Hi all,

On Tue, 20 May 2003, Martin Josefsson wrote:

quoted

Maybe make it take a length parameter and if it's zero treat null's like
all other algorithms do and it's non-zero use the length instead.
Then you can hide it in a wrapper function for the "normal" case that
just calls the actual search-function but with 0 as length.

Actually, the library that you pointed to seems to have callbacks
associated with every match - so it could be used on string matches.
The author is on the cc.

There is only one callback, but it will be called with a per-pattern
cb_data pointer (and a per-search cb_data pointer too).

quoted

Well we don't have a that big bread slicer (yet) but take a look at
libqsearch, it is a library for searching and has been ported to the
linux kernel by the author. It has support for various algorithms that

Didnt see anything kernel related in my quick scan.
The library certainly appears sane.

Be sure you took the latest version :
cvs -d:pserver:anonymous@cvs.prelude-ids.org:/cvsroot/prelude co libqsearch

I confirm I ported it to kernel space. To be exact, I ported the API and
made a script that generate wrappers for algorithms, that are compiled
as-is for kernel space.

More infos here:
http://www.cartel-securite.fr/pbiondi/libqsearch.html

Lot more info here (presentation I made at FOSDEM03) :
http://www.cartel-securite.fr/pbiondi/conf/libqsearch.pdf

quoted

have diffrent capabilities, unfortunately I don't think it has an
algorithm that has support for regexp yet (the framework is there, ie
the flag that says an algorithm supports regexp).
It's modular and I don't think it should be that hard to add an regexp
algorithm.

it does seems to imply regexp is available but wasnt anywhere i could
find.

regexp support was planned but not done yet. (if someone know where I can
download more free time !).

The implementation should not be that hard, once you have the compiler to
transform the string describing the regexp to an automaton.

Note that to respect the framework, you have to deal with multiple
patterns (should not be that hard). If you have pat1 and pat2, searching
for (pat1|pat2) is not sufficient because for each match, you have to
point which pattern matched.

quoted

It looks quite nice and it can search for multiple strings at the same
time and call diffrent callbacks depending on which string matched.

yep, can sed that packet easily with those callbacks ;-> s/val/val2/g

Nothing is done to change the content, but you have the position of the
match in the buffer. You can modify it yourself.




-- 
Philippe Biondi <biondi@ cartel-securite.fr> Cartel Sécurité
Security Consultant/R&D                      http://www.cartel-securite.fr
Phone: +33 1 44 06 97 94                     Fax: +33 1 44 06 97 99
PGP KeyID:3D9A43E2  FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2