[Bro] Fwd: Undefined symbol while writing an analyzer

Mon Apr 25 00:04:54 PDT 2016

Thank you for your reply Vlad.

Unfortunately that was not the problem as I've been using this option 
from the beginning.

The problem was related with the linkage options. I was using the 
configure and Makefile files that the init-plugin --plugin  script was 
giving me. BUT these 'configure' and 'Makefile' files are prepared for a 
simple plugin with simple functions. If you need to write an analyzer 
with thi --plugin option you need to modify the resulting CMakeLists.txt.

This is how it comes:

cmake_minimum_required(VERSION 2.8)
project(Plugin)
include(BroPlugin)
bro_plugin_begin(MyProt MyProt)
bro_plugin_cc(src/Plugin.cc)
bro_plugin_bif(src/events.bif)
bro_plugin_dist_files(README CHANGES COPYING VERSION)
bro_plugin_end()

and this is how it must be:

cmake_minimum_required(VERSION 2.8)
project(Plugin)
include(BroPlugin)
bro_plugin_begin(MyProt MyProt)
bro_plugin_bif(src/types.bif src/events.bif) <---
bro_plugin_cc(src/Plugin.cc src/MyProt.cc src/MyProt_pac.cc) <---
bro_plugin_dist_files(README CHANGES COPYING VERSION)
bro_plugin_end()

Apart from that, I had to add the different records in the init-bare.bro 
file and, weird enough, I had to modify the build/src/types.bif.netvar_h 
file to add the records I was using, maybe someone can explain me that.

Ah!, and do not reuse a type name that other analyzer is already 
using... it will give you a segmentation fault.

Now it works fine.

Thank you!

On 22/04/16 18:33, Vlad Grigorescu wrote:
> Hi Luis,
>
> binpac_quickstart has a --plugin option which should set up the skeleton
> in much the same way init-plugin does. Try that, and please let me know
> if you encounter issues with it.
>
>    --Vlad
>
> Luis Martin Liras <martin.liras at gmail.com> writes:
>
>> Hey guys,
>>
>> I would really appreciate some help on this.
>>
>> I think I can reduce the source of the problem to two points:
>>
>> - A namespace problem. I have revised my code and does not find anything
>> wrong. I'll keep checking
>> - A linkage problem:
>>
>> To compile the plugin I followed the instructions of the "Writing Bro
>> Plugins" documentation guide. In the Plugins.cc file instantiated of the
>> Analyzer and included "Myprotocol.h", which had been previously created
>> with binpac_Quickstart's start.py
>>
>> However the Makefile and configure files were created with the
>> "init-plugin" script. Do you know if I have to modify anything in the
>> Makefile to build a protocol analyzer plugin?
>>
>> Unfortunately in the "Writing Bro plugins" documentation page, the
>> "Protocol Analyzers" section is empty...
>>
>> Hope you can help me.
>>
>> Best reagards!
>>
>>
>> -------- Forwarded Message --------
>> Subject: 	Undefined symbol while writing an analyzer
>> Date: 	Wed, 20 Apr 2016 11:48:12 +0200
>> From: 	Luis Martin <martin.liras at gmail.com>
>> To: 	bro at bro.org
>>
>>
>>
>> Hi,
>>
>> I'm quite new in bro, but I'm trying to develop an analyzer as a plugin
>> (Not an easy task), using the modbus analyzer as a starting point.
>>
>> I have passed through all the steps and everything seem to be OK: It
>> compiled OK and Bro detects the plugin and its events when run with the
>> -NN option
>>
>>    However when I try to register my analyzer:
>>
>> ...
>> Analyzer::register_for_ports(Analyzer::ANALYZER_UMAS, ports);
>> ...
>>
>> I get the following error:
>>
>> ../build/src/bro: symbol lookup error:
>> /tools/pruebas_bro/bro/bro/umas_plugin/build//lib/UMAS-UNITY.linux-x86_64.so
>> <http://UMAS-UNITY.linux-x86_64.so>: undefined symbol:
>> _ZN8analyzer4umas16UmasTCP_AnalyzerC1EP10Connection
>>
>> Is necessary to declare ANALYZER_UMAS anywhere?.
>>
>>
>> How could I debug this error?.
>>
>> Anyone who has an idea could help me ?
>>
>> Thanks !
>>
>>
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro