[
https://issues.apache.org/jira/browse/METRON-870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15978868#comment-15978868
]
ASF GitHub Bot commented on METRON-870:
---------------------------------------
Github user nishihatapalmer commented on the issue:
https://github.com/apache/incubator-metron/pull/541
Correct, there's no NFA or DFA under the hood of the SequenceMatcher.
You can create sequences using the regex syntax using the
SequenceMatcherCompiler, as long as only syntax which creates fixed length
sequences is used. So you can match bytes (hex values), sets of bytes [01 02
03], any bytes ., bitmasks, strings and case insensitive strings, but not
wildcards or optional bytes. For example:
01 ^02 'a string' [f0-ff] 'another string' [0a 0d]
The RegexCompiler can accept the full regex syntax including *, +, ?, and
it does create NFAs - but this isn't tested.
> Add filtering by packet payload to the pcap query
> -------------------------------------------------
>
> Key: METRON-870
> URL: https://issues.apache.org/jira/browse/METRON-870
> Project: Metron
> Issue Type: Improvement
> Reporter: Casey Stella
>
> Currently we have the ability to filter packets in the pcap query tool by
> header information (src/dest ip/port). We should be able to filter by binary
> regex on the packets themselves.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
