wyj/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2024-09-17 20:58:20 -04:00
Code Issues Packages Projects Releases Wiki Activity

vim-patch:d7464be

Browse Source 
Updated runtime files.

d7464be974

Applied cleanly except for runtime/docs/todo.txt and runtime/docs/tags.
This commit is contained in:
KillTheMule 2016-05-03 20:58:32 +02:00
parent 3c45e3b42a
commit c535cc7dde
4 changed files with 304 additions and 338 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
runtime/doc/pi_netrw.txt
View File

@ -1,4 +1,4 @@
*pi_netrw.txt* For Vim version 7.4. Last change: 2015 Oct 30
*pi_netrw.txt* For Vim version 7.4. Last change: 2015 Oct 31
------------------------------------------------
NETRW REFERENCE MANUAL by Charles E. Campbell
@ -3436,7 +3436,7 @@ Example: Clear netrw's marked file list via a mapping on gu >
You probably want netrw running as in a side window. If so, you
will likely find that ":[N]Lexplore" does what you want. The
optional "[N]" allows you to select the quantity of columns you
wish the Lexplorer window to start with (see |g:netrw_winsize|
wish the |:Lexplore|r window to start with (see |g:netrw_winsize|
for how this parameter works).
Previous solution:

39
runtime/ftplugin/hog.vim Normal file
View File

@ -0,0 +1,39 @@
" Vim filetype plugin
" Language: hog (snort.conf)
" Maintainer: . Victor Roemer, <vroemer@badsec.org>.
" Last Change: Mar 1, 2013
if exists("b:did_ftplugin")
finish
endif
let b:did_ftplugin = 1
let s:undo_ftplugin = "setl fo< com< cms< def< inc<"
let s:cpo_save = &cpo
set cpo&vim
setlocal formatoptions=croq
setlocal comments=:#
setlocal commentstring=\c#\ %s
setlocal define=\c^\s\{-}var
setlocal include=\c^\s\{-}include
" Move around configurations
let s:hog_keyword_match = '\c^\s*\<\(preprocessor\\|config\\|output\\|include\\|ipvar\\|portvar\\|var\\|dynamicpreprocessor\\|' .
\ 'dynamicengine\\|dynamicdetection\\|activate\\|alert\\|drop\\|block\\|dynamic\\|log\\|pass\\|reject\\|sdrop\\|sblock\)\>'
exec "nnoremap <buffer><silent> ]] :call search('" . s:hog_keyword_match . "', 'W' )<CR>"
exec "nnoremap <buffer><silent> [[ :call search('" . s:hog_keyword_match . "', 'bW' )<CR>"
if exists("loaded_matchit")
let b:match_words =
\ '^\s*\<\%(preprocessor\|config\|output\|include\|ipvar\|portvar' .
\ '\|var\|dynamicpreprocessor\|dynamicengine\|dynamicdetection' .
\ '\|activate\|alert\|drop\|block\|dynamic\|log\|pass\|reject' .
\ '\|sdrop\|sblock\>\):$,\::\,:;'
let b:match_skip = 'r:\\.\{-}$\|^\s*#.\{-}$\|^\s*$'
endif
let &cpo = s:cpo_save
unlet s:cpo_save

77
runtime/indent/hog.vim Normal file
View File

@ -0,0 +1,77 @@
" Vim indent file
" Language: hog (Snort.conf)
" Maintainer: Victor Roemer, <vroemer@badsec.org>
" Last Change: Mar 7, 2013
" Only load this indent file when no other was loaded.
if exists("b:did_indent")
finish
endif
let b:did_indent = 1
let b:undo_indent = 'setlocal smartindent< indentexpr< indentkeys<'
setlocal nosmartindent
setlocal indentexpr=GetHogIndent()
setlocal indentkeys+=!^F,o,O,0#
" Only define the function once.
if exists("*GetHogIndent")
finish
endif
let s:cpo_save = &cpo
set cpo&vim
let s:syn_blocks = '\<SnortRuleTypeBody\>'
function s:IsInBlock(lnum)
return synIDattr(synID(a:lnum, 1, 1), 'name') =~ s:syn_blocks
endfunction
function GetHogIndent()
let prevlnum = prevnonblank(v:lnum-1)
" Comment blocks have identical indent
if getline(v:lnum) =~ '^\s*#' && getline(prevlnum) =~ '^\s*#'
return indent(prevlnum)
endif
" Ignore comment lines when calculating indent
while getline(prevlnum) =~ '^\s*#'
let prevlnum = prevnonblank(prevlnum-1)
if !prevlnum
return previndent
endif
endwhile
" Continuation of a line that wasn't indented
let prevline = getline(prevlnum)
if prevline =~ '^\k\+.*\\\s*$'
return &sw
endif
" Continuation of a line that was indented
if prevline =~ '\k\+.*\\\s*$'
return indent(prevlnum)
endif
" Indent the next line if previous line contained a start of a block
" definition ('{' or '(').
if prevline =~ '^\k\+[^#]*{}\@!\s*$' " TODO || prevline =~ '^\k\+[^#]*()\@!\s*$'
return &sw
endif
" Match inside of a block
if s:IsInBlock(v:lnum)
if prevline =~ "^\k\+.*$"
return &sw
else
return indent(prevlnum)
endif
endif
return 0
endfunction
let &cpo = s:cpo_save
unlet s:cpo_save

522
runtime/syntax/hog.vim
View File

@ -1,350 +1,200 @@
" Snort syntax file
" Language: Snort Configuration File (see: http://www.snort.org)
" Maintainer: Phil Wood, cornett@arpa.net
" Last Change: $Date: 2004/06/13 17:41:17 $
" Filenames: *.hog *.rules snort.conf vision.conf
" URL: http://home.lanl.gov/cpw/vim/syntax/hog.vim
" Snort Version: 1.8 By Martin Roesch (roesch@clark.net, www.snort.org)
" TODO include all 1.8 syntax
" Vim syntax file
" Language: hog (Snort.conf + .rules)
" Maintainer: Victor Roemer, <vroemer@badsec.org>.
" Last Change: 2015 Oct 24 -> Rename syntax items from Snort -> Hog
" 2012 Oct 24 -> Originalish release
" For version 5.x: Clear all syntax items
if version < 600
syntax clear
syntax clear
elseif exists("b:current_syntax")
" For version 6.x: Quit when a syntax file was already loaded
finish
finish
endif
syn match hogComment +\s\#[^\-:.%#=*].*$+lc=1 contains=hogTodo,hogCommentString
syn region hogCommentString contained oneline start='\S\s\+\#+'ms=s+1 end='\#'
setlocal iskeyword-=:
setlocal iskeyword+=-
syn case ignore
syn match hogJunk "\<\a\+|\s\+$"
syn match hogNumber contained "\<\d\+\>"
syn region hogText contained oneline start='\S' end=',' skipwhite
syn region hogTexts contained oneline start='\S' end=';' skipwhite
" Hog ruletype crap
syn keyword HogRuleType ruletype nextgroup=HogRuleTypeName skipwhite
syn match HogRuleTypeName "[[:alnum:]_]\+" contained nextgroup=HogRuleTypeBody skipwhite
syn region HogRuleTypeBody start="{" end="}" contained contains=HogRuleTypeType,HogOutput fold
syn keyword HogRuleTypeType type contained
" Environment Variables
" =====================
"syn match hogEnvvar contained "[\!]\=\$\I\i*"
"syn match hogEnvvar contained "[\!]\=\${\I\i*}"
syn match hogEnvvar contained "\$\I\i*"
syn match hogEnvvar contained "[\!]\=\${\I\i*}"
" Hog Configurables
syn keyword HogPreproc preprocessor nextgroup=HogConfigName skipwhite
syn keyword HogConfig config nextgroup=HogConfigName skipwhite
syn keyword HogOutput output nextgroup=HogConfigName skipwhite
syn match HogConfigName "[[:alnum:]_-]\+" contained nextgroup=HogConfigOpts skipwhite
syn region HogConfigOpts start=":" skip="\\.\{-}$\|^\s*#.\{-}$\|^\s*$" end="$" fold keepend contained contains=HogSpecial,HogNumber,HogIPAddr,HogVar,HogComment
" Event filter's and threshold's
syn region HogEvFilter start="event_filter\|threshold" skip="\\.\{-}$\|^\s*#.\{-}$\|^\s*$" end="$" fold transparent keepend contains=HogEvFilterKeyword,HogEvFilterOptions,HogComment
syn keyword HogEvFilterKeyword skipwhite event_filter threshold
syn keyword HogEvFilterOptions skipwhite type nextgroup=HogEvFilterTypes
syn keyword HogEvFilterTypes skipwhite limit threshold both contained
syn keyword HogEvFilterOptions skipwhite track nextgroup=HogEvFilterTrack
syn keyword HogEvFilterTrack skipwhite by_src by_dst contained
syn keyword HogEvFilterOptions skipwhite gen_id sig_id count seconds nextgroup=HogNumber
" Suppressions
syn region HogEvFilter start="suppress" skip="\\.\{-}$\|^\s*#.\{-}$\|^\s*$" end="$" fold transparent keepend contains=HogSuppressKeyword,HogComment
syn keyword HogSuppressKeyword skipwhite suppress
syn keyword HogSuppressOptions skipwhite gen_id sig_id nextgroup=HogNumber
syn keyword HogSuppressOptions skipwhite track nextgroup=HogEvFilterTrack
syn keyword HogSuppressOptions skipwhite ip nextgroup=HogIPAddr
" Attribute table
syn keyword HogAttribute attribute_table nextgroup=HogAttributeFile
syn match HogAttributeFile contained ".*$" contains=HogVar,HogAttributeType,HogComment
syn keyword HogAttributeType filename
" Hog includes
syn keyword HogInclude include nextgroup=HogIncludeFile skipwhite
