From powellsm at musc.edu Mon Feb 1 11:53:05 2010 From: powellsm at musc.edu (Powell, Scott) Date: Mon, 1 Feb 2010 14:53:05 -0500 Subject: [Bro] A few questions Message-ID: Good afternoon. I am still relatively new to Bro and working on building a cluster here at MUSC. In the process of setting up and configuring the IDS I have run into some issues and would like to ask the list a few questions. 1) Is Linux even a reliable platform to think about using for Bro? Based on my experience the logs seem to be missing traffic. I have been making connections in and out of our network that pass through our network TAP and Bro does not always log them. Upon further investigation it appears that packets are being dropped (based on broctl netstats worker-1). I attempted to use pf_ring and compile Bro with libpcap-1.0.0-ring. This seemed to help some but not a lot. 2) In regards to question #1, am I interpreting the output of broctl netstats correctly? Specifically if my dropped number is higher than my recvd number then that means Bro is processing < 50% of my network traffic? 3) In the "diag" output I see that the workers are reporting "pcap bufsize = 8192". Is this tunable on Linux? Are there any other suggestions for Linux tuning to decrease the amount of dropped packets? 4) Is anyone else running a reliable, stable Bro cluster on Linux? We are using RedHat Enterprise Linux 5.4, 64-bit. Thanks, Scott Powell Unix Systems Engineer / Information Security Analyst Office of the CIO - Information Systems (OCIO-IS) Medical University of South Carolina powellsm at musc.edu (843) 792-6651 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100201/b16dbe65/attachment.html From JAzoff at uamail.albany.edu Tue Feb 2 05:44:14 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Tue, 2 Feb 2010 08:44:14 -0500 Subject: [Bro] A few questions In-Reply-To: References: Message-ID: <20100202134414.GA14454@datacomm.albany.edu> On Mon, Feb 01, 2010 at 02:53:05PM -0500, Powell, Scott wrote: > Good afternoon. I am still relatively new to Bro and working on building a > cluster here at MUSC. In the process of setting up and configuring the IDS I > have run into some issues and would like to ask the list a few questions. > > > 1) Is Linux even a reliable platform to think about using for Bro? Based > on my experience the logs seem to be missing traffic. I have been making > connections in and out of our network that pass through our network TAP and > Bro does not always log them. Upon further investigation it appears that > packets are being dropped (based on broctl netstats worker-1). I attempted to > use pf_ring and compile Bro with libpcap-1.0.0-ring. This seemed to help some > but not a lot. Try the following in /etc/sysctl.conf net.core.rmem_max = 33554432 net.core.netdev_max_backlog = 10000 net.core.rmem_default = 33554432 What output do you get from capstats? How much CPU is your bro process using? As long as it isn't maxing out a cpu core, it shouldn't be dropping packets. If it is maxing out the cpu, then the problem isn't with capturing, it is with doing too much analysis. If you have an ethernet card that uses the igb driver you can try the pf_ring tn_api stuff: http://www.ntop.org/TNAPI.html you can use it to run a single node bro cluster with each worker capturing from eth0 at 0,eth0 at 1,eth0 at 2,eth0 at 3 > 2) In regards to question #1, am I interpreting the output of broctl > netstats correctly? Specifically if my dropped number is higher than my recvd > number then that means Bro is processing < 50% of my network traffic? What version of bro are you running? in 1.4.x the pcap stats for dropped packets were recorded incorrectly on linux. I see some ammount of dropped packets, but usually less than 1 percent. > 3) In the "diag" output I see that the workers are reporting "pcap > bufsize = 8192". Is this tunable on Linux? Are there any other suggestions > for Linux tuning to decrease the amount of dropped packets? > > > > 4) Is anyone else running a reliable, stable Bro cluster on Linux? I've been running bro on linux for years now... > We are using RedHat Enterprise Linux 5.4, 64-bit. Debian 64bit :-) -- -- Justin Azoff -- Security & Network Performance Analyst From powellsm at musc.edu Tue Feb 2 07:56:38 2010 From: powellsm at musc.edu (Powell, Scott) Date: Tue, 2 Feb 2010 10:56:38 -0500 Subject: [Bro] A few questions In-Reply-To: <20100202134414.GA14454@datacomm.albany.edu> References: <20100202134414.GA14454@datacomm.albany.edu> Message-ID: Justin, Thanks for the reply. After some further investigation the issue appears to be CPU related. My bro process on worker-1 (which has my external Internet TAP connected to eth1) was using 100% of a CPU core. I turned off http-request and http-reply analysis and I'm now seeing CPU percentage between 60% and 90% with upwards of a 90% packet received rate. My concern is these machines have 2 x AMD Opteron Quad Core 2.1 GHz processors and yet Bro cannot keep up with the out of the box policy configuration. Also, it seems all of my analysis is being done on one core of the worker with the TAP. Why isn't the analysis being spread across the other workers? They seem to be sitting idle. Thanks for the other tuning suggestions. I have implemented those as well. -Scott -----Original Message----- From: Justin Azoff [mailto:JAzoff at uamail.albany.edu] Sent: Tuesday, February 02, 2010 8:44 AM To: Powell, Scott Cc: bro at ICSI.Berkeley.EDU Subject: Re: [Bro] A few questions On Mon, Feb 01, 2010 at 02:53:05PM -0500, Powell, Scott wrote: > Good afternoon. I am still relatively new to Bro and working on building a > cluster here at MUSC. In the process of setting up and configuring the IDS I > have run into some issues and would like to ask the list a few questions. > > > 1) Is Linux even a reliable platform to think about using for Bro? Based > on my experience the logs seem to be missing traffic. I have been making > connections in and out of our network that pass through our network TAP and > Bro does not always log them. Upon further investigation it appears that > packets are being dropped (based on broctl netstats worker-1). I attempted to > use pf_ring and compile Bro with libpcap-1.0.0-ring. This seemed to help some > but not a lot. Try the following in /etc/sysctl.conf net.core.rmem_max = 33554432 net.core.netdev_max_backlog = 10000 net.core.rmem_default = 33554432 What output do you get from capstats? How much CPU is your bro process using? As long as it isn't maxing out a cpu core, it shouldn't be dropping packets. If it is maxing out the cpu, then the problem isn't with capturing, it is with doing too much analysis. If you have an ethernet card that uses the igb driver you can try the pf_ring tn_api stuff: http://www.ntop.org/TNAPI.html you can use it to run a single node bro cluster with each worker capturing from eth0 at 0,eth0 at 1,eth0 at 2,eth0 at 3 > 2) In regards to question #1, am I interpreting the output of broctl > netstats correctly? Specifically if my dropped number is higher than my recvd > number then that means Bro is processing < 50% of my network traffic? What version of bro are you running? in 1.4.x the pcap stats for dropped packets were recorded incorrectly on linux. I see some ammount of dropped packets, but usually less than 1 percent. > 3) In the "diag" output I see that the workers are reporting "pcap > bufsize = 8192". Is this tunable on Linux? Are there any other suggestions > for Linux tuning to decrease the amount of dropped packets? > > > > 4) Is anyone else running a reliable, stable Bro cluster on Linux? I've been running bro on linux for years now... > We are using RedHat Enterprise Linux 5.4, 64-bit. Debian 64bit :-) -- -- Justin Azoff -- Security & Network Performance Analyst From robin at icir.org Tue Feb 2 08:24:46 2010 From: robin at icir.org (Robin Sommer) Date: Tue, 2 Feb 2010 08:24:46 -0800 Subject: [Bro] A few questions In-Reply-To: References: <20100202134414.GA14454@datacomm.albany.edu> Message-ID: <20100202162446.GA44945@icir.org> On Tue, Feb 02, 2010 at 10:56 -0500, Powell, Scott wrote: > My concern is these machines have 2 x AMD Opteron Quad Core 2.1 GHz > processors and yet Bro cannot keep up with the out of the box policy > configuration. Also, it seems all of my analysis is being done on > one core of the worker with the TAP. Why isn't the analysis being > spread across the other workers? They seem to be sitting idle. I'm not sure I have fully understood how you set things up, but you need some external way of distributing the traffic across the workers. If the workers are running on separate PCs, that's typically some form of load-balancing frontend device. If they all run on the same box (in order to leverage multiple core), you can try some BPF tricks. Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From powellsm at musc.edu Tue Feb 2 10:53:06 2010 From: powellsm at musc.edu (Powell, Scott) Date: Tue, 2 Feb 2010 13:53:06 -0500 Subject: [Bro] A few questions In-Reply-To: <20100202162446.GA44945@icir.org> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> Message-ID: Robin, I wondered if I needed some sort of distributor/load balancer external to the workers but wasn't sure based on the documentation. Currently our network TAPs (external, DMZ, internal, etc.) go to single NICs on different machines. We have been using these for years to capture Netflow data with Argus as well as running Snort on some of them. We do not distribute a single TAP across different interfaces or servers. Given our current setup, how would I go about these BPF tricks to leverage multiple cores on a single machine? It is starting to sound like I would want to go about running Bro standalone installations on the TAPs I would be interested in monitoring but the amount of traffic is too high to turn on all of the out of the box analyzers, unless I can take advantage of multiple cores. Thanks, Scott -----Original Message----- From: Robin Sommer [mailto:robin at icir.org] Sent: Tuesday, February 02, 2010 11:25 AM To: Powell, Scott Cc: Justin Azoff; bro at ICSI.Berkeley.EDU Subject: Re: [Bro] A few questions On Tue, Feb 02, 2010 at 10:56 -0500, Powell, Scott wrote: > My concern is these machines have 2 x AMD Opteron Quad Core 2.1 GHz > processors and yet Bro cannot keep up with the out of the box policy > configuration. Also, it seems all of my analysis is being done on > one core of the worker with the TAP. Why isn't the analysis being > spread across the other workers? They seem to be sitting idle. I'm not sure I have fully understood how you set things up, but you need some external way of distributing the traffic across the workers. If the workers are running on separate PCs, that's typically some form of load-balancing frontend device. If they all run on the same box (in order to leverage multiple core), you can try some BPF tricks. Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From powellsm at musc.edu Tue Feb 2 12:40:28 2010 From: powellsm at musc.edu (Powell, Scott) Date: Tue, 2 Feb 2010 15:40:28 -0500 Subject: [Bro] A few questions In-Reply-To: <1B07BF0B7FA00345997F2B76DA4353A49489D14689@EVS5.clinlan.local> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <1B07BF0B7FA00345997F2B76DA4353A49489D14689@EVS5.clinlan.local> Message-ID: Robin et al, OK, a little more info. It appears that the analyzers that are killing the CPU are the HTTP ones. I do not won't to disable these because they log very useful information. However, I cannot seem to keep up on one core. I either need a way to process the analysis on multiple cores or I need a frontend to distribute the load to multiple nodes. I do not have a hardware frontend solution so I would be interested in software solutions such as click. I saw it mentioned on the Wiki and in Workshop slides but are there example configs somewhere? Thanks, Scott -----Original Message----- From: Powell, Scott Sent: Tuesday, February 02, 2010 1:53 PM To: 'Robin Sommer' Cc: bro at ICSI.Berkeley.EDU Subject: RE: [Bro] A few questions Robin, I wondered if I needed some sort of distributor/load balancer external to the workers but wasn't sure based on the documentation. Currently our network TAPs (external, DMZ, internal, etc.) go to single NICs on different machines. We have been using these for years to capture Netflow data with Argus as well as running Snort on some of them. We do not distribute a single TAP across different interfaces or servers. Given our current setup, how would I go about these BPF tricks to leverage multiple cores on a single machine? It is starting to sound like I would want to go about running Bro standalone installations on the TAPs I would be interested in monitoring but the amount of traffic is too high to turn on all of the out of the box analyzers, unless I can take advantage of multiple cores. Thanks, Scott -----Original Message----- From: Robin Sommer [mailto:robin at icir.org] Sent: Tuesday, February 02, 2010 11:25 AM To: Powell, Scott Cc: Justin Azoff; bro at ICSI.Berkeley.EDU Subject: Re: [Bro] A few questions On Tue, Feb 02, 2010 at 10:56 -0500, Powell, Scott wrote: > My concern is these machines have 2 x AMD Opteron Quad Core 2.1 GHz > processors and yet Bro cannot keep up with the out of the box policy > configuration. Also, it seems all of my analysis is being done on > one core of the worker with the TAP. Why isn't the analysis being > spread across the other workers? They seem to be sitting idle. I'm not sure I have fully understood how you set things up, but you need some external way of distributing the traffic across the workers. If the workers are running on separate PCs, that's typically some form of load-balancing frontend device. If they all run on the same box (in order to leverage multiple core), you can try some BPF tricks. Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From JAzoff at uamail.albany.edu Tue Feb 2 13:05:27 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Tue, 2 Feb 2010 16:05:27 -0500 Subject: [Bro] A few questions In-Reply-To: References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <1B07BF0B7FA00345997F2B76DA4353A49489D14689@EVS5.clinlan.local> Message-ID: <20100202210527.GD14454@datacomm.albany.edu> On Tue, Feb 02, 2010 at 03:40:28PM -0500, Powell, Scott wrote: > Robin et al, > > OK, a little more info. It appears that the analyzers that are killing the > CPU are the HTTP ones. I do not won't to disable these because they log very > useful information. However, I cannot seem to keep up on one core. I either > need a way to process the analysis on multiple cores or I need a frontend to > distribute the load to multiple nodes. I do not have a hardware frontend > solution so I would be interested in software solutions such as click. I saw > it mentioned on the Wiki and in Workshop slides but are there example configs > somewhere? > > Thanks, Scott Attached is a click config that splits up traffic into 3 queues. I have it using pcap since I ignore a few hosts on campus that do a ton of bulk traffic that is not intersting from within Bro. Like I mentioned in my other reply, if you have a newer intel card you can do this without click. I run the usermode click and it uses about 60% of one core(I have 8) to split up the traffic. If it took any more I would just get the better intel GigE card and do the traffic splitting in hardware. -- -- Justin Azoff -- Security & Network Performance Analyst -------------- next part -------------- // From puppet - do not edit tap0 :: KernelTap(192.168.99.1/32) -> Discard; tap1 :: KernelTap(192.168.99.2/32) -> Discard; tap2 :: KernelTap(192.168.99.3/32) -> Discard; my_switch :: HashSwitch(26, 8); FromDevice(sniff1, PROMISC true, CAPTURE PCAP, BPF_FILTER "not (host xxx.xxx.xxx.xxx)" ) -> my_switch; my_switch[0] -> Queue -> tap0; my_switch[1] -> Queue -> tap1; my_switch[2] -> Queue -> tap2; From hall.692 at osu.edu Wed Feb 3 06:25:45 2010 From: hall.692 at osu.edu (Seth Hall) Date: Wed, 3 Feb 2010 09:25:45 -0500 Subject: [Bro] A few questions In-Reply-To: <20100202210527.GD14454@datacomm.albany.edu> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <1B07BF0B7FA00345997F2B76DA4353A49489D14689@EVS5.clinlan.local> <20100202210527.GD14454@datacomm.albany.edu> Message-ID: <728D0E87-A313-472E-9816-06F8A1A6FDDF@osu.edu> On Feb 2, 2010, at 4:05 PM, Justin Azoff wrote: > Attached is a click config that splits up traffic into 3 queues. > I have it using pcap since I ignore a few hosts on campus that do a > ton of bulk > traffic that is not intersting from within Bro. > my_switch :: HashSwitch(26, 8); This doesn't work right. Your config is based on the change you made to the hashswitch element in your build isn't it? .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From JAzoff at uamail.albany.edu Wed Feb 3 06:33:14 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Wed, 3 Feb 2010 09:33:14 -0500 Subject: [Bro] A few questions In-Reply-To: <728D0E87-A313-472E-9816-06F8A1A6FDDF@osu.edu> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <1B07BF0B7FA00345997F2B76DA4353A49489D14689@EVS5.clinlan.local> <20100202210527.GD14454@datacomm.albany.edu> <728D0E87-A313-472E-9816-06F8A1A6FDDF@osu.edu> Message-ID: <20100203143313.GF14454@datacomm.albany.edu> On Wed, Feb 03, 2010 at 09:25:45AM -0500, Seth Hall wrote: >> my_switch :: HashSwitch(26, 8); > > This doesn't work right. Your config is based on the change you made to > the hashswitch element in your build isn't it? No.. we originally had this: my_switch :: HashSwitch(0, 6); but that was asuming the ethernet header had already been stripped by another element. The 26 skips the ethernet header and then everything works right. I've been running with that config for over a month now and as far as I can tell it is working properly :-) -- -- Justin Azoff -- Security & Network Performance Analyst From hall.692 at osu.edu Wed Feb 3 06:58:02 2010 From: hall.692 at osu.edu (Seth Hall) Date: Wed, 3 Feb 2010 09:58:02 -0500 Subject: [Bro] A few questions In-Reply-To: <20100203143313.GF14454@datacomm.albany.edu> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <1B07BF0B7FA00345997F2B76DA4353A49489D14689@EVS5.clinlan.local> <20100202210527.GD14454@datacomm.albany.edu> <728D0E87-A313-472E-9816-06F8A1A6FDDF@osu.edu> <20100203143313.GF14454@datacomm.albany.edu> Message-ID: On Feb 3, 2010, at 9:33 AM, Justin Azoff wrote: > On Wed, Feb 03, 2010 at 09:25:45AM -0500, Seth Hall wrote: >>> my_switch :: HashSwitch(26, 8); >> >> This doesn't work right. Your config is based on the change you >> made to >> the hashswitch element in your build isn't it? > > No.. we originally had this: > > my_switch :: HashSwitch(0, 6); > > but that was asuming the ethernet header had already been stripped > by another > element. The 26 skips the ethernet header and then everything works > right. Yeah, the 8 is what I was referring to though. The two directions of traffic could go to different outputs because it would be hashing the bytes of both IP addresses and would be two different values for the two directions. .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From JAzoff at uamail.albany.edu Wed Feb 3 07:16:11 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Wed, 3 Feb 2010 10:16:11 -0500 Subject: [Bro] A few questions In-Reply-To: References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <1B07BF0B7FA00345997F2B76DA4353A49489D14689@EVS5.clinlan.local> <20100202210527.GD14454@datacomm.albany.edu> <728D0E87-A313-472E-9816-06F8A1A6FDDF@osu.edu> <20100203143313.GF14454@datacomm.albany.edu> Message-ID: <20100203151611.GH14454@datacomm.albany.edu> On Wed, Feb 03, 2010 at 09:58:02AM -0500, Seth Hall wrote: > Yeah, the 8 is what I was referring to though. The two directions of > traffic could go to different outputs because it would be hashing the > bytes of both IP addresses and would be two different values for the two > directions. Yeah.. I thought that was the problem originally because the traffic was going to different outputs, but it was just the offset that needed fixing.. The HashSwitch implementation in click adds each byte to generate the hash, so A->B hashes to the same thing as B->A It is a pretty dumb hash but it works well enough: worker-1: 1265210113.069432 recvd=27566997 worker-2: 1265210113.080038 recvd=26377039 worker-3: 1265210113.013432 recvd=23995748 -- -- Justin Azoff -- Security & Network Performance Analyst From robin at icir.org Wed Feb 3 09:03:20 2010 From: robin at icir.org (Robin Sommer) Date: Wed, 3 Feb 2010 09:03:20 -0800 Subject: [Bro] A few questions In-Reply-To: References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> Message-ID: <20100203170320.GE83684@icir.org> On Tue, Feb 02, 2010 at 13:53 -0500, Powell, Scott wrote: > Given our current setup, how would I go about these BPF tricks to > leverage multiple cores on a single machine? The click setup already mentioned is probably the better solution, but when using BPF, you would give each worker a different BPF filter ignoring all but its slice of the traffic. One can express the hash "(src+dst) mod n" in BPF (let me know if you want the exact filter). Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From robin at icir.org Wed Feb 3 09:06:42 2010 From: robin at icir.org (Robin Sommer) Date: Wed, 3 Feb 2010 09:06:42 -0800 Subject: [Bro] A few questions In-Reply-To: <20100202210527.GD14454@datacomm.albany.edu> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <1B07BF0B7FA00345997F2B76DA4353A49489D14689@EVS5.clinlan.local> <20100202210527.GD14454@datacomm.albany.edu> Message-ID: <20100203170642.GF83684@icir.org> On Tue, Feb 02, 2010 at 16:05 -0500, Justin Azoff wrote: > core(I have 8) to split up the traffic. If it took any more I would just get > the better intel GigE card and do the traffic splitting in hardware. I know that the Intels are able to do that but I'm curious how actually set it up. Have you played that with? We're just getting some of Intel's 10G models ... Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From hall.692 at osu.edu Wed Feb 3 10:18:22 2010 From: hall.692 at osu.edu (Seth Hall) Date: Wed, 3 Feb 2010 13:18:22 -0500 Subject: [Bro] A few questions In-Reply-To: <20100203151611.GH14454@datacomm.albany.edu> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <1B07BF0B7FA00345997F2B76DA4353A49489D14689@EVS5.clinlan.local> <20100202210527.GD14454@datacomm.albany.edu> <728D0E87-A313-472E-9816-06F8A1A6FDDF@osu.edu> <20100203143313.GF14454@datacomm.albany.edu> <20100203151611.GH14454@datacomm.albany.edu> Message-ID: <403FE941-5A07-4D0A-ABF5-478251CB0F94@osu.edu> On Feb 3, 2010, at 10:16 AM, Justin Azoff wrote: > The HashSwitch implementation in click adds each byte to generate > the hash, so > A->B hashes to the same thing as B->A Ah! Perfect. I didn't realize that hashswitch was implemented that way. .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From JAzoff at uamail.albany.edu Wed Feb 3 10:44:34 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Wed, 3 Feb 2010 13:44:34 -0500 Subject: [Bro] A few questions In-Reply-To: <20100203170642.GF83684@icir.org> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <1B07BF0B7FA00345997F2B76DA4353A49489D14689@EVS5.clinlan.local> <20100202210527.GD14454@datacomm.albany.edu> <20100203170642.GF83684@icir.org> Message-ID: <20100203184434.GI14454@datacomm.albany.edu> On Wed, Feb 03, 2010 at 09:06:42AM -0800, Robin Sommer wrote: > > core(I have 8) to split up the traffic. If it took any more I would just get > > the better intel GigE card and do the traffic splitting in hardware. > > I know that the Intels are able to do that but I'm curious how > actually set it up. Have you played that with? We're just getting > some of Intel's 10G models ... > > Robin I haven't played with it myself.. I thought the last box I got was going to come with the newer igb cards, but it has an older e1000 based one. There is a lot of information on it here: http://www.ntop.org/TNAPI.html I'm not sure if his patches are required to make it work, or just work faster.. the key bit seems to be: # insmod ./.ko IntMode=3 (IntMode=3 enables MSI-X) "It's now time to start your multiqueue PF_RING application. Suppose you use ethX with Y RX queues: you can either capture from ethX (aggregated traffic from all RX queues) or from the single queues ethX at 0 ... ethX at Y-1. This means that if you capture from the ethX device you capture from all queues (PF_RING merges traffic from all incoming queues). Instead for maximum performance you can create a multithreaded application which captures from the single queues." -- -- Justin Azoff -- Security & Network Performance Analyst From powellsm at musc.edu Wed Feb 3 11:22:34 2010 From: powellsm at musc.edu (Powell, Scott) Date: Wed, 3 Feb 2010 14:22:34 -0500 Subject: [Bro] A few questions In-Reply-To: <20100203170320.GE83684@icir.org> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <20100203170320.GE83684@icir.org> Message-ID: Robin, Yes, I went with the click setup as provided by Justin and so far so good. I'm not dropping any packets yet. Justin - thanks again for the config. -Scott -----Original Message----- From: Robin Sommer [mailto:robin at icir.org] Sent: Wednesday, February 03, 2010 12:03 PM To: Powell, Scott Cc: bro at ICSI.Berkeley.EDU Subject: Re: [Bro] A few questions On Tue, Feb 02, 2010 at 13:53 -0500, Powell, Scott wrote: > Given our current setup, how would I go about these BPF tricks to > leverage multiple cores on a single machine? The click setup already mentioned is probably the better solution, but when using BPF, you would give each worker a different BPF filter ignoring all but its slice of the traffic. One can express the hash "(src+dst) mod n" in BPF (let me know if you want the exact filter). Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From robin at icir.org Wed Feb 3 11:49:11 2010 From: robin at icir.org (Robin Sommer) Date: Wed, 3 Feb 2010 11:49:11 -0800 Subject: [Bro] A few questions In-Reply-To: <20100203184434.GI14454@datacomm.albany.edu> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <1B07BF0B7FA00345997F2B76DA4353A49489D14689@EVS5.clinlan.local> <20100202210527.GD14454@datacomm.albany.edu> <20100203170642.GF83684@icir.org> <20100203184434.GI14454@datacomm.albany.edu> Message-ID: <20100203194911.GA11442@icir.org> On Wed, Feb 03, 2010 at 13:44 -0500, Justin Azoff wrote: > http://www.ntop.org/TNAPI.html Very helpful, I hadn't seen that before. Thanks! Robin P.S.: Now I'm looking for a FreeBSD solution as well ... -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From hall.692 at osu.edu Wed Feb 3 18:21:41 2010 From: hall.692 at osu.edu (Seth Hall) Date: Wed, 3 Feb 2010 21:21:41 -0500 Subject: [Bro] A few questions In-Reply-To: <20100203194911.GA11442@icir.org> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <1B07BF0B7FA00345997F2B76DA4353A49489D14689@EVS5.clinlan.local> <20100202210527.GD14454@datacomm.albany.edu> <20100203170642.GF83684@icir.org> <20100203184434.GI14454@datacomm.albany.edu> <20100203194911.GA11442@icir.org> Message-ID: <146413C7-5B75-4D93-BE17-298DA668831D@osu.edu> On Feb 3, 2010, at 2:49 PM, Robin Sommer wrote: > On Wed, Feb 03, 2010 at 13:44 -0500, Justin Azoff wrote: >> http://www.ntop.org/TNAPI.html > P.S.: Now I'm looking for a FreeBSD solution as well ... Let me know if you find one!!! .Seth From daniela.miao at utoronto.ca Wed Feb 3 18:55:52 2010 From: daniela.miao at utoronto.ca (daniela.miao at utoronto.ca) Date: Wed, 03 Feb 2010 21:55:52 -0500 Subject: [Bro] modifying bro.init Message-ID: <20100203215552.2k6bqj9k74sc8k48@webmail.utoronto.ca> Hi Everyone, Thanks for your help before. I found that the DNS parser was giving me trouble due to many of the IP checksum errors. I don't really care much about these errors anyways. I understand the boolean value of ignore_checksum is set to False in bro.init, do I just modify this file? A quick read through the wiki page tells me no, but I'm not sure exactly where to continue to. I apologize if the issue seems trivial, I'm just starting to get the hang of the language. Thank you, Daniela From hall.692 at osu.edu Wed Feb 3 20:03:54 2010 From: hall.692 at osu.edu (Seth Hall) Date: Wed, 3 Feb 2010 23:03:54 -0500 Subject: [Bro] modifying bro.init In-Reply-To: <20100203215552.2k6bqj9k74sc8k48@webmail.utoronto.ca> References: <20100203215552.2k6bqj9k74sc8k48@webmail.utoronto.ca> Message-ID: On Feb 3, 2010, at 9:55 PM, daniela.miao at utoronto.ca wrote: > Thanks for your help before. I found that the DNS parser was giving me > trouble due to many of the IP checksum errors. I don't really care > much about these errors anyways. Ah, that trips up everyone eventually I think. :) > I understand the boolean value of ignore_checksum is set to False in > bro.init, do I just modify this file? Nope, you don't modify the bro.init script. See below. > I apologize if the issue seems trivial, I'm just starting to get the > hang of the language. You have two options. Either in a script you write and load on the command line... redef ignore_checksum=T; or run Bro this way.... bro -r test.pcap dns ignore_checksum=T Feel free to ask more questions! .