[Oisf-devel] small error on byte_test in suricata v1.0.4
Victor Julien
victor at inliniac.net
Sat Jun 25 08:50:07 UTC 2011
On 06/24/2011 10:57 PM, rmkml wrote:
> Hi,
> Congratulations for new Suricata v1.0.4! (not tested last git version)
> I have a small error on byte_test please, sig error example:
> alert udp any any -> any any (msg:"byte_test error""; byte_test:4,>=,1,0; classtype:misc-attack; sid:912023; rev:1;)
> suricata error:
> [11969] 24/6/2011 -- 22:53:39 - (detect-bytetest.c:440) <Error> (DetectBytetestParse) -- [ERRCODE: SC_ERR_INVALID_OPERATOR(130)] - Invalid operator
> It's work snort.
> Anyone confirm this pb please? if yes Im create new ticket on redmine.
This issue has already been addressed in the 1.1 branch. As the goal of
the 1.0.x branch was to support the signature language up to 2.8.5,
which doesn't include this byte_test operator as far as I know, it will
not be addressed for this branch.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list