docs/exceptions: minor improvements

Add section label and doc reference, add another term to Common terms
section.

Tried to also improve readability for the Midstream behavior tables:
- Highlight key-words when differences are only in `do` vs `no`.
- Change order of sentences in certain descriptions, to align with the
  steps those happen for the engine.

diff --git a/doc/userguide/configuration/exception-policies.rst b/doc/userguide/configuration/exception-policies.rst
index af3d61bcdbe84eae55d9c1a8deb80a765ea01b9a..43b8292a02a76daba8f35d2c9cc066c2558a14ca 100644 (file)
--- a/doc/userguide/configuration/exception-policies.rst
+++ b/doc/userguide/configuration/exception-policies.rst
@@ -15,6 +15,7 @@ available directly via the :ref:`stats settings<suricata_yaml_outputs>`.
 For developers or for researching purposes, there are also simulation options
 exposed in debug mode and passed via command-line. These exist to force or
 simulate failures or errors and understand Suricata behavior under such conditions.
+See :any:`command-line-exception-policies` for those.
 
 .. _master-switch:
 
@@ -144,8 +145,8 @@ midstream pick-ups enabled or not and the various exception policy values:
      - Midstream pick-up sessions ENABLED (stream.midstream=true)
      - Midstream pick-up sessions DISABLED (stream.midstream=false)
    * - Ignore
-     - Session and app-layer traffic tracked and parsed, log app-layer traffic, do detection.
-     - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+     - Session and app-layer traffic tracked and parsed, log app-layer traffic, **do** detection.
+     - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
    * - Drop-flow
      - Not valid.*
      - Not valid.*
@@ -156,14 +157,14 @@ midstream pick-ups enabled or not and the various exception policy values:
      - Not valid.*
      - Session not tracked, flow REJECTED.
    * - Pass-flow
-     - Session and app-layer traffic tracked and parsed, log app-layer traffic, no detection.
-     - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+     - Session and app-layer traffic tracked and parsed, log app-layer traffic, **no** detection.
+     - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
    * - Pass-packet
      - Not valid.*
      - Not valid.*
    * - Bypass
      - Not valid.*
-     - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+     - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
    * - Auto
      - Midstream policy applied: "ignore". Same behavior.
      - Midstream policy applied: "ignore". Same behavior.
@@ -182,11 +183,11 @@ whole flow.
      - Midstream pick-up sessions ENABLED (stream.midstream=true)
      - Midstream pick-up sessions DISABLED (stream.midstream=false)
    * - Ignore
-     - Session and app-layer traffic tracked and parsed, log app-layer traffic, do detection.
-     - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+     - Session and app-layer traffic tracked and parsed, log app-layer traffic, **do** detection.
+     - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
    * - Drop-flow
      - Not valid.*
-     - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+     - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
        Flow DROPPED.
    * - Drop-packet
      - Not valid.*
@@ -195,14 +196,14 @@ whole flow.
      - Not valid.*
      - Session not tracked, flow DROPPED and REJECTED.
    * - Pass-flow
-     - Track session, parse and log app-layer traffic, no detection.
-     - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+     - Track session, parse and log app-layer traffic, **no** detection.
+     - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
    * - Pass-packet
      - Not valid.*
      - Not valid.*
    * - Bypass
      - Not valid.*
-     - Session not tracked. No app-layer parsing or logging. No detection. No stream reassembly.
+     - Session not tracked. No app-layer parsing or logging. No stream reassembly. No detection.
        Packets ALLOWED.
    * - Auto
      - Midstream policy applied: "ignore". Same behavior.
@@ -299,6 +300,7 @@ Suricata logs only the summary. If any further investigation is needed, it
 is recommended to enable per-app-proto exception policy error counters
 temporarily (for more, read :ref:`stats configuration<suricata_yaml_outputs>`).
 
+.. _command-line-exception-policies:
 
 Command-line Options for Simulating Exceptions
 ==============================================
@@ -337,6 +339,6 @@ Glossary
 Common abbreviations
 --------------------
 
-- applayer: application layer protocol
+- applayer/ app-layer: application layer protocol
 - memcap: (maximum) memory capacity available
 - defrag: defragmentation