syn match HogIncludeFile ".*$" contained contains=HogVar,HogComment
" Hog dynamic libraries
syn keyword HogDylib dynamicpreprocessor dynamicengine dynamicdetection nextgroup=HogDylibFile skipwhite
syn match HogDylibFile "\s.*$" contained contains=HogVar,HogDylibType,HogComment
syn keyword HogDylibType directory file contained
" Variable dereferenced with '$'
syn match HogVar "\$[[:alnum:]_]\+"
", Variables declared with 'var'
syn keyword HogVarType var nextgroup=HogVarSet skipwhite
syn match HogVarSet "[[:alnum:]_]\+" display contained nextgroup=HogVarValue skipwhite
syn match HogVarValue ".*$" contained contains=HogString,HogNumber,HogVar,HogComment
" Variables declared with 'ipvar'
syn keyword HogIPVarType ipvar nextgroup=HogIPVarSet skipwhite
syn match HogIPVarSet "[[:alnum:]_]\+" display contained nextgroup=HogIPVarList,HogSpecial skipwhite
syn region HogIPVarList start="\[" end="]" contains=HogIPVarList,HogIPAddr,HogVar,HogOpNot
" Variables declared with 'portvar'
syn keyword HogPortVarType portvar nextgroup=HogPortVarSet skipwhite
syn match HogPortVarSet "[[:alnum:]_]\+" display contained nextgroup=HogPortVarList,HogPort,HogOpRange,HogOpNot,HogSpecial skipwhite
syn region HogPortVarList start="\[" end="]" contains=HogPortVarList,HogVar,HogOpNot,HogPort,HogOpRange,HogOpNot
syn match HogPort "\<\%(\d\+\|any\)\>" display contains=HogOpRange nextgroup=HogOpRange
" Generic stuff
syn match HogIPAddr contained "\<\%(\d\{1,3}\(\.\d\{1,3}\)\{3}\|any\)\>" nextgroup=HogIPCidr
syn match HogIPAddr contained "\<\d\{1,3}\(\.\d\{1,3}\)\{3}\>" nextgroup=HogIPCidr
syn match HogIPCidr contained "\/\([0-2][0-9]\=\|3[0-2]\=\)"
syn region HogHexEsc contained start='|' end='|' oneline
syn region HogString contained start='"' end='"' extend oneline contains=HogHexEsc
syn match HogNumber contained display "\<\d\+\>"
syn match HogNumber contained display "\<\d\+\>"
syn match HogNumber contained display "0x\x\+\>"
syn keyword HogSpecial contained true false yes no default all any
syn keyword HogSpecialAny contained any
syn match HogOpNot "!" contained
syn match HogOpRange ":" contained
" Rules
syn keyword HogRuleAction activate alert drop block dynamic log pass reject sdrop sblock skipwhite nextgroup=HogRuleProto,HogRuleBlock
syn keyword HogRuleProto ip tcp udp icmp skipwhite contained nextgroup=HogRuleSrcIP
syn match HogRuleSrcIP "\S\+" transparent skipwhite contained contains=HogIPVarList,HogIPAddr,HogVar,HogOpNot nextgroup=HogRuleSrcPort
syn match HogRuleSrcPort "\S\+" transparent skipwhite contained contains=HogPortVarList,HogVar,HogPort,HogOpRange,HogOpNot nextgroup=HogRuleDir
syn match HogRuleDir "->\|<>" skipwhite contained nextgroup=HogRuleDstIP
syn match HogRuleDstIP "\S\+" transparent skipwhite contained contains=HogIPVarList,HogIPAddr,HogVar,HogOpNot nextgroup=HogRuleDstPort
syn match HogRuleDstPort "\S\+" transparent skipwhite contained contains=HogPortVarList,HogVar,HogPort,HogOpRange,HogOpNot nextgroup=HogRuleBlock
syn region HogRuleBlock start="(" end=")" transparent skipwhite contained contains=HogRuleOption,HogComment fold
",HogString,HogComment,HogVar,HogOptNot
"syn region HogRuleOption start="\<gid\|sid\|rev\|depth\|offset\|distance\|within\>" end="\ze;" skipwhite contained contains=HogNumber
syn keyword HogRuleOption skipwhite contained nextgroup=HogRuleSROP msg gid sid rev classtype priority metadata content nocase rawbytes
syn keyword HogRuleOption skipwhite contained nextgroup=HogRuleSROP depth offset distance within http_client_body http_cookie http_raw_cookie http_header
syn keyword HogRuleOption skipwhite contained nextgroup=HogRuleSROP http_raw_header http_method http_uri http_raw_uri http_stat_code http_stat_msg
syn keyword HogRuleOption skipwhite contained nextgroup=HogRuleSROP fast_pattern uricontent urilen isdataat pcre pkt_data file_data base64_decode base64_data
