[Snort-devel] snort complex content rules apply

walther karl walther38 at ...2071...
Fri Dec 21 07:16:49 EST 2012

I need to use the Snort search engine in the content of the rules to a certain arbitrary buffer composed of the contents of several packets (tcp, udp). Used a search engine content strongly associated with Packet  structure of single packet, fully  understand that I could not.
In other words:

Now: every packet (payload,payload size) -> content search engine by rules[ ] -> found callback

I need: buffer, buffer size   -> content search engine rules[ ] -> found callback

Any ideas?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20121221/a3bc6a0c/attachment.html>

More information about the Snort-devel mailing list