Named tag can be specified for each data flow. It is specified in the following way:
.mark <parameter>=<value>;
here: <value> --- tag name (in quotes "")
<parameter> can take the values provided in the table below.
Pattern matching in most cases is bases on working with data packets. Tags are used when an attack pattern exists in a number of packets. The signature triggered for the previous packet can add a tag; tags are checked when sending packets within one session.
|
Name |
Description |
|---|---|
|
set |
Set the named tag for the current data flow. |
|
pset |
Set and remember the last added tag, so that it could be used with .distance and .within search area modifiers. |
|
clear |
Remove the named tag. |
|
toggle |
Change the status of the tag. |
|
test |
Check if the tag exists. |
|
reset |
Reset all tags. |