Add documentation url in list-keyword output.

The output of the list-keyword is modified to include the url to
the keyword documentation when this is available. All documented
keywords should have their link set.

list-keyword can be used with an optional value:
 no option or short: display list of keywords
 csv: display a csv output on info an all keywords
 all: display a human readable output of keywords info
 $KWD: display the info about one keyword.

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index f78597a19c4fbd8e0a3f16d0a3f5fb260b245624..09918960cc3c4d89f6eb957051d602463a814271 100644 (file)
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -529,6 +529,22 @@ uint16_t AppLayerGetProtoByName(const char *name)
     return ALPROTO_UNKNOWN;
 }
 
+const char *AppLayerGetProtoString(int proto)
+{
+
+    if ((proto > ALPROTO_MAX) || (proto < 0)) {
+        return "Undefined";
+    }
+
+    if (al_proto_table[proto].name == NULL)  {
+        return "Unset";
+    } else {
+        return al_proto_table[proto].name;
+    }
+
+    return "Undefined";
+}
+
 /** \brief Description: register a parser.
  *
  * \param name full parser name, e.g. "http.request_line"

diff --git a/src/app-layer-parser.h b/src/app-layer-parser.h
index 6bda0ce0aface742e1a1bc855f509222fe83b48b..0ad01e2d0556be4fb24722b0a6a14fe25512313c 100644 (file)
--- a/src/app-layer-parser.h
+++ b/src/app-layer-parser.h
@@ -262,6 +262,7 @@ void AppLayerRegisterGetFilesFunc(uint16_t proto,
         FileContainer *(*StateGetFile)(void *, uint8_t));
 void AppLayerRegisterLogger(uint16_t proto);
 uint16_t AppLayerGetProtoByName(const char *);
+const char *AppLayerGetProtoString(int proto);
 void AppLayerRegisterTruncateFunc(uint16_t proto, void (*Truncate)(void *, uint8_t));
 
 int AppLayerParse(void *, Flow *, uint8_t,

diff --git a/src/detect-ack.c b/src/detect-ack.c
index e82aef2fc9134c0ccd621c907fbd0461550414af..ba0d4c16b73563b70e0ad49af18c54c9187e6084 100644 (file)
--- a/src/detect-ack.c
+++ b/src/detect-ack.c
@@ -48,6 +48,8 @@ static void DetectAckFree(void *);
 
 void DetectAckRegister(void) {
     sigmatch_table[DETECT_ACK].name = "ack";
+    sigmatch_table[DETECT_ACK].desc = "check for a specific TCP acknowledgement number";
+    sigmatch_table[DETECT_ACK].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#ack";
     sigmatch_table[DETECT_ACK].Match = DetectAckMatch;
     sigmatch_table[DETECT_ACK].Setup = DetectAckSetup;
     sigmatch_table[DETECT_ACK].Free = DetectAckFree;

diff --git a/src/detect-classtype.c b/src/detect-classtype.c
index 3b33c2393a46757decf50c19718a4a884fddcfed..07aa01da6a341c1c88e82227517eeb78aa3ac489 100644 (file)
--- a/src/detect-classtype.c
+++ b/src/detect-classtype.c
@@ -57,6 +57,8 @@ void DetectClasstypeRegister(void)
     SCLogDebug("Registering the Classtype keyword handler");
 
     sigmatch_table[DETECT_CLASSTYPE].name = "classtype";
+    sigmatch_table[DETECT_CLASSTYPE].desc = "information about the classification of rules and alerts";
+    sigmatch_table[DETECT_CLASSTYPE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings#Classtype";
     sigmatch_table[DETECT_CLASSTYPE].Match = NULL;
     sigmatch_table[DETECT_CLASSTYPE].Setup = DetectClasstypeSetup;
     sigmatch_table[DETECT_CLASSTYPE].Free  = NULL;

diff --git a/src/detect-content.c b/src/detect-content.c
index 606dbcec7ab44504f8b7b7ee92774a70d4d368cd..2263c30fb2a8ad7d7cf87bf378a577c8d63e3c18 100644 (file)
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -51,6 +51,8 @@ void DetectContentRegisterTests(void);
 
 void DetectContentRegister (void) {
     sigmatch_table[DETECT_CONTENT].name = "content";
+    sigmatch_table[DETECT_CONTENT].desc = "match on payload content";
+    sigmatch_table[DETECT_CONTENT].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords#Content";
     sigmatch_table[DETECT_CONTENT].Match = NULL;
     sigmatch_table[DETECT_CONTENT].Setup = DetectContentSetup;
     sigmatch_table[DETECT_CONTENT].Free  = DetectContentFree;

diff --git a/src/detect-depth.c b/src/detect-depth.c
index f6ecc46bc2ca2dc5d5cac8218d14ad8afca383b3..8eeace5c5c4837957eaade4dcc2b38bc3a1347db 100644 (file)
--- a/src/detect-depth.c
+++ b/src/detect-depth.c
@@ -44,6 +44,8 @@ static int DetectDepthSetup (DetectEngineCtx *, Signature *, char *);
 
 void DetectDepthRegister (void) {
     sigmatch_table[DETECT_DEPTH].name = "depth";
+    sigmatch_table[DETECT_DEPTH].desc = "designate how many bytes from the beginning of the payload will be checked";
+    sigmatch_table[DETECT_DEPTH].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords#Depth";
     sigmatch_table[DETECT_DEPTH].Match = NULL;
     sigmatch_table[DETECT_DEPTH].Setup = DetectDepthSetup;
     sigmatch_table[DETECT_DEPTH].Free  = NULL;

diff --git a/src/detect-detection-filter.c b/src/detect-detection-filter.c
index 9573b44b3b5e65dffc37a482f9350d6fe719200d..02a8e89d1ed18f774d6edff5382e866cfe1ef178 100644 (file)
--- a/src/detect-detection-filter.c
+++ b/src/detect-detection-filter.c
@@ -61,6 +61,8 @@ void DetectDetectionFilterFree(void *);
  */
 void DetectDetectionFilterRegister (void) {
     sigmatch_table[DETECT_DETECTION_FILTER].name = "detection_filter";
+    sigmatch_table[DETECT_DETECTION_FILTER].desc = "alert on every match after a threshold has been reached";
+    sigmatch_table[DETECT_DETECTION_FILTER].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule-Thresholding#detection_filter";
     sigmatch_table[DETECT_DETECTION_FILTER].Match = DetectDetectionFilterMatch;
     sigmatch_table[DETECT_DETECTION_FILTER].Setup = DetectDetectionFilterSetup;
     sigmatch_table[DETECT_DETECTION_FILTER].Free = DetectDetectionFilterFree;

diff --git a/src/detect-distance.c b/src/detect-distance.c
index 8c442ceaa4b4d481a5c5b95ded456f09a7e25e60..99011b1ec738f43d728ca596b2aaa9f720d08640 100644 (file)
--- a/src/detect-distance.c
+++ b/src/detect-distance.c
@@ -51,6 +51,8 @@ void DetectDistanceRegisterTests(void);
 
 void DetectDistanceRegister (void) {
     sigmatch_table[DETECT_DISTANCE].name = "distance";
+    sigmatch_table[DETECT_DISTANCE].desc = "indicates a relation between this content keyword and the content preceding it";
+    sigmatch_table[DETECT_DISTANCE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords#Distance";
     sigmatch_table[DETECT_DISTANCE].Match = NULL;
     sigmatch_table[DETECT_DISTANCE].Setup = DetectDistanceSetup;
     sigmatch_table[DETECT_DISTANCE].Free  = NULL;

diff --git a/src/detect-dsize.c b/src/detect-dsize.c
index 667fe06184d5e2becb956c9b617b3deb55f99a9e..628171ae06ab75921d3d0c7ca91424af06adafa3 100644 (file)
--- a/src/detect-dsize.c
+++ b/src/detect-dsize.c
@@ -54,6 +54,8 @@ static void DetectDsizeFree(void *);
  */
 void DetectDsizeRegister (void) {
     sigmatch_table[DETECT_DSIZE].name = "dsize";
+    sigmatch_table[DETECT_DSIZE].desc = "match on the size of the packet payload";
+    sigmatch_table[DETECT_DSIZE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords#Dsize";
     sigmatch_table[DETECT_DSIZE].Match = DetectDsizeMatch;
     sigmatch_table[DETECT_DSIZE].Setup = DetectDsizeSetup;
     sigmatch_table[DETECT_DSIZE].Free  = DetectDsizeFree;

diff --git a/src/detect-fast-pattern.c b/src/detect-fast-pattern.c
index 1a9781aae5252b3716affc561b16688951041777..da8270dce83f17c312cf0d682d1102f490def3e7 100644 (file)
--- a/src/detect-fast-pattern.c
+++ b/src/detect-fast-pattern.c
@@ -107,6 +107,8 @@ void SupportFastPatternForSigMatchTypes(void)
 void DetectFastPatternRegister(void)
 {
     sigmatch_table[DETECT_FAST_PATTERN].name = "fast_pattern";
+    sigmatch_table[DETECT_FAST_PATTERN].desc = "force using preceding content in the multi pattern matcher";
+    sigmatch_table[DETECT_FAST_PATTERN].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#fast_pattern";
     sigmatch_table[DETECT_FAST_PATTERN].Match = NULL;
     sigmatch_table[DETECT_FAST_PATTERN].Setup = DetectFastPatternSetup;
     sigmatch_table[DETECT_FAST_PATTERN].Free  = NULL;