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From vern at icir.org Wed Feb 3 22:14:11 2010 From: vern at icir.org (Vern Paxson) Date: Wed, 03 Feb 2010 22:14:11 -0800 Subject: [Bro] modifying bro.init In-Reply-To: (Wed, 03 Feb 2010 23:03:54 EST). Message-ID: <201002040614.o146EB0R023664@pork.ICSI.Berkeley.EDU> > > Thanks for your help before. I found that the DNS parser was giving me > > trouble due to many of the IP checksum errors. I don't really care > > much about these errors anyways. > > Ah, that trips up everyone eventually I think. :) These comments confuse me. If a packet has an IP checksum error, then the DNS parser shouldn't even analyze the packet. However, turning on ignore_checksum=T will cause it to analyze the bad packet, so if anything it should give trouble rather than reduce trouble. Vern From tarupp at fnal.gov Thu Feb 4 05:41:13 2010 From: tarupp at fnal.gov (Tim Rupp) Date: Thu, 04 Feb 2010 07:41:13 -0600 Subject: [Bro] A few questions In-Reply-To: <20100203170320.GE83684@icir.org> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <20100203170320.GE83684@icir.org> Message-ID: <4B6ACE79.3020004@fnal.gov> For the sake of future reference (and my own curiosity) can I request the filter be sent to the list? Thanks, Tim On 02/03/2010 11:03 AM, Robin Sommer wrote: > > On Tue, Feb 02, 2010 at 13:53 -0500, Powell, Scott wrote: > >> Given our current setup, how would I go about these BPF tricks to >> leverage multiple cores on a single machine? > > The click setup already mentioned is probably the better solution, > but when using BPF, you would give each worker a different BPF > filter ignoring all but its slice of the traffic. One can express > the hash "(src+dst) mod n" in BPF (let me know if you want the exact > filter). > > Robin > From hall.692 at osu.edu Thu Feb 4 07:00:43 2010 From: hall.692 at osu.edu (Seth Hall) Date: Thu, 4 Feb 2010 10:00:43 -0500 Subject: [Bro] modifying bro.init In-Reply-To: <201002040614.o146EB0R023664@pork.ICSI.Berkeley.EDU> References: <201002040614.o146EB0R023664@pork.ICSI.Berkeley.EDU> Message-ID: <62074775-B601-4068-8337-14B7EF4DC7C1@osu.edu> On Feb 4, 2010, at 1:14 AM, Vern Paxson wrote: > These comments confuse me. If a packet has an IP checksum error, > then the > DNS parser shouldn't even analyze the packet. However, turning on > ignore_checksum=T will cause it to analyze the bad packet, so if > anything > it should give trouble rather than reduce trouble. I left off the rest of my explanation for that statement. :) It seems like almost everyone eventually runs Bro against a tracefile that was captured on a NIC doing checksum offloading. I know it happened to me and I had to find out how to ignore checksum errors. I think I found out about how to disable checksum checks from a post you made on the mailing list several years ago. ;) .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From JAzoff at uamail.albany.edu Thu Feb 4 07:23:36 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Thu, 4 Feb 2010 10:23:36 -0500 Subject: [Bro] modifying bro.init In-Reply-To: <62074775-B601-4068-8337-14B7EF4DC7C1@osu.edu> References: <201002040614.o146EB0R023664@pork.ICSI.Berkeley.EDU> <62074775-B601-4068-8337-14B7EF4DC7C1@osu.edu> Message-ID: <20100204152336.GO14454@datacomm.albany.edu> On Thu, Feb 04, 2010 at 10:00:43AM -0500, Seth Hall wrote: > > ignore_checksum=T will cause it to analyze the bad packet, so if > > I left off the rest of my explanation for that statement. :) It seems > like almost everyone eventually runs Bro against a tracefile that was > captured on a NIC doing checksum offloading. Is that the same as using the -C option: -C|--no-checksums | ignore checksums -- -- Justin Azoff -- Security & Network Performance Analyst From hall.692 at osu.edu Thu Feb 4 07:41:24 2010 From: hall.692 at osu.edu (Seth Hall) Date: Thu, 4 Feb 2010 10:41:24 -0500 Subject: [Bro] modifying bro.init In-Reply-To: <20100204152336.GO14454@datacomm.albany.edu> References: <201002040614.o146EB0R023664@pork.ICSI.Berkeley.EDU> <62074775-B601-4068-8337-14B7EF4DC7C1@osu.edu> <20100204152336.GO14454@datacomm.albany.edu> Message-ID: <5DAAE444-5323-4573-95DD-EFEDB2830599@osu.edu> On Feb 4, 2010, at 10:23 AM, Justin Azoff wrote: > Is that the same as using the -C option: > > -C|--no-checksums | ignore checksums Oh yeah, that too. :) .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From Tyler.Schoenke at colorado.edu Thu Feb 4 08:06:15 2010 From: Tyler.Schoenke at colorado.edu (Tyler Schoenke) Date: Thu, 04 Feb 2010 09:06:15 -0700 Subject: [Bro] A few questions In-Reply-To: <4B6ACE79.3020004@fnal.gov> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <20100203170320.GE83684@icir.org> <4B6ACE79.3020004@fnal.gov> Message-ID: <4B6AF077.2040607@colorado.edu> Tim, I figured that I would chime in since I'm running with the BPF filter. I have had decent performance using the BPF filter. I am attempting to process 1 Gbps on a two-processor, quad-core box with 24 GB of RAM. Right now, it is dropping about 40-50% of the traffic. I think Seth is running with a hardware frontend that distributes the traffic to eight worker computers with dual or quad cores. That gives 16 or 32 CPU cores to process traffic. Since I don't have a hardware frontend, I am limited to processing traffic on a single computer, which means up to eight workers (one per core). Here is the formula that Robin gave me: ((ip[12:4]+ip[16:4])-((ip[12:4]+ip[16:4])/N)*N) = J N is the total number of processes you have (ideally a prime), and J is a different value out of {0...N-1} for each process. The mod operation broken down: ((A)-((A)/N)*N) = J A=ip[12:4]+ip[16:4] ip[12:4] = source IP ip[16:4] = destination IP It will probably work as-is, but the offset of 12 and 16 for may vary depending on how much of the ethernet header is on the packet. You can use dumpcap/Wireshark to grab packets and figure out where the header is for your interface. Wireshark shows my source IP offset at 26, which is what Justin had in his Click configuration, but 12 and 16 seem to be working for me. The ethernet header appears to be stripped off by the time it gets processed by Bro. --- Example node.cfg ---- [worker-1] type=worker host=_dns_name_of_worker_ interface=igb1 aux_scripts=worker1.bro --- Example worker1.bro --- redef restrict_filters += { ["mod source and dest pairs over multiple procs "] = "((ip[14:2]+ip[18:2])-((ip[14:2]+ip[18:2])/8)*8) == 0" }; I was using 14:2 and 18:2 to look at the last two octets of the src and dst IP since we have a class B subnet. I don't know that it is computationally less expensive, but it seems to give the same results. I have all 8 workers listening to the same ethernet interface igb1, so all eight workers have to filter the full 1Gbps of traffic down to 1/8th the amount. Click! should have better performance because it splits the 1Gbps eight ways first, then sends 1/8th to each worker. It looks like Click is available for FreeBSD. I'd like to test that to see if I can gain some performance. I am having difficulty compiling it on FreeBSD 7.1 amd64 however. If anyone has Click/FreeBSD working, please let me know. The Bro wiki mentions that Click! is limited to 2Gbps in tests. I wonder if that is still true? I was thinking about the possibility of installing a 10 Gig card in the current server as well as some additional 1 Gig ports. Then using Click to split the traffic to some workers on this box and send the rest out the additional 1 Gig ports to some additional workers. That way I could use this server as a frontend plus workers, but expand the cluster to additional computers. Tyler -- Tyler Schoenke Network Security Analyst IT Security Office University of Colorado - Boulder On 02/04/2010 06:41 AM, Tim Rupp wrote: > For the sake of future reference (and my own curiosity) can I request > the filter be sent to the list? > > Thanks, > Tim > > On 02/03/2010 11:03 AM, Robin Sommer wrote: >> >> On Tue, Feb 02, 2010 at 13:53 -0500, Powell, Scott wrote: >> >>> Given our current setup, how would I go about these BPF tricks to >>> leverage multiple cores on a single machine? >> >> The click setup already mentioned is probably the better solution, >> but when using BPF, you would give each worker a different BPF >> filter ignoring all but its slice of the traffic. One can express >> the hash "(src+dst) mod n" in BPF (let me know if you want the exact >> filter). >> >> Robin >> > _______________________________________________ > Bro mailing list > bro at bro-ids.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro > From hall.692 at osu.edu Thu Feb 4 08:28:19 2010 From: hall.692 at osu.edu (Seth Hall) Date: Thu, 4 Feb 2010 11:28:19 -0500 Subject: [Bro] A few questions In-Reply-To: <4B6AF077.2040607@colorado.edu> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <20100203170320.GE83684@icir.org> <4B6ACE79.3020004@fnal.gov> <4B6AF077.2040607@colorado.edu> Message-ID: <32957608-EF4D-40AD-BED4-823DC74DD6EF@osu.edu> On Feb 4, 2010, at 11:06 AM, Tyler Schoenke wrote: > It looks like Click is available for FreeBSD. I'd like to test that > to > see if I can gain some performance. I am having difficulty > compiling it > on FreeBSD 7.1 amd64 however. If anyone has Click/FreeBSD working, > please let me know. I've run it on my FreeBSD based workers before, but I'm not currently. You can email me offlist with the error you're encountering, I may be able to help. > The Bro wiki mentions that Click! is limited to 2Gbps in tests. I > wonder if that is still true? I was thinking about the possibility of > installing a 10 Gig card in the current server as well as some > additional 1 Gig ports. Keep in mind that if you run Click in user land, you're not going to get anywhere near the theoretical peak and you can't run Click in kernel land on FreeBSD. I don't know if Click has driver support for any 10G interfaces to do polling in the kernel either. You may want to look into that if it's an option you're exploring. .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From nweaver at ICSI.Berkeley.EDU Thu Feb 4 08:29:30 2010 From: nweaver at ICSI.Berkeley.EDU (Nicholas Weaver) Date: Thu, 4 Feb 2010 08:29:30 -0800 Subject: [Bro] A few questions In-Reply-To: <4B6AF077.2040607@colorado.edu> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <20100203170320.GE83684@icir.org> <4B6ACE79.3020004@fnal.gov> <4B6AF077.2040607@colorado.edu> Message-ID: On Feb 4, 2010, at 8:06 AM, Tyler Schoenke wrote: > The Bro wiki mentions that Click! is limited to 2Gbps in tests. I > wonder if that is still true? I was thinking about the possibility of > installing a 10 Gig card in the current server as well as some > additional 1 Gig ports. Then using Click to split the traffic to some > workers on this box and send the rest out the additional 1 Gig ports to > some additional workers. That way I could use this server as a frontend > plus workers, but expand the cluster to additional computers. That may work today: The Intel Research Labs folks have been able to get Click to move 12 Gbps through a single dual-interface PCIe x8 (pretty close to the theoretical limit, BTW) Intel 10 GigE card using kernel mode drivers and the latest Intel hardware. With a separate card for in and out on separate PCI-E busses, you might indeed be able to get 10 Gbps in and 10 Gbps packet-marked back out. I don't know if their click kernel mode drivers are available. http://routebricks.org/pubs.html However, Click Kernel mode only runs under Linux. It would also probably be easier to just send packets back out a different 10 Gbps interface, and just overwrite the MAC and let a COTS switch then handle the routing to particular worker nodes, rather than having a collection of 1 Gbps interfaces. From Tyler.Schoenke at colorado.edu Thu Feb 4 09:07:10 2010 From: Tyler.Schoenke at colorado.edu (Tyler Schoenke) Date: Thu, 04 Feb 2010 10:07:10 -0700 Subject: [Bro] A few questions In-Reply-To: <32957608-EF4D-40AD-BED4-823DC74DD6EF@osu.edu> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <20100203170320.GE83684@icir.org> <4B6ACE79.3020004@fnal.gov> <4B6AF077.2040607@colorado.edu> <32957608-EF4D-40AD-BED4-823DC74DD6EF@osu.edu> Message-ID: <4B6AFEBE.5080903@colorado.edu> On 02/04/2010 09:28 AM, Seth Hall wrote: > Keep in mind that if you run Click in user land, you're not going to get > anywhere near the theoretical peak and you can't run Click in kernel > land on FreeBSD. I don't know if Click has driver support for any 10G > interfaces to do polling in the kernel either. You may want to look > into that if it's an option you're exploring. It sounds like I should stop going down the Click/FreeBSD path and look at Click/Linux instead. From Tyler.Schoenke at colorado.edu Thu Feb 4 09:13:01 2010 From: Tyler.Schoenke at colorado.edu (Tyler Schoenke) Date: Thu, 04 Feb 2010 10:13:01 -0700 Subject: [Bro] A few questions In-Reply-To: References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <20100203170320.GE83684@icir.org> <4B6ACE79.3020004@fnal.gov> <4B6AF077.2040607@colorado.edu> Message-ID: <4B6B001D.5020603@colorado.edu> On 02/04/2010 09:29 AM, Nicholas Weaver wrote: > That may work today: The Intel Research Labs folks have been able to get Click to move 12 Gbps through a single dual-interface PCIe x8 (pretty close to the theoretical limit, BTW) Intel 10 GigE card using kernel mode drivers and the latest Intel hardware. With a separate card for in and out on separate PCI-E busses, you might indeed be able to get 10 Gbps in and 10 Gbps packet-marked back out. I don't know if their click kernel mode drivers are available. Thanks for the info. I'll try to contact them and see if their code is available. My server is certified to run RHEL, and they have Linux drivers available for the 10 GigE cards as well, so something like this may work. > It would also probably be easier to just send packets back out a different 10 Gbps interface, and just overwrite the MAC and let a COTS switch then handle the routing to particular worker nodes, rather than having a collection of 1 Gbps interfaces. You can tell I'm not a networking person. That sounds like a better, streamlined, and more expandable idea. Thanks, Tyler From daniela.miao at utoronto.ca Thu Feb 4 17:32:03 2010 From: daniela.miao at utoronto.ca (daniela.miao at utoronto.ca) Date: Thu, 04 Feb 2010 20:32:03 -0500 Subject: [Bro] modifying bro.init In-Reply-To: References: <20100203215552.2k6bqj9k74sc8k48@webmail.utoronto.ca> Message-ID: <20100204203203.kwe6o5g3kwookccw@webmail.utoronto.ca> Hi Seth, That worked great, thanks a lot! But it seems that I shouldn't simply ignore the checksum errors, since now it's giving me an "unrecognized character" error. Can I somehow log the checksum error but at least let the parser parse it anyways? Thanks, Daniela Quoting Seth Hall : > > On Feb 3, 2010, at 9:55 PM, daniela.miao at utoronto.ca wrote: > >> Thanks for your help before. I found that the DNS parser was giving me >> trouble due to many of the IP checksum errors. I don't really care >> much about these errors anyways. > > Ah, that trips up everyone eventually I think. :) > >> I understand the boolean value of ignore_checksum is set to False in >> bro.init, do I just modify this file? > > Nope, you don't modify the bro.init script. See below. > >> I apologize if the issue seems trivial, I'm just starting to get the >> hang of the language. > > > You have two options. > > Either in a script you write and load on the command line... > redef ignore_checksum=T; > > or run Bro this way.... > bro -r test.pcap dns ignore_checksum=T > > Feel free to ask more questions! > > .Seth > > --- > Seth Hall > Network Security - Office of the CIO > The Ohio State University > Phone: 614-292-9721 From vern at icir.org Thu Feb 4 17:40:31 2010 From: vern at icir.org (Vern Paxson) Date: Thu, 04 Feb 2010 17:40:31 -0800 Subject: [Bro] modifying bro.init In-Reply-To: <20100204203203.kwe6o5g3kwookccw@webmail.utoronto.ca> (Thu, 04 Feb 2010 20:32:03 EST). Message-ID: <201002050140.o151eVE7013992@pork.ICSI.Berkeley.EDU> > ignore the checksum errors, since now it's giving me an "unrecognized > character" error. That usually means you left off a -r running against a trace, like bro foo.trace http-request rather than bro -r foo.trace http-request Bro is then trying to parse foo.trace as a script and the low-level scanner flags an impossible (8-bit) character. Vern From daniela.miao at utoronto.ca Thu Feb 4 18:01:23 2010 From: daniela.miao at utoronto.ca (daniela.miao at utoronto.ca) Date: Thu, 04 Feb 2010 21:01:23 -0500 Subject: [Bro] modifying bro.init In-Reply-To: <201002050140.o151eVE7013992@pork.ICSI.Berkeley.EDU> References: <201002050140.o151eVE7013992@pork.ICSI.Berkeley.EDU> Message-ID: <20100204210123.9kafbaimqs8c0kss@webmail.utoronto.ca> Hi Vern, It appears that you're absolutely right, my bad, thanks again! Daniela Quoting Vern Paxson : >> ignore the checksum errors, since now it's giving me an "unrecognized >> character" error. > > That usually means you left off a -r running against a trace, like > > bro foo.trace http-request > > rather than > > bro -r foo.trace http-request > > Bro is then trying to parse foo.trace as a script and the low-level scanner > flags an impossible (8-bit) character. > > Vern > From bill.jones at syntervision.com Sat Feb 6 07:21:31 2010 From: bill.jones at syntervision.com (Bill Jones) Date: Sat, 6 Feb 2010 10:21:31 -0500 Subject: [Bro] Load Balancers Message-ID: <821f2ea41002060721g6984e948v9cba13ed22d1b51b@mail.gmail.com> Hi everyone, I was curious if anyone has any experience running bro between load-balancers (such as Netscaler) and web applications. We are currently trying to get HTTP logs generated for a web application. We couldn't figure out why bro was not triggering the HTTP analyzer, but I now believe that this is because it is never seeing the original SYN + SYN/ACK for the conversation. When viewing the conversations in Wireshark, I can see that all the TCP streams for this particular application begin with the GET and do not include the initial 3-way handshake. Here is an entry in the conn.log for this stream which shows the states: 1265389087.849048 ? 