From: jason taylor <jtfas90@gmail.com>
Date: Thu, 6 Oct 2022 22:05:23 +0000 (+0000)
Subject: userguide: update ip_proto keyword information
X-Git-Tag: suricata-7.0.0-rc1~388
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=298f59c2ba6c61cc9c0e7086cf6fe4f367b6c47e;p=thirdparty%2Fsuricata.git

userguide: update ip_proto keyword information

Signed-off-by: jason taylor <jtfas90@gmail.com>
---

diff --git a/doc/userguide/rules/header-keywords.rst b/doc/userguide/rules/header-keywords.rst
index efb411b338..0b610e33d8 100644
--- a/doc/userguide/rules/header-keywords.rst
+++ b/doc/userguide/rules/header-keywords.rst
@@ -105,11 +105,11 @@ Example of ip_proto in a rule:
 
 .. container:: example-rule
 
-    alert ip any any -> any any (msg:"GPL MISC IP Proto 103 PIM"; :example-rule-emphasis:`ip_proto:103;` reference:bugtraq,8211; reference:cve,2003-0567; classtype:non-standard-protocol; sid:2102189; rev:4;)
+    alert ip any any -> any any (msg:"IP Packet with protocol 1"; :example-rule-emphasis:`ip_proto:1;` classtype:bad-unknown; sid:5; rev:1;)
 
 The named variant of that example would be::
 
-    ip_proto:PIM
+    ip_proto:ICMP;
 
 ipv4.hdr
 ^^^^^^^^