From: Shivani Bhardwaj Date: Mon, 1 Jul 2019 10:58:04 +0000 (+0530) Subject: detect: Add missing keyword URLs and description X-Git-Tag: suricata-5.0.0-rc1~47 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F4203%2Fhead;p=thirdparty%2Fsuricata.git detect: Add missing keyword URLs and description Add missing keyword URLs and their description. Fix the ones that were incorrect. Partially closes redmine ticket #2974. --- diff --git a/src/detect-app-layer-event.c b/src/detect-app-layer-event.c index b820e96b2d..d6ecf2b317 100644 --- a/src/detect-app-layer-event.c +++ b/src/detect-app-layer-event.c @@ -66,6 +66,8 @@ static int g_applayer_events_list_id = 0; void DetectAppLayerEventRegister(void) { sigmatch_table[DETECT_AL_APP_LAYER_EVENT].name = "app-layer-event"; + sigmatch_table[DETECT_AL_APP_LAYER_EVENT].desc = "Match on events generated by the App Layer Parsers and the protocol detection engine."; + sigmatch_table[DETECT_AL_APP_LAYER_EVENT].url = DOC_URL DOC_VERSION "/rules/app-layer.html#app-layer-event"; sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Match = DetectAppLayerEventPktMatch; sigmatch_table[DETECT_AL_APP_LAYER_EVENT].Setup = DetectAppLayerEventSetupP1; diff --git a/src/detect-app-layer-protocol.c b/src/detect-app-layer-protocol.c index fc0520dc7c..d80dcc21b0 100644 --- a/src/detect-app-layer-protocol.c +++ b/src/detect-app-layer-protocol.c @@ -258,6 +258,8 @@ static _Bool PrefilterAppProtoIsPrefilterable(const Signature *s) void DetectAppLayerProtocolRegister(void) { sigmatch_table[DETECT_AL_APP_LAYER_PROTOCOL].name = "app-layer-protocol"; + sigmatch_table[DETECT_AL_APP_LAYER_PROTOCOL].desc = "Match on the detected app-layer protocol."; + sigmatch_table[DETECT_AL_APP_LAYER_PROTOCOL].url = DOC_URL DOC_VERSION "/rules/app-layer.html#app-layer-protocol"; sigmatch_table[DETECT_AL_APP_LAYER_PROTOCOL].Match = DetectAppLayerProtocolPacketMatch; sigmatch_table[DETECT_AL_APP_LAYER_PROTOCOL].Setup = diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index a5e8ab648b..70fc6f8c29 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -99,6 +99,8 @@ static void DetectByteExtractFree(void *); void DetectByteExtractRegister(void) { sigmatch_table[DETECT_BYTE_EXTRACT].name = "byte_extract"; + sigmatch_table[DETECT_BYTE_EXTRACT].desc = "Extract at a particular and store it in ."; + sigmatch_table[DETECT_BYTE_EXTRACT].url = DOC_URL DOC_VERSION "/rules/payload-keywords.html#byte-extract"; sigmatch_table[DETECT_BYTE_EXTRACT].Match = NULL; sigmatch_table[DETECT_BYTE_EXTRACT].Setup = DetectByteExtractSetup; sigmatch_table[DETECT_BYTE_EXTRACT].Free = DetectByteExtractFree; diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index 63b71bd5bc..37764c5318 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -70,6 +70,8 @@ static void DetectBytejumpRegisterTests(void); void DetectBytejumpRegister (void) { sigmatch_table[DETECT_BYTEJUMP].name = "byte_jump"; + sigmatch_table[DETECT_BYTEJUMP].desc = "Allow the ability to select a from an and move the detection pointer to that position."; + sigmatch_table[DETECT_BYTEJUMP].url = DOC_URL DOC_VERSION "/rules/payload-keywords.html#byte-jump"; sigmatch_table[DETECT_BYTEJUMP].Match = DetectBytejumpMatch; sigmatch_table[DETECT_BYTEJUMP].Setup = DetectBytejumpSetup; sigmatch_table[DETECT_BYTEJUMP].Free = DetectBytejumpFree; diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c index 09dc5bbf3f..bc25a85360 100644 --- a/src/detect-bytetest.c +++ b/src/detect-bytetest.c @@ -71,6 +71,8 @@ static void DetectBytetestRegisterTests(void); void DetectBytetestRegister (void) { sigmatch_table[DETECT_BYTETEST].name = "byte_test"; + sigmatch_table[DETECT_BYTETEST].desc = "Extract and perform an operation selected with against the value in at a particular ."; + sigmatch_table[DETECT_BYTETEST].url = DOC_URL DOC_VERSION "/rules/payload-keywords.html#byte-test"; sigmatch_table[DETECT_BYTETEST].Match = DetectBytetestMatch; sigmatch_table[DETECT_BYTETEST].Setup = DetectBytetestSetup; sigmatch_table[DETECT_BYTETEST].Free = DetectBytetestFree; diff --git a/src/detect-cipservice.c b/src/detect-cipservice.c index 14491f4972..af51b089f2 100644 --- a/src/detect-cipservice.c +++ b/src/detect-cipservice.c @@ -51,7 +51,8 @@ void DetectCipServiceRegister(void) { SCEnter(); sigmatch_table[DETECT_CIPSERVICE].name = "cip_service"; //rule keyword - sigmatch_table[DETECT_CIPSERVICE].desc = "Rules for detecting CIP Service "; + sigmatch_table[DETECT_CIPSERVICE].desc = "Match on CIP Service."; + sigmatch_table[DETECT_CIPSERVICE].url = DOC_URL DOC_VERSION "/rules/enip-keyword.html#enip-cip-keywords"; sigmatch_table[DETECT_CIPSERVICE].Match = NULL; sigmatch_table[DETECT_CIPSERVICE].Setup = DetectCipServiceSetup; sigmatch_table[DETECT_CIPSERVICE].Free = DetectCipServiceFree; @@ -305,7 +306,8 @@ void DetectEnipCommandRegister(void) { sigmatch_table[DETECT_ENIPCOMMAND].name = "enip_command"; //rule keyword sigmatch_table[DETECT_ENIPCOMMAND].desc - = "Rules for detecting EtherNet/IP command"; + = "Rules for detecting EtherNet/IP command."; + sigmatch_table[DETECT_ENIPCOMMAND].url = DOC_URL DOC_VERSION "/rules/enip-keyword.html#enip-cip-keywords"; sigmatch_table[DETECT_ENIPCOMMAND].Match = NULL; sigmatch_table[DETECT_ENIPCOMMAND].Setup = DetectEnipCommandSetup; sigmatch_table[DETECT_ENIPCOMMAND].Free = DetectEnipCommandFree; diff --git a/src/detect-classtype.c b/src/detect-classtype.c index bd25882a73..f149a66b00 100644 --- a/src/detect-classtype.c +++ b/src/detect-classtype.c @@ -51,7 +51,7 @@ static void DetectClasstypeRegisterTests(void); void DetectClasstypeRegister(void) { sigmatch_table[DETECT_CLASSTYPE].name = "classtype"; - sigmatch_table[DETECT_CLASSTYPE].desc = "information about the classification of rules and alerts"; + sigmatch_table[DETECT_CLASSTYPE].desc = "Information about the classification of rules and alerts."; sigmatch_table[DETECT_CLASSTYPE].url = DOC_URL DOC_VERSION "/rules/meta.html#classtype"; sigmatch_table[DETECT_CLASSTYPE].Match = NULL; sigmatch_table[DETECT_CLASSTYPE].Setup = DetectClasstypeSetup; diff --git a/src/detect-content.c b/src/detect-content.c index 79cff1dfa9..6aa7f40654 100644 --- a/src/detect-content.c +++ b/src/detect-content.c @@ -55,7 +55,7 @@ static void DetectContentRegisterTests(void); void DetectContentRegister (void) { sigmatch_table[DETECT_CONTENT].name = "content"; - sigmatch_table[DETECT_CONTENT].desc = "match on payload content"; + sigmatch_table[DETECT_CONTENT].desc = "Match on payload content."; sigmatch_table[DETECT_CONTENT].url = DOC_URL DOC_VERSION "/rules/payload-keywords.html#content"; sigmatch_table[DETECT_CONTENT].Match = NULL; sigmatch_table[DETECT_CONTENT].Setup = DetectContentSetup; diff --git a/src/detect-depth.c b/src/detect-depth.c index bb7e595bd4..1719ca0242 100644 --- a/src/detect-depth.c +++ b/src/detect-depth.c @@ -47,7 +47,7 @@ static int DetectStartsWithSetup (DetectEngineCtx *, Signature *, const char *); void DetectDepthRegister (void) { sigmatch_table[DETECT_DEPTH].name = "depth"; - sigmatch_table[DETECT_DEPTH].desc = "designate how many bytes from the beginning of the payload will be checked"; + sigmatch_table[DETECT_DEPTH].desc = "Designate how many bytes from the beginning of the payload will be checked."; sigmatch_table[DETECT_DEPTH].url = DOC_URL DOC_VERSION "/rules/payload-keywords.html#depth"; sigmatch_table[DETECT_DEPTH].Match = NULL; sigmatch_table[DETECT_DEPTH].Setup = DetectDepthSetup; diff --git a/src/detect-dnp3.c b/src/detect-dnp3.c index ab2625394b..849cea0362 100644 --- a/src/detect-dnp3.c +++ b/src/detect-dnp3.c @@ -492,6 +492,8 @@ static void DetectDNP3FuncRegister(void) sigmatch_table[DETECT_AL_DNP3FUNC].name = "dnp3_func"; sigmatch_table[DETECT_AL_DNP3FUNC].alias = "dnp3.func"; + sigmatch_table[DETECT_AL_DNP3FUNC].desc = "Match on the application function code found in DNP3 request and responses."; + sigmatch_table[DETECT_AL_DNP3FUNC].url = DOC_URL DOC_VERSION "/rules/dnp3-keywords.html#dnp3-func"; sigmatch_table[DETECT_AL_DNP3FUNC].Match = NULL; sigmatch_table[DETECT_AL_DNP3FUNC].AppLayerTxMatch = DetectDNP3FuncMatch; sigmatch_table[DETECT_AL_DNP3FUNC].Setup = DetectDNP3FuncSetup; @@ -508,6 +510,8 @@ static void DetectDNP3IndRegister(void) sigmatch_table[DETECT_AL_DNP3IND].name = "dnp3_ind"; sigmatch_table[DETECT_AL_DNP3IND].alias = "dnp3.ind"; + sigmatch_table[DETECT_AL_DNP3IND].desc = "Match on the DNP3 internal indicator flags in the response application header."; + sigmatch_table[DETECT_AL_DNP3IND].url = DOC_URL DOC_VERSION "/rules/dnp3-keywords.html#dnp3-ind"; sigmatch_table[DETECT_AL_DNP3IND].Match = NULL; sigmatch_table[DETECT_AL_DNP3IND].AppLayerTxMatch = DetectDNP3IndMatch; sigmatch_table[DETECT_AL_DNP3IND].Setup = DetectDNP3IndSetup; @@ -524,6 +528,8 @@ static void DetectDNP3ObjRegister(void) sigmatch_table[DETECT_AL_DNP3OBJ].name = "dnp3_obj"; sigmatch_table[DETECT_AL_DNP3OBJ].alias = "dnp3.obj"; + sigmatch_table[DETECT_AL_DNP3OBJ].desc = "Match on the DNP3 application data objects."; + sigmatch_table[DETECT_AL_DNP3OBJ].url = DOC_URL DOC_VERSION "/rules/dnp3-keywords.html#dnp3-obj"; sigmatch_table[DETECT_AL_DNP3OBJ].Match = NULL; sigmatch_table[DETECT_AL_DNP3OBJ].AppLayerTxMatch = DetectDNP3ObjMatch; sigmatch_table[DETECT_AL_DNP3OBJ].Setup = DetectDNP3ObjSetup; @@ -552,6 +558,8 @@ static void DetectDNP3DataRegister(void) sigmatch_table[DETECT_AL_DNP3DATA].name = "dnp3.data"; sigmatch_table[DETECT_AL_DNP3DATA].alias = "dnp3_data"; + sigmatch_table[DETECT_AL_DNP3DATA].desc = "Make the following content options to match on the re-assembled application buffer."; + sigmatch_table[DETECT_AL_DNP3DATA].url = DOC_URL DOC_VERSION "/rules/dnp3-keywords.html#dnp3-data"; sigmatch_table[DETECT_AL_DNP3DATA].Setup = DetectDNP3DataSetup; sigmatch_table[DETECT_AL_DNP3DATA].RegisterTests = DetectDNP3DataRegisterTests; diff --git a/src/detect-dns-query.c b/src/detect-dns-query.c index 25d4076d91..8fabfc3dec 100644 --- a/src/detect-dns-query.c +++ b/src/detect-dns-query.c @@ -208,7 +208,8 @@ void DetectDnsQueryRegister (void) { sigmatch_table[DETECT_AL_DNS_QUERY].name = "dns.query"; sigmatch_table[DETECT_AL_DNS_QUERY].alias = "dns_query"; - sigmatch_table[DETECT_AL_DNS_QUERY].desc = "sticky buffer to match DNS query-buffer"; + sigmatch_table[DETECT_AL_DNS_QUERY].desc = "Sticky buffer to match DNS query-buffer."; + sigmatch_table[DETECT_AL_DNS_QUERY].url = DOC_URL DOC_VERSION "/rules/dns-keywords.html#dns-query"; sigmatch_table[DETECT_AL_DNS_QUERY].Setup = DetectDnsQuerySetup; sigmatch_table[DETECT_AL_DNS_QUERY].RegisterTests = DetectDnsQueryRegisterTests; sigmatch_table[DETECT_AL_DNS_QUERY].flags |= SIGMATCH_NOOPT; diff --git a/src/detect-dsize.c b/src/detect-dsize.c index c92adfc7ad..b3d0b06162 100644 --- a/src/detect-dsize.c +++ b/src/detect-dsize.c @@ -65,7 +65,7 @@ static _Bool PrefilterDsizeIsPrefilterable(const Signature *s); void DetectDsizeRegister (void) { sigmatch_table[DETECT_DSIZE].name = "dsize"; - sigmatch_table[DETECT_DSIZE].desc = "match on the size of the packet payload"; + sigmatch_table[DETECT_DSIZE].desc = "Match on the size of the packet payload."; sigmatch_table[DETECT_DSIZE].url = DOC_URL DOC_VERSION "/rules/payload-keywords.html#dsize"; sigmatch_table[DETECT_DSIZE].Match = DetectDsizeMatch; sigmatch_table[DETECT_DSIZE].Setup = DetectDsizeSetup; diff --git a/src/detect-flow.c b/src/detect-flow.c index 236025b4d3..ff85859308 100644 --- a/src/detect-flow.c +++ b/src/detect-flow.c @@ -64,7 +64,7 @@ static _Bool PrefilterFlowIsPrefilterable(const Signature *s); void DetectFlowRegister (void) { sigmatch_table[DETECT_FLOW].name = "flow"; - sigmatch_table[DETECT_FLOW].desc = "match on direction and state of the flow"; + sigmatch_table[DETECT_FLOW].desc = "Match on direction and state of the flow."; sigmatch_table[DETECT_FLOW].url = DOC_URL DOC_VERSION "/rules/flow-keywords.html#flow"; sigmatch_table[DETECT_FLOW].Match = DetectFlowMatch; sigmatch_table[DETECT_FLOW].Setup = DetectFlowSetup; diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c index 06e5efc375..a51900ec41 100644 --- a/src/detect-fragbits.c +++ b/src/detect-fragbits.c @@ -83,7 +83,7 @@ static _Bool PrefilterFragBitsIsPrefilterable(const Signature *s); void DetectFragBitsRegister (void) { sigmatch_table[DETECT_FRAGBITS].name = "fragbits"; - sigmatch_table[DETECT_FRAGBITS].desc = "check if the fragmentation and reserved bits are set in the IP header"; + sigmatch_table[DETECT_FRAGBITS].desc = "Check if the fragmentation and reserved bits are set in the IP header."; sigmatch_table[DETECT_FRAGBITS].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#fragbits-ip-fragmentation"; sigmatch_table[DETECT_FRAGBITS].Match = DetectFragBitsMatch; sigmatch_table[DETECT_FRAGBITS].Setup = DetectFragBitsSetup; diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c index 7599703b4a..58ef929353 100644 --- a/src/detect-fragoffset.c +++ b/src/detect-fragoffset.c @@ -59,7 +59,7 @@ static _Bool PrefilterFragOffsetIsPrefilterable(const Signature *s); void DetectFragOffsetRegister (void) { sigmatch_table[DETECT_FRAGOFFSET].name = "fragoffset"; - sigmatch_table[DETECT_FRAGOFFSET].desc = "match on specific decimal values of the IP fragment offset field"; + sigmatch_table[DETECT_FRAGOFFSET].desc = "Match on specific decimal values of the IP fragment offset field."; sigmatch_table[DETECT_FRAGOFFSET].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#fragoffset"; sigmatch_table[DETECT_FRAGOFFSET].Match = DetectFragOffsetMatch; sigmatch_table[DETECT_FRAGOFFSET].Setup = DetectFragOffsetSetup; diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c index ef66ab80d0..9086cabddd 100644 --- a/src/detect-ftpbounce.c +++ b/src/detect-ftpbounce.c @@ -68,6 +68,7 @@ static int InspectFtpRequest(ThreadVars *tv, void DetectFtpbounceRegister(void) { sigmatch_table[DETECT_FTPBOUNCE].name = "ftpbounce"; + sigmatch_table[DETECT_FTPBOUNCE].desc = "Detect FTP bounce attacks."; sigmatch_table[DETECT_FTPBOUNCE].Setup = DetectFtpbounceSetup; sigmatch_table[DETECT_FTPBOUNCE].AppLayerTxMatch = DetectFtpbounceALMatch; sigmatch_table[DETECT_FTPBOUNCE].RegisterTests = DetectFtpbounceRegisterTests; diff --git a/src/detect-geoip.c b/src/detect-geoip.c index 35e2171c0e..909e255a13 100644 --- a/src/detect-geoip.c +++ b/src/detect-geoip.c @@ -55,6 +55,8 @@ static int DetectGeoipSetupNoSupport (DetectEngineCtx *a, Signature *b, const ch void DetectGeoipRegister(void) { sigmatch_table[DETECT_GEOIP].name = "geoip"; + sigmatch_table[DETECT_GEOIP].desc = "Match on the source, destination or source and destination IP addresses of network traffic, and to see to which country it belongs."; + sigmatch_table[DETECT_GEOIP].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#geoip"; sigmatch_table[DETECT_GEOIP].Setup = DetectGeoipSetupNoSupport; sigmatch_table[DETECT_GEOIP].Free = NULL; sigmatch_table[DETECT_GEOIP].RegisterTests = NULL; diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 8d75629b12..d5b44a5feb 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -407,7 +407,7 @@ void DetectHttpHeaderRegister(void) { /* http_header content modifier */ sigmatch_table[DETECT_AL_HTTP_HEADER].name = "http_header"; - sigmatch_table[DETECT_AL_HTTP_HEADER].desc = "content modifier to match only on the HTTP header-buffer"; + sigmatch_table[DETECT_AL_HTTP_HEADER].desc = "Content modifier to match only on the HTTP header-buffer."; sigmatch_table[DETECT_AL_HTTP_HEADER].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-header-and-http-raw-header"; sigmatch_table[DETECT_AL_HTTP_HEADER].Setup = DetectHttpHeaderSetup; #ifdef UNITTESTS @@ -419,8 +419,8 @@ void DetectHttpHeaderRegister(void) /* http.header sticky buffer */ sigmatch_table[DETECT_HTTP_HEADER].name = "http.header"; - sigmatch_table[DETECT_HTTP_HEADER].desc = "sticky buffer to match on the normalized HTTP header-buffer"; - sigmatch_table[DETECT_HTTP_HEADER].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-header"; + sigmatch_table[DETECT_HTTP_HEADER].desc = "Sticky buffer to match on the normalized HTTP header-buffer."; + sigmatch_table[DETECT_HTTP_HEADER].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-header-and-http-raw-header"; sigmatch_table[DETECT_HTTP_HEADER].Setup = DetectHttpHeaderSetupSticky; sigmatch_table[DETECT_HTTP_HEADER].flags |= SIGMATCH_NOOPT; sigmatch_table[DETECT_HTTP_HEADER].flags |= SIGMATCH_INFO_STICKY_BUFFER; diff --git a/src/detect-http-host.c b/src/detect-http-host.c index 3cc2805869..e74329c527 100644 --- a/src/detect-http-host.c +++ b/src/detect-http-host.c @@ -83,7 +83,8 @@ void DetectHttpHHRegister(void) { /* http_host content modifier */ sigmatch_table[DETECT_AL_HTTP_HOST].name = "http_host"; - sigmatch_table[DETECT_AL_HTTP_HOST].desc = "content modifier to match on the HTTP hostname"; + sigmatch_table[DETECT_AL_HTTP_HOST].desc = "Content modifier to match on the HTTP hostname."; + sigmatch_table[DETECT_AL_HTTP_HOST].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-host-and-http-raw-host"; sigmatch_table[DETECT_AL_HTTP_HOST].Setup = DetectHttpHHSetup; #ifdef UNITTESTS sigmatch_table[DETECT_AL_HTTP_HOST].RegisterTests = DetectHttpHHRegisterTests; @@ -93,8 +94,8 @@ void DetectHttpHHRegister(void) /* http.host sticky buffer */ sigmatch_table[DETECT_HTTP_HOST].name = "http.host"; - sigmatch_table[DETECT_HTTP_HOST].desc = "sticky buffer to match on the HTTP Host buffer"; - sigmatch_table[DETECT_HTTP_HOST].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-host"; + sigmatch_table[DETECT_HTTP_HOST].desc = "Sticky buffer to match on the HTTP Host buffer."; + sigmatch_table[DETECT_HTTP_HOST].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-host-and-http-raw-host"; sigmatch_table[DETECT_HTTP_HOST].Setup = DetectHttpHostSetup; sigmatch_table[DETECT_HTTP_HOST].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; @@ -116,15 +117,16 @@ void DetectHttpHHRegister(void) /* http_raw_host content modifier */ sigmatch_table[DETECT_AL_HTTP_RAW_HOST].name = "http_raw_host"; - sigmatch_table[DETECT_AL_HTTP_RAW_HOST].desc = "content modifier to match on the HTTP host header or the raw hostname from the HTTP uri"; + sigmatch_table[DETECT_AL_HTTP_RAW_HOST].desc = "Content modifier to match on the HTTP host header or the raw hostname from the HTTP uri."; + sigmatch_table[DETECT_AL_HTTP_RAW_HOST].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-host-and-http-raw-host"; sigmatch_table[DETECT_AL_HTTP_RAW_HOST].Setup = DetectHttpHRHSetup; sigmatch_table[DETECT_AL_HTTP_RAW_HOST].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_CONTENT_MODIFIER; sigmatch_table[DETECT_AL_HTTP_RAW_HOST].alternative = DETECT_HTTP_HOST_RAW; /* http.host sticky buffer */ sigmatch_table[DETECT_HTTP_HOST_RAW].name = "http.host.raw"; - sigmatch_table[DETECT_HTTP_HOST_RAW].desc = "sticky buffer to match on the HTTP host header or the raw hostname from the HTTP uri"; - sigmatch_table[DETECT_HTTP_HOST_RAW].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-host"; + sigmatch_table[DETECT_HTTP_HOST_RAW].desc = "Sticky buffer to match on the HTTP host header or the raw hostname from the HTTP uri."; + sigmatch_table[DETECT_HTTP_HOST_RAW].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-host-and-http-raw-host"; sigmatch_table[DETECT_HTTP_HOST_RAW].Setup = DetectHttpHostRawSetupSticky; sigmatch_table[DETECT_HTTP_HOST_RAW].