From damned_reverie at yahoo.com Sat May 1 10:15:12 2010 From: damned_reverie at yahoo.com (Adil butt) Date: Sat, 1 May 2010 10:15:12 -0700 (PDT) Subject: [Bro] gcc error while compiling bro Message-ID: <970252.22226.qm@web45213.mail.sp1.yahoo.com> I am trying to configure BRO IDS here at one of the labs but I am running into problems while executing "make". Error Code: broccoli_intern_wrap.c: In function ?pyObjToVal?: broccoli_intern_wrap.c:2724: warning: pointer targets in assignment differ in signedness broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_set?: broccoli_intern_wrap.c:4649: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_get?: broccoli_intern_wrap.c:4672: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_set?: broccoli_intern_wrap.c:4702: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_get?: broccoli_intern_wrap.c:4725: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_link_type_set?: broccoli_intern_wrap.c:4755: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_link_type_get?: broccoli_intern_wrap.c:4778: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_set?: broccoli_intern_wrap.c:4789: error: storage size of ?arg2? isn?t known broccoli_intern_wrap.c:4811: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4814: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4789: warning: unused variable ?arg2? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_get?: broccoli_intern_wrap.c:4826: error: storage size of ?result? isn?t known broccoli_intern_wrap.c:4837: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to incomplete type ?struct pcap_pkthdr? broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to incomplete type ?struct pcap_pkthdr? broccoli_intern_wrap.c:4826: warning: unused variable ?result? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_set?: broccoli_intern_wrap.c:4867: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_get?: broccoli_intern_wrap.c:4890: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_set?: broccoli_intern_wrap.c:4923: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4925: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_get?: broccoli_intern_wrap.c:4950: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_new_bro_packet?: broccoli_intern_wrap.c:4963: error: invalid application of ?sizeof? to incomplete type ?struct bro_packet? . . . error: command 'gcc' failed with exit status 1 make[4]: *** [pybroccoli] Error 1 make[4]: Leaving directory `/home/adil/Downloads/bro-1.5.1/aux/broctl' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/adil/Downloads/bro-1.5.1/aux' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/adil/Downloads/bro-1.5.1/aux' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/adil/Downloads/bro-1.5.1' make: *** [all] Error 2 ----- Please note that I have completed configure successfully by executing ./configure --enable-shippedpcap I have installed all the required packages including the corresponding devel packages (including python-dev) but still no luck. Any help is appreciated. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100501/c2f7cbae/attachment.html From vern at icir.org Sun May 2 01:43:56 2010 From: vern at icir.org (Vern Paxson) Date: Sun, 02 May 2010 01:43:56 -0700 Subject: [Bro] question about event http_stats In-Reply-To: (Wed, 28 Apr 2010 14:06:28 EDT). Message-ID: <201005020843.o428huYQ006066@pork.ICSI.Berkeley.EDU> > #global http_stats: event(c: connection, stats: http_stats_rec); > > the http_stats event, I think it is raised when one http session is > done? But why > the stats$num_requests can be 0? I would expect (and looking briefly at the code this appears to be true) that an http_stats event is generated whenever an HTTP connection finishes, even if nothing happened during the connection (no GET request, just a SYN handshake). If so, then it would make sense that such unproductive sessions have $num_requests equal to 0. > I noticed in the http.bro, there is one handler for this event but > then annotated. I'm not following this comment ... Vern From yasein.nk at gmail.com Sun May 2 08:26:57 2010 From: yasein.nk at gmail.com (Sen Yang) Date: Sun, 2 May 2010 11:26:57 -0400 Subject: [Bro] question about event http_stats In-Reply-To: <201005020843.o428huYQ006066@pork.ICSI.Berkeley.EDU> References: <201005020843.o428huYQ006066@pork.ICSI.Berkeley.EDU> Message-ID: Thanks Vern. I mean in the $brohome /share/bro/ folder, the http.bro file. It have an event handler for the http_stats event. But made invalid using "#". I thought it was because stats$num_requests is 0. But get over it. Thanks Sen On Sun, May 2, 2010 at 4:43 AM, Vern Paxson wrote: >> #global http_stats: event(c: connection, stats: http_stats_rec); >> >> the http_stats event, I think it is raised when one http session is >> done? But why >> the stats$num_requests can be 0? > > I would expect (and looking briefly at the code this appears to be true) > that an http_stats event is generated whenever an HTTP connection finishes, > even if nothing happened during the connection (no GET request, just a > SYN handshake). ?If so, then it would make sense that such unproductive > sessions have $num_requests equal to 0. > >> I noticed in the http.bro, there is one handler for this event but >> then annotated. > > I'm not following this comment ... > > ? ? ? ? ? ? ? ?Vern > From JAzoff at uamail.albany.edu Mon May 3 11:21:32 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Mon, 3 May 2010 14:21:32 -0400 Subject: [Bro] gcc error while compiling bro In-Reply-To: <970252.22226.qm@web45213.mail.sp1.yahoo.com> References: <970252.22226.qm@web45213.mail.sp1.yahoo.com> Message-ID: <20100503182129.GA5653@datacomm.albany.edu> On Sat, May 01, 2010 at 01:15:12PM -0400, Adil butt wrote: > > > I am trying to configure BRO IDS here at one of the labs but I am running into problems while executing "make". > > Error Code: > broccoli_intern_wrap.c: In function ?pyObjToVal?: Looks like you skipped the earlier error that mentioned python.h was missing.. you need to install the python-dev package(or whatever your distribution calls it) -- -- Justin Azoff -- Network Security & Performance Analyst From adayadil.thomas at gmail.com Wed May 5 09:51:05 2010 From: adayadil.thomas at gmail.com (Adayadil Thomas) Date: Wed, 5 May 2010 12:51:05 -0400 Subject: [Bro] Question about binpac Message-ID: Hello and greetings. I have bro-1.4 source. In the aux/binpac/src directory, there is the pac_scan.cc file that is generated using flex as the comment says. Is this pre-generated rather than at make time? Since I am not familiar with the flex, could someone shed some light on how that is created? I could not find if there was a line in the makefile for that. Any help is much appreciated. -Thanks From iqbalf at ucalgary.ca Sat May 8 17:25:39 2010 From: iqbalf at ucalgary.ca (Faisal Iqbal) Date: Sat, 08 May 2010 18:25:39 -0600 Subject: [Bro] Bro Installation Problem - Python/GCC Message-ID: <1273364739.3394.2.camel@ubuntu.cpsc.ucalgary.ca> Hi, I've installed Bro 1.5.1 on a Ubuntu 9.04 machine and its working fine however when I try to install the same version on RHEL 5 machine I'm getting errors during compile. More specifically, it gives gcc errors for broccoli_intern_wrap.c file. I have python/gcc etc on that machine and I'm using shipped version of pcap [that is the only big difference between two machines apart from OS I think]. Below is the output of make ************************************************************************* running build running build_py running build_ext building '_broccoli_intern' extension gcc -pthread -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/home/iqbalf/bro/bro-1.5.1/aux/broccoli/src -fPIC -I../../src -I/usr/local/include/python2.6 -c broccoli_intern_wrap.c -o /home/iqbalf/bro/bro-1.5.1/aux/broctl/.python-build/temp.linux-i686-2.6/broccoli_intern_wrap.o broccoli_intern_wrap.c: In function ?valToPyObj?: broccoli_intern_wrap.c:2638: warning: pointer targets in passing argument 1 of ?PyString_FromStringAndSize? differ in signedness broccoli_intern_wrap.c: In function ?pyObjToVal?: broccoli_intern_wrap.c:2724: warning: pointer targets in assignment differ in signedness broccoli_intern_wrap.c: In function ?event_callback?: broccoli_intern_wrap.c:2818: warning: suggest explicit braces to avoid ambiguous ?else? broccoli_intern_wrap.c: In function ?