In Analyzer.cc, there is a quick check for 'if (skip)' . How does this variable get set?
On Wed, Jun 17, 2015 at 10:30 AM, James Swaro <james.sw...@gmail.com> wrote: > If I understand the patch correctly, it would only cause problems for > connections with over 2GB of data payload, but I think it should work fine > for a small trace of say 200KB. I'm not seeing any events at all, nor am I > seeing the log files that should be created when using the analyzer. > > I'll correct the functions and test it out though. > > On Wed, Jun 17, 2015 at 10:10 AM, Vlad Grigorescu <v...@grigorescu.org> > wrote: > >> On Wed, Jun 17, 2015 at 9:45 AM, James Swaro <james.sw...@gmail.com> >> wrote: >> >>> > Just a guess, but it could be related to this: >>> https://github.com/bro/bro/blob/master/CHANGES#L1578 >>> I'm looking, but nothing seems to pop out at me. >>> >>> > The other big change was moving to plugins, but if you're seeing it >>> added as a child analyzer, that doesn't sound like it'd be the issue. >>> It seems to be ok. Did data delivery change from DeliverPacket to >>> something else? >>> >>> > Was this analyzer written in BinPAC, or in C++? >>> It was written in C++. >>> >> >> Well, what I meant with that change was that the functions used for data >> delivery changed. Specifically: >> >> Analyzer::{NextPacket, NextUndelivered, ForwardPacket, >> ForwardUndelivered, DeliverPacket, Undelivered} were modified to change the >> int seq parameter to a uint64. If your functions aren't updated, and are >> expecting a plain old int for the sequence number, I've seen the scenario >> you describe: the analyzer attaches, but doesn't function. >> >> --Vlad >> >> > > > -- > James Swaro > > > -- James Swaro
_______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
