[Snort-devel] Question on portvar

snort user snort.user at ...2499...
Sat Sep 6 06:59:23 EDT 2008


    /* check for a pure not rule - fatal if we find one */
      FatalError("Pure NOT ports are not allowed!\n");


Is there a reason for not supporting portvars for pure NOT rules?


Thanks a lot !




On Fri, Jul 25, 2008 at 5:12 PM, Steven Sturges
<steve.sturges at ...402...> wrote:
> The portvar changes affect how rules are grouped
> and data is inserted into the fast pattern matcher.
>
> Doesn't affect the creation of the RTN/OTN.
>
> snort user wrote:
>>
>> Hello and greetings.
>>
>> I have a question about the portvar option of snort that was
>> introduced a while back.
>> When this change was made, did it affect only parser.c or did it
>> affect the rest of the system - detection stage, how rtn/otn is
>> created and looked up?
>>
>> Any help is appreciated.
>>
>> Thanks !
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win great
>> prizes
>> Grand prize is a trip for two to an Open Source event anywhere in the
>> world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>




More information about the Snort-devel mailing list