From cb250fc9843a335fffe44ed6b15570e5b7cd2a35 Mon Sep 17 00:00:00 2001
From: Mathias Weiersmueller <mathias.weiersmueller@cyberheads.ch>
Date: Mon, 2 Dec 2019 09:43:40 +0100
Subject: [PATCH] DOC: clarify matching strings on binary fetches

Add clarification and example to string matching on binary samples,
as comparison stops at first null byte due to strncmp behaviour.

Backporting all the way down to 1.5 is suggested as it might save
from headaches.
---
 doc/configuration.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 1e15ba4ec..432c265ae 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -12883,6 +12883,14 @@ string, then the matching will be performed ignoring the case. In order
 to match the string "-i", either set it second, or pass the "--" flag
 before the first string. Same applies of course to match the string "--".
 
+Do not use string matches for binary fetches which might contain null bytes
+(0x00), as the comparison stops at the occurrence of the first null byte.
+Instead, convert the binary fetch to a hex string with the hex converter first.
+
+Example:
+    # matches if the string <tag> is present in the binary sample
+    acl tag_found req.payload(0,0),hex -m sub 3C7461673E
+
 
 7.1.4. Matching regular expressions (regexes)
 ---------------------------------------------