Actions
Bug #6070
closedbyte_match: Multiplication operator not supported
Affected Versions:
Effort:
Difficulty:
Label:
Description
On Suricata 6.0.x, the byte_math multiplication operator is not
$ cat bm.rule alert tcp any any -> any 44818 (msg:"Alert PLC Allen Bradley"; byte_math:bytes 1, offset 46,oper *,rvalue 2, result var, string dec; content:"|20 6b|"; offset:47; depth:var; sid:10001; rev:1;) jlucovsky@ ~/src/jal/master-6.0.x (master-6.0.x) $ src/suricata -T -c suricata.yaml -S bm.rule 18/5/2023 -- 08:25:26 - <Info> - Running suricata under test mode 18/5/2023 -- 08:25:26 - <Notice> - This is Suricata version 6.0.12 RELEASE running in SYSTEM mode 18/5/2023 -- 08:25:26 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - byte_math parse error; invalid value: ret -1, string "bytes 1, offset 46,oper *,rvalue 2, result var, string dec" 18/5/2023 -- 08:25:26 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp any any -> any 44818 (msg:"Alert PLC Allen Bradley"; byte_math:bytes 1, offset 46,oper *,rvalue 2, result var, string dec; content:"|20 6b|"; offset:47; depth:var; sid:10001; rev:1;) " from file bm.rule at line 1 18/5/2023 -- 08:25:26 - <Warning> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 1 rule files specified, but no rules were loaded! 18/5/2023 -- 08:25:26 - <Error> - [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed.
Updated by Jeff Lucovsky over 1 year ago
- Status changed from New to In Progress
Note that 7.0.x supports the *
operator as the parser was rewritten.
Updated by Jeff Lucovsky over 1 year ago
- Status changed from In Progress to In Review
Updated by Jeff Lucovsky over 1 year ago
- Status changed from In Review to Closed
Updated by Victor Julien over 1 year ago
- Target version changed from TBD to 6.0.13
Actions