doc: add multi buffer support note to keyword docs

Signed-off-by: jason taylor <jtfas90@gmail.com>

diff --git a/doc/userguide/rules/dns-keywords.rst b/doc/userguide/rules/dns-keywords.rst
index 15240d5015dd0130721df528dc2c998fb61e070a..e62a25d40bedd7ef2150b04224c8b643ae9182ac 100644 (file)
--- a/doc/userguide/rules/dns-keywords.rst
+++ b/doc/userguide/rules/dns-keywords.rst
@@ -67,3 +67,8 @@ DNS query on the wire (snippet)::
 ``dns.query`` buffer::
 
     mail.google.com
+
+Multiple Buffer Matching
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+``dns.query`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
\ No newline at end of file

diff --git a/doc/userguide/rules/file-keywords.rst b/doc/userguide/rules/file-keywords.rst
index ede6ba65ce6e7792b7c756491507e1e6a542ad1d..199bf5f6411c41acce69e382c6a346bed90d1c3e 100644 (file)
--- a/doc/userguide/rules/file-keywords.rst
+++ b/doc/userguide/rules/file-keywords.rst
@@ -18,6 +18,8 @@ Example::
 
   filename:"secret";
 
+``file.name`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 fileext
 -------
 
@@ -47,6 +49,8 @@ Example::
 Note: as libmagic versions differ between installations, the returned
 information may also slightly change. See also #437.
 
+``file.magic`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 filestore
 ---------
 

diff --git a/doc/userguide/rules/http-keywords.rst b/doc/userguide/rules/http-keywords.rst
index a8e551c18983e274b708956fa7b89bacf13a8f2f..001c0f542e84ce5a05ffb4a5426aa76a2d0e59d9 100644 (file)
--- a/doc/userguide/rules/http-keywords.rst
+++ b/doc/userguide/rules/http-keywords.rst
@@ -839,3 +839,8 @@ Notes
    pattern '<html' is absent from the first inspected chunk.
 
 -  ``file.data`` can also be used with SMTP
+
+Multiple Buffer Matching
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+``file.data`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
\ No newline at end of file

diff --git a/doc/userguide/rules/http2-keywords.rst b/doc/userguide/rules/http2-keywords.rst
index 37cb855e0ac5d51c3874a46f668f9f2a44769493..1ad83554c6ef35ea1b44bd19eb4d40e52570823a 100644 (file)
--- a/doc/userguide/rules/http2-keywords.rst
+++ b/doc/userguide/rules/http2-keywords.rst
@@ -109,6 +109,7 @@ Examples::
 
 ``http2.header_name`` can be used as ``fast_pattern``.
 
+``http2.header_name`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
 
 Additional information
 ----------------------

diff --git a/doc/userguide/rules/ike-keywords.rst b/doc/userguide/rules/ike-keywords.rst
index 1d12ce329e663e62fd1330fd393b41ae563eda1b..e0d9557bc3068a0266c9aa3f40fe6d96bf44a13b 100644 (file)
--- a/doc/userguide/rules/ike-keywords.rst
+++ b/doc/userguide/rules/ike-keywords.rst
@@ -84,6 +84,8 @@ Examples::
 
     ike.vendor:4a131c81070358455c5728f20e95452f;
 
+``ike.vendor`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 
 ike.key_exchange_payload
 ------------------------

diff --git a/doc/userguide/rules/kerberos-keywords.rst b/doc/userguide/rules/kerberos-keywords.rst
index fee85d21f7078af843c4fbf76916dd5add21766b..b005b1def60b8bfc63f06bd15bf4c37c879ebeab 100644 (file)
--- a/doc/userguide/rules/kerberos-keywords.rst
+++ b/doc/userguide/rules/kerberos-keywords.rst
@@ -52,6 +52,8 @@ Signature example::
 
 ``krb5_cname`` can be used as ``fast_pattern``.
 
+``krb5.cname`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 krb5_sname
 ----------
 
@@ -75,6 +77,8 @@ Signature example::
 
 ``krb5_sname`` can be used as ``fast_pattern``.
 
