From: Victor Julien <vjulien@oisf.net>
Date: Sat, 24 May 2025 07:23:01 +0000 (+0200)
Subject: detect/config: add flow tracking doc
X-Git-Tag: suricata-8.0.0-rc1~99
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f2faba5a23cdc5cefb8454fe74ee7cb75e3c6471;p=thirdparty%2Fsuricata.git

detect/config: add flow tracking doc
---

diff --git a/doc/userguide/rules/config.rst b/doc/userguide/rules/config.rst
index 260364378a..47898e918c 100644
--- a/doc/userguide/rules/config.rst
+++ b/doc/userguide/rules/config.rst
@@ -12,6 +12,12 @@ This example will detect if a DNS query contains the string `suricata` and if
 so disable the DNS transaction logging. This means that `eve.json` records,
 but also Lua output, will not be generated/triggered for this DNS transaction.
 
+Example::
+
+  config tcp:pre_flow any any <> any 666 (config: tracking disable, type flow, scope packet; sid:1;)
+
+This example skips flow tracking for any packet from or to tcp port 666.
+
 Keyword
 -------
 
@@ -24,14 +30,17 @@ Syntax::
 `subsys` can be set to:
 
 * `logging` setting affects logging.
+* `tracking` setting affects tracking.
 
 `type` can be set to:
 
 * `tx` sub type of the `subsys`. If `subsys` is set to `logging`, setting the `type` to `tx` means transaction logging is affected.
+* `flow` sub type of the `subsys`. If `subsys` is set to `flow`, setting the `type` to `flow` means flow tracking is disabled.
 
 `scope` can be set to:
 
 * `tx` setting affects the matching transaction.
+* `packet` setting affects the matching packet.
 
 The `action` in `<subsys>` is currently limited to `disable`.