[Bro-Dev] #968: Add bytestring_to_uint16, uint32, uint64 functions

Bro Tracker bro at tracker.bro.org
Mon Mar 18 06:48:06 PDT 2013


#968: Add bytestring_to_uint16, uint32, uint64 functions
--------------------+------------------------
  Reporter:  yun    |      Owner:
      Type:  Patch  |     Status:  new
  Priority:  Low    |  Milestone:  Bro2.2
 Component:  Bro    |    Version:  git/master
Resolution:         |   Keywords:  bytestring
--------------------+------------------------

Comment (by yun):

 Replying to [comment:2 seth]:
 > >  * bytestring_to_uint16
 > >  * bytestring_to_uint32
 > >  * bytestring_to_uint64
 >
 >
 > Could you explain how these functions satisfy some use case that the
 existing to_count does not?

 Consider the following example struct which is transfered over the
 network:

 {{{
 struct {
         short   flags;        // 1 = hostname, 2=whatever
         uint32  length;      // length of the following string
         byte    payload[*]; // hostname, size is specified in length
 } my_message
 }}}

 I can then read it with the following bro code:

 {{{
 flags = bytestream_to_uint16(sub_bytes(data, 0, 2)
 if (flags == 1) {
   length = bytestream_to_uint32(sub_bytes(data, 2, 4)
   payload = sub_bytes(data, 6, length)
 }
 }}}

 With to_count() I would first need to have a string representation of the
 value to get the actual integer value.

 So in short, to_count("\x00\x01") is different than
 bytestring_to_uint16("\x00\x01").

-- 
Ticket URL: <http://tracker.bro.org/bro/ticket/968#comment:3>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker



More information about the bro-dev mailing list