Snort mailing list archives
DCERCP2 support for byte_extract not implemented?
From: Joshua Kinard <kumba () gentoo org>
Date: Wed, 21 Dec 2011 17:43:39 -0500
I noticed in the manual that byte_extract supports a 'dce' parameter like byte_test and byte_jump. However, the code for this appears to be missing. In src/dynamic-preprocessors/dcerpc2/dce2_roptions.c, only one reference to DCE2_ROPT__BYTE_EXTRACT exists, while there are quite a few references to the other forms for test/jump. Is byte_extract going to get DCE override functionality? Does it need it, or is this an artifact from basing the rule option off of byte_test or byte_jump? What other parameters, aside from <endian> and <string type> are incompatible with byte_extract's DCE override? Thanks! -- Joshua Kinard Gentoo/MIPS kumba () gentoo org 4096R/D25D95E3 2011-03-28 "The past tempts us, the present confuses us, the future frightens us. And our lives slip away, moment by moment, lost in that vast, terrible in-between." --Emperor Turhan, Centauri Republic
Attachment:
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- DCERCP2 support for byte_extract not implemented? Joshua Kinard (Dec 21)