Group,
I am using linux version 5.2 to compile the bro software. I am having
problems with the DNS.cc source code. The error has to do with the
"void DNS_Mgr::AddResult function.
There is a message that says there is a syntax error before the ( on
line 688. Has anyone seen this?
Don Miller
It helps if you give us the output of whatever is giving you the error,
and linux 5.2? whats that? 
it seems there is a collision between a member of nb_dns_result and
<netdb.h>.. the attached patch is an ugly nasty hack that gets it to
compile.. then you get to run into collisions in TCP.h..
I don't have time now, but maybe later I'll try to get this to compile
under glibc and linux.
-- zach
--- DNS.cc.old Mon Sep 14 13:41:33 1998
+++ DNS.cc Mon Sep 14 13:42:10 1998
@@ -22,6 +22,7 @@
#include <stdlib.h>
#include <errno.h>
#include <netdb.h>
+#undef h_errno /* collides w/ member in struct in nb_dns.h */
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
--- nb_dns.c.old Mon Sep 14 13:41:40 1998
+++ nb_dns.c Mon Sep 14 13:42:01 1998
@@ -43,6 +43,7 @@
#include <errno.h>
#include <memory.h>
#include <netdb.h>
+#undef h_errno /* collides w/ member in struct in nb_dns.h */
#include <resolv.h>
#include <stdio.h>
#include <stdlib.h>
Just gave it a try on my RedHat 5.1 box, and there are a whole number of
things you have to fix to get it to compile properly. Not for the faint of
heart here... Here is a quick list for the impatient, not sure what
approach the maintainer wants to take regarding Linux support so I'm
leaving out the actual diffs (these are too nasty for production anyway
;-).
0. The h_errno has to be #undef'ed sometime after including 'netdb.h' in
DNS.cc. This is because netdb.h re-#defines it to something unsuitable.
Defining '_LIBC', e.g. adding -D_LIBC to your CFLAGS line in Makefile
gives the same effect.
1. Some values in the enumeration 'EndpointState' (various source files)
conflicts with already enumerated types in /usr/include/linux/tcp.h Rename
the enumerated values that conflict (and do the same in the source files),
or comment out the whole typedef from TCP.h. Commenting out will force you
to change 'EndpointState' to say 'unsigned char' in the relevant places in
the source, and you also need to explicitly #define TCP_INACTIVE,
TCP_PARTIAL, TCP_CLOSED and TCP_RESET to some unique values above 11
(thats where the relevant system ones stop on my box).
2. _All_ the members of the tcphdr and udphdr structs have different names
under Linux compared to what's expected in the source. Which basically
means you have to edit a lot of files to fix this. The relevant system
definitions are in /usr/include/linux/{tcp,udp}.h and look like this
(these dumps primarily for the maintainer so he can have a look at doing
linux support):
struct tcphdr {
__u16 source;
__u16 dest;
__u32 seq;
__u32 ack_seq;
#if defined(__LITTLE_ENDIAN_BITFIELD)
__u16 res1:4,
doff:4,
fin:1,
syn:1,
rst:1,
psh:1,
ack:1,
urg:1,
res2:2;
#elif defined(__BIG_ENDIAN_BITFIELD)
__u16 doff:4,
res1:4,
res2:2,
urg:1,
ack:1,
psh:1,
rst:1,
syn:1,
fin:1;
#else
#error "Adjust your <asm/byteorder.h> defines"
#endif
__u16 window;
__u16 check;
__u16 urg_ptr;
};
struct udphdr {
unsigned short source;
unsigned short dest;
unsigned short len;
unsigned short check;
};
Compare this to what say Solaris:
struct tcphdr {
u_short th_sport; /* source port */
u_short th_dport; /* destination port */
tcp_seq th_seq; /* sequence number */
tcp_seq th_ack; /* acknowledgement number */
#ifdef _BIT_FIELDS_LTOH
u_int th_x2:4, /* (unused) */
th_off:4; /* data offset */
#else
u_int th_off:4, /* data offset */
th_x2:4; /* (unused) */
#endif
u_char th_flags;
#define TH_FIN 0x01
#define TH_SYN 0x02
#define TH_RST 0x04
#define TH_PUSH 0x08
#define TH_ACK 0x10
#define TH_URG 0x20
u_short th_win; /* window */
u_short th_sum; /* checksum */
u_short th_urp; /* urgent pointer */
};
struct udphdr {
u_short uh_sport; /* source port */
u_short uh_dport; /* destination port */
short uh_ulen; /* udp length */
u_short uh_sum; /* udp checksum */
};
Note specifically the change from a single flags member that you typically
'tp->flags & TH_URG' to 'tp->urg'.
The quick list of changes:
TCP:
th_off -> doff
th_sport -> source
th_dport -> dest
th_flags & TH_SYN -> syn
th_flags & TH_ACK -> ack
etc etc just lowercase the #define and remove 'th_' on the various flags.
th_seq -> seq
th_ack -> ack_seq
UDP:
uh_sum -> check
uh_ulen -> len
uh_sport -> source
uh_dport -> dest
That should be it. I haven't done any tests at all, so the fixes above may
or may not give you a bro that actually works. But at least it runs and it
does produce what appears to be useful output.
Note that I also had to change line 89 in policy/hot.bro from
[external_routers, external_routers, bgp],
to
[external_routers, external_routers, 179/tcp],
This is because (I presume, haven't read the source for the parser) bgp
isn't defined in your average Linux /etc/services file.
OK