Project

General

Profile

Actions
Copy link

Feature #741

closed

Introduce endswith keyword

Added by Anoop Saldanha about 11 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
4.1beta1
Effort:
Difficulty:
Label:

Description

endswith is a modifier to the existing content keyword. It matches if the content string matches at the end of the buffer being matched. Usage wise it works the same as nocase.

Should we allow depth and within to be used with endswith keyword?

Related issues 2 (1 open1 closed)

Related to Suricata - Task #2309: SuriCon 2017 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #742: startswith keywordClosedVictor Julien02/01/2013Actions
Actions
Copy link
 #2

Updated by Victor Julien about 11 years ago

What about using a negative depth value to indicate it's from the end of the buffer instead of the start?

Actions
Copy link
 #3

Updated by Anoop Saldanha about 11 years ago

Actually the same thing can be achieved using isdataat, but this is neater

Actions
Copy link
 #4

Updated by Andreas Herz over 8 years ago

  • Tracker changed from Bug to Feature
Actions
Copy link
 #5

Updated by Andreas Herz over 7 years ago

  • Assignee changed from Anoop Saldanha to OISF Dev
Actions
Copy link
 #6

Updated by Victor Julien over 6 years ago

  • Related to Task #2309: SuriCon 2017 brainstorm added
Actions
Copy link
 #7

Updated by Victor Julien over 6 years ago

Actions
Copy link
 #8

Updated by Victor Julien over 6 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Victor Julien
  • Target version changed from TBD to 70
Actions
Copy link
 #9

Updated by Victor Julien about 6 years ago

  • Status changed from Assigned to Closed
  • Target version changed from 70 to 4.1beta1
Actions
Copy link

Also available in: Atom PDF