userguide: update ipopts keyword information

Signed-off-by: jason taylor <jtfas90@gmail.com>

diff --git a/doc/userguide/rules/header-keywords.rst b/doc/userguide/rules/header-keywords.rst
index de7c4a394b469e7a11d21a2bb562f103168adc7e..8a6318b9a104abc805e7dfcf136ab43bad2709ec 100644 (file)
--- a/doc/userguide/rules/header-keywords.rst
+++ b/doc/userguide/rules/header-keywords.rst
@@ -55,17 +55,17 @@ any        any IP options are set
 
 Format of the ipopts keyword::
 
-  ipopts: <name>
+  ipopts: <name>;
 
 For example::
 
-  ipopts: lsrr;
+  ipopts: ts;
 
 Example of ipopts in a rule:
 
 .. container:: example-rule
 
-    alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL MISC source route ssrr"; :example-rule-emphasis:`ipopts:ssrr;` reference:arachnids,422; classtype:bad-unknown; sid:2100502; rev:3;)
+    alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"IP Packet with timestamp option"; :example-rule-emphasis:`ipopts:ts;` classtype:misc-activity; sid:2; rev:1;)
 
 sameip
 ^^^^^^