[Bro-Dev] Help creating new analyzer
Kristin Stephens
ksteph at cs.berkeley.edu
Fri Apr 15 11:37:32 PDT 2011
Attached are my .pac files. There's close to nothing in them though. I don't
use &endofdata anywhere.
Kristin
On Fri, Apr 15, 2011 at 5:31 AM, Seth Hall <seth at icir.org> wrote:
>
> On Apr 14, 2011, at 11:57 PM, Kristin Stephens wrote:
>
> > I'm create a new analyzer for Bro and am currently just trying to create
> a skeleton that does nothing, but compiles. I'm currently stuck at a compile
> error that I don't really know the meaning of "cannot handle incremental
> input"
>
> Could you send along your .pac files? It usually has to do with a unit
> where you are trying to have a bytestring parsed until &endofdata, but the
> unit or the parent unit doesn't have a &length applied (I think).
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20110415/31132384/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bgp.pac
Type: application/octet-stream
Size: 215 bytes
Desc: not available
Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20110415/31132384/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bgp-analyzer.pac
Type: application/octet-stream
Size: 254 bytes
Desc: not available
Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20110415/31132384/attachment-0001.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bgp-protocol.pac
Type: application/octet-stream
Size: 214 bytes
Desc: not available
Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20110415/31132384/attachment-0002.obj
More information about the bro-dev
mailing list