DCERCP2 support for byte_extract not implemented?

[Joshua Kinard <kumba () gentoo org>]

I noticed in the manual that byte_extract supports a 'dce' parameter like
byte_test and byte_jump.  However, the code for this appears to be missing.
 In src/dynamic-preprocessors/dcerpc2/dce2_roptions.c, only one reference to
DCE2_ROPT__BYTE_EXTRACT exists, while there are quite a few references to
the other forms for test/jump.

Is byte_extract going to get DCE override functionality?  Does it need it,
or is this an artifact from basing the rule option off of byte_test or
byte_jump?  What other parameters, aside from <endian> and <string type> are
incompatible with byte_extract's DCE override?

Thanks!

-- 
Joshua Kinard
Gentoo/MIPS
kumba () gentoo org
4096R/D25D95E3 2011-03-28

"The past tempts us, the present confuses us, the future frightens us.  And
our lives slip away, moment by moment, lost in that vast, terrible in-between."

--Emperor Turhan, Centauri Republic

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!