syn keyword HogRuleOption skipwhite contained nextgroup=HogRuleSROP byte_test byte_jump byte_extract ftpbounce asn1 cvs dce_iface dce_opnum dce_stub_data
syn keyword HogRuleOption skipwhite contained nextgroup=HogRuleSROP sip_method sip_stat_code sip_header sip_body gtp_type gtp_info gtp_version ssl_version
syn keyword HogRuleOption skipwhite contained nextgroup=HogRuleSROP ssl_state fragoffset ttl tos id ipopts fragbits dsize flags flow flowbits seq ack window
syn keyword HogRuleOption skipwhite contained nextgroup=HogRuleSROP itype icode icmp_id icmp_seq rpc ip_proto sameip stream_reassemble stream_size
syn keyword HogRuleOption skipwhite contained nextgroup=HogRuleSROP logto session resp react tag activates activated_by count replace detection_filter
syn keyword HogRuleOption skipwhite contained nextgroup=HogRuleSROP threshold reference sd_pattern file_type file_group
syn region HogRuleSROP start=':' end=";" transparent keepend contained contains=HogRuleChars,HogString,HogNumber
syn match HogRuleChars "\%(\k\|\.\|?\|=\|/\|%\|&\)\+" contained
syn match HogURLChars "\%(\.\|?\|=\)\+" contained
" Hog File Type Rules
syn match HogFileType /^\s*file.*$/ transparent contains=HogFileTypeOpt,HogFileFROP
syn keyword HogFileTypeOpt skipwhite contained nextgroup=HogRuleFROP file type ver category id rev content offset msg group
syn region HogFileFROP start=':' end=";" transparent keepend contained contains=NotASemicoln
syn match NotASemiColn ".*$" contained
" String handling lifted from vim.vim written by Dr. Charles E. Campbell, Jr.
" Try to catch strings, if nothing else matches (therefore it must precede the others!)
" vmEscapeBrace handles ["] []"] (ie. stays as string)
syn region hogEscapeBrace oneline contained transparent start="[^\\]\(\\\\\)*\[\^\=\]\=" skip="\\\\\|\\\]" end="\]"me=e-1
syn match hogPatSep contained "\\[|()]"
syn match hogNotPatSep contained "\\\\"
syn region hogString oneline start=+[^:a-zA-Z\->!\\]"+hs=e+1 skip=+\\\\\|\\"+ end=+"\s*;+he=s-1 contains=hogEscapeBrace,hogPatSep,hogNotPatSep oneline
""syn region hogString oneline start=+[^:a-zA-Z>!\\]'+lc=1 skip=+\\\\\|\\'+ end=+'+ contains=hogEscapeBrace,vimPatSep,hogNotPatSep
"syn region hogString oneline start=+=!+lc=1 skip=+\\\\\|\\!+ end=+!+ contains=hogEscapeBrace,hogPatSep,hogNotPatSep
"syn region hogString oneline start="=+"lc=1 skip="\\\\\|\\+" end="+" contains=hogEscapeBrace,hogPatSep,hogNotPatSep
"syn region hogString oneline start="[^\\]+\s*[^a-zA-Z0-9.]"lc=1 skip="\\\\\|\\+" end="+" contains=hogEscapeBrace,hogPatSep,hogNotPatSep
"syn region hogString oneline start="\s/\s*\A"lc=1 skip="\\\\\|\\+" end="/" contains=hogEscapeBrace,hogPatSep,hogNotPatSep
"syn match hogString contained +"[^"]*\\$+ skipnl nextgroup=hogStringCont
"syn match hogStringCont contained +\(\\\\\|.\)\{-}[^\\]"+
" Comments
syn keyword HogTodo XXX TODO NOTE contained
syn match HogTodo "Step\s\+#\=\d\+" contained
syn region HogComment start="#" end="$" contains=HogTodo,@Spell
syn case match
" Beginners - Patterns that involve ^
"
syn match hogLineComment +^[ \t]*#.*$+ contains=hogTodo,hogCommentString,hogCommentTitle
syn match hogCommentTitle '#\s*\u\a*\(\s\+\u\a*\)*:'ms=s+1 contained
syn keyword hogTodo contained TODO
" Rule keywords
syn match hogARPCOpt contained "\d\+,\*,\*"
syn match hogARPCOpt contained "\d\+,\d\+,\*"
syn match hogARPCOpt contained "\d\+,\*,\d\+"
syn match hogARPCOpt contained "\d\+,\d\+,\d"
syn match hogATAGOpt contained "session"
syn match hogATAGOpt contained "host"
syn match hogATAGOpt contained "dst"
syn match hogATAGOpt contained "src"
syn match hogATAGOpt contained "seconds"
syn match hogATAGOpt contained "packets"
syn match hogATAGOpt contained "bytes"
syn keyword hogARespOpt contained rst_snd rst_rcv rst_all skipwhite
syn keyword hogARespOpt contained icmp_net icmp_host icmp_port icmp_all skipwhite
syn keyword hogAReactOpt contained block warn msg skipwhite
syn match hogAReactOpt contained "proxy\d\+" skipwhite
syn keyword hogAFOpt contained logto content_list skipwhite
syn keyword hogAIPOptVal contained eol nop ts sec lsrr lsrre satid ssrr rr skipwhite
syn keyword hogARefGrps contained arachnids skipwhite
syn keyword hogARefGrps contained bugtraq skipwhite
syn keyword hogARefGrps contained cve skipwhite
syn keyword hogSessionVal contained printable all skipwhite
syn match hogAFlagOpt contained "[0FSRPAUfsrpau21]\+" skipwhite
syn match hogAFragOpt contained "[DRMdrm]\+" skipwhite
"
" Output syslog options
" Facilities
syn keyword hogSysFac contained LOG_AUTH LOG_AUTHPRIV LOG_DAEMON LOG_LOCAL0
syn keyword hogSysFac contained LOG_LOCAL1 LOG_LOCAL2 LOG_LOCAL3 LOG_LOCAL4
syn keyword hogSysFac contained LOG_LOCAL5 LOG_LOCAL6 LOG_LOCAL7 LOG_USER
" Priorities
syn keyword hogSysPri contained LOG_EMERG ALERT LOG_CRIT LOG_ERR
syn keyword hogSysPri contained LOG_WARNING LOG_NOTICE LOG_INFO LOG_DEBUG
" Options
syn keyword hogSysOpt contained LOG_CONS LOG_NDELAY LOG_PERROR
syn keyword hogSysOpt contained LOG_PID
" RuleTypes
syn keyword hogRuleType contained log pass alert activate dynamic
" Output log_database arguments and parameters
" Type of database followed by ,
" syn keyword hogDBSQL contained mysql postgresql unixodbc
" Parameters param=constant
" are just various constants assigned to parameter names
" Output log_database arguments and parameters
" Type of database followed by ,
syn keyword hogDBType contained alert log
syn keyword hogDBSRV contained mysql postgresql unixodbc
" Parameters param=constant
" are just various constants assigned to parameter names
syn keyword hogDBParam contained dbname host port user password sensor_name
" Output xml arguments and parameters
" xml args
syn keyword hogXMLArg contained log alert
syn keyword hogXMLParam contained file protocol host port cert key ca server sanitize encoding detail
"
" hog rule handler '(.*)'
syn region hogAOpt contained oneline start="rpc" end=":"me=e-1 nextgroup=hogARPCOptGrp skipwhite
syn region hogARPCOptGrp contained oneline start="."hs=s+1 end=";"me=e-1 contains=hogARPCOpt skipwhite
syn region hogAOpt contained oneline start="tag" end=":"me=e-1 nextgroup=hogATAGOptGrp skipwhite
syn region hogATAGOptGrp contained oneline start="."hs=s+1 skip="," end=";"me=e-1 contains=hogATAGOpt,hogNumber skipwhite
"
syn region hogAOpt contained oneline start="nocase\|sameip" end=";"me=e-1 skipwhite oneline keepend
"
syn region hogAOpt contained start="resp" end=":"me=e-1 nextgroup=hogARespOpts skipwhite
syn region hogARespOpts contained oneline start="." end="[,;]" contains=hogARespOpt skipwhite nextgroup=hogARespOpts
"
syn region hogAOpt contained start="react" end=":"me=e-1 nextgroup=hogAReactOpts skipwhite
syn region hogAReactOpts contained oneline start="." end="[,;]" contains=hogAReactOpt skipwhite nextgroup=hogAReactOpts
syn region hogAOpt contained oneline start="depth\|seq\|ttl\|ack\|icmp_seq\|activates\|activated_by\|dsize\|icode\|icmp_id\|count\|itype\|tos\|id\|offset" end=":"me=e-1 nextgroup=hogANOptGrp skipwhite
syn region hogANOptGrp contained oneline start="."hs=s+1 end=";"me=e-1 contains=hogNumber skipwhite oneline keepend
syn region hogAOpt contained oneline start="classtype" end=":"me=e-1 nextgroup=hogAFileGrp skipwhite
syn region hogAOpt contained oneline start="regex\|msg\|content" end=":"me=e-1 nextgroup=hogAStrGrp skipwhite
"syn region hogAStrGrp contained oneline start=+:\s*"+hs=s+1 skip="\\;" end=+"\s*;+he=s-1 contains=hogString skipwhite oneline keepend
syn region hogAStrGrp contained oneline start=+:\s*"\|:"+hs=s+1 skip="\\;" end=+"\s*;+he=s-1 contains=hogString skipwhite oneline keepend
syn region hogAOpt contained oneline start="logto\|content-list" end=":"me=e-1 nextgroup=hogAFileGrp skipwhite
syn region hogAFileGrp contained oneline start="."hs=s+1 end=";"me=e-1 contains=hogFileName skipwhite
syn region hogAOpt contained oneline start="reference" end=":"me=e-1 nextgroup=hogARefGrp skipwhite
syn region hogARefGrp contained oneline start="."hs=s+1 end=","me=e-1 contains=hogARefGrps nextgroup=hogARefName skipwhite
syn region hogARefName contained oneline start="."hs=s+1 end=";"me=e-1 contains=hogString,hogFileName,hogNumber skipwhite
syn region hogAOpt contained oneline start="flags" end=":"he=s-1 nextgroup=hogAFlagOpt skipwhite oneline keepend
syn region hogAOpt contained oneline start="fragbits" end=":"he=s-1 nextgroup=hogAFlagOpt skipwhite oneline keepend
syn region hogAOpt contained oneline start="ipopts" end=":"he=s-1 nextgroup=hogAIPOptVal skipwhite oneline keepend
"syn region hogAOpt contained oneline start="." end=":"he=s-1 contains=hogAFOpt nextgroup=hogFileName skipwhite
syn region hogAOpt contained oneline start="session" end=":"he=s-1 nextgroup=hogSessionVal skipwhite
syn match nothing "$"
syn region hogRules oneline contains=nothing start='$' end="$"
syn region hogRules oneline contains=hogRule start='('ms=s+1 end=")\s*$" skipwhite
syn region hogRule contained oneline start="." skip="\\;" end=";"he=s-1 contains=hogAOpts, skipwhite keepend
"syn region hogAOpts contained oneline start="." end="[;]"he=s-1 contains=hogAOpt skipwhite
syn region hogAOpts contained oneline start="." end="[;]"me=e-1 contains=hogAOpt skipwhite
" ruletype command
syn keyword hogRTypeStart skipwhite ruletype nextgroup=hogRuleName skipwhite
syn region hogRuleName contained start="." end="\s" contains=hogFileName nextgroup=hogRTypeRegion
" type ruletype sub type
syn region hogRtypeRegion contained start="{" end="}" nextgroup=hogRTypeStart
syn keyword hogRTypeStart skipwhite type nextgroup=hogRuleTypes skipwhite
syn region hogRuleTypes contained start="." end="\s" contains=hogRuleType nextgroup=hogOutStart
" var command
syn keyword hogVarStart skipwhite var nextgroup=hogVarIdent skipwhite
syn region hogVarIdent contained start="."hs=e+1 end="\s\+"he=s-1 contains=hogEnvvar nextgroup=hogVarRegion skipwhite
syn region hogVarRegion contained oneline start="." contains=hogIPaddr,hogEnvvar,hogNumber,hogString,hogFileName end="$"he=s-1 keepend skipwhite
" config command
syn keyword hogConfigStart config skipwhite nextgroup=hogConfigType
syn match hogConfigType contained "\<classification\>" nextgroup=hogConfigTypeRegion skipwhite
syn region hogConfigTypeRegion contained oneline start=":"ms=s+1 end="$" contains=hogNumber,hogText keepend skipwhite
" include command
syn keyword hogIncStart include skipwhite nextgroup=hogIncRegion
syn region hogIncRegion contained oneline start="\>" contains=hogFileName,hogEnvvar end="$" keepend
" preprocessor command
" http_decode, minfrag, portscan[-ignorehosts]
syn keyword hogPPrStart preprocessor skipwhite nextgroup=hogPPr
syn match hogPPr contained "\<spade\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<spade-homenet\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<spade-threshlearn\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<spade-adapt\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<spade-adapt2\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<spade-adapt3\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<spade-survey\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<defrag\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<telnet_decode\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<rpc_decode\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<bo\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<stream\>" nextgroup=hogStreamRegion skipwhite
syn match hogPPr contained "\<stream2\>" nextgroup=hogStreamRegion skipwhite
syn match hogPPr contained "\<stream3\>" nextgroup=hogStreamRegion skipwhite
syn match hogPPr contained "\<http_decode\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<minfrag\>" nextgroup=hogPPrRegion skipwhite
syn match hogPPr contained "\<portscan[-ignorehosts]*\>" nextgroup=hogPPrRegion skipwhite
