Good day, Gianni,
On 29 May 2002, Gianni Tedesco wrote:
> Here is a new string match. New kernel code, and updated userspace code.
>
> Changes:
> o no more dependance on max() macro! (so works for 2.4.9 now)
> o skip/shift tables are now stored in matchinfo, making for tidier code
> and removing the need to generate skip/shift tables all the time.
> o due to above change it should now be AT LEAST 100 times faster
> o memcmp() matching removed alltogether
> o fix iptables-save quotation bug
I really appreciate your ongoing work with the module.
> I am now working on a patch to the userspace libraries to allow
> snort-style binary data to be in the string eg:
>
> --string "|ef ff ff ff|/bin/sh"
>
> I have been testing this code extensively both in userspace and inside
> netfilter for a while now so it should be stable as a table.
May I say, in advance,
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
ThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYouThankYou
My project to convert snort rules over to iptables rules (
http://www.stearns.org/snort2iptables/ ) will be a _lot_ simpler and more
complete with that addition to user space.
I _really_ look forward to seeing that userspace addition. You
may have sensed that from the above. ;-)
Cheers,
- Bill
---------------------------------------------------------------------------
"Never argue with an idiot. They drag you down to their level,
then beat you with experience."
(Courtesy of Martin Josefsson <[EMAIL PROTECTED]>)
--------------------------------------------------------------------------
William Stearns ([EMAIL PROTECTED]). Mason, Buildkernel, named2hosts,
and ipfwadm2ipchains are at: http://www.stearns.org
--------------------------------------------------------------------------
