[Bro-Dev] #968: Add bytestring_to_uint16, uint32, uint64 functions
Bro Tracker
bro at tracker.bro.org
Mon Mar 18 06:48:06 PDT 2013
#968: Add bytestring_to_uint16, uint32, uint64 functions
--------------------+------------------------
Reporter: yun | Owner:
Type: Patch | Status: new
Priority: Low | Milestone: Bro2.2
Component: Bro | Version: git/master
Resolution: | Keywords: bytestring
--------------------+------------------------
Comment (by yun):
Replying to [comment:2 seth]:
> > * bytestring_to_uint16
> > * bytestring_to_uint32
> > * bytestring_to_uint64
>
>
> Could you explain how these functions satisfy some use case that the
existing to_count does not?
Consider the following example struct which is transfered over the
network:
{{{
struct {
short flags; // 1 = hostname, 2=whatever
uint32 length; // length of the following string
byte payload[*]; // hostname, size is specified in length
} my_message
}}}
I can then read it with the following bro code:
{{{
flags = bytestream_to_uint16(sub_bytes(data, 0, 2)
if (flags == 1) {
length = bytestream_to_uint32(sub_bytes(data, 2, 4)
payload = sub_bytes(data, 6, length)
}
}}}
With to_count() I would first need to have a string representation of the
value to get the actual integer value.
So in short, to_count("\x00\x01") is different than
bytestring_to_uint16("\x00\x01").
--
Ticket URL: <http://tracker.bro.org/bro/ticket/968#comment:3>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list