From wsffree at hotmail.com Thu Apr 3 07:58:33 2003 From: wsffree at hotmail.com (Wang Shaofu) Date: Thu, 03 Apr 2003 23:58:33 +0800 Subject: trouble: compile Bro in RedHat 8.0 Message-ID: Hi all Any help is wellcome In RedHat7.2, there are no such problem as following. [w at cs bro-pub-0.7a175b]$ make c++ -I. -O -Ilinux-include -c main.cc In file included from main.cc:29: Active.h:30: type specifier omitted for parameter `string' Active.h:30: parse error before `&' token In file included from Val.h:27, from Frame.h:25, from main.cc:31: Type.h:29:20: hash_map: No such file or directory In file included from Val.h:27, from Frame.h:25, from main.cc:31: Type.h:425: `hash' was not declared in this scope Type.h:425: parse error before `char' Type.h:426: 'NameMap' is used as a type, but is not defined as a type. In file included from main.cc:31: Frame.h:75: syntax error before `;' token In file included from Debug.h:30, from Expr.h:31, from Event.h:25, from main.cc:33: DbgBreakpoint.h:22: type specifier omitted for parameter `string' DbgBreakpoint.h:22: parse error before `)' token DbgBreakpoint.h:41: ISO C++ forbids declaration of `string' with no type DbgBreakpoint.h:41: parse error before `&' token DbgBreakpoint.h:42: semicolon missing after declaration of `DbgBreakpoint' DbgBreakpoint.h: In member function `int DbgBreakpoint::GetID() const': DbgBreakpoint.h:18: `BPID' undeclared (first use this function) DbgBreakpoint.h:18: (Each undeclared identifier is reported only once for each function it appears in.) DbgBreakpoint.h: In member function `bool DbgBreakpoint::IsTemporary() const': DbgBreakpoint.h:29: `temporary' undeclared (first use this function) DbgBreakpoint.h: At global scope: DbgBreakpoint.h:42: parse error before `&' token DbgBreakpoint.h:42: `bool' is now a keyword DbgBreakpoint.h:44: non-member function `int GetRepeatCount()' cannot have ` const' method qualifier DbgBreakpoint.h: In function `int GetRepeatCount()': DbgBreakpoint.h:44: `repeat_count' undeclared (first use this function) DbgBreakpoint.h: At global scope: DbgBreakpoint.h:47: non-member function `bool IsEnabled()' cannot have `const' method qualifier DbgBreakpoint.h: In function `bool IsEnabled()': DbgBreakpoint.h:47: `enabled' undeclared (first use this function) DbgBreakpoint.h: At global scope: DbgBreakpoint.h:51: non-member function `const char* Description()' cannot have `const' method qualifier DbgBreakpoint.h: In function `const char* Description()': DbgBreakpoint.h:51: `description' undeclared (first use this function) DbgBreakpoint.h: At global scope: DbgBreakpoint.h:53: parse error before `protected' DbgBreakpoint.h:63: 'Kind' is used as a type, but is not defined as a type. DbgBreakpoint.h:64: `bool enabled' used prior to declaration DbgBreakpoint.h:65: `bool temporary' used prior to declaration DbgBreakpoint.h:66: `int BPID' used prior to declaration DbgBreakpoint.h:68: `char description[512]' used prior to declaration DbgBreakpoint.h:69: 'string' is used as a type, but is not defined as a type. DbgBreakpoint.h:77: `int repeat_count' used prior to declaration DbgBreakpoint.h:80: 'string' is used as a type, but is not defined as a type. DbgBreakpoint.h:81: parse error before `}' token In file included from Expr.h:31, from Event.h:25, from main.cc:33: Debug.h:42: syntax error before `;' token Debug.h:43: syntax error before `;' token Debug.h:93: 'BPIDMapType' is used as a type, but is not defined as a type. Debug.h:94: 'vector' is used as a type, but is not defined as a type. Debug.h:95: 'vector' is used as a type, but is not defined as a type. Debug.h:96: 'BPMapType' is used as a type, but is not defined as a type. Debug.h:141: parse error before `&' token Debug.h:177: parse error before `*' token In file included from Event.h:25, from main.cc:33: Expr.h:532: 'string' is used as a type, but is not defined as a type. Expr.h: In member function `const char* FieldAssignExpr::FieldName() const': Expr.h:526: `field_name' undeclared (first use this function) In file included from Event.h:26, from main.cc:33: Func.h: At global scope: Func.h:46: ISO C++ forbids declaration of `vector' with no type Func.h:46: template-id `vector' used as a declarator Func.h:46: `vector' declared as a `virtual' field Func.h:46: parse error before `&' token Func.h: In constructor `Func::Func(FuncType*)': Func.h:39: `t' undeclared (first use this function) Func.h:39: `scope' undeclared (first use this function) Func.h: At global scope: Func.h:49: ISO C++ forbids defining types within return type Func.h:49: syntax error before `*' token Func.h:53: virtual outside class declaration Func.h:55: virtual outside class declaration Func.h:56: virtual outside class declaration Func.h:56: non-member function `Scope* GetScope()' cannot have `const' method qualifier Func.h:58: non-member function `BroType* FType()' cannot have `const' method qualifier Func.h:60: parse error before `protected' Func.h:62: `FuncType*t' used prior to declaration Func.h:63: `Scope*scope' used prior to declaration Func.h:64: parse error before `}' token In file included from main.cc:33: Event.h: In member function `void Event::Dispatch()': Event.h:43: no matching function for call to `Func::Call(val_list*&)' In file included from DFA.h:75, from main.cc:42: NFA.h:36:1: warning: "INFINITY" redefined In file included from /usr/include/math.h:40, from PriorityQueue.h:25, from Timer.h:25, from Val.h:32, from Frame.h:25, from main.cc:31: /usr/include/bits/mathdef.h:35:1: warning: this is the location of the previous definition main.cc: In function `int main(int, char**)': main.cc:188: `string' undeclared (first use this function) main.cc:188: parse error before `;' token main.cc:311: `active_file' undeclared (first use this function) main.cc:440: `g_frame_stack' undeclared (first use this function) make: *** [main.o] Error 1 _________________________________________________________________ ???? MSN Explorer: http://explorer.msn.com/lccn/ From sommer at in.tum.de Thu Apr 3 08:49:58 2003 From: sommer at in.tum.de (Robin Sommer) Date: Thu, 3 Apr 2003 18:49:58 +0200 Subject: trouble: compile Bro in RedHat 8.0 In-Reply-To: References: Message-ID: <20030403164958.GA4978@net.informatik.tu-muenchen.de> On Thu, Apr 03, 2003 at 23:58 +0800, Wang Shaofu wrote: > [w at cs bro-pub-0.7a175b]$ make Which gcc version do you use? Do you get similar errors with a recent 0.8* version of Bro? There were some incompatibilities with gcc >= 3.0 (3.2?), but I think have been fixed (although I don't remember whether the changes have already been integrated into the latest version). Robin -- Robin Sommer * Room 01.08.055 * www.net.in.tum.de TU Munich * Phone (089) 289-18006 * sommer at in.tum.