{ "detect_anomalous_servers", Parameter::PT_BOOL, nullptr, "false",
"inspect non-configured ports for HTTP - bad idea" },
- { "max_gzip_mem", Parameter::PT_INT, "3276:", "838860",
- "total memory used for decompression across all active sessions" },
+ { "max_gzip_mem", Parameter::PT_INT, "0:", "0",
+ "disregard - not implemented" },
- { "memcap", Parameter::PT_INT, "2304:", "150994944",
- "limit of memory used for logging extra data" },
+ { "memcap", Parameter::PT_INT, "0:", "0",
+ "disregard - not implemented" },
//{ "mime", Parameter::PT_TABLE, hi_mime_params, nullptr,
// "help" },
static const Parameter s_params[] =
{
{ BITSTRING_OPT, Parameter::PT_IMPLIED, nullptr, nullptr,
- "Detects invalid bitstring encodings that are known to be remotely exploitable." },
+ "detects invalid bitstring encodings that are known to be remotely exploitable" },
{ DOUBLE_OPT, Parameter::PT_IMPLIED, nullptr, nullptr,
- "Detects a double ASCII encoding that is larger than a standard buffer." },
+ "detects a double ASCII encoding that is larger than a standard buffer" },
{ PRINT_OPT, Parameter::PT_IMPLIED, nullptr, nullptr,
"dump decode data to console; always true" },
{ LENGTH_OPT, Parameter::PT_INT, "0:", nullptr,
- "Compares ASN.1 type lengths with the supplied argument." },
+ "compares ASN.1 type lengths with the supplied argument" },
{ ABS_OFFSET_OPT, Parameter::PT_INT, "0:", nullptr,
- "Absolute offset from the beginning of the packet." },
+ "absolute offset from the beginning of the packet" },
{ REL_OFFSET_OPT, Parameter::PT_INT, nullptr, nullptr,
- "relative offset from the cursor." },
+ "relative offset from the cursor" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter s_params[] =
{
{ "bytes", Parameter::PT_INT, "1:", nullptr,
- "Number of base64 encoded bytes to decode." },
+ "number of base64 encoded bytes to decode" },
{ "offset", Parameter::PT_INT, "0:", "0",
- "Bytes past start of buffer to start decoding." },
+ "bytes past start of buffer to start decoding" },
{ "relative", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Apply offset to cursor instead of start of buffer." },
+ "apply offset to cursor instead of start of buffer" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter s_params[] =
{
{ "~command", Parameter::PT_STRING, nullptr, nullptr,
- "set|reset|isset|etc." },
+ "set|reset|isset|etc." }, // FIXIT-L replace this legacy flowbits parsing with PT_SELECT
{ "~arg1", Parameter::PT_STRING, nullptr, nullptr,
"bits or group" },
"enable or disable ips rules" },
{ "detection_filter_memcap", Parameter::PT_INT, "0:", "1048576",
- "set available memory for filters" },
+ "set available bytes of memory for detection_filters" },
{ "event_filter_memcap", Parameter::PT_INT, "0:", "1048576",
- "set available memory for filters" },
+ "set available bytes of memory for event_filters" },
{ "order", Parameter::PT_STRING, nullptr, "pass drop alert log",
"change the order of rule action application" },
{ "rate_filter_memcap", Parameter::PT_INT, "0:", "1048576",
- "set available memory for filters" },
+ "set available bytes of memory for rate_filters" },
{ "reference_net", Parameter::PT_STRING, nullptr, nullptr,
"set the CIDR for homenet "
"obfuscate the logged IP addresses (same as -O)" },
{ "obfuscate_pii", Parameter::PT_BOOL, nullptr, "false",
- "Mask all but the last 4 characters of credit card and social security numbers" },
+ "mask all but the last 4 characters of credit card and social security numbers" },
{ "show_year", Parameter::PT_BOOL, nullptr, "false",
"include year in timestamp in the alert and log files (same as -y)" },
"use this value for responses and when normalizing" },
{ "layers", Parameter::PT_INT, "3:255", "40",
- "The maximum number of protocols that Snort can correctly decode" },
+ "the maximum number of protocols that Snort can correctly decode" },
{ "max_ip6_extensions", Parameter::PT_INT, "0:255", "0",
- "The number of IP6 options Snort will process for a given IPv6 layer. "
- "If this limit is hit, rule 116:456 may fire. 0 = unlimited" },
+ "the maximum number of IP6 options Snort will process for a given IPv6 layer "
+ "before raising 116:456 (0 = unlimited)" },
{ "max_ip_layers", Parameter::PT_INT, "0:255", "0",
- "The maximum number of IP layers Snort will process for a given packet "
- "If this limit is hit, rule 116:293 may fire. 0 = unlimited" },
+ "the maximum number of IP layers Snort will process for a given packet "
+ "before raising 116:293 (0 = unlimited)" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
return true;
}
-
-#if 0
-//-------------------------------------------------------------------------
-// xxx module - used as copy/paste template
-//-------------------------------------------------------------------------
-
-static const RuleMap xxx_rules[] =
-{
- { SID, "STR" },
- { 0, 0, nullptr }
-};
-
-static const Parameter xxx_params[] =
-{
- { "name", Parameter::PT_INT, "range", "deflt",
- "help" },
-
- { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
-};
-
-#define xxx_help \
- "configure "
-
-class XXXModule : public Module
-{
-public:
- XXXModule() : Module("xxx", xxx_help, xxx_params) { }
- const RuleMap* get_rules() { return xxx_rules; }
- bool set(const char*, Value&, SnortConfig*) override;
- bool begin(const char*, int, SnortConfig*) override;
- bool end(const char*, int, SnortConfig*) override;
-};
-
-bool XXXModule::set(const char*, Value& v, SnortConfig* sc)
-{
- if ( v.is("name") )
- sc->pkt_cnt = v.get_long();
-
- else
- return false;
-
- return true;
-}
-
-bool XXXModule::begin(const char*, int, SnortConfig*)
-{
- return true;
-}
-
-bool XXXModule::end(const char*, int, SnortConfig*)
-{
- return true;
-}
-
-#endif
-
//-------------------------------------------------------------------------
// module manager stuff - move to framework/module_manager.cc
//-------------------------------------------------------------------------
// FIXIT-M define and implement a flexible solution for maintaining protocol specific stats
const PegInfo appid_pegs[] =
{
- { "packets", "count of packets received by appid inspector" },
- { "processed packets", "count of packets processed by appid inspector" },
- { "ignored packets", "count of packets ignored by appid inspector" },
- { "aim clients", "count of aim clients discovered by appid" },
- { "battlefield flows", "count of battle field flows discovered by appid" },
- { "bgp flows", "count of bgp flows discovered by appid" },
- { "bit clients", "count of bittorrent clients discovered by appid" },
- { "bit flows", "count of bittorrent flows discovered by appid" },
- { "bittracker clients", "count of bittorrent tracker clients discovered by appid" },
- { "bootp flows", "count of bootp flows discovered by appid" },
- { "dcerpc tcp flows", "count of dce rpc flows over tcp discovered by appid" },
- { "dcerpc udp flows", "count of dce rpc flows over udp discovered by appid" },
- { "direct connect flows", "count of direct connect flows discovered by appid" },
- { "dns tcp flows", "count of dns flows over tcp discovered by appid" },
- { "dns udp flows", "count of dns flows over udp discovered by appid" },
- { "ftp flows", "count of ftp flows discovered by appid" },
- { "ftps flows", "count of ftps flows discovered by appid" },
- { "http flows", "count of http flows discovered by appid" },
- { "imap flows", "count of imap service flows discovered by appid" },
- { "imaps flows", "count of imap TLS service flows discovered by appid" },
- { "irc flows", "count of irc service flows discovered by appid" },
- { "kerberos clients", "count of kerberos clients discovered by appid" },
- { "kerberos flows", "count of kerberos service flows discovered by appid" },
- { "kerberos users", "count of kerberos users discovered by appid" },
- { "lpr flows", "count of lpr service flows discovered by appid" },
- { "mdns flows", "count of mdns service flows discovered by appid" },
- { "msn clients", "count of msn clients discovered by appid" },
- { "mysql flows", "count of mysql service flows discovered by appid" },
- { "netbios dgm flows", "count of netbios-dgm service flows discovered by appid" },
- { "netbios ns flows", "count of netbios-ns service flows discovered by appid" },
- { "netbios ssn flows", "count of netbios-ssn service flows discovered by appid" },
- { "nntp flows", "count of nntp flows discovered by appid" },
- { "ntp flows", "count of ntp flows discovered by appid" },
- { "pop flows", "count of pop service flows discovered by appid" },
- { "radius flows", "count of radius flows discovered by appid" },
- { "rexec flows", "count of rexec flows discovered by appid" },
- { "rfb flows", "count of rfb flows discovered by appid" },
- { "rlogin flows", "count of rlogin flows discovered by appid" },
- { "rpc flows", "count of rpc flows discovered by appid" },
- { "rshell flows", "count of rshell flows discovered by appid" },
- { "rsync flows", "count of rsync service flows discovered by appid" },
- { "rtmp flows", "count of rtmp flows discovered by appid" },
- { "rtp clients", "count of rtp clients discovered by appid" },
- { "sip clients", "count of SIP clients discovered by appid" },
