[Snort-devel] Snort Pattern alghoritm

Asiri Rathnayake asiri.rathnayake at ...2499...
Fri Mar 8 05:23:50 EST 2013


Dear Todd,

Sorry about sneaking into this topic :)

The files you mentioned, they are mainly concerned about string matching
(as Martins expected).

I am interested in the regular expressions matching sub-routines. I noted
the files:

src/detection-plugins/sp_pcre.[h,c]

>From these it appears that Snort uses the PCRE library for all regex
matching needs.

Can you kindly confirm if this is indeed the case?

Thank you very much.

- Asiri


On Mon, Jan 28, 2013 at 2:55 PM, Todd Wease <twease at ...402...> wrote:

> On Sun, Jan 20, 2013 at 11:34 AM, Martins Sapats <martins.sapats at ...3366...>wrote:
>
>> Hi!****
>>
>> In my master's part of the job I want to explore the Snort Pattern
>> alghoritm, but it is not clear operational structure. If I want to make
>> algorithm modifications, which files need to make corrections?****
>>
>> Be very nice if you describe where the algorithm files are stored?****
>>
>> I have dealt with a lot of material about the Snort pattern alghoritm,
>> everywhere are description how current algorithm work and results of
>> experments, but not description about where these algorithms are stored and
>> which files need to make changes.****
>>
>> ** **
>>
>> ** **
>>
>> Thank you!****
>>
>> ** **
>>
>> Martins Sapats****
>>
>> Latvian University of Agriculture,****
>>
>> Information Technology****
>>
>>
>>
> Hi Martins,
>
> The files I think you're looking for are in src/sfutil - mpse.[c,h],
> acsmx2.[c,h], bnfa_search.[c,h]
>
> Todd
>
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnnow-d2d
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130308/3e6f717f/attachment.html>


More information about the Snort-devel mailing list