[Bro] Global array in context?

Luis Martin martin.liras at gmail.com
Fri Apr 29 05:19:59 PDT 2016


I'm trying to develop an application level analyzer.

My protocol has a request/response architectutrte, and the request/response
message structure depends on a Function Code.

This Function Code is sent in the request message, but NOT in the response

So, when I receive a response I don't know if it belongs to the request A
or the request B.

The only way to know that is checking the transport level ID.

So, I need to maintain any kind of array that relate transport id values
and function codes.

My question is how to do that.

I need to read and write that global value in the MyProt-protocol.pac file.
But I don't know how to maintain a global variable in binpac.

I've been trying to do it within the $context, but I don't know how to
write a value in a type added to the context.

Any idea?

Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160429/077d15c8/attachment.html 

More information about the Bro mailing list