From: Russ Combs Date: Thu, 15 Dec 2016 02:51:08 +0000 (-0500) Subject: clean up help text X-Git-Tag: 3.0.0-233~142 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e16fe7896c349fe2b6e142e086883c8169aa3691;p=thirdparty%2Fsnort3.git clean up help text --- diff --git a/extra/src/inspectors/http_server/hi_module.cc b/extra/src/inspectors/http_server/hi_module.cc index 3e1d7249e..e9a0ffc44 100644 --- a/extra/src/inspectors/http_server/hi_module.cc +++ b/extra/src/inspectors/http_server/hi_module.cc @@ -81,11 +81,11 @@ static const Parameter hi_global_params[] = { "detect_anomalous_servers", Parameter::PT_BOOL, nullptr, "false", "inspect non-configured ports for HTTP - bad idea" }, - { "max_gzip_mem", Parameter::PT_INT, "3276:", "838860", - "total memory used for decompression across all active sessions" }, + { "max_gzip_mem", Parameter::PT_INT, "0:", "0", + "disregard - not implemented" }, - { "memcap", Parameter::PT_INT, "2304:", "150994944", - "limit of memory used for logging extra data" }, + { "memcap", Parameter::PT_INT, "0:", "0", + "disregard - not implemented" }, //{ "mime", Parameter::PT_TABLE, hi_mime_params, nullptr, // "help" }, diff --git a/src/ips_options/ips_asn1.cc b/src/ips_options/ips_asn1.cc index 80bc4c33d..acfbc581d 100644 --- a/src/ips_options/ips_asn1.cc +++ b/src/ips_options/ips_asn1.cc @@ -186,22 +186,22 @@ int Asn1Option::eval(Cursor& c, Packet* p) static const Parameter s_params[] = { { BITSTRING_OPT, Parameter::PT_IMPLIED, nullptr, nullptr, - "Detects invalid bitstring encodings that are known to be remotely exploitable." }, + "detects invalid bitstring encodings that are known to be remotely exploitable" }, { DOUBLE_OPT, Parameter::PT_IMPLIED, nullptr, nullptr, - "Detects a double ASCII encoding that is larger than a standard buffer." }, + "detects a double ASCII encoding that is larger than a standard buffer" }, { PRINT_OPT, Parameter::PT_IMPLIED, nullptr, nullptr, "dump decode data to console; always true" }, { LENGTH_OPT, Parameter::PT_INT, "0:", nullptr, - "Compares ASN.1 type lengths with the supplied argument." }, + "compares ASN.1 type lengths with the supplied argument" }, { ABS_OFFSET_OPT, Parameter::PT_INT, "0:", nullptr, - "Absolute offset from the beginning of the packet." }, + "absolute offset from the beginning of the packet" }, { REL_OFFSET_OPT, Parameter::PT_INT, nullptr, nullptr, - "relative offset from the cursor." }, + "relative offset from the cursor" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; diff --git a/src/ips_options/ips_base64.cc b/src/ips_options/ips_base64.cc index 248af400d..547a32cf8 100644 --- a/src/ips_options/ips_base64.cc +++ b/src/ips_options/ips_base64.cc @@ -175,13 +175,13 @@ int Base64DecodeOption::eval(Cursor& c, Packet*) static const Parameter s_params[] = { { "bytes", Parameter::PT_INT, "1:", nullptr, - "Number of base64 encoded bytes to decode." }, + "number of base64 encoded bytes to decode" }, { "offset", Parameter::PT_INT, "0:", "0", - "Bytes past start of buffer to start decoding." }, + "bytes past start of buffer to start decoding" }, { "relative", Parameter::PT_IMPLIED, nullptr, nullptr, - "Apply offset to cursor instead of start of buffer." }, + "apply offset to cursor instead of start of buffer" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; diff --git a/src/ips_options/ips_flowbits.cc b/src/ips_options/ips_flowbits.cc index 89f774fb9..31564ce1c 100644 --- a/src/ips_options/ips_flowbits.cc +++ b/src/ips_options/ips_flowbits.cc @@ -1127,7 +1127,7 @@ static void flowbits_gterm(SnortConfig*) static const Parameter s_params[] = { { "~command", Parameter::PT_STRING, nullptr, nullptr, - "set|reset|isset|etc." }, + "set|reset|isset|etc." }, // FIXIT-L replace this legacy flowbits parsing with PT_SELECT { "~arg1", Parameter::PT_STRING, nullptr, nullptr, "bits or group" }, diff --git a/src/main/modules.cc b/src/main/modules.cc index 8d948bfea..a47396474 100644 --- a/src/main/modules.cc +++ b/src/main/modules.cc @@ -610,16 +610,16 @@ static const Parameter alerts_params[] = "enable or disable ips rules" }, { "detection_filter_memcap", Parameter::PT_INT, "0:", "1048576", - "set available memory for filters" }, + "set available bytes of memory for detection_filters" }, { "event_filter_memcap", Parameter::PT_INT, "0:", "1048576", - "set available memory for filters" }, + "set available bytes of memory for event_filters" }, { "order", Parameter::PT_STRING, nullptr, "pass drop alert log", "change the order of rule action