/user_agent.png | Bin 0 -> 30094 bytes .../rules/http-keywords/user_agent_match.png | Bin 0 -> 270675 bytes doc/userguide/rules/http2-keywords.rst | 118 + doc/userguide/rules/ike-keywords.rst | 159 ++ doc/userguide/rules/index.rst | 46 + doc/userguide/rules/intro.rst | 319 +++ doc/userguide/rules/intro/TCP-session.png | Bin 0 -> 37144 bytes doc/userguide/rules/ip-reputation-rules.rst | 45 + doc/userguide/rules/ipaddr.rst | 31 + doc/userguide/rules/ja3-keywords.rst | 73 + doc/userguide/rules/kerberos-keywords.rst | 140 + doc/userguide/rules/lua-detection.rst | 104 + doc/userguide/rules/meta.rst | 261 ++ doc/userguide/rules/modbus-keyword.rst | 131 + doc/userguide/rules/mqtt-keywords.rst | 264 ++ doc/userguide/rules/multi-buffer-matching.rst | 92 + .../rules/normalized-buffers/normalization1.png | Bin 0 -> 24182 bytes doc/userguide/rules/payload-keywords.rst | 844 ++++++ .../rules/payload-keywords/Legenda_rules.png | Bin 0 -> 13544 bytes doc/userguide/rules/payload-keywords/content2.png | Bin 0 -> 16267 bytes doc/userguide/rules/payload-keywords/content3.png | Bin 0 -> 17931 bytes doc/userguide/rules/payload-keywords/content4.png | Bin 0 -> 20218 bytes doc/userguide/rules/payload-keywords/content5.png | Bin 0 -> 17117 bytes doc/userguide/rules/payload-keywords/content6.png | Bin 0 -> 28424 bytes doc/userguide/rules/payload-keywords/distance.png | Bin 0 -> 17835 bytes doc/userguide/rules/payload-keywords/distance1.png | Bin 0 -> 22147 bytes doc/userguide/rules/payload-keywords/distance3.png | Bin 0 -> 11561 bytes doc/userguide/rules/payload-keywords/distance4.png | Bin 0 -> 28159 bytes doc/userguide/rules/payload-keywords/distance5.png | Bin 0 -> 18506 bytes doc/userguide/rules/payload-keywords/isdataat1.png | Bin 0 -> 18472 bytes doc/userguide/rules/payload-keywords/replace.png | Bin 0 -> 5595 bytes doc/userguide/rules/payload-keywords/replace1.png | Bin 0 -> 7628 bytes doc/userguide/rules/payload-keywords/within1.png | Bin 0 -> 18170 bytes doc/userguide/rules/payload-keywords/within2.png | Bin 0 -> 25136 bytes .../rules/payload-keywords/within_distance.png | Bin 0 -> 14888 bytes .../rules/payload-keywords/within_distance2.png | Bin 0 -> 13234 bytes doc/userguide/rules/pcre/pcre3.png | Bin 0 -> 21204 bytes doc/userguide/rules/pcre/pcre4.png | Bin 0 -> 22114 bytes doc/userguide/rules/pcre/pcre5.png | Bin 0 -> 20860 bytes doc/userguide/rules/pcre/pcre6.png | Bin 0 -> 22648 bytes doc/userguide/rules/prefilter-keywords.rst | 81 + doc/userguide/rules/quic-keywords.rst | 54 + doc/userguide/rules/rfb-keywords.rst | 56 + doc/userguide/rules/sip-keywords.rst | 179 ++ doc/userguide/rules/smb-keywords.rst | 60 + doc/userguide/rules/snmp-keywords.rst | 95 + doc/userguide/rules/ssh-keywords.rst | 149 + doc/userguide/rules/tag.rst | 133 + doc/userguide/rules/thresholding.rst | 118 + doc/userguide/rules/tls-keywords.rst | 304 ++ doc/userguide/rules/transforms.rst | 190 ++ doc/userguide/rules/xbits.rst | 108 + doc/userguide/security.rst | 146 + doc/userguide/setting-up-ipsinline-for-linux.rst | 434 +++ .../setting-up-ipsinline-for-linux/IPtables.png | Bin 0 -> 12286 bytes .../setting-up-ipsinline-for-linux/IPtables3.png | Bin 0 -> 11204 bytes .../setting-up-ipsinline-for-linux/iptables1.png | Bin 0 -> 13223 bytes .../setting-up-ipsinline-for-linux/iptables2.png | Bin 0 -> 15267 bytes .../setting-up-ipsinline-for-linux/iptables4.png | Bin 0 -> 22821 bytes .../iptables_vnL.png | Bin 0 -> 50980 bytes doc/userguide/setting-up-ipsinline-for-windows.rst | 69 + doc/userguide/support-status.rst | 313 ++ doc/userguide/suricata.1 | 582 ++++ doc/userguide/suricatactl-filestore.1 | 94 + doc/userguide/suricatactl.1 | 73 + doc/userguide/suricatasc.1 | 251 ++ doc/userguide/unix-socket.rst | 271 ++ doc/userguide/upgrade.rst | 201 ++ doc/userguide/upgrade/unified2.rst | 41 + doc/userguide/userguide.pdf | Bin 0 -> 3799337 bytes doc/userguide/what-is-suricata.rst | 18 + 285 files changed, 30844 insertions(+) create mode 100644 doc/AUTHORS create mode 100644 doc/Basic_Setup.txt create mode 100644 doc/GITGUIDE create mode 100644 doc/INSTALL create mode 100644 doc/Makefile.am create mode 100644 doc/Makefile.in create mode 100644 doc/NEWS create mode 100644 doc/README create mode 100644 doc/Setting_up_IPSinline_for_Linux.txt create mode 100644 doc/TODO create mode 100644 doc/Third_Party_Installation_Guides.txt create mode 100644 doc/userguide/3rd-party-integration/index.rst create mode 100644 doc/userguide/3rd-party-integration/symantec-sslv.rst create mode 100644 doc/userguide/Makefile.am create mode 100644 doc/userguide/Makefile.in create mode 100644 doc/userguide/README.md create mode 100644 doc/userguide/_static/.gitignore create mode 100644 doc/userguide/_static/css/suricata.css create mode 100644 doc/userguide/acknowledgements.rst create mode 100644 doc/userguide/capture-hardware/af-xdp.rst create mode 100644 doc/userguide/capture-hardware/dpdk.rst create mode 100644 doc/userguide/capture-hardware/ebpf-xdp.rst create mode 100644 doc/userguide/capture-hardware/endace-dag.rst create mode 100644 doc/userguide/capture-hardware/index.rst create mode 100644 doc/userguide/capture-hardware/myricom.rst create mode 100644 doc/userguide/capture-hardware/napatech.rst create mode 100644 doc/userguide/capture-hardware/netmap.rst create mode 100644 doc/userguide/command-line-options.rst create mode 100644 doc/userguide/conf.py create mode 100644 doc/userguide/configuration/dropping-privileges.rst create mode 100644 doc/userguide/configuration/exception-policies.rst create mode 100644 doc/userguide/configuration/global-thresholds.rst create mode 100644 doc/userguide/configuration/includes.rst create mode 100644 doc/userguide/configuration/index.rst create mode 100644 doc/userguide/configuration/landlock.rst create mode 100644 doc/userguide/configuration/multi-tenant.rst create mode 100644 doc/userguide/configuration/snort-to-suricata.rst create mode 100644 doc/userguide/configuration/suricata-yaml.rst create mode 100644 doc/userguide/configuration/suricata-yaml/IDS_chunk_size.png create mode 100644 doc/userguide/configuration/suricata-yaml/Inline_reassembly_unackd_data.png create mode 100644 doc/userguide/configuration/suricata-yaml/MPM2.png create mode 100644 doc/userguide/configuration/suricata-yaml/NFQ.png create mode 100644 doc/userguide/configuration/suricata-yaml/NFQ1.png create mode 100644 doc/userguide/configuration/suricata-yaml/NFQ2.png create mode 100644 doc/userguide/configuration/suricata-yaml/Normal_ids_ack_d.png create mode 100644 doc/userguide/configuration/suricata-yaml/Tuple1.png create mode 100644 doc/userguide/configuration/suricata-yaml/balancing_workload.png create mode 100644 doc/userguide/configuration/suricata-yaml/dpdk.png create mode 100644 doc/userguide/configuration/suricata-yaml/flow.png create mode 100644 doc/userguide/configuration/suricata-yaml/grouping_tree.png create mode 100644 doc/userguide/configuration/suricata-yaml/grouping_tree_detail.png create mode 100644 doc/userguide/configuration/suricata-yaml/inline_mode.png create mode 100644 doc/userguide/configuration/suricata-yaml/ipfw_reinjection.png create mode 100644 doc/userguide/configuration/suricata-yaml/normal_ids.png create mode 100644 doc/userguide/configuration/suricata-yaml/overlap.png create mode 100644 doc/userguide/configuration/suricata-yaml/reassembly1.png create mode 100644 doc/userguide/configuration/suricata-yaml/threading.png create mode 100644 doc/userguide/configuration/systemd-notify.rst create mode 100644 doc/userguide/devguide/README.md create mode 100644 doc/userguide/devguide/codebase/code-style.rst create mode 100644 doc/userguide/devguide/codebase/contributing/code-submission-process.rst create mode 100644 doc/userguide/devguide/codebase/contributing/contribution-process.rst create mode 100644 doc/userguide/devguide/codebase/contributing/github-pr-workflow.rst create mode 100644 doc/userguide/devguide/codebase/contributing/index.rst create mode 100644 doc/userguide/devguide/codebase/fuzz-testing.rst create mode 100644 