detect/content-inspect: improve header docs

OISF · Dec 7, 2023 · 332c2ea · 332c2ea
1 parent 06c8095
commit 332c2ea
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/src/detect-engine-content-inspection.h b/src/detect-engine-content-inspection.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2021 Open Information Security Foundation
+/* Copyright (C) 2007-2023 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -30,13 +30,15 @@
  */
 enum DetectContentInspectionType {
     DETECT_ENGINE_CONTENT_INSPECTION_MODE_PAYLOAD = 0, /* enables 'replace' logic */
-    DETECT_ENGINE_CONTENT_INSPECTION_MODE_HEADER,
-    DETECT_ENGINE_CONTENT_INSPECTION_MODE_STREAM,
-    DETECT_ENGINE_CONTENT_INSPECTION_MODE_FRAME,
-    DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE,
+    DETECT_ENGINE_CONTENT_INSPECTION_MODE_HEADER,      /* indicates a header is being inspected */
+    DETECT_ENGINE_CONTENT_INSPECTION_MODE_STREAM,      /* enables "stream" inspection logic */
+    DETECT_ENGINE_CONTENT_INSPECTION_MODE_FRAME,       /* enables "frame" inspection logic */
+    DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, /* enables "state" - used for buffers coming from
+                                                    the app-layer state. */
 };
 
-#define DETECT_CI_FLAGS_START   BIT_U8(0)   /**< unused, reserved for future use */
+#define DETECT_CI_FLAGS_START                                                                      \
+    BIT_U8(0) /**< indication that current buffer is the start of the data */
 #define DETECT_CI_FLAGS_END     BIT_U8(1)   /**< indication that current buffer
                                              *   is the end of the data */
 #define DETECT_CI_FLAGS_DCE_LE  BIT_U8(2)   /**< DCERPC record in little endian */