[Snort-devel] [PATCH] Remove the variable modifiers section in the manual.

Joshua Kinard kumba at ...2185...
Mon Dec 26 19:24:51 EST 2011


I checked again to see if the bash-like variable modifiers work in Snort
with the newer releases.  They do not:

portvar HTTP_PORT 80

alert tcp any any -> any $(HTTP_PORT?FOOBAR) (msg:"HTTP GET for ~/hello";
flow:established,to_server; content:"GET"; http_method; content:"/~hello";
http_uri; sid:42000001; rev:1; classtype:misc-activity; )

$ ~/bin/snort -c local.rules -A console -k none -r tcp-http-tiny2.pcap -q
ERROR: local.rules(216) ***PortVar Lookup failed on '$(HTTP_PORT?FOOBAR)'.
Fatal Error, Quitting..

So, lets get rid of that section.


Changes:
 snort_manual.tex |   46 ----------------------------------------------
 1 file changed, 46 deletions(-)


Cheers!

-- 
Joshua Kinard
Gentoo/MIPS
kumba at ...2185...
4096R/D25D95E3 2011-03-28

"The past tempts us, the present confuses us, the future frightens us.  And
our lives slip away, moment by moment, lost in that vast, terrible in-between."

--Emperor Turhan, Centauri Republic
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snort-2.9.2-kill-variable-modifiers.patch
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20111226/0992d367/attachment.ksh>


More information about the Snort-devel mailing list