diff --git a/src/detect-file-data.c b/src/detect-file-data.c
index d302c8bfcf287009c16e6fcfb6b7824893234fe5..608c8b58ca414a3b00daf3b4696923de6ecf65dd 100644 (file)
--- a/src/detect-file-data.c
+++ b/src/detect-file-data.c
@@ -50,6 +50,8 @@ static int DetectFiledataSetup (DetectEngineCtx *, Signature *, char *);
  */
 void DetectFiledataRegister(void) {
     sigmatch_table[DETECT_FILE_DATA].name = "file_data";
+    sigmatch_table[DETECT_FILE_DATA].desc = "make content keywords match on HTTP response body";
+    sigmatch_table[DETECT_FILE_DATA].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#file_data";
     sigmatch_table[DETECT_FILE_DATA].Match = NULL;
     sigmatch_table[DETECT_FILE_DATA].AppLayerMatch = NULL;
     sigmatch_table[DETECT_FILE_DATA].alproto = ALPROTO_HTTP;

diff --git a/src/detect-fileext.c b/src/detect-fileext.c
index 80a5cef53a99faf5e7c27455f08dc58f7e34af69..b6f00c19a3631cc55bd0b45101ecada2b42b883e 100644 (file)
--- a/src/detect-fileext.c
+++ b/src/detect-fileext.c
@@ -62,6 +62,8 @@ static void DetectFileextFree(void *);
  */
 void DetectFileextRegister(void) {
     sigmatch_table[DETECT_FILEEXT].name = "fileext";
+    sigmatch_table[DETECT_FILEEXT].desc = "match on the extension of a file name";
+    sigmatch_table[DETECT_FILEEXT].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#fileext";
     sigmatch_table[DETECT_FILEEXT].FileMatch = DetectFileextMatch;
     sigmatch_table[DETECT_FILEEXT].alproto = ALPROTO_HTTP;
     sigmatch_table[DETECT_FILEEXT].Setup = DetectFileextSetup;

diff --git a/src/detect-filemagic.c b/src/detect-filemagic.c
index 4eef0243c5ee6eeaf4083894b8ac656398d6fe72..a3f8b07203af4e786164eba2c04c88f248347e3a 100644 (file)
--- a/src/detect-filemagic.c
+++ b/src/detect-filemagic.c
@@ -66,6 +66,8 @@ static void DetectFilemagicFree(void *);
  */
 void DetectFilemagicRegister(void) {
     sigmatch_table[DETECT_FILEMAGIC].name = "filemagic";
+    sigmatch_table[DETECT_FILEMAGIC].desc = "match on the information libmagic returns about a file";
+    sigmatch_table[DETECT_FILEMAGIC].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filemagic";
     sigmatch_table[DETECT_FILEMAGIC].FileMatch = DetectFilemagicMatch;
     sigmatch_table[DETECT_FILEMAGIC].alproto = ALPROTO_HTTP;
     sigmatch_table[DETECT_FILEMAGIC].Setup = DetectFilemagicSetup;

diff --git a/src/detect-filemd5.c b/src/detect-filemd5.c
index 6bb9d0325751d9e19f7a7fecac19fd1f33367185..1030c360a8f3f33045632e6f751f817701228eae 100644 (file)
--- a/src/detect-filemd5.c
+++ b/src/detect-filemd5.c
@@ -66,6 +66,8 @@ static int DetectFileMd5SetupNoSupport (DetectEngineCtx *a, Signature *b, char *
  */
 void DetectFileMd5Register(void) {
     sigmatch_table[DETECT_FILEMD5].name = "filemd5";
+    sigmatch_table[DETECT_FILEMD5].desc = "match file MD5 against list of MD5 checksums";
+    sigmatch_table[DETECT_FILEMD5].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filemd5";
     sigmatch_table[DETECT_FILEMD5].FileMatch = NULL;
     sigmatch_table[DETECT_FILEMD5].alproto = ALPROTO_HTTP;
     sigmatch_table[DETECT_FILEMD5].Setup = DetectFileMd5SetupNoSupport;

diff --git a/src/detect-filename.c b/src/detect-filename.c
index 31fc0b6c6ce6d23fb1c9afe8ef7b41e52a9f61c9..b978bc039e190ad4bd27d823fbd64b03828749ba 100644 (file)
--- a/src/detect-filename.c
+++ b/src/detect-filename.c
@@ -61,6 +61,8 @@ static void DetectFilenameFree(void *);
  */
 void DetectFilenameRegister(void) {
     sigmatch_table[DETECT_FILENAME].name = "filename";
+    sigmatch_table[DETECT_FILENAME].desc = "match on the file name";
+    sigmatch_table[DETECT_FILENAME].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filename";
     sigmatch_table[DETECT_FILENAME].FileMatch = DetectFilenameMatch;
     sigmatch_table[DETECT_FILENAME].alproto = ALPROTO_HTTP;
     sigmatch_table[DETECT_FILENAME].Setup = DetectFilenameSetup;

diff --git a/src/detect-filesize.c b/src/detect-filesize.c
index a56c8a068880427af137b92853cbe4fc5ff71195..a807405c6bc2be9a1a7e5aefa94d8aac8c9d853a 100644 (file)
--- a/src/detect-filesize.c
+++ b/src/detect-filesize.c
@@ -61,6 +61,8 @@ static void DetectFilesizeRegisterTests (void);
 void DetectFilesizeRegister(void)
 {
     sigmatch_table[DETECT_FILESIZE].name = "filesize";
+    sigmatch_table[DETECT_FILESIZE].desc = "match on the size of the file as it is being transferred";
+    sigmatch_table[DETECT_FILESIZE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filesize";
     sigmatch_table[DETECT_FILESIZE].alproto = ALPROTO_HTTP;
     sigmatch_table[DETECT_FILESIZE].FileMatch = DetectFilesizeMatch;
     sigmatch_table[DETECT_FILESIZE].Setup = DetectFilesizeSetup;

diff --git a/src/detect-filestore.c b/src/detect-filestore.c
index 20157bb3d85777191d446cdc0a86e4dec006f8e3..e116ce48f09dc036c35c3e47c01fc5cc2205b11a 100644 (file)
--- a/src/detect-filestore.c
+++ b/src/detect-filestore.c
@@ -68,6 +68,8 @@ static void DetectFilestoreFree(void *);
  */
 void DetectFilestoreRegister(void) {
     sigmatch_table[DETECT_FILESTORE].name = "filestore";
+    sigmatch_table[DETECT_FILESTORE].desc = "stores files to disk if the rule matched";
+    sigmatch_table[DETECT_FILESTORE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File-keywords#filestore";
     sigmatch_table[DETECT_FILESTORE].FileMatch = DetectFilestoreMatch;
     sigmatch_table[DETECT_FILESTORE].alproto = ALPROTO_HTTP;
     sigmatch_table[DETECT_FILESTORE].Setup = DetectFilestoreSetup;

diff --git a/src/detect-flow.c b/src/detect-flow.c
index fa6ca2d197ee445707695276d7202013dd4cdb77..d7565731beafdf53ef92dd2b328009289b68a891 100644 (file)
--- a/src/detect-flow.c
+++ b/src/detect-flow.c
@@ -58,6 +58,8 @@ void DetectFlowFree(void *);
  */
 void DetectFlowRegister (void) {
     sigmatch_table[DETECT_FLOW].name = "flow";
+    sigmatch_table[DETECT_FLOW].desc = "match on direction and state of the flow";
+    sigmatch_table[DETECT_FLOW].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Flow-keywords#Flow";
     sigmatch_table[DETECT_FLOW].Match = DetectFlowMatch;
     sigmatch_table[DETECT_FLOW].Setup = DetectFlowSetup;
     sigmatch_table[DETECT_FLOW].Free  = DetectFlowFree;

diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c
index 9d97bab2f015047ab89d6f05b790d19999f5db50..232b00832ee443543163bfe788f0b2c5f812a52e 100644 (file)
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@@ -57,6 +57,8 @@ void FlowBitsRegisterTests(void);
 
 void DetectFlowbitsRegister (void) {
     sigmatch_table[DETECT_FLOWBITS].name = "flowbits";
+    sigmatch_table[DETECT_FLOWBITS].desc = "operate on flow flag";
+    sigmatch_table[DETECT_FLOWBITS].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Flow-keywords#Flowbits";
     sigmatch_table[DETECT_FLOWBITS].Match = DetectFlowbitMatch;
     sigmatch_table[DETECT_FLOWBITS].Setup = DetectFlowbitSetup;
     sigmatch_table[DETECT_FLOWBITS].Free  = DetectFlowbitFree;