10.19.120.12 10.19.2.78 http 2232 80 tcp 14785 604140 OTH X DdAa Other web applications on the wire, which do have the 3-way handshake visible for all connections, seem to work just fine and I get http logs. My questions are: Am I correct in assuming that the lack of initial connection establishment is why the HTTP analysis is never occurring (and therefore I'm not getting entries in http.log)? Is there a way to force bro to analyze the traffic even though there is no proper 3-way handshake visible? Thanks for your time, Bill From bill.jones at syntervision.com Sat Feb 6 10:12:36 2010 From: bill.jones at syntervision.com (Bill Jones) Date: Sat, 6 Feb 2010 13:12:36 -0500 Subject: [Bro] Load Balancers In-Reply-To: <9D3E489884294646B1627EFEACA86436025F05DD@exchange.corp.epnet.com> References: <821f2ea41002060721g6984e948v9cba13ed22d1b51b@mail.gmail.com> <9D3E489884294646B1627EFEACA86436025F05DD@exchange.corp.epnet.com> Message-ID: <821f2ea41002061012w652595a9o215b1c451b49bbf1@mail.gmail.com> John, Thanks for the quick response. > Not sure what Netscalar does, but it all should act the same. The host > TCP stack would drop any attempted connection for which a session was > not established regardless of what was upstream from it. Quick and > dirty, you sould be able to fire up tcpdump and see the session > initialization. That's what I'm finding strange. After running a tcpdump capture on the interface and analyzing it with Wireshark, I do not see any 3-way handshakes for this particular web application. For any HTTP GET that I see in Wireshark that pertains to this application, when I "Follow TCP Stream", the first entry in Wireshark is always the GET message itself. For all other applications on the network, doing the above results in the first entry being the SYN. I've generated a few dumps with the same results. I wonder if the load balancer is somehow keeping a session active for very long periods (if this even makes sense). If you have any suggestions or thoughts, I'd be very interested. Thanks, Bill On Sat, Feb 6, 2010 at 12:51 PM, John Hally wrote: > Hi Bill, > > I've run BRO in the past with load balancers (Arrowpoint/Cisco CSS) and > was able to see all traffic. ?In our setup we had 2 segments; a VIP > access link and a services trunk link where the real/origin servers > lived. ?Both of these links had physical network taps and it was as > simple as plugging in the Ethernet, flipping the interface to > UP/PROMISC, and starting BRO. > > With the CSS, even though the unit would handle the initial connection, > it would 'snap' that over to the origin server it picked during load > balancing so you would still see the tcp setup. > > Not sure what Netscalar does, but it all should act the same. ?The host > TCP stack would drop any attempted connection for which a session was > not established regardless of what was upstream from it. ?Quick and > dirty, you sould be able to fire up tcpdump and see the session > initialization. > > Thoughts? > > Tahnks. > > John. > > -----Original Message----- > From: bro-bounces at ICSI.Berkeley.EDU > [mailto:bro-bounces at ICSI.Berkeley.EDU] On Behalf Of Bill Jones > Sent: Saturday, February 06, 2010 10:22 AM > To: bro at ICSI.Berkeley.EDU > Subject: [Bro] Load Balancers > > Hi everyone, > > I was curious if anyone has any experience running bro between > load-balancers (such as Netscaler) and web applications. ?We are > currently trying to get HTTP logs generated for a web application. ?We > couldn't figure out why bro was not triggering the HTTP analyzer, but > I now believe that this is because it is never seeing the original SYN > + SYN/ACK for the conversation. ?When viewing the conversations in > Wireshark, I can see that all the TCP streams for this particular > application begin with the GET and do not include the initial 3-way > handshake. > > Here is an entry in the conn.log for this stream which shows the states: > > 1265389087.849048 ? 10.19.120.12 10.19.2.78 http 2232 80 tcp 14785 > 604140 OTH X DdAa > > Other web applications on the wire, which do have the 3-way handshake > visible for all connections, seem to work just fine and I get http > logs. > > My questions are: > > Am I correct in assuming that the lack of initial connection > establishment is why the HTTP analysis is never occurring (and > therefore I'm not getting entries in http.log)? > > Is there a way to force bro to analyze the traffic even though there > is no proper 3-way handshake visible? > > > Thanks for your time, > Bill > _______________________________________________ > Bro mailing list > bro at bro-ids.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro > From JAzoff at uamail.albany.edu Sat Feb 6 10:51:03 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Sat, 6 Feb 2010 13:51:03 -0500 Subject: [Bro] Load Balancers In-Reply-To: <821f2ea41002061012w652595a9o215b1c451b49bbf1@mail.gmail.com> References: <821f2ea41002060721g6984e948v9cba13ed22d1b51b@mail.gmail.com> <9D3E489884294646B1627EFEACA86436025F05DD@exchange.corp.epnet.com> <821f2ea41002061012w652595a9o215b1c451b49bbf1@mail.gmail.com> Message-ID: <20100206185103.GA2827@datacomm.albany.edu> On Sat, Feb 06, 2010 at 01:12:36PM -0500, Bill Jones wrote: > That's what I'm finding strange. After running a tcpdump capture on > the interface and analyzing it with Wireshark, I do not see any 3-way > handshakes for this particular web application. For any HTTP GET that > I see in Wireshark that pertains to this application, when I "Follow > TCP Stream", the first entry in Wireshark is always the GET message > itself. For all other applications on the network, doing the above > results in the first entry being the SYN. Just to make sure this isn't it, what bpf filter if any are you using with tcpdump and bro? If it's not the filter, the only thing I can think of is that the load balancer is opening a persistent (http/1.1 keep-alive) connection to the backend servers. I don't know how common that sort of thing is, but it would be easy to check for, you would see the http/1.1 connection: header in the GET request.. you could also see if tcpdump sees a 3-way handshake if you restart one of the webservers. -- -- Justin Azoff -- Network Security & Performance Analyst From bill.jones at syntervision.com Sat Feb 6 11:04:15 2010 From: bill.jones at syntervision.com (Bill Jones) Date: Sat, 6 Feb 2010 14:04:15 -0500 Subject: [Bro] Load Balancers In-Reply-To: <20100206185103.GA2827@datacomm.albany.edu> References: <821f2ea41002060721g6984e948v9cba13ed22d1b51b@mail.gmail.com> <9D3E489884294646B1627EFEACA86436025F05DD@exchange.corp.epnet.com> <821f2ea41002061012w652595a9o215b1c451b49bbf1@mail.gmail.com> <20100206185103.GA2827@datacomm.albany.edu> Message-ID: <821f2ea41002061104i656f937bk36435abc9d9a111f@mail.gmail.com> Justin, Thanks for the response. I do actually see a "Connection: Keep-Alive\r\n" in the GET packet. From this, can I assume that a persistent connection is being held, thus the confusion by bro? If so, do you have any ideas or suggestions on how I can get the HTTP analyzer to still process these as if the connection had been established normally? Regards, Bill On Sat, Feb 6, 2010 at 1:51 PM, Justin Azoff wrote: > On Sat, Feb 06, 2010 at 01:12:36PM -0500, Bill Jones wrote: >> That's what I'm finding strange. ?After running a tcpdump capture on >> the interface and analyzing it with Wireshark, I do not see any 3-way >> handshakes for this particular web application. ?For any HTTP GET that >> I see in Wireshark that pertains to this application, when I "Follow >> TCP Stream", the first entry in Wireshark is always the GET message >> itself. ?For all other applications on the network, doing the above >> results in the first entry being the SYN. > > Just to make sure this isn't it, what bpf filter if any are you using with > tcpdump and bro? > > If it's not the filter, the only thing I can think of is that the load balancer > is opening a persistent (http/1.1 keep-alive) connection to the backend servers. > > I don't know how common that sort of thing is, but it would be easy to check > for, you would see the http/1.1 connection: header in the GET request.. > > you could also see if tcpdump sees a 3-way handshake if you restart one of the > webservers. > > -- > -- Justin Azoff > -- Network Security & Performance Analyst > From bill.jones at syntervision.com Sat Feb 6 11:05:32 2010 From: bill.jones at syntervision.com (Bill Jones) Date: Sat, 6 Feb 2010 14:05:32 -0500 Subject: [Bro] Load Balancers In-Reply-To: <821f2ea41002061104i656f937bk36435abc9d9a111f@mail.gmail.com> References: <821f2ea41002060721g6984e948v9cba13ed22d1b51b@mail.gmail.com> <9D3E489884294646B1627EFEACA86436025F05DD@exchange.corp.epnet.com> <821f2ea41002061012w652595a9o215b1c451b49bbf1@mail.gmail.com> <20100206185103.GA2827@datacomm.albany.edu> <821f2ea41002061104i656f937bk36435abc9d9a111f@mail.gmail.com> Message-ID: <821f2ea41002061105t30c3e82bp6c4058d235ae29b7@mail.gmail.com> Justin, Sorry, I meant to add that no bpf filters are being added to tcpdump or bro at this time. Also, I don't have the ability to restart these servers at this time. On Sat, Feb 6, 2010 at 2:04 PM, Bill Jones wrote: > Justin, > > Thanks for the response. ?I do actually see a "Connection: > Keep-Alive\r\n" in the GET packet. ?From this, can I assume that a > persistent connection is being held, thus the confusion by bro? > > If so, do you have any ideas or suggestions on how I can get the HTTP > analyzer to still process these as if the connection had been > established normally? > > > Regards, > Bill > > On Sat, Feb 6, 2010 at 1:51 PM, Justin Azoff wrote: >> On Sat, Feb 06, 2010 at 01:12:36PM -0500, Bill Jones wrote: >>> That's what I'm finding strange. ?After running a tcpdump capture on >>> the interface and analyzing it with Wireshark, I do not see any 3-way >>> handshakes for this particular web application. ?For any HTTP GET that >>> I see in Wireshark that pertains to this application, when I "Follow >>> TCP Stream", the first entry in Wireshark is always the GET message >>> itself. ?For all other applications on the network, doing the above >>> results in the first entry being the SYN. >> >> Just to make sure this isn't it, what bpf filter if any are you using with >> tcpdump and bro? >> >> If it's not the filter, the only thing I can think of is that the load balancer >> is opening a persistent (http/1.1 keep-alive) connection to the backend servers. >> >> I don't know how common that sort of thing is, but it would be easy to check >> for, you would see the http/1.1 connection: header in the GET request.. >> >> you could also see if tcpdump sees a 3-way handshake if you restart one of the >> webservers. >> >> -- >> -- Justin Azoff >> -- Network Security & Performance Analyst >> > From JAzoff at uamail.albany.edu Sat Feb 6 11:18:52 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Sat, 6 Feb 2010 14:18:52 -0500 Subject: [Bro] Load Balancers In-Reply-To: <821f2ea41002061104i656f937bk36435abc9d9a111f@mail.gmail.com> References: <821f2ea41002060721g6984e948v9cba13ed22d1b51b@mail.gmail.com> <9D3E489884294646B1627EFEACA86436025F05DD@exchange.corp.epnet.com> <821f2ea41002061012w652595a9o215b1c451b49bbf1@mail.gmail.com> <20100206185103.GA2827@datacomm.albany.edu> <821f2ea41002061104i656f937bk36435abc9d9a111f@mail.gmail.com> Message-ID: <20100206191851.GB2827@datacomm.albany.edu> On Sat, Feb 06, 2010 at 02:04:15PM -0500, Bill Jones wrote: > Justin, > > Thanks for the response. I do actually see a "Connection: > Keep-Alive\r\n" in the GET packet. From this, can I assume that a > persistent connection is being held, thus the confusion by bro? Right... if the connection is long lived, there was a handshake, it just happened before Bro started. > If so, do you have any ideas or suggestions on how I can get the HTTP > analyzer to still process these as if the connection had been > established normally? > > Regards, > Bill I'm not sure about the Bro side, but you could probably turn off keepalives on the load balancer. It also might have an option somewhere called 'maximum number of requests' that might be a high number like 5000, you could try lowering that a bunch, which would cause a handshake to happen frequently enough to keep Bro happy. -- -- Justin Azoff -- Network Security & Performance Analyst From bill.jones at syntervision.com Sat Feb 6 11:36:15 2010 From: bill.jones at syntervision.com (Bill Jones) Date: Sat, 6 Feb 2010 14:36:15 -0500 Subject: [Bro] Load Balancers In-Reply-To: <20100206191851.GB2827@datacomm.albany.edu> References: <821f2ea41002060721g6984e948v9cba13ed22d1b51b@mail.gmail.com> <9D3E489884294646B1627EFEACA86436025F05DD@exchange.corp.epnet.com> <821f2ea41002061012w652595a9o215b1c451b49bbf1@mail.gmail.com> <20100206185103.GA2827@datacomm.albany.edu> <821f2ea41002061104i656f937bk36435abc9d9a111f@mail.gmail.com> <20100206191851.GB2827@datacomm.albany.edu> Message-ID: <821f2ea41002061136j440870daod4d3eeb73583ab3a@mail.gmail.com> Justin, Thanks, that makes sense. I'm not sure if I'll be able to tweak the load-balancer settings at this time, but if I am, that may indeed solve this issue. Hopefully, come Monday morning when many more sessions will be generated, I may actually see some of these connections as established and bro will operate as expected. Regards, Bill On Sat, Feb 6, 2010 at 2:18 PM, Justin Azoff wrote: > On Sat, Feb 06, 2010 at 02:04:15PM -0500, Bill Jones wrote: >> Justin, >> >> Thanks for the response. ?I do actually see a "Connection: >> Keep-Alive\r\n" in the GET packet. ?From this, can I assume that a >> persistent connection is being held, thus the confusion by bro? > > Right... if the connection is long lived, there was a handshake, it just > happened before Bro started. > >> If so, do you have any ideas or suggestions on how I can get the HTTP >> analyzer to still process these as if the connection had been >> established normally? >> >> Regards, >> Bill > > I'm not sure about the Bro side, but you could probably turn off keepalives on > the load balancer. ?It also might have an option somewhere called 'maximum > number of requests' that might be a high number like 5000, you could try > lowering that a bunch, which would cause a handshake to happen frequently > enough to keep Bro happy. > > -- > -- Justin Azoff > -- Network Security & Performance Analyst > From vern at icir.org Sat Feb 6 12:52:19 2010 From: vern at icir.org (Vern Paxson) Date: Sat, 06 Feb 2010 12:52:19 -0800 Subject: [Bro] Load Balancers In-Reply-To: <821f2ea41002060721g6984e948v9cba13ed22d1b51b@mail.gmail.com> (Sat, 06 Feb 2010 10:21:31 EST). Message-ID: <201002062052.o16KqJMM023577@pork.ICSI.Berkeley.EDU> > Am I correct in assuming that the lack of initial connection > establishment is why the HTTP analysis is never occurring (and > therefore I'm not getting entries in http.log)? Yes. The appended patch should cause the analyzer to function anyway. > Thanks for the response. I do actually see a "Connection: > Keep-Alive\r\n" in the GET packet. From this, can I assume that a > persistent connection is being held, thus the confusion by bro? That's doubtless what's happening. (FYI, seeing that from the client side it's just a request, than necessarily imposed on the connection. However, in the setup you describe, surely the server is accepting this, and hence the seemingly missing SYNs for later requests.) Vern Index: src/HTTP.cc =================================================================== --- src/HTTP.cc (revision 6971) +++ src/HTTP.cc (working copy) @@ -753,7 +753,7 @@ AddSupportAnalyzer(content_line_orig); content_line_resp = new ContentLine_Analyzer(conn, false); - content_line_resp->SetSkipPartial(true); + // content_line_resp->SetSkipPartial(true); AddSupportAnalyzer(content_line_resp); } @@ -794,8 +794,8 @@ { TCP_ApplicationAnalyzer::DeliverStream(len, data, is_orig); - if ( TCP() && TCP()->IsPartial() ) - return; + // if ( TCP() && TCP()->IsPartial() ) + // return; const char* line = reinterpret_cast(data); const char* end_of_line = line + len; From bill.jones at syntervision.com Sat Feb 6 13:02:57 2010 From: bill.jones at syntervision.com (Bill Jones) Date: Sat, 6 Feb 2010 16:02:57 -0500 Subject: [Bro] Load Balancers In-Reply-To: <201002062052.o16KqJMM023577@pork.ICSI.Berkeley.EDU> References: <821f2ea41002060721g6984e948v9cba13ed22d1b51b@mail.gmail.com> <201002062052.o16KqJMM023577@pork.ICSI.Berkeley.EDU> Message-ID: <821f2ea41002061302j6ecbfc1ag8ef1f9ecad88bd4e@mail.gmail.com> Vern, Wow, thanks for the quick response! I am going to look deeper into the causes, but this is exactly the type of short-term solution I was looking for. Much obliged. I will be sure to report back if I have any interesting findings. Regards, Bill On Sat, Feb 6, 2010 at 3:52 PM, Vern Paxson wrote: >> Am I correct in assuming that the lack of initial connection >> establishment is why the HTTP analysis is never occurring (and >> therefore I'm not getting entries in http.log)? > > Yes. ?The appended patch should cause the analyzer to function anyway. > >> Thanks for the response. ?I do actually see a "Connection: >> Keep-Alive\r\n" in the GET packet. ?From this, can I assume that a >> persistent connection is being held, thus the confusion by bro? > > That's doubtless what's happening. ?(FYI, seeing that from the client side > it's just a request, than necessarily imposed on the connection. ?However, > in the setup you describe, surely the server is accepting this, and hence > the seemingly missing SYNs for later requests.) > > ? ? ? ? ? ? ? ?Vern > > > Index: src/HTTP.cc > =================================================================== > --- src/HTTP.cc (revision 6971) > +++ src/HTTP.cc (working copy) > @@ -753,7 +753,7 @@ > ? ? ? ?AddSupportAnalyzer(content_line_orig); > > ? ? ? ?content_line_resp = new ContentLine_Analyzer(conn, false); > - ? ? ? content_line_resp->SetSkipPartial(true); > + ? ? ? // content_line_resp->SetSkipPartial(true); > ? ? ? ?AddSupportAnalyzer(content_line_resp); > ? ? ? ?} > > @@ -794,8 +794,8 @@ > ? ? ? ?{ > ? ? ? ?TCP_ApplicationAnalyzer::DeliverStream(len, data, is_orig); > > - ? ? ? if ( TCP() && TCP()->IsPartial() ) > - ? ? ? ? ? ? ? return; > + ? ? ? // if ( TCP() && TCP()->IsPartial() ) > + ? ? ? // ? ? ?return; > > ? ? ? ?const char* line = reinterpret_cast(data); > ? ? ? ?const char* end_of_line = line + len; > From vern at icir.org Sat Feb 6 21:03:00 2010 From: vern at icir.org (Vern Paxson) Date: Sat, 06 Feb 2010 21:03:00 -0800 Subject: [Bro] Questions about Bro's DNS Parser In-Reply-To: <20100129114045.cdbvnxwmbs4k4wck@webmail.utoronto.ca> (Fri, 29 Jan 2010 11:40:45 EST). Message-ID: <201002070503.o1753062028073@pork.ICSI.Berkeley.EDU> > Anyhow, I have attached a sample capture from the trace file, which > contains DNS packets with returned errors (some response packets). I > also took a look at dns.bro, if I'm not mistaken the parser does not > have any error code interpreting feature, it seems all to be group > into Weird::WEIRD_FILE. Do you mean errors based on the analyzer's parsing failing, or errors indicated via the DNS protocol? The latter are logged in the DNS log file. For the former, when I run on the file all I get in the weird file is IP checksums. If I use -C to ignore these then I get a bunch of DNS log file output that seems reasonable, so I'm not immediately seeing the problem. Vern From daniela.miao at utoronto.ca Sat Feb 6 21:29:13 2010 From: daniela.miao at utoronto.ca (daniela.miao at utoronto.ca) Date: Sun, 07 Feb 2010 00:29:13 -0500 Subject: [Bro] Questions about Bro's DNS Parser In-Reply-To: <201002070503.o1753062028073@pork.ICSI.Berkeley.EDU> References: <201002070503.o1753062028073@pork.ICSI.Berkeley.EDU> Message-ID: <20100207002913.jik35i8mtcsss840@webmail.utoronto.ca> Hi Vern, Thanks for your time. I was actually running into the ip checksum errors before, but then I discovered the -C option. The problem is, even with the -C option, some packets that have error codes such as "Server Failure" or "No Such Name Exists" are not being logged in the DNS log file. The log file only contains information regarding packets that had no errors. This confuses me, since it appears that dns-info.bro file contains information required for error code deciphering. A closer look at the dns log file as given right now reveals that whenever there is a packet that contains an error, the parser simply stalls, and prints out the query as is, instead of deciphering the error code. Any suggestions would be much appreciated, thank you very much, Daniela Quoting Vern Paxson : >> Anyhow, I have attached a sample capture from the trace file, which >> contains DNS packets with returned errors (some response packets). I >> also took a look at dns.bro, if I'm not mistaken the parser does not >> have any error code interpreting feature, it seems all to be group >> into Weird::WEIRD_FILE. > > Do you mean errors based on the analyzer's parsing failing, or errors > indicated via the DNS protocol? The latter are logged in the DNS log file. > For the former, when I run on the file all I get in the weird file is IP > checksums. If I use -C to ignore these then I get a bunch of DNS log file > output that seems reasonable, so I'm not immediately seeing the problem. > > Vern > From vern at icir.org Sat Feb 6 23:00:00 2010 From: vern at icir.org (Vern Paxson) Date: Sat, 06 Feb 2010 23:00:00 -0800 Subject: [Bro] Questions about Bro's DNS Parser In-Reply-To: <20100207002913.jik35i8mtcsss840@webmail.utoronto.ca> (Sun, 07 Feb 2010 00:29:13 EST). Message-ID: <201002070700.o17700PA029078@pork.ICSI.Berkeley.EDU> > The problem is, even with the -C option, some packets that have error > codes such as "Server Failure" or "No Such Name Exists" are not being > logged in the DNS log file. Ah - this rings a bell. I believe Seth has a fix for this problem (and in general a reworked dns.bro), which would be great to incorporate into the next Bro release. I'll let him comment further. Vern From hall.692 at osu.edu Sat Feb 6 23:09:43 2010 From: hall.692 at osu.edu (Seth Hall) Date: Sun, 7 Feb 2010 02:09:43 -0500 Subject: [Bro] Questions about Bro's DNS Parser In-Reply-To: <201002070700.o17700PA029078@pork.ICSI.Berkeley.EDU> References: <201002070700.o17700PA029078@pork.ICSI.Berkeley.EDU> Message-ID: On Feb 7, 2010, at 2:00 AM, Vern Paxson wrote: >> The problem is, even with the -C option, some packets that have error >> codes such as "Server Failure" or "No Such Name Exists" are not being >> logged in the DNS log file. > > Ah - this rings a bell. I believe Seth has a fix for this problem > (and > in general a reworked dns.bro), which would be great to incorporate > into > the next Bro release. I'll let him comment further. I do have a dns-ext.bro script in my github repository. I even recently fixed it so that it's actually functional now! :) http://github.com/sethhall/bro_scripts/blob/master/dns-ext.bro I don't know if this will correct the problem you're having or not, but it's worth a try. It outputs logs like this in "full" mode... ts orig_h orig_p resp_h resp_p proto query_type query_class query transaction_id ttl flags error replies 1232039460.39003 161.58.49.99 5654 128.146.1.7 53 udp A C_INTERNET ns1.net.ohio-state.edu bf08 3600 {} NOERROR 0 {128.146.48.7, 128.146.1.21, 128.146.1.7} 1232039460.39091 161.58.49.99 1968 128.146.1.7 53 udp A C_INTERNET ns2.net.ohio-state.edu e04e 3600 {} NOERROR 0 {128.146.48.7, 128.146.1.21, 128.146.1.7} 1232039460.87 66.148.163.50 21468 140.254.37.68 53 udp A C_INTERNET a744.g.akamai.net 2fd6 20 {} NOERROR 0 {72.246.30.81, 72.246.30.73} and like this in "minimal" query-only mode... ts orig_h query_type query 1232039460.39003 161.58.49.99 A ns1.net.ohio-state.edu 1232039460.39091 161.58.49.99 A ns2.net.ohio-state.edu 1232039460.87 66.148.163.50 A a744.g.akamai.net .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From daniela.miao at utoronto.ca Mon Feb 8 08:27:54 2010 From: daniela.miao at utoronto.ca (daniela.miao at utoronto.ca) Date: Mon, 08 Feb 2010 11:27:54 -0500 Subject: [Bro] Questions about Bro's DNS Parser In-Reply-To: References: <201002070700.o17700PA029078@pork.ICSI.Berkeley.EDU> Message-ID: <20100208112754.hwqncajx44woo4kg@webmail.utoronto.ca> Hi Seth, Vern, Thanks very much, I'll try this code and let you know the outcome! Just out of curiosity though, is this considered a bug in the current release? Or is this something else? Daniela Quoting Seth Hall : > > On Feb 7, 2010, at 2:00 AM, Vern Paxson wrote: > >>> The problem is, even with the -C option, some packets that have error >>> codes such as "Server Failure" or "No Such Name Exists" are not being >>> logged in the DNS log file. >> >> Ah - this rings a bell. I believe Seth has a fix for this problem (and >> in general a reworked dns.bro), which would be great to incorporate into >> the next Bro release. I'll let him comment further. > > > I do have a dns-ext.bro script in my github repository. I even > recently fixed it so that it's actually functional now! :) > > http://github.com/sethhall/bro_scripts/blob/master/dns-ext.bro > > I don't know if this will correct the problem you're having or not, but > it's worth a try. > > It outputs logs like this in "full" mode... > ts orig_h orig_p resp_h resp_p proto query_type query_class query transaction_id ttl flags error replies > 1232039460.39003 161.58.49.99 5654 128.146.1.7 53 udp A C_INTERNET ns1.net.ohio-state.edu bf08 3600 {} NOERROR 0 {128.146.48.7, > 128.146.1.21, > 128.146.1.7} > 1232039460.39091 161.58.49.99 1968 128.146.1.7 53 udp A C_INTERNET ns2.net.ohio-state.edu e04e 3600 {} NOERROR 0 {128.146.48.7, > 128.146.1.21, > 128.146.1.7} > 1232039460.87 66.148.163.50 21468 140.254.37.68 53 udp A C_INTERNET a744.g.akamai.net 2fd6 20 {} NOERROR 0 {72.246.30.81, > 72.246.30.73} > > and like this in "minimal" query-only mode... > ts orig_h query_type query > 1232039460.39003 161.58.49.99 A ns1.net.ohio-state.edu > 1232039460.39091 161.58.49.99 A ns2.net.ohio-state.edu > 1232039460.87 66.148.163.50 A a744.g.akamai.net > > .Seth > > --- > Seth Hall > Network Security - Office of the CIO > The Ohio State University > Phone: 614-292-9721 From Tyler.Schoenke at colorado.edu Mon Feb 8 09:40:57 2010 From: Tyler.Schoenke at colorado.edu (Tyler Schoenke) Date: Mon, 08 Feb 2010 10:40:57 -0700 Subject: [Bro] A few questions In-Reply-To: <4B6B001D.5020603@colorado.edu> References: <20100202134414.GA14454@datacomm.albany.edu> <20100202162446.GA44945@icir.org> <20100203170320.GE83684@icir.org> <4B6ACE79.3020004@fnal.gov> <4B6AF077.2040607@colorado.edu> <4B6B001D.5020603@colorado.edu> Message-ID: <4B704CA9.5060605@colorado.edu> Just an update, the Intel Research Labs driver and Click code is available: http://routebricks.org/code.html I'm going to give this a try. If this works, I may be able to turn my current Bro server into a ~10 Gbps front-end router/load-balancer. That should be quite a bit cheaper than a commercial load balancer. Workers could potentially be run on this server as long as they didn't degrade the Click performance, otherwise, we could buy a switch and more COTS servers to use as workers. The hardware requirements appear to be Intel 'Oplin' 10GbE 82598EB NICs, and a server with Nehalem (not VanHalen) architecture that can run Linux kernel 2.6.24.7. Tyler On 02/04/2010 10:13 AM, Tyler Schoenke wrote: > On 02/04/2010 09:29 AM, Nicholas Weaver wrote: >> That may work today: The Intel Research Labs folks have been able to get Click to move 12 Gbps through a single dual-interface PCIe x8 (pretty close to the theoretical limit, BTW) Intel 10 GigE card using kernel mode drivers and the latest Intel hardware. With a separate card for in and out on separate PCI-E busses, you might indeed be able to get 10 Gbps in and 10 Gbps packet-marked back out. I don't know if their click kernel mode drivers are available. > > Thanks for the info. I'll try to contact them and see if their code is > available. My server is certified to run RHEL, and they have Linux > drivers available for the 10 GigE cards as well, so something like this > may work. > > >> It would also probably be easier to just send packets back out a different 10 Gbps interface, and just overwrite the MAC and let a COTS switch then handle the routing to particular worker nodes, rather than having a collection of 1 Gbps interfaces. > > You can tell I'm not a networking person. That sounds like a better, > streamlined, and more expandable idea. > > Thanks, > > Tyler > _______________________________________________ > Bro mailing list > bro at bro-ids.