Hello,
I find that snort2bro doesn’t support “pcre” option in snort rules. Could anyone tell me the reason? I guess the complexity of dealing with non-regular-expression features such as backreference in PCRE could be one of the reasons. But I want to get a confirmed answer. Thanks!
Mengjun Xie
Yes, right, or more generally it's the problem of translating
between the regexp syntax of system A and the syntax of system B.
Actually some time ago I started to write a tool which would convert
between a set of different regexp dialects (as far as possible) but
that never reached a mature state.
Robin