[Bro-Dev] [JIRA] (BIT-844) UDP payload signature patterns don't match packet-wise

2015-04-09 Thread Robin Sommer (JIRA) 

 [ 
https://bro-tracker.atlassian.net/browse/BIT-844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robin Sommer reassigned BIT-844:


Assignee: Robin Sommer

 UDP payload signature patterns don't match packet-wise
 --

 Key: BIT-844
 URL: https://bro-tracker.atlassian.net/browse/BIT-844
 Project: Bro Issue Tracker
  Issue Type: Problem
  Components: Bro
Affects Versions: git/master
Reporter: Jon Siwek
Assignee: Robin Sommer
Priority: Low
 Fix For: 2.4


 The docs say:
 {noformat}
 Regular expressions are implicitly anchored, i.e., they work as if prefixed 
 with the ^ operator. For reassembled TCP connections, they are anchored at 
 the first byte of the payload stream. For all other connections, they are 
 anchored at the first payload byte of each packet. To match at arbitrary 
 positions, you can prefix the regular expression with .*, as done in the 
 examples above.
 {noformat}
 But for a UDP connection made up of 2 packets with payloads ' and then 
 , I still need the .* prefix to match on the 2nd:
 {noformat}
 signature  {
  ip-proto = udp
  payload /.*/
  event Found 
 }
 {noformat}
 Changing the pattern to {{//}} or {{/^/}} results in no match (but 
 does match if I flip order of packets).



--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-844) UDP payload signature patterns don't match packet-wise

2015-04-06 Thread Jon Siwek (JIRA) 

 [ 
https://bro-tracker.atlassian.net/browse/BIT-844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jon Siwek updated BIT-844:
--
Fix Version/s: 2.4

 UDP payload signature patterns don't match packet-wise
 --

 Key: BIT-844
 URL: https://bro-tracker.atlassian.net/browse/BIT-844
 Project: Bro Issue Tracker
  Issue Type: Problem
  Components: Bro
Affects Versions: git/master
Reporter: Jon Siwek
Assignee: Jon Siwek
Priority: Low
 Fix For: 2.4


 The docs say:
 {noformat}
 Regular expressions are implicitly anchored, i.e., they work as if prefixed 
 with the ^ operator. For reassembled TCP connections, they are anchored at 
 the first byte of the payload stream. For all other connections, they are 
 anchored at the first payload byte of each packet. To match at arbitrary 
 positions, you can prefix the regular expression with .*, as done in the 
 examples above.
 {noformat}
 But for a UDP connection made up of 2 packets with payloads ' and then 
 , I still need the .* prefix to match on the 2nd:
 {noformat}
 signature  {
  ip-proto = udp
  payload /.*/
  event Found 
 }
 {noformat}
 Changing the pattern to {{//}} or {{/^/}} results in no match (but 
 does match if I flip order of packets).



--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-844) UDP payload signature patterns don't match packet-wise

2015-04-06 Thread Jon Siwek (JIRA) 

[ 
https://bro-tracker.atlassian.net/browse/BIT-844?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=20240#comment-20240
 ] 

Jon Siwek commented on BIT-844:
---

Fixed in topic/jsiwek/bit-844

Unrelated, I also removed some signature benchmarking code that I don't think 
deserves to be in the production version of the code.

 UDP payload signature patterns don't match packet-wise
 --

 Key: BIT-844
 URL: https://bro-tracker.atlassian.net/browse/BIT-844
 Project: Bro Issue Tracker
  Issue Type: Problem
  Components: Bro
Affects Versions: git/master
Reporter: Jon Siwek
Assignee: Jon Siwek
Priority: Low
 Fix For: 2.4


 The docs say:
 {noformat}
 Regular expressions are implicitly anchored, i.e., they work as if prefixed 
 with the ^ operator. For reassembled TCP connections, they are anchored at 
 the first byte of the payload stream. For all other connections, they are 
 anchored at the first payload byte of each packet. To match at arbitrary 
 positions, you can prefix the regular expression with .*, as done in the 
 examples above.
 {noformat}
 But for a UDP connection made up of 2 packets with payloads ' and then 
 , I still need the .* prefix to match on the 2nd:
 {noformat}
 signature  {
  ip-proto = udp
  payload /.*/
  event Found 
 }
 {noformat}
 Changing the pattern to {{//}} or {{/^/}} results in no match (but 
 does match if I flip order of packets).



--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-844) UDP payload signature patterns don't match packet-wise

2015-04-06 Thread Jon Siwek (JIRA) 

 [ 
https://bro-tracker.atlassian.net/browse/BIT-844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jon Siwek updated BIT-844:
--
Status: Merge Request  (was: Open)

 UDP payload signature patterns don't match packet-wise
 --

 Key: BIT-844
 URL: https://bro-tracker.atlassian.net/browse/BIT-844
 Project: Bro Issue Tracker
  Issue Type: Problem
  Components: Bro
Affects Versions: git/master
Reporter: Jon Siwek
Priority: Low
 Fix For: 2.4


 The docs say:
 {noformat}
 Regular expressions are implicitly anchored, i.e., they work as if prefixed 
 with the ^ operator. For reassembled TCP connections, they are anchored at 
 the first byte of the payload stream. For all other connections, they are 
 anchored at the first payload byte of each packet. To match at arbitrary 
 positions, you can prefix the regular expression with .*, as done in the 
 examples above.
 {noformat}
 But for a UDP connection made up of 2 packets with payloads ' and then 
 , I still need the .* prefix to match on the 2nd:
 {noformat}
 signature  {
  ip-proto = udp
  payload /.*/
  event Found 
 }
 {noformat}
 Changing the pattern to {{//}} or {{/^/}} results in no match (but 
 does match if I flip order of packets).



--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

[Bro-Dev] [JIRA] (BIT-844) UDP payload signature patterns don't match packet-wise

2015-04-06 Thread Jon Siwek (JIRA) 

 [ 
https://bro-tracker.atlassian.net/browse/BIT-844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jon Siwek reassigned BIT-844:
-

Assignee: (was: Jon Siwek)

 UDP payload signature patterns don't match packet-wise
 --

 Key: BIT-844
 URL: https://bro-tracker.atlassian.net/browse/BIT-844
 Project: Bro Issue Tracker
  Issue Type: Problem
  Components: Bro
Affects Versions: git/master
Reporter: Jon Siwek
Priority: Low
 Fix For: 2.4


 The docs say:
 {noformat}
 Regular expressions are implicitly anchored, i.e., they work as if prefixed 
 with the ^ operator. For reassembled TCP connections, they are anchored at 
 the first byte of the payload stream. For all other connections, they are 
 anchored at the first payload byte of each packet. To match at arbitrary 
 positions, you can prefix the regular expression with .*, as done in the 
 examples above.
 {noformat}
 But for a UDP connection made up of 2 packets with payloads ' and then 
 , I still need the .* prefix to match on the 2nd:
 {noformat}
 signature  {
  ip-proto = udp
  payload /.*/
  event Found 
 }
 {noformat}
 Changing the pattern to {{//}} or {{/^/}} results in no match (but 
 does match if I flip order of packets).



--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev