[Bro-Dev] Some bro.bif issues

Matthias Vallentin vallentin at icir.org
Fri Nov 18 19:14:51 PST 2011

This is the function set_buf:

    function set_buf%(f: file, buffered: bool%): any
        return new Val(0, TYPE_VOID);

It's return value is any although void is returned. Shouldn't the return value
in the function signature be void as well?

Moreover, here is the function exit:

    function exit%(%): int
        return 0;

Shouldn't it return 'void' at the scripting layer since it shuts down
the Bro process immediately? Why not let users control the return code
like this:

    function exit%(code: int): void

There seems to be another redundancy:

    function active_connection%(id: conn_id%): bool
        Connection* c = sessions->FindConnection(id);
        return new Val(c ? 1 : 0, TYPE_BOOL);


    function connection_exists%(c: conn_id%): bool
        if ( sessions->FindConnection(c) )
            return new Val(1, TYPE_BOOL);
            return new Val(0, TYPE_BOOL);

are essentially the same. Only the latter is used in the current set of
scripts. Should we get rid of the former?

The same sort of redundancy exists for:

    function connection_record%(cid: conn_id%): connection
        Connection* c = sessions->FindConnection(cid);
        if ( c )
            return c->BuildConnVal();
            // Hard to recover from this until we have union types ...
            builtin_error("connection ID not a known connection (fatal)", cid);
            return 0;


    function lookup_connection%(cid: conn_id%): connection
        Connection* conn = sessions->FindConnection(cid);
        if ( conn )
            return conn->BuildConnVal();

        builtin_error("connection ID not a known connection", cid);

        // Return a dummy connection record.
        RecordVal* c = new RecordVal(connection_type);

        RecordVal* id_val = new RecordVal(conn_id);
        id_val->Assign(0, new AddrVal((unsigned int) 0));
        id_val->Assign(1, new PortVal(ntohs(0), TRANSPORT_UDP));
        id_val->Assign(2, new AddrVal((unsigned int) 0));
        id_val->Assign(3, new PortVal(ntohs(0), TRANSPORT_UDP));
        c->Assign(0, id_val);

        RecordVal* orig_endp = new RecordVal(endpoint);
        orig_endp->Assign(0, new Val(0, TYPE_COUNT));
        orig_endp->Assign(1, new Val(int(0), TYPE_COUNT));

        RecordVal* resp_endp = new RecordVal(endpoint);
        resp_endp->Assign(0, new Val(0, TYPE_COUNT));
        resp_endp->Assign(1, new Val(int(0), TYPE_COUNT));

        c->Assign(1, orig_endp);
        c->Assign(2, resp_endp);

        c->Assign(3, new Val(network_time, TYPE_TIME));
        c->Assign(4, new Val(0.0, TYPE_INTERVAL));
        c->Assign(5, new TableVal(string_set)); // service
        c->Assign(6, new StringVal(""));    // addl
        c->Assign(7, new Val(0, TYPE_COUNT));   // hot
        c->Assign(8, new StringVal(""));    // history

        return c;

except that the latter returns a dummy connection value. Neither function is
currently used at script land. My vote would be to remove the former one, as
the latter has more graceful semantics.


More information about the bro-dev mailing list