_wrap_BroCtx_lock_func_set?: broccoli_intern_wrap.c:3236: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_BroCtx_id_func_set?: broccoli_intern_wrap.c:3288: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_create_func_set?: broccoli_intern_wrap.c:3340: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_lock_func_set?: broccoli_intern_wrap.c:3392: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_free_func_set?: broccoli_intern_wrap.c:3444: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_set?: broccoli_intern_wrap.c:4649: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_get?: broccoli_intern_wrap.c:4672: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_set?: broccoli_intern_wrap.c:4702: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_get?: broccoli_intern_wrap.c:4725: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_link_type_set?: broccoli_intern_wrap.c:4755: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_link_type_get?: broccoli_intern_wrap.c:4778: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_set?: broccoli_intern_wrap.c:4789: error: storage size of ?arg2? isn?t known broccoli_intern_wrap.c:4811: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4814: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4789: warning: unused variable ?arg2? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_get?: broccoli_intern_wrap.c:4826: error: storage size of ?result? isn?t known broccoli_intern_wrap.c:4837: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to incomplete type ?struct pcap_pkthdr? broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to incomplete type ?struct pcap_pkthdr? broccoli_intern_wrap.c:4826: warning: unused variable ?result? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_set?: broccoli_intern_wrap.c:4867: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_get?: broccoli_intern_wrap.c:4890: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_set?: broccoli_intern_wrap.c:4923: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4925: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_get?: broccoli_intern_wrap.c:4950: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_new_bro_packet?: broccoli_intern_wrap.c:4963: error: invalid application of ?sizeof? to incomplete type ?struct bro_packet? broccoli_intern_wrap.c: In function ?_wrap_bro_event_add_val?: broccoli_intern_wrap.c:5585: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ?_wrap_bro_event_set_val?: broccoli_intern_wrap.c:5655: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ?_wrap_bro_event_registry_add?: broccoli_intern_wrap.c:5846: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_bro_record_add_val?: broccoli_intern_wrap.c:6810: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ?_wrap_bro_record_set_nth_val?: broccoli_intern_wrap.c:6996: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ?_wrap_bro_record_set_named_val?: broccoli_intern_wrap.c:7067: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ?_wrap_bro_table_foreach?: broccoli_intern_wrap.c:7252: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_bro_set_foreach?: broccoli_intern_wrap.c:7450: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_bro_conn_set_packet_ctxt?: broccoli_intern_wrap.c:7519: warning: implicit declaration of function ?bro_conn_set_packet_ctxt? broccoli_intern_wrap.c: In function ?_wrap_bro_conn_get_packet_ctxt?: broccoli_intern_wrap.c:7549: warning: implicit declaration of function ?bro_conn_get_packet_ctxt? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_new?: broccoli_intern_wrap.c:7590: warning: implicit declaration of function ?bro_packet_new? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_clone?: broccoli_intern_wrap.c:7614: warning: implicit declaration of function ?bro_packet_clone? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_free?: broccoli_intern_wrap.c:7635: warning: implicit declaration of function ?bro_packet_free? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_send?: broccoli_intern_wrap.c:7666: warning: implicit declaration of function ?bro_packet_send? error: command 'gcc' failed with exit status 1 make[4]: *** [pybroccoli] Error 1 make[4]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux/broctl' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/iqbalf/bro/bro-1.5.1' make: *** [all] Error 2 ************************************************************************* I get similar output if just try to run setup.py in aux/broccoli/bindings/python Note that I didn't have any trouble in configure and it found everything it needed [with shipped pcap switch] I tried searching the mailing list and other resources but couldn't find anything about this or a similar error. I'll greatly appreciate if you could help me in this matter as I'm stuck on this for several days. Do tell me if you need anything else or a complete output for configure/make Thank you for your time :) Faisal iqbal P.S. python version 2.6.1 gcc/g++ version 4.1.2 From iqbalf at ucalgary.ca Sat May 8 22:01:58 2010 From: iqbalf at ucalgary.ca (Faisal Iqbal) Date: Sat, 8 May 2010 23:01:58 -0600 (MDT) Subject: [Bro] Bro Installation Problem - Python/GCC‏ Message-ID: <4bd37202e4f4649038712e5630ad4df6.squirrel@webmail.ucalgary.ca> Hi, I've installed Bro 1.5.1 on a Ubuntu 9.04 machine and its working fine however when I try to install the same version on RHEL 5 machine I'm getting errors during compile. More specifically, it gives gcc errors for broccoli_intern_wrap.c file. I have python/gcc etc on that machine and I'm using shipped version of pcap [that is the only big difference between two machines apart from OS I think]. Below is the output of make ************************************************************************* running build running build_py running build_ext building '_broccoli_intern' extension gcc -pthread -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/home/iqbalf/bro/bro-1.5.1/aux/broccoli/src -fPIC -I../../src -I/usr/local/include/python2.6 -c broccoli_intern_wrap.c -o /home/iqbalf/bro/bro-1.5.1/aux/broctl/.python-build/temp.linux-i686-2.6/broccoli_intern_wrap.o broccoli_intern_wrap.c: In function ?valToPyObj?: broccoli_intern_wrap.c:2638: warning: pointer targets in passing argument 1 of ?PyString_FromStringAndSize? differ in signedness broccoli_intern_wrap.c: In function ?pyObjToVal?: broccoli_intern_wrap.c:2724: warning: pointer targets in assignment differ in signedness broccoli_intern_wrap.c: In function ?event_callback?: broccoli_intern_wrap.c:2818: warning: suggest explicit braces to avoid ambiguous ?else? broccoli_intern_wrap.c: In function ?_wrap_BroCtx_lock_func_set?: broccoli_intern_wrap.c:3236: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_BroCtx_id_func_set?: broccoli_intern_wrap.c:3288: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_create_func_set?: broccoli_intern_wrap.c:3340: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_lock_func_set?: broccoli_intern_wrap.c:3392: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_free_func_set?: broccoli_intern_wrap.c:3444: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_set?: broccoli_intern_wrap.c:4649: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_get?: broccoli_intern_wrap.c:4672: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_set?: broccoli_intern_wrap.c:4702: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_get?: broccoli_intern_wrap.c:4725: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_link_type_set?: broccoli_intern_wrap.c:4755: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_link_type_get?: broccoli_intern_wrap.c:4778: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_set?: broccoli_intern_wrap.c:4789: error: storage size of ?arg2? isn?t known broccoli_intern_wrap.c:4811: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4814: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4789: warning: unused variable ?arg2? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_get?: broccoli_intern_wrap.c:4826: error: storage size of ?result? isn?t known broccoli_intern_wrap.c:4837: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to incomplete type ?struct pcap_pkthdr? broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to incomplete type ?struct pcap_pkthdr? broccoli_intern_wrap.c:4826: warning: unused variable ?result? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_set?: broccoli_intern_wrap.c:4867: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_get?: broccoli_intern_wrap.c:4890: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_set?: broccoli_intern_wrap.c:4923: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c:4925: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_get?: broccoli_intern_wrap.c:4950: error: dereferencing pointer to incomplete type broccoli_intern_wrap.c: In function ?_wrap_new_bro_packet?: broccoli_intern_wrap.c:4963: error: invalid application of ?sizeof? to incomplete type ?struct bro_packet? broccoli_intern_wrap.c: In function ?_wrap_bro_event_add_val?: broccoli_intern_wrap.c:5585: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ?_wrap_bro_event_set_val?: broccoli_intern_wrap.c:5655: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ?_wrap_bro_event_registry_add?: broccoli_intern_wrap.c:5846: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_bro_record_add_val?: broccoli_intern_wrap.c:6810: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ?_wrap_bro_record_set_nth_val?: broccoli_intern_wrap.c:6996: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ?_wrap_bro_record_set_named_val?: broccoli_intern_wrap.c:7067: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function ?