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20030403/8d2d2b30/attachment.bin From sylvain.detilly at free.fr Fri Apr 4 04:17:23 2003 From: sylvain.detilly at free.fr (Sylvain de Tilly) Date: 04 Apr 2003 14:17:23 +0200 Subject: bridge-firewall on Bro Message-ID: <873ckysbho.fsf@mag-laptop.cfssi.net> Hi, I'm trying to configure a bridge-firewall with the bro IDS on it to check web traffic (for example). But I've some troubles. Actually, if I launch bro with the http rules, due to dependences I have to load scan rules. And the scan rules try to connect some machines... But my aim is to have an IDS without IP address, so without connection from and to the bridge. Due to that, bro give me a lot of warnings and is very long to launch... I try to modify the rules via my conf file but there are some kinds I don't understand. For examples, if I change the "skip_scan_sources" to an empty value after loading the scan rule (loading via http rule) ; bro try to resolve address before changing the value. And if I put the redef variable before loading the rule, Bro say me : "redef" used but not previously defined"... I think there are some fundamentals thinks I don't understand but I'll try to. If anybody have an idea about that or eventually a configuration file to give me some ideas, It could be great ! Thanks & Regards, -- Sylvain de Tilly "Mettons nous tout GNU !" un GNUdiste. ps: I use bro under OpenBSD 3.3... But I think there is no consequence to that. From wsffree at hotmail.com Sat Apr 5 00:15:31 2003 From: wsffree at hotmail.com (Wang Shaofu) Date: Sat, 05 Apr 2003 16:15:31 +0800 Subject: trouble: compile Bro in RedHat 8.0 Message-ID: > > [w at cs bro-pub-0.7a175b]$ make > >Which gcc version do you use? Do you get similar errors with a >recent 0.8* version of Bro? It seems like "gcc version 3.2 20020903 (Red Hat Linux 8.0 3.2-7)". >There were some incompatibilities with gcc >= 3.0 (3.2?), but I >think have been fixed (although I don't remember whether the changes >have already been integrated into the latest version). > >Robin Ciao Cloud _________________________________________________________________ ?????????????? MSN Messenger: http://messenger.msn.com/cn From wsffree at hotmail.com Sat Apr 5 00:34:41 2003 From: wsffree at hotmail.com (Wang Shaofu) Date: Sat, 05 Apr 2003 16:34:41 +0800 Subject: bridge-firewall on Bro Message-ID: >I'm trying to configure a bridge-firewall with the bro IDS on it to >check web traffic (for example). But I've some troubles. Actually, if >I launch bro with the http rules, due to dependences I have to load >scan rules. And the scan rules try to connect some machines... But my >aim is to have an IDS without IP address, so without connection from >and to the bridge. > >Due to that, bro give me a lot of warnings and is very long to >launch... > >I try to modify the rules via my conf file but there are some kinds I >don't understand. For examples, if I change the "skip_scan_sources" to >an empty value after loading the scan rule (loading via http rule) ; ~~~~~~~~~~~~try 127.0.0.1 >bro try to resolve address before changing the value. And if I put the >redef variable before loading the rule, Bro say me : "redef" used but >not previously defined"... > >I think there are some fundamentals thinks I don't understand but I'll >try to. > >If anybody have an idea about that or eventually a configuration file >to give me some ideas, It could be great ! _________________________________________________________________ ???? MSN Explorer: http://explorer.msn.com/lccn/ From vern at icir.org Sat Apr 5 11:34:46 2003 From: vern at icir.org (Vern Paxson) Date: Sat, 05 Apr 2003 11:34:46 -0800 Subject: bridge-firewall on Bro In-Reply-To: Your message of 04 Apr 2003 14:17:23 +0200. Message-ID: <200304051934.h35JYkRp048701@jaguar.icir.org> For what you are doing, you will need to either edit scan.bro to remove the hostnames, for example replacing const skip_scan_sources = { ... }; with const skip_scan_sources: set[addr]; (you can't replace it with just "const skip_scan_sources = { };", because then Bro can't figure out the variable's type); or you could arrange for the DNS service on your box to resolve them directly via /etc/hosts. Vern From vern at icir.org Sat Apr 5 11:36:09 2003 From: vern at icir.org (Vern Paxson) Date: Sat, 05 Apr 2003 11:36:09 -0800 Subject: bridge-firewall on Bro In-Reply-To: Your message of Sat, 05 Apr 2003 16:34:41 +0800. Message-ID: <200304051936.h35Ja9Rp048778@jaguar.icir.org> > >an empty value after loading the scan rule (loading via http rule) ; > ~~~~~~~~~~~~try 127.0.0.1 That will often work too, though it's potentially a bit risky - you need to understand how the variable's used in order to be sure that 127.0.0.1 won't ever be a legitimate value for it. It's cleaner to change it per the description in my previous note, that way the intent is clear. Vern From sylvain at detilly.net Mon Apr 7 04:57:06 2003 From: sylvain at detilly.net (Sylvain de Tilly) Date: 07 Apr 2003 13:57:06 +0200 Subject: bridge-firewall on Bro In-Reply-To: <200304051934.h35JYkRp048701@jaguar.icir.org> References: <200304051934.h35JYkRp048701@jaguar.icir.org> Message-ID: <87adf25xm5.fsf@mag-laptop.cfssi.net> Thanks a lot, it's now working like a charm... Vern Paxson writes: > For what you are doing, you will need to either edit scan.bro to > remove the hostnames, for example replacing > > const skip_scan_sources = { > ... > }; > > with > > const skip_scan_sources: set[addr]; > > (you can't replace it with just "const