pack() gives me "character wrapped" warnings

Chris_LSU has asked for the wisdom of the Perl Monks concerning the following question:

I've been tasked with implementing Shadow IDS 1.8 into a production environment at my job. I'm a little of a Perl newb, having done a few small things with it, but nobody else knows much about it around here, so I was given the task. Hooray :P
Anyway, there's a piece of one of the scripts that is apparently breaking, or doing something strange (not sure which). The piece of code is this:

my $binip = pack "c4", ($a, $b, $c, $d);

The previous line is this:

my ($a, $b, $c, $d) = split(/\./, $src_ip);

Which is the first line of a foreach loop:

foreach $src_ip (sort by_ip keys(%tgt_sys))

The script is set to dump STDERR to a log file. When this script runs, it seems to run fine, then the log fills up with this message:

Character in "c" format wrapped at /usr/local/shadow/SHADOW-1.8/find_scan.pl line 142, <STDIN> line 5507847.

Line 142 is where the first piece I posted; the line with the pack function in it. I did some checking into the pack function, but what I've learned so far about it doesn't seem to explain what is causing this message to be generated, and honestly, I'm not even sure exactly what it means. I figured out that line 5507847 is the last line of the file that is being streamed into the script, so I'm guessing that for some reason the 'pack' line isn't "handling" it correctly. My supervisor suggested it may be the presence of a newline, so I tried a chomp. But it didn't work; either I put it in the wrong place, or it wasn't the newline.
I need some help.

20040904 Edit by castaway: Changed title from ''pack' errors'

Comment on pack() gives me "character wrapped" warnings Select or Download Code

Replies are listed 'Best First'.
Re: pack() gives me "character wrapped" warnings by BrowserUk (Patriarch) on Sep 03, 2004 at 21:18 UTC
Pack format 'c' is for signed chars, which means that once you get values above 127, you get a warning. If you switch to format 'C4' (where C is unsigned char), the warnings will go away: `P:\test>perl -wle "print( $_ ), print pack'c', $_ for 125..130" 125 } 126 ~ 127 128 Character in 'c' format wrapped in pack at -e line 1. Ç 129 Character in 'c' format wrapped in pack at -e line 1. ü 130 Character in 'c' format wrapped in pack at -e line 1. é P:\test>perl -wle "print( $_ ), print pack'C', $_ for 125..130" 125 } 126 ~ 127 128 Ç 129 ü 130 é` [download] Examine what is said, not who speaks. "Efficiency is intelligent laziness." -David Dunham "Think for yourself!" - Abigail "Memory, processor, disk in that order on the hardware side. Algorithm, algorithm, algorithm on the code side." - tachyon	[reply] [d/l]
Re: pack() gives me "character wrapped" warnings by saintmike (Vicar) on Sep 03, 2004 at 21:06 UTC
If you can't figure out what a warning/error means, employ `use diagnostics;` [download] in your code or call `perldoc perldiag` on the command line: `Character in "c" format wrapped in pack (W pack) You said pack("c", $x) where $x is either less than -128 or more than 127; the "c" format is only for encoding native operating system characters (ASCII, EBCDIC, and so on) and not for Unicode characters, so Perl behaved as if you meant pack("c", $x & 255); If you actually want to pack Unicode codepoints, use the "U" format instead.` [download]	[reply] [d/l] [select]
Re: pack() gives me "character wrapped" warnings by Aristotle (Chancellor) on Sep 03, 2004 at 23:04 UTC
BrowserUk has answered your immediate question. Now, the best way to avoid that problem in your case would be `use Socket; my $binip = inet_aton( $src_ip );` [download] See Don't Use Regular Expressions To Parse IP Addresses! Makeshifts last the longest.	[reply] [d/l]
Re: pack() gives me "character wrapped" warnings in more than two year old software? by shenme (Priest) on Sep 04, 2004 at 01:59 UTC
I've been tasked with implementing Shadow IDS 1.8 into a production environment at my job. I find it unnerving that someone has given you a release of something, it's giving you errors, and you haven't checked/realized the release is over two years out of date? The oldest reference I can find seems to say that version 2.3 came out October, 2002. I can't even find when 1.8 came out. Version 4.4 was released last month and you can find it here. Now I know nothing about Shadow IDS. But it seems to me that an IDS that is nowhere near ready for current threats is a bad idea and a waste of your time at best.	[reply]
Re^2: pack() gives me "character wrapped" warnings in more than two year old software? by Chris_LSU (Sexton) on Sep 07, 2004 at 15:07 UTC
Thanks for all the help. To address Shenme's point, after checking that page out, it looks like that's not "pure" Shadow IDS. Instead, it's a combination of Shadow IDS v1.8 and several Snort packages in one convenient IDS and released as Shadow IDS. We're already running Snort in our environment, and I'm just adding Shadow v1.8 to our quiver of tools at our disposal. Thanks again for the help.	[reply]
Re: pack() gives me "character wrapped" warnings by bart (Canon) on Sep 04, 2004 at 08:46 UTC
Use upper case "C". "c" is for signed bytes in 2's complement, thus the range -128 to 127. "C" is for unsigned bytes, range 0 to 255. The complaint is that it got numbers >= 128, which isn't in its normal range. It happens to give the proper result, but unpacking the bytes again, with "c", would yield different results for those bytes.	[reply]