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; diff --git a/src/detect-http-raw-header.c b/src/detect-http-raw-header.c index e9e4848071..e306c4ce6d 100644 --- a/src/detect-http-raw-header.c +++ b/src/detect-http-raw-header.c @@ -77,7 +77,8 @@ void DetectHttpRawHeaderRegister(void) { /* http_raw_header content modifier */ sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].name = "http_raw_header"; - sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].desc = "content modifier to match the raw HTTP header buffer"; + sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].desc = "Content modifier to match the raw HTTP header buffer."; + sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-header-and-http-raw-header"; sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetup; #ifdef UNITTESTS sigmatch_table[DETECT_AL_HTTP_RAW_HEADER].RegisterTests = DetectHttpRawHeaderRegisterTests; @@ -87,8 +88,8 @@ void DetectHttpRawHeaderRegister(void) /* http.header.raw sticky buffer */ sigmatch_table[DETECT_HTTP_RAW_HEADER].name = "http.header.raw"; - sigmatch_table[DETECT_HTTP_RAW_HEADER].desc = "sticky buffer to match the raw HTTP header buffer"; - sigmatch_table[DETECT_HTTP_RAW_HEADER].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-raw-header"; + sigmatch_table[DETECT_HTTP_RAW_HEADER].desc = "Sticky buffer to match the raw HTTP header buffer."; + sigmatch_table[DETECT_HTTP_RAW_HEADER].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-header-and-http-raw-header"; sigmatch_table[DETECT_HTTP_RAW_HEADER].Setup = DetectHttpRawHeaderSetupSticky; sigmatch_table[DETECT_HTTP_RAW_HEADER].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; diff --git a/src/detect-http-stat-code.c b/src/detect-http-stat-code.c index f47a92a86d..240c54fa02 100644 --- a/src/detect-http-stat-code.c +++ b/src/detect-http-stat-code.c @@ -92,7 +92,7 @@ void DetectHttpStatCodeRegister (void) /* http.stat_code content modifier */ sigmatch_table[DETECT_HTTP_STAT_CODE].name = "http.stat_code"; sigmatch_table[DETECT_HTTP_STAT_CODE].desc = "sticky buffer to match only on HTTP stat-code-buffer"; - sigmatch_table[DETECT_HTTP_STAT_CODE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_stat-code"; + sigmatch_table[DETECT_HTTP_STAT_CODE].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-stat-code"; sigmatch_table[DETECT_HTTP_STAT_CODE].Setup = DetectHttpStatCodeSetupSticky; sigmatch_table[DETECT_HTTP_STAT_CODE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; diff --git a/src/detect-http-stat-msg.c b/src/detect-http-stat-msg.c index a81b1e7c79..40e9e1617a 100644 --- a/src/detect-http-stat-msg.c +++ b/src/detect-http-stat-msg.c @@ -80,7 +80,7 @@ void DetectHttpStatMsgRegister (void) { /* http_stat_msg content modifier */ sigmatch_table[DETECT_AL_HTTP_STAT_MSG].name = "http_stat_msg"; - sigmatch_table[DETECT_AL_HTTP_STAT_MSG].desc = "content modifier to match on HTTP stat-msg-buffer"; + sigmatch_table[DETECT_AL_HTTP_STAT_MSG].desc = "Content modifier to match on HTTP stat-msg-buffer."; sigmatch_table[DETECT_AL_HTTP_STAT_MSG].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-stat-msg"; sigmatch_table[DETECT_AL_HTTP_STAT_MSG].Setup = DetectHttpStatMsgSetup; #ifdef UNITTESTS @@ -91,8 +91,8 @@ void DetectHttpStatMsgRegister (void) /* http.stat_msg sticky buffer */ sigmatch_table[DETECT_HTTP_STAT_MSG].name = "http.stat_msg"; - sigmatch_table[DETECT_HTTP_STAT_MSG].desc = "sticky buffer to match on the HTTP response status message"; - sigmatch_table[DETECT_HTTP_STAT_MSG].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_stat-msg"; + sigmatch_table[DETECT_HTTP_STAT_MSG].desc = "Sticky buffer to match on the HTTP response status message."; + sigmatch_table[DETECT_HTTP_STAT_MSG].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-stat-msg"; sigmatch_table[DETECT_HTTP_STAT_MSG].Setup = DetectHttpStatMsgSetupSticky; sigmatch_table[DETECT_HTTP_STAT_MSG].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; diff --git a/src/detect-http-uri.c b/src/detect-http-uri.c index a10ffb6d7c..3cc4635b83 100644 --- a/src/detect-http-uri.c +++ b/src/detect-http-uri.c @@ -89,7 +89,7 @@ void DetectHttpUriRegister (void) { /* http_uri content modifier */ sigmatch_table[DETECT_AL_HTTP_URI].name = "http_uri"; - sigmatch_table[DETECT_AL_HTTP_URI].desc = "content modifier to match specifically and only on the HTTP uri-buffer"; + sigmatch_table[DETECT_AL_HTTP_URI].desc = "Content modifier to match specifically and only on the HTTP uri-buffer."; sigmatch_table[DETECT_AL_HTTP_URI].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-uri-and-http-raw-uri"; sigmatch_table[DETECT_AL_HTTP_URI].Setup = DetectHttpUriSetup; #ifdef UNITTESTS @@ -101,8 +101,8 @@ void DetectHttpUriRegister (void) /* http.uri sticky buffer */ sigmatch_table[DETECT_HTTP_URI].name = "http.uri"; sigmatch_table[DETECT_HTTP_URI].alias = "http.uri.normalized"; - sigmatch_table[DETECT_HTTP_URI].desc = "sticky buffer to match specifically and only on the normalized HTTP URI buffer"; - sigmatch_table[DETECT_HTTP_URI].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#http-uri"; + sigmatch_table[DETECT_HTTP_URI].desc = "Sticky buffer to match specifically and only on the normalized HTTP URI buffer."; + sigmatch_table[DETECT_HTTP_URI].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-uri-and-http-raw-uri"; sigmatch_table[DETECT_HTTP_URI].Setup = DetectHttpUriSetupSticky; sigmatch_table[DETECT_HTTP_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; @@ -127,7 +127,7 @@ void DetectHttpUriRegister (void) /* http_raw_uri content modifier */ sigmatch_table[DETECT_AL_HTTP_RAW_URI].name = "http_raw_uri"; - sigmatch_table[DETECT_AL_HTTP_RAW_URI].desc = "content modifier to match on the raw HTTP uri"; + sigmatch_table[DETECT_AL_HTTP_RAW_URI].desc = "Content modifier to match on the raw HTTP uri."; sigmatch_table[DETECT_AL_HTTP_RAW_URI].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http_uri-and-http_raw-uri"; sigmatch_table[DETECT_AL_HTTP_RAW_URI].Setup = DetectHttpRawUriSetup; sigmatch_table[DETECT_AL_HTTP_RAW_URI].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_CONTENT_MODIFIER; @@ -135,8 +135,8 @@ void DetectHttpUriRegister (void) /* http.uri.raw sticky buffer */ sigmatch_table[DETECT_HTTP_URI_RAW].name = "http.uri.raw"; - sigmatch_table[DETECT_HTTP_URI_RAW].desc = "sticky buffer to match specifically and only on the raw HTTP URI buffer"; - sigmatch_table[DETECT_HTTP_URI_RAW].