[Bro] new Bro releases
rmkml
rmkml at wanadoo.fr
Fri Sep 10 00:51:49 PDT 2004
Sorry for my post,
bison/byacc are src/Makefile
Regards
Rmkml at Wanadoo.fr
On Fri, 10 Sep 2004, rmkml wrote:
> Date: Fri, 10 Sep 2004 09:46:10 +0200 (CEST)
> From: rmkml <rmkml at wanadoo.fr>
> To: Vern Paxson <vern at icir.org>
> Cc: bro at bro-ids.org
> Subject: Re: [Bro] new Bro releases
>
> Hi,
>
> I am compiled pb on 09a4 (not pb before this version),
>
> Im not found YACC/bison in Makefile,
>
> $ make
> ...
> bison -y -d -t -v builtin-func.y
> flex -obif_lex.cc builtin-func.l
> g++ -o bif_lex.o -c bif_lex.cc
> g++ -o bif_parse.o -c bif_parse.cc
> y.tab.c: In function `int yyparse()':
> y.tab.c:1705: syntax error before `goto'
> *** Error code 1
>
> Possible help me please ?
> before release, Im changed in Makefile : bison -> byacc
> but on this release, Im not found bison in Makefile
>
>
> second light pb :
> $ ./configure
> ...
> config.status: creating aux/adtrace/Makefile
> config.status: error: cannot find input file: aux/adtrace/Makefile.in
>
>
> Im use bro on freebsd v4.10R.
>
> Thanks
>
> Rmkml at Wanadoo.fr
>
>
>
> On Wed, 8 Sep 2004, Vern Paxson wrote:
>
>> Date: Wed, 08 Sep 2004 19:24:29 -0700
>> From: Vern Paxson <vern at icir.org>
>> To: bro at bro-ids.org
>> Subject: [Bro] new Bro releases
>>
>> New CURRENT (0.9a4) and STABLE (0.8a88) releases are now available from:
>>
>> ftp://bro-ids.org/bro-pub-0.9-current.tar.gz
>> ftp://bro-ids.org/bro-pub-0.8-stable.tar.gz
>>
>> The CURRENT release includes some incompatible changes to file formats and
>> environment variables. NOTE: file formats for the "alert" and "signature"
>> logs are likely to change again in the near future. In addition, there
>> will soon be another release in which the current "log" and "alert" terms
>> are renamed (to "alarm" and "notice", respectively).
>>
>> There are also some bug fixes, new features, and changes to the
>> distribution's
>> directory structure, file formats, and environment variables, per the
>> appended change log.
>>
>> The STABLE release fixes a bug:
>>
>>> - Fixed broken VLAN support (integration of original patch was
>>> incomplete).
>>
>> per the appended patch.
>>
>> Vern
>>
>>
>> -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>
>>
>> 0.9a4 Wed Sep 8 17:33:54 PDT 2004
>>
>> - The directory structure of the Bro distribution has changed (Jason Lee).
>> The source code is now in a subdirectory, src/, and the scripts
>> snort2bro (and snort2bro.cfg) and make-ftp-safe-vocabulary.awk have
>> been moved into scripts/.
>>
>> - "make install" has been revamped (Jason Lee).
>>
>> - The format of the alert log file has changed. Fields in it are
>> colon-separated. THIS WILL LIKELY CHANGE SOON.
>>
>> - The policy for formatting signature matches has been revamped,
>> including colon-separated fields in the signature log file
>> (Roger Winslow). THIS WILL LIKELY CHANGE SOON.
>>
>> - The BRO_ID environment variable has been renamed BRO_LOG_SUFFIX.
>>
>> - A new flag, -e, lets you specify Bro code to execute via the command
>> line (Christian Kreibich). So, for example,
>>
>> bro -r mytrace.tcpdump -e 'redef traditional_conn_format = T' tcp
>>
>> will run tcp.bro on the trace "mytrace.tcpdump", but with
>> traditional_conn_format redefined to be true. Note that statements
>> have an implicit ';' added to them for convenience.
>>
>> - A new signature alert, "MultipleSigResponders", is generated if a
>> host triggers the same signature on multiple responders.