application" }, { "rate_filter_memcap", Parameter::PT_INT, "0:", "1048576", - "set available memory for filters" }, + "set available bytes of memory for rate_filters" }, { "reference_net", Parameter::PT_STRING, nullptr, nullptr, "set the CIDR for homenet " @@ -718,7 +718,7 @@ static const Parameter output_params[] = "obfuscate the logged IP addresses (same as -O)" }, { "obfuscate_pii", Parameter::PT_BOOL, nullptr, "false", - "Mask all but the last 4 characters of credit card and social security numbers" }, + "mask all but the last 4 characters of credit card and social security numbers" }, { "show_year", Parameter::PT_BOOL, nullptr, "false", "include year in timestamp in the alert and log files (same as -y)" }, @@ -976,15 +976,15 @@ static const Parameter network_params[] = "use this value for responses and when normalizing" }, { "layers", Parameter::PT_INT, "3:255", "40", - "The maximum number of protocols that Snort can correctly decode" }, + "the maximum number of protocols that Snort can correctly decode" }, { "max_ip6_extensions", Parameter::PT_INT, "0:255", "0", - "The number of IP6 options Snort will process for a given IPv6 layer. " - "If this limit is hit, rule 116:456 may fire. 0 = unlimited" }, + "the maximum number of IP6 options Snort will process for a given IPv6 layer " + "before raising 116:456 (0 = unlimited)" }, { "max_ip_layers", Parameter::PT_INT, "0:255", "0", - "The maximum number of IP layers Snort will process for a given packet " - "If this limit is hit, rule 116:293 may fire. 0 = unlimited" }, + "the maximum number of IP layers Snort will process for a given packet " + "before raising 116:293 (0 = unlimited)" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -1675,62 +1675,6 @@ bool HostsModule::end(const char* fqn, int idx, SnortConfig*) return true; } - -#if 0 -//------------------------------------------------------------------------- -// xxx module - used as copy/paste template -//------------------------------------------------------------------------- - -static const RuleMap xxx_rules[] = -{ - { SID, "STR" }, - { 0, 0, nullptr } -}; - -static const Parameter xxx_params[] = -{ - { "name", Parameter::PT_INT, "range", "deflt", - "help" }, - - { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } -}; - -#define xxx_help \ - "configure " - -class XXXModule : public Module -{ -public: - XXXModule() : Module("xxx", xxx_help, xxx_params) { } - const RuleMap* get_rules() { return xxx_rules; } - bool set(const char*, Value&, SnortConfig*) override; - bool begin(const char*, int, SnortConfig*) override; - bool end(const char*, int, SnortConfig*) override; -}; - -bool XXXModule::set(const char*, Value& v, SnortConfig* sc) -{ - if ( v.is("name") ) - sc->pkt_cnt = v.get_long(); - - else - return false; - - return true; -} - -bool XXXModule::begin(const char*, int, SnortConfig*) -{ - return true; -} - -bool XXXModule::end(const char*, int, SnortConfig*) -{ - return true; -} - -#endif - //------------------------------------------------------------------------- // module manager stuff - move to framework/module_manager.cc //------------------------------------------------------------------------- diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index 9b15a49f3..be9ddea9b 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -41,117 +41,119 @@ THREAD_LOCAL ProfileStats appidPerfStats; // FIXIT-M define and implement a flexible solution for maintaining protocol specific stats const PegInfo appid_pegs[] = { - { "packets", "count of packets received by appid inspector" }, - { "processed packets", "count of packets processed by appid inspector" }, - { "ignored packets", "count of packets ignored by appid inspector" }, - { "aim clients", "count of aim clients discovered by appid" }, - { "battlefield flows", "count of battle field flows discovered by appid" }, - { "bgp flows", "count of bgp flows discovered by appid" }, - { "bit clients", "count of bittorrent clients discovered by appid" }, - { "bit flows", "count of bittorrent flows discovered by appid" }, - { "bittracker clients", "count of bittorrent tracker clients discovered by appid" }, - { "bootp flows", "count of bootp flows discovered by appid" }, - { "dcerpc tcp flows", "count of dce rpc flows over tcp discovered by appid" }, - { "dcerpc udp flows", "count of dce rpc flows over udp discovered by appid" }, - { "direct connect flows", "count of direct connect flows discovered by appid" }, - { "dns tcp flows", "count of dns flows over tcp discovered by appid" }, - { "dns