doc: snort compatibility

diff --git a/doc/sphinx/conf.py b/doc/sphinx/conf.py
index 6cd7f0cf4d96b6b30418ed0c5b4bdc128699f797..6224fe72c14f36eb0945051688da826346f7d471 100644 (file)
--- a/doc/sphinx/conf.py
+++ b/doc/sphinx/conf.py
@@ -16,6 +16,8 @@ import sys
 import os
 import shlex
 
+on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
+
 # If extensions (or modules to document with autodoc) are in another directory,
 # add these directories to sys.path here. If the directory is relative to the
 # documentation root, use os.path.abspath to make it absolute, like shown here.
@@ -108,8 +110,12 @@ todo_include_todos = False
 
 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
-#html_theme = 'alabaster'
-html_theme = 'sphinx_rtd_theme'
+if not on_rtd:
+    #html_theme = 'alabaster'
+    html_theme = 'sphinx_rtd_theme'
+    #html_theme = 'classic'
+    #html_theme = 'default'
+    #html_theme = 'nature'
 
 # Theme options are theme-specific and customize the look and feel of a theme
 # further.  For a list of options available for each theme, see the

diff --git a/doc/sphinx/index.rst b/doc/sphinx/index.rst
index bbfbfb7d418db6f50277072c21a2f1bdfc599554..9519597007bf2d0d2a22def2bb51b7dbfe4abd78 100644 (file)
--- a/doc/sphinx/index.rst
+++ b/doc/sphinx/index.rst
@@ -7,4 +7,5 @@ Suricata User Guide
 
    what-is-suricata
    command-line-options
+   snort-compatibility
    rules/index.rst

diff --git a/doc/sphinx/rules/adding-your-own-rules.rst b/doc/sphinx/rules/adding-your-own-rules.rst
index cbf99b6d80fc77688545da05eebd96ed7920903b..2b2aa5ce2101f23291b5e50fc5b84aea5f5a0edc 100644 (file)
--- a/doc/sphinx/rules/adding-your-own-rules.rst
+++ b/doc/sphinx/rules/adding-your-own-rules.rst
@@ -11,7 +11,7 @@ your console:
 
   sudo nano local.rules
 
-Write your rule, see :doc:`rules` and save it.
+Write your rule, see :doc:`intro` and save it.
 
 Open yaml
 

diff --git a/doc/sphinx/snort-compatibility.rst b/doc/sphinx/snort-compatibility.rst
new file mode 100644 (file)
index 0000000..cc9e4e2
--- /dev/null
+++ b/doc/sphinx/snort-compatibility.rst
@@ -0,0 +1,66 @@
+Snort Compatibility
+===================
+
+.. contents::
+
+Keyword: content
+----------------
+
+*Versions affected: All versions prior to 3.0.*
+
+Prior to Suricata 3.0, the argument provided to the content keyword
+cannot be longer than 255 characters like it can in Snort.
+
+Suricata 3.0 and newer can accept content arguments longer than 255
+characters.
+
+See:
+
+* https://redmine.openinfosecfoundation.org/issues/1281
+* https://github.com/inliniac/suricata/pull/1475
+
+Keyword: urilen
+---------------
+
+*Versions affected: all*
+
+In Snort the urilen range is inclusive, in Suricata it is not.
+
+Example::
+
+  urilen:5<>10
+
+In Snort the above will match URIs that are greater than and equal to
+5 and less than and equal to 10. *Note that this is not what is
+documented in the Snort manual.*
+
+In Suricata the above will match URIs that are greater than 5 and less
+than 10, so it will only mathch URIs that are 6, 7, 8, and 9 bytes
+long.
+
+See:
+
+* https://redmine.openinfosecfoundation.org/issues/1416
+
+Keyword: isdataat
+-----------------
+
+*Versions affected: all*
+
+``isdataat`` is off by one from Snort. In Snort the offset starts at 0
+where Suricata starts at 1.
+
+Keyword: flowbits
+-----------------
+
+*Versions affected: all prior to 2.0.9*
+
+Versions of Suricata prior to 2.0.9 treated leading and trailing
+whitespace in flowbit names as part of the flowbit name where Snort
+does not.
+
+This was fixed in Suricata 2.0.9.
+
+See:
+
+* https://redmine.openinfosecfoundation.org/issues/1481