I try another thing.
I just type this in my binpac code
&check(abcdefg)
right after a variable, and my binpac code is successfully compiled and linked. So &check is ignored in current Bro package, is it?
That is a really bad news for me. Then I have to spend much much more time to rewrite &check condition into Bro’s script which is sometimes hard to do.
Is there any future plan to activate &check statement again?
Best,
Hui
Are you sure that this was working previously? I don't think that the &check attribute has ever actually been implemented in binpac (at least the functionality of the &check statement.
.Seth
That is cruel!
I remember that at the very beginning, I saw some exception generated by binpac which is related to some value range.
In this afternoon, I check some cc code generated by binpac code, it seems that Binpac will generate some exception such as out-of-bound, string length and so on. I probably regard them as the exception throwed by &check.
Anyway, the news is cruel to me and I have to put those checks into Bro script.
Does binpac++ will do something like this?
Best,
Hui
Anyway, the news is cruel to me and I have to put those checks into Bro script.
What sort of checks are they? I wouldn't think you'd want to have too many &check conditions within your parser, but I don't know the protocols you're working on.
Does binpac++ will do something like this?
I don't recall. You'll have to wait for Robin to answer. 
.Seth
Yes, it will eventually. Can you give a few more details on the kind
of checks you want to do?
Robin
On the current work, I am doing some basic checking. Such as value range. I sometimes add thing like check(0) to some obsolete case.
There is something that is coming to my mind which is not related to my work. Is that possible to have some simple state management in binpac too? Like make it possible for us to define global variable as parsing goes on.
Yes, you can do it but it's a bit of a mess since you have to use the c/c++ integration techniques (there are examples of this in many of the existing binpac analyzers like in ssl-protocol.pac). Binpac++ supports this much better since it's a turing complete programming language in itself.
The rule of thumb I've tried to stick to is only store things in the analyzer that are needed to continue parsing the protocol and pass everything else to script land through events.
.Seth