new Bro pre-release available - 0.7a61

kerberos kkk kerberos_007 at hotmail.com
Sun Apr 8 17:27:08 PDT 2001 

Do this modification:
it should work....at the line where the error occurs.

BroObj* redef_obj = init ? (BroObj*)init : (BroObj*)t;

cheers
Ashley


>From: "Knobbe, Roger" <Roger_Knobbe at NAI.com>
>To: "'Vern Paxson'" <vern at ee.lbl.gov>, bro at lbl.gov
>Subject: RE: new Bro pre-release available - 0.7a61
>Date: Fri, 6 Apr 2001 15:04:40 -0700
>
>This is what I get
>
>c++ -I. -O -I../libpcap-0.4  -Ilinux-include -c Var.cc
>Var.cc: In function `void make_var (ID *, BroType *, init_class, Expr
>*, attr_list *, decl_type, int)':
>Var.cc:140: conditional expression between distinct pointer types `Expr
>*' and `BroType *' lacks a cast
>Var.cc:140: cannot convert `void *' to `BroObj *' in initialization
>make: *** [Var.o] Error 1
>[burner at dns-102 bro-pub-0.7a61]$ c++ -v
>Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
>gcc version 2.96 20000731 (Red Hat Linux 7.0)
>[burner at dns-102 bro-pub-0.7a61]$
>
>
>-----Original Message-----
>From: Vern Paxson [mailto:vern at ee.lbl.gov]
>Sent: Friday, April 06, 2001 2:52 PM
>To: bro at lbl.gov
>Subject: new Bro pre-release available - 0.7a61
>
>
>A new Bro pre-release is now available from:
>
>	ftp://ftp.ee.lbl.gov/.vp-bro-pub-0.7a61.tar.gz
>
>The most timely change is the addition of an NTP analyzer that can detect
>the new NTP remote root compromise attack.
>
>A summary of the changes with respect to 0.7a48:
>
>	- An NTP analyzer has been added.  See policy/ntp.bro for a
>	  corresponding policy file that detects the newly discovered
>	  NTP remote buffer overflow attack.
>
>	- example-attacks/ is a new directory that contains trace files
>	  of attacks.  Currently, there are just two to play with:
>
>		bro -r example-attacks/ftp-site-exec.trace mt
>
>	  will run on a trace of a "site exec" overflow attack, and
>
>		bro -r example-attacks/ntp-attack.trace mt ntp
>
>	  will run on an example of the NTP overflow.
>
>	- The doc/ directory includes the postscript and HTML versions
>	  of the first draft of the Bro manual.
>
>	- A new policy file, icmp.bro, has preliminary (and only
>	  partially developed) policy for analyzing ICMP.
>
>	- The file libpcap.bufsize.patch includes the patch necessary
>	  on some systems to increase the maximum libpcap buffer size.
>
>	- You can now use anonymous functions in &default expressions,
>	  so for example you can do:
>
>		global foo: table[count] of string = {
>			[1] = "1st", [2] = "2nd", [3] = "3rd",
>		} &default = function(n: count): string { return fmt("%dth",
>n); };
>
>	  and then referring to foo[5] will yield "5th".
>
>	- There's now a "for" statement to iterate over the indices of
>	  a table or the members of a set:
>
>		for ( i in foo )
>
>	  for the above "foo" will iterate with i assigned to 1, 2, and 3;
>	  *but not in general in that order*.
>
>	- The function contains_string() has been removed, and now you
>	  can instead use an expression like
>
>		"bar" in "foobar"
>
>	  which will yield T.
>
>	- The scan detection now has a mechanism for attempting to detect
>	  SYN flooding backscatter and flagging it as different from a
>	  stealth scan.
>
>	- New event handlers:
>
>		new_connection_contents()
>			like new_connection(), but reassembles the
>			stream so you can use set_content_files() to
>			write it to a file
>
>		udp_session_done()
>			invoked when a UDP session (which is defined on
>			a per-protocol basis; currently only for NTP)
>			finishes.
>
>		ntp_message()
>			invoked for each NTP message
>
>	- UDP processing now does accounting for detecting scans.
>
>	- UDP processing now tracks numbers of requests/replies for
>	  sessions that support that notion.  The connections are
>	  annotated by udp_session_done() with "[m,n]" for "m"
>	  requests and "n" replies, providing either m or n > 1.
>
>	- New variable accessible from policy:
>
>		watchdog_interval
>			how often the watchdog should check for whether
>			Bro is making internal progress
>
>	- A bunch of functions no longer have a first argument of the
>	  current time; get it instead from network_time() if you need it:
>
>		authentication_accepted
>		authentication_rejected
>		conn_weird
>		conn_weird_addl
>		flow_weird
>		net_weird
>
>	- A bunch of functions now return bool rather than int values:
>
>		set_contents_file
>		set_login_state
>		set_record_packets
>		skip_further_processing
>
>	- The variable "hot_dests" has been renamed to "hot_dsts".
>
>	- 111/tcp is now identified as "portmap" rather than "rpc".
>
>	- Connections flagged as hot for some types of characteristics
>	  are now annotated with the reason associated with the
>	  decision.  (I think a lot more of this is needed.)
>
>	- Portmapper dumps are annotated with the results of the mapping.
>	  This will be streamlined in the future.
>
>- Vern

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

More information about the Bro mailing list