doc: snort compatibility

9 years ago · 5e0c39be57
parent 4f9f9c09ec
commit 5e0c39be57
4 changed files with 76 additions and 3 deletions
--- a/doc/sphinx/conf.py
+++ b/doc/sphinx/conf.py
@ -16,6 +16,8 @@ import sys
 import os
 import shlex

+on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
+
 # If extensions (or modules to document with autodoc) are in another directory,
 # add these directories to sys.path here. If the directory is relative to the
 # documentation root, use os.path.abspath to make it absolute, like shown here.
@ -108,8 +110,12 @@ todo_include_todos = False

 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
-#html_theme = 'alabaster'
-html_theme = 'sphinx_rtd_theme'
+if not on_rtd:
+    #html_theme = 'alabaster'
+    html_theme = 'sphinx_rtd_theme'
+    #html_theme = 'classic'
+    #html_theme = 'default'
+    #html_theme = 'nature'

 # Theme options are theme-specific and customize the look and feel of a theme
 # further.  For a list of options available for each theme, see the
--- a/doc/sphinx/index.rst
+++ b/doc/sphinx/index.rst
@ -7,4 +7,5 @@ Suricata User Guide

   what-is-suricata
   command-line-options
+   snort-compatibility
   rules/index.rst
--- a/doc/sphinx/rules/adding-your-own-rules.rst
+++ b/doc/sphinx/rules/adding-your-own-rules.rst
@ -11,7 +11,7 @@ your console:

  sudo nano local.rules

-Write your rule, see :doc:`rules` and save it.
+Write your rule, see :doc:`intro` and save it.

 Open yaml

--- a/doc/sphinx/snort-compatibility.rst
+++ b/doc/sphinx/snort-compatibility.rst
@ -0,0 +1,66 @@
+Snort Compatibility
+===================
+
+.. contents::
+
+Keyword: content
+----------------
+
+*Versions affected: All versions prior to 3.0.*
+
+Prior to Suricata 3.0, the argument provided to the content keyword
+cannot be longer than 255 characters like it can in Snort.
+
+Suricata 3.0 and newer can accept content arguments longer than 255
+characters.
+
+See:
+
+* https://redmine.openinfosecfoundation.org/issues/1281
+* https://github.com/inliniac/suricata/pull/1475
+
+Keyword: urilen
+---------------
+
+*Versions affected: all*
+
+In Snort the urilen range is inclusive, in Suricata it is not.
+
+Example::
+
+  urilen:5<>10
+
+In Snort the above will match URIs that are greater than and equal to
+5 and less than and equal to 10. *Note that this is not what is
+documented in the Snort manual.*
+
+In Suricata the above will match URIs that are greater than 5 and less
+than 10, so it will only mathch URIs that are 6, 7, 8, and 9 bytes
+long.
+
+See:
+
+* https://redmine.openinfosecfoundation.org/issues/1416
+
+Keyword: isdataat
+-----------------
+
+*Versions affected: all*
+
+``isdataat`` is off by one from Snort. In Snort the offset starts at 0
+where Suricata starts at 1.
+
+Keyword: flowbits
+-----------------
+
+*Versions affected: all prior to 2.0.9*
+
+Versions of Suricata prior to 2.0.9 treated leading and trailing
+whitespace in flowbit names as part of the flowbit name where Snort
+does not.
+
+This was fixed in Suricata 2.0.9.
+
+See:
+
+* https://redmine.openinfosecfoundation.org/issues/1481