Actions
Bug #1697
closedbyte_extract incompatibility with Snort.
Affected Versions:
Effort:
Difficulty:
Label:
Description
Test with TALOS subscriber ruleset, Feb. 7 2016.
Suricata fails to parse a rule with the error:
[ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Base not specified for byte_extract, though string was specified. The right options are (string, hex), (string, oct) or (string, dec)
And the relevant part of the rule being:
byte_extract:10,0,colspan,relative,string;
Updated by Victor Julien almost 9 years ago
Does Snort default to one of the dec/hex/oct if it's not specified?
Updated by Jason Ish almost 9 years ago
Yes, while it is not documented a quick look at the code shows that if "string" is specified, but the base is not set, default to base 10.
Updated by Jason Ish almost 9 years ago
- Status changed from New to Assigned
- Assignee set to Jason Ish
- Target version set to 70
Updated by Victor Julien over 8 years ago
- Status changed from Assigned to Closed
- Target version changed from 70 to 3.0.1
Actions