Re: [Bro-Dev] 2.5.1 release?
On Sat, May 13, 2017 at 00:28 -0500, you wrote: > We'll look at upgrading our test cluster (and UIUC's test cluster) to > master. Sounds good, let us know how that is going. Robin -- Robin Sommer * ICSI/LBNL * ro...@icir.org * www.icir.org/robin ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] Protocol Analyzer Plugin Question
Greetings, In working on authoring a new protocol analyzer plugin I have encountered the following issues: 1) When adding a new type to be passed to an event handler, thus handled upstream by a protocol analyzer script, types.bif only supports enums. In order to deal with this during build time, I have added custom rule and custom target to augment events.bif.bro before it is installed. Am I missing something here? Is there a more streamlined approach for doing this? 2) There seems to be an oddity with including an analyzer script along side the plugin. I can see, via loaded_scripts.log, that everything is being loaded properly. However, events are not being fired from the analyzer script loaded from the plugins directory. If I run bro on the command line with an accompanying PCAP, I can see all the appropriate debug I have put into the plugin, but no events fire in the analyzer script. If I run the same command line AND add a different analyzer script that handles the same events, they fire and can be verified via print. Most of the examples that exist aren't trying to do anything along these lines and, while I have the rest of the protocol defined well via BinPac, the last mile of making use of that work has been a bit uphill. Any insight into the two oddities above would be greatly appreciated. Aaron ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] Protocol Analyzer Plugin Question
On Mon, May 15, 2017 at 1:46 PM, Aaron Eppert wrote: > Greetings, > > In working on authoring a new protocol analyzer plugin I have encountered > the following issues: > > 1) When adding a new type to be passed to an event handler, thus handled > upstream by a protocol analyzer script, types.bif only supports enums. In > order to deal with this during build time, I have added custom rule and > custom target to augment events.bif.bro before it is installed. > > Am I missing something here? Is there a more streamlined approach for > doing this? > Add it to init-bare.bro. e.g.: https://github.com/bro/bro/commit/ 11ec4903ee0cbd3cdb555c309f67ce399b23e37b#diff-64e7fba4a98f6581a47aa0053e9f03 c6 > 2) There seems to be an oddity with including an analyzer script along > side the plugin. I can see, via loaded_scripts.log, that everything is > being loaded properly. However, events are not being fired from the > analyzer script loaded from the plugins directory. If I run bro on the > command line with an accompanying PCAP, I can see all the appropriate debug > I have put into the plugin, but no events fire in the analyzer script. If I > run the same command line AND add a different analyzer script that handles > the same events, they fire and can be verified via print. > I'm not sure I fully understand. So, you have your analyzer, which is generating some events. Then you have a script to handle those events and generate some other events? And those script-generated events aren't actually being generated? --Vlad ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] Protocol Analyzer Plugin Question
On Mon, May 15, 2017 at 5:14 PM, Vlad Grigorescu wrote: > > Add it to init-bare.bro. e.g.: https://github.com/bro/bro/com > mit/11ec4903ee0cbd3cdb555c309f67ce399b23e37b#diff-64e7fba4a9 > 8f6581a47aa0053e9f03c6 > Oops, reread what I sent and realized it wouldn't work, since this is a plugin. Sorry about that. I'll have to think about that a bit more. ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
