<div dir="ltr"><p dir="ltr">I saw that one, but im not sure that it lists all the protocols that suricata can handle. I see in detect-engine-proto.c that many more protocols are mentioned.<br>
</p>
<br><div class="gmail_quote"><div dir="ltr">tor. 19. nov. 2015, 22:55 skrev Rasmor, Zachary R <<a href="mailto:zachary.r.rasmor@lmco.com" target="_blank">zachary.r.rasmor@lmco.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Hi Andreas,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Regarding documentation, check out the ‘protocol’ section in this link. Is this what you were looking for?<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules" target="_blank">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules</a><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Zach<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-family:'Franklin Gothic Book',sans-serif;color:rgb(31,73,125)">________________________<u></u><u></u></span></b></p><p class="MsoNormal"><b><span style="font-size:10pt;font-family:'Franklin Gothic Book',sans-serif;color:rgb(31,73,125)">Zach Rasmor<u></u><u></u></span></b></p><p class="MsoNormal"><span style="font-size:9pt;font-family:'Franklin Gothic Book',sans-serif;color:rgb(31,73,125)">Email: <a href="mailto:zachary.r.rasmor@lmco.com" target="_blank"><span style="color:blue">zachary.r.rasmor@lmco.com</span></a></span><b><span style="font-size:10pt;font-family:'Franklin Gothic Book',sans-serif;color:rgb(31,73,125)"><u></u><u></u></span></b></p><p class="MsoNormal"><span style="font-size:9pt;font-family:'Franklin Gothic Book',sans-serif;color:rgb(31,73,125)">Office: <a href="tel:301.240.6116" value="+13012406116" target="_blank">301.240.6116</a><u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif"> Oisf-users [mailto:<a href="mailto:oisf-users-bounces@lists.openinfosecfoundation.org" target="_blank">oisf-users-bounces@lists.openinfosecfoundation.org</a>] <b>On Behalf Of </b>Andreas Moe<br><b>Sent:</b> Thursday, November 19, 2015 1:34 PM<br><b>To:</b> <a href="mailto:oisf-users@lists.openinfosecfoundation.org" target="_blank">oisf-users@lists.openinfosecfoundation.org</a><br><b>Subject:</b> EXTERNAL: [Oisf-users] Rule Protocol Keyword Documentation<u></u><u></u></span></p><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">Hi all!<u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">I was looking around for some documentation for the different keywords, with regards to the signature protocol (ex. alert ip.. / drop tcp...).<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">I searched on google, and om redmine for the suricata project, but dit not find anything (could probably have "searched harder"..), but a search in redmine for "pkthdr" gives nothing.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">1) Anyone know of where this is documented?<u></u><u></u></p></div><div><p class="MsoNormal">2) If this is not documented<u></u><u></u></p></div><div><p class="MsoNormal">2.1) Anyone know were i can find a overview of the different allowed keywords (in the code)<u></u><u></u></p></div><div><p class="MsoNormal">2.2) Were (what place in the documentation) would be a good place to add this?<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">/Andreas<u></u><u></u></p></div></div></div></div></blockquote></div></div>