udp flows", "count of dns flows over udp discovered by appid" }, - { "ftp flows", "count of ftp flows discovered by appid" }, - { "ftps flows", "count of ftps flows discovered by appid" }, - { "http flows", "count of http flows discovered by appid" }, - { "imap flows", "count of imap service flows discovered by appid" }, - { "imaps flows", "count of imap TLS service flows discovered by appid" }, - { "irc flows", "count of irc service flows discovered by appid" }, - { "kerberos clients", "count of kerberos clients discovered by appid" }, - { "kerberos flows", "count of kerberos service flows discovered by appid" }, - { "kerberos users", "count of kerberos users discovered by appid" }, - { "lpr flows", "count of lpr service flows discovered by appid" }, - { "mdns flows", "count of mdns service flows discovered by appid" }, - { "msn clients", "count of msn clients discovered by appid" }, - { "mysql flows", "count of mysql service flows discovered by appid" }, - { "netbios dgm flows", "count of netbios-dgm service flows discovered by appid" }, - { "netbios ns flows", "count of netbios-ns service flows discovered by appid" }, - { "netbios ssn flows", "count of netbios-ssn service flows discovered by appid" }, - { "nntp flows", "count of nntp flows discovered by appid" }, - { "ntp flows", "count of ntp flows discovered by appid" }, - { "pop flows", "count of pop service flows discovered by appid" }, - { "radius flows", "count of radius flows discovered by appid" }, - { "rexec flows", "count of rexec flows discovered by appid" }, - { "rfb flows", "count of rfb flows discovered by appid" }, - { "rlogin flows", "count of rlogin flows discovered by appid" }, - { "rpc flows", "count of rpc flows discovered by appid" }, - { "rshell flows", "count of rshell flows discovered by appid" }, - { "rsync flows", "count of rsync service flows discovered by appid" }, - { "rtmp flows", "count of rtmp flows discovered by appid" }, - { "rtp clients", "count of rtp clients discovered by appid" }, - { "sip clients", "count of SIP clients discovered by appid" }, - { "sip flows", "count of SIP flows discovered by appid" }, - { "smtp aol clients", "count of AOL smtp clients discovered by appid" }, - { "smtp applemail clients", "count of Apple Mail smtp clients discovered by appid" }, - { "smtp eudora clients", "count of Eudora smtp clients discovered by appid" }, - { "smtp eudora pro clients", "count of Eudora Pro smtp clients discovered by appid" }, - { "smtp evolution clients", "count of Evolution smtp clients discovered by appid" }, - { "smtp kmail clients", "count of KMail smtp clients discovered by appid" }, - { "smtp lotus notes clients", "count of Lotus Notes smtp clients discovered by appid" }, - { "smtp microsoft outlook clients", "count of Microsoft Outlook smtp clients discovered by appid" }, - { "smtp microsoft outlook express clients", "count of Microsoft Outlook Express smtp clients discovered by appid" }, - { "smtp microsoft outlook imo clients", "count of Microsoft Outlook IMO smtp clients discovered by appid" }, - { "smtp mutt clients", "count of Mutt smtp clients discovered by appid" }, - { "smtp thunderbird clients", "count of Thunderbird smtp clients discovered by appid" }, - { "smtp flows", "count of smtp flows discovered by appid" }, - { "smtps flows", "count of smtps flows discovered by appid" }, - { "snmp flows", "count of snmp flows discovered by appid" }, - { "ssh clients", "count of ssh clients discovered by appid" }, - { "ssh flows", "count of ssh flows discovered by appid" }, - { "ssl flows", "count of ssl flows discovered by appid" }, - { "telnet flows", "count of telnet flows discovered by appid" }, - { "tftp flows", "count of tftp flows discovered by appid" }, - { "timbuktu flows", "count of timbuktu flows discovered by appid" }, - { "tns clients", "count of tns clients discovered by appid" }, - { "tns flows", "count of tns flows discovered by appid" }, - { "vnc clients", "count of vnc clients discovered by appid" }, - { "yahoo messenger clients", "count of Yahoo Messenger clients discovered by appid" }, + { "packets", "count of packets received" }, + { "processed packets", "count of packets processed" }, + { "ignored packets", "count of packets ignored" }, + { "aim clients", "count of aim clients discovered" }, + { "battlefield flows", "count of battle field flows discovered" }, + { "bgp flows", "count of bgp flows discovered" }, + { "bit clients", "count of bittorrent clients discovered" }, + { "bit flows", "count