doc/userguide/devguide/codebase/img/InputCaptureExample.png create mode 100644 doc/userguide/devguide/codebase/index.rst create mode 100644 doc/userguide/devguide/codebase/installation-from-git.rst create mode 100644 doc/userguide/devguide/codebase/testing.rst create mode 100644 doc/userguide/devguide/codebase/unittests-c.rst create mode 100644 doc/userguide/devguide/codebase/unittests-rust.rst create mode 100644 doc/userguide/devguide/extending/app-layer/app-layer-frames.rst create mode 100644 doc/userguide/devguide/extending/app-layer/diagrams/DnsUnidirectionalTransactions.msc create mode 100644 doc/userguide/devguide/extending/app-layer/diagrams/DnsUnidirectionalTransactions.png create mode 100644 doc/userguide/devguide/extending/app-layer/diagrams/HTTP2BidirectionalTransaction.msc create mode 100644 doc/userguide/devguide/extending/app-layer/diagrams/HTTP2BidirectionalTransaction.png create mode 100644 doc/userguide/devguide/extending/app-layer/diagrams/TemplateTransaction.msc create mode 100644 doc/userguide/devguide/extending/app-layer/diagrams/TemplateTransaction.png create mode 100644 doc/userguide/devguide/extending/app-layer/diagrams/TlsHandshake.msc create mode 100644 doc/userguide/devguide/extending/app-layer/diagrams/TlsHandshake.png create mode 100644 doc/userguide/devguide/extending/app-layer/img/StreamFrames.png create mode 100644 doc/userguide/devguide/extending/app-layer/index.rst create mode 100644 doc/userguide/devguide/extending/app-layer/parser.rst create mode 100644 doc/userguide/devguide/extending/app-layer/transactions.rst create mode 100644 doc/userguide/devguide/extending/capture/index.rst create mode 100644 doc/userguide/devguide/extending/decoder/index.rst create mode 100644 doc/userguide/devguide/extending/detect/index.rst create mode 100644 doc/userguide/devguide/extending/index.rst create mode 100644 doc/userguide/devguide/extending/output/index.rst create mode 100644 doc/userguide/devguide/index.rst create mode 100644 doc/userguide/devguide/internals/datastructs/index.rst create mode 100644 doc/userguide/devguide/internals/engines/index.rst create mode 100644 doc/userguide/devguide/internals/index.rst create mode 100644 doc/userguide/devguide/internals/pipeline/index.rst create mode 100644 doc/userguide/devguide/internals/threading/index.rst create mode 100644 doc/userguide/file-extraction/config-update.rst create mode 100644 doc/userguide/file-extraction/file-extraction.rst create mode 100644 doc/userguide/file-extraction/md5.rst create mode 100644 doc/userguide/file-extraction/public-sha1-md5-data-sets.rst create mode 100644 doc/userguide/index.rst create mode 100644 doc/userguide/initscripts.rst create mode 100644 doc/userguide/install.rst create mode 100644 doc/userguide/licenses/cc-nc-4.0.rst create mode 100644 doc/userguide/licenses/gnu-gpl-v2.0.rst create mode 100644 doc/userguide/licenses/index.rst create mode 100644 doc/userguide/lua/index.rst create mode 100644 doc/userguide/lua/lua-functions.rst create mode 100644 doc/userguide/lua/lua-usage.rst create mode 100644 doc/userguide/make-sense-alerts.rst create mode 100644 doc/userguide/manpages/index.rst create mode 100644 doc/userguide/manpages/suricata.rst create mode 100644 doc/userguide/manpages/suricatactl-filestore.rst create mode 100644 doc/userguide/manpages/suricatactl.rst create mode 100644 doc/userguide/manpages/suricatasc.rst create mode 100644 doc/userguide/output/custom-http-logging.rst create mode 100644 doc/userguide/output/custom-tls-logging.rst create mode 100644 doc/userguide/output/eve/eve-json-examplesjq.rst create mode 100644 doc/userguide/output/eve/eve-json-format.rst create mode 100644 doc/userguide/output/eve/eve-json-output.rst create mode 100644 doc/userguide/output/eve/index.rst create mode 100644 doc/userguide/output/files-json/elk/Logstash1.png create mode 100644 doc/userguide/output/files-json/elk/Logstash2.png create mode 100644 doc/userguide/output/files-json/elk/Logstash3.png create mode 100644 doc/userguide/output/files-json/elk/Logstash4.png create mode 100644 doc/userguide/output/files-json/elk/Logstash5.png create mode 100644 doc/userguide/output/files-json/elk/Logstash6.png create mode 100644 doc/userguide/output/index.rst create mode 100644 doc/userguide/output/log-rotation.rst create mode 100644 doc/userguide/output/lua-output.rst create mode 100644 doc/userguide/output/syslog-alerting-comp.rst create mode 100644 doc/userguide/partials/commands-pcap-sc.rst create mode 100644 doc/userguide/partials/commands-sc.rst create mode 100644 doc/userguide/partials/eve-log.yaml create mode 100644 doc/userguide/partials/options-unittests.rst create mode 100644 doc/userguide/partials/options.rst create mode 100644 doc/userguide/performance/analysis.rst create mode 100644 doc/userguide/performance/analysis/htopelephantflow.png create mode 100644 doc/userguide/performance/analysis/perftop.png create mode 100644 doc/userguide/performance/high-performance-config.rst create mode 100644 doc/userguide/performance/hyperscan.rst create mode 100644 doc/userguide/performance/ignoring-traffic.rst create mode 100644 doc/userguide/performance/index.rst create mode 100644 doc/userguide/performance/packet-capture.rst create mode 100644 doc/userguide/performance/packet-profiling.rst create mode 100644 doc/userguide/performance/rule-profiling.rst create mode 100644 doc/userguide/performance/runmodes.rst create mode 100644 doc/userguide/performance/runmodes/Runmode_autofp.png create mode 100644 doc/userguide/performance/runmodes/autofp1.png create mode 100644 doc/userguide/performance/runmodes/autofp2.png create mode 100644 doc/userguide/performance/runmodes/single.png create mode 100644 doc/userguide/performance/runmodes/threading1.png create mode 100644 doc/userguide/performance/runmodes/workers.png create mode 100644 doc/userguide/performance/statistics.rst create mode 100644 doc/userguide/performance/tcmalloc.rst create mode 100644 doc/userguide/performance/tuning-considerations.rst create mode 100644 doc/userguide/public-data-sets.rst create mode 100644 doc/userguide/quickstart.rst create mode 100644 doc/userguide/reputation/index.rst create mode 100644 doc/userguide/reputation/ipreputation/ip-reputation-config.rst create mode 100644 doc/userguide/reputation/ipreputation/ip-reputation-format.rst create mode 100644 doc/userguide/reputation/ipreputation/ip-reputation.rst create mode 100644 doc/userguide/rule-management/adding-your-own-rules.rst create mode 100644 doc/userguide/rule-management/index.rst create mode 100644 doc/userguide/rule-management/rule-profiling.rst create mode 100644 doc/userguide/rule-management/rule-reload.rst create mode 100644 doc/userguide/rule-management/suricata-update.rst create mode 100644 doc/userguide/rule-management/suricata-update/suricata-update.png create mode 100644 doc/userguide/rules/app-layer.rst create mode 100644 doc/userguide/rules/base64-keywords.rst create mode 100644 doc/userguide/rules/bypass-keyword.rst create mode 100644 doc/userguide/rules/config.rst create mode 100644 doc/userguide/rules/dataset-examples/detect-unique-tlds.png create mode 100644 doc/userguide/rules/datasets.rst create mode 100644 doc/userguide/rules/dcerpc-keywords.rst create mode 100644 doc/userguide/rules/dhcp-keywords.rst create mode 100644 doc/userguide/rules/differences-from-snort.rst create mode 100644 doc/userguide/rules/dnp3-keywords.rst create mode 100644 doc/userguide/rules/dns-keywords.rst create mode 100644 doc/userguide/rules/dns-keywords/dns_query.png create mode 100644 doc/userguide/rules/enip-keyword.rst create mode 100644 doc/userguide/rules/fast-pattern-explained.rst create mode 100644 doc/userguide/rules/fast-pattern/fast_pattern.png create mode 100644 doc/userguide/rules/file-keywords.rst create mode 100644 doc/userguide/rules/flow-keywords.rst create mode 100644 doc/userguide/rules/flow-keywords/Flow1.png create mode 100644 doc/userguide/rules/flow-keywords/Flow2.png create mode 100644 doc/userguide/rules/flow-keywords/Flowbit_3.png create mode 100644 