doc: Fixup byte* entries to display tables properly

3 years ago · 192a31c74e
parent 8bfe427a74
commit 192a31c74e
1 changed files with 37 additions and 30 deletions
--- a/doc/userguide/rules/payload-keywords.rst
+++ b/doc/userguide/rules/payload-keywords.rst
@ -371,7 +371,7 @@ Format::
 |		 | - dec - Converted string represented in decimal				|
 |		 | - oct - Converted string represented in octal				|
 +----------------+------------------------------------------------------------------------------+
-| [dce]		 | Allow the DCE module determine the byte order 				|
+| [dce]		 | Allow the DCE module to determine the byte order 				|
 +----------------+------------------------------------------------------------------------------+
 | [bitmask]	 | Applies the AND operator on the bytes converted				|
 +----------------+------------------------------------------------------------------------------+
@ -414,49 +414,53 @@ When ``relative`` is included, there must be a previous ``content`` or ``pcre``
 The result can be stored in a result variable and referenced by
 other rule options later in the rule.
 ==============	==================================
- Keyword	Modifier
+ Keyword	    Modifier
 ============== 	==================================
- content	offset,depth,distance,within
+ content	    offset,depth,distance,within
- byte_test	offset,value
+ byte_test	    offset,value
- byte_jump	offset
+ byte_jump	    offset
- isdataat	offset
+ isdataat	    offset
 ==============	==================================
 Format::
  byte_math:bytes <num of bytes>, offset <offset>, oper <operator>, rvalue <rvalue>, \
-	result <result_var> [, relative] [, endian <endian>] [, string <number-type>] \
+        result <result_var> [, relative] [, endian <endian>] [, string <number-type>] \
-	[, dce] [, bitmask <value>];
+        [, dce] [, bitmask <value>];
 +-----------------------+-----------------------------------------------------------------------+
-| <num of bytes>	| The number of bytes selected from the packet 				|
+| <num of bytes>        | The number of bytes selected from the packet                          |
 +-----------------------+-----------------------------------------------------------------------+
-| <offset>		| Number of bytes into the payload					|
+| <offset>              | Number of bytes into the payload                                      |
 +-----------------------+-----------------------------------------------------------------------+
-| oper <operator>	| Mathematical operation to perform: +, -, \*, /, <<, >> 		|
+| oper <operator>       | Mathematical operation to perform: +, -, \*, /, <<, >>                |
 +-----------------------+-----------------------------------------------------------------------+
-| rvalue <rvalue>	| Value to perform the math operation with 				|
+| rvalue <rvalue>       | Value to perform the math operation with                              |
 +-----------------------+-----------------------------------------------------------------------+
-| result <result-var>	| Where to store the computed value 					|
+| result <result-var>   | Where to store the computed value                                     |
 +-----------------------+-----------------------------------------------------------------------+
-| [relative]		| Offset relative to last content match					|
+| [relative]            | Offset relative to last content match                                 |
 +-----------------------+-----------------------------------------------------------------------+
-| [endian <type>]	| - big (Most significant byte at lowest address)			|
+| [endian <type>]       | - big (Most significant byte at lowest address)                       |
-|		       	| - little (Most significant byte at the highest address)		|
+|                       | - little (Most significant byte at the highest address)               |
 |                       | - dce (Allow the DCE module to determine the byte order)              |
 +-----------------------+-----------------------------------------------------------------------+
-| [string <num_type>]  	| 									|
+| [string <num_type>]   |                                                                       |
-|		       	| - hex Converted data is represented in hex				|
+|                       | - hex Converted data is represented in hex                            |
-|		       	| - dec Converted data is represented in decimal			|
+|                       | - dec Converted data is represented in decimal                        |
-|		       	| - oct Converted data is represented as octal				|
+|                       | - oct Converted data is represented as octal                          |
 +-----------------------+-----------------------------------------------------------------------+
-| [dce]			| Allow the DCE module determine the byte order				|
+| [dce]                 | Allow the DCE module to determine the byte order                      |
 +-----------------------+-----------------------------------------------------------------------+
-| [bitmask] <value>	| The AND operator will be applied to the extracted value		|
+| [bitmask] <value>     | The AND operator will be applied to the extracted value               |
-|			| The result will be right shifted by the number of bits equal to the	|
+|                       | The result will be right shifted by the number of bits equal to the   |
-|			| number of trailing zeros in the mask					|
+|                       | number of trailing zeros in the mask                                  |
 +-----------------------+-----------------------------------------------------------------------+
 Example::
  alert tcp any any -> any any \
@ -481,11 +485,13 @@ The ``byte_jump`` keyword allows for the ability to select a ``<num of bytes>``
 Format::
  byte_jump:<num of bytes>, <offset> [, relative][, multiplier <mult_value>] \
-	[, <endian>][, string, <num_type>][, align][, from_beginning][, from_end] \ 
+        [, <endian>][, string, <num_type>][, align][, from_beginning][, from_end] \
        [, post_offset <value>][, dce][, bitmask <value>];
 +-----------------------+-----------------------------------------------------------------------+
-| <num of bytes>	| The number of bytes selected from the packet to be converted		|
+| <num of bytes>        | The number of bytes selected from the packet to be converted          |
 +-----------------------+-----------------------------------------------------------------------+
 | <offset>		| Number of bytes into the payload					|
 +-----------------------+-----------------------------------------------------------------------+
@ -512,12 +518,13 @@ Format::
 | [post_offset] <value>	| After the jump operation has been performed, it will			|
 |			| jump an additional number of bytes specified by <value>		|
 +-----------------------+-----------------------------------------------------------------------+
-| [dce]			| Allow the DCE module determine the byte order				|
+| [dce]                 | Allow the DCE module to determine the byte order                      |
 +-----------------------+-----------------------------------------------------------------------+
 | [bitmask] <value>	| The AND operator will be applied by <value> and the			|
 |			| converted bytes, then jump operation is performed			|
 +-----------------------+-----------------------------------------------------------------------+
 Example::
  alert tcp any any -> any any \
@ -565,10 +572,10 @@ Format::
 |		     | - dec - Converted string represented in decimal				|
 |		     | - oct - Converted string represented in octal				|
 +--------------------+--------------------------------------------------------------------------+
-| [dce]		     | Allow the DCE module determine the byte order 				|
+| [dce]              | Allow the DCE module to determine the byte order                         |
 +--------------------+--------------------------------------------------------------------------+
-| align <align-value>| Round the extracted value up to the next 				|
+| align <align-value>| Round the extracted value up to the next                                 |
-|                    | next <align-value> byte boundary post-multiplication (if any)            |
+|                    | <align-value> byte boundary post-multiplication (if any)                 |
 |                    | ; <align-value> may be 2 or 4                                            |
 +--------------------+--------------------------------------------------------------------------+