of bittorrent flows discovered" }, + { "bittracker clients", "count of bittorrent tracker clients discovered" }, + { "bootp flows", "count of bootp flows discovered" }, + { "dcerpc tcp flows", "count of dce rpc flows over tcp discovered" }, + { "dcerpc udp flows", "count of dce rpc flows over udp discovered" }, + { "direct connect flows", "count of direct connect flows discovered" }, + { "dns tcp flows", "count of dns flows over tcp discovered" }, + { "dns udp flows", "count of dns flows over udp discovered" }, + { "ftp flows", "count of ftp flows discovered" }, + { "ftps flows", "count of ftps flows discovered" }, + { "http flows", "count of http flows discovered" }, + { "imap flows", "count of imap service flows discovered" }, + { "imaps flows", "count of imap TLS service flows discovered" }, + { "irc flows", "count of irc service flows discovered" }, + { "kerberos clients", "count of kerberos clients discovered" }, + { "kerberos flows", "count of kerberos service flows discovered" }, + { "kerberos users", "count of kerberos users discovered" }, + { "lpr flows", "count of lpr service flows discovered" }, + { "mdns flows", "count of mdns service flows discovered" }, + { "msn clients", "count of msn clients discovered" }, + { "mysql flows", "count of mysql service flows discovered" }, + { "netbios dgm flows", "count of netbios-dgm service flows discovered" }, + { "netbios ns flows", "count of netbios-ns service flows discovered" }, + { "netbios ssn flows", "count of netbios-ssn service flows discovered" }, + { "nntp flows", "count of nntp flows discovered" }, + { "ntp flows", "count of ntp flows discovered" }, + { "pop flows", "count of pop service flows discovered" }, + { "radius flows", "count of radius flows discovered" }, + { "rexec flows", "count of rexec flows discovered" }, + { "rfb flows", "count of rfb flows discovered" }, + { "rlogin flows", "count of rlogin flows discovered" }, + { "rpc flows", "count of rpc flows discovered" }, + { "rshell flows", "count of rshell flows discovered" }, + { "rsync flows", "count of rsync service flows discovered" }, + { "rtmp flows", "count of rtmp flows discovered" }, + { "rtp clients", "count of rtp clients discovered" }, + { "sip clients", "count of SIP clients discovered" }, + { "sip flows", "count of SIP flows discovered" }, + { "smtp aol clients", "count of AOL smtp clients discovered" }, + { "smtp applemail clients", "count of Apple Mail smtp clients discovered" }, + { "smtp eudora clients", "count of Eudora smtp clients discovered" }, + { "smtp eudora pro clients", "count of Eudora Pro smtp clients discovered" }, + { "smtp evolution clients", "count of Evolution smtp clients discovered" }, + { "smtp kmail clients", "count of KMail smtp clients discovered" }, + { "smtp lotus notes clients", "count of Lotus Notes smtp clients discovered" }, + { "smtp microsoft outlook clients", "count of Microsoft Outlook smtp clients discovered" }, + { "smtp microsoft outlook express clients", + "count of Microsoft Outlook Express smtp clients discovered" }, + { "smtp microsoft outlook imo clients", + "count of Microsoft Outlook IMO smtp clients discovered" }, + { "smtp mutt clients", "count of Mutt smtp clients discovered" }, + { "smtp thunderbird clients", "count of Thunderbird smtp clients discovered" }, + { "smtp flows", "count of smtp flows discovered" }, + { "smtps flows", "count of smtps flows discovered" }, + { "snmp flows", "count of snmp flows discovered" }, + { "ssh clients", "count of ssh clients discovered" }, + { "ssh flows", "count of ssh flows discovered" }, + { "ssl flows", "count of ssl flows discovered" }, + { "telnet flows", "count of telnet flows discovered" }, + { "tftp flows", "count of tftp flows discovered" }, + { "timbuktu flows", "count of timbuktu flows discovered" }, + { "tns clients", "count of tns clients discovered" }, + { "tns flows", "count of tns flows discovered" }, + { "vnc clients", "count of vnc clients discovered" }, + { "yahoo messenger clients", "count of Yahoo Messenger clients discovered" }, { nullptr, nullptr } }; static const Parameter session_log_filter[] = { - {"src_ip", Parameter::PT_ADDR, nullptr, "0.0.0.0/32", - "source ip address in CIDR format" }, - { "dst_ip", Parameter::PT_ADDR, nullptr, "0.0.0.0/32", - "destination ip address in CIDR format" }, + { "src_ip", Parameter::PT_ADDR, nullptr, "0.0.0.0/32", + "source ip address in CIDR format" }, + { "dst_ip", Parameter::PT_ADDR, nullptr, "0.0.0.0/32", + "destination ip address in CIDR