> I need to traverse the table sequentially (upwards and downwards).
> However it seems that the 'for' command does not do that.
Right, it doesn't. (It's also not clear what "sequentially" means for
some types of table indexes, for example address/port pairs.)
What particular problem are you trying to solve? I ask because that'll
help me think about what sort of mechanism to add to support it.
Vern
>
> - There's now a "for" statement to iterate over the indices of
> a table or the members of a set:
>
> for ( i in foo )
>
> for the above "foo" will iterate with i assigned to 1, 2, and 3;
> *but not in general in that order*.
>
I need to traverse the table sequentially (upwards and downwards).
However it seems that the 'for' command does not do that.
Did you mean the same thing when you said :
"*but not in general in that order*"
Also is there any workaround so that i can access the table sequentially.
regards
Ashley
> Since "for" construct was not there in bro, i was using "recursive"
> function calls in my script.
> But now that "for" loop construct is there, i can use that.
>
> I want to know how much will i gain by doing that. because presently i am using 0.7a48 and i have to do some additional changes to 0.7a62 before i can use that.
>
> I am using the recursive call for almost 512 rounds. so i guess there will be a tremendous change if i use for loop instead , right ?
The for loop ought to be a lot more efficient, yes. But what you gain will
of course depend on how much your performance is currently dominated by the
recursive calls.
Vern
Ashley Thomas
1713 Crest road #1
Raleigh NC 27606
phone (919)-829-3576
> Now i moved to libpcap-0.6.2 and it give this link error while compiling.
>
> I changed the libpcap and again it works perfectly.
It appears that your libpcap-0.6.2 was compiled using a version of yacc
that doesn't support -p. If you can easily remedy that (say by using
bison), that should do the trick. Since your libpcap-0.4 doesn't have this
problem, it seems likely your system has the necessary flavor of yacc, but
for some reason ./configure didn't find it when building libpcap.
Vern
Hi,
I am using bro version 0.7a62 and openBSD 2.8
I was using libpcap-0.4 and everything was compiling perfectly.
Now i moved to libpcap-0.6.2 and it give this link error while compiling.
I changed the libpcap and again it works perfectly.
regards
tom
c++ -o bro main.o net_util.o parse.o scan.o re-parse.o re-scan.o util.o
Attr.o BackDoor.o BroString.o CCL.o CompHash.o Conn.o DFA.o Desc.o Dict.o
Discard.o DNS.o EquivClass.o Event.o Expr.o File.o Finger.o Frag.o Frame.o
FTP.o Func.o Hash.o HTTP.o ICMP.o ID.o Ident.o InterConn.o List.o Logger.o
Login.o NFA.o NVT.o Net.o NetVar.o Obj.o PktSrc.o Portmap.o PriorityQueue.o
Queue.o Reassem.o Rlogin.o RE.o RPC.o Scope.o Sessions.o SteppingStone.o
Stmt.o TCP.o Telnet.o Timer.o Type.o UDP.o Val.o Var.o XDR.o cq.o nb_dns.o
setsignal.o version.o -Lbind8/lib -lbind ../libpcap-0.6.2/libpcap.a -lm
parse.o: Definition of symbol `_yylhs' (multiply defined)
parse.o: Definition of symbol `_yylen' (multiply defined)
parse.o: Definition of symbol `_yydefred' (multiply defined)
parse.o: Definition of symbol `_yydgoto' (multiply defined)
parse.o: Definition of symbol `_yysindex' (multiply defined)
parse.o: Definition of symbol `_yyrindex' (multiply defined)
parse.o: Definition of symbol `_yygindex' (multiply defined)
parse.o: Definition of symbol `_yytable' (multiply defined)
parse.o: Definition of symbol `_yycheck' (multiply defined)
../libpcap-0.6.2/libpcap.a(grammar.o): Definition of symbol `_yylhs'
(multiply defined)
../libpcap-0.6.2/libpcap.a(grammar.o): Definition of symbol `_yylen'
(multiply defined)
../libpcap-0.6.2/libpcap.a(grammar.o): Definition of symbol `_yydefred'
(multiply defined)
../libpcap-0.6.2/libpcap.a(grammar.o): Definition of symbol `_yydgoto'
(multiply defined)
../libpcap-0.6.2/libpcap.a(grammar.o): Definition of symbol `_yysindex'
(multiply defined)
../libpcap-0.6.2/libpcap.a(grammar.o): Definition of symbol `_yyrindex'
(multiply defined)
../libpcap-0.6.2/libpcap.a(grammar.o): Definition of symbol `_yygindex'
(multiply defined)
../libpcap-0.6.2/libpcap.a(grammar.o): Definition of symbol `_yytable'
(multiply defined)
../libpcap-0.6.2/libpcap.a(grammar.o): Definition of symbol `_yycheck'
(multiply defined)
collect2: ld returned 1 exit status
*** Error code 1
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
> I have:
> - a packet counter
> - an interval
> - a threshold of packet per second.
>
> When I multiplie the interval with the threshold the result is an interval.
> I want to compare the result with the counter (of count type).
>
> Is there a converter (interval->count/int) or a smarter way to do it?
Ouch, no, there's no real way to do this. Probably the easiest solution
would be to add interval<->double converters. This is actually simple
to do, if you look in Func.cc at how bro_to_net is defined and exported,
and do the analogous operations.
Vern
> When is the -w option useful ?
> What is the real need to write the traffic to a tcpdump file if we are
> analysing it already
It can be very useful to be able to analyze traffic off-line in order
to explore changes to policy scripts. For operational use, my experience
is it's rare to wind up going to the trace file, so if the disk space
is a problem, skipping it should generally be okay.
Vern
Hi,
When is the -w option useful ?
What is the real need to write the traffic to a tcpdump file if we are
analysing it already
regards
tom
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
Hi,
I need to compare an amount of packet with what becomes an interval. Let me
explain:
I have:
- a packet counter
- an interval
- a threshold of packet per second.
When I multiplie the interval with the threshold the result is an interval.
I want to compare the result with the counter (of count type).
Is there a converter (interval->count/int) or a smarter way to do it?
Thanks in advance.
Magnus.
> The bro version i am using is bro-0.7a48 and platform is
> OpenBSD park 2.8 GENERIC#399 i386
>
> I am getting the following error while trying to compile bro:
> Any pointers will be helpful.
> ...
> setsignal.o: Undefined symbol `_sigset' referenced from text segment
> collect2: ld returned 1 exit status
Does OpenBSD lack sigset()? If so, then you'll need to figure out why the
autoconf configure script is defining HAVE_SIGSET.
Vern
The bro version i am using is bro-0.7a48 and platform is
OpenBSD park 2.8 GENERIC#399 i386
I am getting the following error while trying to compile bro:
Any pointers will be helpful.
thanks a lot
>>make
c++ -o bro main.o net_util.o parse.o scan.o re-parse.o re-scan.o util.o
Attr.o BackDoor.o BroString.o CCL.o CompHash.o Conn.o DFA.o Desc.o Dict.o
Discard.o DNS.o EquivClass.o Event.o Expr.o File.o Finger.o Frag.o Frame.o
FTP.o Func.o Hash.o HTTP.o ICMP.o ID.o Ident.o InterConn.o List.o Logger.o
Login.o NFA.o NVT.o Net.o NetVar.o Obj.o OtherTCP.o PktSrc.o Portmap.o
PriorityQueue.o Queue.o Reassem.o Rlogin.o RE.o RPC.o Scope.o Sessions.o
SteppingStone.o Stmt.o TCP.o Telnet.o Timer.o Type.o UDP.o Val.o Var.o
XDR.o cq.o nb_dns.o setsignal.o version.o -Lbind8/lib -lbind
../libpcap-0.4/libpcap.a -lm
setsignal.o: Undefined symbol `_sigset' referenced from text segment
collect2: ld returned 1 exit status
*** Error code 1
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