skip_scan_sources = { };", because > then Bro can't figure out the variable's type); or you could arrange for > the DNS service on your box to resolve them directly via /etc/hosts. > > Vern > -- Sylvain de Tilly "Mettons nous tout GNU !" un GNUdiste. From mayank at ncb.ernet.in Mon Apr 7 21:44:49 2003 From: mayank at ncb.ernet.in (Mayank-Bhatnagar) Date: Tue, 8 Apr 2003 10:14:49 +0530 (IST) Subject: regarding Back bone network Message-ID: hi all, Well this doubt is certainly not specific to any IDS but I just wanted to put it to our Bro community. In IDS scenario, we say that the sensors and main IDS server when deployed communicate with each other. Now there is a special term known as "backbone network" about which specialists say that the IDS does not rely on the underlyting network, so that attackers cannot compromise upon the messages transferred by IDS syatem. What could be this back bone network.....it seems to be different from the normal TCP/IP...or is it same and a different technique used ..... Can anyone throw some light on this topic? Thanks and regards, Mayank Bhatnagar National Centre for Software Technology, Bangalore, India. From athomas at cc.gatech.edu Mon Apr 7 21:45:41 2003 From: athomas at cc.gatech.edu (Ashley Thomas) Date: Tue, 08 Apr 2003 00:45:41 -0400 Subject: regarding Back bone network References: Message-ID: <3E9253F5.8080304@cc.gatech.edu> It could be a private network ( a private LAN ). I don't think it uses any other suite other than good ol' TCP/IP. Mayank-Bhatnagar wrote: >hi all, > >Well this doubt is certainly not specific to any IDS but I just wanted to >put it to our Bro community. > >In IDS scenario, we say that the sensors and main IDS server when deployed >communicate with each other. Now there is a special term known as >"backbone network" about which specialists say that the IDS does not rely >on the underlyting network, so that attackers cannot compromise upon the >messages transferred by IDS syatem. > >What could be this back bone network.....it seems to be different from the >normal TCP/IP...or is it same and a different technique used ..... > >Can anyone throw some light on this topic? > >Thanks and regards, > >Mayank Bhatnagar >National Centre for Software Technology, >Bangalore, India. > > > > > > > -- Ashley Thomas From grd-pub.56 at NOSPAMnetcourrier.com Mon Apr 7 23:37:30 2003 From: grd-pub.56 at NOSPAMnetcourrier.com (grd-pub.56 at NOSPAMnetcourrier.com) Date: Tue, 8 Apr 2003 08:37:30 +0200 Subject: regarding Back bone network In-Reply-To: References: Message-ID: <20030408063613.E2415C0A2@postfix3-2.free.fr> Hi, I assume that these "specialists" are simply pointing out to the fact that if the network-based IDS system is using the very network it is monitoring (the "backbone network" ?) for its internal communication purposes, then it might be silenced or otherwise hindered by a skillful attacker... Thus, if your budget allows it, it is way better to have a separate (secure) "control network". Your NIDS sensors are then connected in "read-only" sniffer mode to the operational network, while they communicate with each other or with the main IDS server through this control network. Please note that "active-response" NIDS'es will require full read/write access to the operational network as well. The regular network will just be whatever it happens to be, -- TCP/IP or other, -- but you're essentially free to decide what kind of control network you want to set up. A non-TCP/IP network might be harder to break in as the attacker might not be as familiar with it, but it would not be wise to simply rely on this ! A TCP/IP network will be much easier to set up and you won't have much trouble configuring your sensors for it. Good luck, Olivier. On Tuesday 08 April 2003 06:44 am, Mayank-Bhatnagar wrote: > hi all, > > Well this doubt is certainly not specific to any IDS but I just wanted to > put it to our Bro community. > > In IDS scenario, we say that the sensors and main IDS server when deployed > communicate with each other. Now there is a special term known as > "backbone network" about which specialists say that the IDS does not rely > on the underlyting network, so that attackers cannot compromise upon the > messages transferred by IDS syatem. > > What could be this back bone network.....it seems to be different from the > normal TCP/IP...or is it same and a different technique used ..... > > Can anyone throw some light on this topic? > > Thanks and regards, > > Mayank Bhatnagar > National Centre for Software Technology, > Bangalore, India. From sylvain at detilly.net Tue Apr 8 06:22:59 2003 From: sylvain at detilly.net (Sylvain de Tilly) Date: 08 Apr 2003 15:22:59 +0200 Subject: Bro CVS Message-ID: <87he99azt8.fsf@mag-laptop.cfssi.net> Hello, Now, thanks to Vern, all work fine with Bro under OpenBSD 3.3 ! But before working well, I had modified sources (a few lines in TCP_Rewriter.cc) and the Makefile. In order to make an OpenBSD port, I have to patch Bro but I can't find any CVS. Do I modify the 0.8a20 version ? If I do, where could I find the Makefile.am needed to generate the Makefile (via automake..) If you have any suggestion, I'm open to them ! Thanks & regards, -- Sylvain de Tilly "Mettons nous tout GNU !" un GNUdiste. From vern at icir.org Wed Apr 9 22:51:17 2003 From: vern at icir.org (Vern Paxson) Date: Wed, 09 Apr 2003 22:51:17 -0700 Subject: Bro CVS In-Reply-To: Your message of 08 Apr 2003 15:22:59 +0200. Message-ID: <200304100551.h3A5pHEo009608@jaguar.icir.org> > In order to make an OpenBSD port, I have to patch Bro but I can't find > any CVS. Bro is not presently available via public CVS. Please send patches to me so I can integrate them into future releases. Vern From sylvain at detilly.net Thu Apr 10 02:26:26 2003 From: sylvain at detilly.net (Sylvain de Tilly) Date: 10 Apr 2003 11:26:26 +0200 Subject: Bro CVS In-Reply-To: <200304100551.h3A5pHEo009608@jaguar.icir.org> References: <200304100551.h3A5pHEo009608@jaguar.icir.org> Message-ID: <87r88aitz1.fsf@mag-laptop.cfssi.net> Vern Paxson writes: > > In order to make an OpenBSD port, I have to patch Bro but I can't find > > any CVS. > > Bro is not presently available via public CVS. Please send patches to > me so I can integrate them into future releases. > > Vern > Hello, I give you what I need to do to compile Bro (0.8a20) with an OpenBSD(3.3) 17 mars Snapshot. 1- Probl?me with TCP_Rewriter.cc : Here, the probl?me I've seen : | g++ -I. -Ilibedit -O -c TCP_Rewriter.cc | TCP_Rewriter.cc: In method `int TCP_TracePacket::Finish(pcap_pkthdr | *&, const u_char *&, int &, unsigned int, unsigned int)': | TCP_Rewriter.cc:350: no match for `bpf_timeval & = timeval' | /usr/include/net/bpf.h:122: candidates are: struct bpf_timeval & | bpf_timeval::operator =(const bpf_timeval &) | *** Error code 1 And to resolve it, I modify a few the "double_to_timeval" function. Here, my changes : | #define MSG_PREFIX "TCP trace rewriter: " | | #ifdef OPENBSD | | static struct bpf_timeval double_to_timeval(double t) | { | struct bpf_timeval tv; | #else | static struct timeval double_to_timeval(double t) | { | struct timeval tv; | #endif | | double t1 = floor(t); | tv.tv_sec = (int) t1; 2- DNS error : | gcc -I. -Ilibedit -O -c nb_dns.c | nb_dns.c:81: `NS_MAXDNAME' undeclared here (not in a function) | nb_dns.c:81: size of array `name' has non-integer type | nb_dns.c: In function `_nb_dns_mkquery': | nb_dns.c:274: `NS_INADDRSZ' undeclared (first use in this function) | nb_dns.c:274: (Each undeclared identifier is reported only once | nb_dns.c:274: for each function it appears in.) | nb_dns.c:279: `NS_IN6ADDRSZ' undeclared (first use in this function) | nb_dns.c:291: `ns_o_query' undeclared (first use in this function) | nb_dns.c:293: `ns_c_in' undeclared (first use in this function) | nb_dns.c: In function `nb_dns_addr_request2': | nb_dns.c:376: `NS_MAXDNAME' undeclared (first use in this function) | nb_dns.c:376: size of array `name' has non-integer type | nb_dns.c:394: `NS_IN6ADDRSZ' undeclared (first use in this function) | nb_dns.c: In function `nb_dns_activity': | nb_dns.c:457: syntax error before `handle' | nb_dns.c:473: `handle' undeclared (first use in this function) | nb_dns.c:516: `ns_f_rcode' undeclared (first use in this function) | nb_dns.c:518: `ns_r_nxdomain' undeclared (first use in this function) | nb_dns.c:523: `ns_r_servfail' undeclared (first use in this function) | nb_dns.c:528: `ns_r_noerror' undeclared (first use in this function) | nb_dns.c:531: `ns_r_formerr' undeclared (first use in this function) | nb_dns.c:532: `ns_r_notimpl' undeclared (first use in this function) | nb_dns.c:533: `ns_r_refused' undeclared (first use in this function) | nb_dns.c:519: warning: unreachable code at beginning of switch statement | nb_dns.c:541: `rr' undeclared (first use in this function) | nb_dns.c:556: `ns_s_an' undeclared (first use in this function) | nb_dns.c:572: warning: assignment makes pointer from integer without a cast | gmake: *** [nb_dns.o] Error 1 To solve it, I had to put the "-I$(BIND9_PATH)/include" flags in the Makefile 3- Link problem : | g++ -o bro main.o net_util.o util.o parse.o scan.o re-parse.o re-scan.o rule-parse.o rule-scan.o Active.o Anon.o Attr.o BackDoor.o BroString.o CCL.o CompHash.o Conn.o DFA.o Debug.o DebugCmds.o DbgBreakpoint.o DbgWatch.o DbgHelp.o Desc.o Dict.o Discard.o DNS.o DNS_Mgr.o EquivClass.o Event.o Expr.o File.o Finger.o Frag.o Frame.o FTP.o Func.o Hash.o HTTP.o ICMP.o ID.o Ident.o InterConn.o IntSet.o List.o Logger.o Login.o MIME.o NFA.o NTP.o NVT.o Net.o NetbiosSSN.o NetVar.o Obj.o PktSrc.o PolicyFile.o Portmap.o PriorityQueue.o Queue.o Reassem.o Rlogin.o RE.o RPC.o Rule.o RuleMatcher.o RuleAction.o RuleCondition.o Scope.o Sessions.o SMTP.o SSH.o SteppingStone.o Stmt.o TCP.o TCP_Rewriter.o Telnet.o Timer.o Type.o UDP.o Val.o Var.o XDR.o cq.o md5.o setsignal.o version.o nb_dns.o -Llibedit -ltermcap -ledit -lpcap -lm | nb_dns.o: Undefined symbol `___res_init' referenced from text segment | nb_dns.o: Undefined symbol `___inet_ntoa' referenced from text segment | nb_dns.o: Undefined symbol `___res_mkquery' referenced from text segment | nb_dns.o: Undefined symbol `___ns_initparse' referenced from text segment | nb_dns.o: Undefined symbol `___ns_msg_getflag' referenced from text segment | nb_dns.o: Undefined symbol `___dn_expand' referenced from text segment | nb_dns.o: Undefined symbol `___ns_parserr' referenced from text segment | readline.c:161: Undefined symbol `_history' referenced from text segment | readline.c:189: Undefined symbol `_el_end' referenced from text segment | readline.c:191: Undefined symbol `_history_end' referenced from text segment | readline.c:204: Undefined symbol `_el_init' referenced from text segment | readline.c:207: Undefined symbol `_el_set' referenced from text segment | readline.c:209: Undefined symbol `_history_init' referenced from text segment | readline.c:213: Undefined symbol `_history' referenced from text segment | readline.c:216: Undefined symbol `_history' referenced from text segment | readline.c:216: Undefined symbol `_el_set' referenced from text segment | readline.c:220: Undefined symbol `_el_set' referenced from text segment | readline.c:221: Undefined symbol `_el_set' referenced from text segment | readline.c:225: Undefined symbol `_el_set' referenced from text segment | readline.c:231: Undefined symbol `_el_set' referenced from text segment | readline.c:234: Undefined symbol `_el_set' referenced from text segment | readline.c:248: Undefined symbol `_el_source' referenced from text segment | readline.c:254: Undefined symbol `_el_line' referenced from text segment | readline.c:285: Undefined symbol `_el_gets' referenced from text segment | readline.c:300: Undefined symbol `_history' referenced from text segment | readline.c:434: Undefined symbol `_history' referenced from text segment | readline.c:448: Undefined symbol `_history' referenced from text segment | readline.c:453: Undefined symbol `_history' referenced from text segment | readline.c:820: Undefined symbol `_history' referenced from text segment | readline.c:834: Undefined symbol `_history' referenced from text segment | readline.c:0: More undefined symbol _history