aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc/userguide: add missing rule protocols

Browse Source
pull/13894/head
Victor Julien 2 months ago committed by Victor Julien
parent 3641b4eda1
commit 2623e67a80
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File

12
doc/userguide/rules/intro.rst
Unescape Escape View File

@ -68,13 +68,17 @@ Protocol
alert :example-rule-emphasis:`http` $HOME_NET any -> $EXTERNAL_NET any (msg:"HTTP GET Request Containing Rule in URI"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"rule"; fast_pattern; classtype:bad-unknown; sid:123; rev:1;)
This keyword in a signature tells Suricata which protocol it
concerns. You can choose between four basic protocols:
The protocol value will limit what protocol(s) the signature will be applied to:
* ip (ip stands for 'all' or 'any')
* tcp (for tcp-traffic)
* udp
* icmp
* ip (ip stands for 'all' or 'any')
* icmp (both icmpv4 and icmpv6)
* icmpv4
* icmpv6
* ipv4/ip4 - just IPv4
* ipv6/ip6 - just IPv6
* pkthdr (for inspecting packets w/o invalid headers)
There are a couple of additional TCP related protocol options:

Write Preview
Loading…
Cancel
Save