doc: Update bypass docs to use new keyword format

Ticket: #7143 Update documentation to reflect new sticky buffer keyword format (cherry picked from commit db54387062)
8 months ago · 875f389c4d
parent c861685e28
commit 875f389c4d
1 changed files with 13 additions and 6 deletions
--- a/doc/userguide/rules/bypass-keyword.rst
+++ b/doc/userguide/rules/bypass-keyword.rst
@ -1,19 +1,26 @@
 Bypass Keyword
 ==============

-Suricata has a ``bypass`` keyword that can be used in signatures to exclude traffic from further evaluation.
+.. role:: example-rule-action
+.. role:: example-rule-header
+.. role:: example-rule-options
+.. role:: example-rule-emphasis

-The ``bypass`` keyword is useful in cases where there is a large flow expected (e.g. Netflix, Spotify, YouTube).
+Suricata has a ``bypass`` keyword that can be used in signatures to exclude
+traffic from further evaluation.

-The ``bypass`` keyword is considered a post-match keyword.
+The ``bypass`` keyword is useful in cases where there is a large flow expected
+(e.g. Netflix, Spotify, YouTube).

+The ``bypass`` keyword is considered a post-match keyword.

 bypass
 ------

 Bypass a flow on matching http traffic.

-Example::
+.. container:: example-rule

-  alert http any any -> any any (content:"suricata.io"; \
-      http_host; bypass; sid:10001; rev:1;)
+  alert http any any -> any any (http.host; \
+  content:"suricata.io"; :example-rule-options:`bypass;` \
+  sid:10001; rev:1;)