doc: New sticky buffer icmpv4.hdr

author Jeff Lucovsky <jeff@lucovsky.org>

Wed, 4 Nov 2020 13:44:39 +0000 (08:44 -0500)

committer Victor Julien <victor@inliniac.net>

Mon, 16 Nov 2020 13:23:59 +0000 (14:23 +0100)
author Jeff Lucovsky <jeff@lucovsky.org>
Wed, 4 Nov 2020 13:44:39 +0000 (08:44 -0500)
committer Victor Julien <victor@inliniac.net>
Mon, 16 Nov 2020 13:23:59 +0000 (14:23 +0100)
diff --git a/doc/userguide/rules/header-keywords.rst b/doc/userguide/rules/header-keywords.rst

index f407af7f05a5799d161db80cd30414ff1a0770db..5e4e3f994a02031d04cd7663dea7c49664695c23 100644 (file)
--- a/doc/userguide/rules/header-keywords.rst
+++ b/doc/userguide/rules/header-keywords.rst
@@ -643,6 +643,11 @@ Example of icmp_seq in a rule:
  
      alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL SCAN Broadscan Smurf Scanner"; dsize:4; icmp_id:0; :example-rule-emphasis:`icmp_seq:0;` itype:8; classtype:attempted-recon; sid:2100478; rev:4;)
  
+icmpv4.hdr
+^^^^^^^^^^
+
+Sitcky buffer to match on the whole ICMPv4 header.
+
  icmpv6.hdr
  ^^^^^^^^^^
author	Jeff Lucovsky <jeff@lucovsky.org>
	Wed, 4 Nov 2020 13:44:39 +0000 (08:44 -0500)
committer	Victor Julien <victor@inliniac.net>
	Mon, 16 Nov 2020 13:23:59 +0000 (14:23 +0100)