userguide: explain rule types and categorization - v10 #12411
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add documentation about the rule types introduced by commit 2696fda. Add doc tags around code definitions that are referenced in the docs. Task #https://redmine.openinfosecfoundation.org/issues/7031
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #12411 +/- ##
==========================================
- Coverage 80.63% 80.62% -0.02%
==========================================
Files 917 917
Lines 258687 258687
==========================================
- Hits 208601 208569 -32
- Misses 50086 50118 +32
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Information: QA ran without warnings. Pipeline 24247 |
| A fake packet is then injected in the flow to finish up processing before ending it. | ||
|
|
||
| Those two types will be more documented soon (tracking | ||
| `#7424 <https://redmine.openinfosecfoundation.org/issues/7424>`_. |
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
|
|
||
| ``app_layer``, ``app_tx``, ``pkt``, ``stream`` and ``stream-pkt`` flows. | ||
|
|
There was a problem hiding this comment.
require_packet and require_stream can be seen as flags "need_packet" and "need_stream" in the engine analysis output
|
I think this is great. I added 2 minor comments. When they are addressed I think we're ready to merge and do any further updates incrementally. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add documentation about the rule types introduced by commit 2696fda.
Add doc tags around code definitions that are referenced in the docs.
Task #https://redmine.openinfosecfoundation.org/issues/7031
Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7031
Previous PR: #12209
Sharing as a Draft considering there's still one flowchart missing, we'll want to have it, before actually merging this work.
Compiled version of the doc can be seen at: https://suri-rtd-test.readthedocs.io/en/doc-sigtypes-et-properties-v10/rules/rule-types.html#detailed-flowcharts-sig-type
Describe changes:
flowbitssetandissetand impact on rule state-- move doc to last within the
Suricata Ruleschapter-- add more flowcharts to the end of the documents (now missing one for DE only)
-- add brief explanation about pseudo packet
-- add brief explanation for each rule
-- move some of the notes/ warnings to specific rule type subsection
-- add reference to each rule type subsections to the signature types table
-- add a reference to the Transactions devguide doc