Merge pull request #2971 in SNORT/snort3 from ~OSHUMEIK/snort3:s2l_rawbytes to master

author Mike Stepanek (mstepane) <mstepane@cisco.com>

Fri, 9 Jul 2021 09:18:31 +0000 (09:18 +0000)

committer Mike Stepanek (mstepane) <mstepane@cisco.com>

Fri, 9 Jul 2021 09:18:31 +0000 (09:18 +0000)
author Mike Stepanek (mstepane) <mstepane@cisco.com>
Fri, 9 Jul 2021 09:18:31 +0000 (09:18 +0000)
committer Mike Stepanek (mstepane) <mstepane@cisco.com>
Fri, 9 Jul 2021 09:18:31 +0000 (09:18 +0000)
diff --git a/tools/snort2lua/rule_states/dev_notes.txt b/tools/snort2lua/rule_states/dev_notes.txt

index 5865d274cfb6ec428660c408634b1ea0e1731bd9..9670ffcbb8227f9e4e17ea61d17715d1f38fa128 100644 (file)
--- a/tools/snort2lua/rule_states/dev_notes.txt
+++ b/tools/snort2lua/rule_states/dev_notes.txt
@@ -13,6 +13,7 @@ until explicitly reset by other rule options.
  Snort2 implemented the following list of "sticky" buffer rule options:
  
  * pkt_data
+* raw_data
  * file_data
  * dce_stub_fdata
  * dnp3_data
diff --git a/tools/snort2lua/rule_states/rule_isdataat.cc b/tools/snort2lua/rule_states/rule_isdataat.cc

index 8ce5b7576a72acb721b7d583c24ea44ccc06341e..4ed2380936b8777c771cce68dd1b29d7eca5d132 100644 (file)
--- a/tools/snort2lua/rule_states/rule_isdataat.cc
+++ b/tools/snort2lua/rule_states/rule_isdataat.cc
@@ -61,7 +61,7 @@ bool IsDataAt::convert(std::istringstream& data_stream)
                  rule_api.add_suboption("relative");
  
              else if (value == "rawbytes")
-                rule_api.set_curr_options_buffer("pkt_data");
+                rule_api.set_curr_options_buffer("raw_data");
  
              else
                  rule_api.bad_rule(data_stream, value + " - unknown modifier!!");
diff --git a/tools/snort2lua/rule_states/rule_pcre.cc b/tools/snort2lua/rule_states/rule_pcre.cc

index 7d096e60125c97b7c4ddefd2b841908db6b70eb6..a959d4797c04baefbc19aafc50453ad638aedb7e 100644 (file)
--- a/tools/snort2lua/rule_states/rule_pcre.cc
+++ b/tools/snort2lua/rule_states/rule_pcre.cc
@@ -89,7 +89,7 @@ bool Pcre::convert(std::istringstream& data_stream)
  
          switch (c)
          {
-        case 'B': sticky_buffer = "pkt_data"; break;
+        case 'B': sticky_buffer = "raw_data"; break;
          case 'U': sticky_buffer = "http_uri"; break;
          case 'P': sticky_buffer = "pcre_P_option_body"; break;
          case 'H': sticky_buffer = "pcre_H_option_header"; break;
author	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Fri, 9 Jul 2021 09:18:31 +0000 (09:18 +0000)
committer	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Fri, 9 Jul 2021 09:18:31 +0000 (09:18 +0000)
tools/snort2lua/rule_states/dev_notes.txt		patch \| blob \| blame \| history
tools/snort2lua/rule_states/rule_isdataat.cc		patch \| blob \| blame \| history
tools/snort2lua/rule_states/rule_pcre.cc		patch \| blob \| blame \| history