[Bro] Signature framework questions, endianess and bitwise operations

[Robin Sommer]

On Thu, Jul 24, 2014 at 09:49 -0400, James Feister wrote:

> Had hoped I could just generate a mask to grab the first four bits 0x0F,
> and then match against those.

No, masking is not supported for payload data, only for header fields.

Robin

-- 
Robin Sommer * Phone +1 (510) 722-6541 *     robin at icir.org
ICSI/LBNL    * Fax   +1 (510) 666-2956 * www.icir.org/robin