On Tue, 20 May 2003, Ethan Sommer wrote: > Nope. I need to strip out all the nulls from the packet, or any posix > regex parser will think the string ends at the first null. (so protocols > which use null's will be difficult/impossible to identify) Ok, i see your dilema. How does snort do it? I dont think copying the packet is the right way to do it. Could the null NOT be considered as something speacial unless explicitly stated? > > I could modify the regexec function to take a length, but then it > wouldn't be the posix regexec prototype and I was hopeing someone would > add those to the common library of kernel functions, so others could use > them. (and hence make it easier to maintain.) > This would be the first start. Check with the netfilter folks who are famous for creating bread slicers - they may already have something along these lines. I am actually interested in the kernel variant of such a library. Actually once you have the library (which is efficient) we could work together. I have some stuff cooking (and lotsa opinions on what i would like to see in it that you could consider as requirements). cheers, jamal - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
