[Bro] Bitwise Operations
M K
mkhan04 at gmail.com
Fri May 23 22:52:49 PDT 2014
My method was to take a string of bytes and convert them to integral types
I wanted.
So if I received a 'string' type in a function I could do:
local foo1 = bytestring_to_count(sub_bytes(string, 0, 4));
local foo2 = bytestring_to_count(sub_bytes(string, 4, 2));
local foo3 = bytestring_to_count(sub_bytes(string, 6, 2));
bar = foo1 ^ 0x12345678;
bah = (foo2 + foo3) & 0xFFFF;
if ( bar == 0xDEADBEEF && bah > 0x1234 ) {
#do a barrel roll
}
On Sat, May 24, 2014 at 1:42 AM, Vern Paxson <vern at icir.org> wrote:
> > Bitwise operations on user defined stream fields for custom protocol
>
> Okay, these examples make sense to me. Let me ask then about what such
> operators should look like. M K originally sketched them as operating on
> integral types. However, I'd think that if it's for manipulating blobs
> of C&C, then instead working on strings would be the right target ... ?
>
> Vern
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140524/f08416cf/attachment.html
More information about the Bro
mailing list