- { "sip flows", "count of SIP flows discovered by appid" },
- { "smtp aol clients", "count of AOL smtp clients discovered by appid" },
- { "smtp applemail clients", "count of Apple Mail smtp clients discovered by appid" },
- { "smtp eudora clients", "count of Eudora smtp clients discovered by appid" },
- { "smtp eudora pro clients", "count of Eudora Pro smtp clients discovered by appid" },
- { "smtp evolution clients", "count of Evolution smtp clients discovered by appid" },
- { "smtp kmail clients", "count of KMail smtp clients discovered by appid" },
- { "smtp lotus notes clients", "count of Lotus Notes smtp clients discovered by appid" },
- { "smtp microsoft outlook clients", "count of Microsoft Outlook smtp clients discovered by appid" },
- { "smtp microsoft outlook express clients", "count of Microsoft Outlook Express smtp clients discovered by appid" },
- { "smtp microsoft outlook imo clients", "count of Microsoft Outlook IMO smtp clients discovered by appid" },
- { "smtp mutt clients", "count of Mutt smtp clients discovered by appid" },
- { "smtp thunderbird clients", "count of Thunderbird smtp clients discovered by appid" },
- { "smtp flows", "count of smtp flows discovered by appid" },
- { "smtps flows", "count of smtps flows discovered by appid" },
- { "snmp flows", "count of snmp flows discovered by appid" },
- { "ssh clients", "count of ssh clients discovered by appid" },
- { "ssh flows", "count of ssh flows discovered by appid" },
- { "ssl flows", "count of ssl flows discovered by appid" },
- { "telnet flows", "count of telnet flows discovered by appid" },
- { "tftp flows", "count of tftp flows discovered by appid" },
- { "timbuktu flows", "count of timbuktu flows discovered by appid" },
- { "tns clients", "count of tns clients discovered by appid" },
- { "tns flows", "count of tns flows discovered by appid" },
- { "vnc clients", "count of vnc clients discovered by appid" },
- { "yahoo messenger clients", "count of Yahoo Messenger clients discovered by appid" },
+ { "packets", "count of packets received" },
+ { "processed packets", "count of packets processed" },
+ { "ignored packets", "count of packets ignored" },
+ { "aim clients", "count of aim clients discovered" },
+ { "battlefield flows", "count of battle field flows discovered" },
+ { "bgp flows", "count of bgp flows discovered" },
+ { "bit clients", "count of bittorrent clients discovered" },
+ { "bit flows", "count of bittorrent flows discovered" },
+ { "bittracker clients", "count of bittorrent tracker clients discovered" },
+ { "bootp flows", "count of bootp flows discovered" },
+ { "dcerpc tcp flows", "count of dce rpc flows over tcp discovered" },
+ { "dcerpc udp flows", "count of dce rpc flows over udp discovered" },
+ { "direct connect flows", "count of direct connect flows discovered" },
+ { "dns tcp flows", "count of dns flows over tcp discovered" },
+ { "dns udp flows", "count of dns flows over udp discovered" },
+ { "ftp flows", "count of ftp flows discovered" },
+ { "ftps flows", "count of ftps flows discovered" },
+ { "http flows", "count of http flows discovered" },
+ { "imap flows", "count of imap service flows discovered" },
+ { "imaps flows", "count of imap TLS service flows discovered" },
+ { "irc flows", "count of irc service flows discovered" },
+ { "kerberos clients", "count of kerberos clients discovered" },
+ { "kerberos flows", "count of kerberos service flows discovered" },
+ { "kerberos users", "count of kerberos users discovered" },
+ { "lpr flows", "count of lpr service flows discovered" },
+ { "mdns flows", "count of mdns service flows discovered" },
+ { "msn clients", "count of msn clients discovered" },
+ { "mysql flows", "count of mysql service flows discovered" },
+ { "netbios dgm flows", "count of netbios-dgm service flows discovered" },
+ { "netbios ns flows", "count of netbios-ns service flows discovered" },
+ { "netbios ssn flows", "count of netbios-ssn service flows discovered" },
+ { "nntp flows", "count of nntp flows discovered" },
+ { "ntp flows", "count of ntp flows discovered" },
+ { "pop flows", "count of pop service flows discovered" },
+ { "radius flows", "count of radius flows discovered" },
+ { "rexec flows", "count of rexec flows discovered" },
+ { "rfb flows", "count of rfb flows discovered" },
+ { "rlogin flows", "count of rlogin flows discovered" },
+ { "rpc flows", "count of rpc flows discovered" },
+ { "rshell flows", "count of rshell flows discovered" },
+ { "rsync flows", "count of rsync service flows discovered" },
