From: Eric Leblond <el@stamus-networks.com>
Date: Sat, 4 Jun 2022 21:00:14 +0000 (+0200)
Subject: doc: document new dataset types
X-Git-Tag: suricata-7.0.0-rc1~463
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3599cbf1c4fe167fe1611d457d8b0e827134bb79;p=thirdparty%2Fsuricata.git

doc: document new dataset types

Feature: #5383
---

diff --git a/doc/userguide/rules/datasets.rst b/doc/userguide/rules/datasets.rst
index 6065e1a2bd..d043824dce 100644
--- a/doc/userguide/rules/datasets.rst
+++ b/doc/userguide/rules/datasets.rst
@@ -76,10 +76,10 @@ Syntax::
     dataset:<cmd>,<name>,<options>;
 
     dataset:<set|isset|isnotset>,<name> \
-        [, type <string|md5|sha256>, save <file name>, load <file name>, state <file name>, memcap <size>, hashsize <size>];
+        [, type <string|md5|sha256|ipv4|ip>, save <file name>, load <file name>, state <file name>, memcap <size>, hashsize <size>];
 
 type <type>
-  the data type: string, md5, sha256
+  the data type: string, md5, sha256, ipv4, ip
 load <file name>
   file name for load the data when Suricata starts up
 state
@@ -102,7 +102,7 @@ Data Reputation allows matching data against a reputation list.
 Syntax::
 
     datarep:<name>,<operator>,<value>, \
-        [, load <file name>, type <string|md5|sha256>, memcap <size>, hashsize <size>];
+        [, load <file name>, type <string|md5|sha256|ipv4|ip>, memcap <size>, hashsize <size>];
 
 Example rules could look like::
 
@@ -144,9 +144,9 @@ Syntax::
 set name
   Name of an already defined dataset
 type
-  Data type: string, md5, sha256
+  Data type: string, md5, sha256, ipv4, ip
 data
-  Data to add in serialized form (base64 for string, hex notation for md5/sha256)
+  Data to add in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ipv6)
 
 Example adding 'google.com' to set 'myset'::
 
@@ -165,9 +165,9 @@ Syntax::
 set name
   Name of an already defined dataset
 type
-  Data type: string, md5, sha256
+  Data type: string, md5, sha256, ipv4, ip
 data
-  Data to remove in serialized form (base64 for string, hex notation for md5/sha256)
+  Data to remove in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ipv6)
 
 dataset-clear
 ~~~~~~~~~~~~~
@@ -227,6 +227,10 @@ md5
   in the file as hex encoded string
 sha256
   in the file as hex encoded string
+ipv4
+  in the file as string
+ip
+  in the file as string, it can be IPv6 or IPv4 address (in standard notation or in IPv4 in IPv6 one)
 
 
 dataset