_wrap_bro_table_foreach?: broccoli_intern_wrap.c:7252: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_bro_set_foreach?: broccoli_intern_wrap.c:7450: warning: dereferencing type-punned pointer will break strict-aliasing rules broccoli_intern_wrap.c: In function ?_wrap_bro_conn_set_packet_ctxt?: broccoli_intern_wrap.c:7519: warning: implicit declaration of function ?bro_conn_set_packet_ctxt? broccoli_intern_wrap.c: In function ?_wrap_bro_conn_get_packet_ctxt?: broccoli_intern_wrap.c:7549: warning: implicit declaration of function ?bro_conn_get_packet_ctxt? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_new?: broccoli_intern_wrap.c:7590: warning: implicit declaration of function ?bro_packet_new? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_clone?: broccoli_intern_wrap.c:7614: warning: implicit declaration of function ?bro_packet_clone? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_free?: broccoli_intern_wrap.c:7635: warning: implicit declaration of function ?bro_packet_free? broccoli_intern_wrap.c: In function ?_wrap_bro_packet_send?: broccoli_intern_wrap.c:7666: warning: implicit declaration of function ?bro_packet_send? error: command 'gcc' failed with exit status 1 make[4]: *** [pybroccoli] Error 1 make[4]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux/broctl' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/iqbalf/bro/bro-1.5.1' make: *** [all] Error 2 ************************************************************************* I get similar output if just try to run setup.py in aux/broccoli/bindings/python Note that I didn't have any trouble in configure and it found everything it needed [with shipped pcap switch] I tried searching the mailing list and other resources but couldn't find anything about this or a similar error. I'll greatly appreciate if you could help me in this matter as I'm stuck on this for several days. Do tell me if you need anything else or a complete output for configure/make Thank you for your time :) Faisal iqbal P.S. python version 2.6.1 gcc/g++ version 4.1.2 From Tyler.Schoenke at colorado.edu Mon May 10 08:29:50 2010 From: Tyler.Schoenke at colorado.edu (Tyler T. Schoenke) Date: Mon, 10 May 2010 09:29:50 -0600 Subject: [Bro] Bro Installation Problem - Python/GCC In-Reply-To: <1273364739.3394.2.camel@ubuntu.cpsc.ucalgary.ca> References: <1273364739.3394.2.camel@ubuntu.cpsc.ucalgary.ca> Message-ID: <4BE8266E.2070004@colorado.edu> It looks like you probably need the python-devel package. I've added some dependencies to the Bro Wiki: http://www.bro-ids.org/wiki/index.php?title=Bro_OS_Dependencies&action=edit&redlink=1 -- Tyler Schoenke Network Security Analyst IT Security Office University of Colorado - Boulder On 05/08/2010 06:25 PM, Faisal Iqbal wrote: > Hi, > I've installed Bro 1.5.1 on a Ubuntu 9.04 machine and its working fine > however when I try to install the same version on RHEL 5 machine I'm > getting errors during compile. More specifically, it gives gcc errors > for broccoli_intern_wrap.c file. I have python/gcc etc on that machine > and I'm using shipped version of pcap [that is the only big difference > between two machines apart from OS I think]. Below is the output of make > > ************************************************************************* > running build > running build_py > running build_ext > building '_broccoli_intern' extension > gcc -pthread -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes > -I/home/iqbalf/bro/bro-1.5.1/aux/broccoli/src -fPIC -I../../src > -I/usr/local/include/python2.6 -c broccoli_intern_wrap.c > -o /home/iqbalf/bro/bro-1.5.1/aux/broctl/.python-build/temp.linux-i686-2.6/broccoli_intern_wrap.o > broccoli_intern_wrap.c: In function ?valToPyObj?: > broccoli_intern_wrap.c:2638: warning: pointer targets in passing > argument 1 of ?PyString_FromStringAndSize? differ in signedness > broccoli_intern_wrap.c: In function ?pyObjToVal?: > broccoli_intern_wrap.c:2724: warning: pointer targets in assignment > differ in signedness > broccoli_intern_wrap.c: In function ?event_callback?: > broccoli_intern_wrap.c:2818: warning: suggest explicit braces to avoid > ambiguous ?else? > broccoli_intern_wrap.c: In function ?_wrap_BroCtx_lock_func_set?: > broccoli_intern_wrap.c:3236: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_BroCtx_id_func_set?: > broccoli_intern_wrap.c:3288: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_create_func_set?: > broccoli_intern_wrap.c:3340: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_lock_func_set?: > broccoli_intern_wrap.c:3392: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_free_func_set?: > broccoli_intern_wrap.c:3444: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_set?: > broccoli_intern_wrap.c:4649: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_get?: > broccoli_intern_wrap.c:4672: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_set?: > broccoli_intern_wrap.c:4702: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_get?: > broccoli_intern_wrap.c:4725: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function > ?_wrap_bro_packet_pkt_link_type_set?: > broccoli_intern_wrap.c:4755: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function > ?_wrap_bro_packet_pkt_link_type_get?: > broccoli_intern_wrap.c:4778: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_set?: > broccoli_intern_wrap.c:4789: error: storage size of ?arg2? isn?t known > broccoli_intern_wrap.c:4811: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c:4814: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c:4789: warning: unused variable ?arg2? > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_get?: > broccoli_intern_wrap.c:4826: error: storage size of ?result? isn?t known > broccoli_intern_wrap.c:4837: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to > incomplete type ?struct pcap_pkthdr? > broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to > incomplete type ?struct pcap_pkthdr? > broccoli_intern_wrap.c:4826: warning: unused variable ?result? > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_set?: > broccoli_intern_wrap.c:4867: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_get?: > broccoli_intern_wrap.c:4890: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_set?: > broccoli_intern_wrap.c:4923: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c:4925: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_get?: > broccoli_intern_wrap.c:4950: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_new_bro_packet?: > broccoli_intern_wrap.c:4963: error: invalid application of ?sizeof? to > incomplete type ?struct bro_packet? > broccoli_intern_wrap.c: In function ?_wrap_bro_event_add_val?: > broccoli_intern_wrap.c:5585: warning: assignment discards qualifiers > from pointer target type > broccoli_intern_wrap.c: In function ?_wrap_bro_event_set_val?: > broccoli_intern_wrap.c:5655: warning: assignment discards qualifiers > from pointer target type > broccoli_intern_wrap.c: In function ?_wrap_bro_event_registry_add?: > broccoli_intern_wrap.c:5846: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_bro_record_add_val?: > broccoli_intern_wrap.c:6810: warning: assignment discards qualifiers > from pointer target type > broccoli_intern_wrap.c: In function ?_wrap_bro_record_set_nth_val?: > broccoli_intern_wrap.c:6996: warning: assignment discards qualifiers > from pointer target type > broccoli_intern_wrap.c: In function ?_wrap_bro_record_set_named_val?: > broccoli_intern_wrap.c:7067: warning: assignment discards qualifiers > from pointer target type > broccoli_intern_wrap.c: In function ?_wrap_bro_table_foreach?: > broccoli_intern_wrap.c:7252: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_bro_set_foreach?: > broccoli_intern_wrap.c:7450: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_bro_conn_set_packet_ctxt?: > broccoli_intern_wrap.c:7519: warning: implicit declaration of function > ?bro_conn_set_packet_ctxt? > broccoli_intern_wrap.c: In function ?_wrap_bro_conn_get_packet_ctxt?: > broccoli_intern_wrap.c:7549: warning: implicit declaration of function > ?bro_conn_get_packet_ctxt? > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_new?: > broccoli_intern_wrap.c:7590: warning: implicit declaration of function > ?bro_packet_new? > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_clone?: > broccoli_intern_wrap.c:7614: warning: implicit declaration of function > ?bro_packet_clone? > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_free?: > broccoli_intern_wrap.c:7635: warning: implicit declaration of function > ?bro_packet_free? > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_send?: > broccoli_intern_wrap.c:7666: warning: implicit declaration of function > ?bro_packet_send? > error: command 'gcc' failed with exit status 1 > make[4]: *** [pybroccoli] Error 1 > make[4]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux/broctl' > make[3]: *** [all-recursive] Error 1 > make[3]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' > make[2]: *** [all] Error 2 > make[2]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/home/iqbalf/bro/bro-1.5.1' > make: *** [all] Error 2 > ************************************************************************* > > > I get similar output if just try to run setup.py in > aux/broccoli/bindings/python > > Note that I didn't have any trouble in configure and it found everything > it needed [with shipped pcap switch] > > I tried searching the mailing list and other resources but couldn't find > anything about this or a similar error. I'll greatly appreciate if you > could help me in this matter as I'm stuck on this for several days. Do > tell me if you need anything else or a complete output for > configure/make > > Thank you for your time :) > > Faisal iqbal > > P.S. python version 2.6.1 > gcc/g++ version 4.1.2 > > > _______________________________________________ > Bro mailing list > bro at bro-ids.