format" }, { "src_port", Parameter::PT_PORT, "1:", nullptr, "source port" }, { "dst_port", Parameter::PT_PORT, "1:", nullptr, "destination port" }, { "protocol", Parameter::PT_STRING, nullptr, nullptr,"ip protocol"}, { "log_all_sessions", Parameter::PT_BOOL, nullptr, "false", - "enable logging for all appid sessions" }, + "enable logging for all appid sessions" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; static const Parameter s_params[] = { { "conf", Parameter::PT_STRING, nullptr, nullptr, - "RNA configuration file" }, - { "memcap", Parameter::PT_INT, "1048576:3221225472", "268435456", - "time period for collecting and logging AppId statistics" }, + "RNA configuration file" }, // FIXIT-L eliminate reference to "RNA" + { "memcap", Parameter::PT_INT, "0:", "0", + "disregard - not implemented" }, // FIXIT-M implement or delete appid.memcap { "log_stats", Parameter::PT_BOOL, nullptr, "false", - "enable logging of AppId statistics" }, + "enable logging of appid statistics" }, { "app_stats_period", Parameter::PT_INT, "0:", "300", - "time period for collecting and logging AppId statistics" }, + "time period for collecting and logging appid statistics" }, { "app_stats_rollover_size", Parameter::PT_INT, "0:", "20971520", - "max file size for AppId stats before rolling over the log file" }, + "max file size for appid stats before rolling over the log file" }, { "app_stats_rollover_time", Parameter::PT_INT, "0:", "86400", - "max time period for collection AppId stats before rolling over the log file" }, + "max time period for collection appid stats before rolling over the log file" }, { "app_detector_dir", Parameter::PT_STRING, nullptr, nullptr, - "directory to load AppId detectors from" }, + "directory to load appid detectors from" }, { "instance_id", Parameter::PT_INT, "0:", "0", "instance id - need more details for what this is" }, { "debug", Parameter::PT_BOOL, nullptr, "false", - "enable AppId debug logging" }, + "enable appid debug logging" }, { "dump_ports", Parameter::PT_BOOL, nullptr, "false", - "enable dump of AppId port information" }, + "enable dump of appid port information" }, { "thirdparty_appid_dir", Parameter::PT_STRING, nullptr, nullptr, - "directory to load thirdparty AppId detectors from" }, + "directory to load thirdparty appid detectors from" }, { "session_log_filter", Parameter::PT_TABLE, session_log_filter, nullptr, "session log filter options" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } @@ -239,7 +241,7 @@ bool AppIdModule::end(const char*, int, SnortConfig*) { if ( (config == nullptr) || (config->app_detector_dir == nullptr) ) { - ParseWarning(WARN_CONF,"no app_detector_dir present. No support for AppId in rules.\n"); + ParseWarning(WARN_CONF,"no app_detector_dir present. No support for appid in rules.\n"); } return true; diff --git a/src/network_inspectors/perf_monitor/perf_module.cc b/src/network_inspectors/perf_monitor/perf_module.cc index 446163b34..ed93ef869 100644 --- a/src/network_inspectors/perf_monitor/perf_module.cc +++ b/src/network_inspectors/perf_monitor/perf_module.cc @@ -60,7 +60,7 @@ static const Parameter s_params[] = "report interval" }, { "flow_ip_memcap", Parameter::PT_INT, "8200:", "52428800", - "maximum memory for flow tracking" }, + "maximum memory in bytes for flow tracking" }, { "max_file_size", Parameter::PT_INT, "4096:", "1073741824", "files will be rolled over if they exceed this size" }, @@ -69,16 +69,16 @@ static const Parameter s_params[] = "maximum ports to track" }, { "output", Parameter::PT_ENUM, "file | console", "file", - "Output location for stats" }, + "output location for stats" }, { "modules", Parameter::PT_LIST, module_params, nullptr, "gather statistics from the specified modules" }, { "format", Parameter::PT_ENUM, "csv | text", "csv", - "Output format for stats" }, + "output format for stats" }, { "summary", Parameter::PT_BOOL, nullptr, "false", - "Output summary at shutdown" }, + "output summary at shutdown" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; diff --git a/src/network_inspectors/port_scan/ps_module.cc b/src/network_inspectors/port_scan/ps_module.cc index 5814ebbed..b71179ba5 100644 --- a/src/network_inspectors/port_scan/ps_module.cc +++ b/src/network_inspectors/port_scan/ps_module.cc @@ -205,7 +205,7 @@ PortscanConfig* PortScanModule::get_data() static const Parameter psg_params[] = { { "memcap", Parameter::PT_INT, "1:", "1048576", - "maximum tracker memory" }, + "maximum tracker memory in bytes" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; diff --git a/src/network_inspectors/reputation/reputation_module.cc b/src/network_inspectors/reputation/reputation_module.cc index 852732049..0263e7209 100644 --- a/src/network_inspectors/reputation/reputation_module.cc +++ b/src/network_inspectors/reputation/reputation_module.cc @@ -43,7 +43,7 @@ static const Parameter s_params[] = "blacklist file name with ip lists" }, { "memcap", Parameter::PT_INT, "1:4095", "500", - "maximum total memory allocated" }, + "maximum total MB of memory allocated" }, { "nested_ip", Parameter::PT_ENUM, "inner|outer|all", "inner", "ip to use when there is IP encapsulation" }, diff --git a/src/service_inspectors/http_inspect/ips_http.cc b/src/service_inspectors/http_inspect/ips_http.cc index 4b3b1bff7..93cf344cc 100644 --- a/src/service_inspectors/http_inspect/ips_http.cc +++ b/src/service_inspectors/http_inspect/ips_http.cc @@ -231,9 +231,9 @@ int HttpIpsOption::eval(Cursor& c, Packet* p) static const Parameter http_uri_params[] = { { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body" }, + "parts of this rule examine HTTP message body" }, { "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message trailers" }, + "parts of this rule examine HTTP message trailers" }, { "scheme", Parameter::PT_IMPLIED, nullptr, nullptr, "match against scheme section of URI only" }, { "host", Parameter::PT_IMPLIED, nullptr, nullptr, @@ -332,9 +332,9 @@ static const IpsApi client_body_api = static const Parameter http_method_params[] = { { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body" }, + "parts of this rule examine HTTP message body" }, { "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message trailers" }, + "parts of this rule examine HTTP message trailers" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -381,11 +381,11 @@ static const IpsApi method_api = static const Parameter http_cookie_params[] = { { "request", Parameter::PT_IMPLIED, nullptr, nullptr, - "Match against the cookie from the request message even when examining the response" }, + "match against the cookie from the request message even when examining the response" }, { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body" }, + "parts of this rule examine HTTP message body" }, { "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message trailers" }, + "parts of this rule examine HTTP message trailers" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -432,9 +432,9 @@ static const IpsApi cookie_api = static const Parameter http_stat_code_params[] = { { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body" }, + "parts of this rule examine HTTP message body" }, { "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message trailers" }, + "parts of this rule examine HTTP message trailers" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -481,9 +481,9 @@ static const IpsApi stat_code_api = static const Parameter http_stat_msg_params[] = { { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body" }, + "parts of this rule examine HTTP message body" }, { "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message trailers" }, + "parts of this rule examine HTTP message trailers" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -530,9 +530,9 @@ static const IpsApi stat_msg_api = static const Parameter http_raw_uri_params[] = { { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body" }, + "parts of this rule examine HTTP message body" }, { "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message trailers" }, + "parts of this rule examine HTTP message trailers" }, { "scheme", Parameter::PT_IMPLIED, nullptr, nullptr, "match against scheme section of URI only" }, { "host", Parameter::PT_IMPLIED, nullptr, nullptr, @@ -591,11 +591,11 @@ static const IpsApi raw_uri_api = static const Parameter http_raw_header_params[] = { { "request", Parameter::PT_IMPLIED, nullptr, nullptr, - "Match against the headers from the request message even when examining the response" }, + "match against the headers from the request message even when examining the response" }, { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body" }, + "parts of this rule examine HTTP message body" }, { "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message trailers" }, + "parts of this rule examine HTTP message trailers" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -642,11 +642,11 @@ static const IpsApi raw_header_api = static const Parameter http_raw_cookie_params[] = { { "request", Parameter::PT_IMPLIED, nullptr, nullptr, - "Match