syn region hogPPrRegion contained oneline start="$" end="$" keepend
syn region hogPPrRegion contained oneline start=":" end="$" contains=hogNumber,hogIPaddr,hogEnvvar,hogFileName keepend
syn keyword hogStreamArgs contained timeout ports maxbytes
syn region hogStreamRegion contained oneline start=":" end="$" contains=hogStreamArgs,hogNumber
" output command
syn keyword hogOutStart output nextgroup=hogOut skipwhite
"
" alert_syslog
syn match hogOut contained "\<alert_syslog\>" nextgroup=hogSyslogRegion skipwhite
syn region hogSyslogRegion contained start=":" end="$" contains=hogSysFac,hogSysPri,hogSysOpt,hogEnvvar oneline skipwhite keepend
"
" alert_fast (full,smb,unixsock, and tcpdump)
syn match hogOut contained "\<alert_fast\|alert_full\|alert_smb\|alert_unixsock\|log_tcpdump\>" nextgroup=hogLogFileRegion skipwhite
syn region hogLogFileRegion contained start=":" end="$" contains=hogFileName,hogEnvvar oneline skipwhite keepend
"
" database
syn match hogOut contained "\<database\>" nextgroup=hogDBTypes skipwhite
syn region hogDBTypes contained start=":" end="," contains=hogDBType,hogEnvvar nextgroup=hogDBSRVs skipwhite
syn region hogDBSRVs contained start="\s\+" end="," contains=hogDBSRV nextgroup=hogDBParams skipwhite
syn region hogDBParams contained start="." end="="me=e-1 contains=hogDBParam nextgroup=hogDBValues
syn region hogDBValues contained start="." end="\>" contains=hogNumber,hogEnvvar,hogAscii nextgroup=hogDBParams oneline skipwhite
syn match hogAscii contained "\<\a\+"
"
" log_tcpdump
syn match hogOut contained "\<log_tcpdump\>" nextgroup=hogLogRegion skipwhite
syn region hogLogRegion oneline start=":" skipwhite end="$" contains=hogEnvvar,hogFileName keepend
"
" xml
syn keyword hogXMLTrans contained http https tcp iap
syn match hogOut contained "\<xml\>" nextgroup=hogXMLRegion skipwhite
syn region hogXMLRegion contained start=":" end="," contains=hogXMLArg,hogEnvvar nextgroup=hogXMLParams skipwhite
"syn region hogXMLParams contained start="." end="="me=e-1 contains=hogXMLProto nextgroup=hogXMLProtos
"syn region hogXMLProtos contained start="." end="\>" contains=hogXMLTrans nextgroup=hogXMLParams
syn region hogXMLParams contained start="." end="="me=e-1 contains=hogXMLParam nextgroup=hogXMLValue
syn region hogXMLValue contained start="." end="\>" contains=hogNumber,hogIPaddr,hogEnvvar,hogAscii,hogFileName nextgroup=hogXMLParams oneline skipwhite keepend
"
" Filename
syn match hogFileName contained "[-./[:alnum:]_~]\+"
syn match hogFileName contained "[-./[:alnum:]_~]\+"
" IP address
syn match hogIPaddr "\<\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\>"
syn match hogIPaddr "\<\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}/\d\{1,2}\>"
syn keyword hogProto tcp TCP ICMP icmp udp UDP
" hog alert address port pairs
" hog IPaddresses
syn match hogIPaddrAndPort contained "\<\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\>" skipwhite nextgroup=hogPort
syn match hogIPaddrAndPort contained "\<\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}/\d\{1,2}\>" skipwhite nextgroup=hogPort
syn match hogIPaddrAndPort contained "\<any\>" skipwhite nextgroup=hogPort
syn match hogIPaddrAndPort contained "\$\I\i*" nextgroup=hogPort skipwhite
syn match hogIPaddrAndPort contained "\${\I\i*}" nextgroup=hogPort skipwhite
"syn match hogPort contained "[\!]\=[\:]\=\d\+L\=\>" skipwhite
syn match hogPort contained "[\:]\=\d\+\>"
syn match hogPort contained "[\!]\=\<any\>" skipwhite
syn match hogPort contained "[\!]\=\d\+L\=:\d\+L\=\>" skipwhite
" action commands
syn keyword hog7Functions activate skipwhite nextgroup=hogActRegion
syn keyword hog7Functions dynamic skipwhite nextgroup=hogActRegion
syn keyword hogActStart alert skipwhite nextgroup=hogActRegion
syn keyword hogActStart log skipwhite nextgroup=hogActRegion
syn keyword hogActStart pass skipwhite nextgroup=hogActRegion
