[Bro] information exchange between binpac and analyzer
Vlad Grigorescu
vladg at cmu.edu
Tue Apr 15 06:10:54 PDT 2014
I don't understand the question. BinPAC is a compiler. It takes one or more .pac files, and compiles them to a .cc and .h file. Those then get compiled with the rest of Bro.
You can look at these .cc and .h files when you build Bro - build/src/analyzer/protocol/ssl/ssl_pac.cc, for example. Data structures will be in those files.
Have you seen the documentation?
http://www.icir.org/vern/papers/binpac.IMC06.pdf
https://www.bro.org/download/README.binpac.html
http://www.bro.org/development/howtos/binpac-sample-analyzer.html
Let us know if you have a specific question.
--Vlad
On Apr 15, 2014, at 8:53 AM, Prateek Gupta <prateekgupta.3991 at gmail.com> wrote:
> Hello,
> I am working on Bro-IDS as my academic project and want some information.
> I want to know what are the data structures implemented in analyzer and binpac and how are these data structures passed between them.
> Its urgent.
>
> Thank you.
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140415/5626f7bf/attachment.bin
More information about the Bro
mailing list