diff options
author | Martin Mathieson <martin.r.mathieson@googlemail.com> | 2017-06-18 22:01:04 +0100 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2017-06-19 10:28:17 +0000 |
commit | d19c3a22b927db0dc83bcad9e024a8ed8f866671 (patch) | |
tree | 24b52a676e0365225d6806c66a0673ce43fcd10e /epan/dissectors/snort-config.h | |
parent | d386a6cfb1e8b69f56fabad76d1e873f56160db8 (diff) |
Misc snort fixes.
- search for content fields taking into account length of last match
- handle absolute path to file file inclusion not using $RULE_PATH
- parse longer tokens (saw emerging-threats rule with enormous pcre)
- content offset is relative to start of frame, *not* previous content match
- show content modifiers 'rawbytes' and 'http_user_agent'
Change-Id: I0a4e0b857c8049380ed6aa47e4a3d3649e84d4ad
Reviewed-on: https://code.wireshark.org/review/22211
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/snort-config.h')
-rw-r--r-- | epan/dissectors/snort-config.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/epan/dissectors/snort-config.h b/epan/dissectors/snort-config.h index 076e645aae..09a40ca1c9 100644 --- a/epan/dissectors/snort-config.h +++ b/epan/dissectors/snort-config.h @@ -57,10 +57,13 @@ typedef struct content_t { gboolean fastpattern; /* Is most distinctive content in rule */ + gboolean rawbytes; /* Match should be done against raw bytes (which we do anyway) */ + /* http preprocessor modifiers */ gboolean http_method; gboolean http_client_body; gboolean http_cookie; + gboolean http_user_agent; /* Pattern converted into bytes for matching against packet. Used for regular patterns and PCREs alike. */ |