From: Victor Julien <vjulien@oisf.net>
Date: Fri, 14 Jan 2022 20:12:48 +0000 (+0100)
Subject: doc/quic: update for new quic.version logic
X-Git-Tag: suricata-7.0.0-beta1~1004
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf4ddab6f449ea40f0ec3d9603491b55ce562654;p=thirdparty%2Fsuricata.git

doc/quic: update for new quic.version logic
---

diff --git a/doc/userguide/rules/quic-keywords.rst b/doc/userguide/rules/quic-keywords.rst
index 80bdd4ee6c..3caad23638 100644
--- a/doc/userguide/rules/quic-keywords.rst
+++ b/doc/userguide/rules/quic-keywords.rst
@@ -26,19 +26,19 @@ Match on the CYU string
 Examples::
 
   alert quic any any -> any any (msg:"QUIC CYU STRING"; \
-  quic.cyu.string; content:"46,PAD-SNI-VER-CCS-UAID-TCID-PDMD-SMHL-ICSL-NONP-MIDS-SCLS-CSCT-COPT-IRTT-CFCW-SFCW"; \
-  sid:2;)
+    quic.cyu.string; content:"46,PAD-SNI-VER-CCS-UAID-TCID-PDMD-SMHL-ICSL-NONP-MIDS-SCLS-CSCT-COPT-IRTT-CFCW-SFCW"; \
+    sid:2;)
 
 quic.version
----------------
+------------
 
-Match on the Quic header version
+Sticky buffer for matching on the Quic header version in long headers.
 
 Examples::
 
   alert quic any any -> any any (msg:"QUIC VERSION"; \
-  quic.version:1362113590; \
-  sid:3;)
+    quic.version; content:"Q046"; \
+    sid:3;)
 
 Additional information
 ----------------------