Re: var or ipvar?

[Joel Esler <jesler () sourcefire com>]

This will always be an issue to where we'll have a problem. We try to solve it the best we can be being proactive and 
giving people lots of updates along the way. 

But we can't stop innovation and updates for our customers, both commercial and open source to slow the release cycle 
of new features and bug fixes. 

--
Joel Esler
Sent from my iPhone 

On Jan 28, 2013, at 9:01 PM, waldo kitty <wkitty42 () windstream net> wrote:

> On 1/28/2013 15:43, Nicholas Bogart wrote:
> > Here is a snippet from the most current manual.  Which I checked after my last
> > email.
> > "IPs may be specified individually, in a list, as a CIDR block, or any
> > combination of the three. IP variables should be
> > specified using ’ipvar’ instead of ’var’. Using ’var’ for an IP variable is
> > still allowed for backward compatibility, but it
> > will be deprecated in a future release." -  Snort Manual, November 2012
> > So if I read that it is currently still allowed and older builds shouldn't break
> > if it is still used.  As I said before some of the older builds ipvar hinged on
> > if IPv6 was enabled when it was installed or not.  So if it wasn't then that
> > might cause an issue.
>
> thanks for that... it kinda helps but the way folks are grabbing anything they 
> can to try to force this stuff to work is really causing problems... and it 
> doesn't help at all that sourcefire is forcing retirement of "old" rules and 
> support of "old" versions based on their update schedules which do not fit into 
> anyone else's schedules :? :? :( :( :(
>
> > Nick
> >
> >
> > On Mon, Jan 28, 2013 at 2:39 PM, Y M <snort () outlook com
> > <mailto:snort () outlook com>> wrote:
> >
> >     From Snort 2.9.4 release notes:
> >
> >    "Consolidation of IPv6 -- now only a single build supports both IPv4 & IPv6,
> >    and removal of the IPv4 "only" code paths."
> >
> >    Does this mean that ipvar should support both IPv4 and IPv6 and var is
> >    deprecated/ no longer needed? Or am I totally off topic here?
> >
> >    In previous installations of Snort, we had ipvar and var both at the same
> >    config file and we did not see any problems, however, we didn't have IPv6
> >    enabled at that point of time.
> >
> >    YM
> >    --------------------------------------------------------------------------------
> >    From: Joel Esler <mailto:jesler () sourcefire com>
> >    Sent: 1/28/2013 11:07 PM
> >    To: Nicholas Bogart <mailto:nickybzoss () gmail com>
> >    Cc: snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net>
> >    Subject: Re: [Snort-users] var or ipvar?
> >
> >    Ipvar, for ips. Portvar for ports.
> >
> >    --
> >    Joel Esler
> >    Sent from my iPad
> >
> >    On Jan 28, 2013, at 3:01 PM, Nicholas Bogart <nickybzoss () gmail com
> >    <mailto:nickybzoss () gmail com>> wrote:
> >
> > >    Last I remember on this from the manual you only use ipvar if you are
> > >    working in an IPv6 evironment and have enabled snort for IPv6.  If you
> > >    have it turned off then you can continue and are encouraged to still use var.
> > >    Nick
> > >
> > >    On Mon, Jan 28, 2013 at 1:56 PM, waldo kitty <wkitty42 () windstream net
> > >    <mailto:wkitty42 () windstream net>> wrote:
> > >
> > >
> > >        var used to be used for most all var definitions... then work was
> > >        being done for
> > >        IPv6 and ipvar was created... since then, it seems that ipvar has been
> > >        retained
> > >        for all and var is simply no longer used...
> > >
> > >        is this accurate?
> > >
> > >        why is var not retained as an alias for ipvar? systems have been
> > >        breaking all
> > >        around us and it is only just now that we're starting to find this
> > >        possibly
> > >        being the problem :(
> > >
> > >        will it hurt to have both var and ipvar pointing to the same definitions??
> > >
> > >        will older snorts fall over because of ipvar being introduced into their
> > >        environment before they are ready for it?
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnnow-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!