[Bro-Dev] inline record type definition

[Seth Hall]

I'm writing some of the builtin path_funcs and I'm running into a problem that we identified a while ago but I don't remember if we came to a conclusion on how to deal with it.  When I use the following function as a $path_func for the logging framework it fails because when the rec value is passed in, the first ordinal value is almost always a time field and it tries to turn the time field into a conn_id field which obviously fails.  What we need it to do is make rec$id the actual value of the $id field which is normally the third field so it needs to be done by name instead.

function path_with_direction(id: ID, path: string, rec: record {id: conn_id;}): string
	{
	if ( Site::is_local_addr(rec$id$orig_h) )
		return fmt("%s-%s", path, "outbound");
	else
		return fmt("%s-%s", path, "inbound");
	}

Robin, do you recall if we figured out a way to work around this or if I'm doing this wrong?

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/