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro > From daniela.miao at utoronto.ca Tue Feb 9 07:12:34 2010 From: daniela.miao at utoronto.ca (daniela.miao at utoronto.ca) Date: Tue, 09 Feb 2010 10:12:34 -0500 Subject: [Bro] Questions about Bro's DNS Parser In-Reply-To: References: <201002070700.o17700PA029078@pork.ICSI.Berkeley.EDU> Message-ID: <20100209101234.fpcffo0u8ws404oc@webmail.utoronto.ca> Hi Seth, Vern, Just a quick question regarding the dns-ext.bro code you provided me with. What is global-ext? I tried running this code on my machine, and it gave me a "cannot find global-ext" error, I then commented out the line that loads this file, and the script worked. Problem is, the output file after running this script without the "@load global-ext" line, is exactly the same as what I was getting before. I'm still not receiving the error codes that some of the response packets contain. Thanks very much, Daniela Quoting Seth Hall : > > On Feb 7, 2010, at 2:00 AM, Vern Paxson wrote: > >>> The problem is, even with the -C option, some packets that have error >>> codes such as "Server Failure" or "No Such Name Exists" are not being >>> logged in the DNS log file. >> >> Ah - this rings a bell. I believe Seth has a fix for this problem (and >> in general a reworked dns.bro), which would be great to incorporate into >> the next Bro release. I'll let him comment further. > > > I do have a dns-ext.bro script in my github repository. I even > recently fixed it so that it's actually functional now! :) > > http://github.com/sethhall/bro_scripts/blob/master/dns-ext.bro > > I don't know if this will correct the problem you're having or not, but > it's worth a try. > > It outputs logs like this in "full" mode... > ts orig_h orig_p resp_h resp_p proto query_type query_class query transaction_id ttl flags error replies > 1232039460.39003 161.58.49.99 5654 128.146.1.7 53 udp A C_INTERNET ns1.net.ohio-state.edu bf08 3600 {} NOERROR 0 {128.146.48.7, > 128.146.1.21, > 128.146.1.7} > 1232039460.39091 161.58.49.99 1968 128.146.1.7 53 udp A C_INTERNET ns2.net.ohio-state.edu e04e 3600 {} NOERROR 0 {128.146.48.7, > 128.146.1.21, > 128.146.1.7} > 1232039460.87 66.148.163.50 21468 140.254.37.68 53 udp A C_INTERNET a744.g.akamai.net 2fd6 20 {} NOERROR 0 {72.246.30.81, > 72.246.30.73} > > and like this in "minimal" query-only mode... > ts orig_h query_type query > 1232039460.39003 161.58.49.99 A ns1.net.ohio-state.edu > 1232039460.39091 161.58.49.99 A ns2.net.ohio-state.edu > 1232039460.87 66.148.163.50 A a744.g.akamai.net > > .Seth > > --- > Seth Hall > Network Security - Office of the CIO > The Ohio State University > Phone: 614-292-9721 From vern at icir.org Tue Feb 9 14:36:29 2010 From: vern at icir.org (Vern Paxson) Date: Tue, 09 Feb 2010 14:36:29 -0800 Subject: [Bro] Questions about Bro's DNS Parser In-Reply-To: <20100208112754.hwqncajx44woo4kg@webmail.utoronto.ca> (Mon, 08 Feb 2010 11:27:54 EST). Message-ID: <201002092236.o19MaTuI001389@pork.ICSI.Berkeley.EDU> > Just out of curiosity though, is this considered a bug in the current > release? Or is this something else? A bug. I don't think there's any plausible reason why such packets should be skipped entirely; there's a flaw in the logic for processing them. Vern From hall.692 at osu.edu Wed Feb 10 13:31:53 2010 From: hall.692 at osu.edu (Seth Hall) Date: Wed, 10 Feb 2010 16:31:53 -0500 Subject: [Bro] Questions about Bro's DNS Parser In-Reply-To: <20100209101234.fpcffo0u8ws404oc@webmail.utoronto.ca> References: <201002070700.o17700PA029078@pork.ICSI.Berkeley.EDU> <20100209101234.fpcffo0u8ws404oc@webmail.utoronto.ca> Message-ID: <254AAD4C-E08B-4717-8974-DF943101C560@osu.edu> On Feb 9, 2010, at 10:12 AM, daniela.miao at utoronto.ca wrote: > Problem is, the output file after running this script without the > "@load global-ext" line, is exactly the same as what I was getting > before. I'm still not receiving the error codes that some of the > response packets contain. Sorry I didn't explain that better. The scripts located at my github repository have several dependencies among them. You should probably just grab all of the scripts there and load the script you want. You also need to load the logging.dns-ext.bro script in order for dns- ext.bro to actually output any logs. .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From ssm_as at yahoo.com Thu Feb 11 07:05:47 2010 From: ssm_as at yahoo.com (ssm_as) Date: Thu, 11 Feb 2010 07:05:47 -0800 (PST) Subject: [Bro] Installing Bro-1.5.1 Ubuntu 9.10 Problem with gcc Message-ID: <471441.71574.qm@web31504.mail.mud.yahoo.com> I am trying to install bro under Ubuntu 9.10 ? ? I did the following: ? ? apt-get install libncurses5-dev ? ? apt-get install g++ ? ? apt-get install bison ? ? apt-get install flex ? ? apt-get install libmagic-dev ? ? apt-get install libgeoip-dev ? ? apt-get install libssl-dev ? ? Then I type the following as a root ? ? ./configure --enable shippedpcap I got the following: Bro Configuration Summary ========================================================== ? - Debugging enabled:????? no ? - OpenSSL support:??????? yes ? - Non-blocking main loop: yes ? - Non-blocking resolver:? yes ? - Installation prefix:??? /usr/local/bro ? - Perl interpreter:?????? /usr/bin/perl ? - Using basic_string:???? yes ? - Using libmagic:???????? yes ? - Using perftools:??????? no ? - Binpac used:??????????? shipped with Bro ? - Using libGeoIP:???????? yes ? - Enabled broctl:???????? yes ? - Enabled cluster:??????? no ? - Pcap used:????????????? shipped with Bro Then I typed "make" broccoli_intern_wrap.c:8557: error: ?Swig_var_bro_debug_messages_get? undeclared (first use in this function) broccoli_intern_wrap.c:8557: error: ?Swig_var_bro_debug_messages_set? undeclared (first use in this function) broccoli_intern_wrap.c:8558: warning: implicit declaration of function ?SWIG_Python_SetConstant? broccoli_intern_wrap.c:8558: warning: implicit declaration of function ?SWIG_From_int? error: command 'gcc' failed with exit status 1 make[4]: *** [pybroccoli] Error 1 make[4]: Leaving directory `/home/shsaad/Apps/IDS/bro-1.5.1/aux/broctl' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/shsaad/Apps/IDS/bro-1.5.1/aux' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/shsaad/Apps/IDS/bro-1.5.1/aux' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/shsaad/Apps/IDS/bro-1.5.1' make: *** [all] Error 2 I do not know what is the problem exactly Thanks Sherif? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100211/5a6360ce/attachment.html From renaud.luca at gmail.com Thu Feb 11 07:43:09 2010 From: renaud.luca at gmail.com (Luca Renaud) Date: Thu, 11 Feb 2010 15:43:09 +0000 Subject: [Bro] Capture bulk traces with Bro. Message-ID: <628233b11002110743v285e99b2uddd5a3b627eb7a52@mail.gmail.com> I have read some of Bro's docs and a script named start-capture-all is pointed as a method to help capture bulk traces with Bro.However that script is not present in Bro-1.5.1 distribution as I know.So,was the function it was supposed to do transferred to broctl ? Right now,what is the better method to capture bulk traces for offline analysis (not using tcpdump) just using Bro. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100211/45d1557d/attachment.html From JAzoff at uamail.albany.edu Thu Feb 11 08:08:09 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Thu, 11 Feb 2010 11:08:09 -0500 Subject: [Bro] Installing Bro-1.5.1 Ubuntu 9.10 Problem with gcc In-Reply-To: <471441.71574.qm@web31504.mail.mud.yahoo.com> References: <471441.71574.qm@web31504.mail.mud.yahoo.com> Message-ID: <20100211160809.GF14107@datacomm.albany.edu> On Thu, Feb 11, 2010 at 07:05:47AM -0800, ssm_as wrote: > I am trying to install bro under Ubuntu 9.10 > ? ? I did the following: > ? ? apt-get install libncurses5-dev > ? ? apt-get install g++ > ? ? apt-get install bison > ? ? apt-get install flex > ? ? apt-get install libmagic-dev > ? ? apt-get install libgeoip-dev > ? ? apt-get install libssl-dev > > Then I type the following as a root > ./configure --enable shippedpcap I've been working on debian packages for Bro, you probably also need: build-essential python-dev libpcap-dev and don't use shippedpcap and if you plan on running broctl, the 'time' package Then it should build without any issues. -- -- Justin Azoff -- Network Security & Performance Analyst From lruppert at syr.edu Thu Feb 11 08:14:40 2010 From: lruppert at syr.edu (Louis F Ruppert) Date: Thu, 11 Feb 2010 11:14:40 -0500 Subject: [Bro] Installing Bro-1.5.1 Ubuntu 9.10 Problem with gcc In-Reply-To: <471441.71574.qm@web31504.mail.mud.yahoo.com> References: <471441.71574.qm@web31504.mail.mud.yahoo.com> Message-ID: <32E412533D42EF41ACBCFA96B6C230F401232031A810@SUEX07-MBX-07.ad.syr.edu> Do you have python-dev and python2.5-dev installed as well? If I remember correctly, the configure script doesn't really seem to look for the presence of the python libraries, so you can imagine the results if you don't have them installed when compiling the python-based broccoli. My home bro setup uses ubuntu, so I know it can be made to work. :) -Lou -- Lou Ruppert Intrusion Analyst, GCFA Information Security Syracuse University ________________________________________ From: bro-bounces at ICSI.Berkeley.EDU [bro-bounces at ICSI.Berkeley.EDU] On Behalf Of ssm_as [ssm_as at yahoo.com] Sent: Thursday, February 11, 2010 10:05 AM To: bro at ICSI.Berkeley.EDU Subject: [Bro] Installing Bro-1.5.1 Ubuntu 9.10 Problem with gcc I am trying to install bro under Ubuntu 9.10 I did the following: apt-get install libncurses5-dev apt-get install g++ apt-get install bison apt-get install flex apt-get install libmagic-dev apt-get install libgeoip-dev apt-get install libssl-dev Then I type the following as a root ./configure --enable shippedpcap I got the following: Bro Configuration Summary ========================================================== - Debugging enabled: no - OpenSSL support: yes - Non-blocking main loop: yes - Non-blocking resolver: yes - Installation prefix: /usr/local/bro - Perl interpreter: /usr/bin/perl - Using basic_string: yes - Using libmagic: yes - Using perftools: no - Binpac used: shipped with Bro - Using libGeoIP: yes - Enabled broctl: yes - Enabled cluster: no - Pcap used: shipped with Bro Then I typed "make" broccoli_intern_wrap.c:8557: error: ?Swig_var_bro_debug_messages_get? undeclared (first use in this function) broccoli_intern_wrap.c:8557: error: ?Swig_var_bro_debug_messages_set? undeclared (first use in this function) broccoli_intern_wrap.c:8558: warning: implicit declaration of function ?SWIG_Python_SetConstant? broccoli_intern_wrap.c:8558: warning: implicit declaration of function ?SWIG_From_int? error: command 'gcc' failed with exit status 1 make[4]: *** [pybroccoli] Error 1 make[4]: Leaving directory `/home/shsaad/Apps/IDS/bro-1.5.1/aux/broctl' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/shsaad/Apps/IDS/bro-1.5.1/aux' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/shsaad/Apps/IDS/bro-1.5.1/aux' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/shsaad/Apps/IDS/bro-1.5.1' make: *** [all] Error 2 I do not know what is the problem exactly Thanks Sherif From hall.692 at osu.edu Thu Feb 11 08:16:31 2010 From: hall.692 at osu.edu (Seth Hall) Date: Thu, 11 Feb 2010 11:16:31 -0500 Subject: [Bro] Capture bulk traces with Bro. In-Reply-To: <628233b11002110743v285e99b2uddd5a3b627eb7a52@mail.gmail.com> References: <628233b11002110743v285e99b2uddd5a3b627eb7a52@mail.gmail.com> Message-ID: <89540455-3959-48CB-AAFC-10CB1949DDA8@osu.edu> On Feb 11, 2010, at 10:43 AM, Luca Renaud wrote: > I have read some of Bro's docs and a script named start-capture-all > is pointed as a method to help capture > bulk traces with Bro.However that script is not present in Bro-1.5.1 > distribution as I know.So,was the function > it was supposed to do transferred to broctl ? > Right now,what is the better method to capture bulk traces for > offline analysis (not using tcpdump) just > using Bro. There is a command line argument for it... -w|--writefile | write to given tcpdump file Why are you interested in using Bro for capturing your bulk traces? It seems like it would make more sense to stick with something like Time Machine[1], tcpdump, or DaemonLogger[2]. .Seth 1. http://www.net.t-labs.tu-berlin.de/research/tm/ 2. http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From robin at icir.org Thu Feb 11 08:15:22 2010 From: robin at icir.org (Robin Sommer) Date: Thu, 11 Feb 2010 08:15:22 -0800 Subject: [Bro] Installing Bro-1.5.1 Ubuntu 9.10 Problem with gcc In-Reply-To: <471441.71574.qm@web31504.mail.mud.yahoo.com> References: <471441.71574.qm@web31504.mail.mud.yahoo.com> Message-ID: <20100211161522.GB82234@icir.org> On Thu, Feb 11, 2010 at 07:05 -0800, ssm_as wrote: > broccoli_intern_wrap.c:8557: error: ?Swig_var_bro_debug_messages_get? undeclared (first use in this function) > broccoli_intern_wrap.c:8557: error: ?Swig_var_bro_debug_messages_set? undeclared (first use in this function) That looks like a problem similar to one we have heard about earlier: a config difference between your system and the system generating the Python bindings for Broccoli. There's an experimental patch to fix such problems, I'm attaching it. Can you see if that helps already? Thanks, Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org -------------- next part -------------- Index: aux/broccoli/bindings/python/broccoli_intern.i =================================================================== --- aux/broccoli/bindings/python/broccoli_intern.i (revision 6962) +++ aux/broccoli/bindings/python/broccoli_intern.i (working copy) @@ -333,5 +333,60 @@ free($2); } -// Parse the header file to generate wrappers -%include +///// The following is a subset of broccoli.h for which we provide wrappers. + +#define BRO_TYPE_UNKNOWN 0 +#define BRO_TYPE_BOOL 1 +#define BRO_TYPE_INT 2 +#define BRO_TYPE_COUNT 3 +#define BRO_TYPE_COUNTER 4 +#define BRO_TYPE_DOUBLE 5 +#define BRO_TYPE_TIME 6 +#define BRO_TYPE_INTERVAL 7 +#define BRO_TYPE_STRING 8 +#define BRO_TYPE_PATTERN 9 +#define BRO_TYPE_ENUM 10 +#define BRO_TYPE_TIMER 11 +#define BRO_TYPE_PORT 12 +#define BRO_TYPE_IPADDR 13 +#define BRO_TYPE_NET 14 +#define BRO_TYPE_SUBNET 15 +#define BRO_TYPE_ANY 16 +#define BRO_TYPE_TABLE 17 +#define BRO_TYPE_UNION 18 +#define BRO_TYPE_RECORD 19 +#define BRO_TYPE_LIST 20 +#define BRO_TYPE_FUNC 21 +#define BRO_TYPE_FILE 22 +#define BRO_TYPE_VECTOR 23 +#define BRO_TYPE_ERROR 24 +#define BRO_TYPE_PACKET 25 +#define BRO_TYPE_SET 26 +#define BRO_TYPE_MAX 27 +#define BRO_CFLAG_NONE 0 +#define BRO_CFLAG_RECONNECT (1 << 0) +#define BRO_CFLAG_ALWAYS_QUEUE (1 << 1) +#define BRO_CFLAG_SHAREABLE (1 << 2) +#define BRO_CFLAG_DONTCACHE (1 << 3) +#define BRO_CFLAG_YIELD (1 << 4) +#define BRO_CFLAG_CACHE (1 << 5) + +// The exact types of these don't really matter as we're only +// passing pointers around. +typedef void BroCtx; +typedef void BroConn; +typedef void BroEvent; + +int bro_init(const BroCtx *ctx); +BroConn *bro_conn_new_str(const char *hostname, int flags); +void bro_conn_set_class(BroConn *bc, const char *classname); +int bro_conn_connect(BroConn *bc); +int bro_conn_process_input(BroConn *bc); +int bro_event_queue_length(BroConn *bc); +BroEvent *bro_event_new(const char *event_name); +void bro_event_free(BroEvent *be); +int bro_event_add_val(BroEvent *be, int type, const char *type_name,const void *val); +int bro_event_send(BroConn *bc, BroEvent *be); +void bro_event_registry_add_compact(BroConn *bc, const char *event_name, BroCompactEventFunc func, void *user_data); +double bro_util_current_time(void); + Index: aux/broccoli/bindings/python/broccoli_intern.py =================================================================== --- aux/broccoli/bindings/python/broccoli_intern.py (revision 6962) +++ aux/broccoli/bindings/python/broccoli_intern.py (working copy) @@ -1,5 +1,5 @@ # This file was automatically generated by SWIG (http://www.swig.org). -# Version 1.3.35 +# Version 1.3.31 # # Don't modify this file, modify the SWIG interface instead. # This file is compatible with both classic and new-style classes. @@ -48,8 +48,6 @@ del types -FALSE = _broccoli_intern.FALSE -TRUE = _broccoli_intern.TRUE BRO_TYPE_UNKNOWN = _broccoli_intern.BRO_TYPE_UNKNOWN BRO_TYPE_BOOL = _broccoli_intern.BRO_TYPE_BOOL BRO_TYPE_INT = _broccoli_intern.BRO_TYPE_INT @@ -85,297 +83,17 @@ BRO_CFLAG_DONTCACHE = _broccoli_intern.BRO_CFLAG_DONTCACHE BRO_CFLAG_YIELD = _broccoli_intern.BRO_CFLAG_YIELD BRO_CFLAG_CACHE = _broccoli_intern.BRO_CFLAG_CACHE -class BroCtx(_object): - __swig_setmethods__ = {} - __setattr__ = lambda self, name, value: _swig_setattr(self, BroCtx, name, value) - __swig_getmethods__ = {} - __getattr__ = lambda self, name: _swig_getattr(self, BroCtx, name) - __repr__ = _swig_repr - __swig_setmethods__["lock_func"] = _broccoli_intern.BroCtx_lock_func_set - __swig_getmethods__["lock_func"] = _broccoli_intern.BroCtx_lock_func_get - if _newclass:lock_func = _swig_property(_broccoli_intern.BroCtx_lock_func_get, _broccoli_intern.BroCtx_lock_func_set) - __swig_setmethods__["id_func"] = _broccoli_intern.BroCtx_id_func_set - __swig_getmethods__["id_func"] = _broccoli_intern.BroCtx_id_func_get - if _newclass:id_func = _swig_property(_broccoli_intern.BroCtx_id_func_get, _broccoli_intern.BroCtx_id_func_set) - __swig_setmethods__["dl_create_func"] = _broccoli_intern.BroCtx_dl_create_func_set - __swig_getmethods__["dl_create_func"] = _broccoli_intern.BroCtx_dl_create_func_get - if _newclass:dl_create_func = _swig_property(_broccoli_intern.BroCtx_dl_create_func_get, _broccoli_intern.BroCtx_dl_create_func_set) - __swig_setmethods__["dl_lock_func"] = _broccoli_intern.BroCtx_dl_lock_func_set - __swig_getmethods__["dl_lock_func"] = _broccoli_intern.BroCtx_dl_lock_func_get - if _newclass:dl_lock_func = _swig_property(_broccoli_intern.BroCtx_dl_lock_func_get, _broccoli_intern.BroCtx_dl_lock_func_set) - __swig_setmethods__["dl_free_func"] = _broccoli_intern.BroCtx_dl_free_func_set - __swig_getmethods__["dl_free_func"] = _broccoli_intern.BroCtx_dl_free_func_get - if _newclass:dl_free_func = _swig_property(_broccoli_intern.BroCtx_dl_free_func_get, _broccoli_intern.BroCtx_dl_free_func_set) - def __init__(self, *args): - this = _broccoli_intern.new_BroCtx(*args) - try: self.this.append(this) - except: self.this = this - __swig_destroy__ = _broccoli_intern.delete_BroCtx - __del__ = lambda self : None; -BroCtx_swigregister = _broccoli_intern.BroCtx_swigregister -BroCtx_swigregister(BroCtx) -cvar = _broccoli_intern.cvar - -class BroConnStats(_object): - __swig_setmethods__ = {} - __setattr__ = lambda self, name, value: _swig_setattr(self, BroConnStats, name, value) - __swig_getmethods__ = {} - __getattr__ = lambda self, name: _swig_getattr(self, BroConnStats, name) - __repr__ = _swig_repr - __swig_setmethods__["tx_buflen"] = _broccoli_intern.BroConnStats_tx_buflen_set - __swig_getmethods__["tx_buflen"] = _broccoli_intern.BroConnStats_tx_buflen_get - if _newclass:tx_buflen = _swig_property(_broccoli_intern.BroConnStats_tx_buflen_get, _broccoli_intern.BroConnStats_tx_buflen_set) - __swig_setmethods__["rx_buflen"] = _broccoli_intern.BroConnStats_rx_buflen_set - __swig_getmethods__["rx_buflen"] = _broccoli_intern.BroConnStats_rx_buflen_get - if _newclass:rx_buflen = _swig_property(_broccoli_intern.BroConnStats_rx_buflen_get, _broccoli_intern.BroConnStats_rx_buflen_set) - def __init__(self, *args): - this = _broccoli_intern.new_BroConnStats(*args) - try: self.this.append(this) - except: self.this = this - __swig_destroy__ = _broccoli_intern.delete_BroConnStats - __del__ = lambda self : None; -BroConnStats_swigregister = _broccoli_intern.BroConnStats_swigregister -BroConnStats_swigregister(BroConnStats) - -class BroString(_object): - __swig_setmethods__ = {} - __setattr__ = lambda self, name, value: _swig_setattr(self, BroString, name, value) - __swig_getmethods__ = {} - __getattr__ = lambda self, name: _swig_getattr(self, BroString, name) - __repr__ = _swig_repr - __swig_setmethods__["str_len"] = _broccoli_intern.BroString_str_len_set - __swig_getmethods__["str_len"] = _broccoli_intern.BroString_str_len_get - if _newclass:str_len = _swig_property(_broccoli_intern.BroString_str_len_get, _broccoli_intern.BroString_str_len_set) - __swig_setmethods__["str_val"] = _broccoli_intern.BroString_str_val_set - __swig_getmethods__["str_val"] = _broccoli_intern.BroString_str_val_get - if _newclass:str_val = _swig_property(_broccoli_intern.BroString_str_val_get, _broccoli_intern.BroString_str_val_set) - def __init__(self, *args): - this = _broccoli_intern.new_BroString(*args) - try: self.this.append(this) - except: self.this = this - __swig_destroy__ = _broccoli_intern.delete_BroString - __del__ = lambda self : None; -BroString_swigregister = _broccoli_intern.BroString_swigregister -BroString_swigregister(BroString) - -class BroPort(_object): - __swig_setmethods__ = {} - __setattr__ = lambda self, name, value: _swig_setattr(self, BroPort, name, value) - __swig_getmethods__ = {} - __getattr__ = lambda self, name: _swig_getattr(self, BroPort, name) - __repr__ = _swig_repr - __swig_setmethods__["port_num"] = _broccoli_intern.BroPort_port_num_set - __swig_getmethods__["port_num"] = _broccoli_intern.BroPort_port_num_get - if _newclass:port_num = _swig_property(_broccoli_intern.BroPort_port_num_get, _broccoli_intern.BroPort_port_num_set) - __swig_setmethods__["port_proto"] = _broccoli_intern.BroPort_port_proto_set - __swig_getmethods__["port_proto"] = _broccoli_intern.BroPort_port_proto_get - if _newclass:port_proto = _swig_property(_broccoli_intern.BroPort_port_proto_get, _broccoli_intern.BroPort_port_proto_set) - def __init__(self, *args): - this = _broccoli_intern.new_BroPort(*args) - try: self.this.append(this) - except: self.this = this - __swig_destroy__ = _broccoli_intern.delete_BroPort - __del__ = lambda self : None; -BroPort_swigregister = _broccoli_intern.BroPort_swigregister -BroPort_swigregister(BroPort) - -class BroSubnet(_object): - __swig_setmethods__ = {} - __setattr__ = lambda self, name, value: _swig_setattr(self, BroSubnet, name, value) - __swig_getmethods__ = {} - __getattr__ = lambda self, name: _swig_getattr(self, BroSubnet, name) - __repr__ = _swig_repr - __swig_setmethods__["sn_net"] = _broccoli_intern.BroSubnet_sn_net_set - __swig_getmethods__["sn_net"] = _broccoli_intern.BroSubnet_sn_net_get - if _newclass:sn_net = _swig_property(_broccoli_intern.BroSubnet_sn_net_get, _broccoli_intern.BroSubnet_sn_net_set) - __swig_setmethods__["sn_width"] = _broccoli_intern.BroSubnet_sn_width_set - __swig_getmethods__["sn_width"] = _broccoli_intern.BroSubnet_sn_width_get - if _newclass:sn_width = _swig_property(_broccoli_intern.BroSubnet_sn_width_get, _broccoli_intern.BroSubnet_sn_width_set) - def __init__(self, *args): - this = _broccoli_intern.new_BroSubnet(*args) - try: self.this.append(this) - except: self.this = this - __swig_destroy__ = _broccoli_intern.delete_BroSubnet - __del__ = lambda self : None; -BroSubnet_swigregister = _broccoli_intern.BroSubnet_swigregister -BroSubnet_swigregister(BroSubnet) - -class BroEvArg(_object): - __swig_setmethods__ = {} - __setattr__ = lambda self, name, value: _swig_setattr(self, BroEvArg, name, value) - __swig_getmethods__ = {} - __getattr__ = lambda self, name: _swig_getattr(self, BroEvArg, name) - __repr__ = _swig_repr - __swig_setmethods__["arg_data"] = _broccoli_intern.BroEvArg_arg_data_set - __swig_getmethods__["arg_data"] = _broccoli_intern.BroEvArg_arg_data_get - if _newclass:arg_data = _swig_property(_broccoli_intern.BroEvArg_arg_data_get, _broccoli_intern.BroEvArg_arg_data_set) - __swig_setmethods__["arg_type"] = _broccoli_intern.BroEvArg_arg_type_set - __swig_getmethods__["arg_type"] = _broccoli_intern.BroEvArg_arg_type_get - if _newclass:arg_type = _swig_property(_broccoli_intern.BroEvArg_arg_type_get, _broccoli_intern.BroEvArg_arg_type_set) - def __init__(self, *args): - this = _broccoli_intern.new_BroEvArg(*args) - try: self.this.append(this) - except: self.this = this - __swig_destroy__ = _broccoli_intern.delete_BroEvArg - __del__ = lambda self : None; -BroEvArg_swigregister = _broccoli_intern.BroEvArg_swigregister -BroEvArg_swigregister(BroEvArg) - -class bro_ev_meta(_object): - __swig_setmethods__ = {} - __setattr__ = lambda self, name, value: _swig_setattr(self, bro_ev_meta, name, value) - __swig_getmethods__ = {} - __getattr__ = lambda self, name: _swig_getattr(self, bro_ev_meta, name) - __repr__ = _swig_repr - __swig_setmethods__["ev_name"] = _broccoli_intern.bro_ev_meta_ev_name_set - __swig_getmethods__["ev_name"] = _broccoli_intern.bro_ev_meta_ev_name_get - if _newclass:ev_name = _swig_property(_broccoli_intern.bro_ev_meta_ev_name_get, _broccoli_intern.bro_ev_meta_ev_name_set) - __swig_setmethods__["ev_ts"] = _broccoli_intern.bro_ev_meta_ev_ts_set - __swig_getmethods__["ev_ts"] = _broccoli_intern.bro_ev_meta_ev_ts_get - if _newclass:ev_ts = _swig_property(_broccoli_intern.bro_ev_meta_ev_ts_get, _broccoli_intern.bro_ev_meta_ev_ts_set) - __swig_setmethods__["ev_numargs"] = _broccoli_intern.bro_ev_meta_ev_numargs_set - __swig_getmethods__["ev_numargs"] = _broccoli_intern.bro_ev_meta_ev_numargs_get - if _newclass:ev_numargs = _swig_property(_broccoli_intern.bro_ev_meta_ev_numargs_get, _broccoli_intern.bro_ev_meta_ev_numargs_set) - __swig_setmethods__["ev_args"] = _broccoli_intern.bro_ev_meta_ev_args_set - __swig_getmethods__["ev_args"] = _broccoli_intern.bro_ev_meta_ev_args_get - if _newclass:ev_args = _swig_property(_broccoli_intern.bro_ev_meta_ev_args_get, _broccoli_intern.bro_ev_meta_ev_args_set) - __swig_setmethods__["ev_start"] = _broccoli_intern.bro_ev_meta_ev_start_set - __swig_getmethods__["ev_start"] = _broccoli_intern.bro_ev_meta_ev_start_get - if _newclass:ev_start = _swig_property(_broccoli_intern.bro_ev_meta_ev_start_get, _broccoli_intern.bro_ev_meta_ev_start_set) - __swig_setmethods__["ev_end"] = _broccoli_intern.bro_ev_meta_ev_end_set - __swig_getmethods__["ev_end"] = _broccoli_intern.bro_ev_meta_ev_end_get - if _newclass:ev_end = _swig_property(_broccoli_intern.bro_ev_meta_ev_end_get, _broccoli_intern.bro_ev_meta_ev_end_set) - def __init__(self, *args): - this = _broccoli_intern.new_bro_ev_meta(*args) - try: self.this.append(this) - except: self.this = this - __swig_destroy__ = _broccoli_intern.delete_bro_ev_meta - __del__ = lambda self : None; -bro_ev_meta_swigregister = _broccoli_intern.bro_ev_meta_swigregister -bro_ev_meta_swigregister(bro_ev_meta) - -class bro_packet(_object): - __swig_setmethods__ = {} - __setattr__ = lambda self, name, value: _swig_setattr(self, bro_packet, name, value) - __swig_getmethods__ = {} - __getattr__ = lambda self, name: _swig_getattr(self, bro_packet, name) - __repr__ = _swig_repr - __swig_setmethods__["pkt_time"] = _broccoli_intern.bro_packet_pkt_time_set - __swig_getmethods__["pkt_time"] = _broccoli_intern.bro_packet_pkt_time_get - if _newclass:pkt_time = _swig_property(_broccoli_intern.bro_packet_pkt_time_get, _broccoli_intern.bro_packet_pkt_time_set) - __swig_setmethods__["pkt_hdr_size"] = _broccoli_intern.bro_packet_pkt_hdr_size_set - __swig_getmethods__["pkt_hdr_size"] = _broccoli_intern.bro_packet_pkt_hdr_size_get - if _newclass:pkt_hdr_size = _swig_property(_broccoli_intern.bro_packet_pkt_hdr_size_get, _broccoli_intern.bro_packet_pkt_hdr_size_set) - __swig_setmethods__["pkt_link_type"] = _broccoli_intern.bro_packet_pkt_link_type_set - __swig_getmethods__["pkt_link_type"] = _broccoli_intern.bro_packet_pkt_link_type_get - if _newclass:pkt_link_type = _swig_property(_broccoli_intern.bro_packet_pkt_link_type_get, _broccoli_intern.bro_packet_pkt_link_type_set) - __swig_setmethods__["pkt_pcap_hdr"] = _broccoli_intern.bro_packet_pkt_pcap_hdr_set - __swig_getmethods__["pkt_pcap_hdr"] = _broccoli_intern.bro_packet_pkt_pcap_hdr_get - if _newclass:pkt_pcap_hdr = _swig_property(_broccoli_intern.bro_packet_pkt_pcap_hdr_get, _broccoli_intern.bro_packet_pkt_pcap_hdr_set) - __swig_setmethods__["pkt_data"] = _broccoli_intern.bro_packet_pkt_data_set - __swig_getmethods__["pkt_data"] = _broccoli_intern.bro_packet_pkt_data_get - if _newclass:pkt_data = _swig_property(_broccoli_intern.bro_packet_pkt_data_get, _broccoli_intern.bro_packet_pkt_data_set) - __swig_setmethods__["pkt_tag"] = _broccoli_intern.bro_packet_pkt_tag_set - __swig_getmethods__["pkt_tag"] = _broccoli_intern.bro_packet_pkt_tag_get - if _newclass:pkt_tag = _swig_property(_broccoli_intern.bro_packet_pkt_tag_get, _broccoli_intern.bro_packet_pkt_tag_set) - def __init__(self, *args): - this = _broccoli_intern.new_bro_packet(*args) - try: self.this.append(this) - except: self.this = this - __swig_destroy__ = _broccoli_intern.delete_bro_packet - __del__ = lambda self : None; -bro_packet_swigregister = _broccoli_intern.bro_packet_swigregister -bro_packet_swigregister(bro_packet) - bro_init = _broccoli_intern.bro_init -bro_ctx_init = _broccoli_intern.bro_ctx_init -bro_conn_new = _broccoli_intern.bro_conn_new bro_conn_new_str = _broccoli_intern.bro_conn_new_str -bro_conn_new_socket = _broccoli_intern.bro_conn_new_socket bro_conn_set_class = _broccoli_intern.bro_conn_set_class -bro_conn_get_peer_class = _broccoli_intern.bro_conn_get_peer_class -bro_conn_get_connstats = _broccoli_intern.bro_conn_get_connstats bro_conn_connect = _broccoli_intern.bro_conn_connect -bro_conn_reconnect = _broccoli_intern.bro_conn_reconnect -bro_conn_delete = _broccoli_intern.bro_conn_delete -bro_conn_alive = _broccoli_intern.bro_conn_alive -bro_conn_adopt_events = _broccoli_intern.bro_conn_adopt_events -bro_conn_get_fd = _broccoli_intern.bro_conn_get_fd