diff --git a/src/detect-flowint.c b/src/detect-flowint.c
index 61b6f984bf135be1d72934a553fee9db89e74905..d2ce9cd6d14e80e0cf7fb87144246d773cf41393 100644 (file)
--- a/src/detect-flowint.c
+++ b/src/detect-flowint.c
@@ -56,6 +56,8 @@ void DetectFlowintRegisterTests(void);
 void DetectFlowintRegister(void)
 {
     sigmatch_table[DETECT_FLOWINT].name = "flowint";
+    sigmatch_table[DETECT_FLOWINT].desc = "operate on a per-flow integer";
+    sigmatch_table[DETECT_FLOWINT].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Flowint";
     sigmatch_table[DETECT_FLOWINT].Match = DetectFlowintMatch;
     sigmatch_table[DETECT_FLOWINT].Setup = DetectFlowintSetup;
     sigmatch_table[DETECT_FLOWINT].Free = DetectFlowintFree;

diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c
index e61f0b45ef4e0745ea763ff110a30f54640422ae..6908295a9adec69b7fcc035d1d366eafb51a94b2 100644 (file)
--- a/src/detect-fragbits.c
+++ b/src/detect-fragbits.c
@@ -70,6 +70,8 @@ static void DetectFragBitsFree(void *);
 
 void DetectFragBitsRegister (void) {
     sigmatch_table[DETECT_FRAGBITS].name = "fragbits";
+    sigmatch_table[DETECT_FRAGBITS].desc = "check if the fragmentation and reserved bits are set in the IP header";
+    sigmatch_table[DETECT_FRAGBITS].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#Fragbits";
     sigmatch_table[DETECT_FRAGBITS].Match = DetectFragBitsMatch;
     sigmatch_table[DETECT_FRAGBITS].Setup = DetectFragBitsSetup;
     sigmatch_table[DETECT_FRAGBITS].Free  = DetectFragBitsFree;

diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c
index 3d6f528959acf59cdb6292c1d359861ee87ca921..4fae50a34f65ef0bb11e08c8d710faadb120eefc 100644 (file)
--- a/src/detect-fragoffset.c
+++ b/src/detect-fragoffset.c
@@ -53,6 +53,8 @@ void DetectFragOffsetFree(void *);
  */
 void DetectFragOffsetRegister (void) {
     sigmatch_table[DETECT_FRAGOFFSET].name = "fragoffset";
+    sigmatch_table[DETECT_FRAGOFFSET].desc = "match on specific decimal values of the IP fragment offset field";
+    sigmatch_table[DETECT_FRAGOFFSET].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#Fragoffset";
     sigmatch_table[DETECT_FRAGOFFSET].Match = DetectFragOffsetMatch;
     sigmatch_table[DETECT_FRAGOFFSET].Setup = DetectFragOffsetSetup;
     sigmatch_table[DETECT_FRAGOFFSET].Free = DetectFragOffsetFree;

diff --git a/src/detect-gid.c b/src/detect-gid.c
index 1c4d47b05b4f79377b7f4c2440805c3dc49082b7..3bd65fc59de3950b2f9d053429a5f6364c97d532 100644 (file)
--- a/src/detect-gid.c
+++ b/src/detect-gid.c
@@ -47,6 +47,8 @@ static int DetectGidSetup (DetectEngineCtx *, Signature *, char *);
 
 void DetectGidRegister (void) {
     sigmatch_table[DETECT_GID].name = "gid";
+    sigmatch_table[DETECT_GID].desc = "give different groups of signatures another id value";
+    sigmatch_table[DETECT_GID].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings#Gid-group-id";
     sigmatch_table[DETECT_GID].Match = NULL;
     sigmatch_table[DETECT_GID].Setup = DetectGidSetup;
     sigmatch_table[DETECT_GID].Free  = NULL;

diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c
index b5336ff11a8bd623cf732bd64246d1a4918d7248..e11468f6f734d9b64e2fe421bfee4b50ef98cf69 100644 (file)
--- a/src/detect-http-client-body.c
+++ b/src/detect-http-client-body.c
@@ -67,6 +67,8 @@ void DetectHttpClientBodyFree(void *);
 void DetectHttpClientBodyRegister(void)
 {
     sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].name = "http_client_body";
+    sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].desc = "content modifier to match only on HTTP request-body";
+    sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_client_body";
     sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Match = NULL;
     sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_CLIENT_BODY].Setup = DetectHttpClientBodySetup;

diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c
index 5fb7b399d77980a1721691ff95117c1af874528e..96457e169dde0dfd4cfc5080434bfeb952743131 100644 (file)
--- a/src/detect-http-cookie.c
+++ b/src/detect-http-cookie.c
@@ -68,6 +68,8 @@ void DetectHttpCookieFree(void *);
  */
 void DetectHttpCookieRegister (void) {
     sigmatch_table[DETECT_AL_HTTP_COOKIE].name = "http_cookie";
+    sigmatch_table[DETECT_AL_HTTP_COOKIE].desc = "content modifier to match only on the HTTP cookie-buffer";
+    sigmatch_table[DETECT_AL_HTTP_COOKIE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_cookie";
     sigmatch_table[DETECT_AL_HTTP_COOKIE].Match = NULL;
     sigmatch_table[DETECT_AL_HTTP_COOKIE].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_COOKIE].alproto = ALPROTO_HTTP;

diff --git a/src/detect-http-header.c b/src/detect-http-header.c
index 1990ccd2f806964f06e1fd0a0b6dddda3e817169..93a5a560a53914be884d3efa1237e777ae974dda 100644 (file)
--- a/src/detect-http-header.c
+++ b/src/detect-http-header.c
@@ -68,6 +68,8 @@ void DetectHttpHeaderFree(void *);
 void DetectHttpHeaderRegister(void)
 {
     sigmatch_table[DETECT_AL_HTTP_HEADER].name = "http_header";
+    sigmatch_table[DETECT_AL_HTTP_HEADER].desc = "content modifier to match only on the HTTP header-buffer";
+    sigmatch_table[DETECT_AL_HTTP_HEADER].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_header";
     sigmatch_table[DETECT_AL_HTTP_HEADER].Match = NULL;
     sigmatch_table[DETECT_AL_HTTP_HEADER].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_HEADER].Setup = DetectHttpHeaderSetup;

diff --git a/src/detect-http-method.c b/src/detect-http-method.c
index 8666fbf34bd07edda98b1aca3662c1c4b15d36a6..14afc4d714175a369f6743fa2649d669cb240bea 100644 (file)
--- a/src/detect-http-method.c
+++ b/src/detect-http-method.c
@@ -68,6 +68,8 @@ void DetectHttpMethodFree(void *);
  */
 void DetectHttpMethodRegister(void) {
     sigmatch_table[DETECT_AL_HTTP_METHOD].name = "http_method";
+    sigmatch_table[DETECT_AL_HTTP_METHOD].desc = "content modifier to match only on the HTTP method-buffer";
+    sigmatch_table[DETECT_AL_HTTP_METHOD].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_method";
     sigmatch_table[DETECT_AL_HTTP_METHOD].Match = NULL;
     sigmatch_table[DETECT_AL_HTTP_METHOD].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_METHOD].alproto = ALPROTO_HTTP;

diff --git a/src/detect-http-raw-uri.c b/src/detect-http-raw-uri.c
index 4b541d10757d3599bc3cfbed1be041881c134999..0e3adf3d785f7bd50659da47e472e9891a05a5ac 100644 (file)
--- a/src/detect-http-raw-uri.c
+++ b/src/detect-http-raw-uri.c
@@ -63,6 +63,8 @@ static void DetectHttpRawUriRegisterTests(void);
 void DetectHttpRawUriRegister(void)
 {
     sigmatch_table[DETECT_AL_HTTP_RAW_URI].name = "http_raw_uri";
+    sigmatch_table[DETECT_AL_HTTP_RAW_URI].desc = "content modifier to match on HTTP uri";
+    sigmatch_table[DETECT_AL_HTTP_RAW_URI].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_uri-and-http_raw_uri";
     sigmatch_table[DETECT_AL_HTTP_RAW_URI].Match = NULL;
     sigmatch_table[DETECT_AL_HTTP_RAW_URI].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_RAW_URI].alproto = ALPROTO_HTTP;

diff --git a/src/detect-http-server-body.c b/src/detect-http-server-body.c
index b0d3db48475c6c8c8d59c83633ac7655088c6cc0..bd0deba98ff8523a0deb8b9cb190416066c32058 100644 (file)
--- a/src/detect-http-server-body.c
+++ b/src/detect-http-server-body.c
@@ -68,6 +68,8 @@ void DetectHttpServerBodyFree(void *);
 void DetectHttpServerBodyRegister(void)
 {
     sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].name = "http_server_body";
+    sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].desc = "content modifier to match only on the HTTP response-body";
+    sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_server_body";
     sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Match = NULL;
     sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_SERVER_BODY].Setup = DetectHttpServerBodySetup;

diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c
index c973a6f5b9b9b897edc7f86148e7da809fc87418..50c3eea54d82ca522213c3bd11fa1bfcd772a61f 100644 (file)
--- a/src/detect-http-stat-code.c
+++ b/src/detect-http-stat-code.c
@@ -73,6 +73,8 @@ void DetectHttpStatCodeFree(void *);
  */
 void DetectHttpStatCodeRegister (void) {
     sigmatch_table[DETECT_AL_HTTP_STAT_CODE].name = "http_stat_code";
+    sigmatch_table[DETECT_AL_HTTP_STAT_CODE].desc = "content modifier to match only on HTTP stat-code-buffer";
+    sigmatch_table[DETECT_AL_HTTP_STAT_CODE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_stat_code";
     sigmatch_table[DETECT_AL_HTTP_STAT_CODE].Match = NULL;
     sigmatch_table[DETECT_AL_HTTP_STAT_CODE].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_STAT_CODE].alproto = ALPROTO_HTTP;

diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c
index 405e9a86e926232b65829f7bc4397899fdb7b3ed..55678a11151c22cbbff13032c149bbf97cb79433 100644 (file)
--- a/src/detect-http-stat-msg.c
+++ b/src/detect-http-stat-msg.c
@@ -73,6 +73,8 @@ void DetectHttpStatMsgFree(void *);
  */
 void DetectHttpStatMsgRegister (void) {
     sigmatch_table[DETECT_AL_HTTP_STAT_MSG].name = "http_stat_msg";
+    sigmatch_table[DETECT_AL_HTTP_STAT_MSG].desc = "content modifier to match on HTTP stat-msg-buffer";
+    sigmatch_table[DETECT_AL_HTTP_STAT_MSG].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_stat_msg";
     sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Match = NULL;
     sigmatch_table[DETECT_AL_HTTP_STAT_MSG].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_STAT_MSG].alproto = ALPROTO_HTTP;

diff --git a/src/detect-http-ua.c b/src/detect-http-ua.c
index fdaa0e63352ad0fb58edd4d5558a297d9d3ac95c..62a4501a304b12a6738e5c71364ca1ef63ad82ac 100644 (file)
--- a/src/detect-http-ua.c
+++ b/src/detect-http-ua.c
@@ -67,6 +67,8 @@ void DetectHttpUAFree(void *);
 void DetectHttpUARegister(void)
 {
     sigmatch_table[DETECT_AL_HTTP_USER_AGENT].name = "http_user_agent";
+    sigmatch_table[DETECT_AL_HTTP_USER_AGENT].desc = "content modifier to match only on the HTTP User-Agent header";
+    sigmatch_table[DETECT_AL_HTTP_USER_AGENT].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_user_agent";
     sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Match = NULL;
     sigmatch_table[DETECT_AL_HTTP_USER_AGENT].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_USER_AGENT].Setup = DetectHttpUASetup;

diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c
index 62979397772f27ae167a3d77c150de9122482d6f..4c1ac285bff33d9490a57f4e284512a1270662be 100644 (file)
--- a/src/detect-http-uri.c
+++ b/src/detect-http-uri.c
@@ -63,6 +63,8 @@ void DetectHttpUriRegisterTests(void);
  */
 void DetectHttpUriRegister (void) {
     sigmatch_table[DETECT_AL_HTTP_URI].name = "http_uri";
+    sigmatch_table[DETECT_AL_HTTP_URI].desc = "content modifier to match specifically and only on the HTTP uri-buffer";
+    sigmatch_table[DETECT_AL_HTTP_URI].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#http_uri-and-http_raw_uri";
     sigmatch_table[DETECT_AL_HTTP_URI].Match = NULL;
     sigmatch_table[DETECT_AL_HTTP_URI].AppLayerMatch = NULL;
     sigmatch_table[DETECT_AL_HTTP_URI].alproto = ALPROTO_HTTP;

diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c
index 34afe3bb6484bdda454665ece396f0cd6b50215b..385318fa168d53b3923011c169b0404c54d38eb9 100644 (file)
--- a/src/detect-icmp-seq.c
+++ b/src/detect-icmp-seq.c
@@ -52,6 +52,8 @@ void DetectIcmpSeqFree(void *);
  */
 void DetectIcmpSeqRegister (void) {
     sigmatch_table[DETECT_ICMP_SEQ].name = "icmp_seq";
+    sigmatch_table[DETECT_ICMP_SEQ].desc = "check for a ICMP sequence number";
+    sigmatch_table[DETECT_ICMP_SEQ].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#icmp_seq";
     sigmatch_table[DETECT_ICMP_SEQ].Match = DetectIcmpSeqMatch;
     sigmatch_table[DETECT_ICMP_SEQ].Setup = DetectIcmpSeqSetup;
     sigmatch_table[DETECT_ICMP_SEQ].Free = DetectIcmpSeqFree;

diff --git a/src/detect-icode.c b/src/detect-icode.c
index 9a3112c865b5a95ffa8d40e9b6c0de03311846fc..0ff677378d92eb0aaa5939badc8998142334207d 100644 (file)
--- a/src/detect-icode.c
+++ b/src/detect-icode.c
@@ -56,6 +56,8 @@ void DetectICodeFree(void *);
  */
 void DetectICodeRegister (void) {
     sigmatch_table[DETECT_ICODE].name = "icode";
+    sigmatch_table[DETECT_ICODE].desc = "match on specific ICMP id-value";
+    sigmatch_table[DETECT_ICODE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#icode";
     sigmatch_table[DETECT_ICODE].Match = DetectICodeMatch;
     sigmatch_table[DETECT_ICODE].Setup = DetectICodeSetup;
     sigmatch_table[DETECT_ICODE].Free = DetectICodeFree;

diff --git a/src/detect-id.c b/src/detect-id.c
index 38005083eabd424965f56f599e30bba76147b6c4..ad4878536790519ffc0da3c5f448135f7abf978b 100644 (file)
--- a/src/detect-id.c
+++ b/src/detect-id.c
@@ -59,6 +59,8 @@ void DetectIdFree(void *);
  */
 void DetectIdRegister (void) {
     sigmatch_table[DETECT_ID].name = "id";
+    sigmatch_table[DETECT_ID].desc = "match on a specific IP ID value";
+    sigmatch_table[DETECT_ID].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#Id";
     sigmatch_table[DETECT_ID].Match = DetectIdMatch;
     sigmatch_table[DETECT_ID].Setup = DetectIdSetup;
     sigmatch_table[DETECT_ID].Free  = DetectIdFree;

diff --git a/src/detect-ipopts.c b/src/detect-ipopts.c
index a59aa377cbc2a63a0c3bae7151519c2bb2e607b8..4e0f351beaa2f7a96e2ea8d0421b5eebc2b171f2 100644 (file)
--- a/src/detect-ipopts.c
+++ b/src/detect-ipopts.c
@@ -56,6 +56,8 @@ void DetectIpOptsFree(void *);
  */
 void DetectIpOptsRegister (void) {
     sigmatch_table[DETECT_IPOPTS].name = "ipopts";
+    sigmatch_table[DETECT_IPOPTS].desc = "check if a specific IP option is set";
+    sigmatch_table[DETECT_IPOPTS].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#Ipopts";
     sigmatch_table[DETECT_IPOPTS].Match = DetectIpOptsMatch;
     sigmatch_table[DETECT_IPOPTS].Setup = DetectIpOptsSetup;
     sigmatch_table[DETECT_IPOPTS].Free  = DetectIpOptsFree;

diff --git a/src/detect-ipproto.c b/src/detect-ipproto.c
index 237b2a6aa66d141423e6b29d607a5de1fe122400..80009d030a0675dd744ff01aec95bdb9f4050234 100644 (file)
--- a/src/detect-ipproto.c
+++ b/src/detect-ipproto.c
@@ -65,6 +65,8 @@ void DetectIPProtoRegister(void)
     int opts = 0;
 
     sigmatch_table[DETECT_IPPROTO].name = "ip_proto";
+    sigmatch_table[DETECT_IPPROTO].desc = "match on the IP protocol in the packet-header";
+    sigmatch_table[DETECT_IPPROTO].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#ip_proto";
     sigmatch_table[DETECT_IPPROTO].Match = NULL;
     sigmatch_table[DETECT_IPPROTO].Setup = DetectIPProtoSetup;
     sigmatch_table[DETECT_IPPROTO].Free  = NULL;

diff --git a/src/detect-isdataat.c b/src/detect-isdataat.c
index ef265578885ba4b6c509e4aef8b717229eb49189..d7bd4f1d7ccb301155531ffb10969974fbbd8a79 100644 (file)
--- a/src/detect-isdataat.c
+++ b/src/detect-isdataat.c
@@ -65,6 +65,8 @@ void DetectIsdataatFree(void *);
  */
 void DetectIsdataatRegister (void) {
     sigmatch_table[DETECT_ISDATAAT].name = "isdataat";
+    sigmatch_table[DETECT_ISDATAAT].desc = "check if there is still data at a specific part of the payload";
+    sigmatch_table[DETECT_ISDATAAT].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords#Isadataat";
     sigmatch_table[DETECT_ISDATAAT].Match = DetectIsdataatMatch;
     sigmatch_table[DETECT_ISDATAAT].Setup = DetectIsdataatSetup;
     sigmatch_table[DETECT_ISDATAAT].Free  = DetectIsdataatFree;

