I'm trying to compile bro 0.4 on RedHat Linux 5.2, which has the
egcs compilers installed by default:
% c++ -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.90.29/specs
gcc version egcs-2.90.29 980515 (egcs-1.0.3 release)
When I try to compile bro, it stops on DNS.cc:
% make
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -DVERSION="\"0.4\"" -c main.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c parse.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c scan.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c util.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c BroString.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c CompHash.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Conn.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Desc.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Dict.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c DNS.cc
DNS.cc: In method `void DNS_Mgr::AddResult(class DNS_Request *, struct nb_dns_result *)':
DNS.cc:688: parse error before `('
make: *** [DNS.o] Error 1
Here are the source lines in the area of the error (via cat -n DNS.cc)
683 return r;
684 }
685
686 void DNS_Mgr::AddResult(DNS_Request* dr, struct nb_dns_result* r)
687 {
688 hostent* h = (r && r->h_errno == 0) ? r->hostent : 0;
689
690 DNS_Mapping* new_dm;
691 DNS_Mapping* prev_dm;
692 int keep_prev = 0;
693
Anyone have any suggestions? I'm not very good with c++, so this is beyond
my ability to fix.
Mike Iglesias Internet: iglesias(a)draco.acs.uci.edu
University of California, Irvine phone: 949-824-6926
Office of Academic Computing FAX: 949-824-2069
> I've installed bro (version 0.5a) on linux and on solaris machines
> Here follows some feedback about problems I've encountered.
>
> 1) the files doc/* are not installed in /usr/local/directory when using
> "make install"
>
> 2) directory /usr/local/bro should first be created before using "make
> install" (otherwise he copy all files to the file /usr/local/bro)
>
> 3) on Solaris 2.5.1, yacc doesn't want to compile parse.y
> A workaround was to install bison.
If you want to contribute patches for these (or at lesat for 1 & 2),
that would be great. I don't ever formally install bro myself, so
don't have occasion to use or debug these steps.
Vern
Hi y'all,
Mike, I think the easiest thing to do is to download version 0.5 including a
(nice) port to Linux.
I've installed bro (version 0.5a) on linux and on solaris machines
Here follows some feedback about problems I've encountered.
1) the files doc/* are not installed in /usr/local/directory when using
"make install"
2) directory /usr/local/bro should first be created before using "make
install" (otherwise he copy all files to the file /usr/local/bro)
3) on Solaris 2.5.1, yacc doesn't want to compile parse.y
A workaround was to install bison.
yacc -dtv parse.y
"parse.y", line 396: fatal: illegal rule: missing semicolon or | ?
*** Error code 1
\\\|///
\\ ~ ~ //
( @ @ )
_________________oOOo-(_)-oOOo_________________________________
Patrick Verstraete NCR Belgium
Tel: +32 2 761 14 09 Avenue M. Thiry, 79
Fax: +32 2 761 14 22 B-1200 Brussels
Email: Patrick.Verstraete(a)belgium.ncr.com Belgium
__________________Oooo.________________________________________
.oooO ( )
( ) ) /
\ ( (_/
\_)
> -----Original Message-----
> From: Mike Iglesias [SMTP:iglesias@draco.acs.uci.edu]
> Sent: Wednesday, December 23, 1998 12:56 AM
> To: bro(a)lbl.gov
> Subject: Problem compiling bro 0.4 on RedHat Linux 5.2
>
> I'm trying to compile bro 0.4 on RedHat Linux 5.2, which has the
> egcs compilers installed by default:
>
> % c++ -v
> Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.90.29/specs
> gcc version egcs-2.90.29 980515 (egcs-1.0.3 release)
>
> When I try to compile bro, it stops on DNS.cc:
>
> % make
> c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -DVERSION="\"0.4\""
> -c main.cc
> c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c parse.cc
> c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c scan.cc
> c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c util.cc
> c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c BroString.cc
> c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c CompHash.cc
> c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Conn.cc
> c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Desc.cc
> c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Dict.cc
> c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c DNS.cc
> DNS.cc: In method `void DNS_Mgr::AddResult(class DNS_Request *, struct
> nb_dns_result *)':
> DNS.cc:688: parse error before `('
> make: *** [DNS.o] Error 1
>
>
> Here are the source lines in the area of the error (via cat -n DNS.cc)
> 683 return r;
> 684 }
> 685
> 686 void DNS_Mgr::AddResult(DNS_Request* dr, struct nb_dns_result* r)
> 687 {
> 688 hostent* h = (r && r->h_errno == 0) ? r->hostent : 0;
> 689
> 690 DNS_Mapping* new_dm;
> 691 DNS_Mapping* prev_dm;
> 692 int keep_prev = 0;
> 693
>
> Anyone have any suggestions? I'm not very good with c++, so this is
> beyond
> my ability to fix.