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#http-uri"; + sigmatch_table[DETECT_HTTP_URI_RAW].desc = "Sticky buffer to match specifically and only on the raw HTTP URI buffer."; + sigmatch_table[DETECT_HTTP_URI_RAW].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#http-uri-and-http-raw-uri"; sigmatch_table[DETECT_HTTP_URI_RAW].Setup = DetectHttpRawUriSetupSticky; sigmatch_table[DETECT_HTTP_URI_RAW].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c index 499c1fedcb..e932315344 100644 --- a/src/detect-icmp-id.c +++ b/src/detect-icmp-id.c @@ -57,7 +57,7 @@ static _Bool PrefilterIcmpIdIsPrefilterable(const Signature *s); void DetectIcmpIdRegister (void) { sigmatch_table[DETECT_ICMP_ID].name = "icmp_id"; - sigmatch_table[DETECT_ICMP_ID].desc = "check for a ICMP id"; + sigmatch_table[DETECT_ICMP_ID].desc = "Check for a ICMP ID."; sigmatch_table[DETECT_ICMP_ID].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#icmp-id"; sigmatch_table[DETECT_ICMP_ID].Match = DetectIcmpIdMatch; sigmatch_table[DETECT_ICMP_ID].Setup = DetectIcmpIdSetup; diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c index e9875b5cb4..d30f9280b0 100644 --- a/src/detect-icmp-seq.c +++ b/src/detect-icmp-seq.c @@ -57,7 +57,7 @@ static _Bool PrefilterIcmpSeqIsPrefilterable(const Signature *s); void DetectIcmpSeqRegister (void) { sigmatch_table[DETECT_ICMP_SEQ].name = "icmp_seq"; - sigmatch_table[DETECT_ICMP_SEQ].desc = "check for a ICMP sequence number"; + sigmatch_table[DETECT_ICMP_SEQ].desc = "Check for a ICMP sequence number."; sigmatch_table[DETECT_ICMP_SEQ].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#icmp-seq"; sigmatch_table[DETECT_ICMP_SEQ].Match = DetectIcmpSeqMatch; sigmatch_table[DETECT_ICMP_SEQ].Setup = DetectIcmpSeqSetup; diff --git a/src/detect-icode.c b/src/detect-icode.c index 40f5c70ba5..22e02c1268 100644 --- a/src/detect-icode.c +++ b/src/detect-icode.c @@ -61,7 +61,7 @@ static _Bool PrefilterICodeIsPrefilterable(const Signature *s); void DetectICodeRegister (void) { sigmatch_table[DETECT_ICODE].name = "icode"; - sigmatch_table[DETECT_ICODE].desc = "match on specific ICMP id-value"; + sigmatch_table[DETECT_ICODE].desc = "Match on specific ICMP id-value."; sigmatch_table[DETECT_ICODE].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#icode"; sigmatch_table[DETECT_ICODE].Match = DetectICodeMatch; sigmatch_table[DETECT_ICODE].Setup = DetectICodeSetup; diff --git a/src/detect-ipopts.c b/src/detect-ipopts.c index 952ef2100a..5f1c3e7c12 100644 --- a/src/detect-ipopts.c +++ b/src/detect-ipopts.c @@ -55,7 +55,7 @@ void DetectIpOptsFree(void *); void DetectIpOptsRegister (void) { sigmatch_table[DETECT_IPOPTS].name = "ipopts"; - sigmatch_table[DETECT_IPOPTS].desc = "check if a specific IP option is set"; + sigmatch_table[DETECT_IPOPTS].desc = "Check if a specific IP option is set."; sigmatch_table[DETECT_IPOPTS].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#ipopts"; sigmatch_table[DETECT_IPOPTS].Match = DetectIpOptsMatch; sigmatch_table[DETECT_IPOPTS].Setup = DetectIpOptsSetup; diff --git a/src/detect-iprep.c b/src/detect-iprep.c index be1a91afd7..98f4b86b7c 100644 --- a/src/detect-iprep.c +++ b/src/detect-iprep.c @@ -61,6 +61,8 @@ void IPRepRegisterTests(void); void DetectIPRepRegister (void) { sigmatch_table[DETECT_IPREP].name = "iprep"; + sigmatch_table[DETECT_IPREP].desc = "Match on the IP reputation information for a host."; + sigmatch_table[DETECT_IPREP].url = DOC_URL DOC_VERSION "/rules/ip-reputation-rules.html#iprep"; sigmatch_table[DETECT_IPREP].Match = DetectIPRepMatch; sigmatch_table[DETECT_IPREP].Setup = DetectIPRepSetup; sigmatch_table[DETECT_IPREP].Free = DetectIPRepFree; diff --git a/src/detect-itype.c b/src/detect-itype.c index 5637cfabba..c4e919c58e 100644 --- a/src/detect-itype.c +++ b/src/detect-itype.c @@ -61,7 +61,7 @@ static _Bool PrefilterITypeIsPrefilterable(const Signature *s); void DetectITypeRegister (void) { sigmatch_table[DETECT_ITYPE].name = "itype"; - sigmatch_table[DETECT_ITYPE].desc = "matching on a specific ICMP type"; + sigmatch_table[DETECT_ITYPE].desc = "Match on a specific ICMP type."; sigmatch_table[DETECT_ITYPE].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#itype"; sigmatch_table[DETECT_ITYPE].Match = DetectITypeMatch; sigmatch_table[DETECT_ITYPE].Setup = DetectITypeSetup; diff --git a/src/detect-krb5-cname.c b/src/detect-krb5-cname.c index a63083cbb1..b5002a5a7a 100644 --- a/src/detect-krb5-cname.c +++ b/src/detect-krb5-cname.c @@ -194,9 +194,10 @@ void DetectKrb5CNameRegister(void) { sigmatch_table[DETECT_AL_KRB5_CNAME].name = "krb5.cname"; sigmatch_table[DETECT_AL_KRB5_CNAME].alias = "krb5_cname"; + sigmatch_table[DETECT_AL_KRB5_CNAME].url = DOC_URL DOC_VERSION "/rules/kerberos-keywords.html#krb5-cname"; sigmatch_table[DETECT_AL_KRB5_CNAME].Setup = DetectKrb5CNameSetup; sigmatch_table[DETECT_AL_KRB5_CNAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - sigmatch_table[DETECT_AL_KRB5_CNAME].desc = "sticky buffer to match on Kerberos 5 client name"; + sigmatch_table[DETECT_AL_KRB5_CNAME].desc = "Sticky buffer to match on Kerberos 5 client name."; DetectAppLayerMpmRegister2("krb5_cname", SIG_FLAG_TOCLIENT, 2, PrefilterMpmKrb5CNameRegister, NULL, diff --git a/src/detect-krb5-errcode.c b/src/detect-krb5-errcode.c index 60e937d1a2..28b51bd4c4 100644 --- a/src/detect-krb5-errcode.c +++ b/src/detect-krb5-errcode.c @@ -64,8 +64,8 @@ static int g_krb5_err_code_list_id = 0; */ void DetectKrb5ErrCodeRegister(void) { sigmatch_table[DETECT_AL_KRB5_ERRCODE].name = "krb5_err_code"; - sigmatch_table[DETECT_AL_KRB5_ERRCODE].desc = "match Kerberos 5 message type"; - sigmatch_table[DETECT_AL_KRB5_ERRCODE].url = DOC_URL DOC_VERSION "/rules/kerberos-keywords.html#krb5_err_code"; + sigmatch_table[DETECT_AL_KRB5_ERRCODE].desc = "Match Kerberos 5 error code."; + sigmatch_table[DETECT_AL_KRB5_ERRCODE].url = DOC_URL DOC_VERSION "/rules/kerberos-keywords.html#krb5-err-code"; sigmatch_table[DETECT_AL_KRB5_ERRCODE].Match = NULL; sigmatch_table[DETECT_AL_KRB5_ERRCODE].AppLayerTxMatch = DetectKrb5ErrCodeMatch; sigmatch_table[DETECT_AL_KRB5_ERRCODE].Setup = DetectKrb5ErrCodeSetup; diff --git a/src/detect-krb5-msgtype.c b/src/detect-krb5-msgtype.c index 9f6132f2cc..3c82013542 100644 --- a/src/detect-krb5-msgtype.c +++ b/src/detect-krb5-msgtype.c @@ -64,8 +64,8 @@ static int g_krb5_msg_type_list_id = 0; */ void DetectKrb5MsgTypeRegister(void) { sigmatch_table[DETECT_AL_KRB5_MSGTYPE].name = "krb5_msg_type"; - sigmatch_table[DETECT_AL_KRB5_MSGTYPE].desc = "match Kerberos 5 message type"; - sigmatch_table[DETECT_AL_KRB5_MSGTYPE].url = DOC_URL DOC_VERSION "/rules/kerberos-keywords.html#krb5_msg_type"; + sigmatch_table[DETECT_AL_KRB5_MSGTYPE].desc = "Match Kerberos 5 message type."; + sigmatch_table[DETECT_AL_KRB5_MSGTYPE].url = DOC_URL DOC_VERSION "/rules/kerberos-keywords.html#krb5-msg-type"; sigmatch_table[DETECT_AL_KRB5_MSGTYPE].Match = NULL; sigmatch_table[DETECT_AL_KRB5_MSGTYPE].AppLayerTxMatch = DetectKrb5MsgTypeMatch; sigmatch_table[DETECT_AL_KRB5_MSGTYPE].Setup = DetectKrb5MsgTypeSetup; diff --git a/src/detect-krb5-sname.c b/src/detect-krb5-sname.c index c775baf503..baea142a6b 100644 --- a/src/detect-krb5-sname.c +++ b/src/detect-krb5-sname.c @@ -194,9 +194,10 @@ void DetectKrb5SNameRegister(void) { sigmatch_table[DETECT_AL_KRB5_SNAME].name = "krb5.sname"; sigmatch_table[DETECT_AL_KRB5_SNAME].alias = "krb5_sname"; + sigmatch_table[DETECT_AL_KRB5_SNAME].url = DOC_URL DOC_VERSION "/rules/kerberos-keywords.html#krb5-sname"; sigmatch_table[DETECT_AL_KRB5_SNAME].Setup = DetectKrb5SNameSetup; sigmatch_table[DETECT_AL_KRB5_SNAME].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; - sigmatch_table[DETECT_AL_KRB5_SNAME].desc = "sticky buffer to match on Kerberos 5 server name"; + sigmatch_table[DETECT_AL_KRB5_SNAME].desc = "Sticky buffer to match on Kerberos 5 server name."; DetectAppLayerMpmRegister2("krb5_sname", SIG_FLAG_TOCLIENT, 2, PrefilterMpmKrb5SNameRegister, NULL, diff --git a/src/detect-lua.c b/src/detect-lua.c index 67389dc0ce..4648c027a4 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -75,6 +75,8 @@ void DetectLuaRegister(void) { sigmatch_table[DETECT_LUA].name = "lua"; sigmatch_table[DETECT_LUA].alias = "luajit"; + sigmatch_table[DETECT_LUA].desc = "Support for lua scripting."; + sigmatch_table[DETECT_LUA].url = DOC_URL DOC_VERSION "/rules/rule-lua-scripting.html"; sigmatch_table[DETECT_LUA].Setup = DetectLuaSetupNoSupport; sigmatch_table[DETECT_LUA].Free = NULL; sigmatch_table[DETECT_LUA].RegisterTests = NULL; diff --git a/src/detect-metadata.c b/src/detect-metadata.c index 2a32ebf8d9..3a33e68f44 100644 --- a/src/detect-metadata.c +++ b/src/detect-metadata.c @@ -40,7 +40,7 @@ static void DetectMetadataRegisterTests(void); void DetectMetadataRegister (void) { sigmatch_table[DETECT_METADATA].name = "metadata"; - sigmatch_table[DETECT_METADATA].desc = "used by suricata for logging"; + sigmatch_table[DETECT_METADATA].desc = "Used for logging."; sigmatch_table[DETECT_METADATA].url = DOC_URL DOC_VERSION "/rules/meta.html#metadata"; sigmatch_table[DETECT_METADATA].Match = NULL; sigmatch_table[DETECT_METADATA].Setup = DetectMetadataSetup; diff --git a/src/detect-modbus.c b/src/detect-modbus.c index 159dd05dd1..3571a6e27e 100644 --- a/src/detect-modbus.c +++ b/src/detect-modbus.c @@ -517,6 +517,8 @@ void DetectModbusRegister(void) { SCEnter(); sigmatch_table[DETECT_AL_MODBUS].name = "modbus"; + sigmatch_table[DETECT_AL_MODBUS].desc = "Match on various properties of Modbus requests."; + sigmatch_table[DETECT_AL_MODBUS].url = DOC_URL DOC_VERSION "/rules/modbus-keyword.html#modbus-keyword"; sigmatch_table[DETECT_AL_MODBUS].Match = NULL; sigmatch_table[DETECT_AL_MODBUS].Setup = DetectModbusSetup; sigmatch_table[DETECT_AL_MODBUS].Free = DetectModbusFree; diff --git a/src/detect-msg.c b/src/detect-msg.c index a7dd2c8f03..0ec42f8589 100644 --- a/src/detect-msg.c +++ b/src/detect-msg.c @@ -40,7 +40,7 @@ void DetectMsgRegisterTests(void); void DetectMsgRegister (void) { sigmatch_table[DETECT_MSG].name = "msg"; - sigmatch_table[DETECT_MSG].desc = "information about the rule and the possible alert"; + sigmatch_table[DETECT_MSG].desc = "Information about the rule and the possible alert."; sigmatch_table[DETECT_MSG].url = DOC_URL DOC_VERSION "/rules/meta.html#msg-message"; sigmatch_table[DETECT_MSG].Match = NULL; sigmatch_table[DETECT_MSG].Setup = DetectMsgSetup; diff --git a/src/detect-noalert.c b/src/detect-noalert.c index 3c68758beb..5d759ed838 100644 --- a/src/detect-noalert.c +++ b/src/detect-noalert.c @@ -33,6 +33,8 @@ static int DetectNoalertSetup (DetectEngineCtx *, Signature *, const char *); void DetectNoalertRegister (void) { sigmatch_table[DETECT_NOALERT].name = "noalert"; + sigmatch_table[DETECT_NOALERT].desc = "No alert will be generated by the rule."; + sigmatch_table[DETECT_NOALERT].url = DOC_URL DOC_VERSION "/rules/flow-keywords.html"; sigmatch_table[DETECT_NOALERT].Match = NULL; sigmatch_table[DETECT_NOALERT].Setup = DetectNoalertSetup; sigmatch_table[DETECT_NOALERT].Free = NULL; diff --git a/src/detect-pcre.c b/src/detect-pcre.c index 4e8f9cdb76..9ff6d6df09 100644 --- a/src/detect-pcre.c +++ b/src/detect-pcre.c @@ -86,7 +86,7 @@ static void DetectPcreRegisterTests(void); void DetectPcreRegister (void) { sigmatch_table[DETECT_PCRE].name = "pcre"; - sigmatch_table[DETECT_PCRE].desc = "match on regular expression"; + sigmatch_table[DETECT_PCRE].desc = "Match on regular expression."; sigmatch_table[DETECT_PCRE].url = DOC_URL DOC_VERSION "/rules/payload-keywords.html#pcre-perl-compatible-regular-expressions"; sigmatch_table[DETECT_PCRE].Match = NULL; sigmatch_table[DETECT_PCRE].Setup = DetectPcreSetup; diff --git a/src/detect-prefilter.c b/src/detect-prefilter.c index b311b19153..350222eaa6 100644 --- a/src/detect-prefilter.c +++ b/src/detect-prefilter.c @@ -37,8 +37,8 @@ static int DetectPrefilterSetup (DetectEngineCtx *, Signature *, const char *); void DetectPrefilterRegister(void) { sigmatch_table[DETECT_PREFILTER].name = "prefilter"; - sigmatch_table[DETECT_PREFILTER].desc = "force a condition to be used as prefilter"; - sigmatch_table[DETECT_PREFILTER].url = "/rules/prefilter-keywords.html#prefilter"; + sigmatch_table[DETECT_PREFILTER].desc = "Force a condition to be used as prefilter."; + sigmatch_table[DETECT_PREFILTER].url = DOC_URL DOC_VERSION "/rules/prefilter-keywords.html#prefilter"; sigmatch_table[DETECT_PREFILTER].Match = NULL; sigmatch_table[DETECT_PREFILTER].Setup = DetectPrefilterSetup; sigmatch_table[DETECT_PREFILTER].Free = NULL; diff --git a/src/detect-priority.c b/src/detect-priority.c index e848cec3ad..c28f9d2063 100644 --- a/src/detect-priority.c +++ b/src/detect-priority.c @@ -48,7 +48,7 @@ void SCPriorityRegisterTests(void); void DetectPriorityRegister (void) { sigmatch_table[DETECT_PRIORITY].name = "priority"; - sigmatch_table[DETECT_PRIORITY].desc = "rules with a higher priority will be examined first"; + sigmatch_table[DETECT_PRIORITY].desc = "Rules with a higher priority will be examined first."; sigmatch_table[DETECT_PRIORITY].url = DOC_URL DOC_VERSION "/rules/meta.html#priority"; sigmatch_table[DETECT_PRIORITY].Match = NULL; sigmatch_table[DETECT_PRIORITY].Setup = DetectPrioritySetup; diff --git a/src/detect-reference.c b/src/detect-reference.c index a53517465b..605bd5ece8 100644 --- a/src/detect-reference.c +++ b/src/detect-reference.c @@ -56,7 +56,7 @@ static int DetectReferenceSetup(DetectEngineCtx *, Signature *s, const char *str void DetectReferenceRegister(void) { sigmatch_table[DETECT_REFERENCE].name = "reference"; - sigmatch_table[DETECT_REFERENCE].desc = "direct to places where information about the rule can be found"; + sigmatch_table[DETECT_REFERENCE].desc = "Direct to places where information about the rule can be found."; sigmatch_table[DETECT_REFERENCE].url = DOC_URL DOC_VERSION "/rules/meta.html#reference"; sigmatch_table[DETECT_REFERENCE].Match = NULL; sigmatch_table[DETECT_REFERENCE].Setup = DetectReferenceSetup; diff --git a/src/detect-replace.c b/src/detect-replace.c index b17cb6d666..3a7a0eabb7 100644 --- a/src/detect-replace.c +++ b/src/detect-replace.c @@ -68,6 +68,8 @@ static int DetectReplacePostMatch(DetectEngineThreadCtx *det_ctx, void DetectReplaceRegister (void) { sigmatch_table[DETECT_REPLACE].name = "replace"; + sigmatch_table[DETECT_REPLACE].desc = "Only to be used in IPS-mode. Change the following content into another."; + sigmatch_table[DETECT_REPLACE].url = DOC_URL DOC_VERSION "/rules/payload-keywords.html#replace"; sigmatch_table[DETECT_REPLACE].Match = DetectReplacePostMatch; sigmatch_table[DETECT_REPLACE].Setup = DetectReplaceSetup; sigmatch_table[DETECT_REPLACE].Free = NULL; diff --git a/src/detect-rev.c b/src/detect-rev.c index faa066393f..2112713051 100644 --- a/src/detect-rev.c +++ b/src/detect-rev.c @@ -34,7 +34,7 @@ static int DetectRevSetup (DetectEngineCtx *, Signature *, const char *); void DetectRevRegister (void) { sigmatch_table[DETECT_REV].name = "rev"; - sigmatch_table[DETECT_REV].desc = "set version of the rule"; + sigmatch_table[DETECT_REV].desc = "Set version of the rule."; sigmatch_table[DETECT_REV].url = DOC_URL DOC_VERSION "/rules/meta.html#rev-revision"; sigmatch_table[DETECT_REV].Match = NULL; sigmatch_table[DETECT_REV].Setup = DetectRevSetup; diff --git a/src/detect-sid.c b/src/detect-sid.c index 58d352d9c9..8f98514cb7 100644 --- a/src/detect-sid.c +++ b/src/detect-sid.c @@ -38,7 +38,7 @@ static void DetectSidRegisterTests(void); void DetectSidRegister (void) { sigmatch_table[DETECT_SID].name = "sid"; - sigmatch_table[DETECT_SID].desc = "set rule id"; + sigmatch_table[DETECT_SID].desc = "Set rule ID."; sigmatch_table[DETECT_SID].url = DOC_URL DOC_VERSION "/rules/meta.html#sid-signature-id"; sigmatch_table[DETECT_SID].Match = NULL; sigmatch_table[DETECT_SID].Setup = DetectSidSetup; diff --git a/src/detect-snmp-community.c b/src/detect-snmp-community.c index bf4456bf38..0db5d0e702 100644 --- a/src/detect-snmp-community.c +++ b/src/detect-snmp-community.c @@ -53,13 +53,13 @@ void DetectSNMPCommunityRegister(void) { sigmatch_table[DETECT_AL_SNMP_COMMUNITY].name = "snmp.community"; sigmatch_table[DETECT_AL_SNMP_COMMUNITY].desc = - "SNMP content modififier to match on the SNMP community"; + "SNMP content modifier to match on the SNMP community."; sigmatch_table[DETECT_AL_SNMP_COMMUNITY].Setup = DetectSNMPCommunitySetup; #ifdef UNITTESTS sigmatch_table[DETECT_AL_SNMP_COMMUNITY].RegisterTests = DetectSNMPCommunityRegisterTests; #endif - sigmatch_table[DETECT_AL_SNMP_COMMUNITY].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp.community"; + sigmatch_table[DETECT_AL_SNMP_COMMUNITY].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp-community"; sigmatch_table[DETECT_AL_SNMP_COMMUNITY].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER; diff --git a/src/detect-snmp-pdu_type.c b/src/detect-snmp-pdu_type.c index cd78ede521..ed10dda789 100644 --- a/src/detect-snmp-pdu_type.c +++ b/src/detect-snmp-pdu_type.c @@ -65,8 +65,8 @@ static int DetectSNMPPduTypeMatch (DetectEngineThreadCtx *, Flow *, void DetectSNMPPduTypeRegister(void) { sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].name = "snmp.pdu_type"; - sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].desc = "match SNMP Pdu type"; - sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp.pdu_type"; + sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].desc = "Match SNMP PDU type."; + sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp-pdu-type"; sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].Match = NULL; sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].AppLayerTxMatch = DetectSNMPPduTypeMatch; sigmatch_table[DETECT_AL_SNMP_PDU_TYPE].Setup = DetectSNMPPduTypeSetup; diff --git a/src/detect-snmp-version.c b/src/detect-snmp-version.c index 206045825c..15b81ca096 100644 --- a/src/detect-snmp-version.c +++ b/src/detect-snmp-version.c @@ -77,8 +77,8 @@ static int DetectSNMPVersionMatch (DetectEngineThreadCtx *, Flow *, void DetectSNMPVersionRegister (void) { sigmatch_table[DETECT_AL_SNMP_VERSION].name = "snmp.version"; - sigmatch_table[DETECT_AL_SNMP_VERSION].desc = "match SNMP version"; - sigmatch_table[DETECT_AL_SNMP_VERSION].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp.version"; + sigmatch_table[DETECT_AL_SNMP_VERSION].desc = "Match SNMP version."; + sigmatch_table[DETECT_AL_SNMP_VERSION].url = DOC_URL DOC_VERSION "/rules/snmp-keywords.html#snmp-version"; sigmatch_table[DETECT_AL_SNMP_VERSION].Match = NULL; sigmatch_table[DETECT_AL_SNMP_VERSION].AppLayerTxMatch = DetectSNMPVersionMatch; sigmatch_table[DETECT_AL_SNMP_VERSION].Setup = DetectSNMPVersionSetup; diff --git a/src/detect-ssl-state.c b/src/detect-ssl-state.c index babfed13da..ead2df0d65 100644 --- a/src/detect-ssl-state.c +++ b/src/detect-ssl-state.c @@ -82,6 +82,8 @@ static int g_tls_generic_list_id = 0; void DetectSslStateRegister(void) { sigmatch_table[DETECT_AL_SSL_STATE].name = "ssl_state"; + sigmatch_table[DETECT_AL_SSL_STATE].desc = "Match the state of the SSL connection."; + sigmatch_table[DETECT_AL_SSL_STATE].