[PATCH]: snort_manual.tex: Remove 'Variable Modifiers' section as it doesn't work

[<Joshua.Kinard () us-cert gov>]

Hi snort-devel,

On page 28 and 29 of the 2.9.0.5 manual, the use of bash-style variable
modifiers is referenced.  However, this specific syntax is not
functional in Snort.  Using the exact sample given on page 29:

ipvar MY_NET 192.168.1.0/24
log tcp any any -> $(MY_NET:?MY_NET is undefined!) 23

I receive this when attempting to run Snort:

ERROR: local.rules(243) Undefined variable in the string:
$(MY_NET:?MY_NET.
Fatal Error, Quitting..

Attempting to just use plain $(MY_NET) still errors:
ERROR: local.rules(243) Undefined variable in the string: $(MY_NET).
Fatal Error, Quitting..


Same for portvars:
portvar NINJA_PORT 42
alert tcp any any -> any $(NINJA_PORT)

ERROR: local.rules(243) ***PortVar Lookup failed on '$(NINJA_PORT)'.
Fatal Error, Quitting..


I really don't see this as a widely-used feature.  I don't ever recall
seeing it at all in VRT or ET rulesets, though I'll admit I haven't
actually grepped for its use.  The attached patch proposes to delete
this section from the manual.  I did not check to see if there is any
dead code in Snort itself that requires removal as well.


Cheers!,

--J

Attachment: snort-2905-manual-del-advanced-var.patch
Description: snort-2905-manual-del-advanced-var.patch

------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery, 
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now. 
http://p.sf.net/sfu/quest-d2dcopy1

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel