I am totally new to zeek scripting, and I am trying to to a very basic DNS tunnel detector.
Here is my code so far :
export {
const conn_packets_limit = 10;
const conn_time_limit = 30secs;
}
event dns_message(c: connection, is_orig: bool, msg: dns_msg, len: count) {
if (c$duration > conn_time_limit) {
print fmt("Long DNS connexion for %s by %s/%s",c$id$resp_h,c$id$resp_h,c$id$orig_p);
}
}
When i try to run it with zeek -C -r ../capture.pcap ../zeek_scripts/dns/dns.zeek I get the following error : error in ./../zeek_scripts/dns/dns.zeek, line 11: syntax error, at or near "}"
I do not know what I am doing wrong with the print line, could you help me ?
Thank you !
Related
I'm trying to write a counter which is sending a msg+CTR but when I'm running the program it's saying this type of error "Program / Model 46-0106 Error in node Veh1 on channel WLAN 1 in C2X IL CAPL function C2xGetTokenInt: Protocol "EU_ApplMsg::DENM" not found"
Please can anybody tell me what that error mean and how to fix it?
void OnC2xPacket( long channel, long dir, long radioChannel, long signalStrength, long signalQuality, long packet )
{
byte aRx_stationID;
aRx_stationID = C2xGetTokenInt(packet, "DENM", "header.stationID");
if(aRx_stationID == 222)
{
#Veh1::sVarRxDenmCounter = C2xGetTokenInt(packet, "DENM", "denm.situation.eventType.causeCode");
if(#Veh1::sVarRxDenmCounter != gRxPacketCounterNew && gRxPacketCounterInit != 1)
{
#Veh1::sVarLostPacketNumber++;
#Veh1::sVarRecieveDataAge = 0;
}
else
{
#Veh1::sVarRecieveDataAge =1;
}
gRxPacketCounterNew = ((#Veh1::sVarRxDenmCounter+1)%256);
gRxPacketCounterInit = 0;
if(#Veh1::sVarLostPacketNumber > 1000)
{
#Veh1::sVarLostPacketNumber =0;
}
}
}
I used in the capl code the CAM and DENM messages to send Tx and receive Rx and in the capl code I don't have an error found but maybe there is an infinite loop or somebody else has a piece of knowledge about that issue.
when I am running a Tcl script that contains the following lines:
set V [exec bjobs ]
puts "bjobs= ${V}"
When jobs are present it's working properly but, no jobs are running it is showing an error like this:
No unfinished job found
while executing
"exec bjobs "
invoked from within
"set V [exec bjobs ]"
How to avoid this error? Please let me know how to avoid this kind of errors.
It sounds to me like the bjobs program has a non-zero exit code in this case. The exec manual page includes this example in a subsection WORKING WITH NON-ZERO RESULTS:
To execute a program that can return a non-zero result, you should wrap
the call to exec in catch and check the contents of the -errorcode
return option if you have an error:
set status 0
if {[catch {exec grep foo bar.txt} results options]} {
set details [dict get $options -errorcode]
if {[lindex $details 0] eq "CHILDSTATUS"} {
set status [lindex $details 2]
} else {
# Some other error; regenerate it to let caller handle
return -options $options -level 0 $results
}
}
This is more easily written using the try command, as that makes it
simpler to trap specific types of errors. This is done using code like
this:
try {
set results [exec grep foo bar.txt]
set status 0
} trap CHILDSTATUS {results options} {
set status [lindex [dict get $options -errorcode] 2]
}
I think you could write this as:
try {
set V [exec bjobs ]
} trap CHILDSTATUS {message} {
# Not sure how you want to handle the case where there's nothing...
set V $message
}
puts "bjobs= ${V}"
if {[catch {exec bjobs} result]} {
puts "bjobs have some issues. Reason : $result"
} else {
puts "bjobs executed successfully. Result : $result"
}
Reference : catch
Note carefully in the exec man
page:
If any of the commands in the pipeline exit abnormally or are killed or
suspended, then exec will return an error [...]
If any of the commands
writes to its standard error file and that standard error is not
redirected and
-ignorestderr is not specified, then exec will return an
error.
So if bjobs returns non-zero or prints to stderr when there are no jobs, exec needs catch or try as Donal writes.
I have a problem copying files with scp. I use Qt and copy my files with scp using QProcess. And when something bad happens I always get exitCode=1. It always returns 1. I tried copying files with a terminal. The first time I got the error "Permission denied" and the exit code was 1. Then I unplugged my Ethernet cable and got the error "Network is unreachable". And the return code was still 1. It confuses me very much cause in my application I have to distinct these types of errors.
Any help is appreciated. Thank you so much!
See this code as a working example:
bool Utility::untarScript(QString filename, QString& statusMessages)
{
// Untar tar-bzip2 file, only extract script to temp-folder
QProcess tar;
QStringList arguments;
arguments << "-xvjf";
arguments << filename;
arguments << "-C";
arguments << QDir::tempPath();
arguments << "--strip-components=1";
arguments << "--wildcards";
arguments << "*/folder.*";
// tar -xjf $file -C $tmpDir --strip-components=1 --wildcards
tar.start("tar", arguments);
// Wait for tar to finish
if (tar.waitForFinished(10000) == true)
{
if (tar.exitCode() == 0)
{
statusMessages.append(tar.readAllStandardError());
return true;
}
}
statusMessages.append(tar.readAllStandardError());
statusMessages.append(tar.readAllStandardOutput());
statusMessages.append(QString("Exitcode = %1\n").arg(tar.exitCode()));
return false;
}
It gathers all available process output for you to analyse. Especially look at readAllStandardError().
I'm developing a script which in turn invokes several other scripts (.ksh). And basically when one of them fail they shouldn't proceed to the next one. So I tried checking for the return code in one script that involves bteq (Basic Teradata Query) session. Please find below the scenario:
bteq <<EOF!
.run file ${TGTRUNFILEN} ;
.maxerror 1;
.set width 245;
...
...
sel * from table ;
.if ACTIVITYCOUNT <> 0 then .GOTO QUIT
.os mail command "error msg"
exit 1;
.LABEL QUIT
.quit;
EOF!
echo $rcode
rcode=$?
if [[ $rcode != 0 ]]
then
echo "$0: Insufficient Perm Space : username " >&2
exit 4
fi
Here,the script fails and I can see the log saying failed with return code 1, but why isn't the text "$0:Insufficient Perm Space : Username" displayed. I think it exits the entire script, but I need this fixed somehow.
Can someone kindly help me on this?
Hi Thanks a ton for responding.I found a way to overcome this.I just added 'set' command like this.
set +e
bteq <<EOF!
...
...
EOF!
rcode=$?
set -e
Works fine for me.
Cheers
I would like to change a program to automatically detect whether a terminal is color-capable or not, so when I run said program from within a non-color capable terminal (say M-x shell in (X)Emacs), color is automatically turned off.
I don't want to hardcode the program to detect TERM={emacs,dumb}.
I am thinking that termcap/terminfo should be able to help with this, but so far I've only managed to cobble together this (n)curses-using snippet of code, which fails badly when it can't find the terminal:
#include <stdlib.h>
#include <curses.h>
int main(void) {
int colors=0;
initscr();
start_color();
colors=has_colors() ? 1 : 0;
endwin();
printf(colors ? "YES\n" : "NO\n");
exit(0);
}
I.e. I get this:
$ gcc -Wall -lncurses -o hep hep.c
$ echo $TERM
xterm
$ ./hep
YES
$ export TERM=dumb
$ ./hep
NO
$ export TERM=emacs
$ ./hep
Error opening terminal: emacs.
$
which is... suboptimal.
A friend pointed me towards tput(1), and I cooked up this solution:
#!/bin/sh
# ack-wrapper - use tput to try and detect whether the terminal is
# color-capable, and call ack-grep accordingly.
OPTION='--nocolor'
COLORS=$(tput colors 2> /dev/null)
if [ $? = 0 ] && [ $COLORS -gt 2 ]; then
OPTION=''
fi
exec ack-grep $OPTION "$#"
which works for me. It would be great if I had a way to integrate it into ack, though.
You almost had it, except that you need to use the lower-level curses function setupterm instead of initscr. setupterm just performs enough initialization to read terminfo data, and if you pass in a pointer to an error result value (the last argument) it will return an error value instead of emitting error messages and exiting (the default behavior for initscr).
#include <stdlib.h>
#include <curses.h>
int main(void) {
char *term = getenv("TERM");
int erret = 0;
if (setupterm(NULL, 1, &erret) == ERR) {
char *errmsg = "unknown error";
switch (erret) {
case 1: errmsg = "terminal is hardcopy, cannot be used for curses applications"; break;
case 0: errmsg = "terminal could not be found, or not enough information for curses applications"; break;
case -1: errmsg = "terminfo entry could not be found"; break;
}
printf("Color support for terminal \"%s\" unknown (error %d: %s).\n", term, erret, errmsg);
exit(1);
}
bool colors = has_colors();
printf("Terminal \"%s\" %s colors.\n", term, colors ? "has" : "does not have");
return 0;
}
Additional information about using setupterm is available in the curs_terminfo(3X) man page (x-man-page://3x/curs_terminfo) and Writing Programs with NCURSES.
Look up the terminfo(5) entry for the terminal type and check the Co (max_colors) entry. That's how many colors the terminal supports.