aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: doc link for ip.src and ip.dst

Browse Source
pull/8097/head
Eric Leblond 3 years ago committed by Victor Julien
parent da8b16eaeb
commit 3bd48d9336
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File

12
doc/userguide/rules/datasets.rst
Unescape Escape View File

@ -146,7 +146,7 @@ set name
type
Data type: string, md5, sha256, ipv4, ip
data
Data to add in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ipv6)
Data to add in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ip)
Example adding 'google.com' to set 'myset'::
@ -167,7 +167,7 @@ set name
type
Data type: string, md5, sha256, ipv4, ip
data
Data to remove in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ipv6)
Data to remove in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ip)
dataset-clear
~~~~~~~~~~~~~
@ -182,7 +182,7 @@ Syntax::
set name
Name of an already defined dataset
type
Data type: string, md5, sha256
Data type: string, md5, sha256, ipv4, ip
dataset-lookup
~~~~~~~~~~~~~~
@ -196,9 +196,9 @@ Syntax::
set name
Name of an already defined dataset
type
Data type: string, md5, sha256
Data type: string, md5, sha256, ipv4, ip
data
Data to test in serialized form (base64 for string, hex notation for md5/sha256)
Data to test in serialized form (base64 for string, hex notation for md5/sha256, string notation for ipv4/ip)
Example testing if 'google.com' is in the set 'myset'::
@ -230,7 +230,7 @@ sha256
ipv4
in the file as string
ip
in the file as string, it can be IPv6 or IPv4 address (in standard notation or in IPv4 in IPv6 one)
in the file as string, it can be IPv6 or IPv4 address (standard notation or IPv4 in IPv6 one)
dataset

2
src/detect-ipaddr.c
Unescape Escape View File

@ -54,6 +54,7 @@ void DetectIPAddrBufferRegister(void)
{
sigmatch_table[DETECT_IPADDR_SRC].name = KEYWORD_NAME_SRC;
sigmatch_table[DETECT_IPADDR_SRC].desc = "Sticky buffer for src_ip";
sigmatch_table[DETECT_IPADDR_SRC].url = "/rules/ipaddr.html#ip-src";
sigmatch_table[DETECT_IPADDR_SRC].Setup = DetectSrcIPAddrBufferSetup;
#ifdef UNITTESTS
sigmatch_table[DETECT_IPADDR_SRC].RegisterTests = DetectIPAddrRegisterTests;
@ -73,6 +74,7 @@ void DetectIPAddrBufferRegister(void)
sigmatch_table[DETECT_IPADDR_DST].name = KEYWORD_NAME_DST;
sigmatch_table[DETECT_IPADDR_DST].desc = "Sticky buffer for dest_ip";
sigmatch_table[DETECT_IPADDR_DST].url = "/rules/ipaddr.html#ip-dst";
sigmatch_table[DETECT_IPADDR_DST].Setup = DetectDestIPAddrBufferSetup;
sigmatch_table[DETECT_IPADDR_DST].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;

Write Preview
Loading…
Cancel
Save