From: Jason Ish Date: Sat, 5 Dec 2015 17:38:56 +0000 (-0600) Subject: doc: snort compatibility X-Git-Tag: suricata-3.2beta1~248 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e0c39be57fc4e69c6e25d3a54cd1657fde86bbf;p=thirdparty%2Fsuricata.git doc: snort compatibility --- diff --git a/doc/sphinx/conf.py b/doc/sphinx/conf.py index 6cd7f0cf4d..6224fe72c1 100644 --- a/doc/sphinx/conf.py +++ b/doc/sphinx/conf.py @@ -16,6 +16,8 @@ import sys import os import shlex +on_rtd = os.environ.get('READTHEDOCS', None) == 'True' + # If extensions (or modules to document with autodoc) are in another directory, # add these directories to sys.path here. If the directory is relative to the # documentation root, use os.path.abspath to make it absolute, like shown here. @@ -108,8 +110,12 @@ todo_include_todos = False # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. -#html_theme = 'alabaster' -html_theme = 'sphinx_rtd_theme' +if not on_rtd: + #html_theme = 'alabaster' + html_theme = 'sphinx_rtd_theme' + #html_theme = 'classic' + #html_theme = 'default' + #html_theme = 'nature' # Theme options are theme-specific and customize the look and feel of a theme # further. For a list of options available for each theme, see the diff --git a/doc/sphinx/index.rst b/doc/sphinx/index.rst index bbfbfb7d41..9519597007 100644 --- a/doc/sphinx/index.rst +++ b/doc/sphinx/index.rst @@ -7,4 +7,5 @@ Suricata User Guide what-is-suricata command-line-options + snort-compatibility rules/index.rst diff --git a/doc/sphinx/rules/adding-your-own-rules.rst b/doc/sphinx/rules/adding-your-own-rules.rst index cbf99b6d80..2b2aa5ce21 100644 --- a/doc/sphinx/rules/adding-your-own-rules.rst +++ b/doc/sphinx/rules/adding-your-own-rules.rst @@ -11,7 +11,7 @@ your console: sudo nano local.rules -Write your rule, see :doc:`rules` and save it. +Write your rule, see :doc:`intro` and save it. Open yaml diff --git a/doc/sphinx/snort-compatibility.rst b/doc/sphinx/snort-compatibility.rst new file mode 100644 index 0000000000..cc9e4e2bb9 --- /dev/null +++ b/doc/sphinx/snort-compatibility.rst @@ -0,0 +1,66 @@ +Snort Compatibility +=================== + +.. contents:: + +Keyword: content +---------------- + +*Versions affected: All versions prior to 3.0.* + +Prior to Suricata 3.0, the argument provided to the content keyword +cannot be longer than 255 characters like it can in Snort. + +Suricata 3.0 and newer can accept content arguments longer than 255 +characters. + +See: + +* https://redmine.openinfosecfoundation.org/issues/1281 +* https://github.com/inliniac/suricata/pull/1475 + +Keyword: urilen +--------------- + +*Versions affected: all* + +In Snort the urilen range is inclusive, in Suricata it is not. + +Example:: + + urilen:5<>10 + +In Snort the above will match URIs that are greater than and equal to +5 and less than and equal to 10. *Note that this is not what is +documented in the Snort manual.* + +In Suricata the above will match URIs that are greater than 5 and less +than 10, so it will only mathch URIs that are 6, 7, 8, and 9 bytes +long. + +See: + +* https://redmine.openinfosecfoundation.org/issues/1416 + +Keyword: isdataat +----------------- + +*Versions affected: all* + +``isdataat`` is off by one from Snort. In Snort the offset starts at 0 +where Suricata starts at 1. + +Keyword: flowbits +----------------- + +*Versions affected: all prior to 2.0.9* + +Versions of Suricata prior to 2.0.9 treated leading and trailing +whitespace in flowbit names as part of the flowbit name where Snort +does not. + +This was fixed in Suricata 2.0.9. + +See: + +* https://redmine.openinfosecfoundation.org/issues/1481