[Bro] Bro 1.2 vs OpenBSD

jp.luiggi at free.fr jp.luiggi at free.fr
Fri Dec 1 17:05:48 PST 2006

Hello Christian,

Quoting Christian Kreibich <christian at whoop.org>:
> Hi again,
> On Fri, 2006-12-01 at 10:00 -0500, Jean-Philippe Luiggi wrote:
> > Hello Christian,
> >
> > You're right, in fact, here's is the process i used :
> >
> > - modify "configure.in" and define HAVE_OPENBSD (current test as of 1.2 was
> to
> > check openbsd3) as i use OpenBSD's current.
> right, "openbsd3" definitely needs to go.

  I do not wish to take this point for asset, there's still v3 around, i even
use one.. :-)

> > ==== configure.in
> > openbsd3*)
> >         AC_DEFINE(HAVE_OPENBSD,,[We are on a OpenBSD system])
> >         ;;
> >
> > openbsd4*)
> >         AC_DEFINE(HAVE_OPENBSD,1,[We are on a OpenBSD system])
> > 	;;
> ... or just "openbsd*)"? I'll be damned if we actually need to
> differentiate between the different releases.

  Right, but as i don't wanted to change original things, i kept the old value.

> >
> > - modify ARP.h as you did with an #ifdef HAVE_OPENBSD and in such this case
> > use #include <net/ethertypes.h>
> >
> > ==== ARP.h
> > #include <sys/ethernet.h>
> > #elif HAVE_OPENBSD
> > #include <net/ethertypes.h>
> > #endif
> > ====
> Yep. It'd be nicer to just add sys/ethernet.h to the header checks in
> configure.in, so it'll be

  That seems good like idea.

> along with the others. I'm also thinking of doing #ifdef/#endif for each
> of those headers instead of #ifdef/#elif/#elif/#endif. The more the
> merrier. :)


> > - modify util.cc and util.h in order to use bpf_timeval as structure for
> the
> > double_to_timeval() function. (just used #ifdef HAVE_OPENBSD)
> Wow, this is so weird. I could swear we've fixed this before -- this is
> due to OpenBSD's pcap using bpf_timeval instead of just timeval like
> everyone else, correct?

  In fact i was unable to find another idea to solve my problem.
  I'll have to check if this is the only one solution.

> Rater than #ifdeffing different functions, it'd be nicer to make the
> type difference transparent by typedefing the bpf_timeval to a timeval
> in the OpenBSD case.

  You're right but as my first goal was to want to make Bro running with
OpenBSD. I showed as fast as possible if all functioned...

> > - modify bro.rc (changed the name of stop() to brostop() ).
> Yeah.

   Good idea as i spent most of the time to fix this so little thing..
   I can't remember the number of 'echo "test"' i did in the script to find
where was the bug... :-)

> I've also noticed that there seem to be pcap versions where our API
> checks fail, causing the build to break since pcap_open_dead() isn't
> defined. We already have our own version but only use it when pcap
> doesn't provide pcap_freecode(), which in those cases *does* exist. This
> is at least the scenario I've encoutered in the OpenBSD setup on
> Sourceforge's compile farm.

  I think we may use the same scheme used by FreeBSD. i'll have to check this
tomorrow (i already took a look to "bro_config.in").

> > ps1 : next stage will be the use of bind libraries in order to be able to
> use
> > non blocking DNS routines.
> Right. We don't currently have a clear picture of why exactly the nbdns
> code doesn't build on OpenBSD. Patches welcome!

  Ok, i'll do my best (in fact, trying of course)...

> > ps2 : i mean by "porting", doing th job to use Bro  with OpenBSD ... :-)
> Sure. :)

  Next there'll be an official port into packages...

> Thanks for your feedback.

  Just normal, thanks for all the developpers.

  Best regards.

More information about the Bro mailing list