I'm sure there is at least one other Carl Sagan fan on list. I feel like if I wish to make an analyzer from scratch, I must first invent the universe.

-AK

On Wed, Mar 13, 2019, 15:44 anthony kasza <anthony.kasza@gmail.com> wrote:
I tried changing the name provided to the setup script as suggested. Doing so gives me many errors when I try to ./configure the plugin from within the conn-taste/ directory. CMake states that DEMO::CONNTASTE-events.bif is "reserved or not valid for for certain CMake features". It complains about many of the file names.

Additionally, all the files in conn-taste/src/ look like DEMO::CONNTASTE.cc  :(

-AK

On Wed, Mar 13, 2019, 13:43 Michael Dopheide <dopheide@es.net> wrote:
I believe you want to change this line:

./start.py ConnTaste "Connection Byte Offset Tasting" ...

to 

./start.py Demo::ConnTaste "Connection Byte Offset Tasting" ...

-Dop


On Wed, Mar 13, 2019 at 2:35 PM anthony kasza <anthony.kasza@gmail.com> wrote:
Many thanks for the quick responses!

I am receiving these errors:
```
error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: plugin
Demo::ConnTaste is not available
fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1:
Failed to activate requested dynamic plugin(s).
```

After executing these commands:
```
git clone --recursive https://github.com/zeek/zeek.git
cd zeek
./configure
make
DIST=`pwd`

cd aux/bro-aux/plugin-support
./init-plugin -u ./conn-taste Demo ConnTaste
BRO_PLUGIN_PATH=`pwd`

cd ${DIST}
cd ../
cd binpac_quickstart
pip install docopt jinja2
./start.py ConnTaste "Connection Byte Offset Tasting"
${BRO_PLUGIN_PATH}/conn-taste/ --tcp --buffered --plugin

cd ${BRO_PLUGIN_PATH}/conn-taste
./configure --bro-dist=${DIST}
make

cd ${DIST}
./configure
make
make install

bro -NN Demo::ConnTaste
```

I'm guessing there is some environment variable I am missing as I tried zeek/testing/btest/plugins/protocol.bro as Robin suggested and the @TEST-EXEC statements worked as expected.

-AK

On Wed, Mar 13, 2019, 09:51 Vlad Grigorescu <vlad@es.net> wrote:
On Wed, Mar 13, 2019 at 10:17 AM anthony kasza <anthony.kasza@gmail.com> wrote:
 
However, the docs don't detail much beyond creating a built in function. A colleague pointed me at this quickstart script for binpac:

Oops! Sorry about that. Try this one: https://github.com/esnet/binpac_quickstart

That has a '--plugin' option. That will at least get the boilerplate stuff built, and then you can start digging into the protocol specifics.

  --Vlad
_______________________________________________
zeek-dev mailing list
zeek-dev@zeek.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev