[Bro] segmentation fault by adding an analyzer to port 80

Eric Asselin Eric.Asselin at usherbrooke.ca
Thu Apr 4 02:15:06 PDT 2013 

When I force the anaylzer to be activated by modifying the DPM.cc,
everything works well. But when I try to activate it by using a Bro
script, like this:

    global foo_ports: set[port] = { 80/tcp } &redef;
    redef dpd_config += { [ANALYZER_MYPROTO] = [$ports = foo_ports] };

a segmentation fault appear at the end of the script.

There is the command I use to execute it (note that the browse.pcap file
came from a Bro workshop):

    bro -b -r browse.pcap my_proto.bro

Here's the complete code of the analyzer and the Bro script:

MyProto.h
----------------------------------
#ifndef myproto_h
#define myproto_h

#include "Analyzer.h"

class MyProto_Analyzer : public Analyzer {
public:
    MyProto_Analyzer(Connection* conn);
    virtual ~MyProto_Analyzer();

    virtual void Init();

    static Analyzer* InstantiateAnalyzer(Connection* conn)
        { return new MyProto_Analyzer(conn); }

    static bool Available() { return true; }

protected:
    virtual void Done();

    virtual void DeliverPacket(int len, const u_char* data, bool orig,
                    int seq, const IP_Hdr* ip, int caplen);

};

#endif


MyProto.cc
----------------------------------
#include "MyProto.h"

MyProto_Analyzer::MyProto_Analyzer(Connection* c)
: Analyzer(AnalyzerTag::MyProto, c)
    {}

MyProto_Analyzer::~MyProto_Analyzer()
    {}

void MyProto_Analyzer::Init()
    {
    val_list* vl = new val_list;
    vl->append(BuildConnVal());
    vl->append(new StringVal("A message from MyProto_Analyzer!"));
    Conn()->ConnectionEvent(MyEvent, this, vl);   
    }

void MyProto_Analyzer::Done()
    {
    Analyzer::Done();
    }

void MyProto_Analyzer::DeliverPacket(int len, const u_char* data, bool
is_orig, int seq, const IP_Hdr* ip, int caplen)
    {
    Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen);
    }


my_proto.bro
----------------------------------
global foo_ports: set[port] = { 80/tcp } &redef;
redef dpd_config += { [ANALYZER_MYPROTO] = [$ports = foo_ports] };

event bro_init()
    {
    print ("Hello!");  
    }

event MyEvent(c: connection, msg: string)
    {
    print msg;
    }


event.bif
----------------------------------
event MyEvent%(c: connection, msg: string%);


Thanks,
Eric.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130404/5154de30/attachment.html

More information about the Bro mailing list