From: jason taylor <jtfas90@gmail.com>
Date: Wed, 28 Sep 2022 23:00:48 +0000 (+0000)
Subject: userguide: update ipopts keyword information
X-Git-Tag: suricata-7.0.0-rc1~390
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f97ba443392f145a457a10c0e1a18e9238b84459;p=thirdparty%2Fsuricata.git

userguide: update ipopts keyword information

Signed-off-by: jason taylor <jtfas90@gmail.com>
---

diff --git a/doc/userguide/rules/header-keywords.rst b/doc/userguide/rules/header-keywords.rst
index de7c4a394b..8a6318b9a1 100644
--- a/doc/userguide/rules/header-keywords.rst
+++ b/doc/userguide/rules/header-keywords.rst
@@ -55,17 +55,17 @@ any        any IP options are set
 
 Format of the ipopts keyword::
 
-  ipopts: <name>
+  ipopts: <name>;
 
 For example::
 
-  ipopts: lsrr;
+  ipopts: ts;
 
 Example of ipopts in a rule:
 
 .. container:: example-rule
 
-    alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL MISC source route ssrr"; :example-rule-emphasis:`ipopts:ssrr;` reference:arachnids,422; classtype:bad-unknown; sid:2100502; rev:3;)
+    alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"IP Packet with timestamp option"; :example-rule-emphasis:`ipopts:ts;` classtype:misc-activity; sid:2; rev:1;)
 
 sameip
 ^^^^^^