new Bro CURRENT and STABLE releases (1.2 and 1.1)

Bro release 1.2 is now available from:

This becomes the new CURRENT release. The 1.1 branch (formerly CURRENT)
is now the STABLE release:

The most significant new features with 1.2 are dynamic protocol detection
and a large set of enhancements to the BinPAC system for generating protocol
analyzers. The appended changelog lists numerous other features/changes/fixes.

The old STABLE release, based on the 0.9 release, remains available at

We do not anticipate making any further changes to it.


Bro release 1.2 is now available from:

Awesome! I'm really looking forward to working with the new functionality in 1.2.

- A much more complete BinPAC compiler, along with new HTTP, DNS, and
  RPC/Portmap analyzers in binpac (Ruoming Pang). The flag "--use-binpac"
  activates the BinPAC-based analyzers (currently for HTTP and DNS).
  See for a description of
  BinPAC, and let Ruoming know if you are interested in using BinPAC to build
  new analyzers.

The --use-binpac flag doesn't work in the downloadable package. Are the binpac analyzers being used by default?


The --use-binpac flag doesn't work in the downloadable package.

What happens when you try using it? It works for me.


Sigh... I should try looking around a little longer in the future. I thought that --use-binpac was a configure option, but I see now that it's an option for the bro binary. Thanks for the quick response.


A couple important bug fixes from the 1.2 release have been backported
to the 1.1 release. A new version is available as:

Here is a list of bug fixes:

- Nasty fragment reassembly bug fixed (Vern Paxson).
- Minor fix for IRC backdoor detector (Vern Paxson).
- Fixed serious bugs in DNS EDNS0 processing (Vern Paxson).