]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 75662a1)
doc: normalized buffers
authorJason Ish <ish@unx.ca>
Fri, 4 Dec 2015 15:53:19 +0000 (09:53 -0600)
committerVictor Julien <victor@inliniac.net>
Wed, 28 Sep 2016 11:11:10 +0000 (13:11 +0200)
doc/sphinx/normalized-buffers.rst [new file with mode: 0644] patch | blob
doc/sphinx/normalized-buffers/normalization1.png [new file with mode: 0644] patch | blob
doc/sphinx/rules.rst patch | blob | blame | history

diff --git a/doc/sphinx/normalized-buffers.rst b/doc/sphinx/normalized-buffers.rst
new file mode 100644 (file)
index 0000000..111bb97
--- /dev/null
+++ b/doc/sphinx/normalized-buffers.rst
@@ -0,0 +1,15 @@
+Normalized Buffers
+==================
+
+
+A packet consists of raw data. HTTP and reassembly make a copy of
+those kinds of packets data. They erase anomalous content, combine
+packets etcetera. What remains is a called the 'normalized buffer'.
+
+Example:
+
+.. image:: normalized-buffers/normalization1.png
+
+Because the data is being normalized, it is not what it used to be; it
+is an interpretation.  Normalized buffers are: all HTTP-keywords,
+reassembled streams, TLS-, SSL-, SSH-, FTP- and dcerpc-buffers.
diff --git a/doc/sphinx/normalized-buffers/normalization1.png b/doc/sphinx/normalized-buffers/normalization1.png
new file mode 100644 (file)
index 0000000..a99820c
Binary files /dev/null and b/doc/sphinx/normalized-buffers/normalization1.png differ
diff --git a/doc/sphinx/rules.rst b/doc/sphinx/rules.rst
index 88c3773741b1143a896d52f30588f58b54d7ded4..5a8ec3036c79ddd23d3f3730b7d8d3ceed145ef2 100644 (file)
--- a/doc/sphinx/rules.rst
+++ b/doc/sphinx/rules.rst
@@ -17,3 +17,4 @@ Rules
    adding-your-own-rules
    live-rule-swap
    tls-keywords
+   normalized-buffers
Mirror of https://github.com/OISF/suricata.git