[Snort-sigs] quick question on byte_test bitwise operator

Brian Caswell bmc at ...95...
Tue Jan 23 11:05:12 EST 2007


On Jan 23, 2007, at 4:04 AM, 김동욱01 wrote:
> Snort manual says I can use &(AND), !(NOT).
>
> It also says I can use OR operator which is not clearly printed.
>
> Some says that it supports XOR operator, yet it is not documented.

The available operators are:

<, =, >, &, and ^.   All of the operators can also be used as the  
opposite.  For example, !>, would equate to not greater than.

The operators work exactly as they would if used them in C.

Basically:

if ((packet_value ^ rule_value)) > 0) {
     success = 1;
}

Brian



More information about the Snort-sigs mailing list