zeek May 2010

zeek@lists.zeek.org

13 participants
13 discussions

by Bill Jones

John, Thanks for the quick response. > Not sure what Netscalar does, but it all should act the same. The host > TCP stack would drop any attempted connection for which a session was > not established regardless of what was upstream from it. Quick and > dirty, you sould be able to fire up tcpdump and see the session > initialization. That's what I'm finding strange. After running a tcpdump capture on the interface and analyzing it with Wireshark, I do not see any 3-way handshakes for this particular web application. For any HTTP GET that I see in Wireshark that pertains to this application, when I "Follow TCP Stream", the first entry in Wireshark is always the GET message itself. For all other applications on the network, doing the above results in the first entry being the SYN. I've generated a few dumps with the same results. I wonder if the load balancer is somehow keeping a session active for very long periods (if this even makes sense). If you have any suggestions or thoughts, I'd be very interested. Thanks, Bill On Sat, Feb 6, 2010 at 12:51 PM, John Hally <JHally(a)ebscohost.com> wrote: > Hi Bill, > > I've run BRO in the past with load balancers (Arrowpoint/Cisco CSS) and > was able to see all traffic. In our setup we had 2 segments; a VIP > access link and a services trunk link where the real/origin servers > lived. Both of these links had physical network taps and it was as > simple as plugging in the Ethernet, flipping the interface to > UP/PROMISC, and starting BRO. > > With the CSS, even though the unit would handle the initial connection, > it would 'snap' that over to the origin server it picked during load > balancing so you would still see the tcp setup. > > Not sure what Netscalar does, but it all should act the same. The host > TCP stack would drop any attempted connection for which a session was > not established regardless of what was upstream from it. Quick and > dirty, you sould be able to fire up tcpdump and see the session > initialization. > > Thoughts? > > Tahnks. > > John. > > -----Original Message----- > From: bro-bounces(a)ICSI.Berkeley.EDU > [mailto:bro-bounces@ICSI.Berkeley.EDU] On Behalf Of Bill Jones > Sent: Saturday, February 06, 2010 10:22 AM > To: bro(a)ICSI.Berkeley.EDU > Subject: [Bro] Load Balancers > > Hi everyone, > > I was curious if anyone has any experience running bro between > load-balancers (such as Netscaler) and web applications. We are > currently trying to get HTTP logs generated for a web application. We > couldn't figure out why bro was not triggering the HTTP analyzer, but > I now believe that this is because it is never seeing the original SYN > + SYN/ACK for the conversation. When viewing the conversations in > Wireshark, I can see that all the TCP streams for this particular > application begin with the GET and do not include the initial 3-way > handshake. > > Here is an entry in the conn.log for this stream which shows the states: > > 1265389087.849048 ? 10.19.120.12 10.19.2.78 http 2232 80 tcp 14785 > 604140 OTH X DdAa > > Other web applications on the wire, which do have the 3-way handshake > visible for all connections, seem to work just fine and I get http > logs. > > My questions are: > > Am I correct in assuming that the lack of initial connection > establishment is why the HTTP analysis is never occurring (and > therefore I'm not getting entries in http.log)? > > Is there a way to force bro to analyze the traffic even though there > is no proper 3-way handshake visible? > > > Thanks for your time, > Bill > _______________________________________________ > Bro mailing list > bro(a)bro-ids.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro >

11 years, 1 month

[Bro] Segmentation fault with dns-anonymizer

by Lothar Braun

Hi, I'm trying to anonymize a DNS trace while running bro 1.5.1 and get a segmentation fault while running bro -r trace.pcap dns-anonymizer.bro -w output.pcap The segmentation fault results in this back trace: #0 0x000000000064c474 in __ns_name_pack () #1 0x000000000064cd32 in __ns_name_compress () #2 0x00000000005d5ae8 in DNS_Rewriter::DnsCopyQuery (this=0x2830fb0, query=0x2834c40, qtype=6, qclass=1) at DNS_Rewriter.cc:100 #3 0x000000000045e713 in bro_rewrite_dns_reply_question (frame=0x2825f20, BiF_ARGS=0x2832440) at dns-rw.bif:23 #4 0x00000000004daaa7 in BuiltinFunc::Call (this=0x22c0050, args=0x2832440, parent=0x2825f20) at Func.cc:451 #5 0x00000000004a5081 in CallExpr::Eval (this=0x276e6d0, f=0x2825f20) at Expr.cc:4629 #6 0x000000000058618f in ExprStmt::Exec (this=0x276e770, f=0x2825f20, flow=@0x7fff72d90aa4) at Stmt.cc:397 #7 0x000000000058723a in StmtList::Exec (this=0x276dba0, f=0x2825f20, flow=@0x7fff72d90aa4) at Stmt.cc:1432 #8 0x00000000004e1ea0 in BroFunc::Call (this=0x2645ee0, args=0x282fec0, parent=0x0) at Func.cc:308 #9 0x0000000000485a0d in EventHandler::Call (this=0x2123a40, vl=0x282fec0, no_remote=false) at EventHandler.cc:67 #10 0x000000000040c835 in Event::Dispatch (this=0x2833810, no_remote=false) at Event.h:43 #11 0x0000000000485439 in EventMgr::Dispatch (this=0x95b760) at Event.cc:107 #12 0x00000000004854a6 in EventMgr::Drain (this=0x95b760) at Event.cc:119 #13 0x000000000051aa68 in net_packet_dispatch (t=1275291343.0222969, hdr=0x22c1fe0, pkt=0x276e812 "", hdr_size=14, src_ps=0x22c1fa0, pkt_elem=0x0) at Net.cc:436 #14 0x000000000051acb5 in net_packet_arrival (t=1275291343.0222969, hdr=0x22c1fe0, pkt=0x276e812 "", hdr_size=14, src_ps=0x22c1fa0) at Net.cc:498 #15 0x000000000052e198 in PktSrc::Process (this=0x22c1fa0) at PktSrc.cc:199 #16 0x000000000051adf1 in net_run () at Net.cc:528 #17 0x000000000040a4df in main (argc=6, argv=0x7fff72d915c8) at main.cc:999 The crash happens within dn_comp in len = dn_comp(dname, pkt + pkt_size, DNS_PKT_SIZE - pkt_size, dn_ptrs, last_dn_ptr); at some point within the trace. This does not happen on the first DNS packet in the trace, but somewhere in the middle. Hence, there where successful calls to DNS_Rewriter::DnsCopyQuery() before the segmentation fault. I tried to debug the issue and found that the crash is probably due to uninitialized variables dn_ptrs and last_dn_ptr. Digging deeper into the problem, I found that the DNS_Rewriter object (this = 0x2830fb0) has never been initialized (the constructor of that object has never been called). Is this a known problem? I could not find any issue at the bug tracker that seems to be related. Can someone give me a hint on how to further debug the problem? Best regards, Lothar

12 years

[Bro] regex

by CS Lee

hi tianxin, Bro uses flex regex - http://flex.sourceforge.net/manual/Patterns.html#Patterns By the way take a good read here - http://blog.icir.org/2008/06/bro-signature-engine.html Cheers! -- Best Regards, CS Lee<geek00L[at]gmail.com> http://geek00l.blogspot.com http://defcraft.net

12 years

[Bro] Questions on regular expression syntax in BRO system

by tianxin＠mail.ustc.edu.cn

Hello: I am from a research group interested in NIDS, our group has developed several ways to improve regex engine performance and decides to do experiments based on real open-source NIDS system. However, it takes too much time to read bro code and find what we need, so here we need your help . We will appreciate if anyone can answer our questions. The Question: 1 We know that bro uses regular expression, but we didn't find anything about the syntax of the regular expression applied. We want to know where to obtain related information. (As far as we know ,the snort system uses pcre regex engine whose syntax is perl compatible, how about bro? ) 2 Does bro implement a regex engine itself? Or does it use some regex engine library? If it implements an engine, then which part of code is it? If it uses a library, then could you tell me what library it uses?

12 years

[Bro] Questions on regular expression syntax in BRO system

by tianxin＠mail.ustc.edu.cn

12 years

[Bro] Bro 1.5.1 compile error on FreeBSD AMD64

by CS Lee

hi guys, When I try to compile bro 1.5.1 on FreeBSD AMD64 platform, I hit this error - building '_broccoli_intern' extension cc -shared -pthread -L/usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs -I/usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src /usr/home/cslee/bro-source/bro-1.5.1/aux/broctl/.python-build/temp.freebsd-8.0-RELEASE-amd64-2.6/broccoli_intern_wrap.o -L../../src/.libs -lbroccoli -o /usr/home/cslee/bro-source/bro-1.5.1/aux/broctl/.python-build/lib.freebsd-8.0-RELEASE-amd64-2.6/_broccoli_intern.so /usr/bin/ld: /usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs/libbroccoli.a(bro.o): relocation R_X86_64_32 can not be used when making a shared object; recompile with -fPIC /usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs/libbroccoli.a: could not read symbols: Bad value error: command 'cc' failed with exit status 1 *** Error code 1 Anyway thanks to robin for pointed stuffs on bro log archive stuffs. -- Best Regards, CS Lee<geek00L[at]gmail.com> http://geek00l.blogspot.com http://defcraft.net

