Next: Example
Up: pcre
Previous: pcre
Contents
pcre:[!]"(/<regex>/|m<delim><regex><delim>)[ismxAEGRUB]";
The post-re modifiers set compile time flags for the regular expression.
Table:
Perl compatible modifiers
| i |
case insensitive |
| s |
include newlines in the dot metacharacter |
| m |
By default, the string is treated as one big line of characters. ^ and $ match at the beginning and ending of the string. When m is set, ^ and $ match immediately following or immediately before any newline in the buffer, as well as the very start and very end of the buffer. |
| x |
whitespace data characters in the pattern are ignored except when escaped or inside a character class |
Table:
PCRE compatible modifiers
| A |
the pattern must match only at the start of the buffer (same as ^ ) |
| E |
Set $ to match only at the end of the subject string. Without E, $ also matches immediately before the final character if it is a newline (but not before any other newlines). |
| G |
Inverts the "greediness" of the quantifiers so that they are not greedy by default, but become greedy if followed by "?". |
Table:
Snort specific modifiers
| R |
Match relative to the end of the last pattern match. (Similar to distance:0;) |
| U |
Match the decoded URI buffers (Similar to uricontent) |
| B |
Do not use the decoded buffers (Similar to rawbytes) |
The modifiers R and B should not be used together.
Next: Example
Up: pcre
Previous: pcre
Contents
Steven Sturges
2006-12-08
|
