userguide: clarify flow:stateless explanation

author Juliana Fajardini <jufajardini@gmail.com>

Mon, 29 Jul 2024 19:55:30 +0000 (16:55 -0300)

committer Victor Julien <victor@inliniac.net>

Wed, 7 Aug 2024 17:04:34 +0000 (19:04 +0200)
author Juliana Fajardini <jufajardini@gmail.com>
Mon, 29 Jul 2024 19:55:30 +0000 (16:55 -0300)
committer Victor Julien <victor@inliniac.net>
Wed, 7 Aug 2024 17:04:34 +0000 (19:04 +0200)
diff --git a/doc/userguide/rules/flow-keywords.rst b/doc/userguide/rules/flow-keywords.rst

index fff833a8bac3878278fa8cd6bfa52619afe08cc9..00801352303e898a2dd163dd33cc546eb5e93545 100644 (file)
--- a/doc/userguide/rules/flow-keywords.rst
+++ b/doc/userguide/rules/flow-keywords.rst
@@ -90,7 +90,8 @@ established
  not_established
    Match on packets that are not part of an established connection.
  stateless
-  Match on packets that are and are not part of an established connection.
+  Match on packets that are part of a flow, regardless of connection state.
+  (This means that packets that are not seen as part of a flow won't match).
  only_stream
    Match on packets that have been reassembled by the stream engine.
  no_stream
@@ -403,4 +404,4 @@ The number of packets can be matched exactly, or compared using the _op_ setting
  
  Signature example::
  
- alert ip any any -> any any (msg:"Flow has less than 2000 bytes"; flow.bytes_toserver:<2000; sid:1;)
-\ No newline at end of file
+ alert ip any any -> any any (msg:"Flow has less than 2000 bytes"; flow.bytes_toserver:<2000; sid:1;)
author	Juliana Fajardini <jufajardini@gmail.com>
	Mon, 29 Jul 2024 19:55:30 +0000 (16:55 -0300)
committer	Victor Julien <victor@inliniac.net>
	Wed, 7 Aug 2024 17:04:34 +0000 (19:04 +0200)