+ { "rtmp flows", "count of rtmp flows discovered" },
+ { "rtp clients", "count of rtp clients discovered" },
+ { "sip clients", "count of SIP clients discovered" },
+ { "sip flows", "count of SIP flows discovered" },
+ { "smtp aol clients", "count of AOL smtp clients discovered" },
+ { "smtp applemail clients", "count of Apple Mail smtp clients discovered" },
+ { "smtp eudora clients", "count of Eudora smtp clients discovered" },
+ { "smtp eudora pro clients", "count of Eudora Pro smtp clients discovered" },
+ { "smtp evolution clients", "count of Evolution smtp clients discovered" },
+ { "smtp kmail clients", "count of KMail smtp clients discovered" },
+ { "smtp lotus notes clients", "count of Lotus Notes smtp clients discovered" },
+ { "smtp microsoft outlook clients", "count of Microsoft Outlook smtp clients discovered" },
+ { "smtp microsoft outlook express clients",
+ "count of Microsoft Outlook Express smtp clients discovered" },
+ { "smtp microsoft outlook imo clients",
+ "count of Microsoft Outlook IMO smtp clients discovered" },
+ { "smtp mutt clients", "count of Mutt smtp clients discovered" },
+ { "smtp thunderbird clients", "count of Thunderbird smtp clients discovered" },
+ { "smtp flows", "count of smtp flows discovered" },
+ { "smtps flows", "count of smtps flows discovered" },
+ { "snmp flows", "count of snmp flows discovered" },
+ { "ssh clients", "count of ssh clients discovered" },
+ { "ssh flows", "count of ssh flows discovered" },
+ { "ssl flows", "count of ssl flows discovered" },
+ { "telnet flows", "count of telnet flows discovered" },
+ { "tftp flows", "count of tftp flows discovered" },
+ { "timbuktu flows", "count of timbuktu flows discovered" },
+ { "tns clients", "count of tns clients discovered" },
+ { "tns flows", "count of tns flows discovered" },
+ { "vnc clients", "count of vnc clients discovered" },
+ { "yahoo messenger clients", "count of Yahoo Messenger clients discovered" },
{ nullptr, nullptr }
};
static const Parameter session_log_filter[] =
{
- {"src_ip", Parameter::PT_ADDR, nullptr, "0.0.0.0/32",
- "source ip address in CIDR format" },
- { "dst_ip", Parameter::PT_ADDR, nullptr, "0.0.0.0/32",
- "destination ip address in CIDR format" },
+ { "src_ip", Parameter::PT_ADDR, nullptr, "0.0.0.0/32",
+ "source ip address in CIDR format" },
+ { "dst_ip", Parameter::PT_ADDR, nullptr, "0.0.0.0/32",
+ "destination ip address in CIDR format" },
{ "src_port", Parameter::PT_PORT, "1:", nullptr, "source port" },
{ "dst_port", Parameter::PT_PORT, "1:", nullptr, "destination port" },
{ "protocol", Parameter::PT_STRING, nullptr, nullptr,"ip protocol"},
{ "log_all_sessions", Parameter::PT_BOOL, nullptr, "false",
- "enable logging for all appid sessions" },
+ "enable logging for all appid sessions" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter s_params[] =
{
{ "conf", Parameter::PT_STRING, nullptr, nullptr,
- "RNA configuration file" },
- { "memcap", Parameter::PT_INT, "1048576:3221225472", "268435456",
- "time period for collecting and logging AppId statistics" },
+ "RNA configuration file" }, // FIXIT-L eliminate reference to "RNA"
+ { "memcap", Parameter::PT_INT, "0:", "0",
+ "disregard - not implemented" }, // FIXIT-M implement or delete appid.memcap
{ "log_stats", Parameter::PT_BOOL, nullptr, "false",
- "enable logging of AppId statistics" },
+ "enable logging of appid statistics" },
{ "app_stats_period", Parameter::PT_INT, "0:", "300",
- "time period for collecting and logging AppId statistics" },
+ "time period for collecting and logging appid statistics" },
{ "app_stats_rollover_size", Parameter::PT_INT, "0:", "20971520",
- "max file size for AppId stats before rolling over the log file" },
+ "max file size for appid stats before rolling over the log file" },
{ "app_stats_rollover_time", Parameter::PT_INT, "0:", "86400",
- "max time period for collection AppId stats before rolling over the log file" },
+ "max time period for collection appid stats before rolling over the log file" },
{ "app_detector_dir", Parameter::PT_STRING, nullptr, nullptr,
- "directory to load AppId detectors from" },
+ "directory to load appid detectors from" },
{ "instance_id", Parameter::PT_INT, "0:", "0",
"instance id - need more details for what this is" },
{ "debug", Parameter::PT_BOOL, nullptr, "false",
- "enable AppId debug logging" },
+ "enable appid debug logging" },
{ "dump_ports", Parameter::PT_BOOL, nullptr, "false",
- "enable dump of AppId port information" },
+ "enable dump of appid port information" },
{ "thirdparty_appid_dir", Parameter::PT_STRING, nullptr, nullptr,
