Heh..  this is what I get for not following up on a WIP merge...   Try the topic/dopheide/namespace branch of github.com/esnet/binpac_quickstart.

That should allow you to specify Demo::ConnTaste, but it will uppercase that to Demo::CONNTASTE, which I believe was an old convention.


On Wed, Mar 13, 2019 at 9:25 PM Michael Dopheide <dopheide@es.net> wrote:
Okay, with your original line for quickstart, this works rather than Demo::ConnTaste.

bash-3.2# /usr/local/bro/bin/bro -NN Bro::CONNTASTE
Bro::CONNTASTE - This thing analyzer (dynamic, no version information)
    [Analyzer] CONNTASTE (ANALYZER_CONNTASTE, enabled)
    [Event] conntaste_event

So we've got some plugin naming issues to deal with, which I hope to work out tomorrow.   It shouldn't be about reinventing the universe, binpac is hard enough.  :)


On Wed, Mar 13, 2019 at 4:44 PM anthony kasza <anthony.kasza@gmail.com> wrote:
I tried changing the name provided to the setup script as suggested. Doing so gives me many errors when I try to ./configure the plugin from within the conn-taste/ directory. CMake states that DEMO::CONNTASTE-events.bif is "reserved or not valid for for certain CMake features". It complains about many of the file names.

Additionally, all the files in conn-taste/src/ look like DEMO::CONNTASTE.cc  :(


On Wed, Mar 13, 2019, 13:43 Michael Dopheide <dopheide@es.net> wrote:
I believe you want to change this line:

./start.py ConnTaste "Connection Byte Offset Tasting" ...


./start.py Demo::ConnTaste "Connection Byte Offset Tasting" ...


On Wed, Mar 13, 2019 at 2:35 PM anthony kasza <anthony.kasza@gmail.com> wrote:
Many thanks for the quick responses!

I am receiving these errors:
error in /usr/local/bro/share/bro/base/init-bare.bro, line 1: plugin
Demo::ConnTaste is not available
fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1:
Failed to activate requested dynamic plugin(s).

After executing these commands:
git clone --recursive https://github.com/zeek/zeek.git
cd zeek

cd aux/bro-aux/plugin-support
./init-plugin -u ./conn-taste Demo ConnTaste

cd ${DIST}
cd ../
cd binpac_quickstart
pip install docopt jinja2
./start.py ConnTaste "Connection Byte Offset Tasting"
${BRO_PLUGIN_PATH}/conn-taste/ --tcp --buffered --plugin

cd ${BRO_PLUGIN_PATH}/conn-taste
./configure --bro-dist=${DIST}

cd ${DIST}
make install

bro -NN Demo::ConnTaste

I'm guessing there is some environment variable I am missing as I tried zeek/testing/btest/plugins/protocol.bro as Robin suggested and the @TEST-EXEC statements worked as expected.


On Wed, Mar 13, 2019, 09:51 Vlad Grigorescu <vlad@es.net> wrote:
On Wed, Mar 13, 2019 at 10:17 AM anthony kasza <anthony.kasza@gmail.com> wrote:
However, the docs don't detail much beyond creating a built in function. A colleague pointed me at this quickstart script for binpac:

Oops! Sorry about that. Try this one: https://github.com/esnet/binpac_quickstart

That has a '--plugin' option. That will at least get the boilerplate stuff built, and then you can start digging into the protocol specifics.

zeek-dev mailing list