doc/userguide/rules/ftp-keywords.rst create mode 100644 doc/userguide/rules/header-keywords.rst create mode 100644 doc/userguide/rules/header-keywords/Wireshark_ack.png create mode 100644 doc/userguide/rules/header-keywords/Wireshark_seq.png create mode 100644 doc/userguide/rules/http-keywords.rst create mode 100644 doc/userguide/rules/http-keywords/Legenda_rules.png create mode 100644 doc/userguide/rules/http-keywords/client_body.png create mode 100644 doc/userguide/rules/http-keywords/client_body1.png create mode 100644 doc/userguide/rules/http-keywords/cookie.png create mode 100644 doc/userguide/rules/http-keywords/cookie1.png create mode 100644 doc/userguide/rules/http-keywords/fast_pattern.png create mode 100644 doc/userguide/rules/http-keywords/file_data.png create mode 100644 doc/userguide/rules/http-keywords/header.png create mode 100644 doc/userguide/rules/http-keywords/header1.png create mode 100644 doc/userguide/rules/http-keywords/http_server_body.png create mode 100644 doc/userguide/rules/http-keywords/http_uri.png create mode 100644 doc/userguide/rules/http-keywords/method.png create mode 100644 doc/userguide/rules/http-keywords/method1.png create mode 100644 doc/userguide/rules/http-keywords/method2.png create mode 100644 doc/userguide/rules/http-keywords/stat-code1.png create mode 100644 doc/userguide/rules/http-keywords/stat_code.png create mode 100644 doc/userguide/rules/http-keywords/stat_msg.png create mode 100644 doc/userguide/rules/http-keywords/stat_msg_1.png create mode 100644 doc/userguide/rules/http-keywords/uri.png create mode 100644 doc/userguide/rules/http-keywords/uri1.png create mode 100644 doc/userguide/rules/http-keywords/uricontent1.png create mode 100644 doc/userguide/rules/http-keywords/urilen.png create mode 100644 doc/userguide/rules/http-keywords/user_agent.png create mode 100644 doc/userguide/rules/http-keywords/user_agent_match.png create mode 100644 doc/userguide/rules/http2-keywords.rst create mode 100644 doc/userguide/rules/ike-keywords.rst create mode 100644 doc/userguide/rules/index.rst create mode 100644 doc/userguide/rules/intro.rst create mode 100644 doc/userguide/rules/intro/TCP-session.png create mode 100644 doc/userguide/rules/ip-reputation-rules.rst create mode 100644 doc/userguide/rules/ipaddr.rst create mode 100644 doc/userguide/rules/ja3-keywords.rst create mode 100644 doc/userguide/rules/kerberos-keywords.rst create mode 100644 doc/userguide/rules/lua-detection.rst create mode 100644 doc/userguide/rules/meta.rst create mode 100644 doc/userguide/rules/modbus-keyword.rst create mode 100644 doc/userguide/rules/mqtt-keywords.rst create mode 100644 doc/userguide/rules/multi-buffer-matching.rst create mode 100644 doc/userguide/rules/normalized-buffers/normalization1.png create mode 100644 doc/userguide/rules/payload-keywords.rst create mode 100644 doc/userguide/rules/payload-keywords/Legenda_rules.png create mode 100644 doc/userguide/rules/payload-keywords/content2.png create mode 100644 doc/userguide/rules/payload-keywords/content3.png create mode 100644 doc/userguide/rules/payload-keywords/content4.png create mode 100644 doc/userguide/rules/payload-keywords/content5.png create mode 100644 doc/userguide/rules/payload-keywords/content6.png create mode 100644 doc/userguide/rules/payload-keywords/distance.png create mode 100644 doc/userguide/rules/payload-keywords/distance1.png create mode 100644 doc/userguide/rules/payload-keywords/distance3.png create mode 100644 doc/userguide/rules/payload-keywords/distance4.png create mode 100644 doc/userguide/rules/payload-keywords/distance5.png create mode 100644 doc/userguide/rules/payload-keywords/isdataat1.png create mode 100644 doc/userguide/rules/payload-keywords/replace.png create mode 100644 doc/userguide/rules/payload-keywords/replace1.png create mode 100644 doc/userguide/rules/payload-keywords/within1.png create mode 100644 doc/userguide/rules/payload-keywords/within2.png create mode 100644 doc/userguide/rules/payload-keywords/within_distance.png create mode 100644 doc/userguide/rules/payload-keywords/within_distance2.png create mode 100644 doc/userguide/rules/pcre/pcre3.png create mode 100644 doc/userguide/rules/pcre/pcre4.png create mode 100644 doc/userguide/rules/pcre/pcre5.png create mode 100644 doc/userguide/rules/pcre/pcre6.png create mode 100644 doc/userguide/rules/prefilter-keywords.rst create mode 100644 doc/userguide/rules/quic-keywords.rst create mode 100644 doc/userguide/rules/rfb-keywords.rst create mode 100644 doc/userguide/rules/sip-keywords.rst create mode 100644 doc/userguide/rules/smb-keywords.rst create mode 100644 doc/userguide/rules/snmp-keywords.rst create mode 100644 doc/userguide/rules/ssh-keywords.rst create mode 100644 doc/userguide/rules/tag.rst create mode 100644 doc/userguide/rules/thresholding.rst create mode 100644 doc/userguide/rules/tls-keywords.rst create mode 100644 doc/userguide/rules/transforms.rst create mode 100644 doc/userguide/rules/xbits.rst create mode 100644 doc/userguide/security.rst create mode 100644 doc/userguide/setting-up-ipsinline-for-linux.rst create mode 100644 doc/userguide/setting-up-ipsinline-for-linux/IPtables.png create mode 100644 doc/userguide/setting-up-ipsinline-for-linux/IPtables3.png create mode 100644 doc/userguide/setting-up-ipsinline-for-linux/iptables1.png create mode 100644 doc/userguide/setting-up-ipsinline-for-linux/iptables2.png create mode 100644 doc/userguide/setting-up-ipsinline-for-linux/iptables4.png create mode 100644 doc/userguide/setting-up-ipsinline-for-linux/iptables_vnL.png create mode 100644 doc/userguide/setting-up-ipsinline-for-windows.rst create mode 100644 doc/userguide/support-status.rst create mode 100644 doc/userguide/suricata.1 create mode 100644 doc/userguide/suricatactl-filestore.1 create mode 100644 doc/userguide/suricatactl.1 create mode 100644 doc/userguide/suricatasc.1 create mode 100644 doc/userguide/unix-socket.rst create mode 100644 doc/userguide/upgrade.rst create mode 100644 doc/userguide/upgrade/unified2.rst create mode 100644 doc/userguide/userguide.pdf create mode 100644 doc/userguide/what-is-suricata.rst (limited to 'doc') diff --git a/doc/AUTHORS b/doc/AUTHORS new file mode 100644 index 0000000..dda67eb --- /dev/null +++ b/doc/AUTHORS @@ -0,0 +1,6 @@ +Team: +https://suricata.io/about/team/ + +All contributors: +https://www.openhub.net/p/suricata-engine/contributors/summary + diff --git a/doc/Basic_Setup.txt b/doc/Basic_Setup.txt new file mode 100644 index 0000000..1769e1d --- /dev/null +++ b/doc/Basic_Setup.txt @@ -0,0 +1,116 @@ +Autogenerated on 2012-11-29 +from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Basic_Setup + + +Basic Setup + +When using Debian or FreeBSD, make sure you enter all commands as root/super- +user because for these operating systems it is not possible to use 'sudo'. +Start with creating a directory for Suricata's log information. + + sudo mkdir /var/log/suricata + + +To prepare the system for using it, enter: + + sudo mkdir /etc/suricata + +The next step is to copy classification.config, reference.config and +suricata.yaml from the base build/installation directory (ex. from git it will +be the oisf directory) to the /etc/suricata directory. Do so by entering the +following: + + sudo cp classification.config /etc/suricata + sudo cp reference.config /etc/suricata + sudo cp suricata.yaml /etc/suricata + + +Auto setup + +You can also use the available auto setup features of Suricata: +ex: + + ./configure && make && make install-conf + +make install-conf +would do the regular "make install" and then it would automatically create/ +setup all the necessary directories and suricata.yaml for you. + + ./configure && make && make install-rules + +make install-rules +would do the regular "make install" and then it would automatically download +and set up the latest ruleset from Emerging Threats available for Suricata + + ./configure && make && make install-full + +make install-full +would combine everything mentioned above (install-conf and install-rules) - and +will present you with a ready to run (configured and set up) Suricata + +Setting variables + +Make sure every variable of the vars, address-groups and port-groups in the +yaml file is set correctly for your needs. A full explanation is available in +the Rule_vars_section_of_the_yaml. You need to set the ip-address(es) of your +local network at HOME_NET. It is recommended to set EXTERNAL_NET to !