zeek December 1998

zeek@lists.zeek.org

6 participants
13 discussions

Problem compiling bro 0.4 on RedHat Linux 5.2

by Mike Iglesias

I'm trying to compile bro 0.4 on RedHat Linux 5.2, which has the egcs compilers installed by default: % c++ -v Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.90.29/specs gcc version egcs-2.90.29 980515 (egcs-1.0.3 release) When I try to compile bro, it stops on DNS.cc: % make c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -DVERSION="\"0.4\"" -c main.cc c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c parse.cc c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c scan.cc c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c util.cc c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c BroString.cc c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c CompHash.cc c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Conn.cc c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Desc.cc c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Dict.cc c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c DNS.cc DNS.cc: In method `void DNS_Mgr::AddResult(class DNS_Request *, struct nb_dns_result *)': DNS.cc:688: parse error before `(' make: *** [DNS.o] Error 1 Here are the source lines in the area of the error (via cat -n DNS.cc) 683 return r; 684 } 685 686 void DNS_Mgr::AddResult(DNS_Request* dr, struct nb_dns_result* r) 687 { 688 hostent* h = (r && r->h_errno == 0) ? r->hostent : 0; 689 690 DNS_Mapping* new_dm; 691 DNS_Mapping* prev_dm; 692 int keep_prev = 0; 693 Anyone have any suggestions? I'm not very good with c++, so this is beyond my ability to fix. Mike Iglesias Internet: iglesias(a)draco.acs.uci.edu University of California, Irvine phone: 949-824-6926 Office of Academic Computing FAX: 949-824-2069

22 years, 6 months

Re: Problem compiling bro 0.4 on RedHat Linux 5.2

by Vern Paxson

> I've installed bro (version 0.5a) on linux and on solaris machines > Here follows some feedback about problems I've encountered. > > 1) the files doc/* are not installed in /usr/local/directory when using > "make install" > > 2) directory /usr/local/bro should first be created before using "make > install" (otherwise he copy all files to the file /usr/local/bro) > > 3) on Solaris 2.5.1, yacc doesn't want to compile parse.y > A workaround was to install bison. If you want to contribute patches for these (or at lesat for 1 & 2), that would be great. I don't ever formally install bro myself, so don't have occasion to use or debug these steps. Vern

22 years, 6 months

RE: Problem compiling bro 0.4 on RedHat Linux 5.2

by Verstraete, Patrick

Hi y'all, Mike, I think the easiest thing to do is to download version 0.5 including a (nice) port to Linux. I've installed bro (version 0.5a) on linux and on solaris machines Here follows some feedback about problems I've encountered. 1) the files doc/* are not installed in /usr/local/directory when using "make install" 2) directory /usr/local/bro should first be created before using "make install" (otherwise he copy all files to the file /usr/local/bro) 3) on Solaris 2.5.1, yacc doesn't want to compile parse.y A workaround was to install bison. yacc -dtv parse.y "parse.y", line 396: fatal: illegal rule: missing semicolon or | ? *** Error code 1 \\\|/// \\ ~ ~ // ( @ @ ) _________________oOOo-(_)-oOOo_________________________________ Patrick Verstraete NCR Belgium Tel: +32 2 761 14 09 Avenue M. Thiry, 79 Fax: +32 2 761 14 22 B-1200 Brussels Email: Patrick.Verstraete(a)belgium.ncr.com Belgium __________________Oooo.________________________________________ .oooO ( ) ( ) ) / \ ( (_/ \_) > -----Original Message----- > From: Mike Iglesias [SMTP:iglesias@draco.acs.uci.edu] > Sent: Wednesday, December 23, 1998 12:56 AM > To: bro(a)lbl.gov > Subject: Problem compiling bro 0.4 on RedHat Linux 5.2 > > I'm trying to compile bro 0.4 on RedHat Linux 5.2, which has the > egcs compilers installed by default: > > % c++ -v > Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.90.29/specs > gcc version egcs-2.90.29 980515 (egcs-1.0.3 release) > > When I try to compile bro, it stops on DNS.cc: > > % make > c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -DVERSION="\"0.4\"" > -c main.cc > c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c parse.cc > c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c scan.cc > c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c util.cc > c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c BroString.cc > c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c CompHash.cc > c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Conn.cc > c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Desc.cc > c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Dict.cc > c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c DNS.cc > DNS.cc: In method `void DNS_Mgr::AddResult(class DNS_Request *, struct > nb_dns_result *)': > DNS.cc:688: parse error before `(' > make: *** [DNS.o] Error 1 > > > Here are the source lines in the area of the error (via cat -n DNS.cc) > 683 return r; > 684 } > 685 > 686 void DNS_Mgr::AddResult(DNS_Request* dr, struct nb_dns_result* r) > 687 { > 688 hostent* h = (r && r->h_errno == 0) ? r->hostent : 0; > 689 > 690 DNS_Mapping* new_dm; > 691 DNS_Mapping* prev_dm; > 692 int keep_prev = 0; > 693 > > Anyone have any suggestions? I'm not very good with c++, so this is > beyond > my ability to fix. > > > Mike Iglesias Internet: > iglesias(a)draco.acs.uci.edu > University of California, Irvine phone: 949-824-6926 > Office of Academic Computing FAX: 949-824-2069