>>
>> - Bro now supports "packet profiling", which provides fairly fine-grained
>> statistics on number of packets processed, volume, elapsed
>> real/user/system
>> time, and change in memory consumption (Holger Dreger). Three variables
>> control the output. The double pkt_profile_freq controls the frequency
>> of output. The units in which it's interpreted depends on the setting
>> of the pkt_profile_mode variable (which is of type pkt_profile_modes,
>> an enum). A value of PKT_PROFILE_MODE_SECS means that statistics
>> are generated every pkt_profile_freq seconds; PKT_PROFILE_MODE_PKTS
>> means every pkt_profile_freq packets; and PKT_PROFILE_MODE_BYTES, every
>> pkt_profile_freq bytes. The default (PKT_PROFILE_MODE_NONE) means
>> to not generate packet profiling.
>>
>> Packet profiling is written to the new log file, pkt_profile_file.
>> If you "@load pkt-profile", you can turn on packet profiling using
>> some handy defaults.
>>
>> - statistics.bro now reports on how many TCP connections are in
>> <originator-state, responder-state> for the different TCP endpoint
>> states (SYN sent, SYN ack'd, connection established, etc.).
>> Contributed by Holger Dreger.
>>
>> - tcp_content_delivery_ports_{orig,resp} are now table's of bool rather
>> than set's (Ruoming Pang). The semantics are that if you have a
>> tcp_contents event handler, then if the orig/resp port is in the given
>> table *and the yield value is T*, then the event will be invoked. This
>> allows you to now explicitly skip over some ports.
>>
>> - The processing of default values in tables has been changed internally
>> (Ruoming Pang). It's possible this has introduced some subtle bugs
>> (as some of these came up during testing).
>>
>> - A serious bug in Base64 processing has been fixed (Ruoming Pang).
>>
>> - The NetBIOS and SMB analyzers have been updated in minor ways
>> (Ruoming Pang).
>>
>> - statistics.bro now reports a "lag" figure indicating the elasped
>> time between the last expired timer's target expiration time and
>> the current packet timestamp (Robin Sommer). Lag can grow if Bro
>> is getting behind in timer expiration due to the setting of
>> max_timer_expires.
>>
>> - Bro's default filter is now "tcp or udp or icmp" rather than
>> "tcp or udp".
>>
>> - alert_info records now have an optional port associated with them
>> (for example, to be used to describe scan activity).
>>
>> - A bug has been fixed in which deleting a table element with an
>> associated timer could crash Bro (Robin Sommer).
>>
>> - A bug that would cause a crash for malformed EPASV directives
>> has been fixed (Robin Sommer).
>>
>> - A bug with inactivity timeouts not being generated for partial
>> connections has been fixed (Robin Sommer).
>>
>> - A bug in synflood.bro has been fixed (Robin Sommer).
>>
>> - Some tuning adjustments to incremental expiration of table entries
>> (Robin Sommer).
>>
>> - Improved portability to Darwin (Christian Kreibich).
>>
>> - alert_info records now have additional optional fields, "iconn"
>> (associated ICMP connection), "dst" (destination address), and
>> "p" (associated port). The source_is_responder fields has been
>> removed.
>>
>> - The default packet filter now includes "icmp".
>>
>> - Some memory allocation/free mismatches & minor leaks (Robin Sommer).
>>
>> - Minor tweaks to ssl.bro (Robin Sommer).
>>
>> - Bro now supports "null" link layers (Christian Kreibich).
>>
>> - aux/adtrace contains a program that spits out MAC/IP information
>> from traces (Holger Dreger).
>>
>> - The formatting of "weird" messages that have additional parameters
>> has been changed to be more regularized with other "weird" messages.
>>
>> - The new "weird" type "base64_illegal_encoding" takes the place of
>> some previously unstructured Base64 "weird" errors.
>>
>> - A tweak to ftp.bro will give it slightly more consistent results
>> for some forms of unusual traffic.
>>
>>
>> -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>
>>
>> diff -ru bro-pub-0.8a87/CHANGES bro-pub-0.8a88/CHANGES
>> --- bro-pub-0.8a87/CHANGES Sun Jul 11 10:26:36 2004
>> +++ bro-pub-0.8a88/CHANGES Wed Sep 8 17:56:23 2004
>> @@ -3,6 +3,11 @@
>> -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>
>>
>> +0.8a88 Wed Sep 8 17:56:03 PDT 2004
>> +
>> +- A serious bug in Base64/MIME processing has been fixed (Ruoming Pang).
>> +
>> +
>> 0.8a87 Sun Jul 11 10:26:35 PDT 2004
>>
>> - Fixed broken VLAN support (integration of original patch was incomplete).
>> diff -ru bro-pub-0.8a87/VERSION bro-pub-0.8a88/VERSION
>> --- bro-pub-0.8a87/VERSION Sun Jul 11 10:23:57 2004
>> +++ bro-pub-0.8a88/VERSION Wed Sep 8 17:55:55 2004
>> @@ -1 +1 @@
>> -0.8a87
>> +0.8a88
>> diff -ru bro-pub-0.8a87/Base64.cc bro-pub-0.8a88/Base64.cc
>> --- bro-pub-0.8a87/Base64.cc Sun Jun 6 10:42:38 2004
>> +++ bro-pub-0.8a88/Base64.cc Wed Sep 8 17:56:27 2004
>> @@ -60,33 +60,10 @@
>> *pbuf = buf = new char[blen];
>> }
>>
>> - int rlen = 0;
>> - int dlen;
>> + int dlen = 0;
>>
>> - for ( dlen = 0; dlen < len; ++dlen )
>> + while ( 1 )
>> {
>> - if ( data[dlen] == '=' )
>> - ++base64_padding;
>> -
>> - int k = base64_table[(unsigned char) data[dlen]];
>> - if ( k < 0 )
>> - {
>> - if ( ++errored == 1 )
>> - // ### This and the next one should be
>> - // a Weird, not a run-time error.
>> - IllegalEncoding(fmt("character %d ignored by
>> Base64 decoding", (int) (data[dlen])));
>> - continue;
>> - }
>> -
>> - // Stop decoding if we don't have enough buffer.
>> - if ( base64_group_next < 3 )
>> - {
>> - if ( ++rlen > blen )
>> - break;
>> - }
>> -
>> - base64_group[base64_group_next++] = k;
>> -
>> if ( base64_group_next == 4 )
>> {
>> // For every group of 4 6-bit numbers,
>> @@ -99,14 +76,17 @@
>> continue;
>> }
>>
>> + int num_octets = 3 - base64_padding;
>> +
>> + if ( buf + num_octets > *pbuf + blen )
>> + break;
>> +
>> uint32 bit32 =
>> ((base64_group[0] & 0x3f) << 18) |
>> ((base64_group[1] & 0x3f) << 12) |
>> ((base64_group[2] & 0x3f) << 6) |
>> ((base64_group[3] & 0x3f));
>>
>> - int num_octets = 3 - base64_padding;
>> -
>> if ( --num_octets >= 0 )
>> *buf++ = char((bit32 >> 16) & 0xff);
>>
>> @@ -122,6 +102,23 @@
>> base64_group_next = 0;
>> base64_padding = 0;
>> }
>> +
>> + if ( dlen >= len )
>> + break;
>> +
>> + if ( data[dlen] == '=' )
>> + ++base64_padding;
>> +
>> + int k = base64_table[(unsigned char) data[dlen]];
>> + if ( k >= 0 )
>> + base64_group[base64_group_next++] = k;
>> + else
>> + {
>> + if ( ++errored == 1 )
>> + IllegalEncoding(fmt("character %d ignored by
>> Base64 decoding", (int) (data[dlen])));
>> + }
>> +
>> + ++dlen;
>> }
>>
>> *pblen = buf - *pbuf;
>> @@ -134,7 +131,8 @@
>>
>> if ( base64_group_next != 0 )
>> {
>> - IllegalEncoding(fmt("incomplete base64 group, padding with %d
>> bits of 0", (4-base64_group_next) * 6));
>> + if ( base64_group_next < 4 )
>> + IllegalEncoding(fmt("incomplete base64 group, padding
>> with %d bits of 0", (4-base64_group_next) * 6));
>> Decode(4 - base64_group_next, padding, pblen, pbuf);
>> return -1;
>> }
>> _______________________________________________
>> Bro mailing list
>> Bro at ICSI.Berkeley.EDU
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
More information about the Bro
mailing list