Skip to content

Commit

Permalink
userguide: explain rule types and categorization
Browse files Browse the repository at this point in the history 
Add documentation about the rule types introduced by 2696fda.

Add doc tags around code definitions that are referenced in the docs.

Task #https://redmine.openinfosecfoundation.org/issues/7031
  • Loading branch information
@jufajardini
jufajardini committed Nov 29, 2024
1 parent dcfd9be commit e94d4f1
Show file tree
Hide file tree
Showing 8 changed files with 1,157 additions and 0 deletions.
2 changes: 2 additions & 0 deletions doc/userguide/configuration/suricata-yaml.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2577,6 +2577,8 @@ Engine analysis and profiling
Suricata offers several ways of analyzing performance of rules and the
engine itself.

.. _config:engine-analysis:

Engine-analysis
~~~~~~~~~~~~~~~

Expand Down
1 change: 1 addition & 0 deletions doc/userguide/rules/index.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ Suricata Rules
.. toctree::

intro
rule-types
meta
header-keywords
payload-keywords
Expand Down
Binary file added doc/userguide/rules/intro/OverallAlgoHorizontal-20241127.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
104 changes: 104 additions & 0 deletions doc/userguide/rules/intro/RawFlowcharts/OverallAlgoHorizontal-20241127.drawio
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
<mxfile host="app.diagrams.net" agent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0" version="24.9.1">
<diagram id="C5RBs43oDa-KdzZeNtuy" name="Page-1">
<mxGraphModel dx="2261" dy="792" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
<root>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-0" />
<mxCell id="WIyWlLk6GJQsqaUBKTNV-1" parent="WIyWlLk6GJQsqaUBKTNV-0" />
<mxCell id="WIyWlLk6GJQsqaUBKTNV-4" value="No" style="rounded=0;html=1;jettySize=auto;orthogonalLoop=1;fontSize=16;endArrow=blockThin;endFill=1;endSize=8;strokeWidth=1;shadow=1;labelBackgroundColor=none;edgeStyle=orthogonalEdgeStyle;labelBorderColor=none;textShadow=0;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="WIyWlLk6GJQsqaUBKTNV-6" target="WIyWlLk6GJQsqaUBKTNV-10" edge="1">
<mxGeometry y="20" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-5" value="No" style="edgeStyle=orthogonalEdgeStyle;rounded=0;html=1;jettySize=auto;orthogonalLoop=1;fontSize=16;endArrow=blockThin;endFill=1;endSize=8;strokeWidth=1;shadow=1;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="2s8PCpyst4B-AYq6nZVi-2" target="WIyWlLk6GJQsqaUBKTNV-7" edge="1">
<mxGeometry x="0.0039" y="15" relative="1" as="geometry">
<mxPoint as="offset" />
<mxPoint x="-120" y="220" as="sourcePoint" />
<Array as="points">
<mxPoint x="-120" y="195" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="2s8PCpyst4B-AYq6nZVi-1" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;endArrow=blockThin;endFill=1;fontSize=16;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;shadow=1;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="WIyWlLk6GJQsqaUBKTNV-6" target="2s8PCpyst4B-AYq6nZVi-2" edge="1">
<mxGeometry relative="1" as="geometry">
<mxPoint x="-120" y="200" as="targetPoint" />
<Array as="points">
<mxPoint x="-120" y="360" />
<mxPoint x="-120" y="360" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="YKtqplUdx_BT4Hee0G-G-2" value="Yes" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=16;fontStyle=0" vertex="1" connectable="0" parent="2s8PCpyst4B-AYq6nZVi-1">
<mxGeometry x="-0.05" y="-3" relative="1" as="geometry">
<mxPoint x="17" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-6" value="Is IpOnly" style="rhombus;html=1;shadow=1;fontFamily=Helvetica;fontSize=16;align=center;strokeWidth=1;spacing=5;spacingTop=2;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="-170" y="390" width="100" height="80" as="geometry" />
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-7" value="&lt;span&gt;IP Only&lt;/span&gt;" style="rounded=1;html=1;fontSize=16;glass=0;strokeWidth=1;shadow=1;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="213.5" y="160" width="91" height="70" as="geometry" />
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-8" value="No" style="rounded=0;html=1;jettySize=auto;orthogonalLoop=1;fontSize=16;endArrow=blockThin;endFill=1;endSize=8;strokeWidth=1;shadow=1;labelBackgroundColor=none;edgeStyle=orthogonalEdgeStyle;labelBorderColor=none;textShadow=0;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="WIyWlLk6GJQsqaUBKTNV-10" target="WIyWlLk6GJQsqaUBKTNV-11" edge="1">
<mxGeometry x="0.3333" y="20" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-9" value="Yes" style="edgeStyle=orthogonalEdgeStyle;rounded=0;html=1;jettySize=auto;orthogonalLoop=1;fontSize=16;endArrow=blockThin;endFill=1;endSize=8;strokeWidth=1;shadow=1;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="WIyWlLk6GJQsqaUBKTNV-10" target="WIyWlLk6GJQsqaUBKTNV-12" edge="1">
<mxGeometry x="-0.0769" y="20" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-10" value="Is DEOnly" style="rhombus;html=1;shadow=1;fontFamily=Helvetica;fontSize=16;align=center;strokeWidth=1;spacing=5;spacingTop=2;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry y="390" width="100" height="80" as="geometry" />
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-11" value="Handle &lt;span&gt;&#39;Packet&#39;&lt;/span&gt;, &lt;span&gt;&#39;Stream&#39;&lt;/span&gt;, &#39;&lt;span&gt;AppLayer&#39;&lt;/span&gt; and &lt;span&gt;&#39;AppLayer Transaction&#39;&lt;/span&gt; rule types" style="rounded=1;html=1;fontSize=16;glass=0;strokeWidth=1;shadow=1;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="163.5" y="375" width="191" height="110" as="geometry" />
</mxCell>
<mxCell id="WIyWlLk6GJQsqaUBKTNV-12" value="&lt;span&gt;Decoder Events Only&lt;/span&gt;" style="rounded=1;html=1;fontSize=16;glass=0;strokeWidth=1;shadow=1;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="-30" y="535" width="160" height="55" as="geometry" />
</mxCell>
<mxCell id="3Z0NyFf9CSu-jNyiQ6yW-0" value="Yes" style="edgeStyle=orthogonalEdgeStyle;rounded=0;html=1;jettySize=auto;orthogonalLoop=1;fontSize=16;endArrow=blockThin;endFill=1;endSize=8;strokeWidth=1;shadow=1;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="3Z0NyFf9CSu-jNyiQ6yW-1" target="3Z0NyFf9CSu-jNyiQ6yW-2" edge="1">
<mxGeometry x="-0.0769" y="20" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="3Z0NyFf9CSu-jNyiQ6yW-3" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;endArrow=blockThin;endFill=1;fontSize=16;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;shadow=1;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="3Z0NyFf9CSu-jNyiQ6yW-1" target="WIyWlLk6GJQsqaUBKTNV-6" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="3Z0NyFf9CSu-jNyiQ6yW-4" value="No" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=16;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;shadow=1;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="3Z0NyFf9CSu-jNyiQ6yW-3" vertex="1" connectable="0">
<mxGeometry x="-0.1667" relative="1" as="geometry">
<mxPoint y="-20" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="3Z0NyFf9CSu-jNyiQ6yW-1" value="Is IPDOnly" style="rhombus;html=1;shadow=1;fontFamily=Helvetica;fontSize=16;align=center;strokeWidth=1;spacing=5;spacingTop=2;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="-340" y="390" width="100" height="80" as="geometry" />
</mxCell>
<mxCell id="3Z0NyFf9CSu-jNyiQ6yW-2" value="&lt;span&gt;Protocol Detection Only&lt;/span&gt;" style="rounded=1;html=1;fontSize=16;glass=0;strokeWidth=1;shadow=1;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="-370" y="535" width="160" height="65" as="geometry" />
</mxCell>
<mxCell id="3Z0NyFf9CSu-jNyiQ6yW-10" value="&lt;div&gt;&lt;span&gt;Like IP Only&lt;/span&gt;&lt;br&gt;(has negated address(es))&lt;br&gt;&lt;/div&gt;" style="rounded=1;html=1;fontSize=16;glass=0;strokeWidth=1;shadow=1;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="183.5" y="260" width="151" height="70" as="geometry" />
</mxCell>
<mxCell id="2s8PCpyst4B-AYq6nZVi-3" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;endArrow=blockThin;endFill=1;fontSize=16;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;shadow=1;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" source="2s8PCpyst4B-AYq6nZVi-2" target="3Z0NyFf9CSu-jNyiQ6yW-10" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points" />
</mxGeometry>
</mxCell>
<mxCell id="2s8PCpyst4B-AYq6nZVi-4" value="&lt;div&gt;Yes&lt;br&gt;&lt;/div&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=16;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;shadow=1;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="2s8PCpyst4B-AYq6nZVi-3" vertex="1" connectable="0">
<mxGeometry x="-0.4" relative="1" as="geometry">
<mxPoint y="-20" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="2s8PCpyst4B-AYq6nZVi-2" value="&lt;div&gt;Contains&lt;/div&gt;&lt;div&gt;Negated&lt;/div&gt;&lt;div&gt;Address?&lt;/div&gt;" style="rhombus;html=1;fontSize=16;whiteSpace=wrap;labelBackgroundColor=none;labelBorderColor=none;textShadow=0;shadow=1;spacingRight=5;spacingBottom=2;spacingLeft=5;spacingTop=2;spacing=5;fontStyle=0" parent="WIyWlLk6GJQsqaUBKTNV-1" vertex="1">
<mxGeometry x="-190" y="240" width="140" height="110" as="geometry" />
</mxCell>
<mxCell id="YKtqplUdx_BT4Hee0G-G-1" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;endArrow=blockThin;endFill=1;fontSize=16;shadow=1;fontStyle=0" edge="1" parent="WIyWlLk6GJQsqaUBKTNV-1" source="YKtqplUdx_BT4Hee0G-G-0" target="3Z0NyFf9CSu-jNyiQ6yW-1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="YKtqplUdx_BT4Hee0G-G-0" value="Signature" style="shape=parallelogram;html=1;strokeWidth=1;perimeter=parallelogramPerimeter;whiteSpace=wrap;rounded=1;arcSize=12;size=0.23;fontSize=16;shadow=1;fontStyle=0" vertex="1" parent="WIyWlLk6GJQsqaUBKTNV-1">
<mxGeometry x="-345" y="230" width="110" height="60" as="geometry" />
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>
Loading

0 comments on commit e94d4f1

Please sign in to comment.