Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Advanced » variable size in snort.conf

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

variable size in snort.conf


Posted by rstarr on March 16, 2005 10:23:39

What is the size limit for variables in snort.conf?

Has anything changed for Snort 2.3.1?

I've heard about a 14-bit limit and also I heard limitations of 256 hosts with mSplit calls. Apparently, a fix for this would be to break lines with \ or edit the code and recompile.

Can someone elaborate on this please?

Thanks,

Russ

Posted by rstarr on March 16, 2005 11:28:41

Just to help clarify...

14-bits = 8192 characters/bytes
32-bits (IP address) * 256 hosts = 8192

So, now my question is: Is this still a limitation that can be cured by breaking lines in snort.conf?

About the mSplit 256 limit, I must be looking in the wrong place in the code for that one.

Thanks,

Russ

Posted by roesch on March 17, 2005 11:28:11

Max line size in snort.conf is 8192 bytes, period. Variables, rules, etc have to fit in something that size. It doesn't have anything to do with mSplit.

There was also an issue of flowbits being constrained by the number of bits available, that has been fixed in the version 3.2.1 release.

-Marty
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.