refs follow | readline.c:1455: Undefined symbol `_el_line' referenced from text segment | readline.c:1490: Undefined symbol `_el_deletestr' referenced from text segment | readline.c:1491: Undefined symbol `_el_insertstr' referenced from text segment | readline.c:1510: Undefined symbol `_el_insertstr' referenced from text segment | readline.c:1553: Undefined symbol `_el_beep' referenced from text segment | readline.c:1557: Undefined symbol `_el_beep' referenced from text segment | readline.c:1629: Undefined symbol `_el_getc' referenced from text segment | readline.c:1643: Undefined symbol `_el_reset' referenced from text segment | readline.c:1663: Undefined symbol `_el_push' referenced from text segment | collect2: ld returned 1 exit status | gmake: *** [bro] Error 1 Here, I have to put "libedit/*.o" to the "-Llibedit" place. I think (but It's just my opinion) the linker have a bug here... I've got the 2.95.3 gcc version. 4- Another link problem : | gcc -I. -Ilibedit -O -c nb_dns.c | nb_dns.c:81: `NS_MAXDNAME' undeclared here (not in a function) | nb_dns.c:81: size of array `name' has non-integer type | nb_dns.c: In function `_nb_dns_mkquery': | nb_dns.c:274: `NS_INADDRSZ' undeclared (first use in this function) | nb_dns.c:274: (Each undeclared identifier is reported only once | nb_dns.c:274: for each function it appears in.) | nb_dns.c:279: `NS_IN6ADDRSZ' undeclared (first use in this function) | nb_dns.c:291: `ns_o_query' undeclared (first use in this function) | nb_dns.c:293: `ns_c_in' undeclared (first use in this function) | nb_dns.c: In function `nb_dns_addr_request2': | nb_dns.c:376: `NS_MAXDNAME' undeclared (first use in this function) | nb_dns.c:376: size of array `name' has non-integer type | nb_dns.c:394: `NS_IN6ADDRSZ' undeclared (first use in this function) | nb_dns.c: In function `nb_dns_activity': | nb_dns.c:457: syntax error before `handle' | nb_dns.c:473: `handle' undeclared (first use in this function) | nb_dns.c:516: `ns_f_rcode' undeclared (first use in this function) | nb_dns.c:518: `ns_r_nxdomain' undeclared (first use in this function) | nb_dns.c:523: `ns_r_servfail' undeclared (first use in this function) | nb_dns.c:528: `ns_r_noerror' undeclared (first use in this function) | nb_dns.c:531: `ns_r_formerr' undeclared (first use in this function) | nb_dns.c:532: `ns_r_notimpl' undeclared (first use in this function) | nb_dns.c:533: `ns_r_refused' undeclared (first use in this function) | nb_dns.c:519: warning: unreachable code at beginning of switch statement | nb_dns.c:541: `rr' undeclared (first use in this function) | nb_dns.c:556: `ns_s_an' undeclared (first use in this function) | nb_dns.c:572: warning: assignment makes pointer from integer without a cast | gmake: *** [nb_dns.o] Error 1 Off course, I put the bind include but I need to put the libbind too. That what I do in the Makefile (LIBS variable) : -L$(BIND_PATH) -lbind I think (and It's again my own opinion) the best way to solve the DNS problem is to put in the Bro sources the : bind-9.x.x/lib/bind directory and modify the Makefile. In that way, the depedence with Bind will be solve and I prefer not install bind on my firewall... 5- Yet Another link problem : | g++ -o bro main.o net_util.o util.o parse.o scan.o re-parse.o re-scan.o rule-parse.o rule-scan.o Active.o Anon.o Attr.o BackDoor.o BroString.o CCL.o CompHash.o Conn.o DFA.o Debug.o DebugCmds.o DbgBreakpoint.o DbgWatch.o DbgHelp.o Desc.o Dict.o Discard.o DNS.o DNS_Mgr.o EquivClass.o Event.o Expr.o File.o Finger.o Frag.o Frame.o FTP.o Func.o Hash.o HTTP.o ICMP.o ID.o Ident.o InterConn.o IntSet.o List.o Logger.o Login.o MIME.o NFA.o NTP.o NVT.o Net.o NetbiosSSN.o NetVar.o Obj.o PktSrc.o PolicyFile.o Portmap.o PriorityQueue.o Queue.o Reassem.o Rlogin.o RE.o RPC.o Rule.o RuleMatcher.o RuleAction.o RuleCondition.o Scope.o Sessions.o SMTP.o SSH.o SteppingStone.o Stmt.o TCP.o TCP_Rewriter.o Telnet.o Timer.o Type.o UDP.o Val.o Var.o XDR.o cq.o md5.o setsignal.o version.o nb_dns.o -ltermcap -ledit libedit/*.o -lpcap -lm -L/usr/local/src/bind-9.2.2/lib/bind/ -lbind | irs_data.c:117: Undefined symbol `_pthread_mutex_lock' referenced from text segment | irs_data.c:119: Undefined symbol `_pthread_key_create' referenced from text segment | irs_data.c:120: Undefined symbol `_pthread_mutex_unlock' referenced from text segment | irs_data.c:122: Undefined symbol `_pthread_getspecific' referenced from text segment | irs_data.c:130: Undefined symbol `_pthread_setspecific' referenced from text segment | collect2: ld returned 1 exit status | gmake: *** [bro] Error 1 Here, it's just a pthread librarie which is not link well. Just add -lpthread in the LIBS makefile variable. make & gmake do the same things here. I wish this will help you. Regards, -- Sylvain de Tilly "Mettons nous tout GNU !" un GNUdiste. From bmccarty at apu.edu Sun Apr 13 14:40:56 2003 From: bmccarty at apu.edu (Bill McCarty) Date: Sun, 13 Apr 2003 14:40:56 -0700 Subject: Build problem Message-ID: <414591991.1050244856@[192.168.0.4]> Hi all, I'm having trouble building bro, under Red Hat Linux 7.2. Apparently, there's a problem linking to the resolver library: > g++ -o bro main.o net_util.o util.o parse.o scan.o re-parse.o re-scan.o > rule-parse.o rule-scan.o Active.o Anon.o Attr.o BackDoor.o BroString.o > CCL.o CompHash.o Conn.o DFA.o Debug.o DebugCmds.o DbgBreakpoint.o > DbgWatch.o DbgHelp.o Desc.o Dict.o Discard.o DNS.o DNS_Mgr.o EquivClass.o > Event.o Expr.o File.o Finger.o Frag.o Frame.o FTP.o Func.o Hash.o HTTP.o > ICMP.o ID.o Ident.o InterConn.o IntSet.o List.o Logger.o Login.o MIME.o > NFA.o NTP.o NVT.o Net.o NetbiosSSN.o NetVar.o Obj.o PktSrc.o PolicyFile.o > Portmap.o PriorityQueue.o Queue.o Reassem.o Rlogin.o RE.o RPC.o Rule.o > RuleMatcher.o RuleAction.o RuleCondition.o Scope.o Sessions.o SMTP.o > SSH.o SteppingStone.o Stmt.o TCP.o TCP_Rewriter.o Telnet.o Timer.o Type.o > UDP.o Val.o Var.o XDR.o cq.o md5.o setsignal.o version.o nb_dns.o > -Llibedit -ltermcap -ledit -lresolv -lpcap -lm nb_dns.o: In function > `nb_dns_activity': > nb_dns.o(.text+0x678): undefined reference to `__ns_initparse' > nb_dns.o(.text+0x742): undefined