12 years, 1 month

[Bro] Bro 1.5

by CS Lee

hi guys, Is there an easy way to rotate bro log(in $BROHOME/spool/bro) to 'per day log' after 24 hours and only archive it in gzip format after 48 hours? Thanks -- Best Regards, CS Lee<geek00L[at]gmail.com> http://geek00l.blogspot.com http://defcraft.net

12 years, 1 month

[Bro] problem installing bro ids

by squald squald

Hi, I'm an university student that is doing a research project on bro, however I'm having some difficulties installing bro by using cygwin. So, I'm wondering if it is possible to install bro onto a windows computer, if yes, please explain the instructions; if no, well I just wanted clarification so I don't continually try. Also if it is possible to install using cygwin, the main problem i have is the use of the pcap library and how to use it correctly since windows uses winpcap. I hope you can clarify some of these issues I'm having. thanks, Kenneth _________________________________________________________________ 30 days of prizes: Hotmail makes your day easier! Enter Now. http://go.microsoft.com/?linkid=9729710

12 years, 1 month

[Bro] Bro Installation Problem - Python/GCC

by Faisal Iqbal

Hi, I've installed Bro 1.5.1 on a Ubuntu 9.04 machine and its working fine however when I try to install the same version on RHEL 5 machine I'm getting errors during compile. More specifically, it gives gcc errors for broccoli_intern_wrap.c file. I have python/gcc etc on that machine and I'm using shipped version of pcap [that is the only big difference between two machines apart from OS I think]. Below is the output of make ************************************************************************* running build running build_py running build_ext building '_broccoli_intern' extension gcc -pthread -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/home/iqbalf/bro/bro-1.5.1/aux/broccoli/src -fPIC -I../../src -I/usr/local/include/python2.6 -c broccoli_intern_wrap.c -o /home/iqbalf/bro/bro-1.5.1/aux/broctl/.python-build/temp.linux-i686-2.6/broccoli_intern_wrap.o broccoli_intern_wrap.c: In function ‘valToPyObj’: broccoli_intern_wrap.c:2638: warning: pointer targets in passing argument 1 of ‘PyString_FromStringAndSize’ differ in signedness broccoli_intern_wrap.c: In function ‘pyObjToVal’: broccoli_intern_wrap.c:2724: warning: pointer targets in assignment differ in signedness broccoli_intern_wrap.c: In function ‘event_callback’: broccoli_intern_wrap.c:2818: warning: suggest explicit braces to avoid ambiguous ‘else’ broccoli_intern_wrap.c: In function ‘_wrap_BroCtx_lock_func_set’: broccoli_intern_wrap.c:3236: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ‘_wrap_BroCtx_id_func_set’: broccoli_intern_wrap.c:3288: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ‘_wrap_BroCtx_dl_create_func_set’: broccoli_intern_wrap.c:3340: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ‘_wrap_BroCtx_dl_lock_func_set’: broccoli_intern_wrap.c:3392: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ‘_wrap_BroCtx_dl_free_func_set’: broccoli_intern_wrap.c:3444: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_pkt_time_set’: broccoli_intern_wrap.c:4649: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_pkt_time_get’: broccoli_intern_wrap.c:4672: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_pkt_hdr_size_set’: broccoli_intern_wrap.c:4702: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_pkt_hdr_size_get’: broccoli_intern_wrap.c:4725: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_pkt_link_type_set’: broccoli_intern_wrap.c:4755: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_pkt_link_type_get’: broccoli_intern_wrap.c:4778: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_pkt_pcap_hdr_set’: broccoli_intern_wrap.c:4789: error: storage size of ‘arg2’ isn’t known broccoli_intern_wrap.c:4811: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4814: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4789: warning: unused variable ‘arg2’ broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_pkt_pcap_hdr_get’: broccoli_intern_wrap.c:4826: error: storage size of ‘result’ isn’t known broccoli_intern_wrap.c:4837: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4838: error: invalid application of ‘sizeof’ to incomplete type ‘struct pcap_pkthdr’ broccoli_intern_wrap.c:4838: error: invalid application of ‘sizeof’ to incomplete type ‘struct pcap_pkthdr’ broccoli_intern_wrap.c:4826: warning: unused variable ‘result’ broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_pkt_data_set’: broccoli_intern_wrap.c:4867: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_pkt_data_get’: broccoli_intern_wrap.c:4890: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_pkt_tag_set’: broccoli_intern_wrap.c:4923: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4925: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_pkt_tag_get’: broccoli_intern_wrap.c:4950: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ‘_wrap_new_bro_packet’: broccoli_intern_wrap.c:4963: error: invalid application of ‘sizeof’ to incomplete type ‘struct bro_packet’ broccoli_intern_wrap.c: In function ‘_wrap_bro_event_add_val’: broccoli_intern_wrap.c:5585: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ‘_wrap_bro_event_set_val’: broccoli_intern_wrap.c:5655: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ‘_wrap_bro_event_registry_add’: broccoli_intern_wrap.c:5846: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ‘_wrap_bro_record_add_val’: broccoli_intern_wrap.c:6810: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ‘_wrap_bro_record_set_nth_val’: broccoli_intern_wrap.c:6996: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ‘_wrap_bro_record_set_named_val’: broccoli_intern_wrap.c:7067: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ‘_wrap_bro_table_foreach’: broccoli_intern_wrap.c:7252: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ‘_wrap_bro_set_foreach’: broccoli_intern_wrap.c:7450: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ‘_wrap_bro_conn_set_packet_ctxt’: broccoli_intern_wrap.c:7519: warning: implicit declaration of function ‘bro_conn_set_packet_ctxt’ broccoli_intern_wrap.c: In function ‘_wrap_bro_conn_get_packet_ctxt’: broccoli_intern_wrap.c:7549: warning: implicit declaration of function ‘bro_conn_get_packet_ctxt’ broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_new’: broccoli_intern_wrap.c:7590: warning: implicit declaration of function ‘bro_packet_new’ broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_clone’: broccoli_intern_wrap.c:7614: warning: implicit declaration of function ‘bro_packet_clone’ broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_free’: broccoli_intern_wrap.c:7635: warning: implicit declaration of function ‘bro_packet_free’ broccoli_intern_wrap.c: In function ‘_wrap_bro_packet_send’: broccoli_intern_wrap.c:7666: warning: implicit declaration of function ‘bro_packet_send’ error: command 'gcc' failed with exit status 1 make[4]: *** [pybroccoli] Error 1 make[4]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux/broctl' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/iqbalf/bro/bro-1.5.1' make: *** [all] Error 2 ************************************************************************* I get similar output if just try to run setup.py in aux/broccoli/bindings/python Note that I didn't have any trouble in configure and it found everything it needed [with shipped pcap switch] I tried searching the mailing list and other resources but couldn't find anything about this or a similar error. I'll greatly appreciate if you could help me in this matter as I'm stuck on this for several days. Do tell me if you need anything else or a complete output for configure/make Thank you for your time :) Faisal iqbal P.S. python version 2.6.1 gcc/g++ version 4.1.2