diff --git a/src/detect-itype.c b/src/detect-itype.c
index f59cd1a3ebdd5377a26f4bc4d7c75676fdd98157..ea7ee032c921367699352c0cf3864dad0411c8db 100644 (file)
--- a/src/detect-itype.c
+++ b/src/detect-itype.c
@@ -56,6 +56,8 @@ void DetectITypeFree(void *);
  */
 void DetectITypeRegister (void) {
     sigmatch_table[DETECT_ITYPE].name = "itype";
+    sigmatch_table[DETECT_ITYPE].desc = "matching on a specific ICMP type";
+    sigmatch_table[DETECT_ITYPE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#itype";
     sigmatch_table[DETECT_ITYPE].Match = DetectITypeMatch;
     sigmatch_table[DETECT_ITYPE].Setup = DetectITypeSetup;
     sigmatch_table[DETECT_ITYPE].Free = DetectITypeFree;

diff --git a/src/detect-luajit.c b/src/detect-luajit.c
index bb70a5efb6b2d4e1968990023a722c0d91980df2..020fec5980c77c5a04d0f17115be8f9e748400d1 100644 (file)
--- a/src/detect-luajit.c
+++ b/src/detect-luajit.c
@@ -92,6 +92,8 @@ static void DetectLuajitFree(void *);
  */
 void DetectLuajitRegister(void) {
     sigmatch_table[DETECT_LUAJIT].name = "luajit";
+    sigmatch_table[DETECT_LUAJIT].desc = "match via a luajit script";
+    sigmatch_table[DETECT_LUAJIT].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_scripting";
     sigmatch_table[DETECT_LUAJIT].Match = DetectLuajitMatch;
     sigmatch_table[DETECT_LUAJIT].Setup = DetectLuajitSetup;
     sigmatch_table[DETECT_LUAJIT].Free  = DetectLuajitFree;

diff --git a/src/detect-metadata.c b/src/detect-metadata.c
index f0001f17c551c4d5093ec44321893fd87a5bb4bf..fd2088e94e330237017450383ce9dfa348555a2a 100644 (file)
--- a/src/detect-metadata.c
+++ b/src/detect-metadata.c
@@ -33,6 +33,8 @@ static int DetectMetadataSetup (DetectEngineCtx *, Signature *, char *);
 
 void DetectMetadataRegister (void) {
     sigmatch_table[DETECT_METADATA].name = "metadata";
+    sigmatch_table[DETECT_METADATA].desc = "ignored by suricata";
+    sigmatch_table[DETECT_METADATA].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings#Metadata";
     sigmatch_table[DETECT_METADATA].Match = NULL;
     sigmatch_table[DETECT_METADATA].Setup = DetectMetadataSetup;
     sigmatch_table[DETECT_METADATA].Free  = NULL;

diff --git a/src/detect-msg.c b/src/detect-msg.c
index 4bcd65d83da443127f943540c517d70a5ff50db4..48f53e2fd950731107ceb61b05c449b4b9735968 100644 (file)
--- a/src/detect-msg.c
+++ b/src/detect-msg.c
@@ -38,6 +38,8 @@ void DetectMsgRegisterTests(void);
 
 void DetectMsgRegister (void) {
     sigmatch_table[DETECT_MSG].name = "msg";
+    sigmatch_table[DETECT_MSG].desc = "information about the rule and the possible alert";
+    sigmatch_table[DETECT_MSG].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings#msg-message";
     sigmatch_table[DETECT_MSG].Match = NULL;
     sigmatch_table[DETECT_MSG].Setup = DetectMsgSetup;
     sigmatch_table[DETECT_MSG].Free = NULL;

diff --git a/src/detect-nocase.c b/src/detect-nocase.c
index 38b17006142474a9e3d5bc49c64dec173ee9ed04..f56b63a5b976ae0ebf972e6911a9387ee6e451c7 100644 (file)
--- a/src/detect-nocase.c
+++ b/src/detect-nocase.c
@@ -46,6 +46,8 @@ static int DetectNocaseSetup (DetectEngineCtx *, Signature *, char *);
 
 void DetectNocaseRegister (void) {
     sigmatch_table[DETECT_NOCASE].name = "nocase";
+    sigmatch_table[DETECT_NOCASE].desc = "modify content match to be case insensitive";
+    sigmatch_table[DETECT_NOCASE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords#Nocase";
     sigmatch_table[DETECT_NOCASE].Match = NULL;
     sigmatch_table[DETECT_NOCASE].Setup = DetectNocaseSetup;
     sigmatch_table[DETECT_NOCASE].Free  = NULL;

diff --git a/src/detect-offset.c b/src/detect-offset.c
index 21beeb94daeed838b959adefb090fc77866e851f..d17fa75a442e86e782f4cbc89fb7578e8bf87983 100644 (file)
--- a/src/detect-offset.c
+++ b/src/detect-offset.c
@@ -43,6 +43,8 @@ static int DetectOffsetSetup (DetectEngineCtx *, Signature *, char *);
 
 void DetectOffsetRegister (void) {
     sigmatch_table[DETECT_OFFSET].name = "offset";
+    sigmatch_table[DETECT_OFFSET].desc = "designate from which byte in the payload will be checked to find a match";
+    sigmatch_table[DETECT_OFFSET].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords#Offset";
     sigmatch_table[DETECT_OFFSET].Match = NULL;
     sigmatch_table[DETECT_OFFSET].Setup = DetectOffsetSetup;
     sigmatch_table[DETECT_OFFSET].Free  = NULL;

diff --git a/src/detect-pcre.c b/src/detect-pcre.c
index adbad0563150cfe3169bb90defa9b26bc35f6c7b..8cd37f88f8c126f31b641fcb9323dc76573d21d0 100644 (file)
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@@ -83,6 +83,8 @@ void DetectPcreRegisterTests(void);
 
 void DetectPcreRegister (void) {
     sigmatch_table[DETECT_PCRE].name = "pcre";
+    sigmatch_table[DETECT_PCRE].desc = "match on regular expression";
+    sigmatch_table[DETECT_PCRE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#Pcre-Perl-Compatible-Regular-Expressions";
     sigmatch_table[DETECT_PCRE].Match = NULL;
     sigmatch_table[DETECT_PCRE].AppLayerMatch = NULL;
     sigmatch_table[DETECT_PCRE].alproto = ALPROTO_HTTP;

diff --git a/src/detect-priority.c b/src/detect-priority.c
index 9e23e44d0590b27e37f153aa7c94d9935ad3127f..6db84b28b94983e950b0fa56f734421148d5d8d7 100644 (file)
--- a/src/detect-priority.c
+++ b/src/detect-priority.c
@@ -51,6 +51,8 @@ void DetectPriorityRegister (void)
     int opts = 0;
 
     sigmatch_table[DETECT_PRIORITY].name = "priority";
+    sigmatch_table[DETECT_PRIORITY].desc = "rules with a higher priority will be examined first";
+    sigmatch_table[DETECT_PRIORITY].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings#Priority";
     sigmatch_table[DETECT_PRIORITY].Match = NULL;
     sigmatch_table[DETECT_PRIORITY].Setup = DetectPrioritySetup;
     sigmatch_table[DETECT_PRIORITY].Free = NULL;

diff --git a/src/detect-reference.c b/src/detect-reference.c
index 08303ebc36d078e1b6e16a5b41a635cbbe1cda4e..174b03c7f906103f81547a2cb4b163d336453782 100644 (file)
--- a/src/detect-reference.c
+++ b/src/detect-reference.c
@@ -56,6 +56,8 @@ static int DetectReferenceSetup(DetectEngineCtx *, Signature *s, char *str);
 void DetectReferenceRegister(void)
 {
     sigmatch_table[DETECT_REFERENCE].name = "reference";
+    sigmatch_table[DETECT_REFERENCE].desc = "direct to places where information about the rule can be found";
+    sigmatch_table[DETECT_REFERENCE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings#Reference";
     sigmatch_table[DETECT_REFERENCE].Match = NULL;
     sigmatch_table[DETECT_REFERENCE].Setup = DetectReferenceSetup;
     sigmatch_table[DETECT_REFERENCE].Free  = NULL;

diff --git a/src/detect-rev.c b/src/detect-rev.c
index 74cc5a77ad717889124bde537e8f711b2b4e0dc2..94e90e204a9782972a21a83972f525fc88049794 100644 (file)
--- a/src/detect-rev.c
+++ b/src/detect-rev.c
@@ -32,6 +32,8 @@ static int DetectRevSetup (DetectEngineCtx *, Signature *, char *);
 
 void DetectRevRegister (void) {
     sigmatch_table[DETECT_REV].name = "rev";
+    sigmatch_table[DETECT_REV].desc = "set version of the rule";
+    sigmatch_table[DETECT_REV].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings#Rev-Revision";
     sigmatch_table[DETECT_REV].Match = NULL;
     sigmatch_table[DETECT_REV].Setup = DetectRevSetup;
     sigmatch_table[DETECT_REV].Free  = NULL;

