aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: adds doc for ipv4.hdr signature keyword

Browse Source
pull/4668/head
Philippe Antoine 6 years ago
parent c5cee05169
commit 0715e1352f
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File

14
doc/userguide/rules/header-keywords.rst
Unescape Escape View File

@ -111,6 +111,20 @@ The named variant of that example would be::
ip_proto:PIM
ipv4.hdr
^^^^^^^^
Sticky buffer to match on the whole IPv4 header.
Example rule:
.. container:: example-rule
alert ip any any -> any any (:example-rule-emphasis:`ipv4.hdr; content:"|3A|"; offset:9; depth:1;` sid:1234; rev:5;)
This example looks if byte 9 of IPv4 header has value 3A.
That means that the IPv4 protocol is ICMPv6.
ipv6.hdr
^^^^^^^^

Write Preview
Loading…
Cancel
Save