$HOME_NET. +This way, every ip-address but the one set at HOME_NET will be treated as +external. It is also possible to set EXTERNAL_NET to 'any', only the +recommended setting is more precise and lowers the change that false positives +will be generated. HTTP_SERVERS, SMTP_SERVERS , SQL_SERVERS , DNS_SERVERS and +TELNET_SERVERS are by default set to HOME_NET. AIM_SERVERS is by default set at +'any'. These variables have to be set for servers on your network. All settings +have to be set to let it have a more accurate effect. +Next, make sure the following ports are set to your needs: HTTP_PORTS, +SHELLCODE_PORTS, ORACLE_PORTS and SSH_PORTS. +Finally, set the host-os-policy to your needs. See Host_OS_Policy_in_the_yaml +for a full explanation. + + windows:[] + bsd: [] + bsd-right: [] + old-linux: [] + linux: [10.0.0.0/8, 192.168.1.100, "8762:2352:6241:7245:E000:0000:0000: + 0000"] + old-solaris: [] + solaris: ["::1"] + hpux10: [] + hpux11: [] + irix: [] + macos: [] + vista: [] + windows2k3: [] + +Note that bug #499 may prevent you from setting old-linux, bsd-right and old- +solaris right now. + +Interface cards + +To check the available interface cards, enter: + + ifconfig + +Now you can see which one you would like Suricata to use. +To start the engine and include the interface card of your preference, enter: + + sudo suricata -c /etc/suricata/suricata.yaml -i wlan0 + +Instead of wlan0, you can enter the interface card of your preference. +To see if the engine is working correctly and receives and inspects traffic, +enter: + + cd /var/log/suricata + +Followed by: + + tail http.log + +And: + + tail -n 50 stats.log + +To make sure the information displayed is up-dated in real time, use the - +f option before http.log and stats.log: + + tail -f http.log stats.log + diff --git a/doc/GITGUIDE b/doc/GITGUIDE new file mode 100644 index 0000000..41b4059 --- /dev/null +++ b/doc/GITGUIDE @@ -0,0 +1,90 @@ +Guide for using GIT + +Working with Git is significantly different that working with SVN. In particular, although similar, git pull is not svn update, git push is not svn commit, and git add is not svn add. If you are a SVN user, be sure to read the man pages for the different git commands. + +The following workflow is recommended by Evan and is the guideline for contributing code to Rubinius. + + 1. + + Create a local working copy of the source code (we did this earlier.) + + # See above for the exact invocation + + 2. + + Change to the newly created directory that contains the local working copy. (Substitute the directory if you created it with a different name, obviously.) + + cd code + + 3. + + Create a branch for your work. This will make a copy of the current branch (master) and name it "new_feature". Now you can work in this new branch without breaking the main one. + + git checkout -b new_feature + + 4. + + Edit the code and test your changes. Then commit to your local working copy + + git commit -a + + 5. + + When you are ready to send your local changes back to the Rubinius repository, you first need to ensure that your local copy is up-to-date. First, ensure you have committed your local changes. Then switch from your topic branch to the master branch. + + git checkout master + + 6. + + Update your local copy with changes from the Rubinius repository + + git pull + + 7. + + Switch back to your topic branch and integrate any new changes. The git rebase command will save your changes away, update the topic branch, and then reapply them. + + git checkout new_feature + git rebase master + + Warning! If you are sharing a branch, you must use: + + git merge master + + Rebase causes the commit layout to change and will confuse anyone you've shared this branch with. + + 8. + + If there are conflicts applying your changes during the git rebase command, fix them and use the following to finish applying them + + git rebase --continue + + 9. + + Now, switch back to the master branch and merge your changes from the topic branch + + git checkout master + git merge new_feature + + 10. + + You might want to check that your commits ended up as you intended. To do so, you can have a look at the log + + git log + + 11. + + Get your changes in the main repository. If you have commit rights, you can just use the git push command. Otherwise, see the section below for information on creating a set of patches to send. + + git push + + 12. + + At this point, you can delete the branch if you like. + + git branch -d new_feature + +When you're familiar with the workflow, you can use the rake tasks to help you out. For example, rake git will fetch the latest code from remote repo, rebase the current branch to master, fast-forward the changes to master and push the commits to the remote. This saves a lot of typing. Check rake -T git for all the git related tasks. + +Taken from: http://rubinius.lighthouseapp.com/projects/5089/using-git + diff --git a/doc/INSTALL b/doc/INSTALL new file mode 100644 index 0000000..08b2eff --- /dev/null +++ b/doc/INSTALL @@ -0,0 +1,5 @@ +See doc/userguide/install.rst + +An hosted version of this can be found at Read The Docs: + +https://docs.suricata.io/en/latest/install.html diff --git a/doc/Makefile.am b/doc/Makefile.am new file mode 100644 index 0000000..90a1bca --- /dev/null +++ b/doc/Makefile.am @@ -0,0 +1,17 @@ +SUBDIRS = userguide + +EXTRA_DIST = \ +AUTHORS \ +GITGUIDE \ +INSTALL \ +NEWS \ +README \ +TODO \ +\ +Basic_Setup.txt \ +Setting_up_IPSinline_for_Linux.txt \ +Third_Party_Installation_Guides.txt + +datarootdir=@datarootdir@ +docdir = ${datarootdir}/doc/${PACKAGE} +dist_doc_DATA = ${EXTRA_DIST} diff --git a/doc/Makefile.in b/doc/Makefile.in new file mode 100644 index 0000000..0bec752 --- /dev/null +++ b/doc/Makefile.in @@ -0,0 +1,773 @@ +# Makefile.in generated by automake 1.16.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2021 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = doc +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_doc_DATA) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/autoconf.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(docdir)" +DATA = $(dist_doc_DATA) +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + distdir distdir-am +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in AUTHORS INSTALL NEWS README \ + TODO +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CARGO = @CARGO@ +CARGO_BUILD_TARGET = @CARGO_BUILD_TARGET@ +CARGO_HOME = @CARGO_HOME@ +CBINDGEN = @CBINDGEN@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CLANG = @CLANG@ +CLANG_CFLAGS = @CLANG_CFLAGS@ +CONFIGURE_DATAROOTDIR = @CONFIGURE_DATAROOTDIR@ +CONFIGURE_LOCALSTATEDIR = @CONFIGURE_LOCALSTATEDIR@ +CONFIGURE_PREFIX = @CONFIGURE_PREFIX@ +CONFIGURE_SYSCONDIR = @CONFIGURE_SYSCONDIR@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +ETAGS = @ETAGS@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FILECMD = @FILECMD@ +GCC_CFLAGS = @GCC_CFLAGS@ +GREP = @GREP@ +HAVE_COCCINELLE_CONFIG = @HAVE_COCCINELLE_CONFIG@ +HAVE_CURL = @HAVE_CURL@ +HAVE_CYGPATH = @HAVE_CYGPATH@ +HAVE_GETCONF_CMD = @HAVE_GETCONF_CMD@ +HAVE_GIT_CMD = @HAVE_GIT_CMD@ +HAVE_PCAP_CONFIG = @HAVE_PCAP_CONFIG@ +HAVE_PDFLATEX = @HAVE_PDFLATEX@ +HAVE_PKG_CONFIG = @HAVE_PKG_CONFIG@ +HAVE_PYTHON = @HAVE_PYTHON@ +HAVE_WGET = @HAVE_WGET@ +HTP_DIR = @HTP_DIR@ +HTP_LDADD = @HTP_LDADD@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBHTPDEVVERSION_CFLAGS = @LIBHTPDEVVERSION_CFLAGS@ +LIBHTPDEVVERSION_LIBS = @LIBHTPDEVVERSION_LIBS@ +LIBHTPMINVERSION_CFLAGS = @LIBHTPMINVERSION_CFLAGS@ +LIBHTPMINVERSION_LIBS = @LIBHTPMINVERSION_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_FUZZING_ENGINE = @LIB_FUZZING_ENGINE@ +LIPO = @LIPO@ +LLC = @LLC@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LUAJIT_CFLAGS = @LUAJIT_CFLAGS@ +LUAJIT_LIBS = @LUAJIT_LIBS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_INT8 = @LUA_INT8@ +LUA_LIBS = @LUA_LIBS@ +MAJOR_MINOR = @MAJOR_MINOR@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPTIMIZATION_CFLAGS = @OPTIMIZATION_CFLAGS@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PCAP_CFLAGS = @PCAP_CFLAGS@ +PCAP_LIBS = @PCAP_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POW_LIB = @POW_LIB@ +RANLIB = @RANLIB@ +RUSTC = @RUSTC@ +RUSTUP_HOME_PATH = @RUSTUP_HOME_PATH@ +RUST_FEATURES = @RUST_FEATURES@ +RUST_LDADD = @RUST_LDADD@ +RUST_SURICATA_LIB = @RUST_SURICATA_LIB@ +RUST_SURICATA_LIBDIR = @RUST_SURICATA_LIBDIR@ +RUST_SURICATA_LIBNAME = @RUST_SURICATA_LIBNAME@ +SECCFLAGS = @SECCFLAGS@ +SECLDFLAGS = @SECLDFLAGS@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SPHINX_BUILD = @SPHINX_BUILD@ +STRIP = @STRIP@ +SURICATA_UPDATE_DIR = @SURICATA_UPDATE_DIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = ${datarootdir}/doc/${PACKAGE} +dvidir = @dvidir@ +e_datadir = @e_datadir@ +e_datarulesdir = @e_datarulesdir@ +e_defaultruledir = @e_defaultruledir@ +e_enable_evelog = @e_enable_evelog@ +e_localstatedir = @e_localstatedir@ +e_logcertsdir = @e_logcertsdir@ +e_logdir = @e_logdir@ +e_logfilesdir = @e_logfilesdir@ +e_magic_file = @e_magic_file@ +e_magic_file_comment = @e_magic_file_comment@ +e_rundir = @e_rundir@ +e_rustdir = @e_rustdir@ +e_sysconfdir = @e_sysconfdir@ +enable_non_bundled_htp = @enable_non_bundled_htp@ +exec_prefix = @exec_prefix@ +have_rustup = @have_rustup@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +install_suricata_update_reason = @install_suricata_update_reason@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libhs_CFLAGS = @libhs_CFLAGS@ +libhs_LIBS = @libhs_LIBS@ +libhtp_CFLAGS = @libhtp_CFLAGS@ +libhtp_LIBS = @libhtp_LIBS@ +libnetfilter_queue_CFLAGS = @libnetfilter_queue_CFLAGS@ +libnetfilter_queue_LIBS = @libnetfilter_queue_LIBS@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +rust_vendor_comment = @rust_vendor_comment@ +rustup_home = @rustup_home@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUBDIRS = userguide +EXTRA_DIST = \ +AUTHORS \ +GITGUIDE \ +INSTALL \ +NEWS \ +README \ +TODO \ +\ +Basic_Setup.txt \ +Setting_up_IPSinline_for_Linux.txt \ +Third_Party_Installation_Guides.txt + +dist_doc_DATA = ${EXTRA_DIST} +all: all-recursive + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu doc/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-dist_docDATA: $(dist_doc_DATA) + @$(NORMAL_INSTALL) + @list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(docdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(docdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \ + done + +uninstall-dist_docDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_doc_DATA)'; test -n "$(docdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(docdir)'; $(am__uninstall_files_from_dir) + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile $(DATA) +installdirs: installdirs-recursive +installdirs-am: + for dir in "$(DESTDIR)$(docdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: install-dist_docDATA + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: uninstall-dist_docDATA + +.MAKE: $(am__recursive_targets) install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ + check-am clean clean-generic clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am \ + install-dist_docDATA install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-dist_docDATA + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/NEWS b/doc/NEWS new file mode 100644 index 0000000..cee835f --- /dev/null +++ b/doc/NEWS @@ -0,0 +1 @@ +https://suricata.io/news/ diff --git a/doc/README b/doc/README new file mode 100644 index 0000000..e69de29 diff --git a/doc/Setting_up_IPSinline_for_Linux.txt b/doc/Setting_up_IPSinline_for_Linux.txt new file mode 100644 index 0000000..3e2ee62 --- /dev/null +++ b/doc/Setting_up_IPSinline_for_Linux.txt @@ -0,0 +1,83 @@ +Autogenerated on 2012-11-29 +from - https://docs.suricata.io/en/latest/setting-up-ipsinline-for-linux.html + + +Setting up IPS/inline for Linux + +In this guide will be explained how to work with Suricata in inline mode and +how to set iptables for that purpose. +First start with compiling Suricata with NFQ support. For instructions see +Ubuntu_Installation. +For more information about NFQ and iptables, see suricata.yaml. +To check if you have NFQ enabled in your Suricata, enter the following command: + + suricata --build-info + +and examine if you have NFQ between the features. +To run suricata with the NFQ mode, you have to make use of the -q option. This +option tells Suricata which of the queue numbers it should use. + + sudo suricata -c /etc/suricata/suricata.yaml -q 0 + + +Iptables configuration + +First of all it is important to know which traffic you would like to send to +Suricata. Traffic that passes your computer or traffic that is generated by +your computer. + +If Suricata is running on a gateway and is meant to protect the computers +behind that gateway you are dealing with the first scenario: forward_ing . +If Suricata has to protect the computer it is running on, you are dealing with +the second scenario: host (see drawing 2). +These two ways of using Suricata can also be combined. +The easiest rule in case of the gateway-scenario to send traffic to Suricata +is: + + sudo iptables -I FORWARD -j NFQUEUE + +In this case, all forwarded traffic goes to Suricata. +In case of the host situation, these are the two most simple iptable rules; + + sudo iptables -I INPUT -j NFQUEUE + sudo iptables -I OUTPUT -j NFQUEUE + +It is possible to set a queue number. If you do not, the queue number will be 0 +by default. +Imagine you want Suricata to check for example just TCP-traffic, or all +incoming traffic on port 80, or all traffic on destination-port 80, you can do +so like this: + + sudo iptables -I INPUT -p tcp -j NFQUEUE + sudo iptables -I OUTPUT -p tcp -j NFQUEUE + +In this case, Suricata checks just TCP traffic. + + sudo iptables -I INPUT -p tcp --sport 80 -j NFQUEUE + sudo iptables -I OUTPUT -p tcp --dport 80 -j NFQUEUE + +In this example, Suricata checks all input and output on port 80. + +To see if you have set your iptables rules correct make sure Suricata is +running and enter: + + sudo iptables -vnL + +In the example you can see if packets are being logged. +This description of the use of iptables is the way to use it with IPv4. To use +it with IPv6 all previous mentioned commands have to start with 'ip6tables'. It +is also possible to let Suricata check both kinds of traffic. +There is also a way to use iptables with multiple networks (and interface +cards). Example: + + sudo iptables -I FORWARD -i eth0 -o eth1 -j NFQUEUE + sudo iptables -I FORWARD -i eth1 -o eth0 -j NFQUEUE + +The options -i (input) -o (output) can be combined with all previous mentioned +options +If you would stop Suricata and use internet, the traffic will not come through. +To make internet work correctly, you have to erase all iptable rules. +To erase all iptable rules, enter: + + sudo iptables -F + diff --git a/doc/TODO b/doc/TODO new file mode 100644 index 0000000..33a497c --- /dev/null +++ b/doc/TODO @@ -0,0 +1,3 @@ +Plenty, and you're welcome to help! + +https://suricata.io/participate/ diff --git a/doc/Third_Party_Installation_Guides.txt b/doc/Third_Party_Installation_Guides.txt new file mode 100644 index 0000000..4028d29 --- /dev/null +++ b/doc/Third_Party_Installation_Guides.txt @@ -0,0 +1,10 @@ +Autogenerated on 2012-11-29 +from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Third_Party_Installation_Guides + + +Third Party Installation Guides + +On this page you can find links to third party installation guides for +Suricata. Beware that none of these guides is reviewed by us. Feel free to add +a link to your Suricata installation guide. +http://aldeid.com/index.php/Suricata/Installation-and-basic-configuration diff --git