diff --git a/src/detect-rpc.c b/src/detect-rpc.c
index 8e7d64be50d6421be5387ce141d262e6d74d1f9e..37d3a4c28155b4479e9b496efa3e17561fc548c1 100644 (file)
--- a/src/detect-rpc.c
+++ b/src/detect-rpc.c
@@ -58,6 +58,8 @@ void DetectRpcFree(void *);
  */
 void DetectRpcRegister (void) {
     sigmatch_table[DETECT_RPC].name = "rpc";
+    sigmatch_table[DETECT_RPC].desc = "match RPC procedure numbers and RPC version";
+    sigmatch_table[DETECT_RPC].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords#rpc";
     sigmatch_table[DETECT_RPC].Match = DetectRpcMatch;
     sigmatch_table[DETECT_RPC].Setup = DetectRpcSetup;
     sigmatch_table[DETECT_RPC].Free  = DetectRpcFree;

diff --git a/src/detect-sameip.c b/src/detect-sameip.c
index b67f9c5f8c80fb0af4e9c2a9e543ddbb42d1f41d..7cd71d3650e8ff52ca7b50c771dee8f2db6dfd5a 100644 (file)
--- a/src/detect-sameip.c
+++ b/src/detect-sameip.c
@@ -49,6 +49,8 @@ static void DetectSameipRegisterTests(void);
 void DetectSameipRegister(void)
 {
     sigmatch_table[DETECT_SAMEIP].name = "sameip";
+    sigmatch_table[DETECT_SAMEIP].desc = "check if the IP address of the source is the same as the IP address of the destination";
+    sigmatch_table[DETECT_SAMEIP].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#sameip";
     sigmatch_table[DETECT_SAMEIP].Match = DetectSameipMatch;
     sigmatch_table[DETECT_SAMEIP].Setup = DetectSameipSetup;
     sigmatch_table[DETECT_SAMEIP].Free = NULL;

diff --git a/src/detect-seq.c b/src/detect-seq.c
index d757a450dd180650ffb4ef08d3d1967d7b56f24c..f41f854512ecdc96b56ad0ad5a3811b4615f4b67 100644 (file)
--- a/src/detect-seq.c
+++ b/src/detect-seq.c
@@ -48,6 +48,8 @@ static void DetectSeqFree(void *);
 
 void DetectSeqRegister(void) {
     sigmatch_table[DETECT_SEQ].name = "seq";
+    sigmatch_table[DETECT_SEQ].desc = "check for a specific TCP sequence number";
+    sigmatch_table[DETECT_SEQ].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#seq";
     sigmatch_table[DETECT_SEQ].Match = DetectSeqMatch;
     sigmatch_table[DETECT_SEQ].Setup = DetectSeqSetup;
     sigmatch_table[DETECT_SEQ].Free = DetectSeqFree;

diff --git a/src/detect-sid.c b/src/detect-sid.c
index d67c1282fddaa812c25636af7218f57fde8878e4..7d2f15eb044c22542586c01b54c8ea6e639e4a7c 100644 (file)
--- a/src/detect-sid.c
+++ b/src/detect-sid.c
@@ -32,6 +32,8 @@ static int DetectSidSetup (DetectEngineCtx *, Signature *, char *);
 
 void DetectSidRegister (void) {
     sigmatch_table[DETECT_SID].name = "sid";
+    sigmatch_table[DETECT_SID].desc = "set rule id";
+    sigmatch_table[DETECT_SID].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Meta-settings#Sid-signature-id";
     sigmatch_table[DETECT_SID].Match = NULL;
     sigmatch_table[DETECT_SID].Setup = DetectSidSetup;
     sigmatch_table[DETECT_SID].Free = NULL;

diff --git a/src/detect-stream_size.c b/src/detect-stream_size.c
index 2866d621f296a239fae296f5381d5ce225291f62..584e25c0d7643190195afcea6dd7b356449b5f20 100644 (file)
--- a/src/detect-stream_size.c
+++ b/src/detect-stream_size.c
@@ -55,6 +55,8 @@ void DetectStreamSizeRegisterTests(void);
 
 void DetectStreamSizeRegister(void) {
     sigmatch_table[DETECT_STREAM_SIZE].name = "stream_size";
+    sigmatch_table[DETECT_STREAM_SIZE].desc = "match on amount of bytes of a stream";
+    sigmatch_table[DETECT_STREAM_SIZE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Flow-keywords#stream_size";
     sigmatch_table[DETECT_STREAM_SIZE].Match = DetectStreamSizeMatch;
     sigmatch_table[DETECT_STREAM_SIZE].Setup = DetectStreamSizeSetup;
     sigmatch_table[DETECT_STREAM_SIZE].Free = DetectStreamSizeFree;

diff --git a/src/detect-threshold.c b/src/detect-threshold.c
index a1db7b84b4b4aeecd0c5fb702e454fb30e5d9368..0ac37688030685c8a63616a92149f354b5b823c9 100644 (file)
--- a/src/detect-threshold.c
+++ b/src/detect-threshold.c
@@ -72,6 +72,8 @@ static void DetectThresholdFree(void *);
 
 void DetectThresholdRegister (void) {
     sigmatch_table[DETECT_THRESHOLD].name = "threshold";
+    sigmatch_table[DETECT_THRESHOLD].desc = "control the rule's alert frequency";
+    sigmatch_table[DETECT_THRESHOLD].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule-Thresholding#threshold";
     sigmatch_table[DETECT_THRESHOLD].Match = DetectThresholdMatch;
     sigmatch_table[DETECT_THRESHOLD].Setup = DetectThresholdSetup;
     sigmatch_table[DETECT_THRESHOLD].Free  = DetectThresholdFree;

diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c
index ffad7c945d9f965dfebadb631f09360486e63bb4..2b0c013ef8956848d0d8c0d6dd094c20d1787f33 100644 (file)
--- a/src/detect-tls-version.c
+++ b/src/detect-tls-version.c
@@ -68,6 +68,8 @@ void DetectTlsVersionFree(void *);
  */
 void DetectTlsVersionRegister (void) {
     sigmatch_table[DETECT_AL_TLS_VERSION].name = "tls.version";
+    sigmatch_table[DETECT_AL_TLS_VERSION].desc = "match on TLS/SSL version";
+    sigmatch_table[DETECT_AL_TLS_VERSION].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords#tlsversion";
     sigmatch_table[DETECT_AL_TLS_VERSION].Match = NULL;
     sigmatch_table[DETECT_AL_TLS_VERSION].AppLayerMatch = DetectTlsVersionMatch;
     sigmatch_table[DETECT_AL_TLS_VERSION].alproto = ALPROTO_TLS;

diff --git a/src/detect-tls.c b/src/detect-tls.c
index 6f3b7b961682fc6bb150a34c69654e5345e9b888..e8e813d65a0935b5f8e24694b04b405a621a42b9 100644 (file)
--- a/src/detect-tls.c
+++ b/src/detect-tls.c
@@ -93,7 +93,8 @@ static int DetectTlsStoreMatch (ThreadVars *, DetectEngineThreadCtx *, Flow *, u
  */
 void DetectTlsRegister (void) {
     sigmatch_table[DETECT_AL_TLS_SUBJECT].name = "tls.subject";
-    sigmatch_table[DETECT_AL_TLS_SUBJECT].desc = "Match TLS/SSL certificate Subject field";
+    sigmatch_table[DETECT_AL_TLS_SUBJECT].desc = "match TLS/SSL certificate Subject field";
+    sigmatch_table[DETECT_AL_TLS_SUBJECT].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords#tlssubject";
     sigmatch_table[DETECT_AL_TLS_SUBJECT].Match = NULL;
     sigmatch_table[DETECT_AL_TLS_SUBJECT].AppLayerMatch = DetectTlsSubjectMatch;
     sigmatch_table[DETECT_AL_TLS_SUBJECT].alproto = ALPROTO_TLS;
@@ -102,7 +103,8 @@ void DetectTlsRegister (void) {
     sigmatch_table[DETECT_AL_TLS_SUBJECT].RegisterTests = DetectTlsSubjectRegisterTests;
 
     sigmatch_table[DETECT_AL_TLS_ISSUERDN].name = "tls.issuerdn";
-    sigmatch_table[DETECT_AL_TLS_ISSUERDN].desc = "Match TLS/SSL certificate IssuerDN field";
+    sigmatch_table[DETECT_AL_TLS_ISSUERDN].desc = "match TLS/SSL certificate IssuerDN field";
+    sigmatch_table[DETECT_AL_TLS_ISSUERDN].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords#tlsissuerdn";
     sigmatch_table[DETECT_AL_TLS_ISSUERDN].Match = NULL;
     sigmatch_table[DETECT_AL_TLS_ISSUERDN].AppLayerMatch = DetectTlsIssuerDNMatch;
     sigmatch_table[DETECT_AL_TLS_ISSUERDN].alproto = ALPROTO_TLS;
@@ -111,7 +113,8 @@ void DetectTlsRegister (void) {
     sigmatch_table[DETECT_AL_TLS_ISSUERDN].RegisterTests = DetectTlsIssuerDNRegisterTests;
 
     sigmatch_table[DETECT_AL_TLS_FINGERPRINT].name = "tls.fingerprint";
-    sigmatch_table[DETECT_AL_TLS_FINGERPRINT].desc = "Match TLS/SSL certificate SHA1 fingerprint";
+    sigmatch_table[DETECT_AL_TLS_FINGERPRINT].desc = "match TLS/SSL certificate SHA1 fingerprint";
+    sigmatch_table[DETECT_AL_TLS_FINGERPRINT].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords#tlsfingerprint";
     sigmatch_table[DETECT_AL_TLS_FINGERPRINT].Match = NULL;
     sigmatch_table[DETECT_AL_TLS_FINGERPRINT].AppLayerMatch = DetectTlsFingerprintMatch;
     sigmatch_table[DETECT_AL_TLS_FINGERPRINT].alproto = ALPROTO_TLS;
@@ -120,7 +123,8 @@ void DetectTlsRegister (void) {
     sigmatch_table[DETECT_AL_TLS_FINGERPRINT].RegisterTests = NULL;
 
     sigmatch_table[DETECT_AL_TLS_STORE].name = "tls.store";
-    sigmatch_table[DETECT_AL_TLS_STORE].desc = "Store certificate on disk";
+    sigmatch_table[DETECT_AL_TLS_STORE].desc = "store TLS/SSL certificate on disk";
+    sigmatch_table[DETECT_AL_TLS_STORE].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/TLS-keywords#tlsstore";
     sigmatch_table[DETECT_AL_TLS_STORE].Match = NULL;
     sigmatch_table[DETECT_AL_TLS_STORE].AppLayerMatch = DetectTlsStoreMatch;
     sigmatch_table[DETECT_AL_TLS_STORE].alproto = ALPROTO_TLS;

diff --git a/src/detect-ttl.c b/src/detect-ttl.c
index e2534e52c4557927eecd429a472aaad60f6c3aca..2d21799a3f3970dc4482d918d5f0fcbe825a5993 100644 (file)
--- a/src/detect-ttl.c
+++ b/src/detect-ttl.c
@@ -53,6 +53,8 @@ void DetectTtlRegisterTests (void);
 
 void DetectTtlRegister(void) {
     sigmatch_table[DETECT_TTL].name = "ttl";
+    sigmatch_table[DETECT_TTL].desc = "check for a specific IP time-to-live value";
+    sigmatch_table[DETECT_TTL].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#ttl";
     sigmatch_table[DETECT_TTL].Match = DetectTtlMatch;
     sigmatch_table[DETECT_TTL].Setup = DetectTtlSetup;
     sigmatch_table[DETECT_TTL].Free = DetectTtlFree;

diff --git a/src/detect-urilen.c b/src/detect-urilen.c
index e8da8e25ee3558386f0cf8d707023aeedc1a9b3c..d974357d2919803e21a3644d280b7b464ac7dbed 100644 (file)
--- a/src/detect-urilen.c
+++ b/src/detect-urilen.c
@@ -61,6 +61,8 @@ void DetectUrilenRegisterTests (void);
 void DetectUrilenRegister(void)
 {
     sigmatch_table[DETECT_AL_URILEN].name = "urilen";
+    sigmatch_table[DETECT_AL_URILEN].desc = "match on the length of the HTTP uri";
+    sigmatch_table[DETECT_AL_URILEN].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/HTTP-keywords#Urilen";
     sigmatch_table[DETECT_AL_URILEN].Match = NULL;
     sigmatch_table[DETECT_AL_URILEN].alproto = ALPROTO_HTTP;
     sigmatch_table[DETECT_AL_URILEN].AppLayerMatch = NULL /**< We handle this at detect-engine-uri.c now */;

diff --git a/src/detect-window.c b/src/detect-window.c
index 4d7c7c8988f26a70a90b41cbbc8459240b2c9ce4..b265a6d917310f6ff185388bd8d09791264450d0 100644 (file)
--- a/src/detect-window.c
+++ b/src/detect-window.c
@@ -57,6 +57,8 @@ void DetectWindowFree(void *);
  */
 void DetectWindowRegister (void) {
     sigmatch_table[DETECT_WINDOW].name = "window";
+    sigmatch_table[DETECT_WINDOW].desc = "check for a specific TCP window size";
+    sigmatch_table[DETECT_WINDOW].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Header_keywords#Window";
     sigmatch_table[DETECT_WINDOW].Match = DetectWindowMatch;
     sigmatch_table[DETECT_WINDOW].Setup = DetectWindowSetup;
     sigmatch_table[DETECT_WINDOW].Free  = DetectWindowFree;

diff --git a/src/detect-within.c b/src/detect-within.c
index b64ac9dbfb34a24d44492b28697680dda6ae75c2..cacc7c6f06e77eb7c66e6297d529e81249fda895 100644 (file)
--- a/src/detect-within.c
+++ b/src/detect-within.c
@@ -48,6 +48,8 @@ void DetectWithinRegisterTests(void);
 
 void DetectWithinRegister (void) {
     sigmatch_table[DETECT_WITHIN].name = "within";
+    sigmatch_table[DETECT_WITHIN].desc = "indicate that this content match has to be within a certain distance of the previous content keyword match";
+    sigmatch_table[DETECT_WITHIN].url = "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Payload_keywords#Within";
     sigmatch_table[DETECT_WITHIN].Match = NULL;
     sigmatch_table[DETECT_WITHIN].Setup = DetectWithinSetup;
     sigmatch_table[DETECT_WITHIN].Free  = NULL;

diff --git a/src/detect.c b/src/detect.c
index 36c72a7d36fbf280e55555162ffdddbf5061d8ea..caacce6d75c0b5b9d019f91a2b8e5dd4ef1ed2ac 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -4576,19 +4576,19 @@ static inline void PrintFeatureList(int flags, char sep)
     if (flags & SIGMATCH_IPONLY_COMPAT) {
         if (prev == 1)
             printf("%c", sep);
-        printf("IP only rule");
+        printf("compatible with IP only rule");
         prev = 1;
     }
     if (flags & SIGMATCH_DEONLY_COMPAT) {
         if (prev == 1)
             printf("%c", sep);
-        printf("IP only rule");
+        printf("compatible with decoder event only rule");
         prev = 1;
     }
     if (flags & SIGMATCH_PAYLOAD) {
         if (prev == 1)
             printf("%c", sep);
-        printf("payload inspecting rule");
+        printf("payload inspecting keyword");
         prev = 1;
     }
     if (prev == 0) {
@@ -4596,6 +4596,21 @@ static inline void PrintFeatureList(int flags, char sep)
     }
 }
 
+static inline void SigMultilinePrint(int i, char *prefix)
+{
+    if (sigmatch_table[i].desc) {
+        printf("%sDescription: %s\n", prefix, sigmatch_table[i].desc);
+    }
+    printf("%sProtocol: %s\n", prefix,
+            AppLayerGetProtoString(sigmatch_table[i].alproto));
+    printf("%sFeatures: ", prefix);
+    PrintFeatureList(sigmatch_table[i].flags, ',');
+    if (sigmatch_table[i].url) {
+        printf("\n%sDocumentation: %s", prefix, sigmatch_table[i].url);
+    }
+    printf("\n");
+}
+
 void SigTableList(const char *keyword)
 {
     size_t size = sizeof(sigmatch_table) / sizeof(SigTableElmt);
@@ -4608,8 +4623,8 @@ void SigTableList(const char *keyword)
             if (sigmatch_table[i].name != NULL)
                 printf("- %s\n", sigmatch_table[i].name);
         }
-    } else if (!strcmp("all", keyword)) {
-        printf("name;description;app layer;features\n");
+    } else if (!strcmp("csv", keyword)) {
+        printf("name;description;app layer;features;documentation\n");
         for (i = 0; i < size; i++) {
             if (sigmatch_table[i].name != NULL) {
                 printf("%s;", sigmatch_table[i].name);
@@ -4618,24 +4633,27 @@ void SigTableList(const char *keyword)
                 }
                 /* Build feature */
                 printf(";%s;",
-                       TmModuleAlprotoToString(sigmatch_table[i].alproto));
+                       AppLayerGetProtoString(sigmatch_table[i].alproto));
                 PrintFeatureList(sigmatch_table[i].flags, ':');
+                printf(";");
+                if (sigmatch_table[i].url) {
+                    printf("%s", sigmatch_table[i].url);
+                }
+                printf(";");
                 printf("\n");
             }
         }
+    } else if (!strcmp("all", keyword)) {
+        for (i = 0; i < size; i++) {
+            printf("%s:\n", sigmatch_table[i].name);
+            SigMultilinePrint(i, "\t");
+        }
     } else {
         for (i = 0; i < size; i++) {
             if ((sigmatch_table[i].name != NULL) &&
                 !strcmp(sigmatch_table[i].name, keyword)) {
-                printf("%s\n", sigmatch_table[i].name);
-                if (sigmatch_table[i].desc) {
-                    printf("Description: %s\n", sigmatch_table[i].desc);
-                }
-                printf("Protocol: %s\n",
-                       TmModuleAlprotoToString(sigmatch_table[i].alproto));
-                printf("Features: ");
-                PrintFeatureList(sigmatch_table[i].flags, ',');
-                printf("\n");
+                printf("= %s =\n", sigmatch_table[i].name);
+                SigMultilinePrint(i, "");
             }
         }
     }

diff --git a/src/detect.h b/src/detect.h
index 0bbcd54ddce7de08d5b4e4342f2083fdaca458bd..c56e149bc255aa6e43436f017ad28c67772aa278 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -861,6 +861,7 @@ typedef struct SigTableElmt_ {
     uint8_t flags;
     char *name;
     char *desc;
+    char *url;
 
