[Bro] about binpac processchunk
Leonardo Francalanci
Leonardo.Francalanci at commprove.com
Mon Oct 6 08:12:40 PDT 2008
Anyone?
How are you supposed to process chunks of data from binpac?
-----Original Message-----
From: bro-bounces at ICSI.Berkeley.EDU [mailto:bro-bounces at ICSI.Berkeley.EDU] On Behalf Of Leonardo Francalanci
Sent: venerdì 3 ottobre 2008 13.38
To: bro at ICSI.Berkeley.EDU
Subject: [Bro] about binpac processchunk
Hi,
I'm using http://bro-ids.org/wiki/index.php/BinPAC_Userguide to build an http parser.
1) binpac_pcre.h, as specified in the doc, doesn't compile; there is a double "}" at the end of int Compile() {
2) I can't use "processchunk" as decribed in "binpac: A yacc for Writing Application Protocol Parsers" because I get:
./http-protocol.pac:114: syntax error, at or near "&" (yychar=38)
where line 114 is:
&processchunk($context.flow.process_body($chunk));
I couldn't find (using grep) any reference to the string "processchunk" in the sources.
How am I supposed to read the $chunk buffer of the body?
Thank you
Leonardo
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list