From: Travis Green Date: Thu, 12 Sep 2019 16:27:53 +0000 (-0700) Subject: doc: fix whitespace X-Git-Tag: suricata-5.0.0-rc1~49 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=798d8746620187eb1a825f3d5233fcea3a30cd0d;p=thirdparty%2Fsuricata.git doc: fix whitespace --- diff --git a/doc/userguide/rules/header-keywords.rst b/doc/userguide/rules/header-keywords.rst index 240a5a52e5..e04f5119cf 100644 --- a/doc/userguide/rules/header-keywords.rst +++ b/doc/userguide/rules/header-keywords.rst @@ -17,7 +17,7 @@ For example:: ttl:10; At the end of the ttl keyword you can enter the value on which you -want to match. The Time-to-live value determines the maximal amount +want to match. The Time-to-live value determines the maximal amount of time a packet can be in the Internet-system. If this field is set to 0, then the packet has to be destroyed. The time-to-live is based on hop count. Each hop/router the packet passes subtracts one of the @@ -71,7 +71,7 @@ sameip ^^^^^^ Every packet has a source IP-address and a destination IP-address. It -can be that the source IP is the same as the destination IP. With the +can be that the source IP is the same as the destination IP. With the sameip keyword you can check if the IP address of the source is the same as the IP address of the destination. The format of the sameip keyword is:: @@ -114,7 +114,7 @@ The named variant of that example would be:: id ^^ -With the id keyword, you can match on a specific IP ID value. The ID +With the id keyword, you can match on a specific IP ID value. The ID identifies each packet sent by a host and increments usually with one with each packet that is being send. The IP ID is used as a fragment identification number. Each packet has an IP ID, and when the packet @@ -438,43 +438,43 @@ Example of the itype keyword in a signature: The following lists all ICMP types known at the time of writing. A recent table can be found `at the website of IANA `_ -========== ========================================================== -ICMP Type Name -========== ========================================================== -0 Echo Reply -3 Destination Unreachable -4 Source Quench -5 Redirect -6 Alternate Host Address -8 Echo -9 Router Advertisement -10 Router Solicitation -11 Time Exceeded -12 Parameter Problem -13 Timestamp -14 Timestamp Reply -15 Information Request -16 Information Reply -17 Address Mask Request -18 Address Mask Reply -30 Traceroute -31 Datagram Conversion Error -32 Mobile Host Redirect -33 IPv6 Where-Are-You -34 IPv6 I-Am-Here -35 Mobile Registration Request -36 Mobile Registration Reply -37 Domain Name Request -38 Domain Name Reply -39 SKIP -40 Photuris -41 Experimental mobility protocols such as Seamoby -========== ========================================================== +========= ========================================================== +ICMP Type Name +========= ========================================================== +0 Echo Reply +3 Destination Unreachable +4 Source Quench +5 Redirect +6 Alternate Host Address +8 Echo +9 Router Advertisement +10 Router Solicitation +11 Time Exceeded +12 Parameter Problem +13 Timestamp +14 Timestamp Reply +15 Information Request +16 Information Reply +17 Address Mask Request +18 Address Mask Reply +30 Traceroute +31 Datagram Conversion Error +32 Mobile Host Redirect +33 IPv6 Where-Are-You +34 IPv6 I-Am-Here +35 Mobile Registration Request +36 Mobile Registration Reply +37 Domain Name Request +38 Domain Name Reply +39 SKIP +40 Photuris +41 Experimental mobility protocols such as Seamoby +========= ========================================================== icode ^^^^^ -With the icode keyword you can match on a specific ICMP code. The +With the icode keyword you can match on a specific ICMP code. The code of a ICMP message clarifies the message. Together with the ICMP-type it indicates with what kind of problem you are dealing with. A code has a different purpose with every ICMP-type.