[Bro-Dev] Help creating new analyzer

Seth Hall seth at icir.org
Fri Apr 15 11:56:22 PDT 2011

On Apr 15, 2011, at 2:37 PM, Kristin Stephens wrote:

> Attached are my .pac files. There's close to nothing in them though. I don't use &endofdata anywhere.

You are naming a field "length" in bgp-protocol.pac.  That token name is used for the unit length so you are essentially saying that your entire BGP_Message unit is the size of that &length field.

Just change the name. :)


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the bro-dev mailing list