22 years, 7 months

Re: icmp and bro

by Vern Paxson

> > You don't need to do those, there's a layer already in Bro that reassembles > > fragments and dispatches the recovered packet. > > I assume you're referring to the fragment handling code which is > called early on in NetSessions::NextPacket()? Right, that's where it happens, all filtered packets go through here. Vern

22 years, 7 months

Re: sanity check in bro

by Paul Howell

Jean-Marc Nimal writes: > [...deleted...] > But the problem is still buffer-related anyway, so you certainly figured > out a soltuion already. Maybe we could change dotted_addr to implement > two buffers, and toggle between both (like I foolishly thought it did)? Yup, that's it. Thanks. < Paul

22 years, 7 months

Re: sanity check in bro

by jordan＠Thinkbank.COM

Feh, static buffers. Should probably pass in stack space for this anyway. I like to make a new typedef that's an array of the right size, then have people pass one in -- chance of passing in a NULL. Return the buffer that was passed in. Hey, then you're thread-safe too! :) /jordan

22 years, 7 months

Re: sanity check in bro

by Jean-Marc Nimal

Sorry all, (as expectable) I said something very stupid in my answer to Paul Howell. The integer you can specify in dotted_addr in Net.cc does of course not select an alternate buffer but an alternate format for the answer. So my proposed solution won't help at anything; you would still get twice the same address (in different formats though). But the problem is still buffer-related anyway, so you certainly figured out a soltuion already. Maybe we could change dotted_addr to implement two buffers, and toggle between both (like I foolishly thought it did)? I won't risk proposing some code this time... you got the point anyway. Jean-Marc Nimal Aethis sa/nv mailto:Jean-Marc.Nimal@aethis.be

22 years, 7 months

Re: sanity check in bro

by Jean-Marc Nimal

> Hi, > > I'm sure I'm missing something easy here, but I need a set of > more experienced eyes to help me with this. I do not consider my eyes as so much experienced, but it seems to me to be a simple C/C++ problem. > In Sessions.cc, NetSessions::NextPacket(), there is: > > uint32 src_addr = uint32(ip->ip_src.s_addr); > uint32 dst_addr = uint32(ip->ip_dst.s_addr); > uint32 src_port, dst_port; > > // grue - print src/dst asap > fprintf(stderr, "src %s dst %s\n", dotted_addr(src_addr), > dotted_addr(dst_addr)); Here is it: dotted_aadr returns a pointer to the same static buffer. So you get the result of the second call. However, the function dotted_addr seems to include two static buffers (someone must have had the same problem ;-) so you probably can try: fprintf(stderr, "src %s dst %s\n", dotted_addr(src_addr,0), dotted_addr(dst_addr,1)); Where 0/1 selects the buffer (see Net.cc). Hopefully it helps; I'm not a C++ guru anyway, so maybe I'm completely wrong and off-topic :-) Jean-Marc Nimal Aethis sa/nv mailto:Jean-Marc.Nimal@aethis.be Hoping this goes to the list as this is my first attempt to post to it.

22 years, 7 months

sanity check in bro

by Paul Howell

Hi, I'm sure I'm missing something easy here, but I need a set of more experienced eyes to help me with this. In Sessions.cc, NetSessions::NextPacket(), there is: uint32 src_addr = uint32(ip->ip_src.s_addr); uint32 dst_addr = uint32(ip->ip_dst.s_addr); uint32 src_port, dst_port; // grue - print src/dst asap fprintf(stderr, "src %s dst %s\n", dotted_addr(src_addr), dotted_addr(dst_addr)); I added the fprintf more as a temporary debug line to see src/dst ip addresses. When I compile this and run it, I see the same ip address for source and destination. I would have expected to see different src/dst addresses, thinking that NetSessions::NextPacket() is called for every packet received. So what am I missing? Thanks. < paul

22 years, 7 months

shadow project and bro?

by Paul Howell

Hi, I was curious if anyone has taken a look at replacing tcpdump with bro in the shadow ids package? It seems like a cool way to get a gui wrapped around bro. Thanks. < paul

22 years, 7 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

zeek December 1998