userguide: update ip_proto keyword information

author jason taylor <jtfas90@gmail.com>

Thu, 6 Oct 2022 22:05:23 +0000 (22:05 +0000)

committer Victor Julien <vjulien@oisf.net>

Thu, 10 Nov 2022 13:42:44 +0000 (15:42 +0200)
author jason taylor <jtfas90@gmail.com>
Thu, 6 Oct 2022 22:05:23 +0000 (22:05 +0000)
committer Victor Julien <vjulien@oisf.net>
Thu, 10 Nov 2022 13:42:44 +0000 (15:42 +0200)
diff --git a/doc/userguide/rules/header-keywords.rst b/doc/userguide/rules/header-keywords.rst

index efb411b3388e3a2b1c592077e75b3b6d91c0985e..0b610e33d8ea70e2a34314028d8cc9f58f97a611 100644 (file)
--- a/doc/userguide/rules/header-keywords.rst
+++ b/doc/userguide/rules/header-keywords.rst
@@ -105,11 +105,11 @@ Example of ip_proto in a rule:
  
  .. container:: example-rule
  
-    alert ip any any -> any any (msg:"GPL MISC IP Proto 103 PIM"; :example-rule-emphasis:`ip_proto:103;` reference:bugtraq,8211; reference:cve,2003-0567; classtype:non-standard-protocol; sid:2102189; rev:4;)
+    alert ip any any -> any any (msg:"IP Packet with protocol 1"; :example-rule-emphasis:`ip_proto:1;` classtype:bad-unknown; sid:5; rev:1;)
  
  The named variant of that example would be::
  
-    ip_proto:PIM
+    ip_proto:ICMP;
  
  ipv4.hdr
  ^^^^^^^^
author	jason taylor <jtfas90@gmail.com>
	Thu, 6 Oct 2022 22:05:23 +0000 (22:05 +0000)
committer	Victor Julien <vjulien@oisf.net>
	Thu, 10 Nov 2022 13:42:44 +0000 (15:42 +0200)