recog_match does not support multiline input banners #100
Description
recog_match can read banners from STDIN or from a file passed on the command line, but assumes that each line of input is a banner. This complicates working with multiline banners, like NTP:
In this case, /tmp/f contains an example NTP fingerprint taken verbatim from our fingerprints:
$ ./bin/recog_match xml/ntp_banners.xml /tmp/f
FAIL: version="ntpd 4.1.1a@1.791 Fri Aug 8 04:08:19 PDT 2003 (1)",
FAIL: processor="i386", system="BIG-IPBIG-IP 4.5PTF-0", leap=3, stratum=16,
FAIL: precision=-16, rootdelay=0.000, rootdispersion=103599.120, peer=0,
FAIL: refid=0.0.0.0, reftime=0x00000000.00000000, poll=4,
FAIL: clock=0xd20533b8.903aa79b, state=1, offset=0.000, frequency=0.000,
FAIL: jitter=0.015, stability=0.000