doc: Restructure ToC

* All sections up to 2 levels deep are now shown regardless of whether they are a separate page
* Rename Xbits and Thresholding for more consistent naming
* Minor adjustment in the Payload Keywords section

diff --git a/doc/userguide/index.rst b/doc/userguide/index.rst
index 13f4f6838f28cc218f29b3d2e570643658bc4166..900c6e7fb6b7d258231b426ab1df2db5b3a5f03c 100644 (file)
--- a/doc/userguide/index.rst
+++ b/doc/userguide/index.rst
@@ -3,7 +3,7 @@ Suricata User Guide
 
 .. toctree::
    :numbered:
-   :titlesonly:
+   :maxdepth: 2
 
    what-is-suricata
    install.rst

diff --git a/doc/userguide/rules/index.rst b/doc/userguide/rules/index.rst
index 6be1d0ca9c622e17281cd3f83955789e5ed8600a..2b8924c15271368681455e2dc493f649ec09a6d5 100644 (file)
--- a/doc/userguide/rules/index.rst
+++ b/doc/userguide/rules/index.rst
@@ -8,16 +8,16 @@ Suricata Rules
    header-keywords
    payload-keywords
    prefilter-keywords
-   http-keywords
    flow-keywords
-   xbits
+   http-keywords
    file-keywords
-   thresholding
    dns-keywords
    tls-keywords
    modbus-keyword
    dnp3-keywords
    enip-keyword
    app-layer
+   xbits
+   thresholding
    rule-lua-scripting
    differences-from-snort

diff --git a/doc/userguide/rules/payload-keywords.rst b/doc/userguide/rules/payload-keywords.rst
index d299a13ead2947399077620fa8b99ff76376e72f..e2e4d42a6b037cf6b75563883a27521da8f96689 100644 (file)
--- a/doc/userguide/rules/payload-keywords.rst
+++ b/doc/userguide/rules/payload-keywords.rst
@@ -60,14 +60,10 @@ A few examples::
 It is possible to let a signature check the whole payload for a match with the content or to let it check specific parts of the payload. We come to that later.
 If you add nothing special to the signature, it will try to find a match in all the bytes of the payload.
 
-Example:
-
 .. container:: example-rule
 
     drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET TROJAN Likely Bot Nick in IRC (USA +..)"; flow:established,to_server; flowbits:isset,is_proto_irc; :example-rule-emphasis:`content:"NICK ";` pcre:"/NICK .*USA.*[0-9]{3,}/i"; reference:url,doc.emergingthreats.net/2008124; classtype:trojan-activity; sid:2008124; rev:2;)
 
-In this example, the red, bold-faced part is the content.
-
 
 By default the pattern-matching is case sensitive. The content has to
 be accurate, otherwise there will not be a match.
@@ -251,7 +247,7 @@ example of dsize in a rule:
     alert udp $EXTERNAL_NET any -> $HOME_NET 65535 (msg:"GPL DELETED EXPLOIT LANDesk Management Suite Alerting Service buffer overflow"; :example-rule-emphasis:`dsize:>268;` reference: bugtraq,23483; reference: cve,2007-1674; classtype: attempted-admin; sid:100000928; rev:1;)
 
 rpc
-----
+---
 
 The rpc keyword can be used to match in the SUNRPC CALL on the RPC
 procedure numbers and the RPC version.

diff --git a/doc/userguide/rules/thresholding.rst b/doc/userguide/rules/thresholding.rst
index 196f20a3408a2a20438117d833976e2fd3ccf7e9..3d838593855b1e21e7d8023372886f22924e6b81 100644 (file)
--- a/doc/userguide/rules/thresholding.rst
+++ b/doc/userguide/rules/thresholding.rst
@@ -1,5 +1,5 @@
-Rule Thresholding
-=================
+Thresholding Keywords
+=====================
 
 Thresholding can be configured per rule and also globally, see
 :doc:`../configuration/global-thresholds`.

diff --git a/doc/userguide/rules/xbits.rst b/doc/userguide/rules/xbits.rst
index e574e3fcf379b9fbd4bfa53330e34262f830c870..3f77ca85065ca941396a055f61cf209c2479bff2 100644 (file)
--- a/doc/userguide/rules/xbits.rst
+++ b/doc/userguide/rules/xbits.rst
@@ -1,5 +1,5 @@
-Xbits
-=====
+Xbits Keyword
+=============
 
 Set, unset, toggle and check for bits stored per host or ip_pair.