Confusing binPAC error...

Hi there,

I've tried to implement a little test analyzer to detect TCP payload with 2 bytes in it, just to know how binpac works.

Here's my protocol.pac:

type t_header = record {
     b1 : uint8;
     b2 : uint8;
}

type TEST_PDU(is_orig: bool) = record {
     data : t_header;
} &byteorder = bigendian

Here's my analyzer.pac

refine flow TEST_Flow += {
     function proc_test_message(msg: TEST_PDU): bool
         %{
         printf("Read TEST_PDU\n");
BifEvent::generate_test_event(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn());
         return true;
         %}
};

refine typeattr TEST_PDU += &let {
     proc: bool = $context.flow.proc_test_message(this);
};

Everything works fine, but when I want to print my byte-values ( printf("Val 1: %d, Val 2: %d, Val 3: %d", ${msg.b1}, ${msg.b2}, ${msg.b3}); ),
I get an error while making the file which says that " 'b1' undeclared".
Even if I put an if-statement to check if those values are undeclared ( if( ${msg.b1} != NULL && ${msg.b2} != NULL && ${msg.b3} != NULL)),
I still get the same error.
Can someone help me? :smiley: Or tell me how to proper use C++ code in binPAC?

Thanks!

Dane,

As you’ve listed it, msg is of type TEST_PDU, which is a record containing another record (of type ‘t_header’ named ‘data’). You can’t ignore the inner record. Looks like you should be using “${msg.data.b1}” in your printf.

Also, you’re not showing a “b3” anywhere so that should come up undeclared as well.

HTH

Hey,

thanks for your answer! Now I’m able to operate with the records!