syn region hogActRegion contained oneline start="tcp\|TCP\|udp\|UDP\|icmp\|ICMP" end="\s\+"me=s-1 nextgroup=hogActSource oneline keepend skipwhite
syn region hogActSource contained oneline contains=hogIPaddrAndPort start="\s\+"ms=e+1 end="->\|<>"me=e-2 oneline keepend skipwhite nextgroup=hogActDest
syn region hogActDest contained oneline contains=hogIPaddrAndPort start="->\|<>" end="$" oneline keepend
syn region hogActDest contained oneline contains=hogIPaddrAndPort start="->\|<>" end="("me=e-1 oneline keepend skipwhite nextgroup=hogRules
" ====================
if version >= 508 || !exists("did_hog_syn_inits")
if version < 508
let did_hog_syn_inits = 1
command -nargs=+ HiLink hi link <args>
else
command -nargs=+ HiLink hi def link <args>
endif
" The default methods for highlighting. Can be overridden later
HiLink hogComment Comment
HiLink hogLineComment Comment
HiLink hogAscii Constant
HiLink hogCommentString Constant
HiLink hogFileName Constant
HiLink hogIPaddr Constant
HiLink hogNotPatSep Constant
HiLink hogNumber Constant
HiLink hogText Constant
HiLink hogString Constant
HiLink hogSysFac Constant
HiLink hogSysOpt Constant
HiLink hogSysPri Constant
" HiLink hogAStrGrp Error
HiLink hogJunk Error
HiLink hogEnvvar Identifier
HiLink hogIPaddrAndPort Identifier
HiLink hogVarIdent Identifier
HiLink hogATAGOpt PreProc
HiLink hogAIPOptVal PreProc
HiLink hogARespOpt PreProc
HiLink hogAReactOpt PreProc
HiLink hogAFlagOpt PreProc
HiLink hogAFragOpt PreProc
HiLink hogCommentTitle PreProc
HiLink hogDBType PreProc
HiLink hogDBSRV PreProc
HiLink hogPort PreProc
HiLink hogARefGrps PreProc
HiLink hogSessionVal PreProc
HiLink hogXMLArg PreProc
HiLink hogARPCOpt PreProc
HiLink hogPatSep Special
HiLink hog7Functions Statement
HiLink hogActStart Statement
HiLink hogIncStart Statement
HiLink hogConfigStart Statement
HiLink hogOutStart Statement
HiLink hogPPrStart Statement
HiLink hogVarStart Statement
HiLink hogRTypeStart Statement
HiLink hogTodo Todo
HiLink hogRuleType Type
HiLink hogAFOpt Type
HiLink hogANoVal Type
HiLink hogAStrOpt Type
HiLink hogANOpt Type
HiLink hogAOpt Type
HiLink hogDBParam Type
HiLink hogStreamArgs Type
HiLink hogOut Type
HiLink hogPPr Type
HiLink hogConfigType Type
HiLink hogActRegion Type
HiLink hogProto Type
HiLink hogXMLParam Type
HiLink resp Todo
HiLink cLabel Label
delcommand HiLink
if !exists("hog_minlines")
let hog_minlines = 100
endif
exec "syn sync minlines=" . hog_minlines
hi link HogRuleType Statement
hi link HogRuleTypeName Type
hi link HogRuleTypeType Keyword
hi link HogPreproc Statement
hi link HogConfig Statement
hi link HogOutput Statement
hi link HogConfigName Type
"hi link HogEvFilter
hi link HogEvFilterKeyword Statement
hi link HogSuppressKeyword Statement
hi link HogEvFilterTypes Constant
hi link HogEvFilterTrack Constant
hi link HogAttribute Statement
hi link HogAttributeFile String
hi link HogAttributeType Statement
hi link HogInclude Statement
hi link HogIncludeFile String
hi link HogDylib Statement
hi link HogDylibType Statement
hi link HogDylibFile String
" Variables
" var
hi link HogVar Identifier
hi link HogVarType Keyword
hi link HogVarSet Identifier
hi link HogVarValue String
" ipvar
hi link HogIPVarType Keyword
hi link HogIPVarSet Identifier
" portvar
hi link HogPortVarType Keyword
hi link HogPortVarSet Identifier
hi link HogPort Constant
hi link HogTodo Todo
hi link HogComment Comment
hi link HogString String
hi link HogHexEsc PreProc
hi link HogNumber Number
hi link HogSpecial Constant
hi link HogSpecialAny Constant
hi link HogIPAddr Constant
hi link HogIPCidr Constant
hi link HogOpNot Operator
hi link HogOpRange Operator
hi link HogRuleAction Statement
hi link HogRuleProto Identifier
hi link HogRuleDir Operator
hi link HogRuleOption Keyword
hi link HogRuleChars String
hi link HogFileType HogRuleAction
hi link HogFileTypeOpt HogRuleOption
hi link NotASemiColn HogRuleChars
let b:current_syntax = "hog"
" hog: cpw=59