>
>
> Mike Iglesias Internet:
> iglesias(a)draco.acs.uci.edu
> University of California, Irvine phone: 949-824-6926
> Office of Academic Computing FAX: 949-824-2069
> > You don't need to do those, there's a layer already in Bro that reassembles
> > fragments and dispatches the recovered packet.
>
> I assume you're referring to the fragment handling code which is
> called early on in NetSessions::NextPacket()?
Right, that's where it happens, all filtered packets go through here.
Vern
Jean-Marc Nimal writes:
> [...deleted...]
> But the problem is still buffer-related anyway, so you certainly figured
> out a soltuion already. Maybe we could change dotted_addr to implement
> two buffers, and toggle between both (like I foolishly thought it did)?
Yup, that's it.
Thanks.
< Paul
Feh, static buffers. Should probably pass in stack space for this
anyway. I like to make a new typedef that's an array of the right
size, then have people pass one in -- chance of passing in a NULL.
Return the buffer that was passed in.
Hey, then you're thread-safe too! :)
/jordan
Sorry all,
(as expectable) I said something very stupid in my answer to Paul Howell.
The integer you can specify in dotted_addr in Net.cc does of course not
select an alternate buffer but an alternate format for the answer.
So my proposed solution won't help at anything; you would still get
twice the same address (in different formats though).
But the problem is still buffer-related anyway, so you certainly figured
out a soltuion already. Maybe we could change dotted_addr to implement
two buffers, and toggle between both (like I foolishly thought it did)?
I won't risk proposing some code this time... you got the point anyway.
Jean-Marc Nimal
Aethis sa/nv
mailto:Jean-Marc.Nimal@aethis.be
> Hi,
>
> I'm sure I'm missing something easy here, but I need a set of
> more experienced eyes to help me with this.
I do not consider my eyes as so much experienced, but it seems to me
to be a simple C/C++ problem.
> In Sessions.cc, NetSessions::NextPacket(), there is:
>
> uint32 src_addr = uint32(ip->ip_src.s_addr);
> uint32 dst_addr = uint32(ip->ip_dst.s_addr);
> uint32 src_port, dst_port;
>
> // grue - print src/dst asap
> fprintf(stderr, "src %s dst %s\n", dotted_addr(src_addr),
> dotted_addr(dst_addr));
Here is it: dotted_aadr returns a pointer to the same static buffer.
So you get the result of the second call. However, the function
dotted_addr seems to include two static buffers (someone must have
had the same problem ;-) so you probably can try:
fprintf(stderr, "src %s dst %s\n", dotted_addr(src_addr,0),
dotted_addr(dst_addr,1));
Where 0/1 selects the buffer (see Net.cc).
Hopefully it helps; I'm not a C++ guru anyway, so maybe I'm completely
wrong and off-topic :-)
Jean-Marc Nimal
Aethis sa/nv
mailto:Jean-Marc.Nimal@aethis.be
Hoping this goes to the list as this is my first attempt to post to it.
Hi,
I'm sure I'm missing something easy here, but I need a set of
more experienced eyes to help me with this.
In Sessions.cc, NetSessions::NextPacket(), there is:
uint32 src_addr = uint32(ip->ip_src.s_addr);
uint32 dst_addr = uint32(ip->ip_dst.s_addr);
uint32 src_port, dst_port;
// grue - print src/dst asap
fprintf(stderr, "src %s dst %s\n", dotted_addr(src_addr),
dotted_addr(dst_addr));
I added the fprintf more as a temporary debug line to see
src/dst ip addresses.
When I compile this and run it, I see the same ip address for
source and destination. I would have expected to see different
src/dst addresses, thinking that NetSessions::NextPacket() is called
for every packet received.
So what am I missing?
Thanks.
< paul
Hi,
I was curious if anyone has taken a look at replacing tcpdump
with bro in the shadow ids package?
It seems like a cool way to get a gui wrapped around bro.
Thanks.
< paul