- "directory to load thirdparty AppId detectors from" },
+ "directory to load thirdparty appid detectors from" },
{ "session_log_filter", Parameter::PT_TABLE, session_log_filter, nullptr,
"session log filter options" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
{
if ( (config == nullptr) || (config->app_detector_dir == nullptr) )
{
- ParseWarning(WARN_CONF,"no app_detector_dir present. No support for AppId in rules.\n");
+ ParseWarning(WARN_CONF,"no app_detector_dir present. No support for appid in rules.\n");
}
return true;
"report interval" },
{ "flow_ip_memcap", Parameter::PT_INT, "8200:", "52428800",
- "maximum memory for flow tracking" },
+ "maximum memory in bytes for flow tracking" },
{ "max_file_size", Parameter::PT_INT, "4096:", "1073741824",
"files will be rolled over if they exceed this size" },
"maximum ports to track" },
{ "output", Parameter::PT_ENUM, "file | console", "file",
- "Output location for stats" },
+ "output location for stats" },
{ "modules", Parameter::PT_LIST, module_params, nullptr,
"gather statistics from the specified modules" },
{ "format", Parameter::PT_ENUM, "csv | text", "csv",
- "Output format for stats" },
+ "output format for stats" },
{ "summary", Parameter::PT_BOOL, nullptr, "false",
- "Output summary at shutdown" },
+ "output summary at shutdown" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter psg_params[] =
{
{ "memcap", Parameter::PT_INT, "1:", "1048576",
- "maximum tracker memory" },
+ "maximum tracker memory in bytes" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
"blacklist file name with ip lists" },
{ "memcap", Parameter::PT_INT, "1:4095", "500",
- "maximum total memory allocated" },
+ "maximum total MB of memory allocated" },
{ "nested_ip", Parameter::PT_ENUM, "inner|outer|all", "inner",
"ip to use when there is IP encapsulation" },
static const Parameter http_uri_params[] =
{
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body" },
+ "parts of this rule examine HTTP message body" },
{ "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message trailers" },
+ "parts of this rule examine HTTP message trailers" },
{ "scheme", Parameter::PT_IMPLIED, nullptr, nullptr,
"match against scheme section of URI only" },
{ "host", Parameter::PT_IMPLIED, nullptr, nullptr,
static const Parameter http_method_params[] =
{
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body" },
+ "parts of this rule examine HTTP message body" },
{ "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message trailers" },
+ "parts of this rule examine HTTP message trailers" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter http_cookie_params[] =
{
{ "request", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Match against the cookie from the request message even when examining the response" },
+ "match against the cookie from the request message even when examining the response" },
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body" },
+ "parts of this rule examine HTTP message body" },
{ "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message trailers" },
+ "parts of this rule examine HTTP message trailers" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter http_stat_code_params[] =
{
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body" },
+ "parts of this rule examine HTTP message body" },
{ "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message trailers" },
+ "parts of this rule examine HTTP message trailers" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter http_stat_msg_params[] =
{
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body" },
+ "parts of this rule examine HTTP message body" },
{ "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message trailers" },
+ "parts of this rule examine HTTP message trailers" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter http_raw_uri_params[] =
{
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body" },
+ "parts of this rule examine HTTP message body" },
{ "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message trailers" },
+ "parts of this rule examine HTTP message trailers" },
{ "scheme", Parameter::PT_IMPLIED, nullptr, nullptr,
"match against scheme section of URI only" },
{ "host", Parameter::PT_IMPLIED, nullptr, nullptr,
static const Parameter http_raw_header_params[] =
{
{ "request", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Match against the headers from the request message even when examining the response" },
+ "match against the headers from the request message even when examining the response" },
