doc: add thresholding by_flow

doc/userguide/configuration/global-thresholds.rst

@@ -20,7 +20,7 @@ Syntax:
 ::
 
   threshold gen_id <gid>, sig_id <sid>, type <threshold|limit|both>, \
-    track <by_src|by_dst|by_rule|by_both>, count <N>, seconds <T>
+    track <by_src|by_dst|by_rule|by_both|by_flow>, count <N>, seconds <T>
 
 rate_filter
 ~~~~~~~~~~~
@@ -55,6 +55,7 @@ done per IP-address. The Host table is used for storage. When using by_rule
 it's done globally for the rule.
 Option by_both used to track per IP pair of source and destination. Packets
 going to opposite directions between same addresses tracked as the same pair.
+The by_flow option tracks the rule matches in the flow.
 
 count
 ^^^^^

doc/userguide/rules/thresholding.rst

@@ -16,7 +16,7 @@ frequency. It has 3 modes: threshold, limit and both.
 
 Syntax::
 
-  threshold: type <threshold|limit|both>, track <by_src|by_dst|by_rule|by_both>, count <N>, seconds <T>
+  threshold: type <threshold|limit|both>, track <by_src|by_dst|by_rule|by_both|by_flow>, count <N>, seconds <T>
 
 type "threshold"
 ~~~~~~~~~~~~~~~~
@@ -85,6 +85,27 @@ performed for each of the matches.
 
   *Rule actions drop (IPS mode) and reject are applied to each packet.*
 
+
+track
+~~~~~
+
+.. table::
+
+   +------------------+--------------------------+
+   |Option            |Tracks By                 |
+   +==================+==========================+
+   |by_src            |source IP                 |
+   +------------------+--------------------------+
+   |by_dst            |destination IP            |
+   +------------------+--------------------------+
+   |by_both           |pair of src IP and dst IP |
+   +------------------+--------------------------+
+   |by_rule           |signature id              |
+   +------------------+--------------------------+
+   |by_flow           |flow                      |
+   +------------------+--------------------------+
+
+
 detection_filter
 ----------------