Re: Snort 2.3.0 Final released!

[Frank Knobbe <frank () knobbe us>]

On Wed, 2005-01-26 at 11:04 +0200, Nerijus Krukauskas wrote:
>    Well, fixes for these two (I'm just guessing) broke the way the 
> comments are handled in threshold/suppress configs. I'm used to put a 
> short comment after threshold/suppress command in threshold.conf. That 
> way I know why I've put it there. E.g.
>
> suppress gen_id 1, sig_id 3003, track by_src, ip x.y.z.w  # hostname 
> (MBSA/AV scans)
>
>    snort-2.3.0 now barfs on me because of the slash (/) in comment. If 
> I change it to dash (-), then it parses the command without errors.
>
>    Am I not supposed to put comments this way or is this a small bug?


Same thing happened to me. I send in a patch which apparently didn't
make it into the release. It's attached to this email. With it, you can
patch sfthreshold.c and continue using slashes in comments in
threshold.conf.

Note: Slashes elsewhere may still break things. This issue should be
fixed centrally in the parser. My patch only addresses the parsing for
threshold.conf.

Regards,
Frank

Attachment: comment-patch
Description:

Attachment: signature.asc
Description: This is a digitally signed message part