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#ssl-state"; sigmatch_table[DETECT_AL_SSL_STATE].AppLayerTxMatch = DetectSslStateMatch; sigmatch_table[DETECT_AL_SSL_STATE].Setup = DetectSslStateSetup; sigmatch_table[DETECT_AL_SSL_STATE].Free = DetectSslStateFree; diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c index fabe77e8c1..0c809c737e 100644 --- a/src/detect-ssl-version.c +++ b/src/detect-ssl-version.c @@ -76,6 +76,8 @@ static int g_tls_generic_list_id = 0; void DetectSslVersionRegister(void) { sigmatch_table[DETECT_AL_SSL_VERSION].name = "ssl_version"; + sigmatch_table[DETECT_AL_SSL_VERSION].desc = "Match version of SSL/TLS record."; + sigmatch_table[DETECT_AL_SSL_VERSION].url = DOC_URL DOC_VERSION "/rules/tls-keywords.html#ssl-version"; sigmatch_table[DETECT_AL_SSL_VERSION].AppLayerTxMatch = DetectSslVersionMatch; sigmatch_table[DETECT_AL_SSL_VERSION].Setup = DetectSslVersionSetup; sigmatch_table[DETECT_AL_SSL_VERSION].Free = DetectSslVersionFree; diff --git a/src/detect-tcp-ack.c b/src/detect-tcp-ack.c index 313b79acfb..f080390745 100644 --- a/src/detect-tcp-ack.c +++ b/src/detect-tcp-ack.c @@ -55,7 +55,7 @@ void DetectAckRegister(void) { sigmatch_table[DETECT_ACK].name = "tcp.ack"; sigmatch_table[DETECT_ACK].alias = "ack"; - sigmatch_table[DETECT_ACK].desc = "check for a specific TCP acknowledgement number"; + sigmatch_table[DETECT_ACK].desc = "Check for a specific TCP acknowledgement number."; sigmatch_table[DETECT_ACK].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#ack"; sigmatch_table[DETECT_ACK].Match = DetectAckMatch; sigmatch_table[DETECT_ACK].Setup = DetectAckSetup; diff --git a/src/detect-tcp-seq.c b/src/detect-tcp-seq.c index c5790b9087..c32559c4c5 100644 --- a/src/detect-tcp-seq.c +++ b/src/detect-tcp-seq.c @@ -52,7 +52,7 @@ void DetectSeqRegister(void) { sigmatch_table[DETECT_SEQ].name = "tcp.seq"; sigmatch_table[DETECT_SEQ].alias = "seq"; - sigmatch_table[DETECT_SEQ].desc = "check for a specific TCP sequence number"; + sigmatch_table[DETECT_SEQ].desc = "Check for a specific TCP sequence number."; sigmatch_table[DETECT_SEQ].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#seq"; sigmatch_table[DETECT_SEQ].Match = DetectSeqMatch; sigmatch_table[DETECT_SEQ].Setup = DetectSeqSetup; diff --git a/src/detect-tcp-window.c b/src/detect-tcp-window.c index 92665c880f..d92bd0faea 100644 --- a/src/detect-tcp-window.c +++ b/src/detect-tcp-window.c @@ -60,7 +60,7 @@ void DetectWindowRegister (void) { sigmatch_table[DETECT_WINDOW].name = "tcp.window"; sigmatch_table[DETECT_WINDOW].alias = "window"; - sigmatch_table[DETECT_WINDOW].desc = "check for a specific TCP window size"; + sigmatch_table[DETECT_WINDOW].desc = "Check for a specific TCP window size."; sigmatch_table[DETECT_WINDOW].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#window"; sigmatch_table[DETECT_WINDOW].Match = DetectWindowMatch; sigmatch_table[DETECT_WINDOW].Setup = DetectWindowSetup; diff --git a/src/detect-threshold.c b/src/detect-threshold.c index 505d9459b7..a6a31beca7 100644 --- a/src/detect-threshold.c +++ b/src/detect-threshold.c @@ -76,7 +76,7 @@ static void DetectThresholdFree(void *); void DetectThresholdRegister(void) { sigmatch_table[DETECT_THRESHOLD].name = "threshold"; - sigmatch_table[DETECT_THRESHOLD].desc = "control the rule's alert frequency"; + sigmatch_table[DETECT_THRESHOLD].desc = "Control the rule's alert frequency."; sigmatch_table[DETECT_THRESHOLD].url = DOC_URL DOC_VERSION "/rules/thresholding.html#threshold"; sigmatch_table[DETECT_THRESHOLD].Match = DetectThresholdMatch; sigmatch_table[DETECT_THRESHOLD].Setup = DetectThresholdSetup; diff --git a/src/detect-tos.c b/src/detect-tos.c index 48bb43c9c5..611d45020e 100644 --- a/src/detect-tos.c +++ b/src/detect-tos.c @@ -63,6 +63,7 @@ static void DetectTosFree(void *); void DetectTosRegister(void) { sigmatch_table[DETECT_TOS].name = "tos"; + sigmatch_table[DETECT_TOS].desc = "Match on specific decimal values of the IP header TOS field."; sigmatch_table[DETECT_TOS].Match = DetectTosMatch; sigmatch_table[DETECT_TOS].Setup = DetectTosSetup; sigmatch_table[DETECT_TOS].Free = DetectTosFree; diff --git a/src/detect-transform-md5.c b/src/detect-transform-md5.c index 984cf44d49..2a293c11d2 100644 --- a/src/detect-transform-md5.c +++ b/src/detect-transform-md5.c @@ -44,9 +44,9 @@ void DetectTransformMd5Register(void) { sigmatch_table[DETECT_TRANSFORM_MD5].name = "to_md5"; sigmatch_table[DETECT_TRANSFORM_MD5].desc = - "convert to md5 hash of the buffer"; + "Convert to md5 hash of the buffer."; sigmatch_table[DETECT_TRANSFORM_MD5].url = - DOC_URL DOC_VERSION "/rules/transforms.html#to_sha256"; + DOC_URL DOC_VERSION "/rules/transforms.html#to-md5"; sigmatch_table[DETECT_TRANSFORM_MD5].Setup = DetectTransformToMd5Setup; #ifdef HAVE_NSS diff --git a/src/detect-transform-sha1.c b/src/detect-transform-sha1.c index e7bbee81df..4345b71072 100644 --- a/src/detect-transform-sha1.c +++ b/src/detect-transform-sha1.c @@ -44,9 +44,9 @@ void DetectTransformSha1Register(void) { sigmatch_table[DETECT_TRANSFORM_SHA1].name = "to_sha1"; sigmatch_table[DETECT_TRANSFORM_SHA1].desc = - "convert to sha1 hash of the buffer"; + "Convert to sha1 hash of the buffer."; sigmatch_table[DETECT_TRANSFORM_SHA1].url = - DOC_URL DOC_VERSION "/rules/transforms.html#to_sha1"; + DOC_URL DOC_VERSION "/rules/transforms.html#to-sha1"; sigmatch_table[DETECT_TRANSFORM_SHA1].Setup = DetectTransformToSha1Setup; #ifdef HAVE_NSS diff --git a/src/detect-ttl.c b/src/detect-ttl.c index 00c57359f2..b69fc58d75 100644 --- a/src/detect-ttl.c +++ b/src/detect-ttl.c @@ -60,7 +60,7 @@ static _Bool PrefilterTtlIsPrefilterable(const Signature *s); void DetectTtlRegister(void) { sigmatch_table[DETECT_TTL].name = "ttl"; - sigmatch_table[DETECT_TTL].desc = "check for a specific IP time-to-live value"; + sigmatch_table[DETECT_TTL].desc = "Check for a specific IP time-to-live value."; sigmatch_table[DETECT_TTL].url = DOC_URL DOC_VERSION "/rules/header-keywords.html#ttl"; sigmatch_table[DETECT_TTL].Match = DetectTtlMatch; sigmatch_table[DETECT_TTL].Setup = DetectTtlSetup; diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c index da655c4785..188b6b807f 100644 --- a/src/detect-uricontent.c +++ b/src/detect-uricontent.c @@ -68,6 +68,8 @@ static int g_http_uri_buffer_id = 0; void DetectUricontentRegister (void) { sigmatch_table[DETECT_URICONTENT].name = "uricontent"; + sigmatch_table[DETECT_URICONTENT].desc = "Legacy keyword to match on the request URI buffer."; + sigmatch_table[DETECT_URICONTENT].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#uricontent"; sigmatch_table[DETECT_URICONTENT].Match = NULL; sigmatch_table[DETECT_URICONTENT].Setup = DetectUricontentSetup; sigmatch_table[DETECT_URICONTENT].Free = DetectUricontentFree;