[Snort-sigs] Re: netbios rules

Brian bmc at ...95...
Wed Dec 1 06:40:06 EST 2004


On Sun, Nov 28, 2004 at 07:08:44PM -0500, grep wrote:
> How is a return value of true obtained from a byte_test?  If the yield of 
> the comparison is the same as the comparison value then return true? e.g.
> octet=01101001;
> value=00000001;
> yield = octet & value;
> if (yield == value) { return true; } else { return false; }

read the source luke.

    case BT_AND: if ((value & btd->cmp_value) > 0)
                     success = 1;
                 break;

Brian




More information about the Snort-sigs mailing list