From 3bd48d93366e2632b931c564713d57e939864d06 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Sun, 10 Jul 2022 20:31:00 +0200 Subject: [PATCH] detect: doc link for ip.src and ip.dst --- doc/userguide/rules/datasets.rst | 12 ++++++------ src/detect-ipaddr.c | 2 ++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/doc/userguide/rules/datasets.rst b/doc/userguide/rules/datasets.rst index d043824dce..0a5374d1c7 100644 --- a/doc/userguide/rules/datasets.rst +++ b/doc/userguide/rules/datasets.rst @@ -146,7 +146,7 @@ set name type Data type: string, md5, sha256, ipv4, ip data - Data to add in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ipv6) + Data to add in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ip) Example adding 'google.com' to set 'myset':: @@ -167,7 +167,7 @@ set name type Data type: string, md5, sha256, ipv4, ip data - Data to remove in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ipv6) + Data to remove in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ip) dataset-clear ~~~~~~~~~~~~~ @@ -182,7 +182,7 @@ Syntax:: set name Name of an already defined dataset type - Data type: string, md5, sha256 + Data type: string, md5, sha256, ipv4, ip dataset-lookup ~~~~~~~~~~~~~~ @@ -196,9 +196,9 @@ Syntax:: set name Name of an already defined dataset type - Data type: string, md5, sha256 + Data type: string, md5, sha256, ipv4, ip data - Data to test in serialized form (base64 for string, hex notation for md5/sha256) + Data to test in serialized form (base64 for string, hex notation for md5/sha256, string notation for ipv4/ip) Example testing if 'google.com' is in the set 'myset':: @@ -230,7 +230,7 @@ sha256 ipv4 in the file as string ip - in the file as string, it can be IPv6 or IPv4 address (in standard notation or in IPv4 in IPv6 one) + in the file as string, it can be IPv6 or IPv4 address (standard notation or IPv4 in IPv6 one) dataset diff --git a/src/detect-ipaddr.c b/src/detect-ipaddr.c index 4cb3688d8a..d2dd6ceb2a 100644 --- a/src/detect-ipaddr.c +++ b/src/detect-ipaddr.c @@ -54,6 +54,7 @@ void DetectIPAddrBufferRegister(void) { sigmatch_table[DETECT_IPADDR_SRC].name = KEYWORD_NAME_SRC; sigmatch_table[DETECT_IPADDR_SRC].desc = "Sticky buffer for src_ip"; + sigmatch_table[DETECT_IPADDR_SRC].url = "/rules/ipaddr.html#ip-src"; sigmatch_table[DETECT_IPADDR_SRC].Setup = DetectSrcIPAddrBufferSetup; #ifdef UNITTESTS sigmatch_table[DETECT_IPADDR_SRC].RegisterTests = DetectIPAddrRegisterTests; @@ -73,6 +74,7 @@ void DetectIPAddrBufferRegister(void) sigmatch_table[DETECT_IPADDR_DST].name = KEYWORD_NAME_DST; sigmatch_table[DETECT_IPADDR_DST].desc = "Sticky buffer for dest_ip"; + sigmatch_table[DETECT_IPADDR_DST].url = "/rules/ipaddr.html#ip-dst"; sigmatch_table[DETECT_IPADDR_DST].Setup = DetectDestIPAddrBufferSetup; sigmatch_table[DETECT_IPADDR_DST].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;