[Bro] about binpac processchunk

Leonardo Francalanci Leonardo.Francalanci at commprove.com
Fri Oct 3 11:37:56 PDT 2008


Hi,

I'm using http://bro-ids.org/wiki/index.php/BinPAC_Userguide to build an http parser.

1) binpac_pcre.h, as specified in the doc, doesn't compile; there is a double "}" at the end of
int Compile() {

2) I can't use "processchunk" as decribed in "binpac: A yacc for Writing Application Protocol Parsers" because I get:

./http-protocol.pac:114:  syntax error, at or near "&" (yychar=38)

where line 114 is:

&processchunk($context.flow.process_body($chunk));


I couldn't find (using grep) any reference to the string "processchunk" in the sources.

How am I supposed to read the $chunk buffer of the body?


Thank you

Leonardo




More information about the Bro mailing list