Compile Errors in Linux

Olav Kolbu olav.kolbu at
Mon Sep 14 15:31:46 PDT 1998

> On Mon, 14 Sep 1998, Don Miller wrote:
> > Group,
> > 
> > I am using linux version 5.2 to compile the bro software.  I am having
> > problems with the source code.  The error has to do with the   
> > "void DNS_Mgr::AddResult function.
> >
> > There is a message that says there is a syntax error before the ( on
> > line 688.   Has anyone seen this?

Just gave it a try on my RedHat 5.1 box, and there are a whole number of
things you have to fix to get it to compile properly. Not for the faint of
heart here... Here is a quick list for the impatient, not sure what
approach the maintainer wants to take regarding Linux support so I'm
leaving out the actual diffs (these are too nasty for production anyway

0. The h_errno has to be #undef'ed sometime after including 'netdb.h' in This is because netdb.h re-#defines it to something unsuitable.
Defining '_LIBC', e.g. adding -D_LIBC to your CFLAGS line in Makefile
gives the same effect.

1. Some values in the enumeration 'EndpointState' (various source files) 
conflicts with already enumerated types in /usr/include/linux/tcp.h Rename
the enumerated values that conflict (and do the same in the source files),
or comment out the whole typedef from TCP.h. Commenting out will force you
to change 'EndpointState' to say 'unsigned char' in the relevant places in
the source, and you also need to explicitly #define TCP_INACTIVE,
TCP_PARTIAL, TCP_CLOSED and TCP_RESET to some unique values above 11
(thats where the relevant system ones stop on my box).

2. _All_ the members of the tcphdr and udphdr structs have different names
under Linux compared to what's expected in the source. Which basically
means you have to edit a lot of files to fix this. The relevant system
definitions are in /usr/include/linux/{tcp,udp}.h and look like this
(these dumps primarily for the maintainer so he can have a look at doing
linux support):

struct tcphdr {
        __u16   source;
        __u16   dest;
        __u32   seq;
        __u32   ack_seq;
        __u16   res1:4,
#elif defined(__BIG_ENDIAN_BITFIELD)
        __u16   doff:4,
#error  "Adjust your <asm/byteorder.h> defines"
        __u16   window;
        __u16   check;
        __u16   urg_ptr;

struct udphdr {
  unsigned short        source;
  unsigned short        dest;
  unsigned short        len;
  unsigned short        check;

Compare this to what say Solaris:

struct tcphdr {
        u_short th_sport;               /* source port */
        u_short th_dport;               /* destination port */
        tcp_seq th_seq;                 /* sequence number */
        tcp_seq th_ack;                 /* acknowledgement number */
        u_int   th_x2:4,                /* (unused) */
                th_off:4;               /* data offset */
        u_int   th_off:4,               /* data offset */
                th_x2:4;                /* (unused) */
        u_char  th_flags;
#define TH_FIN  0x01
#define TH_SYN  0x02
#define TH_RST  0x04
#define TH_PUSH 0x08
#define TH_ACK  0x10
#define TH_URG  0x20
        u_short th_win;                 /* window */
        u_short th_sum;                 /* checksum */
        u_short th_urp;                 /* urgent pointer */

struct udphdr {
        u_short uh_sport;               /* source port */
        u_short uh_dport;               /* destination port */
        short   uh_ulen;                /* udp length */
        u_short uh_sum;                 /* udp checksum */

Note specifically the change from a single flags member that you typically
'tp->flags & TH_URG' to 'tp->urg'.

The quick list of changes:


th_off -> doff
th_sport  -> source
th_dport -> dest

th_flags & TH_SYN    -> syn
th_flags & TH_ACK    -> ack
etc etc just lowercase the #define and remove 'th_' on the various flags.

th_seq   -> seq
th_ack   -> ack_seq


uh_sum   -> check
uh_ulen  -> len
uh_sport -> source
uh_dport -> dest

That should be it. I haven't done any tests at all, so the fixes above may
or may not give you a bro that actually works. But at least it runs and it
does produce what appears to be useful output.

Note that I also had to change line 89 in policy/hot.bro from

        [external_routers, external_routers, bgp],
        [external_routers, external_routers, 179/tcp],

This is because (I presume, haven't read the source for the parser) bgp
isn't defined in your average Linux /etc/services file. 


Olav Kolbu (Olav.Kolbu at
Senoir System Administrator
Center for Information Technology Services/Section for Operations
University of Oslo
P.O. Box 1059 Blindern, N-0316 Oslo, Norway
Phone: +47 22 85 27 80, Fax: +47 22 85 27 30

More information about the Bro mailing list