doc/userguide: document that lua dns rules need hooks

And remove the old "keywords" that a lua Rule can register with for DNS.
3 months ago · be483dc873
parent 13de319b01
commit be483dc873
2 changed files with 12 additions and 7 deletions
--- a/doc/userguide/lua/libs/dns.rst
+++ b/doc/userguide/lua/libs/dns.rst
@ -1,6 +1,8 @@
 DNS
 ---
 .. role:: example-rule-emphasis
 DNS transaction details are exposed to Lua scripts with the
 ``suricata.dns`` library, for example::
@ -23,12 +25,18 @@ If you are going to use the script for rule matching, choose one of
 the available DNS buffers listed in :ref:`lua-detection` and follow
 the pattern:
-::
+For use in rule matching, the rule must **hook** into a DNS
 transaction state. Available states are ``request_complete`` and
 ``response_complete``.  For example:
 .. container:: example-rule
  alert dns::example-rule-emphasis:`request_complete` any any -> any any (...
 Then to initialize the script::
  function init (args)
-     local needs = {}
+     return {}
     needs["dns.rrname"] = tostring(true)
     return needs
  end
 Transaction
--- a/doc/userguide/rules/lua-detection.rst
+++ b/doc/userguide/rules/lua-detection.rst
@ -35,9 +35,6 @@ inspection. Currently the following are available:
 * buffer -- the current sticky buffer
 * stream
 * dnp3
 * dns.request
 * dns.response
 * dns.rrname
 * ssh
 * smtp
 * tls