a/doc/userguide/3rd-party-integration/index.rst b/doc/userguide/3rd-party-integration/index.rst new file mode 100644 index 0000000..8a190c0 --- /dev/null +++ b/doc/userguide/3rd-party-integration/index.rst @@ -0,0 +1,6 @@ +3rd Party Integration +===================== + +.. toctree:: + + symantec-sslv diff --git a/doc/userguide/3rd-party-integration/symantec-sslv.rst b/doc/userguide/3rd-party-integration/symantec-sslv.rst new file mode 100644 index 0000000..3aa0235 --- /dev/null +++ b/doc/userguide/3rd-party-integration/symantec-sslv.rst @@ -0,0 +1,90 @@ +Symantec SSL Visibility (BlueCoat) +================================== + +As Suricata itself cannot decrypt SSL/TLS traffic, some organizations use +a decryption product to handle this. This document will offer some advice +on using Suricata with the Symantec SSL Visibility appliance (formerly +known as BlueCoat). + + +Appliance Software Version +-------------------------- + +The appliance comes with two major software version options. The 3.x and 4.x +series. Suricata works best with the 4.x series. + +TLS1.3 is only properly supported in the 4.x version of the appliance +software. + + +Magic Markers +------------- + +The appliance has an indicator that data is decrypted. This is done using +a special magic source MAC address, or using a special VLAN header. Since +Suricata can use VLANs as part of flow tracking, it is recommended to use +the source MAC method. + +In the 3.x version of the software these markers are always there, the +config just allows setting which type will be used. In the 4.x software the +markers are optional. + + +TCP handling +------------ + +In the 3.x software, a bit of care is required in TCP stream reassembly +handling in Suricata. The decrypted traffic is presented to the IDS as +TCP data packets, that are not ack'd as regularly as would be expected +in a regular TCP session. A large TCP window is used to not violate the +TCP specs. Since in IDS mode Suricata waits for ACKs for much of its +processing, this can lead to delays in detection and logging, as well +as increased resource usage due to increased data buffering. + +To avoid this, enable the 'stream.inline' mode, which processed data +segments as they come in without waiting for the ACKs. + +The 4.x software sends more regular ACKs and does not need any special +handling on the Suricata side. + + +TLS matching in Suricata +------------------------ + +The appliance takes care of the TLS handling and decryption, presenting +only the decrypted data to Suricata. This means that Suricata will not +see the TLS handshake. As a consequence of this, Suricata cannot inspect +the TLS handshake or otherwise process it. This means that for decrypted +TLS sessions, Suricata will not do any TLS keyword inspection (such as +fingerprint matching and ja3), TLS logging or TLS certificate extraction. + +If it is important to match on and/or log such information as well, the +appliance facilities for matching and logging themselves will have to be +used. + +For TLS traffic where the appliance security policy does not lead to +decryption of the traffic, the TLS handshake is presented to Suricata +for analysis and logging. + +IPS +--- + +When using Suricata in IPS mode with the appliance, some things will +have to be considered: + +* if Suricata DROPs a packet in the decrypted traffic, this will be seen + by the appliance after which it will trigger a RST session teardown. + +* if a packet takes more than one second to process, it will automatically + be considered a DROP by the appliance. This should not happen in normal + traffic, but with very inefficient Lua scripts this could perhaps + happen. The appliance can also be configured to wait for 5 seconds. + +* When using the Suricata 'replace' keyword to modify data, be aware + that the 3.x appliance software will not pass the modification on to + the destination so this will not have any effect. The 4.x appliance + software does support passing on modifications that were made to the + unencrypted text, by default this feature is disabled but you can + enable it if you want modifications to be passed on to the destination + in the re-encrypted stream. Due to how Suricata works, the size of + the payloads cannot be changed. diff --git a/doc/userguide/Makefile.am b/doc/userguide/Makefile.am new file mode 100644 index 0000000..bd15792 --- /dev/null +++ b/doc/userguide/Makefile.am @@ -0,0 +1,95 @@ +EXTRA_DIST = \ + _static \ + 3rd-party-integration \ + acknowledgements.rst \ + capture-hardware \ + command-line-options.rst \ + conf.py \ + configuration \ + devguide \ + file-extraction \ + index.rst \ + upgrade \ + upgrade.rst \ + initscripts.rst \ + install.rst \ + licenses \ + lua \ + make-sense-alerts.rst \ + manpages \ + output \ + partials \ + performance \ + public-data-sets.rst \ + quickstart.rst \ + reputation \ + rule-management \ + rules \ + security.rst \ + setting-up-ipsinline-for-linux \ + setting-up-ipsinline-for-linux.rst \ + setting-up-ipsinline-for-windows.rst \ + support-status.rst \ + unix-socket.rst \ + what-is-suricata.rst + +if HAVE_SURICATA_MAN +dist_man1_MANS = suricata.1 suricatasc.1 suricatactl.1 suricatactl-filestore.1 +endif + +if SPHINX_BUILD +dist_man1_MANS = suricata.1 suricatasc.1 suricatactl.1 suricatactl-filestore.1 + +if HAVE_PDFLATEX +EXTRA_DIST += userguide.pdf +endif + +SPHINX_BUILD = sphinx-build -q + +html: + sysconfdir=$(sysconfdir) \ + localstatedir=$(localstatedir) \ + version=$(PACKAGE_VERSION) \ + $(SPHINX_BUILD) -W -b html -d _build/doctrees \ + $(top_srcdir)/doc/userguide _build/html + +_build/latex/Suricata.pdf: + sysconfdir=$(sysconfdir) \ + localstatedir=$(localstatedir) \ + version=$(PACKAGE_VERSION) \ + $(SPHINX_BUILD) -W -b latex -d _build/doctrees \ + $(top_srcdir)/doc/userguide _build/latex +# The Sphinx generated Makefile is GNU Make specific, so just do what +# it does here - yes, multiple passes of pdflatex is required. + cd _build/latex && pdflatex Suricata.tex + cd _build/latex && pdflatex Suricata.tex + cd _build/latex && pdflatex Suricata.tex + cd _build/latex && makeindex -s python.ist Suricata.idx + cd _build/latex && pdflatex Suricata.tex + cd _build/latex && pdflatex Suricata.tex + +userguide.pdf: _build/latex/Suricata.pdf + cp _build/latex/Suricata.pdf userguide.pdf + +pdf: userguide.pdf + +_build/man: manpages/suricata.rst manpages/suricatasc.rst manpages/suricatactl.rst manpages/suricatactl-filestore.rst + sysconfdir=$(sysconfdir) \ + localstatedir=$(localstatedir) \ + version=$(PACKAGE_VERSION) \ + $(SPHINX_BUILD) -W -b man -d _build/doctrees \ + $(top_srcdir)/doc/userguide _build/man + touch _build/man + +$(dist_man1_MANS): _build/man + cp _build/man/$@ . + +man: $(dist_man1_MANS) + +# Remove build artifacts that aren't tracked by autotools. +clean-local: + rm -rf $(top_builddir)/doc/userguide/_build + rm -f $(top_builddir)/doc/userguide/suricata*.1 + rm -f $(top_builddir)/doc/userguide/userguide.pdf + +endif # SPHINX_BUILD diff --git a/doc/userguide/Makefile.in b/doc/userguide/Makefile.in new file mode 100644 index 0000000..2d0a204 --- /dev/null +++ b/doc/userguide/Makefile.in @@ -0,0 +1,663 @@ +# Makefile.in generated by automake 1.16.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2021 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@HAVE_PDFLATEX_TRUE@@SPHINX_BUILD_TRUE@am__append_1 = userguide.pdf +subdir = doc/userguide +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/autoconf.