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro From iqbalf at ucalgary.ca Mon May 10 14:43:37 2010 From: iqbalf at ucalgary.ca (Faisal Iqbal) Date: Mon, 10 May 2010 15:43:37 -0600 Subject: [Bro] Bro Installation Problem - Python/GCC In-Reply-To: <4BE8266E.2070004@colorado.edu> References: <1273364739.3394.2.camel@ubuntu.cpsc.ucalgary.ca> <4BE8266E.2070004@colorado.edu> Message-ID: <003201caf089$d93f98d0$8bbeca70$@ca> Hi, I have double-checked and python-devel package was installed. python-tools and ruby packages were missing. However even after installing those packages, I'm still getting the exact same error during make. -Faisal -----Original Message----- From: Tyler T. Schoenke [mailto:Tyler.Schoenke at Colorado.EDU] Sent: May-10-10 9:30 AM To: faisal.iqbal at ucalgary.ca Cc: bro at ICSI.Berkeley.EDU Subject: Re: [Bro] Bro Installation Problem - Python/GCC It looks like you probably need the python-devel package. I've added some dependencies to the Bro Wiki: http://www.bro-ids.org/wiki/index.php?title=Bro_OS_Dependencies&action=edit&redlink=1 -- Tyler Schoenke Network Security Analyst IT Security Office University of Colorado - Boulder On 05/08/2010 06:25 PM, Faisal Iqbal wrote: > Hi, > I've installed Bro 1.5.1 on a Ubuntu 9.04 machine and its working fine > however when I try to install the same version on RHEL 5 machine I'm > getting errors during compile. More specifically, it gives gcc errors > for broccoli_intern_wrap.c file. I have python/gcc etc on that machine > and I'm using shipped version of pcap [that is the only big difference > between two machines apart from OS I think]. Below is the output of make > > ************************************************************************* > running build > running build_py > running build_ext > building '_broccoli_intern' extension > gcc -pthread -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes > -I/home/iqbalf/bro/bro-1.5.1/aux/broccoli/src -fPIC -I../../src > -I/usr/local/include/python2.6 -c broccoli_intern_wrap.c > -o /home/iqbalf/bro/bro-1.5.1/aux/broctl/.python-build/temp.linux-i686-2.6/broccoli_intern_wrap.o > broccoli_intern_wrap.c: In function ?valToPyObj?: > broccoli_intern_wrap.c:2638: warning: pointer targets in passing > argument 1 of ?PyString_FromStringAndSize? differ in signedness > broccoli_intern_wrap.c: In function ?pyObjToVal?: > broccoli_intern_wrap.c:2724: warning: pointer targets in assignment > differ in signedness > broccoli_intern_wrap.c: In function ?event_callback?: > broccoli_intern_wrap.c:2818: warning: suggest explicit braces to avoid > ambiguous ?else? > broccoli_intern_wrap.c: In function ?_wrap_BroCtx_lock_func_set?: > broccoli_intern_wrap.c:3236: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_BroCtx_id_func_set?: > broccoli_intern_wrap.c:3288: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_create_func_set?: > broccoli_intern_wrap.c:3340: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_lock_func_set?: > broccoli_intern_wrap.c:3392: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_free_func_set?: > broccoli_intern_wrap.c:3444: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_set?: > broccoli_intern_wrap.c:4649: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_get?: > broccoli_intern_wrap.c:4672: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_set?: > broccoli_intern_wrap.c:4702: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_get?: > broccoli_intern_wrap.c:4725: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function > ?_wrap_bro_packet_pkt_link_type_set?: > broccoli_intern_wrap.c:4755: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function > ?_wrap_bro_packet_pkt_link_type_get?: > broccoli_intern_wrap.c:4778: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_set?: > broccoli_intern_wrap.c:4789: error: storage size of ?arg2? isn?t known > broccoli_intern_wrap.c:4811: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c:4814: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c:4789: warning: unused variable ?arg2? > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_get?: > broccoli_intern_wrap.c:4826: error: storage size of ?result? isn?t known > broccoli_intern_wrap.c:4837: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to > incomplete type ?struct pcap_pkthdr? > broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to > incomplete type ?struct pcap_pkthdr? > broccoli_intern_wrap.c:4826: warning: unused variable ?result? > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_set?: > broccoli_intern_wrap.c:4867: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_get?: > broccoli_intern_wrap.c:4890: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_set?: > broccoli_intern_wrap.c:4923: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c:4925: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_get?: > broccoli_intern_wrap.c:4950: error: dereferencing pointer to incomplete > type > broccoli_intern_wrap.c: In function ?_wrap_new_bro_packet?: > broccoli_intern_wrap.c:4963: error: invalid application of ?sizeof? to > incomplete type ?struct bro_packet? > broccoli_intern_wrap.c: In function ?_wrap_bro_event_add_val?: > broccoli_intern_wrap.c:5585: warning: assignment discards qualifiers > from pointer target type > broccoli_intern_wrap.c: In function ?_wrap_bro_event_set_val?: > broccoli_intern_wrap.c:5655: warning: assignment discards qualifiers > from pointer target type > broccoli_intern_wrap.c: In function ?_wrap_bro_event_registry_add?: > broccoli_intern_wrap.c:5846: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_bro_record_add_val?: > broccoli_intern_wrap.c:6810: warning: assignment discards qualifiers > from pointer target type > broccoli_intern_wrap.c: In function ?_wrap_bro_record_set_nth_val?: > broccoli_intern_wrap.c:6996: warning: assignment discards qualifiers > from pointer target type > broccoli_intern_wrap.c: In function ?_wrap_bro_record_set_named_val?: > broccoli_intern_wrap.c:7067: warning: assignment discards qualifiers > from pointer target type > broccoli_intern_wrap.c: In function ?_wrap_bro_table_foreach?: > broccoli_intern_wrap.c:7252: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_bro_set_foreach?: > broccoli_intern_wrap.c:7450: warning: dereferencing type-punned pointer > will break strict-aliasing rules > broccoli_intern_wrap.c: In function ?_wrap_bro_conn_set_packet_ctxt?: > broccoli_intern_wrap.c:7519: warning: implicit declaration of function > ?bro_conn_set_packet_ctxt? > broccoli_intern_wrap.c: In function ?_wrap_bro_conn_get_packet_ctxt?: > broccoli_intern_wrap.c:7549: warning: implicit declaration of function > ?bro_conn_get_packet_ctxt? > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_new?: > broccoli_intern_wrap.c:7590: warning: implicit declaration of function > ?bro_packet_new? > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_clone?: > broccoli_intern_wrap.c:7614: warning: implicit declaration of function > ?bro_packet_clone? > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_free?: > broccoli_intern_wrap.c:7635: warning: implicit declaration of function > ?bro_packet_free? > broccoli_intern_wrap.c: In function ?_wrap_bro_packet_send?: > broccoli_intern_wrap.c:7666: warning: implicit declaration of function > ?bro_packet_send? > error: command 'gcc' failed with exit status 1 > make[4]: *** [pybroccoli] Error 1 > make[4]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux/broctl' > make[3]: *** [all-recursive] Error 1 > make[3]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' > make[2]: *** [all] Error 2 > make[2]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/home/iqbalf/bro/bro-1.5.1' > make: *** [all] Error 2 > ************************************************************************* > > > I get similar output if just try to run setup.py in > aux/broccoli/bindings/python > > Note that I didn't have any trouble in configure and it found everything > it needed [with shipped pcap switch] > > I tried searching the mailing list and other resources but couldn't find > anything about this or a similar error. I'll greatly appreciate if you > could help me in this matter as I'm stuck on this for several days. Do > tell me if you need anything else or a complete output for > configure/make > > Thank you for your time :) > > Faisal iqbal > > P.S. python version 2.6.1 > gcc/g++ version 4.1.2 > > > _______________________________________________ > Bro mailing list > bro at bro-ids.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro From Tyler.Schoenke at colorado.edu Mon May 10 15:08:46 2010 From: Tyler.Schoenke at colorado.edu (Tyler T. Schoenke) Date: Mon, 10 May 2010 16:08:46 -0600 Subject: [Bro] Bro Installation Problem - Python/GCC In-Reply-To: <003201caf089$d93f98d0$8bbeca70$@ca> References: <1273364739.3394.2.camel@ubuntu.cpsc.ucalgary.ca> <4BE8266E.2070004@colorado.edu> <003201caf089$d93f98d0$8bbeca70$@ca> Message-ID: <4BE883EE.4090705@colorado.edu> See the thread ending with the following link. That sounds like what you are seeing. http://mailman.icsi.berkeley.edu/pipermail/bro/2008-July/003583.html -- Tyler Schoenke Network Security Analyst IT Security Office University of Colorado - Boulder On 05/10/2010 03:43 PM, Faisal Iqbal wrote: > Hi, > I have double-checked and python-devel package was installed. python-tools and ruby packages were missing. However even after installing those packages, I'm still getting the exact same error during make. > > -Faisal > > -----Original Message----- > From: Tyler T. Schoenke [mailto:Tyler.Schoenke at Colorado.EDU] > Sent: May-10-10 9:30 AM > To: faisal.iqbal at ucalgary.ca > Cc: bro at ICSI.Berkeley.EDU > Subject: Re: [Bro] Bro Installation Problem - Python/GCC > > It looks like you probably need the python-devel package. I've added > some dependencies to the Bro Wiki: > > http://www.bro-ids.org/wiki/index.php?title=Bro_OS_Dependencies&action=edit&redlink=1 > > -- > Tyler Schoenke > Network Security Analyst > IT Security Office > University of Colorado - Boulder > > On 05/08/2010 06:25 PM, Faisal Iqbal wrote: >> Hi, >> I've installed Bro 1.5.1 on a Ubuntu 9.04 machine and its working fine >> however when I try to install the same version on RHEL 5 machine I'm >> getting errors during compile. More specifically, it gives gcc errors >> for broccoli_intern_wrap.c file. I have python/gcc etc on that machine >> and I'm using shipped version of pcap [that is the only big difference >> between two machines apart from OS I think]. Below is the output of make >> >> ************************************************************************* >> running build >> running build_py >> running build_ext >> building '_broccoli_intern' extension >> gcc -pthread -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes >> -I/home/iqbalf/bro/bro-1.5.1/aux/broccoli/src -fPIC -I../../src >> -I/usr/local/include/python2.6 -c broccoli_intern_wrap.c >> -o /home/iqbalf/bro/bro-1.5.1/aux/broctl/.python-build/temp.linux-i686-2.6/broccoli_intern_wrap.o >> broccoli_intern_wrap.c: In function ?valToPyObj?: >> broccoli_intern_wrap.c:2638: warning: pointer targets in passing >> argument 1 of ?PyString_FromStringAndSize? differ in signedness >> broccoli_intern_wrap.c: In function ?pyObjToVal?: >> broccoli_intern_wrap.c:2724: warning: pointer targets in assignment >> differ in signedness >> broccoli_intern_wrap.c: In function ?event_callback?: >> broccoli_intern_wrap.c:2818: warning: suggest explicit braces to avoid >> ambiguous ?else? >> broccoli_intern_wrap.c: In function ?_wrap_BroCtx_lock_func_set?: >> broccoli_intern_wrap.c:3236: warning: dereferencing type-punned pointer >> will break strict-aliasing rules >> broccoli_intern_wrap.c: In function ?_wrap_BroCtx_id_func_set?: >> broccoli_intern_wrap.c:3288: warning: dereferencing type-punned pointer >> will break strict-aliasing rules >> broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_create_func_set?: >> broccoli_intern_wrap.c:3340: warning: dereferencing type-punned pointer >> will break strict-aliasing rules >> broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_lock_func_set?: >> broccoli_intern_wrap.c:3392: warning: dereferencing type-punned pointer >> will break strict-aliasing rules >> broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_free_func_set?: >> broccoli_intern_wrap.c:3444: warning: dereferencing type-punned pointer >> will break strict-aliasing rules >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_set?: >> broccoli_intern_wrap.c:4649: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_get?: >> broccoli_intern_wrap.c:4672: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_set?: >> broccoli_intern_wrap.c:4702: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_get?: >> broccoli_intern_wrap.c:4725: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c: In function >> ?_wrap_bro_packet_pkt_link_type_set?: >> broccoli_intern_wrap.c:4755: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c: In function >> ?_wrap_bro_packet_pkt_link_type_get?: >> broccoli_intern_wrap.c:4778: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_set?: >> broccoli_intern_wrap.c:4789: error: storage size of ?arg2? isn?t known >> broccoli_intern_wrap.c:4811: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c:4814: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c:4789: warning: unused variable ?arg2? >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_get?: >> broccoli_intern_wrap.c:4826: error: storage size of ?result? isn?t known >> broccoli_intern_wrap.c:4837: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to >> incomplete type ?struct pcap_pkthdr? >> broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to >> incomplete type ?struct pcap_pkthdr? >> broccoli_intern_wrap.c:4826: warning: unused variable ?result? >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_set?: >> broccoli_intern_wrap.c:4867: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_get?: >> broccoli_intern_wrap.c:4890: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_set?: >> broccoli_intern_wrap.c:4923: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c:4925: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_get?: >> broccoli_intern_wrap.c:4950: error: dereferencing pointer to incomplete >> type >> broccoli_intern_wrap.c: In function ?_wrap_new_bro_packet?: >> broccoli_intern_wrap.c:4963: error: invalid application of ?sizeof? to >> incomplete type ?struct bro_packet? >> broccoli_intern_wrap.c: In function ?_wrap_bro_event_add_val?: >> broccoli_intern_wrap.c:5585: warning: assignment discards qualifiers >> from pointer target type >> broccoli_intern_wrap.c: In function ?_wrap_bro_event_set_val?: >> broccoli_intern_wrap.c:5655: warning: assignment discards qualifiers >> from pointer target type >> broccoli_intern_wrap.c: In function ?_wrap_bro_event_registry_add?: >> broccoli_intern_wrap.c:5846: warning: dereferencing type-punned pointer >> will break strict-aliasing rules >> broccoli_intern_wrap.c: In function ?_wrap_bro_record_add_val?: >> broccoli_intern_wrap.c:6810: warning: assignment discards qualifiers >> from pointer target type >> broccoli_intern_wrap.c: In function ?_wrap_bro_record_set_nth_val?: >> broccoli_intern_wrap.c:6996: warning: assignment discards qualifiers >> from pointer target type >> broccoli_intern_wrap.c: In function ?_wrap_bro_record_set_named_val?: >> broccoli_intern_wrap.c:7067: warning: assignment discards qualifiers >> from pointer target type >> broccoli_intern_wrap.c: In function ?_wrap_bro_table_foreach?: >> broccoli_intern_wrap.c:7252: warning: dereferencing type-punned pointer >> will break strict-aliasing rules >> broccoli_intern_wrap.c: In function ?_wrap_bro_set_foreach?: >> broccoli_intern_wrap.c:7450: warning: dereferencing type-punned pointer >> will break strict-aliasing rules >> broccoli_intern_wrap.c: In function ?_wrap_bro_conn_set_packet_ctxt?: >> broccoli_intern_wrap.c:7519: warning: implicit declaration of function >> ?bro_conn_set_packet_ctxt? >> broccoli_intern_wrap.c: In function ?_wrap_bro_conn_get_packet_ctxt?: >> broccoli_intern_wrap.c:7549: warning: implicit declaration of function >> ?bro_conn_get_packet_ctxt? >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_new?: >> broccoli_intern_wrap.c:7590: warning: implicit declaration of function >> ?bro_packet_new? >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_clone?: >> broccoli_intern_wrap.c:7614: warning: implicit declaration of function >> ?bro_packet_clone? >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_free?: >> broccoli_intern_wrap.c:7635: warning: implicit declaration of function >> ?bro_packet_free? >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_send?: >> broccoli_intern_wrap.c:7666: warning: implicit declaration of function >> ?bro_packet_send? >> error: command 'gcc' failed with exit status 1 >> make[4]: *** [pybroccoli] Error 1 >> make[4]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux/broctl' >> make[3]: *** [all-recursive] Error 1 >> make[3]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' >> make[2]: *** [all] Error 2 >> make[2]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' >> make[1]: *** [all-recursive] Error 1 >> make[1]: Leaving directory `/home/iqbalf/bro/bro-1.5.1' >> make: *** [all] Error 2 >> ************************************************************************* >> >> >> I get similar output if just try to run setup.py in >> aux/broccoli/bindings/python >> >> Note that I didn't have any trouble in configure and it found everything >> it needed [with shipped pcap switch] >> >> I tried searching the mailing list and other resources but couldn't find >> anything about this or a similar error. I'll greatly appreciate if you >> could help me in this matter as I'm stuck on this for several days. Do >> tell me if you need anything else or a complete output for >> configure/make >> >> Thank you for your time :) >> >> Faisal iqbal >> >> P.S. python version 2.6.1 >> gcc/g++ version 4.1.2 >> >> >> _______________________________________________ >> Bro mailing list >> bro at bro-ids.org >> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro > > > From iqbalf at ucalgary.ca Tue May 11 15:07:32 2010 From: iqbalf at ucalgary.ca (Faisal Iqbal) Date: Tue, 11 May 2010 16:07:32 -0600 Subject: [Bro] Bro Installation Problem - Python/GCC In-Reply-To: <4BE883EE.4090705@colorado.edu> References: <1273364739.3394.2.camel@ubuntu.cpsc.ucalgary.ca> <4BE8266E.2070004@colorado.edu> <003201caf089$d93f98d0$8bbeca70$@ca> <4BE883EE.4090705@colorado.edu> Message-ID: <1273615652.3373.3.camel@ubuntu.cpsc.ucalgary.ca> Hi, I tried bro 1.4 and it installed smoothly without any hassle. I guess I can start my work now :) Thanks for the support! And just for someone novice like me and who is using Bro on some previously captured traces, you don't need to be root. Just perform configure/make/make install steps, and then set the environment variables as per user manual and you're good to go :) -Faisal On Mon, 2010-05-10 at 16:08 -0600, Tyler T. Schoenke wrote: > See the thread ending with the following link. That sounds like what > you are seeing. > > http://mailman.icsi.berkeley.edu/pipermail/bro/2008-July/003583.html > > -- > Tyler Schoenke > Network Security Analyst > IT Security Office > University of Colorado - Boulder > > On 05/10/2010 03:43 PM, Faisal Iqbal wrote: > > Hi, > > I have double-checked and python-devel package was installed. python-tools and ruby packages were missing. However even after installing those packages, I'm still getting the exact same error during make. > > > > -Faisal > > > > -----Original Message----- > > From: Tyler T. Schoenke [mailto:Tyler.Schoenke at Colorado.EDU] > > Sent: May-10-10 9:30 AM > > To: faisal.iqbal at ucalgary.ca > > Cc: bro at ICSI.Berkeley.EDU > > Subject: Re: [Bro] Bro Installation Problem - Python/GCC > > > > It looks like you probably need the python-devel package. I've added > > some dependencies to the Bro Wiki: > > > > http://www.bro-ids.org/wiki/index.php?title=Bro_OS_Dependencies&action=edit&redlink=1 > > > > -- > > Tyler Schoenke > > Network Security Analyst > > IT Security Office > > University of Colorado - Boulder > > > > On 05/08/2010 06:25 PM, Faisal Iqbal wrote: > >> Hi, > >> I've installed Bro 1.5.1 on a Ubuntu 9.04 machine and its working fine > >> however when I try to install the same version on RHEL 5 machine I'm > >> getting errors during compile. More specifically, it gives gcc errors > >> for broccoli_intern_wrap.c file. I have python/gcc etc on that machine > >> and I'm using shipped version of pcap [that is the only big difference > >> between two machines apart from OS I think]. Below is the output of make > >> > >> ************************************************************************* > >> running build > >> running build_py > >> running build_ext > >> building '_broccoli_intern' extension > >> gcc -pthread -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes > >> -I/home/iqbalf/bro/bro-1.5.1/aux/broccoli/src -fPIC -I../../src > >> -I/usr/local/include/python2.6 -c broccoli_intern_wrap.c > >> -o /home/iqbalf/bro/bro-1.5.1/aux/broctl/.python-build/temp.linux-i686-2.6/broccoli_intern_wrap.o > >> broccoli_intern_wrap.c: In function ?valToPyObj?: > >> broccoli_intern_wrap.c:2638: warning: pointer targets in passing > >> argument 1 of ?PyString_FromStringAndSize? differ in signedness > >> broccoli_intern_wrap.c: In function ?pyObjToVal?: > >> broccoli_intern_wrap.c:2724: warning: pointer targets in assignment > >> differ in signedness > >> broccoli_intern_wrap.c: In function ?event_callback?: > >> broccoli_intern_wrap.c:2818: warning: suggest explicit braces to avoid > >> ambiguous ?else? > >> broccoli_intern_wrap.c: In function ?_wrap_BroCtx_lock_func_set?: > >> broccoli_intern_wrap.c:3236: warning: dereferencing type-punned pointer > >> will break strict-aliasing rules > >> broccoli_intern_wrap.c: In function ?_wrap_BroCtx_id_func_set?: > >> broccoli_intern_wrap.c:3288: warning: dereferencing type-punned pointer > >> will break strict-aliasing rules > >> broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_create_func_set?: > >> broccoli_intern_wrap.c:3340: warning: dereferencing type-punned pointer > >> will break strict-aliasing rules > >> broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_lock_func_set?: > >> broccoli_intern_wrap.c:3392: warning: dereferencing type-punned pointer > >> will break strict-aliasing rules > >> broccoli_intern_wrap.c: In function ?_wrap_BroCtx_dl_free_func_set?: > >> broccoli_intern_wrap.c:3444: warning: dereferencing type-punned pointer > >> will break strict-aliasing rules > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_set?: > >> broccoli_intern_wrap.c:4649: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_time_get?: > >> broccoli_intern_wrap.c:4672: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_set?: > >> broccoli_intern_wrap.c:4702: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_hdr_size_get?: > >> broccoli_intern_wrap.c:4725: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c: In function > >> ?_wrap_bro_packet_pkt_link_type_set?: > >> broccoli_intern_wrap.c:4755: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c: In function > >> ?_wrap_bro_packet_pkt_link_type_get?: > >> broccoli_intern_wrap.c:4778: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_set?: > >> broccoli_intern_wrap.c:4789: error: storage size of ?arg2? isn?t known > >> broccoli_intern_wrap.c:4811: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c:4814: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c:4789: warning: unused variable ?arg2? > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_pcap_hdr_get?: > >> broccoli_intern_wrap.c:4826: error: storage size of ?result? isn?t known > >> broccoli_intern_wrap.c:4837: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to > >> incomplete type ?struct pcap_pkthdr? > >> broccoli_intern_wrap.c:4838: error: invalid application of ?sizeof? to > >> incomplete type ?struct pcap_pkthdr? > >> broccoli_intern_wrap.c:4826: warning: unused variable ?result? > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_set?: > >> broccoli_intern_wrap.c:4867: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_data_get?: > >> broccoli_intern_wrap.c:4890: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_set?: > >> broccoli_intern_wrap.c:4923: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c:4925: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_pkt_tag_get?: > >> broccoli_intern_wrap.c:4950: error: dereferencing pointer to incomplete > >> type > >> broccoli_intern_wrap.c: In function ?_wrap_new_bro_packet?: > >> broccoli_intern_wrap.c:4963: error: invalid application of ?sizeof? to > >> incomplete type ?struct bro_packet? > >> broccoli_intern_wrap.c: In function ?_wrap_bro_event_add_val?: > >> broccoli_intern_wrap.c:5585: warning: assignment discards qualifiers > >> from pointer target type > >> broccoli_intern_wrap.c: In function ?_wrap_bro_event_set_val?: > >> broccoli_intern_wrap.c:5655: warning: assignment discards qualifiers > >> from pointer target type > >> broccoli_intern_wrap.c: In function ?_wrap_bro_event_registry_add?: > >> broccoli_intern_wrap.c:5846: warning: dereferencing type-punned pointer > >> will break strict-aliasing rules > >> broccoli_intern_wrap.c: In function ?_wrap_bro_record_add_val?: > >> broccoli_intern_wrap.c:6810: warning: assignment discards qualifiers > >> from pointer target type > >> broccoli_intern_wrap.c: In function ?_wrap_bro_record_set_nth_val?: > >> broccoli_intern_wrap.c:6996: warning: assignment discards qualifiers > >> from pointer target type > >> broccoli_intern_wrap.c: In function ?_wrap_bro_record_set_named_val?: > >> broccoli_intern_wrap.c:7067: warning: assignment discards qualifiers > >> from pointer target type > >> broccoli_intern_wrap.c: In function ?_wrap_bro_table_foreach?: > >> broccoli_intern_wrap.c:7252: warning: dereferencing type-punned pointer > >> will break strict-aliasing rules > >> broccoli_intern_wrap.c: In function ?_wrap_bro_set_foreach?: > >> broccoli_intern_wrap.c:7450: warning: dereferencing type-punned pointer > >> will break strict-aliasing rules > >> broccoli_intern_wrap.c: In function ?_wrap_bro_conn_set_packet_ctxt?: > >> broccoli_intern_wrap.c:7519: warning: implicit declaration of function > >> ?bro_conn_set_packet_ctxt? > >> broccoli_intern_wrap.c: In function ?_wrap_bro_conn_get_packet_ctxt?: > >> broccoli_intern_wrap.c:7549: warning: implicit declaration of function > >> ?bro_conn_get_packet_ctxt? > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_new?: > >> broccoli_intern_wrap.c:7590: warning: implicit declaration of function > >> ?bro_packet_new? > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_clone?: > >> broccoli_intern_wrap.c:7614: warning: implicit declaration of function > >> ?bro_packet_clone? > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_free?: > >> broccoli_intern_wrap.c:7635: warning: implicit declaration of function > >> ?bro_packet_free? > >> broccoli_intern_wrap.c: In function ?_wrap_bro_packet_send?: > >> broccoli_intern_wrap.c:7666: warning: implicit declaration of function > >> ?bro_packet_send? > >> error: command 'gcc' failed with exit status 1 > >> make[4]: *** [pybroccoli] Error 1 > >> make[4]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux/broctl' > >> make[3]: *** [all-recursive] Error 1 > >> make[3]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' > >> make[2]: *** [all] Error 2 > >> make[2]: Leaving directory `/home/iqbalf/bro/bro-1.5.1/aux' > >> make[1]: *** [all-recursive] Error 1 > >> make[1]: Leaving directory `/home/iqbalf/bro/bro-1.5.1' > >> make: *** [all] Error 2 > >> ************************************************************************* > >> > >> > >> I get similar output if just try to run setup.py in > >> aux/broccoli/bindings/python > >> > >> Note that I didn't have any trouble in configure and it found everything > >> it needed [with shipped pcap switch] > >> > >> I tried searching the mailing list and other resources but couldn't find > >> anything about this or a similar error. I'll greatly appreciate if you > >> could help me in this matter as I'm stuck on this for several days. Do > >> tell me if you need anything else or a complete output for > >> configure/make > >> > >> Thank you for your time :) > >> > >> Faisal iqbal > >> > >> P.S. python version 2.6.1 > >> gcc/g++ version 4.1.2 > >> > >> > >> _______________________________________________ > >> Bro mailing list > >> bro at bro-ids.org > >> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro > > > > > > > > From squald at msn.com Wed May 12 12:32:48 2010 From: squald at msn.com (squald squald) Date: Wed, 12 May 2010 13:32:48 -0600 Subject: [Bro] problem installing bro ids Message-ID: Hi, I'm an university student that is doing a research project on bro, however I'm having some difficulties installing bro by using cygwin. So, I'm wondering if it is possible to install bro onto a windows computer, if yes, please explain the instructions; if no, well I just wanted clarification so I don't continually try. Also if it is possible to install using cygwin, the main problem i have is the use of the pcap library and how to use it correctly since windows uses winpcap. I hope you can clarify some of these issues I'm having. thanks, Kenneth _________________________________________________________________ 30 days of prizes: Hotmail makes your day easier! Enter Now. http://go.microsoft.com/?linkid=9729710 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100512/b161177c/attachment.html From Tyler.Schoenke at colorado.edu Wed May 12 13:27:18 2010 From: Tyler.Schoenke at colorado.edu (Tyler T. Schoenke) Date: Wed, 12 May 2010 14:27:18 -0600 Subject: [Bro] problem installing bro ids In-Reply-To: References: Message-ID: <4BEB0F26.1060105@colorado.edu> I'd suggest using a virtual machine under Windows. I've run Bro on FreeBSD 7.1 in VMplayer. -- Tyler Schoenke Network Security Analyst IT Security Office University of Colorado - Boulder On 05/12/2010 01:32 PM, squald squald wrote: > Hi, > I'm an university student that is doing a research project on bro, however I'm having some difficulties installing bro by using cygwin. So, I'm wondering if it is possible to install bro onto a windows computer, if yes, please explain the instructions; if no, well I just wanted clarification so I don't continually try. > > Also if it is possible to install using cygwin, the main problem i have is the use of the pcap library and how to use it correctly since windows uses winpcap. > > I hope you can clarify some of these issues I'm having. > thanks, > Kenneth > > ________________________________ > 30 days of prizes: Hotmail makes your day easier! Enter now > From geek00l at gmail.com Sat May 15 19:33:55 2010 From: geek00l at gmail.com (CS Lee) Date: Sun, 16 May 2010 10:33:55 +0800 Subject: [Bro] Bro 1.5 Message-ID: hi guys, Is there an easy way to rotate bro log(in $BROHOME/spool/bro) to 'per day log' after 24 hours and only archive it in gzip format after 48 hours? Thanks -- Best Regards, CS Lee http://geek00l.blogspot.com http://defcraft.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100516/161913b8/attachment.html From robin at icir.org Wed May 19 21:06:02 2010 From: robin at icir.org (Robin Sommer) Date: Wed, 19 May 2010 21:06:02 -0700 Subject: [Bro] Bro 1.5 In-Reply-To: References: Message-ID: <20100520040602.GC71309@icir.org> On Sun, May 16, 2010 at 10:33 +0800, you wrote: > Is there an easy way to rotate bro log(in $BROHOME/spool/bro) to 'per day > log' after 24 hours and only archive it in gzip format after 48 hours? Not out of the box, but the rotation is done via the script defined by RotateLogs::default_postprocessor. Per default, that is set to "/share/broctl/scripts/archive-log" so you could take that one as template to write your own. Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From geek00l at gmail.com Fri May 21 18:19:16 2010 From: geek00l at gmail.com (CS Lee) Date: Sat, 22 May 2010 09:19:16 +0800 Subject: [Bro] Bro 1.5.1 compile error on FreeBSD AMD64 Message-ID: hi guys, When I try to compile bro 1.5.1 on FreeBSD AMD64 platform, I hit this error - building '_broccoli_intern' extension cc -shared -pthread -L/usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs -I/usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src /usr/home/cslee/bro-source/bro-1.5.1/aux/broctl/.python-build/temp.freebsd-8.0-RELEASE-amd64-2.6/broccoli_intern_wrap.o -L../../src/.libs -lbroccoli -o /usr/home/cslee/bro-source/bro-1.5.1/aux/broctl/.python-build/lib.freebsd-8.0-RELEASE-amd64-2.6/_broccoli_intern.so /usr/bin/ld: /usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs/libbroccoli.a(bro.o): relocation R_X86_64_32 can not be used when making a shared object; recompile with -fPIC /usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs/libbroccoli.a: could not read symbols: Bad value error: command 'cc' failed with exit status 1 *** Error code 1 Anyway thanks to robin for pointed stuffs on bro log archive stuffs. -- Best Regards, CS Lee http://geek00l.blogspot.com http://defcraft.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100522/50037a89/attachment.html From kevlo at kevlo.org Sun May 23 02:43:23 2010 From: kevlo at kevlo.org (Kevin Lo) Date: Sun, 23 May 2010 17:43:23 +0800 Subject: [Bro] Bro 1.5.1 compile error on FreeBSD AMD64 In-Reply-To: References: Message-ID: <1274607803.1993.1.camel@nsl> CS Lee wrote: > hi guys, > > When I try to compile bro 1.5.1 on FreeBSD AMD64 platform, I hit this > error - > > building '_broccoli_intern' extension > cc -shared -pthread > -L/usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs > -I/usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src /usr/home/cslee/bro-source/bro-1.5.1/aux/broctl/.python-build/temp.freebsd-8.0-RELEASE-amd64-2.6/broccoli_intern_wrap.o -L../../src/.libs -lbroccoli -o /usr/home/cslee/bro-source/bro-1.5.1/aux/broctl/.python-build/lib.freebsd-8.0-RELEASE-amd64-2.6/_broccoli_intern.so > /usr/bin/ld: /usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs/libbroccoli.a(bro.o): relocation R_X86_64_32 can not be used when making a shared object; recompile with -fPIC > /usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs/libbroccoli.a: could not read symbols: Bad value > error: command 'cc' failed with exit status 1 > *** Error code 1 > > Anyway thanks to robin for pointed stuffs on bro log archive stuffs. Could you try attached patch? Thanks! > > -- > Best Regards, > > CS Lee > > http://geek00l.blogspot.com > http://defcraft.net Kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: patch-aux_broctl_Makefile_in Type: text/x-patch Size: 482 bytes Desc: not available Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100523/1a23e808/attachment.bin From geek00l at gmail.com Sun May 23 08:46:35 2010 From: geek00l at gmail.com (CS Lee) Date: Sun, 23 May 2010 23:46:35 +0800 Subject: [Bro] Bro 1.5.1 compile error on FreeBSD AMD64 In-Reply-To: <1274607803.1993.1.camel@nsl> References: <1274607803.1993.1.camel@nsl> Message-ID: hi Kevin, After patch is applied, same error popped up broccoli_intern_wrap.c: In function '_wrap_bro_event_add_val': broccoli_intern_wrap.c:5585: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function '_wrap_bro_event_set_val': broccoli_intern_wrap.c:5655: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function '_wrap_bro_record_add_val': broccoli_intern_wrap.c:6810: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function '_wrap_bro_record_set_nth_val': broccoli_intern_wrap.c:6996: warning: assignment discards qualifiers from pointer target type broccoli_intern_wrap.c: In function '_wrap_bro_record_set_named_val': broccoli_intern_wrap.c:7067: warning: assignment discards qualifiers from pointer target type cc -shared -pthread -L/usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs -I/usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src /usr/home/cslee/bro-source/bro-1.5.1/aux/broctl/.python-build/temp.freebsd-8.0-RELEASE-amd64-2.6/broccoli_intern_wrap.o -L../../src/.libs -lbroccoli -o /usr/home/cslee/bro-source/bro-1.5.1/aux/broctl/.python-build/lib.freebsd-8.0-RELEASE-amd64-2.6/_broccoli_intern.so /usr/bin/ld: /usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs/libbroccoli.a(bro.o): relocation R_X86_64_32 can not be used when making a shared object; recompile with -fPIC /usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs/libbroccoli.a: could not read symbols: Bad value error: command 'cc' failed with exit status 1 *** Error code 1 Stop in /usr/home/cslee/bro-source/bro-1.5.1/aux/broctl. *** Error code 1 Stop in /usr/home/cslee/bro-source/bro-1.5.1/aux. *** Error code 1 Stop in /usr/home/cslee/bro-source/bro-1.5.1/aux. *** Error code 1 Stop in /usr/home/cslee/bro-source/bro-1.5.1. *** Error code 1 Stop in /usr/home/cslee/bro-source/bro-1.5.1. The patch just make it compile with -fPIC flag and and it doesn't work. Thanks On Sun, May 23, 2010 at 5:43 PM, Kevin Lo wrote: > CS Lee wrote: > > hi guys, > > > > When I try to compile bro 1.5.1 on FreeBSD AMD64 platform, I hit this > > error - > > > > building '_broccoli_intern' extension > > cc -shared -pthread > > -L/usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs > > -I/usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src > /usr/home/cslee/bro-source/bro-1.5.1/aux/broctl/.python-build/temp.freebsd-8.0-RELEASE-amd64-2.6/broccoli_intern_wrap.o > -L../../src/.libs -lbroccoli -o > /usr/home/cslee/bro-source/bro-1.5.1/aux/broctl/.python-build/lib.freebsd-8.0-RELEASE-amd64-2.6/_broccoli_intern.so > > /usr/bin/ld: > /usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs/libbroccoli.a(bro.o): > relocation R_X86_64_32 can not be used when making a shared object; > recompile with -fPIC > > > /usr/home/cslee/bro-source/bro-1.5.1/aux/broccoli/src/.libs/libbroccoli.a: > could not read symbols: Bad value > > error: command 'cc' failed with exit status 1 > > *** Error code 1 > > > > Anyway thanks to robin for pointed stuffs on bro log archive stuffs. > > Could you try attached patch? Thanks! > > > > -- > > Best Regards, > > > > CS Lee > > > > http://geek00l.blogspot.com > > http://defcraft.net > > Kevin > -- Best Regards, CS Lee http://geek00l.blogspot.com http://defcraft.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100523/5eea26d2/attachment.html From tianxin at mail.ustc.edu.cn Sun May 30 00:34:26 2010 From: tianxin at mail.ustc.edu.cn (tianxin at mail.ustc.edu.cn) Date: Sun, 30 May 2010 15:34:26 +0800 (CST) Subject: [Bro] Questions on regular expression syntax in BRO system Message-ID: <5828633.1525221275204866215.JavaMail.coremail@mailweb> Hello: I am from a research group interested in NIDS, our group has developed several ways to improve regex engine performance and decides to do experiments based on real open-source NIDS system. However, it takes too much time to read bro code and find what we need, so here we need your help . We will appreciate if anyone can answer our questions. The Question: 1 We know that bro uses regular expression, but we didn't find anything about the syntax of the regular expression applied. We want to know where to obtain related information. (As far as we know ,the snort system uses pcre regex engine whose syntax is perl compatible, how about bro? ) 2 Does bro implement a regex engine itself? Or does it use some regex engine library? If it implements an engine, then which part of code is it? If it uses a library, then could you tell me what library it uses? From tianxin at mail.ustc.edu.cn Sun May 30 00:46:35 2010 From: tianxin at mail.ustc.edu.cn (tianxin at mail.ustc.edu.cn) Date: Sun, 30 May 2010 15:46:35 +0800 (CST) Subject: [Bro] Questions on regular expression syntax in BRO system Message-ID: <15835341.1525861275205595388.JavaMail.coremail@mailweb> Hello: I am from a research group interested in NIDS, our group has developed several ways to improve regex engine performance and decides to do experiments based on real open-source NIDS system. However, it takes too much time to read bro code and find what we need, so here we need your help . We will appreciate if anyone can answer our questions. The Question: 1 We know that bro uses regular expression, but we didn't find anything about the syntax of the regular expression applied. We want to know where to obtain related information. (As far as we know ,the snort system uses pcre regex engine whose syntax is perl compatible, how about bro? ) 2 Does bro implement a regex engine itself? Or does it use some regex engine library? If it implements an engine, then which part of code is it? If it uses a library, then could you tell me what library it uses? From geek00l at gmail.com Sun May 30 12:22:56 2010 From: geek00l at gmail.com (CS Lee) Date: Mon, 31 May 2010 03:22:56 +0800 Subject: [Bro] regex Message-ID: hi tianxin, Bro uses flex regex - http://flex.sourceforge.net/manual/Patterns.html#Patterns By the way take a good read here - http://blog.icir.org/2008/06/bro-signature-engine.html Cheers! -- Best Regards, CS Lee http://geek00l.blogspot.com http://defcraft.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100531/e1cae145/attachment.html From lothar.braun at googlemail.com Mon May 31 04:45:04 2010 From: lothar.braun at googlemail.com (Lothar Braun) Date: Mon, 31 May 2010 13:45:04 +0200 Subject: [Bro] Segmentation fault with dns-anonymizer Message-ID: Hi, I'm trying to anonymize a DNS trace while running bro 1.5.1 and get a segmentation fault while running bro -r trace.pcap dns-anonymizer.bro -w output.pcap The segmentation fault results in this back trace: #0 0x000000000064c474 in __ns_name_pack () #1 0x000000000064cd32 in __ns_name_compress () #2 0x00000000005d5ae8 in DNS_Rewriter::DnsCopyQuery (this=0x2830fb0, query=0x2834c40, qtype=6, qclass=1) at DNS_Rewriter.cc:100 #3 0x000000000045e713 in bro_rewrite_dns_reply_question (frame=0x2825f20, BiF_ARGS=0x2832440) at dns-rw.bif:23 #4 0x00000000004daaa7 in BuiltinFunc::Call (this=0x22c0050, args=0x2832440, parent=0x2825f20) at Func.cc:451 #5 0x00000000004a5081 in CallExpr::Eval (this=0x276e6d0, f=0x2825f20) at Expr.cc:4629 #6 0x000000000058618f in ExprStmt::Exec (this=0x276e770, f=0x2825f20, flow=@0x7fff72d90aa4) at Stmt.cc:397 #7 0x000000000058723a in StmtList::Exec (this=0x276dba0, f=0x2825f20, flow=@0x7fff72d90aa4) at Stmt.cc:1432 #8 0x00000000004e1ea0 in BroFunc::Call (this=0x2645ee0, args=0x282fec0, parent=0x0) at Func.cc:308 #9 0x0000000000485a0d in EventHandler::Call (this=0x2123a40, vl=0x282fec0, no_remote=false) at EventHandler.cc:67 #10 0x000000000040c835 in Event::Dispatch (this=0x2833810, no_remote=false) at Event.h:43 #11 0x0000000000485439 in EventMgr::Dispatch (this=0x95b760) at Event.cc:107 #12 0x00000000004854a6 in EventMgr::Drain (this=0x95b760) at Event.cc:119 #13 0x000000000051aa68 in net_packet_dispatch (t=1275291343.0222969, hdr=0x22c1fe0, pkt=0x276e812 "", hdr_size=14, src_ps=0x22c1fa0, pkt_elem=0x0) at Net.cc:436 #14 0x000000000051acb5 in net_packet_arrival (t=1275291343.0222969, hdr=0x22c1fe0, pkt=0x276e812 "", hdr_size=14, src_ps=0x22c1fa0) at Net.cc:498 #15 0x000000000052e198 in PktSrc::Process (this=0x22c1fa0) at PktSrc.cc:199 #16 0x000000000051adf1 in net_run () at Net.cc:528 #17 0x000000000040a4df in main (argc=6, argv=0x7fff72d915c8) at main.cc:999 The crash happens within dn_comp in len = dn_comp(dname, pkt + pkt_size, DNS_PKT_SIZE - pkt_size, dn_ptrs, last_dn_ptr); at some point within the trace. This does not happen on the first DNS packet in the trace, but somewhere in the middle. Hence, there where successful calls to DNS_Rewriter::DnsCopyQuery() before the segmentation fault. I tried to debug the issue and found that the crash is probably due to uninitialized variables dn_ptrs and last_dn_ptr. Digging deeper into the problem, I found that the DNS_Rewriter object (this = 0x2830fb0) has never been initialized (the constructor of that object has never been called). Is this a known problem? I could not find any issue at the bug tracker that seems to be related. Can someone give me a hint on how to further debug the problem? Best regards, Lothar