userguide: update ipv6.hdr keyword information

author jason taylor <jtfas90@gmail.com>

Fri, 7 Oct 2022 20:44:14 +0000 (20:44 +0000)

committer Victor Julien <vjulien@oisf.net>

Thu, 10 Nov 2022 13:42:44 +0000 (15:42 +0200)
author jason taylor <jtfas90@gmail.com>
Fri, 7 Oct 2022 20:44:14 +0000 (20:44 +0000)
committer Victor Julien <vjulien@oisf.net>
Thu, 10 Nov 2022 13:42:44 +0000 (15:42 +0200)
diff --git a/doc/userguide/rules/header-keywords.rst b/doc/userguide/rules/header-keywords.rst

index 29f6448798a6cbc48326ad5f99facdc424730615..c0e033542a63d73306ed8201c877d8b644b5e46a 100644 (file)
--- a/doc/userguide/rules/header-keywords.rst
+++ b/doc/userguide/rules/header-keywords.rst
@@ -128,7 +128,16 @@ the IPv4 protocol is TCP.
  ipv6.hdr
  ^^^^^^^^
  
-Sticky buffer to match on the whole IPv6 header.
+Sticky buffer to match on content contained within an IPv6 header.
+
+Example rule:
+
+.. container:: example-rule
+
+    alert ip any any -> any any (msg:"IPv6 header keyword example"; :example-rule-emphasis:`ipv6.hdr; content:"|06|"; offset:6; depth:1;` sid:1; rev:1;)
+
+This example looks if byte 7 of IP64 header has value 06, which indicates that
+the IPv6 protocol is TCP.
  
  id
  ^^
author	jason taylor <jtfas90@gmail.com>
	Fri, 7 Oct 2022 20:44:14 +0000 (20:44 +0000)
committer	Victor Julien <vjulien@oisf.net>
	Thu, 10 Nov 2022 13:42:44 +0000 (15:42 +0200)