[Snort-devel] Snort Pattern alghoritm

Todd Wease twease at ...402...
Fri Mar 8 06:17:14 EST 2013


Asiri,

Yes, snort uses the PCRE library.

Todd

On Fri, Mar 8, 2013 at 5:23 AM, Asiri Rathnayake <asiri.rathnayake at ...2499...
> wrote:

> Dear Todd,
>
> Sorry about sneaking into this topic :)
>
> The files you mentioned, they are mainly concerned about string matching
> (as Martins expected).
>
> I am interested in the regular expressions matching sub-routines. I noted
> the files:
>
> src/detection-plugins/sp_pcre.[h,c]
>
> From these it appears that Snort uses the PCRE library for all regex
> matching needs.
>
> Can you kindly confirm if this is indeed the case?
>
> Thank you very much.
>
> - Asiri
>
>
> On Mon, Jan 28, 2013 at 2:55 PM, Todd Wease <twease at ...402...> wrote:
>
>> On Sun, Jan 20, 2013 at 11:34 AM, Martins Sapats <martins.sapats at ...3366...>wrote:
>>
>>> Hi!****
>>>
>>> In my master's part of the job I want to explore the Snort Pattern
>>> alghoritm, but it is not clear operational structure. If I want to make
>>> algorithm modifications, which files need to make corrections?****
>>>
>>> Be very nice if you describe where the algorithm files are stored?****
>>>
>>> I have dealt with a lot of material about the Snort pattern alghoritm,
>>> everywhere are description how current algorithm work and results of
>>> experments, but not description about where these algorithms are stored and
>>> which files need to make changes.****
>>>
>>> ** **
>>>
>>> ** **
>>>
>>> Thank you!****
>>>
>>> ** **
>>>
>>> Martins Sapats****
>>>
>>> Latvian University of Agriculture,****
>>>
>>> Information Technology****
>>>
>>>
>>>
>> Hi Martins,
>>
>> The files I think you're looking for are in src/sfutil - mpse.[c,h],
>> acsmx2.[c,h], bnfa_search.[c,h]
>>
>> Todd
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
>> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
>> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
>> MVPs and experts. ON SALE this month only -- learn more at:
>> http://p.sf.net/sfu/learnnow-d2d
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>> Archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>>
>> Please visit http://blog.snort.org for the latest news about Snort!
>>
>
>
>
> ------------------------------------------------------------------------------
> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> endpoint security space. For insight on selecting the right partner to
> tackle endpoint security challenges, access the full report.
> http://p.sf.net/sfu/symantec-dev2dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130308/4f4f5965/attachment.html>


More information about the Snort-devel mailing list