If I understand the patch correctly, it would only cause problems for connections with over 2GB of data payload, but I think it should work fine for a small trace of say 200KB. I'm not seeing any events at all, nor am I seeing the log files that should be created when using the analyzer.
I'll correct the functions and test it out though. On Wed, Jun 17, 2015 at 10:10 AM, Vlad Grigorescu <[email protected]> wrote: > On Wed, Jun 17, 2015 at 9:45 AM, James Swaro <[email protected]> > wrote: > >> > Just a guess, but it could be related to this: >> https://github.com/bro/bro/blob/master/CHANGES#L1578 >> I'm looking, but nothing seems to pop out at me. >> >> > The other big change was moving to plugins, but if you're seeing it >> added as a child analyzer, that doesn't sound like it'd be the issue. >> It seems to be ok. Did data delivery change from DeliverPacket to >> something else? >> >> > Was this analyzer written in BinPAC, or in C++? >> It was written in C++. >> > > Well, what I meant with that change was that the functions used for data > delivery changed. Specifically: > > Analyzer::{NextPacket, NextUndelivered, ForwardPacket, ForwardUndelivered, > DeliverPacket, Undelivered} were modified to change the int seq parameter > to a uint64. If your functions aren't updated, and are expecting a plain > old int for the sequence number, I've seen the scenario you describe: the > analyzer attaches, but doesn't function. > > --Vlad > > -- James Swaro
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
