[Snort-users] var or ipvar?

Joel Esler jesler at ...1935...
Mon Jan 28 15:49:01 EST 2013


On Jan 28, 2013, at 3:36 PM, waldo kitty <wkitty42 at ...14940...> wrote:
> On 1/28/2013 15:10, Joel Esler wrote:
>> Ipvar, for ips. Portvar for ports.
> 
> i love bikini answers! short and to the point ;)
> 
Sorry, was on my iPad.

> but in this case, i'm needing a bit more information, please...
> 
> ipvar was started being used for IPv6 at what version of snort?

Um.  I want to say 2.6.0?  

> ipvar was started being used for both IPv4 and IPv6 at what version of snort?

You've always been able to use both.  What you haven't been able to do is use var for ipv6 addresses.  2.9.3.0 enabled ipv6 by default, and 2.9.4.0 removed the separate code paths.

> var was no longer for IPv4 used at what version of snort?

It always has been.  But we've eliminated the difference now.

> 
> and lastly this question from the previous post...
> 
> will older snorts fall over because of ipvar being introduced into their 
> environment before they are ready for it?

If it's not compiled with --enable-ipv6, yes.  But if you compiled ipv6 in, you should be good to go.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130128/59d2175c/attachment.html>


More information about the Snort-users mailing list