aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect: doc link for ip.src and ip.dst

Browse Source
pull/8097/head
Eric Leblond 3 years ago committed by Victor Julien
parent da8b16eaeb
commit 3bd48d9336
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File

12
doc/userguide/rules/datasets.rst
Unescape Escape View File

@ -146,7 +146,7 @@ set name
type type
Data type: string, md5, sha256, ipv4, ip Data type: string, md5, sha256, ipv4, ip
data data
Data to add in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ipv6) Data to add in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ip)
Example adding 'google.com' to set 'myset':: Example adding 'google.com' to set 'myset'::
@ -167,7 +167,7 @@ set name
type type
Data type: string, md5, sha256, ipv4, ip Data type: string, md5, sha256, ipv4, ip
data data
Data to remove in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ipv6) Data to remove in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ip)
dataset-clear dataset-clear
~~~~~~~~~~~~~ ~~~~~~~~~~~~~
@ -182,7 +182,7 @@ Syntax::
set name set name
Name of an already defined dataset Name of an already defined dataset
type type
Data type: string, md5, sha256 Data type: string, md5, sha256, ipv4, ip
dataset-lookup dataset-lookup
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~
@ -196,9 +196,9 @@ Syntax::
set name set name
Name of an already defined dataset Name of an already defined dataset
type type
Data type: string, md5, sha256 Data type: string, md5, sha256, ipv4, ip
data data
Data to test in serialized form (base64 for string, hex notation for md5/sha256) Data to test in serialized form (base64 for string, hex notation for md5/sha256, string notation for ipv4/ip)
Example testing if 'google.com' is in the set 'myset':: Example testing if 'google.com' is in the set 'myset'::
@ -230,7 +230,7 @@ sha256
ipv4 ipv4
in the file as string in the file as string
ip ip
in the file as string, it can be IPv6 or IPv4 address (in standard notation or in IPv4 in IPv6 one) in the file as string, it can be IPv6 or IPv4 address (standard notation or IPv4 in IPv6 one)
dataset dataset

2
src/detect-ipaddr.c
Unescape Escape View File

@ -54,6 +54,7 @@ void DetectIPAddrBufferRegister(void)
{ {
sigmatch_table[DETECT_IPADDR_SRC].name = KEYWORD_NAME_SRC; sigmatch_table[DETECT_IPADDR_SRC].name = KEYWORD_NAME_SRC;
sigmatch_table[DETECT_IPADDR_SRC].desc = "Sticky buffer for src_ip"; sigmatch_table[DETECT_IPADDR_SRC].desc = "Sticky buffer for src_ip";
sigmatch_table[DETECT_IPADDR_SRC].url = "/rules/ipaddr.html#ip-src";
sigmatch_table[DETECT_IPADDR_SRC].Setup = DetectSrcIPAddrBufferSetup; sigmatch_table[DETECT_IPADDR_SRC].Setup = DetectSrcIPAddrBufferSetup;
#ifdef UNITTESTS #ifdef UNITTESTS
sigmatch_table[DETECT_IPADDR_SRC].RegisterTests = DetectIPAddrRegisterTests; sigmatch_table[DETECT_IPADDR_SRC].RegisterTests = DetectIPAddrRegisterTests;
@ -73,6 +74,7 @@ void DetectIPAddrBufferRegister(void)
sigmatch_table[DETECT_IPADDR_DST].name = KEYWORD_NAME_DST; sigmatch_table[DETECT_IPADDR_DST].name = KEYWORD_NAME_DST;
sigmatch_table[DETECT_IPADDR_DST].desc = "Sticky buffer for dest_ip"; sigmatch_table[DETECT_IPADDR_DST].desc = "Sticky buffer for dest_ip";
sigmatch_table[DETECT_IPADDR_DST].url = "/rules/ipaddr.html#ip-dst";
sigmatch_table[DETECT_IPADDR_DST].Setup = DetectDestIPAddrBufferSetup; sigmatch_table[DETECT_IPADDR_DST].Setup = DetectDestIPAddrBufferSetup;
sigmatch_table[DETECT_IPADDR_DST].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER; sigmatch_table[DETECT_IPADDR_DST].flags |= SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER;

Write Preview
Loading…
Cancel
Save