[Bro] Using binpac standalone

giralt giralt at reservoir.com
Fri Aug 5 02:15:13 PDT 2011 

What version of Bro are you running? the wiki is for 1.4, so not sure if
that may affect if you are using a newer version.

you can place the .pac file anywhere you want, for instance, in a pac
folder.  Then from that folder, you can call binpac and the output files
.cc / .h will be placed in the same folder by default.

For binpac to see binpac-lib.pac, you can use the -I option (binpac --help)

Looks like you may also need to patch the file binpac_bytestring.h if
you want to run the example.  I am attaching a patch.

On 08/04/2011 03:18 PM, Christoph Möbius wrote:
> Hi all,
> 
> I want to use binpac as a standalone parser generator. My use case is:
> -write a PDU description
> -feed it to a standalone binpac
> -get the parser files for the PDU
> -use that files somewhere else in order to access protocol fields
> programmatically
> 
> I tried the Howto of 2008 in the Wiki (http://is.gd/pyZ7If) which leads
> me to a problem:
> I added the mentioned RE.h, binpac_stdalone.h and binpac_pcre.h to
> binpac/lib and recompiled in aux/binpac. Is it right that recompiling
> didn't change the binpac binary in aux/binpac/src? And if yes from where
> do I call binpac then and where should the .pac file be placed? Even the
> unbro'ed http.pac file in the Wiki refers to binpac-lib.pac which
> resides outside the binpac folder. Compiling http.pac then leads to an
> error since bytestring_to_int is undeclared.
> Adding binpac-lib.pac to binpac/lib didn't help. Before changing too
> much and getting lost I better ask :)
> 
> Even If solve the first problem there's another question: I don't need
> any functionality of a protocol machine. So I'd like to get rid of the
> need to define connections and analyzers. I just need access to the
> fields of a single PDU. Anything else is beyond my focus. Do I really
> ALWAYS need to define a connection and a flow?
> 
> So is there now another way than the wikified to use binpac as
> standalone parser generator?
> 
> 
> Best regards,
> Christoph Möbius
> 
> --
>  /"\    ASCII Ribbon Campaign
>  \ /    Respect for low technology.
>   X     Keep e-mail messages readable by any computer system.
>  / \    Keep it ASCII.
> 
> GPG Fingerprint: 38E7 4163 3EA1 DE55 FECE  419B 1AE5 2085 CEBC 5A14
> christoph.moebius at mailbox.tu-dresden.de
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
A non-text attachment was scrubbed...
Name: binpac_bytestring.patch
Type: text/x-patch
Size: 592 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20110805/be892057/attachment.bin

More information about the Bro mailing list