[Bro-Dev] [JIRA] (BIT-1167) Add subnet support to intel framework
Jon Siwek (JIRA)
jira at bro-tracker.atlassian.net
Tue Mar 25 08:45:39 PDT 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15902#comment-15902 ]
Jon Siwek commented on BIT-1167:
--------------------------------
{quote}
I'm not sure if the lookup is the best way of doing it - currently if loops through each subnet and then checks if the host is part of each. Is it possible to do it in a more efficient way?
{quote}
I believe sets/tables with an index of type subnet are already internally organized in to an efficient data structure, so no need to loop. Try:
{code}
const my_nets: set[subnet] = {
192.168.0.0/16,
10.0.0.0/8,
} &redef;
print 192.168.0.1 in my_nets;
print 10.0.0.1 in my_nets;
print 1.2.3.4 in my_nets;
{code}
> Add subnet support to intel framework
> -------------------------------------
>
> Key: BIT-1167
> URL: https://bro-tracker.atlassian.net/browse/BIT-1167
> Project: Bro Issue Tracker
> Issue Type: Patch
> Components: Bro
> Affects Versions: 2.2
> Reporter: Brian Little
> Priority: Low
> Labels: intel, subnet
> Attachments: bro-intel-subnet.patch
>
>
> Here is a patch to add Intel::NET data as a type to search on. This allows adding whole subnets to the intel data rather than just individual addresses.
> I have also updated the btest.
> I'm not sure if the lookup is the best way of doing it - currently if loops through each subnet and then checks if the host is part of each. Is it possible to do it in a more efficient way?
--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)
More information about the bro-dev
mailing list