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man1dir = $(mandir)/man1 +am__installdirs = "$(DESTDIR)$(man1dir)" +NROFF = nroff +MANS = $(dist_man1_MANS) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(dist_man1_MANS) $(srcdir)/Makefile.in README.md +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CARGO = @CARGO@ +CARGO_BUILD_TARGET = @CARGO_BUILD_TARGET@ +CARGO_HOME = @CARGO_HOME@ +CBINDGEN = @CBINDGEN@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CLANG = @CLANG@ +CLANG_CFLAGS = @CLANG_CFLAGS@ +CONFIGURE_DATAROOTDIR = @CONFIGURE_DATAROOTDIR@ +CONFIGURE_LOCALSTATEDIR = @CONFIGURE_LOCALSTATEDIR@ +CONFIGURE_PREFIX = @CONFIGURE_PREFIX@ +CONFIGURE_SYSCONDIR = @CONFIGURE_SYSCONDIR@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +ETAGS = @ETAGS@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FILECMD = @FILECMD@ +GCC_CFLAGS = @GCC_CFLAGS@ +GREP = @GREP@ +HAVE_COCCINELLE_CONFIG = @HAVE_COCCINELLE_CONFIG@ +HAVE_CURL = @HAVE_CURL@ +HAVE_CYGPATH = @HAVE_CYGPATH@ +HAVE_GETCONF_CMD = @HAVE_GETCONF_CMD@ +HAVE_GIT_CMD = @HAVE_GIT_CMD@ +HAVE_PCAP_CONFIG = @HAVE_PCAP_CONFIG@ +HAVE_PDFLATEX = @HAVE_PDFLATEX@ +HAVE_PKG_CONFIG = @HAVE_PKG_CONFIG@ +HAVE_PYTHON = @HAVE_PYTHON@ +HAVE_WGET = @HAVE_WGET@ +HTP_DIR = @HTP_DIR@ +HTP_LDADD = @HTP_LDADD@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBHTPDEVVERSION_CFLAGS = @LIBHTPDEVVERSION_CFLAGS@ +LIBHTPDEVVERSION_LIBS = @LIBHTPDEVVERSION_LIBS@ +LIBHTPMINVERSION_CFLAGS = @LIBHTPMINVERSION_CFLAGS@ +LIBHTPMINVERSION_LIBS = @LIBHTPMINVERSION_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIB_FUZZING_ENGINE = @LIB_FUZZING_ENGINE@ +LIPO = @LIPO@ +LLC = @LLC@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LUAJIT_CFLAGS = @LUAJIT_CFLAGS@ +LUAJIT_LIBS = @LUAJIT_LIBS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_INT8 = @LUA_INT8@ +LUA_LIBS = @LUA_LIBS@ +MAJOR_MINOR = @MAJOR_MINOR@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPTIMIZATION_CFLAGS = @OPTIMIZATION_CFLAGS@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PCAP_CFLAGS = @PCAP_CFLAGS@ +PCAP_LIBS = @PCAP_LIBS@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POW_LIB = @POW_LIB@ +RANLIB = @RANLIB@ +RUSTC = @RUSTC@ +RUSTUP_HOME_PATH = @RUSTUP_HOME_PATH@ +RUST_FEATURES = @RUST_FEATURES@ +RUST_LDADD = @RUST_LDADD@ +RUST_SURICATA_LIB = @RUST_SURICATA_LIB@ +RUST_SURICATA_LIBDIR = @RUST_SURICATA_LIBDIR@ +RUST_SURICATA_LIBNAME = @RUST_SURICATA_LIBNAME@ +SECCFLAGS = @SECCFLAGS@ +SECLDFLAGS = @SECLDFLAGS@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +@SPHINX_BUILD_TRUE@SPHINX_BUILD = sphinx-build -q +SPHINX_BUILD = @SPHINX_BUILD@ +STRIP = @STRIP@ +SURICATA_UPDATE_DIR = @SURICATA_UPDATE_DIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +e_datadir = @e_datadir@ +e_datarulesdir = @e_datarulesdir@ +e_defaultruledir = @e_defaultruledir@ +e_enable_evelog = @e_enable_evelog@ +e_localstatedir = @e_localstatedir@ +e_logcertsdir = @e_logcertsdir@ +e_logdir = @e_logdir@ +e_logfilesdir = @e_logfilesdir@ +e_magic_file = @e_magic_file@ +e_magic_file_comment = @e_magic_file_comment@ +e_rundir = @e_rundir@ +e_rustdir = @e_rustdir@ +e_sysconfdir = @e_sysconfdir@ +enable_non_bundled_htp = @enable_non_bundled_htp@ +exec_prefix = @exec_prefix@ +have_rustup = @have_rustup@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +install_suricata_update_reason = @install_suricata_update_reason@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libhs_CFLAGS = @libhs_CFLAGS@ +libhs_LIBS = @libhs_LIBS@ +libhtp_CFLAGS = @libhtp_CFLAGS@ +libhtp_LIBS = @libhtp_LIBS@ +libnetfilter_queue_CFLAGS = @libnetfilter_queue_CFLAGS@ +libnetfilter_queue_LIBS = @libnetfilter_queue_LIBS@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +rust_vendor_comment = @rust_vendor_comment@ +rustup_home = @rustup_home@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +EXTRA_DIST = _static 3rd-party-integration acknowledgements.rst \ + capture-hardware command-line-options.rst conf.py \ + configuration devguide file-extraction index.rst upgrade \ + upgrade.rst initscripts.rst install.rst licenses lua \ + make-sense-alerts.rst manpages output partials performance \ + public-data-sets.rst quickstart.rst reputation rule-management \ + rules security.rst setting-up-ipsinline-for-linux \ + setting-up-ipsinline-for-linux.rst \ + setting-up-ipsinline-for-windows.rst support-status.rst \ + unix-socket.rst what-is-suricata.rst $(am__append_1) +@HAVE_SURICATA_MAN_TRUE@dist_man1_MANS = suricata.1 suricatasc.1 suricatactl.1 suricatactl-filestore.1 +@SPHINX_BUILD_TRUE@dist_man1_MANS = suricata.1 suricatasc.1 suricatactl.1 suricatactl-filestore.1 +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/userguide/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu doc/userguide/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man1: $(dist_man1_MANS) + @$(NORMAL_INSTALL) + @list1='$(dist_man1_MANS)'; \ + list2=''; \ + test -n "$(man1dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.1[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list='$(dist_man1_MANS)'; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(MANS) +installdirs: + for dir in "$(DESTDIR)$(man1dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +@SPHINX_BUILD_FALSE@clean-local: +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +@SPHINX_BUILD_FALSE@html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man1 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +@SPHINX_BUILD_FALSE@pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-man + +uninstall-man: uninstall-man1 + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + clean-local cscopelist-am ctags-am distclean distclean-generic \ + distclean-libtool distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-man1 install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags-am uninstall uninstall-am uninstall-man \ + uninstall-man1 + +.PRECIOUS: Makefile + + +@SPHINX_BUILD_TRUE@html: +@SPHINX_BUILD_TRUE@ sysconfdir=$(sysconfdir) \ +@SPHINX_BUILD_TRUE@ localstatedir=$(localstatedir) \ +@SPHINX_BUILD_TRUE@ version=$(PACKAGE_VERSION) \ +@SPHINX_BUILD_TRUE@ $(SPHINX_BUILD) -W -b html -d _build/doctrees \ +@SPHINX_BUILD_TRUE@ $(top_srcdir)/doc/userguide _build/html + +@SPHINX_BUILD_TRUE@_build/latex/Suricata.pdf: +@SPHINX_BUILD_TRUE@ sysconfdir=$(sysconfdir) \ +@SPHINX_BUILD_TRUE@ localstatedir=$(localstatedir) \ +@SPHINX_BUILD_TRUE@ version=$(PACKAGE_VERSION) \ +@SPHINX_BUILD_TRUE@ $(SPHINX_BUILD) -W -b latex -d _build/doctrees \ +@SPHINX_BUILD_TRUE@ $(top_srcdir)/doc/userguide _build/latex +# The Sphinx generated Makefile is GNU Make specific, so just do what +# it does here - yes, multiple passes of pdflatex is required. +@SPHINX_BUILD_TRUE@ cd _build/latex && pdflatex Suricata.tex +@SPHINX_BUILD_TRUE@ cd _build/latex && pdflatex Suricata.tex +@SPHINX_BUILD_TRUE@ cd _build/latex && pdflatex Suricata.tex +@SPHINX_BUILD_TRUE@ cd _build/latex && makeindex -s python.ist Suricata.idx +@SPHINX_BUILD_TRUE@ cd _build/latex && pdflatex Suricata.tex +@SPHINX_BUILD_TRUE@ cd _build/latex && pdflatex Suricata.tex + +@SPHINX_BUILD_TRUE@userguide.pdf: _build/latex/Suricata.pdf +@SPHINX_BUILD_TRUE@ cp _build/latex/Suricata.pdf userguide.pdf + +@SPHINX_BUILD_TRUE@pdf: userguide.pdf + +@SPHINX_BUILD_TRUE@_build/man: manpages/suricata.rst manpages/suricatasc.rst manpages/suricatactl.rst manpages/suricatactl-filestore.rst +@SPHINX_BUILD_TRUE@ sysconfdir=$(sysconfdir) \ +@SPHINX_BUILD_TRUE@ localstatedir=$(localstatedir) \ +@SPHINX_BUILD_TRUE@ version=$(PACKAGE_VERSION) \ +@SPHINX_BUILD_TRUE@ $(SPHINX_BUILD) -W -b man -d _build/doctrees \ +@SPHINX_BUILD_TRUE@ $(top_srcdir)/doc/userguide _build/man +@SPHINX_BUILD_TRUE@ touch _build/man + +@SPHINX_BUILD_TRUE@$(dist_man1_MANS): _build/man +@SPHINX_BUILD_TRUE@ cp _build/man/$@ . + +@SPHINX_BUILD_TRUE@man: $(dist_man1_MANS) + +# Remove build artifacts that aren't tracked by autotools. +@SPHINX_BUILD_TRUE@clean-local: +@SPHINX_BUILD_TRUE@ rm -rf $(top_builddir)/doc/userguide/_build +@SPHINX_BUILD_TRUE@ rm -f $(top_builddir)/doc/userguide/suricata*.1 +@SPHINX_BUILD_TRUE@ rm -f $(top_builddir)/doc/userguide/userguide.pdf + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/userguide/README.md b/doc/userguide/README.md new file mode 100644 index 0000000..b625625 --- /dev/null +++ b/doc/userguide/README.md @@ -0,0 +1,15 @@ +# Suricata User Guide + +This directory contains the Suricata Guide. The Suricata Developer's guide +is included as a chapter of the Guide. +The [Sphinx Document Generator](http://sphinx-doc.org) is used to build the +documentation. For a primer os reStructuredText see the +[reStructuredText