Project

General

Profile

Actions
Copy link

Feature #741

closed
AS VJ

Introduce endswith keyword

Feature #741: Introduce endswith keyword

Added by Anoop Saldanha about 13 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
4.1beta1
Effort:
Difficulty:
Label:

Description

endswith is a modifier to the existing content keyword. It matches if the content string matches at the end of the buffer being matched. Usage wise it works the same as nocase.

Should we allow depth and within to be used with endswith keyword?

Related issues 2 (1 open1 closed)

Related to Suricata - Task #2309: SuriCon 2017 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #742: startswith keywordClosedVictor JulienActions

VJ Updated by Victor Julien about 13 years ago Actions
Copy link
 #2

What about using a negative depth value to indicate it's from the end of the buffer instead of the start?

AS Updated by Anoop Saldanha about 13 years ago Actions
Copy link
 #3

Actually the same thing can be achieved using isdataat, but this is neater

AH Updated by Andreas Herz over 10 years ago Actions
Copy link
 #4

  • Tracker changed from Bug to Feature

AH Updated by Andreas Herz over 9 years ago Actions
Copy link
 #5

  • Assignee changed from Anoop Saldanha to OISF Dev

VJ Updated by Victor Julien over 8 years ago Actions
Copy link
 #6

  • Related to Task #2309: SuriCon 2017 brainstorm added

VJ Updated by Victor Julien over 8 years ago Actions
Copy link
 #7

VJ Updated by Victor Julien over 8 years ago Actions
Copy link
 #8

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Victor Julien
  • Target version changed from TBD to 70

VJ Updated by Victor Julien about 8 years ago Actions
Copy link
 #9

  • Status changed from Assigned to Closed
  • Target version changed from 70 to 4.1beta1
Actions
Copy link

Also available in: PDF Atom