Re: Snort Pattern alghoritm

[Todd Wease <twease () sourcefire com>]

Asiri,

Yes, snort uses the PCRE library.

Todd

On Fri, Mar 8, 2013 at 5:23 AM, Asiri Rathnayake <asiri.rathnayake () gmail com
> wrote:

> Dear Todd,
>
> Sorry about sneaking into this topic :)
>
> The files you mentioned, they are mainly concerned about string matching
> (as Martins expected).
>
> I am interested in the regular expressions matching sub-routines. I noted
> the files:
>
> src/detection-plugins/sp_pcre.[h,c]
>
> From these it appears that Snort uses the PCRE library for all regex
> matching needs.
>
> Can you kindly confirm if this is indeed the case?
>
> Thank you very much.
>
> - Asiri
>
>
> On Mon, Jan 28, 2013 at 2:55 PM, Todd Wease <twease () sourcefire com> wrote:
>
> > On Sun, Jan 20, 2013 at 11:34 AM, Martins Sapats <martins.sapats () llu lv>wrote:
> >
> > > Hi!****
> > >
> > > In my master's part of the job I want to explore the Snort Pattern
> > > alghoritm, but it is not clear operational structure. If I want to make
> > > algorithm modifications, which files need to make corrections?****
> > >
> > > Be very nice if you describe where the algorithm files are stored?****
> > >
> > > I have dealt with a lot of material about the Snort pattern alghoritm,
> > > everywhere are description how current algorithm work and results of
> > > experments, but not description about where these algorithms are stored and
> > > which files need to make changes.****
> > >
> > > ** **
> > >
> > > ** **
> > >
> > > Thank you!****
> > >
> > > ** **
> > >
> > > Martins Sapats****
> > >
> > > Latvian University of Agriculture,****
> > >
> > > Information Technology****
> > Hi Martins,
> >
> > The files I think you're looking for are in src/sfutil - mpse.[c,h],
> > acsmx2.[c,h], bnfa_search.[c,h]
> >
> > Todd
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> > MVPs and experts. ON SALE this month only -- learn more at:
> > http://p.sf.net/sfu/learnnow-d2d
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel () lists sourceforge net
> > https://lists.sourceforge.net/lists/listinfo/snort-devel
> > Archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
> >
> > Please visit http://blog.snort.org for the latest news about Snort!
>
>
>
> ------------------------------------------------------------------------------
> Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> endpoint security space. For insight on selecting the right partner to
> tackle endpoint security challenges, access the full report.
> http://p.sf.net/sfu/symantec-dev2dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to 
tackle endpoint security challenges, access the full report. 
http://p.sf.net/sfu/symantec-dev2dev

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!