reference to `_ns_flagdata' > nb_dns.o(.text+0x748): undefined reference to `_ns_flagdata' > nb_dns.o(.text+0x9bc): undefined reference to `__ns_parserr' > collect2: ld returned 1 exit status > make: *** [bro] Error 1 Thoughts? Thanks! --------------------------------------------------- Bill McCarty, Ph.D. Associate Professor of Web & Information Technology School of Business and Management Azusa Pacific University From rpang at icir.org Sun Apr 13 15:44:41 2003 From: rpang at icir.org (Ruoming Pang) Date: Sun, 13 Apr 2003 15:44:41 -0700 (PDT) Subject: Build problem In-Reply-To: <414591991.1050244856@[192.168.0.4]> Message-ID: Bill, Below is the answer provided by Olivier Grumelard. Ruoming ---------- Forwarded message ---------- Date: Wed, 4 Dec 2002 08:36:47 +0100 From: grd-pub.56 at NOSPAMnetcourrier.com To: Ruoming Pang Cc: bro at lbl.gov Subject: Re: building bro in linux Hi, You should try linking with "/usr/lib/libresolv.a" instead of "-lresolv" -- the latter uses the dynamic library, libresolv.so, unless you add the "-static" option. Just edit the Makefile accordingly. Good luck, Olivier. On Sun, 13 Apr 2003, Bill McCarty wrote: > Hi all, > > I'm having trouble building bro, under Red Hat Linux 7.2. Apparently, > there's a problem linking to the resolver library: > > > > g++ -o bro main.o net_util.o util.o parse.o scan.o re-parse.o re-scan.o > > rule-parse.o rule-scan.o Active.o Anon.o Attr.o BackDoor.o BroString.o > > CCL.o CompHash.o Conn.o DFA.o Debug.o DebugCmds.o DbgBreakpoint.o > > DbgWatch.o DbgHelp.o Desc.o Dict.o Discard.o DNS.o DNS_Mgr.o EquivClass.o > > Event.o Expr.o File.o Finger.o Frag.o Frame.o FTP.o Func.o Hash.o HTTP.o > > ICMP.o ID.o Ident.o InterConn.o IntSet.o List.o Logger.o Login.o MIME.o > > NFA.o NTP.o NVT.o Net.o NetbiosSSN.o NetVar.o Obj.o PktSrc.o PolicyFile.o > > Portmap.o PriorityQueue.o Queue.o Reassem.o Rlogin.o RE.o RPC.o Rule.o > > RuleMatcher.o RuleAction.o RuleCondition.o Scope.o Sessions.o SMTP.o > > SSH.o SteppingStone.o Stmt.o TCP.o TCP_Rewriter.o Telnet.o Timer.o Type.o > > UDP.o Val.o Var.o XDR.o cq.o md5.o setsignal.o version.o nb_dns.o > > -Llibedit -ltermcap -ledit -lresolv -lpcap -lm nb_dns.o: In function > > `nb_dns_activity': > > nb_dns.o(.text+0x678): undefined reference to `__ns_initparse' > > nb_dns.o(.text+0x742): undefined reference to `_ns_flagdata' > > nb_dns.o(.text+0x748): undefined reference to `_ns_flagdata' > > nb_dns.o(.text+0x9bc): undefined reference to `__ns_parserr' > > collect2: ld returned 1 exit status > > make: *** [bro] Error 1 > > Thoughts? > > Thanks! > > --------------------------------------------------- > Bill McCarty, Ph.D. > Associate Professor of Web & Information Technology > School of Business and Management > Azusa Pacific University > From grd-pub.56 at NOSPAMnetcourrier.com Sun Apr 13 15:48:02 2003 From: grd-pub.56 at NOSPAMnetcourrier.com (grd-pub.56 at NOSPAMnetcourrier.com) Date: Mon, 14 Apr 2003 00:48:02 +0200 Subject: Build problem In-Reply-To: <414591991.1050244856@[192.168.0.4]> References: <414591991.1050244856@[192.168.0.4]> Message-ID: <20030413224640.BA2DFD540@postfix4-1.free.fr> ====== [Source: http://article.gmane.org/gmane.comp.security.detection.bro/69] You should try linking with "/usr/lib/libresolv.a" instead of "-lresolv" -- the latter uses the dynamic library, libresolv.so, unless you add the "-static" option. Just edit the Makefile accordingly. ====== This libresolv issue seems to be common to all Linux distribs (same problem experienced under a couple of RedHat, Debian, and Mandrake versions), and I'm afraid this question will come up over and over again. Could it be fixed cleanly -- that is, using autoconf -- in the official sourcetree ? Regards, Olivier. On Sunday 13 April 2003 11:40 pm, Bill McCarty wrote: > Hi all, > > I'm having trouble building bro, under Red Hat Linux 7.2. Apparently, > > there's a problem linking to the resolver library: > > g++ -o bro main.o net_util.o util.o parse.o scan.o re-parse.o re-scan.o > > rule-parse.o rule-scan.o Active.o Anon.o Attr.o BackDoor.o BroString.o > > CCL.o CompHash.o Conn.o DFA.o Debug.o DebugCmds.o DbgBreakpoint.o > > DbgWatch.o DbgHelp.o Desc.o Dict.o Discard.o DNS.o DNS_Mgr.o EquivClass.o > > Event.o Expr.o File.o Finger.o Frag.o Frame.o FTP.o Func.o Hash.o HTTP.o > > ICMP.o ID.o Ident.o InterConn.o IntSet.o List.o Logger.o Login.o MIME.o > > NFA.o NTP.o NVT.o Net.o NetbiosSSN.o NetVar.o Obj.o PktSrc.o PolicyFile.o > > Portmap.o PriorityQueue.o Queue.o Reassem.o Rlogin.o RE.o RPC.o Rule.o > > RuleMatcher.o RuleAction.o RuleCondition.o Scope.o Sessions.o SMTP.o > > SSH.o SteppingStone.o Stmt.o TCP.o TCP_Rewriter.o Telnet.o Timer.o Type.o > > UDP.o Val.o Var.o XDR.o cq.o md5.o setsignal.o version.o nb_dns.o > > -Llibedit -ltermcap -ledit -lresolv -lpcap -lm nb_dns.o: In function > > `nb_dns_activity': > > nb_dns.o(.text+0x678): undefined reference to `__ns_initparse' > > nb_dns.o(.text+0x742): undefined reference to `_ns_flagdata' > > nb_dns.o(.text+0x748): undefined reference to `_ns_flagdata' > > nb_dns.o(.text+0x9bc): undefined reference to `__ns_parserr' > > collect2: ld returned 1 exit status > > make: *** [bro] Error 1 > > Thoughts? > > Thanks! > > --------------------------------------------------- > Bill McCarty, Ph.D. > Associate Professor of Web & Information Technology > School of Business and Management > Azusa Pacific University From bmccarty at apu.edu Sun Apr 13 16:57:11 2003 From: bmccarty at apu.edu (Bill McCarty) Date: Sun, 13 Apr 2003 16:57:11 -0700 Subject: Build problem In-Reply-To: References: Message-ID: <422766606.1050253031@[192.168.0.4]> Hi Ruoming, Got it, thanks: Now up and running! Cheers, --On Sunday, April 13, 2003 3:44 PM -0700 Ruoming Pang wrote: > Bill, > > Below is the answer provided by Olivier Grumelard. > > Ruoming > > ---------- Forwarded message ---------- > Date: Wed, 4 Dec 2002 08:36:47 +0100 > From: grd-pub.56 at NOSPAMnetcourrier.com > To: Ruoming Pang > Cc: bro at lbl.gov > Subject: Re: building bro in linux > > Hi, > > You should try linking with "/usr/lib/libresolv.a" instead of > "-lresolv" -- > the latter uses the dynamic library, libresolv.so, unless you add the > "-static" option. Just edit the Makefile accordingly. > > Good luck, > > Olivier. > > > On Sun, 13 Apr 2003, Bill McCarty wrote: > >> Hi all, >> >> I'm having trouble building bro, under Red Hat Linux 7.2. Apparently, >> there's a problem linking to the resolver library: >> >> >> > g++ -o bro main.o net_util.o util.o parse.o scan.o re-parse.o re-scan.o >> > rule-parse.o rule-scan.o Active.o Anon.o Attr.o BackDoor.o BroString.o >> > CCL.o CompHash.o Conn.o DFA.o Debug.o DebugCmds.o DbgBreakpoint.o >> > DbgWatch.o DbgHelp.o Desc.o Dict.o Discard.o DNS.o DNS_Mgr.o >> > EquivClass.o Event.o Expr.o File.o Finger.o Frag.o Frame.o FTP.o >> > Func.o Hash.o HTTP.o ICMP.o ID.o Ident.o InterConn.o IntSet.o List.o >> > Logger.o Login.o MIME.o NFA.o NTP.o NVT.o Net.o NetbiosSSN.o NetVar.o >> > Obj.o PktSrc.o PolicyFile.o Portmap.o PriorityQueue.o Queue.o >> > Reassem.o Rlogin.o RE.o RPC.o Rule.o RuleMatcher.o RuleAction.o >> > RuleCondition.o Scope.o Sessions.o SMTP.o SSH.o SteppingStone.o Stmt.o >> > TCP.o TCP_Rewriter.o Telnet.o Timer.o Type.o UDP.o Val.o Var.o XDR.o >> > cq.o md5.o setsignal.o version.o nb_dns.o -Llibedit -ltermcap -ledit >> > -lresolv -lpcap -lm nb_dns.o: In function `nb_dns_activity': >> > nb_dns.o(.text+0x678): undefined reference to `__ns_initparse' >> > nb_dns.o(.text+0x742): undefined reference to `_ns_flagdata' >> > nb_dns.o(.text+0x748): undefined reference to `_ns_flagdata' >> > nb_dns.o(.text+0x9bc): undefined reference to `__ns_parserr' >> > collect2: ld returned 1 exit status >> > make: *** [bro] Error 1 >> >> Thoughts? >> >> Thanks! >> >> --------------------------------------------------- >> Bill McCarty, Ph.D. >> Associate Professor of Web & Information Technology >> School of Business and Management >> Azusa Pacific University >> > > > --------------------------------------------------- Bill McCarty, Ph.D. Associate Professor of Web & Information Technology School of Business and Management Azusa Pacific University From athomas at cc.gatech.edu Sun Apr 13 19:16:40 2003 From: athomas at cc.gatech.edu (Ashley Thomas) Date: Sun, 13 Apr 2003 22:16:40 -0400 Subject: Compilation problem .. Message-ID: <3E9A1A08.1010507@cc.gatech.edu> Hi, I am trying to build the bro--pub-0.8a20. I get the following message while doing a make - g++ -o bro main.o net_util.o util.o parse.o scan.o re-parse.o re-scan.o rule-parse.o rule-scan.o Active.o Anon.o Attr.o BackDoor.o BroString.o CCL.o CompHash.o Conn.o DFA.o Debug.o DebugCmds.o DbgBreakpoint.o DbgWatch.o DbgHelp.o Desc.o Dict.o Discard.o DNS.o DNS_Mgr.o EquivClass.o Event.o Expr.o File.o Finger.o Frag.o Frame.o FTP.o Func.o Hash.o HTTP.o ICMP.o ID.o Ident.o InterConn.o IntSet.o List.o Logger.o Login.o MIME.o NFA.o NTP.o NVT.o Net.o NetbiosSSN.o NetVar.o Obj.o PktSrc.o PolicyFile.o Portmap.o PriorityQueue.o Queue.o Reassem.o Rlogin.o RE.o RPC.o Rule.o RuleMatcher.o RuleAction.o RuleCondition.o Scope.o Sessions.o SMTP.o SSH.o SteppingStone.o Stmt.o TCP.o TCP_Rewriter.o Telnet.o Timer.o Type.o UDP.o Val.o Var.o XDR.o cq.o md5.o setsignal.o version.o nb_dns.o -Llibedit -ltermcap -ledit -lresolv ../libpcap-0.6.2/libpcap.a -lm nb_dns.o: In function `nb_dns_activity': nb_dns.o(.text+0x678): undefined reference to `__ns_initparse' nb_dns.o(.text+0x742): undefined reference to `_ns_flagdata' nb_dns.o(.text+0x748): undefined reference to `_ns_flagdata' nb_dns.o(.text+0x9bc): undefined reference to `__ns_parserr' collect2: ld returned 1 exit status make: *** [bro] Error 1 What is that I am missing.. Any help is appreciated. Thanks. -- Ashley Thomas From bmccarty at apu.edu Sun Apr 13 19:53:52 2003 From: bmccarty at apu.edu (Bill McCarty) Date: Sun, 13 Apr 2003 19:53:52 -0700 Subject: Compilation problem .. In-Reply-To: <3E9A1A08.1010507@cc.gatech.edu> References: <3E9A1A08.1010507@cc.gatech.edu> Message-ID: <433367209.1050263632@[192.168.0.4]> --On Sunday, April 13, 2003 10:16 PM -0400 Ashley Thomas wrote: > Hi, > > I am trying to build the bro--pub-0.8a20. Hi Ashley, A few hours earlier, I posted a similar message to this list . I'm using Red Hat Linux 7.2. In response to advice I received, I manually changed the Makefile as follows: # Delete reference to -lresolv #LIBS = $(LIBEDIT_LIBS) -lresolv -lpcap -lm LIBS = $(LIBEDIT_LIBS) -lpcap -lm # Add reference to /usr/lib/libresolv.a OBJ = main.o net_util.o util.o \ parse.o scan.o re-parse.o re-scan.o rule-parse.o rule-scan.o \ Active.o Anon.o Attr.o BackDoor.o BroString.o CCL.o CompHash.o Conn.o DFA.o \ Debug.o DebugCmds.o DbgBreakpoint.o DbgWatch.o DbgHelp.o \ Desc.o Dict.o Discard.o DNS.o DNS_Mgr.o EquivClass.o Event.o \ Expr.o File.o Finger.o Frag.o Frame.o FTP.o Func.o Hash.o \ HTTP.o ICMP.o ID.o Ident.o InterConn.o IntSet.o List.o Logger.o Login.o \ MIME.o NFA.o NTP.o NVT.o Net.o NetbiosSSN.o NetVar.o Obj.o PktSrc.o \ PolicyFile.o Portmap.o PriorityQueue.o Queue.o Reassem.o \ Rlogin.o RE.o RPC.o Rule.o RuleMatcher.o RuleAction.o \ RuleCondition.o Scope.o Sessions.o SMTP.o SSH.o \ SteppingStone.o Stmt.o TCP.o TCP_Rewriter.o Telnet.o Timer.o Type.o \ UDP.o Val.o Var.o XDR.o \ cq.o md5.o setsignal.o version.o nb_dns.o /usr/lib/libresolv.a Worked great for me! Cheers, --------------------------------------------------- Bill McCarty, Ph.D. Associate Professor of Web & Information Technology School of Business and Management Azusa Pacific University From athomas at cc.gatech.edu Sun Apr 13 19:59:42 2003 From: athomas at cc.gatech.edu (Ashley Thomas) Date: Sun, 13 Apr 2003 22:59:42 -0400 Subject: Compilation problem .. References: <3E9A1A08.1010507@cc.gatech.edu> <433367209.1050263632@[192.168.0.4]> Message-ID: <3E9A241E.9070600@cc.gatech.edu> That was cool - Thanks ! Bill McCarty wrote: > --On Sunday, April 13, 2003 10:16 PM -0400 Ashley Thomas > wrote: > >> Hi, >> >> I am trying to build the bro--pub-0.8a20. > > > Hi Ashley, > > A few hours earlier, I posted a similar message to this list . > > I'm using Red Hat Linux 7.2. In response to advice I received, I > manually changed the Makefile as follows: > > # Delete reference to -lresolv > #LIBS = $(LIBEDIT_LIBS) -lresolv -lpcap -lm > LIBS = $(LIBEDIT_LIBS) -lpcap -lm > > # Add reference to /usr/lib/libresolv.a > OBJ = main.o net_util.o util.o \ > parse.o scan.o re-parse.o re-scan.o rule-parse.o rule-scan.o \ > Active.o Anon.o Attr.o BackDoor.o BroString.o CCL.o CompHash.o > Conn.o DFA.o \ > Debug.o DebugCmds.o DbgBreakpoint.o DbgWatch.o DbgHelp.o \ > Desc.o Dict.o Discard.o DNS.o DNS_Mgr.o EquivClass.o Event.o \ > Expr.o File.o Finger.o Frag.o Frame.o FTP.o Func.o Hash.o \ > HTTP.o ICMP.o ID.o Ident.o InterConn.o IntSet.o List.o Logger.o > Login.o \ > MIME.o NFA.o NTP.o NVT.o Net.o NetbiosSSN.o NetVar.o Obj.o PktSrc.o \ > PolicyFile.o Portmap.o PriorityQueue.o Queue.o Reassem.o \ > Rlogin.o RE.o RPC.o Rule.o RuleMatcher.o RuleAction.o \ > RuleCondition.o Scope.o Sessions.o SMTP.o SSH.o \ > SteppingStone.o Stmt.o TCP.o TCP_Rewriter.o Telnet.o Timer.o Type.o \ > UDP.o Val.o Var.o XDR.o \ > cq.o md5.o setsignal.o version.o nb_dns.o /usr/lib/libresolv.a > > Worked great for me! > > Cheers, > > --------------------------------------------------- > Bill McCarty, Ph.D. > Associate Professor of Web & Information Technology > School of Business and Management > Azusa Pacific University -- Ashley Thomas From sylvain at detilly.net Fri Apr 18 02:50:39 2003 From: sylvain at detilly.net (Sylvain de Tilly) Date: 18 Apr 2003 11:50:39 +0200 Subject: patch for Bro & DSL connection Message-ID: <87r880t9qo.fsf@mag-laptop.cfssi.net> Hello, I wrote a patch (very very crapy code) to enable bro to read IP packet encapsulate in pppoe. This patch only indicate which header size it must skip to read IP packet. I also add a boolean which pass true when the packet is a pppoe signalisation. In that case, the weird module don't log the packet as an not IP packet. If you want to use it, don't forget to put an appropriate filter like this in you personal bro configuration file : redef capture_filter += "ether proto 0x8864" ; The patch is enable here : http://www.detilly.net/bro-0.8a20-pppoe.patch Regards, -- Sylvain de Tilly "Mettons nous tout GNU !" un GNUdiste. From sylvain at detilly.net Tue Apr 29 08:48:43 2003 From: sylvain at detilly.net (Sylvain de Tilly) Date: 29 Apr 2003 17:48:43 +0200 Subject: Segmentation fault, Bro and a Debian Message-ID: <87y91t719f.fsf@mag-laptop.cfssi.net> Hi, I try to use bro under Debian un-stable (today upgrade) and after some light modification, I was able to compile bro. But after that, I 've a segmentation fault... First, modifications : 1- I've some gcc 3.2.3 problem which looks like : | g++ -o bif_parse.o -c bif_parse.cc | builtin-func.y:63: 'vector' is used as a type, but is not defined as a type. | builtin-func.y: In function `int yyparse()': | builtin-func.y:151: `args' undeclared (first use this function) | builtin-func.y:151: (Each undeclared identifier is reported only once for each | function it appears in.) | make: *** [bif_parse.o] Error 1 I solve them by added "using namespace std;" just after the include headers. Same things with Type.h and Anon.h 2- The "yy_current_buffer" (line 474) not declare... I change "if ( yy_current_buffer )" it by "if ( YY_CURRENT_BUFFER )" and the compilation continue. 3- I replace '#include ' by '#include ' because, hash_map wasn't founded. This work fine but added a warning like that: | /usr/include/c++/3.2/backward/backward_warning.h:32:2: warning: | #warning This file includes at least one deprecated or antiquated | header. Please consider using one of the 32 headers found in section | 17.4.1.2 of the C++ standard. Examples include substituting the | header for the header for C++ includes, or instead of | the deprecated header . To disable this warning use | -Wno-deprecated. 4- The function isspace wasn't founded too in Debug.cc, so I added "#include " 5- The DebugCmds.cc file generate a problem too : | g++ -I. -Ilibedit -O -Ilinux-include -c DebugCmds.cc | DebugCmds.cc: In function `int find_all_matching_cmds(const std::string&, const | char**)': | DebugCmds.cc:164: invalid conversion from `const char*' to `unsigned int' | DebugCmds.cc:164: initializing argument 1 of `int std::basic_string<_CharT, | _Traits, _Alloc>::compare(_Alloc::size_type, _Alloc::size_type, const | _CharT*) const [with _CharT = char, _Traits = std::char_traits, _Alloc | = std::allocator]' | DebugCmds.cc:164: invalid conversion from `unsigned int' to `const char*' | DebugCmds.cc:164: initializing argument 3 of `int std::basic_string<_CharT, | _Traits, _Alloc>::compare(_Alloc::size_type, _Alloc::size_type, const | _CharT*) const [with _CharT = char, _Traits = std::char_traits, _Alloc | = std::allocator]' | make: *** [DebugCmds.o] Error 1 I just change "if ( prefix.compare(curr_name, 0, arglen ) )" by "if ( prefix.compare(arglen, 0, curr_name ) )" 6- A classical link problem with bro compilation under Linux, solve by replacing: "-lresolv" by "/usr/lib/resolv.a" in the Makefile. After that, the compilation go to the end but, when I compile bro with the -g flag and run gdb, I could see that: | (gdb) r -i eth0 | Starting program: /usr/local/src/bro-pub-0.8a20/bro -i eth0 | | Program received signal SIGSEGV, Segmentation fault. | 0x401b3364 in strcmp () from /lib/libc.so.6 | (gdb) bt | #0 0x401b3364 in strcmp () from /lib/libc.so.6 | #1 0x0804db83 in streq(char const*, char const*) (s1=0x0, s2=0x0) | at util.cc:54 | #2 0x0809e5c9 in BroObj::SetLocationInfo(Location const*, Location const*) ( | this=0x812ffb8, start=0xbfffe24c, end=0xbfffe24c) at Obj.cc:99 | #3 0x0805c6ff in Attr (this=0x812ffb8, t=ATTR_OPTIONAL, e=0x0) at Attr.cc:42 | #4 0x0805070e in yyparse() () at parse.y:868 | #5 0x0804cb93 in main (argc=135439840, argv=0xbffffdd4) at main.cc:328 | (gdb) p start_location -> first_line | $1 = 137 | (gdb) p start_location -> last_line | $2 = 137 I know that I've done too much modification from original sources... But via some fprintf, I discover that, in the previous call to this function, the Locations was in the bro.init file. Does anybody have an idea ? Thanks for all. Regards, -- Sylvain de Tilly "Mettons nous tout GNU !" un GNUdiste. ps: Sorry for my poor English.