[Bro] Global array in context?

Luis Martin martin.liras at gmail.com
Fri Apr 29 07:21:10 PDT 2016

Hi all,

I will repond to myself.

I finally got it to work modifying the connection class and adding the

refine connection UmasTCP_Conn += {
                int previous_fcs[256];

Adding a RESPONSE type that call to a function to recover the FC data from
the array:

type XXX{
} &let {
       ufc: uint8 =

And writing two functions in the analyzer.pac file:

refine connection MyProtTCP_Conn += {

        function get_Previous_FC(Transport_id: int): int
                return previous_fcs[tid%256];

        function SetTID_FC(transport_id:int, ufc:int): bool

                return true;

The second one is called every time a message event is detected:

 function deliver_message(header: BinPAC_TCP_Header, MYPROTheader:
BinPAC_MYPROT_header): bool
                if ( ::MyProt_message )

Works fine.

Thanks anyway!

2016-04-29 14:19 GMT+02:00 Luis Martin <martin.liras at gmail.com>:

> Hi,
> I'm trying to develop an application level analyzer.
> My protocol has a request/response architectutrte, and the
> request/response message structure depends on a Function Code.
> This Function Code is sent in the request message, but NOT in the response
> message.
> So, when I receive a response I don't know if it belongs to the request A
> or the request B.
> The only way to know that is checking the transport level ID.
> So, I need to maintain any kind of array that relate transport id values
> and function codes.
> My question is how to do that.
> I need to read and write that global value in the MyProt-protocol.pac
> file. But I don't know how to maintain a global variable in binpac.
> I've been trying to do it within the $context, but I don't know how to
> write a value in a type added to the context.
> Any idea?
> Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160429/fa51a807/attachment.html 

More information about the Bro mailing list