[Oisf-devel] Arithmetic Operators in signature
amit zala
impmails67 at gmail.com
Thu Sep 1 20:21:32 UTC 2016
Hi,
I will extract specific bytes from packet, lets say A and B are the
extracted variables.
Now I want to check (A-7+B)/8 is less than 1000.
Is there any way I can do that is signature itself?
Thanks
Amit
On Fri, Sep 2, 2016 at 1:48 AM, rmkml <rmkml at ligfy.org> wrote:
> Hi Amit,
>
> Not easy, depending your need,
>
> could you describe one example please ?
>
> For exemple use byte_test ? or use pcre relative ?
>
> Another is lua script for complex.
>
> Best Regards
> @Rmkml
>
>
>
> On Thu, 1 Sep 2016, amit zala wrote:
>
> Hi,
>> Is there any way to use arithmetic operators (+ - * /) in signature?
>> For example,
>> I use byte_extract to extract some bytes, and then I want to multiply it
>> by some static value and check if it crosses some limit? Is there any way
>> to do it in signature itself?
>> I searched into suricata guide but I was not able to find anything which
>> satisfies this requirement.
>>
>> Thanks
>> Amit
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20160902/37738eef/attachment-0002.html>
More information about the Oisf-devel
mailing list