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body" },
+ "parts of this rule examine HTTP message body" },
{ "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message trailers" },
+ "parts of this rule examine HTTP message trailers" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter http_raw_cookie_params[] =
{
{ "request", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Match against the cookie from the request message even when examining the response" },
+ "match against the cookie from the request message even when examining the response" },
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body" },
+ "parts of this rule examine HTTP message body" },
{ "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message trailers" },
+ "parts of this rule examine HTTP message trailers" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter http_version_params[] =
{
{ "request", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Match against the version from the request message even when examining the response" },
+ "match against the version from the request message even when examining the response" },
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body" },
+ "parts of this rule examine HTTP message body" },
{ "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message trailers" },
+ "parts of this rule examine HTTP message trailers" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter http_header_params[] =
{
{ "field", Parameter::PT_STRING, nullptr, nullptr,
- "Restrict to given header. Header name is case insensitive." },
+ "restrict to given header. Header name is case insensitive." },
{ "request", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Match against the headers from the request message even when examining the response" },
+ "match against the headers from the request message even when examining the response" },
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body" },
+ "parts of this rule examine HTTP message body" },
{ "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message trailers" },
+ "parts of this rule examine HTTP message trailers" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
{
{ "field", Parameter::PT_STRING, nullptr, nullptr, "restrict to given trailer" },
{ "request", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Match against the trailers from the request message even when examining the response" },
+ "match against the trailers from the request message even when examining the response" },
{ "with_header", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP response message headers (must be combined with request)"
+ "parts of this rule examine HTTP response message headers (must be combined with request)"
},
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body (must be combined with request)" },
+ "parts of this rule examine HTTP message body (must be combined with request)" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter http_raw_trailer_params[] =
{
{ "request", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Match against the trailers from the request message even when examining the response" },
+ "match against the trailers from the request message even when examining the response" },
{ "with_header", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP response message headers (must be combined with request)"
+ "parts of this rule examine HTTP response message headers (must be combined with request)"
},
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP response message body (must be combined with request)" },
+ "parts of this rule examine HTTP response message body (must be combined with request)" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter http_raw_request_params[] =
{
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body" },
+ "parts of this rule examine HTTP message body" },
{ "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message trailers" },
+ "parts of this rule examine HTTP message trailers" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
static const Parameter http_raw_status_params[] =
{
{ "with_body", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message body" },
+ "parts of this rule examine HTTP message body" },
{ "with_trailer", Parameter::PT_IMPLIED, nullptr, nullptr,
- "Parts of this rule examine HTTP message trailers" },
+ "parts of this rule examine HTTP message trailers" },
{ nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
};
projects / thirdparty / snort3.git / commitdiff
