From: jason taylor <jtfas90@gmail.com>
Date: Fri, 3 Jun 2022 19:08:14 +0000 (+0000)
Subject: doc: add tcp-pkt/tcp-stream to intro
X-Git-Tag: suricata-7.0.0-beta1~404
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=845ba154a6ff869ac8a65dfd3b85142b7f8762c0;p=thirdparty%2Fsuricata.git

doc: add tcp-pkt/tcp-stream to intro

Signed-off-by: jason taylor <jtfas90@gmail.com>
---

diff --git a/doc/userguide/rules/intro.rst b/doc/userguide/rules/intro.rst
index 11ab0f890f..c3522d3572 100644
--- a/doc/userguide/rules/intro.rst
+++ b/doc/userguide/rules/intro.rst
@@ -70,6 +70,11 @@ concerns. You can choose between four basic protocols:
 * icmp
 * ip (ip stands for 'all' or 'any')
 
+There are a couple of additional TCP related protocol options:
+
+* tcp-pkt (for matching content in individual tcp packets)
+* tcp-stream (for matching content only in a reassembled tcp stream)
+
 There are also a few so-called application layer protocols, or layer 7 protocols
 you can pick from. These are: