doc: add multi buffer support note to keyword docs

Signed-off-by: jason taylor <jtfas90@gmail.com>

doc/userguide/rules/dns-keywords.rst

@@ -67,3 +67,8 @@ DNS query on the wire (snippet)::
 ``dns.query`` buffer::
 
     mail.google.com
+
+Multiple Buffer Matching
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+``dns.query`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.

doc/userguide/rules/file-keywords.rst

@@ -18,6 +18,8 @@ Example::
 
   filename:"secret";
 
+``file.name`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 fileext
 -------
 
@@ -47,6 +49,8 @@ Example::
 Note: as libmagic versions differ between installations, the returned
 information may also slightly change. See also #437.
 
+``file.magic`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 filestore
 ---------
 

doc/userguide/rules/http-keywords.rst

@@ -839,3 +839,8 @@ Notes
    pattern '<html' is absent from the first inspected chunk.
 
 -  ``file.data`` can also be used with SMTP
+
+Multiple Buffer Matching
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+``file.data`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.

doc/userguide/rules/http2-keywords.rst

@@ -109,6 +109,7 @@ Examples::
 
 ``http2.header_name`` can be used as ``fast_pattern``.
 
+``http2.header_name`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
 
 Additional information
 ----------------------

doc/userguide/rules/ike-keywords.rst

@@ -84,6 +84,8 @@ Examples::
 
     ike.vendor:4a131c81070358455c5728f20e95452f;
 
+``ike.vendor`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 
 ike.key_exchange_payload
 ------------------------

doc/userguide/rules/kerberos-keywords.rst

@@ -52,6 +52,8 @@ Signature example::
 
 ``krb5_cname`` can be used as ``fast_pattern``.
 
+``krb5.cname`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 krb5_sname
 ----------
 
@@ -75,6 +77,8 @@ Signature example::
 
 ``krb5_sname`` can be used as ``fast_pattern``.
 
+``krb5.sname`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 krb5_err_code
 -------------
 

doc/userguide/rules/mqtt-keywords.rst

@@ -237,6 +237,8 @@ Examples::
 
 ``mqtt.subscribe.topic`` is a 'sticky buffer' and can be used as ``fast_pattern``.
 
+``mqtt.subscribe.topic`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 
 mqtt.unsubscribe.topic
 ----------------------
@@ -249,6 +251,8 @@ Examples::
 
 ``mqtt.unsubscribe.topic`` is a 'sticky buffer' and can be used as ``fast_pattern``.
 
+``mqtt.unsubscribe.topic`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 
 Additional information
 ----------------------

doc/userguide/rules/multi-buffer-matching.rst

@@ -74,18 +74,19 @@ not be met.
 Multiple buffer matching is currently enabled for use with the
 following keywords:
 
-``dns.query``
+* ``dns.query``
-``file.data``
+* ``file.data``
-``file.magic``
+* ``file.magic``
-``file.name``
+* ``file.name``
-``http2.header``
+* ``http.request_header``
-``http2.header_name``
+* ``http.response_header``
-``ike.vendor``
+* ``http2.header_name``
-``krb5_cname``
+* ``ike.vendor``
-``krb5_sname``
+* ``krb5_cname``
-``mqtt.subscribe.topic``
+* ``krb5_sname``
-``mqtt.unsubscribe.topic``
+* ``mqtt.subscribe.topic``
-``quic.cyu.hash``
+* ``mqtt.unsubscribe.topic``
-``quic.cyu.string``
+* ``quic.cyu.hash``
-``tls.certs``
+* ``quic.cyu.string``
-``tls.cert_subject``
+* ``tls.certs``
+* ``tls.cert_subject``

doc/userguide/rules/quic-keywords.rst

@@ -18,6 +18,8 @@ Examples::
     quic.cyu.hash; content:"7b3ceb1adc974ad360cfa634e8d0a730"; \
     sid:1;)
 
+``quic.cyu.hash`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 quic.cyu.string
 ---------------
 
@@ -29,6 +31,8 @@ Examples::
     quic.cyu.string; content:"46,PAD-SNI-VER-CCS-UAID-TCID-PDMD-SMHL-ICSL-NONP-MIDS-SCLS-CSCT-COPT-IRTT-CFCW-SFCW"; \
     sid:2;)
 
+``quic.cyu.string`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 quic.version
 ------------
 

doc/userguide/rules/tls-keywords.rst

@@ -17,6 +17,8 @@ Examples::
 
 ``tls.cert_subject`` can be used as ``fast_pattern``.
 
+``tls.cert_subject`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 tls.subject
 ~~~~~~~~~~~
 
@@ -174,6 +176,8 @@ Example::
 
 ``tls.certs`` can be used as ``fast_pattern``.
 
+``tls.certs`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 tls.version
 -----------