Hi,
I don't if this is the right list to post this message, but in case
someone has the same problem, she can resolve it manually before we fix
in in the configure script. (Vern, I can't find project Bro on either
Mantis or bugzilla.)
I am trying to compile Bro on a Mac OS X and encounter the following
two problems, both related to nb_dns.c:
The first is compile error. It is because the header file
arpa/nameser.h does not define HEADER, which is defined in
arpa/nameser_compat.h. nameser_compat.h will be included by nameser.h
only if BIND_8_COMPAT is defined, but I don't know if we should define
that. After including nameser_compat.h in nb_dns.c, it is able to
compile correctly.
gcc -I. -Ilibedit -O -c nb_dns.c
nb_dns.c: In function `_nb_dns_mkquery':
nb_dns.c:255: error: syntax error before '*' token
nb_dns.c:306: error: `hp' undeclared (first use in this function)
nb_dns.c:306: error: (Each undeclared identifier is reported only once
nb_dns.c:306: error: for each function it appears in.)
nb_dns.c:306: error: `HEADER' undeclared (first use in this function)
nb_dns.c:306: error: parse error before ')' token
nb_dns.c: In function `nb_dns_host_request2':
nb_dns.c:340: error: `T_A' undeclared (first use in this function)
nb_dns.c:345: error: `T_AAAA' undeclared (first use in this function)
nb_dns.c: In function `nb_dns_addr_request2':
nb_dns.c:412: error: `T_PTR' undeclared (first use in this function)
nb_dns.c: In function `nb_dns_activity':
nb_dns.c:468: error: `HFIXEDSZ' undeclared (first use in this function)
nb_dns.c:576: error: `T_A' undeclared (first use in this function)
nb_dns.c:577: error: `T_AAAA' undeclared (first use in this function)
nb_dns.c:605: error: `T_PTR' undeclared (first use in this function)
make: *** [nb_dns.o] Error 1
Next came the link error:
ld: Undefined symbols:
_res_9_dn_expand
_res_9_init
_res_9_mkquery
_res_9_ns_initparse
_res_9_ns_msg_getflag
_res_9_ns_parserr
This is because libresolv is not linked. Looking at the configure
script reveals that it looks for libresolv.a, but only libresolv.dylib
is available. Just adding '-lresolv' to Makefile solves the problem.
Ruoming
Hi,
I found this new event :
bad option termination
in weird.log
but this event not contains "_" ?
Possible change to : ?
bad_option_termination
Regards
Rmkml(a)Wanadoo.fr
> I want to read the bro archives.
>
> After sending - get bro archive - to majordomo(a)bro-ids.org, from two different mailing addresses I have received the following responses:
>
I'm now back from vacation and am looking into this. This happened a few
months ago because a virus was in one of the (spam) messages in the archive,
and the viruswall wouldn't allow it to be sent outbound. That may have
happened again, sigh.
Vern
> I received this packet,
> but bro not detect bad tcp options,
> possible pb on bro ?
> because 'bad tcp cksum' ?
If the TCP checksum is bad, then the packet is ill-formed. It does not
make sense in that case to complain about a bad option, since the packet
cannot be processed in any case.
> why bro detect OTH ?
Because the connection is not in a well-defined state. Bro does *not*
consider it to have corresponded to a SYN being sent, because the packet
carrying the SYN was ill-formed. For all it can tell, part of the damage
to the packet might have been to the control flags, and the SYN setting
is bogus.
Vern
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have begun testing the cross-bro communication functionality, and have
a few problems. Are there any example configurations that I might look
at? Currently I have boxes acknowledging one another, but am having
difficulty getting events to move across.
Does anybody have any sort of documentation or examples? Anything would
be helpful at this point...
Many thanks!
scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFA2KI8K2Plq8B7ZBwRAkeWAKC2QbxpigefqhmRPVCaGINjC3Qv1wCg0v27
DcTy/qPa6z5CHh6PMQ/yJ9g=
=ptxn
-----END PGP SIGNATURE-----
On Mon, 2004-06-21 at 16:13, Ruoming Pang wrote:
> I have the same problems with 0.8a86.
>
> Ruoming
>
> On Jun 21, 2004, at 7:04 PM, Ruoming Pang wrote:
>
> >> what version is this?
> >
> > It's the latest version: 0.9a2. Let me download 0.8 and see if that
> > compiles.
Somebody sponsor me a powerbook and I'll fix it in no time! *grin*
(Sorry I have no way to reproduce that ... good luck!)
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25http://www.whoop.org
Hi,
I want to read the bro archives.
After sending - get bro archive - to majordomo(a)bro-ids.org, from two different mailing addresses I have received the following responses:
--
>>>> get bro archive
List 'bro' file 'archive'
is being sent as a separate message.
>>>>
>>>>
>>>>
>>>>
>>>>
However, I have not receieved the archive files after many days.
Regards,
Phillip Lucs