against the cookie from the request message even when examining the response" }, + "match against the cookie from the request message even when examining the response" }, { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body" }, + "parts of this rule examine HTTP message body" }, { "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message trailers" }, + "parts of this rule examine HTTP message trailers" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -693,11 +693,11 @@ static const IpsApi raw_cookie_api = static const Parameter http_version_params[] = { { "request", Parameter::PT_IMPLIED, nullptr, nullptr, - "Match against the version from the request message even when examining the response" }, + "match against the version from the request message even when examining the response" }, { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body" }, + "parts of this rule examine HTTP message body" }, { "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message trailers" }, + "parts of this rule examine HTTP message trailers" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -750,13 +750,13 @@ static const IpsApi version_api = static const Parameter http_header_params[] = { { "field", Parameter::PT_STRING, nullptr, nullptr, - "Restrict to given header. Header name is case insensitive." }, + "restrict to given header. Header name is case insensitive." }, { "request", Parameter::PT_IMPLIED, nullptr, nullptr, - "Match against the headers from the request message even when examining the response" }, + "match against the headers from the request message even when examining the response" }, { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body" }, + "parts of this rule examine HTTP message body" }, { "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message trailers" }, + "parts of this rule examine HTTP message trailers" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -804,12 +804,12 @@ static const Parameter http_trailer_params[] = { { "field", Parameter::PT_STRING, nullptr, nullptr, "restrict to given trailer" }, { "request", Parameter::PT_IMPLIED, nullptr, nullptr, - "Match against the trailers from the request message even when examining the response" }, + "match against the trailers from the request message even when examining the response" }, { "with_header", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP response message headers (must be combined with request)" + "parts of this rule examine HTTP response message headers (must be combined with request)" }, { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body (must be combined with request)" }, + "parts of this rule examine HTTP message body (must be combined with request)" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -856,12 +856,12 @@ static const IpsApi trailer_api = static const Parameter http_raw_trailer_params[] = { { "request", Parameter::PT_IMPLIED, nullptr, nullptr, - "Match against the trailers from the request message even when examining the response" }, + "match against the trailers from the request message even when examining the response" }, { "with_header", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP response message headers (must be combined with request)" + "parts of this rule examine HTTP response message headers (must be combined with request)" }, { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP response message body (must be combined with request)" }, + "parts of this rule examine HTTP response message body (must be combined with request)" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -908,9 +908,9 @@ static const IpsApi raw_trailer_api = static const Parameter http_raw_request_params[] = { { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body" }, + "parts of this rule examine HTTP message body" }, { "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message trailers" }, + "parts of this rule examine HTTP message trailers" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } }; @@ -957,9 +957,9 @@ static const IpsApi raw_request_api = static const Parameter http_raw_status_params[] = { { "with_body", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message body" }, + "parts of this rule examine HTTP message body" }, { "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr, - "Parts of this rule examine HTTP message trailers" }, + "parts of this rule examine HTTP message trailers" }, { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr } };