Snort mailing list archives
Re: Snort 2.9.0.3 Now Available
From: vincent () cojot name
Date: Tue, 4 Jan 2011 10:27:33 +0100 (CET)
Hi Ryan, First of all, thank you -very- much for all of this insightful information, it was exactly what I was looking for. On Mon, 3 Jan 2011, Ryan Jordan wrote:
Here's a few pieces of info that could help: - The RPMs we ship on snort.org are not compiled with IPv6 support. It might be time to re-visit the default options in the RPM. There's a lot of useful stuff that's not compiled by default.
I'm only building rpm's for EL5&clones but my spec file is only very lightly modified and I try to stay as close as possible from that on snort.org. Do you think it might be a good idea to change the default BASE_CONFIG to something like the following? [....previous compile-time options...]
--enable-decoder-preprocessor-rules --enable-targetbased \ --enable-ipv6 \ --enable-gre \ --enable-mpls \ --enable-ppm \ --enable-perfprofiling \ --enable-active-response \ --enable-normalizer \ --enable-reload \ --enable-react \ --enable-zlib \
- When IPv6 support is enabled, "var" maps to "ipvar" for backwards compatability. Enabling IPv6 will not break old confs.
Ok, that's very very good. I will then make --enable-ipv6 the default for all my .el5 builds.
- The conf shipped with Snort uses "var" to maintain compatibility with both flavors of Snort.
Well, that's the issue I had with the 2.9.0.3 source release of snort.. the sample snort.conf under etc had 'ipvar ...', not 'var ...'
There was a question about why the IPv4 version of the conf parser doesn't recognize "ipvar". The "ipvar" keyword was added with the rest of the IPv6 code, and parses IPv6 addresses while "var" does not. This stuff is only defined when Snort is compiled with "--enable-ipv6". I agree that the optional nature of IPv6 support creates some usability issues. That sounds like something we can address in the future. -Ryan
Thank you very much, Vincent ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort 2.9.0.3 Now Available Joel Esler (Jan 03)
- Re: Snort 2.9.0.3 Now Available Ryan Jordan (Jan 03)
- Re: Snort 2.9.0.3 Now Available vincent (Jan 04)
- Re: Snort 2.9.0.3 Now Available Ryan Jordan (Jan 04)
- Re: Snort 2.9.0.3 Now Available vincent (Jan 07)
- Re: Snort 2.9.0.3 Now Available anvin igcar (Jan 07)
- Re: Snort 2.9.0.3 Now Available vincent (Jan 04)
- Re: Snort 2.9.0.3 Now Available Ryan Jordan (Jan 03)
- <Possible follow-ups>
- Re: Snort 2.9.0.3 Now Available vincent (Jan 03)