While writing a server browser I noticed that some servers I noticed that a few servers were serving and invalid set of rules, using the ServerBrowserProtocol ( https://community.bistudio.com/wiki/Arma_3_ServerBrowserProtocol3 ).
After looking closer, I noticed the following:
Basically the rules data is generated according to the ServerBrowserProtocol.
Then, it is escaped and then split into key/val pairs:
1/3, 2/3, 3/3
that each have 127 bytes max.
Now if the string that has been generated is a multiple of 127 bytes (that's the only common thing I've noticed - i may be wrong, though) something strange happens: the resulting key/val pairs set is going to be expanded with another key/val set that is larger by one key, meaning that the keys you're going to get will be:
1/3, 2/3, 3/3, 1/4, 2/4, 3/4, 4/4
The x/3 packets (the "3" is an example here, of course) will contain the original set of data with the correct values.
The x/4 packets will form the same data as the x/3 packets BUT with (at least!) the overflow flags and the difficulty byte set to 0. The one or two "0x00" new bytes in the new buffer will then be escaped to "0x01 0x02" changing the length of the buffer to something else than a multiple of 127, explaining why a 3-packet set became a 4-packet.
For some reason, they are then both put into one A2S_RULES packet and sent to the people who query that server.