[Bro-Dev] #968: Add bytestring_to_uint16, uint32, uint64 functions

Bro Tracker bro at tracker.bro.org
Mon Mar 18 12:59:58 PDT 2013


#968: Add bytestring_to_uint16, uint32, uint64 functions
--------------------+------------------------
  Reporter:  yun    |      Owner:
      Type:  Patch  |     Status:  new
  Priority:  Low    |  Milestone:  Bro2.2
 Component:  Bro    |    Version:  git/master
Resolution:         |   Keywords:  bytestring
--------------------+------------------------

Comment (by yun):

 Replying to [comment:8 seth]:
 > You should be doing very minimal data structure parsing in script land.
 What's the use case that's driving you to do so much parsing in Bro
 scripts?

 I needed it for some specific detection policies that I cannot share here.
 But it's not much parsing, just doing some comparing and extraction of
 values for logging purposes.

 One example that resembles my use case: Parse a specific HTTP header that
 is Base64 encoded and decodes to a specific struct. So decode it, extract
 the values that i'm interested in, and log some of the decoded information
 if it's interesting.

-- 
Ticket URL: <http://tracker.bro.org/bro/ticket/968#comment:9>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker



More information about the bro-dev mailing list