[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-cvs
Subject: [snort-cvs] CVS: snort config.h.in,1.63,1.64 snort.conf,1.14,1.15 sp_pattern_match.c,1.8,1.9 sp_patt
From: Martin Roesch <roesch () users ! sourceforge ! net>
Date: 2001-02-08 3:53:19
[Download RAW message or body]
Update of /cvsroot/snort/snort
In directory usw-pr-cvs1:/tmp/cvs-serv17330
Modified Files:
config.h.in snort.conf sp_pattern_match.c sp_pattern_match.h
Log Message:
* Added capability to look for exceptions on content matching
Index: config.h.in
===================================================================
RCS file: /cvsroot/snort/snort/config.h.in,v
retrieving revision 1.63
retrieving revision 1.64
diff -C2 -r1.63 -r1.64
*** config.h.in 2001/01/26 19:03:07 1.63
--- config.h.in 2001/02/08 03:53:16 1.64
***************
*** 103,106 ****
--- 103,109 ----
#undef HAVE_LIBSOCKET
+ /* Define if you have the z library (-lz). */
+ #undef HAVE_LIBZ
+
/* Name of package */
#undef PACKAGE
Index: snort.conf
===================================================================
RCS file: /cvsroot/snort/snort/snort.conf,v
retrieving revision 1.14
retrieving revision 1.15
diff -C2 -r1.14 -r1.15
*** snort.conf 2001/01/05 19:27:33 1.14
--- snort.conf 2001/02/08 03:53:16 1.15
***************
*** 34,38 ****
# Set up the external network addresses as well. A good start may be
! # "any"...
var EXTERNAL_NET any
--- 34,38 ----
# Set up the external network addresses as well. A good start may be
! # "any" or !$HOME_NET
var EXTERNAL_NET any
Index: sp_pattern_match.c
===================================================================
RCS file: /cvsroot/snort/snort/sp_pattern_match.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -r1.8 -r1.9
*** sp_pattern_match.c 2001/01/13 07:31:14 1.8
--- sp_pattern_match.c 2001/02/08 03:53:16 1.9
***************
*** 287,290 ****
--- 287,291 ----
int cnt = 0;
int literal = 0;
+ int exception_flag = 0;
PatternMatchData *ds_idx;
***************
*** 292,295 ****
--- 293,304 ----
bzero(tmp_buf, 2048);
+ while(isspace((int)*rule))
+ rule++;
+
+ if(*rule == '!')
+ {
+ exception_flag = 1;
+ }
+
/* find the start of the data */
start_ptr = index(rule, '"');
***************
*** 299,302 ****
--- 308,312 ----
FatalError("ERROR Line %d => Content data needs to be enclosed in quotation \
marks (\")!\n", file_line); }
+
/* move the start up from the beggining quotes */
start_ptr++;
***************
*** 504,507 ****
--- 514,518 ----
ds_idx->skip_stride = make_skip(ds_idx->pattern_buf, ds_idx->pattern_size);
ds_idx->shift_stride = make_shift(ds_idx->pattern_buf, ds_idx->pattern_size);
+ ds_idx->exception_flag = exception_flag;
return;
***************
*** 545,552 ****
printf("testing pattern: %s\n", idx->pattern_buf);
#endif
! found = idx->search((char *)(p->data + idx->offset),
sub_depth, idx->pattern_buf,
idx->pattern_size, idx->skip_stride,
! idx->shift_stride);
#ifdef DEBUG
--- 556,564 ----
printf("testing pattern: %s\n", idx->pattern_buf);
#endif
! found = (idx->search((char *)(p->data + idx->offset),
sub_depth, idx->pattern_buf,
idx->pattern_size, idx->skip_stride,
! idx->shift_stride)
! ^ idx->exception_flag);
#ifdef DEBUG
***************
*** 566,580 ****
if(idx->depth && (p->dsize-idx->offset> idx->depth))
{
! found = idx->search((char *)(p->data + idx->offset),
idx->depth, idx->pattern_buf,
idx->pattern_size, idx->skip_stride,
! idx->shift_stride);
}
else
{
! found = idx->search((char *)(p->data + idx->offset),
p->dsize - idx->offset ,
idx->pattern_buf, idx->pattern_size,
! idx->skip_stride, idx->shift_stride);
}
--- 578,594 ----
if(idx->depth && (p->dsize-idx->offset> idx->depth))
{
! found = (idx->search((char *)(p->data + idx->offset),
idx->depth, idx->pattern_buf,
idx->pattern_size, idx->skip_stride,
! idx->shift_stride)
! ^ idx->exception_flag);
}
else
{
! found = (idx->search((char *)(p->data + idx->offset),
p->dsize - idx->offset ,
idx->pattern_buf, idx->pattern_size,
! idx->skip_stride, idx->shift_stride)
! ^ idx->exception_flag);
}
***************
*** 660,665 ****
printf("testing pattern: %s\n", idx->pattern_buf);
#endif
! found = idx->search((char *)(p->data+idx->offset), \
sub_depth,idx->pattern_buf,
! idx->pattern_size, idx->skip_stride, \
idx->shift_stride);
if(!found)
--- 674,682 ----
printf("testing pattern: %s\n", idx->pattern_buf);
#endif
! found = (idx->search((char *)(p->data+idx->offset),
! sub_depth,idx->pattern_buf,
! idx->pattern_size, idx->skip_stride,
! idx->shift_stride)
! ^ idx->exception_flag);
if(!found)
***************
*** 680,691 ****
if(idx->depth && (p->dsize-idx->offset> idx->depth))
{
! found = idx->search((char *)(p->data+idx->offset), idx->depth, \
idx->pattern_buf,
! idx->pattern_size, idx->skip_stride, \
idx->shift_stride); }
else
{
! found = idx->search((char *)(p->data+idx->offset), p->dsize - \
idx->offset,
! idx->pattern_buf, idx->pattern_size, \
idx->skip_stride,
! idx->shift_stride);
}
--- 697,713 ----
if(idx->depth && (p->dsize-idx->offset> idx->depth))
{
! found = (idx->search((char *)(p->data+idx->offset),
! idx->depth, idx->pattern_buf,
! idx->pattern_size, idx->skip_stride,
! idx->shift_stride)
! ^ idx->exception_flag);
}
else
{
! found = (idx->search((char *)(p->data+idx->offset),
! p->dsize - idx->offset,
! idx->pattern_buf, idx->pattern_size,
! idx->skip_stride, idx->shift_stride)
! ^ idx->exception_flag);
}
Index: sp_pattern_match.h
===================================================================
RCS file: /cvsroot/snort/snort/sp_pattern_match.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -r1.6 -r1.7
*** sp_pattern_match.h 2001/01/02 08:06:01 1.6
--- sp_pattern_match.h 2001/02/08 03:53:16 1.7
***************
*** 29,32 ****
--- 29,33 ----
typedef struct _PatternMatchData
{
+ u_int8_t exception_flag; /* search for "not this pattern" */
int offset; /* pattern search start offset */
int depth; /* pattern search depth */
_______________________________________________
Snort-cvsinfo mailing list
Snort-cvsinfo@lists.sourceforge.net
http://lists.sourceforge.net/lists/listinfo/snort-cvsinfo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic