[Snort-devel] snort complex content rules apply
walther38 at ...2071...
Fri Dec 21 07:16:49 EST 2012
I need to use the Snort search engine in the content of the rules to a certain arbitrary buffer composed of the contents of several packets (tcp, udp). Used a search engine content strongly associated with Packet structure of single packet, fully understand that I could not.
In other words:
Now: every packet (payload,payload size) -> content search engine by rules[ ] -> found callback
I need: buffer, buffer size -> content search engine rules[ ] -> found callback
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel