[Bro-Dev] Help creating new analyzer
Seth Hall
seth at icir.org
Fri Apr 15 11:56:22 PDT 2011
On Apr 15, 2011, at 2:37 PM, Kristin Stephens wrote:
> Attached are my .pac files. There's close to nothing in them though. I don't use &endofdata anywhere.
You are naming a field "length" in bgp-protocol.pac. That token name is used for the unit length so you are essentially saying that your entire BGP_Message unit is the size of that &length field.
Just change the name. :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list