[Bro] information exchange between binpac and analyzer
Prateek Gupta
prateekgupta.3991 at gmail.com
Tue Apr 15 06:49:59 PDT 2014
Hello Vlad,
Thank you for your reply.
Though I framed the question completely wrong, yet your answer served
almost all my queries.
I have another doubt and please correct my mistakes.
The C++ code is generated of the .pac files by the binpac in the build.
After "make" and "make install", is this the final analyzer ?
What do the .cc files along with the .pac files in the analyzer have as
content if I intend to write a custom protocol? As binpac calls the event
function for the protocols when a particular "type" is detected, are those
event functions present in these .cc files?
Are the data structures present in these binpac compiled .cc files used for
information exchange?
Thank you.
On Tue, Apr 15, 2014 at 6:40 PM, Vlad Grigorescu <vladg at cmu.edu> wrote:
> I don't understand the question. BinPAC is a compiler. It takes one or
> more .pac files, and compiles them to a .cc and .h file. Those then get
> compiled with the rest of Bro.
>
> You can look at these .cc and .h files when you build Bro -
> build/src/analyzer/protocol/ssl/ssl_pac.cc, for example. Data structures
> will be in those files.
>
> Have you seen the documentation?
>
> http://www.icir.org/vern/papers/binpac.IMC06.pdf
> https://www.bro.org/download/README.binpac.html
> http://www.bro.org/development/howtos/binpac-sample-analyzer.html
>
> Let us know if you have a specific question.
>
> --Vlad
>
> On Apr 15, 2014, at 8:53 AM, Prateek Gupta <prateekgupta.3991 at gmail.com>
> wrote:
>
> > Hello,
> > I am working on Bro-IDS as my academic project and want some information.
> > I want to know what are the data structures implemented in analyzer and
> binpac and how are these data structures passed between them.
> > Its urgent.
> >
> > Thank you.
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140415/56d015b0/attachment.html
More information about the Bro
mailing list