[Bro] Myricom and Bro

Michal Purzynski michal at rsbac.org
Tue Jul 23 11:06:28 PDT 2013

Moving from the Security Onion list.

On Jul 23, 2013, at 12:06 PM, Michal Purzynski<michal at rsbac.org>  wrote:

> I've thrown about 1.5Gbit of traffic on the host, give it or take 500Mbit.
> 12 workers. Bro from the svn (oh well).

Hm, are you using our git repository?  Or are you using some old version from our subversion repository that still exists (but hasn't been touched for a long time)?

Yep, fresh git.

> Myricom support told me to:
> "And also make sure that you are using the latest Bro 2.0 and that the Sniffer environment flags are set in /usr/local/bro/lib/broctl/BroControl/control.py:
> env += " SNF_NUM_RINGS=12 SNF_FLAGS=0x1"
> "

What?!?  Myricom support is telling people that!  That's not the right way to do it (with 2.1 and we don't really support 2.0 anymore).


That's how you should be doing it in node.cfg.  No changes in python are required.

How about recompilling Bro against the Myricom pcap lib?

Would you mind putting me in touch with whomever you contacted at Myricom support?


> I've also recompilled Bro against the vendor provided pcap lib. So far so good.

Could you paste the exact configure flags you used?
./configure --with-pcap=/home/mpurzynski/myri_snf- --prefix=/opt/bro

> fatal error in /opt/bro/share/bro/policy/frameworks/software/vulnerable.bro, line 41: BroType::AsRecordType (table/record) (set[record { min:record { major:count; minor:count; minor2:count; minor3:count; addl:string; }; max:record { major:count; minor:count; minor2:count; minor3:count; addl:string; }; }])

It looks like you may have something out of date, but I'm not really sure what's causing this error.

So, I've kind of worked around it by commenting out a few things (now how do you like this hack? ;). Let's get this fixed and the Myricom thingy working.

More information about the Bro mailing list