[Bro] Bro 1.2 vs OpenBSD

Christian Kreibich christian at whoop.org
Fri Dec 1 10:58:10 PST 2006

Hi again,

On Fri, 2006-12-01 at 10:00 -0500, Jean-Philippe Luiggi wrote:
> Hello Christian,
> You're right, in fact, here's is the process i used :
> - modify "configure.in" and define HAVE_OPENBSD (current test as of 1.2 was to
> check openbsd3) as i use OpenBSD's current.

right, "openbsd3" definitely needs to go.

> ==== configure.in
> openbsd3*)
>         AC_DEFINE(HAVE_OPENBSD,,[We are on a OpenBSD system])
>         ;;
> openbsd4*)
>         AC_DEFINE(HAVE_OPENBSD,1,[We are on a OpenBSD system])
> 	;;

... or just "openbsd*)"? I'll be damned if we actually need to
differentiate between the different releases.

> - modify ARP.h as you did with an #ifdef HAVE_OPENBSD and in such this case
> use #include <net/ethertypes.h>
> ==== ARP.h
> #include <sys/ethernet.h>
> #include <net/ethertypes.h>
> #endif
> ====

Yep. It'd be nicer to just add sys/ethernet.h to the header checks in
configure.in, so it'll be 


along with the others. I'm also thinking of doing #ifdef/#endif for each
of those headers instead of #ifdef/#elif/#elif/#endif. The more the
merrier. :)

> - modify util.cc and util.h in order to use bpf_timeval as structure for the
> double_to_timeval() function. (just used #ifdef HAVE_OPENBSD)

Wow, this is so weird. I could swear we've fixed this before -- this is
due to OpenBSD's pcap using bpf_timeval instead of just timeval like
everyone else, correct?

Rater than #ifdeffing different functions, it'd be nicer to make the
type difference transparent by typedefing the bpf_timeval to a timeval
in the OpenBSD case.

> - modify bro.rc (changed the name of stop() to brostop() ).


I've also noticed that there seem to be pcap versions where our API
checks fail, causing the build to break since pcap_open_dead() isn't
defined. We already have our own version but only use it when pcap
doesn't provide pcap_freecode(), which in those cases *does* exist. This
is at least the scenario I've encoutered in the OpenBSD setup on
Sourceforge's compile farm.

> ps1 : next stage will be the use of bind libraries in order to be able to use
> non blocking DNS routines.

Right. We don't currently have a clear picture of why exactly the nbdns
code doesn't build on OpenBSD. Patches welcome!

> ps2 : i mean by "porting", doing th job to use Bro  with OpenBSD ... :-)

Sure. :)

Thanks for your feedback.


More information about the Bro mailing list