[Bro] Patch for 1.3? Was: Type conversion and table initialization
Mike Dopheide
dopheide at ncsa.uiuc.edu
Tue Jul 10 17:35:56 PDT 2007
Would it be possible to get this added in before the 1.3 release?
Thanks,
Mike
Mike Dopheide wrote:
> Haha.. you beat me to it. Here's what I was about to submit (patch
> attached):
>
> # Returns an addr from a string
> function rawstring_to_addr%(s: string%): addr
> %{
> char* x = new char[16];
> const u_char* sp = s->Bytes();
>
> if(s->Len() != 4){
> sprintf(x,"0.0.0.0");
> }else{
> sprintf(x,"%i.%i.%i.%i",sp[0],sp[1],sp[2],sp[3]);
> }
>
> Val* ret = new AddrVal(x);
> delete [] x;
> return ret;
> %}
>
>
>
> Mark Dedlow wrote:
>> Robin Sommer wrote:
>>> On Tue, Feb 27, 2007 at 17:25 -0600, Mike Dopheide wrote:
>>>
>>>> I've got a udp packet that contains an IP address in the packet
>>>> contents[*].
>>>
>>> Hmmm... can't think of any other way than adding a new built-in
>>> ffunction specifically for this.
>>
>> I think this is as simple as adding to bro.bif:
>>
>> function hex_to_addr%(str: string%): addr
>> %{
>> int a,b,c,d;
>> int r;
>> r = sscanf(str->CheckString(), "%x.%x.%x.%x", &a, &b, &c, &d);
>> if ( r != 4 )
>> run_time("hex addr not parseable");
>> return new AddrVal(dotted_to_addr(fmt("%d.%d.%d.%d", a,b,c,d)));
>> %}
>>
>>
>> You may need to tweak the format, eg, for the \x format, to something
>> like "\\x%x\\x%x\\x%x\\x%x".
>>
>> Mark
>>
>>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list