Hi, I just included <time.h> and it compiles ok now with some warnings but
that's ok...
Thanks Again!
>
>Hi,
>
>I wish to test and build bro for debian/gnu linux but I ran into a couple
>of
>problems... hope somebody can help me out.
>
>1.after ./configure I get something like:
>creating ./config.status
>creating Makefile
>creating aux/hf/Makefile
>sed: can't read ./aux/hf/Makefile.in: No such file or directory
>creating aux/cf/Makefile
>creating config.h
>config.h is unchanged
>
>my question is, should I be worried about sed not being able to read
>./aux/hf/Makefile.in?
>
>2.after ignoring the above error, continuing with make fails at
>
>sup3r:/idsbro/bro-pub-0.7a90# make
>c++ -I. -O -Ilinux-include -c Func.cc
>Func.cc: In function `void do_fmt(const char *&, Val *, ODesc *)':
>Func.cc:247: implicit declaration of function `int localtime(...)'
>Func.cc:247: implicit declaration of function `int strftime(...)'
>make: *** [Func.o] Error 1
>
>is that related to the first problem or it's another problem I need to deal
>with and I honestly don't know how...
>
>thanks for any help
>
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
Hi,
I wish to test and build bro for debian/gnu linux but I ran into a couple of
problems... hope somebody can help me out.
1.after ./configure I get something like:
creating ./config.status
creating Makefile
creating aux/hf/Makefile
sed: can't read ./aux/hf/Makefile.in: No such file or directory
creating aux/cf/Makefile
creating config.h
config.h is unchanged
my question is, should I be worried about sed not being able to read
./aux/hf/Makefile.in?
2.after ignoring the above error, continuing with make fails at
sup3r:/idsbro/bro-pub-0.7a90# make
c++ -I. -O -Ilinux-include -c Func.cc
Func.cc: In function `void do_fmt(const char *&, Val *, ODesc *)':
Func.cc:247: implicit declaration of function `int localtime(...)'
Func.cc:247: implicit declaration of function `int strftime(...)'
make: *** [Func.o] Error 1
is that related to the first problem or it's another problem I need to deal
with and I honestly don't know how...
thanks for any help
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
> How long does Bro keep ip-fragments ?
Forever.
This isn't great - clearly there should be a user-controllable timeout.
However, if you set the timeout too low, then you become vulnerable to an
evasion attack. It's not clear what's a safe timeout value (some stacks
might use a fixed-size buffer, say, and ignore implementing a timer at
all). A project I'm working on with a student (Umesh Shankar) may wind
up assessing this further.
If someone wants to add a user-controllable timeout, that would be great.
Vern
> int var;
>
> var = opt_internal_int("var");
>
> --------------------------------------
>
> Now if i change var in the any of the .cc files does the change reflect at
> the policy level ?
No, it doesn't. (This is implicitly apparent from the type signature
of opt_internal_int() - it returns an int, not an int&, so there's no
way for an assignment to the C++ variable "var" to affect any other value.
> **Otherwise is there a way to share a variable between the .cc files and
> the policy scripts ?? **
There is no simple mechanism to reflect changes to a C++ variable into
a Bro policy script variable. To do so, you have to locate the corresponding
Bro variable and invoke the Assign() method on it.
Vern
> does bro scripts support bit manipulation ?
> for eg: to see if the nth bit is set/not ?
Only via mask_addr(), which just lops off least significant bits.
Adding some built-in functions to do this would be quite easy, though.
Just use mask_addr() as a template for how to do it.
Vern
> I wonder if bro's configure script should insist on flex/bison,
> since it knows that it'll be linked with libpcap which already has
> a parser, and if both are compiled with the system lex/yacc you will
> get errors like this.
Yep, you're right, it should. The fallback to lex/yacc is vestigial.
If someone wants to contribute the right configure tweak to enforce
flex/bison, that would be cool ....
Vern
If you don't have both flex and bison installed, both libpcap and
bro will use the system lex/yacc. The system lex/yacc don't support
multiple parsers in the same executable.
I wonder if bro's configure script should insist on flex/bison,
since it knows that it'll be linked with libpcap which already has
a parser, and if both are compiled with the system lex/yacc you will
get errors like this.
Bill