 } SigTableElmt;
 

diff --git a/src/suricata.c b/src/suricata.c
index 1dc188f79481c0f448f90e4be3e52b9e6ea74f8f..1648627926d1a949ec6aa7c7e5a4c5dc8724f511 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -462,73 +462,73 @@ void usage(const char *progname)
     printf("%s %s\n", PROG_NAME, PROG_VER);
 #endif
     printf("USAGE: %s [OPTIONS] [BPF FILTER]\n\n", progname);
-    printf("\t-c <path>                    : path to configuration file\n");
-    printf("\t-T                           : test configuration file (use with -c)\n");
-    printf("\t-i <dev or ip>               : run in pcap live mode\n");
-    printf("\t-F <bpf filter file>         : bpf filter file\n");
-    printf("\t-r <path>                    : run in pcap file/offline mode\n");
+    printf("\t-c <path>                            : path to configuration file\n");
+    printf("\t-T                                   : test configuration file (use with -c)\n");
+    printf("\t-i <dev or ip>                       : run in pcap live mode\n");
+    printf("\t-F <bpf filter file>                 : bpf filter file\n");
+    printf("\t-r <path>                            : run in pcap file/offline mode\n");
 #ifdef NFQ
-    printf("\t-q <qid>                     : run in inline nfqueue mode\n");
+    printf("\t-q <qid>                             : run in inline nfqueue mode\n");
 #endif /* NFQ */
 #ifdef IPFW
-    printf("\t-d <divert port>             : run in inline ipfw divert mode\n");
+    printf("\t-d <divert port>                     : run in inline ipfw divert mode\n");
 #endif /* IPFW */
-    printf("\t-s <path>                    : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
-    printf("\t-S <path>                    : path to signature file loaded exclusively (optional)\n");
-    printf("\t-l <dir>                     : default log directory\n");
+    printf("\t-s <path>                            : path to signature file loaded in addition to suricata.yaml settings (optional)\n");
+    printf("\t-S <path>                            : path to signature file loaded exclusively (optional)\n");
+    printf("\t-l <dir>                             : default log directory\n");
 #ifndef OS_WIN32
-    printf("\t-D                           : run as daemon\n");
+    printf("\t-D                                   : run as daemon\n");
 #else
-       printf("\t--service-install            : install as service\n");
-       printf("\t--service-remove             : remove service\n");
-       printf("\t--service-change-params      : change service startup parameters\n");
+       printf("\t--service-install                    : install as service\n");
+       printf("\t--service-remove                     : remove service\n");
+       printf("\t--service-change-params              : change service startup parameters\n");
 #endif /* OS_WIN32 */
-    printf("\t-V                           : display Suricata version\n");
+    printf("\t-V                                   : display Suricata version\n");
 #ifdef UNITTESTS
-    printf("\t-u                           : run the unittests and exit\n");
-    printf("\t-U, --unittest-filter=REGEX  : filter unittests with a regex\n");
-    printf("\t--list-unittests             : list unit tests\n");
-    printf("\t--fatal-unittests            : enable fatal failure on unittest error\n");
+    printf("\t-u                                   : run the unittests and exit\n");
+    printf("\t-U, --unittest-filter=REGEX          : filter unittests with a regex\n");
+    printf("\t--list-unittests                     : list unit tests\n");
+    printf("\t--fatal-unittests                    : enable fatal failure on unittest error\n");
 #endif /* UNITTESTS */
-    printf("\t--list-app-layer-protos      : list supported app layer protocols\n");
-    printf("\t--list-keywords[=any|<kword>]: list keywords implemented by the engine\n");
+    printf("\t--list-app-layer-protos              : list supported app layer protocols\n");
+    printf("\t--list-keywords[=all|csv|<kword>]    : list keywords implemented by the engine\n");
 #ifdef __SC_CUDA_SUPPORT__
-    printf("\t--list-cuda-cards            : list cuda supported cards\n");
-#endif
-    printf("\t--list-runmodes              : list supported runmodes\n");
-    printf("\t--runmode <runmode_id>       : specific runmode modification the engine should run.  The argument\n"
-           "\t                               supplied should be the id for the runmode obtained by running\n"
-           "\t                               --list-runmodes\n");
-    printf("\t--engine-analysis            : print reports on analysis of different sections in the engine and exit.\n"
-           "\t                               Please have a look at the conf parameter engine-analysis on what reports\n"
-           "\t                               can be printed\n");
-    printf("\t--pidfile <file>             : write pid to this file (only for daemon mode)\n");
-    printf("\t--init-errors-fatal          : enable fatal failure on signature init error\n");
-    printf("\t--dump-config                : show the running configuration\n");
-    printf("\t--build-info                 : display build information\n");
-    printf("\t--pcap[=<dev>]               : run in pcap mode, no value select interfaces from suricata.yaml\n");
+    printf("\t--list-cuda-cards                    : list cuda supported cards\n");
+#endif
+    printf("\t--list-runmodes                      : list supported runmodes\n");
+    printf("\t--runmode <runmode_id>               : specific runmode modification the engine should run.  The argument\n"
+           "\t                                       supplied should be the id for the runmode obtained by running\n"
+           "\t                                       --list-runmodes\n");
+    printf("\t--engine-analysis                    : print reports on analysis of different sections in the engine and exit.\n"
+           "\t                                       Please have a look at the conf parameter engine-analysis on what reports\n"
+           "\t                                       can be printed\n");
+    printf("\t--pidfile <file>                     : write pid to this file (only for daemon mode)\n");
+    printf("\t--init-errors-fatal                  : enable fatal failure on signature init error\n");
+    printf("\t--dump-config                        : show the running configuration\n");
+    printf("\t--build-info                         : display build information\n");
+    printf("\t--pcap[=<dev>]                       : run in pcap mode, no value select interfaces from suricata.yaml\n");
 #ifdef HAVE_PCAP_SET_BUFF
-    printf("\t--pcap-buffer-size           : size of the pcap buffer value from 0 - %i\n",INT_MAX);
+    printf("\t--pcap-buffer-size                   : size of the pcap buffer value from 0 - %i\n",INT_MAX);
 #endif /* HAVE_SET_PCAP_BUFF */
 #ifdef HAVE_AF_PACKET
-    printf("\t--af-packet[=<dev>]          : run in af-packet mode, no value select interfaces from suricata.yaml\n");
+    printf("\t--af-packet[=<dev>]                  : run in af-packet mode, no value select interfaces from suricata.yaml\n");
 #endif
 #ifdef HAVE_PFRING
-    printf("\t--pfring[=<dev>]               : run in pfring mode, use interfaces from suricata.yaml\n");
-    printf("\t--pfring-int <dev>           : run in pfring mode, use interface <dev>\n");
-    printf("\t--pfring-cluster-id <id>     : pfring cluster id \n");
-    printf("\t--pfring-cluster-type <type> : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
+    printf("\t--pfring[=<dev>]                       : run in pfring mode, use interfaces from suricata.yaml\n");
+    printf("\t--pfring-int <dev>                   : run in pfring mode, use interface <dev>\n");
+    printf("\t--pfring-cluster-id <id>             : pfring cluster id \n");
+    printf("\t--pfring-cluster-type <type>         : pfring cluster type for PF_RING 4.1.2 and later cluster_round_robin|cluster_flow\n");
 #endif /* HAVE_PFRING */
 #ifdef HAVE_LIBCAP_NG
-    printf("\t--user <user>                : run suricata as this user after init\n");
-    printf("\t--group <group>              : run suricata as this group after init\n");
+    printf("\t--user <user>                        : run suricata as this user after init\n");
+    printf("\t--group <group>                      : run suricata as this group after init\n");
 #endif /* HAVE_LIBCAP_NG */
-    printf("\t--erf-in <path>              : process an ERF file\n");
+    printf("\t--erf-in <path>                      : process an ERF file\n");
 #ifdef HAVE_DAG
-    printf("\t--dag <dagX:Y>               : process ERF records from DAG interface X, stream Y\n");
+    printf("\t--dag <dagX:Y>                       : process ERF records from DAG interface X, stream Y\n");
 #endif
 #ifdef HAVE_NAPATECH
-    printf("\t--napatech                   : run Napatech Streams using the API\n");
+    printf("\t--napatech                           : run Napatech Streams using the API\n");
 #endif
     printf("\n");
     printf("\nTo run the engine with default configuration on "
@@ -921,7 +921,9 @@ int main(int argc, char **argv)
                 exit(EXIT_SUCCESS);
             } else if (strcmp((long_opts[option_index]).name, "list-keywords") == 0) {
                 if (optarg) {
-                    keyword_info = optarg;
+                    if (strcmp("short",optarg)) {
+                        keyword_info = optarg;
+                    }
                 }
             } else if (strcmp((long_opts[option_index]).name, "runmode") == 0) {
                 runmode_custom_mode = optarg;