+``krb5.sname`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 krb5_err_code
 -------------
 

diff --git a/doc/userguide/rules/mqtt-keywords.rst b/doc/userguide/rules/mqtt-keywords.rst
index 8b0432303b2737676e51d8eb80a3a61ffb997596..21776ac357cb821ee99482e8fd43904941422da2 100644 (file)
--- a/doc/userguide/rules/mqtt-keywords.rst
+++ b/doc/userguide/rules/mqtt-keywords.rst
@@ -237,6 +237,8 @@ Examples::
 
 ``mqtt.subscribe.topic`` is a 'sticky buffer' and can be used as ``fast_pattern``.
 
+``mqtt.subscribe.topic`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 
 mqtt.unsubscribe.topic
 ----------------------
@@ -249,6 +251,8 @@ Examples::
 
 ``mqtt.unsubscribe.topic`` is a 'sticky buffer' and can be used as ``fast_pattern``.
 
+``mqtt.unsubscribe.topic`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 
 Additional information
 ----------------------

diff --git a/doc/userguide/rules/multi-buffer-matching.rst b/doc/userguide/rules/multi-buffer-matching.rst
index f50441a7586f1f1295ecd50467d3e0e73c015740..f599659394d92a4c8c9c5200155a00a44577a4eb 100644 (file)
--- a/doc/userguide/rules/multi-buffer-matching.rst
+++ b/doc/userguide/rules/multi-buffer-matching.rst
@@ -74,18 +74,19 @@ not be met.
 Multiple buffer matching is currently enabled for use with the
 following keywords:
 
-``dns.query``
-``file.data``
-``file.magic``
-``file.name``
-``http2.header``
-``http2.header_name``
-``ike.vendor``
-``krb5_cname``
-``krb5_sname``
-``mqtt.subscribe.topic``
-``mqtt.unsubscribe.topic``
-``quic.cyu.hash``
-``quic.cyu.string``
-``tls.certs``
-``tls.cert_subject``
\ No newline at end of file
+* ``dns.query``
+* ``file.data``
+* ``file.magic``
+* ``file.name``
+* ``http.request_header``
+* ``http.response_header``
+* ``http2.header_name``
+* ``ike.vendor``
+* ``krb5_cname``
+* ``krb5_sname``
+* ``mqtt.subscribe.topic``
+* ``mqtt.unsubscribe.topic``
+* ``quic.cyu.hash``
+* ``quic.cyu.string``
+* ``tls.certs``
+* ``tls.cert_subject``

diff --git a/doc/userguide/rules/quic-keywords.rst b/doc/userguide/rules/quic-keywords.rst
index 3caad23638982e092a61ac79a32ae20544d22156..ffeb0be65254a6a42757e4f505050de52e57b584 100644 (file)
--- a/doc/userguide/rules/quic-keywords.rst
+++ b/doc/userguide/rules/quic-keywords.rst
@@ -18,6 +18,8 @@ Examples::
     quic.cyu.hash; content:"7b3ceb1adc974ad360cfa634e8d0a730"; \
     sid:1;)
 
+``quic.cyu.hash`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 quic.cyu.string
 ---------------
 
@@ -29,6 +31,8 @@ Examples::
     quic.cyu.string; content:"46,PAD-SNI-VER-CCS-UAID-TCID-PDMD-SMHL-ICSL-NONP-MIDS-SCLS-CSCT-COPT-IRTT-CFCW-SFCW"; \
     sid:2;)
 
+``quic.cyu.string`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 quic.version
 ------------
 

diff --git a/doc/userguide/rules/tls-keywords.rst b/doc/userguide/rules/tls-keywords.rst
index 9d83b681949286dc7593f464b031474b1c99a4f5..a97ce3f32e4afa6f01036cebb20dc0c5afaaf931 100644 (file)
--- a/doc/userguide/rules/tls-keywords.rst
+++ b/doc/userguide/rules/tls-keywords.rst
@@ -17,6 +17,8 @@ Examples::
 
 ``tls.cert_subject`` can be used as ``fast_pattern``.
 
+``tls.cert_subject`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 tls.subject
 ~~~~~~~~~~~
 
@@ -174,6 +176,8 @@ Example::
 
 ``tls.certs`` can be used as ``fast_pattern``.
 
+``tls.certs`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
 tls.version
 -----------