12 years, 1 month

[Bro] Bro Installation Problem - Python/GCC‏

by Faisal Iqbal

Hi, I've installed Bro 1.5.1 on a Ubuntu 9.04 machine and its working fine however when I try to install the same version on RHEL 5 machine I'm getting errors during compile. More specifically, it gives gcc errors for broccoli_intern_wrap.c file. I have python/gcc etc on that machine and I'm using shipped version of pcap [that is the only big difference between two machines apart from OS I think]. Below is the output of make ************************************************************************* running build running build_py running build_ext building '_broccoli_intern' extension gcc -pthread -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/home/iqbalf/bro/bro-1.5.1/aux/broccoli/src -fPIC -I../../src -I/usr/local/include/python2.6 -c broccoli_intern_wrap.c -o /home/iqbalf/bro/bro-1.5.1/aux/broctl/.python-build/temp.linux-i686-2.6/broccoli_intern_wrap.o broccoli_intern_wrap.c: In function valToPyObj: broccoli_intern_wrap.c:2638: warning: pointer targets in passing argument 1 of PyString_FromStringAndSize differ in signedness broccoli_intern_wrap.c: In function pyObjToVal: broccoli_intern_wrap.c:2724: warning: pointer targets in assignment differ in signedness broccoli_intern_wrap.c: In function event_callback: broccoli_intern_wrap.c:2818: warning: suggest explicit braces to avoid ambiguous else broccoli_intern_wrap.c: In function _wrap_BroCtx_lock_func_set: broccoli_intern_wrap.c:3236: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function _wrap_BroCtx_id_func_set: broccoli_intern_wrap.c:3288: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function _wrap_BroCtx_dl_create_func_set: broccoli_intern_wrap.c:3340: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function _wrap_BroCtx_dl_lock_func_set: broccoli_intern_wrap.c:3392: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function _wrap_BroCtx_dl_free_func_set: broccoli_intern_wrap.c:3444: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function _wrap_bro_packet_pkt_time_set: broccoli_intern_wrap.c:4649: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function _wrap_bro_packet_pkt_time_get: broccoli_intern_wrap.c:4672: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function _wrap_bro_packet_pkt_hdr_size_set: broccoli_intern_wrap.c:4702: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function _wrap_bro_packet_pkt_hdr_size_get: broccoli_intern_wrap.c:4725: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function _wrap_bro_packet_pkt_link_type_set: broccoli_intern_wrap.c:4755: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function _wrap_bro_packet_pkt_link_type_get: broccoli_intern_wrap.c:4778: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function _wrap_bro_packet_pkt_pcap_hdr_set: broccoli_intern_wrap.c:4789: error: storage size of arg2 isnt known broccoli_intern_wrap.c:4811: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4814: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4789: warning: unused variable arg2 broccoli_intern_wrap.c: In function _wrap_bro_packet_pkt_pcap_hdr_get: broccoli_intern_wrap.c:4826: error: storage size of result isnt known broccoli_intern_wrap.c:4837: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4838: error: invalid application of sizeof to incomplete type struct pcap_pkthdr broccoli_intern_wrap.c:4838: error: invalid application of sizeof to incomplete type struct pcap_pkthdr broccoli_intern_wrap.c:4826: warning: unused variable result broccoli_intern_wrap.c: In function _wrap_bro_packet_pkt_data_set: broccoli_intern_wrap.c:4867: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function _wrap_bro_packet_pkt_data_get: broccoli_intern_wrap.c:4890: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function _wrap_bro_packet_pkt_tag_set: broccoli_intern_wrap.c:4923: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4925: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function _wrap_bro_packet_pkt_tag_get: broccoli_intern_wrap.c:4950: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function _wrap_new_bro_packet: broccoli_intern_wrap.c:4963: error: invalid application of sizeof to incomplete type struct bro_packet broccoli_intern_wrap.c: In function _wrap_bro_event_add_val: broccoli_intern_wrap.c:5585: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function _wrap_bro_event_set_val: broccoli_intern_wrap.c:5655: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function _wrap_bro_event_registry_add: broccoli_intern_wrap.c:5846: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function _wrap_bro_record_add_val: broccoli_intern_wrap.c:6810: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function _wrap_bro_record_set_nth_val: broccoli_intern_wrap.c:6996: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function _wrap_bro_record_set_named_val: broccoli_intern_wrap.c:7067: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function _wrap_bro_table_foreach: broccoli_intern_wrap.c:7252: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function _wrap_bro_set_foreach: broccoli_intern_wrap.c:7450: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function _wrap_bro_conn_set_packet_ctxt: broccoli_intern_wrap.c:7519: warning: implicit declaration of function bro_conn_set_packet_ctxt broccoli_intern_wrap.c: In function _wrap_bro_conn_get_packet_ctxt: broccoli_intern_wrap.c:7549: warning: implicit declaration of function bro_conn_get_packet_ctxt broccoli_intern_wrap.c: In function _wrap_bro_packet_new: broccoli_intern_wrap.c:7590: warning: implicit declaration of function bro_packet_new broccoli_intern_wrap.c: In function _wrap_bro_packet_clone: broccoli_intern_wrap.c:7614: warning: implicit declaration of function bro_packet_clone broccoli_intern_wrap.c: In function _wrap_bro_packet_free: broccoli_intern_wrap.c:7635: warning: implicit declaration of function bro_packet_free broccoli_intern_wrap.c: In function _wrap_bro_packet_send: broccoli_intern_wrap.c:7666: warning: implicit declaration of function bro_packet_send error: command 'gcc' failed with exit status 1 make[4]: *** [pybroccoli] Error 1 make[4]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux/broctl' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/iqbalf/bro/bro-1.5.1' make: *** [all] Error 2 ************************************************************************* I get similar output if just try to run setup.py in aux/broccoli/bindings/python Note that I didn't have any trouble in configure and it found everything it needed [with shipped pcap switch] I tried searching the mailing list and other resources but couldn't find anything about this or a similar error. I'll greatly appreciate if you could help me in this matter as I'm stuck on this for several days. Do tell me if you need anything else or a complete output for configure/make Thank you for your time :) Faisal iqbal P.S. python version 2.6.1 gcc/g++ version 4.1.2

12 years, 1 month

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

zeek May 2010