Pull request #3640: doc: Adds more details about handling rejection

Merge in SNORT/snort3 from ~LCZARNIK/snort3:doc_unreachable to master

Squashed commit of the following:

commit 65438651b394c150803993b910e6578c8602569e
Author: Lukasz Czarnik <lczarnik@cisco.com>
Date:   Thu Oct 27 13:26:58 2022 -0400

    doc: specified which packages are sent on rejection

diff --git a/doc/user/active.txt b/doc/user/active.txt
index 1462ade6f0181f9b7cd7458e669aac044b1b64a8..3061240ef65e7a6817ec157f09327d1ba2fd81d5 100644 (file)
--- a/doc/user/active.txt
+++ b/doc/user/active.txt
@@ -1,7 +1,7 @@
 Snort can take more active role in securing network by sending active
 responses to shutdown offending sessions. When active responses is
-enabled, snort will send TCP RST or ICMP unreachable when dropping a
-session.
+enabled, snort will send TCP RST and ICMP unreachable when
+dropping a TCP session and ICMP unreachable packets for UDP.
 
 ==== Changes from Snort 2.9
 
@@ -64,8 +64,8 @@ Example:
 ==== Reject
 
 IPS action reject perform active response to shutdown hostile network
-session by injecting TCP resets (TCP connections) or ICMP unreachable
-packets.
+session by injecting TCP resets and ICMP unreachable for TCP
+connections, and ICMP unreachable packets for UDP.
 
 Example: