[ https://issues.apache.org/jira/browse/METRON-870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15978868#comment-15978868 ]
ASF GitHub Bot commented on METRON-870: --------------------------------------- Github user nishihatapalmer commented on the issue: https://github.com/apache/incubator-metron/pull/541 Correct, there's no NFA or DFA under the hood of the SequenceMatcher. You can create sequences using the regex syntax using the SequenceMatcherCompiler, as long as only syntax which creates fixed length sequences is used. So you can match bytes (hex values), sets of bytes [01 02 03], any bytes ., bitmasks, strings and case insensitive strings, but not wildcards or optional bytes. For example: 01 ^02 'a string' [f0-ff] 'another string' [0a 0d] The RegexCompiler can accept the full regex syntax including *, +, ?, and it does create NFAs - but this isn't tested. > Add filtering by packet payload to the pcap query > ------------------------------------------------- > > Key: METRON-870 > URL: https://issues.apache.org/jira/browse/METRON-870 > Project: Metron > Issue Type: Improvement > Reporter: Casey Stella > > Currently we have the ability to filter packets in the pcap query tool by > header information (src/dest ip/port). We should be able to filter by binary > regex on the packets themselves. -- This message was sent by Atlassian JIRA (v6.3.15#6346)