[Bro-Dev] case-insensitive patterns
Vern Paxson
vern at corelight.com
Fri Jun 29 12:23:26 PDT 2018
> Hum. Is there a reason why we come up with our own syntax for this?
No, just that I didn't have the other syntax on my radar. I was looking
at Snort & Suricata and didn't find this; I'm not a PCRE user myself.
It's simple to change, will do so now (though I think mine is slightly
more cool ;-).
> Python supports the exact same syntax. And - to make things easier for
> users I think it would be way nicer if we just also would do this.
Sure.
Just so I have this right: it looks like the preferred would not be
/(?i foo)/ but rather /(?i)foo/, yes?
Vern
More information about the bro-dev
mailing list