From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Thu, 30 Mar 2023 13:48:47 +0000 (-0400)
Subject: doc/byte_math: Add divide by 0 discussion.
X-Git-Tag: suricata-7.0.0-rc2~438
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd46c93a8f0f35375d349cf9402c2614dedff72b;p=thirdparty%2Fsuricata.git

doc/byte_math: Add divide by 0 discussion.

Issue: 5945
---

diff --git a/doc/userguide/rules/differences-from-snort.rst b/doc/userguide/rules/differences-from-snort.rst
index 8226e3a7e8..9638a25d08 100644
--- a/doc/userguide/rules/differences-from-snort.rst
+++ b/doc/userguide/rules/differences-from-snort.rst
@@ -276,6 +276,8 @@ See :doc:`http-keywords` for all HTTP keywords.
    uint32 value. Snort rejects ``rvalue`` values of ``0`` and requires
    values to be between ``[1..max-uint32 value]``.
 
+- Suricata will never match if there's a zero divisor. Division by 0 is undefined.
+
 
 ``isdataat`` Keyword
 --------------------
diff --git a/doc/userguide/rules/payload-keywords.rst b/doc/userguide/rules/payload-keywords.rst
index 14f5092be0..4342874f49 100644
--- a/doc/userguide/rules/payload-keywords.rst
+++ b/doc/userguide/rules/payload-keywords.rst
@@ -441,6 +441,8 @@ an existing variable or a specified value.
 
 When ``relative`` is included, there must be a previous ``content`` or ``pcre`` match.
 
+Note: if ``oper`` is ``/`` and the divisor is 0, there will never be a match on the ``byte_math`` keyword.
+
 The result can be stored in a result variable and referenced by
 other rule options later in the rule.