From fd46c93a8f0f35375d349cf9402c2614dedff72b Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Thu, 30 Mar 2023 09:48:47 -0400
Subject: [PATCH] doc/byte_math: Add divide by 0 discussion.

Issue: 5945
---
 doc/userguide/rules/differences-from-snort.rst | 2 ++
 doc/userguide/rules/payload-keywords.rst       | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/doc/userguide/rules/differences-from-snort.rst b/doc/userguide/rules/differences-from-snort.rst
index 8226e3a7e8..9638a25d08 100644
--- a/doc/userguide/rules/differences-from-snort.rst
+++ b/doc/userguide/rules/differences-from-snort.rst
@@ -276,6 +276,8 @@ See :doc:`http-keywords` for all HTTP keywords.
    uint32 value. Snort rejects ``rvalue`` values of ``0`` and requires
    values to be between ``[1..max-uint32 value]``.
 
+- Suricata will never match if there's a zero divisor. Division by 0 is undefined.
+
 
 ``isdataat`` Keyword
 --------------------
diff --git a/doc/userguide/rules/payload-keywords.rst b/doc/userguide/rules/payload-keywords.rst
index 14f5092be0..4342874f49 100644
--- a/doc/userguide/rules/payload-keywords.rst
+++ b/doc/userguide/rules/payload-keywords.rst
@@ -441,6 +441,8 @@ an existing variable or a specified value.
 
 When ``relative`` is included, there must be a previous ``content`` or ``pcre`` match.
 
+Note: if ``oper`` is ``/`` and the divisor is 0, there will never be a match on the ``byte_math`` keyword.
+
 The result can be stored in a result variable and referenced by
 other rule options later in the rule.
 
-- 
2.47.2