> http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
> The author said Bro is modified to generate the 41 features, I
> would preciated if someone is kind enough to give me some hints how
> to do this. I am sure a event analyser and handler sould added to
> Bro, but where, how and when to invoke the event handler.
Presumably, yes, they wrote policy scripts, and perhaps also extended
the event engine. But it seems you should ask the authors directly
to get the details.
Vern
Hi
Looking for help!
hash_t HashKey::HashBytes(const void* bytes, int size) const
{
const unsigned char* cp = (const unsigned char*) bytes;
hash_t h = 0;//unsigned int
for ( int i = 0; i < size; ++i )
// Overflow is okay here.
h = (h >> 31) + (h << 1) + cp[i];
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~This arithmetic make
sure there is no collision????
return h;
}
Have a nice day!
Ciao
Cloud
_________________________________________________________________
享用世界上最大的电子邮件系统― MSN Hotmail。 http://www.hotmail.com
> PQueue(SteppingStoneEndpoint)& OrderedEndpoints()//£¿£¿£¿
> ~~~What does this mean? I can not find
> it in
> standard C++.
"PQueue(SteppingStoneEndpoint)" is actually a macro definition (defined
in Queue.h) that refers to an instantiation of a generic type. In
particular, it's definiing a pointer to a Queue, for which the elements
of the queue are SteppingStoneEndpoint objects.
If I had started writing Bro recently rather than quite a few years ago,
I would have used templates instead.
So "PQueue(SteppingStoneEndpoint)&" is a reference to such a pointer.
Vern
Hi
class SteppingStoneManager {
public:
SteppingStoneManager() { endp_cnt = 0; }
PQueue(SteppingStoneEndpoint)& OrderedEndpoints()//???
~~~What does this mean? I can not find
it in
standard C++.
{ return ordered_endps; }
......
}
Thanks for your help
Have a nice year;
Ciao
Cloud
_________________________________________________________________
免费下载 MSN Explorer: http://explorer.msn.com/lccn/
>Check for pcap_open_live in PktSrc.cc -- I think you'll find what
>you're looking for there....
Great!
Thanks a lot
Have a nice day.
Ciao
Cloud
_________________________________________________________________
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
>There are other libpcap functions which Bro makes use of.
Oh , it is pcap_next. Thanks a lot!
Have a nice day.
Ciao
Cloud
_________________________________________________________________
免费下载 MSN Explorer: http://explorer.msn.com/lccn/
Hi
Marry christmas.
I can't find out pcap_dispatch either pcap_loop in Bro.
How does Bro collet packets ???
Have a nice year.
Ciao
Cloud
_________________________________________________________________
免费下载 MSN Explorer: http://explorer.msn.com/lccn/
Check for pcap_open_live in PktSrc.cc -- I think you'll find what
you're looking for there....
--eli
In reply to "Wang Shaofu" <wsffree(a)hotmail.com> :
> Hi
>
> Marry christmas.
>
> I can't find out pcap_dispatch either pcap_loop in Bro.
> How does Bro collet packets ???
>
> Have a nice year.
> Ciao
> Cloud
>
>
> _________________________________________________________________
> =C3=E2=B7=D1=CF=C2=D4=D8 MSN Explorer: http://explorer.msn.com/lccn/=20
>
