[Bro] pybroker with 'optional' fields

Siwek, Jon jsiwek at illinois.edu
Mon May 18 10:56:06 PDT 2015

> On May 18, 2015, at 9:27 AM, Jeff Barber <jbarber at computer.org> wrote:
> I've been playing with sending event data to a peer using the broker interface. I'm able to send records over just fine and my python script can receive and interpret them using the swig-generated wrapper as long as all the fields are present. 
> If I try to send one with optional fields such as pkt_hdr where not all of the fields are present (as is always the case with pkt_hdr), I get various segmentation violations either direct in the swig-generated code or assertion failures in the 'optional' class.
> Seems like there should be a more intelligent iterator for the record fields in the swig source. I was thinking it would make sense to return a None value in the slot where a non-present optional value goes and then you could just test for that, but I don't know enough about swig to create the iterator. I've tried several combinations of %extend, %pythoncode and so forth, but can't figure out the right magic words.
> Anybody know the right way to do this?

There’s a brief example of sending/receiving a record with an empty field in tests/test_messages.py.  You can call the valid() method on a field to test if there’s data there that you’re allowed to access.  If that doesn’t help clarify the issue, can you post some example code?

- Jon

More information about the Bro mailing list