Primer](http://sphinx-doc.org/rest.html). + +## Verifying Changes + +There are a number of output formats to choose from when making the source documentation locally (e.g. html, pdf, man). + +The documentation source can be built with `make -f Makefile.sphinx html`. Substitute the 'html' word for desired output format. + +There are different application dependencies based on the output desired. diff --git a/doc/userguide/_static/.gitignore b/doc/userguide/_static/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/doc/userguide/_static/css/suricata.css b/doc/userguide/_static/css/suricata.css new file mode 100644 index 0000000..43dc06b --- /dev/null +++ b/doc/userguide/_static/css/suricata.css @@ -0,0 +1,34 @@ +.example-rule { + padding: 12px 12px; + font-family: Consolas,"Andale Mono WT","Andale Mono","Lucida Console","Lucida Sans Typewriter","DejaVu Sans Mono","Bitstream Vera Sans Mono","Liberation Mono","Nimbus Mono L",Monaco,"Courier New",Courier,monospace; + font-size: 12px; + line-height: 1.5; + display: block; + overflow: auto; + color: #404040; + + border: 1px solid #e1e4e5; + background: #fff; + margin: 1px 0 24px 0; +} +.example-rule-emphasis { + color: #f00; + font-weight: bold; +} + +.example-rule-action { + color: #f00; +} +.example-rule-header { + color: #090; +} +.example-rule-options { + color: #00f; +} + +/* Make tables wrap text to avoid requiring the user to horizontally + * scroll. */ +.wy-table-responsive table td, .wy-table-responsive table th { + white-space: inherit; + vertical-align: top !important; +} diff --git a/doc/userguide/acknowledgements.rst b/doc/userguide/acknowledgements.rst new file mode 100644 index 0000000..4a0aad6 --- /dev/null +++ b/doc/userguide/acknowledgements.rst @@ -0,0 +1,43 @@ +Acknowledgements +================ + +Thank you to the following for their Wiki and documentation +contributions that have made this user guide possible: + +- Andreas Herz +- Andreas Moe +- Anne-Fleur Koolstra +- Christophe Vandeplas +- Darren Spruell +- David Cannings +- David Diallo +- David Wharton +- Eric Leblond +- god lol +- Haris Haq +- Ignacio Sanchez +- Jason Ish +- Jason Taylor +- Josh Smith +- Juliana Fajardini +- Ken Steele +- Les Syv +- Lukas Sismis +- Mark Solaris +- Martin Holste +- Mats Klepsland +- Matt Jonkman +- Michael Bentley +- Michael Hrishenko +- Nathan Jimerson +- Nicolas Merle +- Peter Manev +- Philipp Buehler +- Philippe Antoine +- Ralph Broenink +- Rob MacGregor +- Russel Fulton +- Shivani Bhardwaj +- Victor Julien +- Vincent Fang +- Zach Rasmor diff --git a/doc/userguide/capture-hardware/af-xdp.rst b/doc/userguide/capture-hardware/af-xdp.rst new file mode 100644 index 0000000..ebe8585 --- /dev/null +++ b/doc/userguide/capture-hardware/af-xdp.rst @@ -0,0 +1,287 @@ +AF_XDP +====== + +AF_XDP (eXpress Data Path) is a high speed capture framework for Linux that was +introduced in Linux v4.18. AF_XDP aims at improving capture performance by +redirecting ingress frames to user-space memory rings, thus bypassing the network +stack. + +Note that during ``af_xdp`` operation the selected interface cannot be used for +regular network usage. + +Further reading: + + - https://www.kernel.org/doc/html/latest/networking/af_xdp.html + +Compiling Suricata +------------------ + +Linux +~~~~~ + +libxdp and libpbf are required for this feature. When building from source the +development files will also be required. + +Example:: + + dnf -y install libxdp-devel libbpf-devel + +This feature is enabled provided the libraries above are installed, the user +does not need to add any additional command line options. + +The command line option ``--disable-af-xdp`` can be used to disable this +feature. + +Example:: + + ./configure --disable-af-xdp + +Starting Suricata +----------------- + +IDS +~~~ + +Suricata can be started as follows to use af-xdp: + +:: + + af-xdp: + suricata --af-xdp= + suricata --af-xdp=igb0 + +In the above example Suricata will start reading from the `igb0` network interface. + +AF_XDP Configuration +-------------------- + +Each of these settings can be configured under ``af-xdp`` within the "Configure +common capture settings" section of suricata.yaml configuration file. + +The number of threads created can be configured in the suricata.yaml configuration +file. It is recommended to use threads equal to NIC queues/CPU cores. + +Another option is to select ``auto`` which will allow Suricata to configure the +number of threads based on the number of RSS queues available on the NIC. + +With ``auto`` selected, Suricata spawns receive threads equal to the number of +configured RSS queues on the interface. + +:: + + af-xdp: + threads: + threads: auto + threads: 8 + +Advanced setup +--------------- + +af-xdp capture source will operate using the default configuration settings. +However, these settings are available in the suricata.yaml configuration file. + +Available configuration options are: + +force-xdp-mode +~~~~~~~~~~~~~~ + +There are two operating modes employed when loading the XDP program, these are: + +- XDP_DRV: Mode chosen when the driver supports AF_XDP +- XDP_SKB: Mode chosen when no AF_XDP support is unavailable + +XDP_DRV mode is the preferred mode, used to ensure best performance. + +:: + + af-xdp: + force-xdp-mode: where: value = + force-xdp-mode: drv + +force-bind-mode +~~~~~~~~~~~~~~~ + +During binding the kernel will first attempt to use zero-copy (preferred). If +zero-copy support is unavailable it will fallback to copy mode, copying all +packets out to user space. + +:: + + af-xdp: + force-bind-mode: where: value = + force-bind-mode: zero + +For both options, the kernel will attempt the 'preferred' option first and +fallback upon failure. Therefore the default (none) means the kernel has +control of which option to apply. By configuring these options the user +is forcing said option. Note that if enabled, the bind will only attempt +this option, upon failure the bind will fail i.e. no fallback. + +mem-unaligned +~~~~~~~~~~~~~~~~ + +AF_XDP can operate in two memory alignment modes, these are: + +- Aligned chunk mode +- Unaligned chunk mode + +Aligned chunk mode is the default option which ensures alignment of the +data within the UMEM. + +Unaligned chunk mode uses hugepages for the UMEM. +Hugepages start at the size of 2MB but they can be as large as 1GB. +Lower count of pages (memory chunks) allows faster lookup of page entries. +The hugepages need to be allocated on the NUMA node where the NIC and CPU resides. +Otherwise, if the hugepages are allocated only on NUMA node 0 and the NIC is +connected to NUMA node 1, then the application will fail to start. +Therefore, it is recommended to first find out to which NUMA node the NIC is +connected to and only then allocate hugepages and set CPU cores affinity +to the given NUMA node. + +Memory assigned per socket/thread is 16MB, so each worker thread requires at least +16MB of free space. As stated above hugepages can be of various sizes, consult the +OS to confirm with ``cat /proc/meminfo``. + +Example :: + + 8 worker threads * 16Mb = 128Mb + hugepages = 2048 kB + so: pages required = 62.5 (63) pages + +See https://www.kernel.org/doc/Documentation/vm/hugetlbpage.txt for detailed +description. + +To enable unaligned chunk mode: + +:: + + af-xdp: + mem-unaligned: + mem-unaligned: yes + +Introduced from Linux v5.11 a ``SO_PREFER_BUSY_POLL`` option has been added to +AF_XDP that allows a true polling of the socket queues. This feature has +been introduced to reduce context switching and improve CPU reaction time +during traffic reception. + +Enabled by default, this feature will apply the following options, unless +disabled (see below). The following options are used to configure this feature. + +enable-busy-poll +~~~~~~~~~~~~~~~~ + +Enables or disables busy polling. + +:: + + af-xdp: + enable-busy-poll: + enable-busy-poll: yes + +busy-poll-time +~~~~~~~~~~~~~~ + +Sets the approximate time in microseconds to busy poll on a ``blocking receive`` +when there is no data. + +:: + + af-xdp: + busy-poll-time: