[Bro] Subclassing from SSL Analyzer
N B
nb.nospam at gmail.com
Wed Jun 17 10:38:01 PDT 2015
Hello,
I am trying to subclass from SSL Analyzer such that the derived class can
decrypt the encrypted SSL data (it will have the server's private key). I
have to #include <SSL.h> in my new plugin's header file to allow the
derived class declaration to work but doing that is causing the following
compiler error:
Scanning dependencies of target plugin-Bro-SSLDecrypt
[ 66%] Building CXX object
src/analyzer/protocol/ssldecrypt/CMakeFiles/plugin-Bro-SSLDecrypt.dir/SSLDecrypt.cc.o
In file included from
/Users/nikunj/git/bro/src/analyzer/protocol/ssldecrypt/SSLDecrypt.cc:9:
In file included from
/Users/nikunj/git/bro/src/analyzer/protocol/ssldecrypt/SSLDecrypt.h:12:
/Users/nikunj/git/bro/src/analyzer/protocol/ssl/SSL.h:4:10: fatal error:
'events.bif.h' file not found
#include "events.bif.h"
^
1 error generated.
make[3]: ***
[src/analyzer/protocol/ssldecrypt/CMakeFiles/plugin-Bro-SSLDecrypt.dir/SSLDecrypt.cc.o]
Error 1
make[2]: ***
[src/analyzer/protocol/ssldecrypt/CMakeFiles/plugin-Bro-SSLDecrypt.dir/all]
Error 2
make[1]: *** [all] Error 2
make: *** [all] Error 2
How can I work around this issue?
An option I was thinking of was to directly change the SSL analyzer's code
and not subclass at all. But that would mean I will have to keep patching
it forward as we get newer Bro releases.
Thanks
Nikunj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150617/1c269dce/attachment-0001.html
More information about the Bro
mailing list