[Bro-Dev] How to get more connection info in Software::Info?

[Nicholas Siow]

Hey, had a quick question about the connection information in the
Software::Info structure.

>From what I can see in the source code / manual there seems to be only one
side of the connection represented ( only "host" and "host_p" ).

For what we are trying to do, we want the full connection to be logged.
Just how HTTP for example records the originating / responding host / port.
Since the Software::found function seems to take a connection as a
parameter, would it be possible to pull c$id$orig_h, c$id$orig_p,
c$id$resp_h, and c$id$resp_p fields out and pass them into this framework?
Or is there some limitation that prevents those fields from being accessed?

To access the information, I was thinking of adding two fields to the
Software::Info record which would hold the other 2 values not represented
by host and host_p - and then modify the Software::found calls in the SMTP,
SSH, HTTP etc policies so that they pass along the additional information
from their connection object. Does this seem like a reasonable approach or
is there an easier way?

Thanks,
N. Siow
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20130903/79de41f1/attachment.html