[Bro] str_split
Christian Kreibich
christian at whoop.org
Wed May 28 16:29:57 PDT 2008
Lorenzo and I have been emailing off-list prior to his posting. I
believe what Lorenzo wants to do is match a regular expression against
flow content and obtain the matching part (or parts?) of the flow. For
example, if the regex is [0-9]{5}, he'd like to obtain the 5-digit
numerical string(s) that is/are present in the flow.
My understanding is that the signature_match() event does not guarantee
that all match-relevant data are actually passed to the event, so what
is the best option? Manual buffer management and regex matching via
{udp,tcp}_contents?
On Fri, 2008-05-23 at 17:10 -0700, Lorenzo Cavallaro wrote:
> Hi,
>
> I'd like to convert a string into an array of char (or a vector) so
> that it's possible to iterate over it (via the for stmt). Any idea
> about how to do it?
>
> I'm not sure if str_split is the right function but if so, I'm not
> sure what to use as index_vec argument. Iterate by using a set it'd
> be enough if I could generate the range of indexes belonging to the
> string...
>
> TIA, bye
> Lorenzo
--
Cheers,
Christian
More information about the Bro
mailing list