Snort mailing list archives
Re: Snort Pattern alghoritm
From: Asiri Rathnayake <asiri.rathnayake () gmail com>
Date: Fri, 8 Mar 2013 10:23:50 +0000
Dear Todd, Sorry about sneaking into this topic :) The files you mentioned, they are mainly concerned about string matching (as Martins expected). I am interested in the regular expressions matching sub-routines. I noted the files: src/detection-plugins/sp_pcre.[h,c]
From these it appears that Snort uses the PCRE library for all regex
matching needs. Can you kindly confirm if this is indeed the case? Thank you very much. - Asiri On Mon, Jan 28, 2013 at 2:55 PM, Todd Wease <twease () sourcefire com> wrote:
On Sun, Jan 20, 2013 at 11:34 AM, Martins Sapats <martins.sapats () llu lv>wrote:Hi!**** In my master's part of the job I want to explore the Snort Pattern alghoritm, but it is not clear operational structure. If I want to make algorithm modifications, which files need to make corrections?**** Be very nice if you describe where the algorithm files are stored?**** I have dealt with a lot of material about the Snort pattern alghoritm, everywhere are description how current algorithm work and results of experments, but not description about where these algorithms are stored and which files need to make changes.**** ** ** ** ** Thank you!**** ** ** Martins Sapats**** Latvian University of Agriculture,**** Information Technology****Hi Martins, The files I think you're looking for are in src/sfutil - mpse.[c,h], acsmx2.[c,h], bnfa_search.[c,h] Todd ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort Pattern alghoritm Mārtiņš Sapats (Jan 19)
- <Possible follow-ups>
- Snort Pattern alghoritm Martins Sapats (Jan 26)
- Re: Snort Pattern alghoritm Todd Wease (Jan 28)
- Re: Snort Pattern alghoritm Asiri Rathnayake (Mar 08)
- Re: Snort Pattern alghoritm Todd Wease (Mar 08)
- Re: Snort Pattern alghoritm Asiri Rathnayake (Mar 08)