From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Wed, 4 Nov 2020 13:44:39 +0000 (-0500)
Subject: doc: New sticky buffer icmpv4.hdr
X-Git-Tag: suricata-6.0.1~57
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a18a9d3046260f520e7659e183fe02839285b773;p=thirdparty%2Fsuricata.git

doc: New sticky buffer icmpv4.hdr
---

diff --git a/doc/userguide/rules/header-keywords.rst b/doc/userguide/rules/header-keywords.rst
index f407af7f05..5e4e3f994a 100644
--- a/doc/userguide/rules/header-keywords.rst
+++ b/doc/userguide/rules/header-keywords.rst
@@ -643,6 +643,11 @@ Example of icmp_seq in a rule:
 
     alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL SCAN Broadscan Smurf Scanner"; dsize:4; icmp_id:0; :example-rule-emphasis:`icmp_seq:0;` itype:8; classtype:attempted-recon; sid:2100478; rev:4;)
 
+icmpv4.hdr
+^^^^^^^^^^
+
+Sitcky buffer to match on the whole ICMPv4 header.
+
 icmpv6.hdr
 ^^^^^^^^^^