information exchange between binpac and analyzer


I am working on Bro-IDS as my academic project and want some information.

I want to know what are the data structures implemented in analyzer and binpac and how are these data structures passed between them.

Its urgent.

Thank you.

I don't understand the question. BinPAC is a compiler. It takes one or more .pac files, and compiles them to a .cc and .h file. Those then get compiled with the rest of Bro.

You can look at these .cc and .h files when you build Bro - build/src/analyzer/protocol/ssl/, for example. Data structures will be in those files.

Have you seen the documentation?

Let us know if you have a specific question.


Hello Vlad,

Thank you for your reply.

Though I framed the question completely wrong, yet your answer served almost all my queries.

I have another doubt and please correct my mistakes.

The C++ code is generated of the .pac files by the binpac in the build. After “make” and “make install”, is this the final analyzer ?

What do the .cc files along with the .pac files in the analyzer have as content if I intend to write a custom protocol? As binpac calls the event function for the protocols when a particular “type” is detected, are those event functions present in these .cc files?

Are the data structures present in these binpac compiled .cc files used for information exchange?

Thank you.