bro_conn_process_input = _broccoli_intern.bro_conn_process_input -bro_conn_data_set = _broccoli_intern.bro_conn_data_set -bro_conn_data_get = _broccoli_intern.bro_conn_data_get -bro_conn_data_del = _broccoli_intern.bro_conn_data_del +bro_event_queue_length = _broccoli_intern.bro_event_queue_length bro_event_new = _broccoli_intern.bro_event_new bro_event_free = _broccoli_intern.bro_event_free bro_event_add_val = _broccoli_intern.bro_event_add_val -bro_event_set_val = _broccoli_intern.bro_event_set_val bro_event_send = _broccoli_intern.bro_event_send -bro_event_send_raw = _broccoli_intern.bro_event_send_raw -bro_event_queue_length = _broccoli_intern.bro_event_queue_length -bro_event_queue_length_max = _broccoli_intern.bro_event_queue_length_max -bro_event_queue_flush = _broccoli_intern.bro_event_queue_flush -bro_event_registry_add = _broccoli_intern.bro_event_registry_add bro_event_registry_add_compact = _broccoli_intern.bro_event_registry_add_compact -bro_event_registry_remove = _broccoli_intern.bro_event_registry_remove -bro_event_registry_request = _broccoli_intern.bro_event_registry_request -bro_buf_new = _broccoli_intern.bro_buf_new -bro_buf_free = _broccoli_intern.bro_buf_free -bro_buf_append = _broccoli_intern.bro_buf_append -bro_buf_consume = _broccoli_intern.bro_buf_consume -bro_buf_reset = _broccoli_intern.bro_buf_reset -bro_buf_get = _broccoli_intern.bro_buf_get -bro_buf_get_end = _broccoli_intern.bro_buf_get_end -bro_buf_get_size = _broccoli_intern.bro_buf_get_size -bro_buf_get_used_size = _broccoli_intern.bro_buf_get_used_size -bro_buf_ptr_get = _broccoli_intern.bro_buf_ptr_get -bro_buf_ptr_tell = _broccoli_intern.bro_buf_ptr_tell -bro_buf_ptr_seek = _broccoli_intern.bro_buf_ptr_seek -bro_buf_ptr_check = _broccoli_intern.bro_buf_ptr_check -bro_buf_ptr_read = _broccoli_intern.bro_buf_ptr_read -bro_buf_ptr_write = _broccoli_intern.bro_buf_ptr_write -bro_conf_set_domain = _broccoli_intern.bro_conf_set_domain -bro_conf_get_int = _broccoli_intern.bro_conf_get_int -bro_conf_get_dbl = _broccoli_intern.bro_conf_get_dbl -bro_conf_get_str = _broccoli_intern.bro_conf_get_str -bro_string_init = _broccoli_intern.bro_string_init -bro_string_set = _broccoli_intern.bro_string_set -bro_string_set_data = _broccoli_intern.bro_string_set_data -bro_string_get_data = _broccoli_intern.bro_string_get_data -bro_string_get_length = _broccoli_intern.bro_string_get_length -bro_string_copy = _broccoli_intern.bro_string_copy -bro_string_assign = _broccoli_intern.bro_string_assign -bro_string_cleanup = _broccoli_intern.bro_string_cleanup -bro_string_free = _broccoli_intern.bro_string_free -bro_record_new = _broccoli_intern.bro_record_new -bro_record_free = _broccoli_intern.bro_record_free -bro_record_get_length = _broccoli_intern.bro_record_get_length -bro_record_add_val = _broccoli_intern.bro_record_add_val -bro_record_get_nth_val = _broccoli_intern.bro_record_get_nth_val -bro_record_get_nth_name = _broccoli_intern.bro_record_get_nth_name -bro_record_get_named_val = _broccoli_intern.bro_record_get_named_val -bro_record_set_nth_val = _broccoli_intern.bro_record_set_nth_val -bro_record_set_named_val = _broccoli_intern.bro_record_set_named_val -bro_table_new = _broccoli_intern.bro_table_new -bro_table_free = _broccoli_intern.bro_table_free -bro_table_insert = _broccoli_intern.bro_table_insert -bro_table_find = _broccoli_intern.bro_table_find -bro_table_get_size = _broccoli_intern.bro_table_get_size -bro_table_foreach = _broccoli_intern.bro_table_foreach -bro_table_get_types = _broccoli_intern.bro_table_get_types -bro_set_new = _broccoli_intern.bro_set_new -bro_set_free = _broccoli_intern.bro_set_free -bro_set_insert = _broccoli_intern.bro_set_insert -bro_set_find = _broccoli_intern.bro_set_find -bro_set_get_size = _broccoli_intern.bro_set_get_size -bro_set_foreach = _broccoli_intern.bro_set_foreach -bro_set_get_type = _broccoli_intern.bro_set_get_type -bro_conn_set_packet_ctxt = _broccoli_intern.bro_conn_set_packet_ctxt -bro_conn_get_packet_ctxt = _broccoli_intern.bro_conn_get_packet_ctxt -bro_packet_new = _broccoli_intern.bro_packet_new -bro_packet_clone = _broccoli_intern.bro_packet_clone -bro_packet_free = _broccoli_intern.bro_packet_free -bro_packet_send = _broccoli_intern.bro_packet_send bro_util_current_time = _broccoli_intern.bro_util_current_time -bro_util_timeval_to_double = _broccoli_intern.bro_util_timeval_to_double Index: aux/broccoli/bindings/python/broccoli.py =================================================================== --- aux/broccoli/bindings/python/broccoli.py (revision 6962) +++ aux/broccoli/bindings/python/broccoli.py (working copy) @@ -207,7 +207,7 @@ Val.__init__(self, BRO_TYPE_IPADDR, v) def __str__(self): - return socket.inet_ntoa(struct.pack('l', self.val)) + return socket.inet_ntoa(struct.pack('=l', self.val)) @staticmethod def _factory(val, dst_type): @@ -218,7 +218,7 @@ return v def _parse(self, str): - return struct.unpack('l',socket.inet_aton(str))[0] + return struct.unpack('=l',socket.inet_aton(str))[0] # Not supported at this point. Need to write a parse function. class net(Val): @@ -247,7 +247,7 @@ def __str__(self): (net, mask) = self.val - return "%s/%d" % (socket.inet_ntoa(struct.pack('l', net)), mask) + return "%s/%d" % (socket.inet_ntoa(struct.pack('=l', net)), mask) @staticmethod def _factory(val, dst_type): @@ -259,7 +259,7 @@ def _parse(self, str): (net, mask) = str.split("/") - return (struct.unpack('l',socket.inet_aton(net))[0], int(mask)) + return (struct.unpack('=l',socket.inet_aton(net))[0], int(mask)) # Not supported at this point since Broccoli seems to have problems with # enums. Also need to write parse functions. Index: aux/broccoli/bindings/python/broccoli_intern_wrap.c =================================================================== --- aux/broccoli/bindings/python/broccoli_intern_wrap.c (revision 6962) +++ aux/broccoli/bindings/python/broccoli_intern_wrap.c (working copy) @@ -1,6 +1,6 @@ /* ---------------------------------------------------------------------------- * This file was automatically generated by SWIG (http://www.swig.org). - * Version 1.3.35 + * Version 1.3.31 * * This file is not intended to be easily readable and contains a number of * coding conventions designed to improve portability and efficiency. Do not make @@ -17,14 +17,14 @@ /* template workaround for compilers that cannot correctly implement the C++ standard */ #ifndef SWIGTEMPLATEDISAMBIGUATOR -# if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x560) -# define SWIGTEMPLATEDISAMBIGUATOR template -# elif defined(__HP_aCC) -/* Needed even with `aCC -AA' when `aCC -V' reports HP ANSI C++ B3910B A.03.55 */ -/* If we find a maximum version that requires this, the test would be __HP_aCC <= 35500 for A.03.55 */ -# define SWIGTEMPLATEDISAMBIGUATOR template +# if defined(__SUNPRO_CC) +# if (__SUNPRO_CC <= 0x560) +# define SWIGTEMPLATEDISAMBIGUATOR template +# else +# define SWIGTEMPLATEDISAMBIGUATOR +# endif # else -# define SWIGTEMPLATEDISAMBIGUATOR +# define SWIGTEMPLATEDISAMBIGUATOR # endif #endif @@ -107,13 +107,7 @@ # define _CRT_SECURE_NO_DEPRECATE #endif -/* Deal with Microsoft's attempt at deprecating methods in the standard C++ library */ -#if !defined(SWIG_NO_SCL_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_SCL_SECURE_NO_DEPRECATE) -# define _SCL_SECURE_NO_DEPRECATE -#endif - - /* Python.h has to appear first */ #include @@ -126,7 +120,7 @@ /* This should only be incremented when either the layout of swig_type_info changes, or for whatever reason, the runtime changes incompatibly */ -#define SWIG_RUNTIME_VERSION "4" +#define SWIG_RUNTIME_VERSION "3" /* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */ #ifdef SWIG_TYPE_TABLE @@ -161,7 +155,6 @@ /* Flags for pointer conversions */ #define SWIG_POINTER_DISOWN 0x1 -#define SWIG_CAST_NEW_MEMORY 0x2 /* Flags for new pointer objects */ #define SWIG_POINTER_OWN 0x1 @@ -302,10 +295,10 @@ extern "C" { #endif -typedef void *(*swig_converter_func)(void *, int *); +typedef void *(*swig_converter_func)(void *); typedef struct swig_type_info *(*swig_dycast_func)(void **); -/* Structure to store information on one type */ +/* Structure to store inforomation on one type */ typedef struct swig_type_info { const char *name; /* mangled name of this type */ const char *str; /* human readable name of this type */ @@ -350,7 +343,7 @@ while ((*f2 == ' ') && (f2 != l2)) ++f2; if (*f1 != *f2) return (*f1 > *f2) ? 1 : -1; } - return (int)((l1 - f1) - (l2 - f2)); + return (l1 - f1) - (l2 - f2); } /* @@ -432,8 +425,8 @@ Cast a pointer up an inheritance hierarchy */ SWIGRUNTIMEINLINE void * -SWIG_TypeCast(swig_cast_info *ty, void *ptr, int *newmemory) { - return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr, newmemory); +SWIG_TypeCast(swig_cast_info *ty, void *ptr) { + return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr); } /* @@ -857,7 +850,7 @@ Py_DECREF(old_str); Py_DECREF(value); } else { - PyErr_SetString(PyExc_RuntimeError, mesg); + PyErr_Format(PyExc_RuntimeError, mesg); } } @@ -1097,14 +1090,14 @@ /* Unpack the argument tuple */ SWIGINTERN int -SWIG_Python_UnpackTuple(PyObject *args, const char *name, Py_ssize_t min, Py_ssize_t max, PyObject **objs) +SWIG_Python_UnpackTuple(PyObject *args, const char *name, int min, int max, PyObject **objs) { if (!args) { if (!min && !max) { return 1; } else { PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got none", - name, (min == max ? "" : "at least "), (int)min); + name, (min == max ? "" : "at least "), min); return 0; } } @@ -1112,14 +1105,14 @@ PyErr_SetString(PyExc_SystemError, "UnpackTuple() argument list is not a tuple"); return 0; } else { - register Py_ssize_t l = PyTuple_GET_SIZE(args); + register int l = PyTuple_GET_SIZE(args); if (l < min) { PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d", - name, (min == max ? "" : "at least "), (int)min, (int)l); + name, (min == max ? "" : "at least "), min, l); return 0; } else if (l > max) { PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d", - name, (min == max ? "" : "at most "), (int)max, (int)l); + name, (min == max ? "" : "at most "), max, l); return 0; } else { register int i; @@ -1417,7 +1410,7 @@ { PySwigObject *sobj = (PySwigObject *) v; PyObject *next = sobj->next; - if (sobj->own == SWIG_POINTER_OWN) { + if (sobj->own) { swig_type_info *ty = sobj->ty; PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0; PyObject *destroy = data ? data->destroy : 0; @@ -1435,13 +1428,12 @@ res = ((*meth)(mself, v)); } Py_XDECREF(res); - } -#if !defined(SWIG_PYTHON_SILENT_MEMLEAK) - else { + } else { const char *name = SWIG_TypePrettyName(ty); - printf("swig/python detected a memory leak of type '%s', no destructor found.\n", (name ? name : "unknown")); - } +#if !defined(SWIG_PYTHON_SILENT_MEMLEAK) + printf("swig/python detected a memory leak of type '%s', no destructor found.\n", name); #endif + } } Py_XDECREF(next); PyObject_DEL(v); @@ -1599,11 +1591,9 @@ (unaryfunc)0, /*nb_float*/ (unaryfunc)PySwigObject_oct, /*nb_oct*/ (unaryfunc)PySwigObject_hex, /*nb_hex*/ -#if PY_VERSION_HEX >= 0x02050000 /* 2.5.0 */ - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_index */ -#elif PY_VERSION_HEX >= 0x02020000 /* 2.2.0 */ - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */ -#elif PY_VERSION_HEX >= 0x02000000 /* 2.0.0 */ +#if PY_VERSION_HEX >= 0x02020000 + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */ +#elif PY_VERSION_HEX >= 0x02000000 0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_or */ #endif }; @@ -1946,7 +1936,7 @@ SWIGRUNTIME int SWIG_Python_AcquirePtr(PyObject *obj, int own) { - if (own == SWIG_POINTER_OWN) { + if (own) { PySwigObject *sobj = SWIG_Python_GetSwigThis(obj); if (sobj) { int oldown = sobj->own; @@ -1967,8 +1957,6 @@ return SWIG_OK; } else { PySwigObject *sobj = SWIG_Python_GetSwigThis(obj); - if (own) - *own = 0; while (sobj) { void *vptr = sobj->ptr; if (ty) { @@ -1982,15 +1970,7 @@ if (!tc) { sobj = (PySwigObject *)sobj->next; } else { - if (ptr) { - int newmemory = 0; - *ptr = SWIG_TypeCast(tc,vptr,&newmemory); - if (newmemory == SWIG_CAST_NEW_MEMORY) { - assert(own); - if (own) - *own = *own | SWIG_CAST_NEW_MEMORY; - } - } + if (ptr) *ptr = SWIG_TypeCast(tc,vptr); break; } } @@ -2000,8 +1980,7 @@ } } if (sobj) { - if (own) - *own = *own | sobj->own; + if (own) *own = sobj->own; if (flags & SWIG_POINTER_DISOWN) { sobj->own = 0; } @@ -2066,13 +2045,8 @@ } if (ty) { swig_cast_info *tc = SWIG_TypeCheck(desc,ty); - if (tc) { - int newmemory = 0; - *ptr = SWIG_TypeCast(tc,vptr,&newmemory); - assert(!newmemory); /* newmemory handling not yet implemented */ - } else { - return SWIG_ERROR; - } + if (!tc) return SWIG_ERROR; + *ptr = SWIG_TypeCast(tc,vptr); } else { *ptr = vptr; } @@ -2474,42 +2448,11 @@ /* -------- TYPES TABLE (BEGIN) -------- */ -#define SWIGTYPE_p_bro_buf swig_types[0] -#define SWIGTYPE_p_bro_conn swig_types[1] -#define SWIGTYPE_p_bro_conn_stats swig_types[2] -#define SWIGTYPE_p_bro_ctx swig_types[3] -#define SWIGTYPE_p_bro_ev_arg swig_types[4] -#define SWIGTYPE_p_bro_ev_meta swig_types[5] -#define SWIGTYPE_p_bro_event swig_types[6] -#define SWIGTYPE_p_bro_packet swig_types[7] -#define SWIGTYPE_p_bro_port swig_types[8] -#define SWIGTYPE_p_bro_record swig_types[9] -#define SWIGTYPE_p_bro_string swig_types[10] -#define SWIGTYPE_p_bro_subnet swig_types[11] -#define SWIGTYPE_p_bro_table swig_types[12] -#define SWIGTYPE_p_char swig_types[13] -#define SWIGTYPE_p_double swig_types[14] -#define SWIGTYPE_p_f_int_int_p_q_const__char_int__void swig_types[15] -#define SWIGTYPE_p_f_int_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void swig_types[16] -#define SWIGTYPE_p_f_p_q_const__char_int__p_CRYPTO_dynlock_value swig_types[17] -#define SWIGTYPE_p_f_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void swig_types[18] -#define SWIGTYPE_p_f_p_struct_bro_conn_p_void_p_struct_bro_ev_meta__void swig_types[19] -#define SWIGTYPE_p_f_p_struct_bro_conn_p_void_v_______void swig_types[20] -#define SWIGTYPE_p_f_p_void_p_void__int swig_types[21] -#define SWIGTYPE_p_f_p_void_p_void_p_void__int swig_types[22] -#define SWIGTYPE_p_f_void__unsigned_long swig_types[23] -#define SWIGTYPE_p_in_addr swig_types[24] -#define SWIGTYPE_p_int swig_types[25] -#define SWIGTYPE_p_pcap_pkthdr swig_types[26] -#define SWIGTYPE_p_timeval swig_types[27] -#define SWIGTYPE_p_u_char swig_types[28] -#define SWIGTYPE_p_uint swig_types[29] -#define SWIGTYPE_p_unsigned_char swig_types[30] -#define SWIGTYPE_p_unsigned_int swig_types[31] -#define SWIGTYPE_p_unsigned_short swig_types[32] -#define SWIGTYPE_p_void swig_types[33] -static swig_type_info *swig_types[35]; -static swig_module_info swig_module = {swig_types, 34, 0, 0, 0, 0}; +#define SWIGTYPE_p_BroCompactEventFunc swig_types[0] +#define SWIGTYPE_p_char swig_types[1] +#define SWIGTYPE_p_void swig_types[2] +static swig_type_info *swig_types[4]; +static swig_module_info swig_module = {swig_types, 3, 0, 0, 0, 0}; #define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name) #define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name) @@ -2528,7 +2471,7 @@ #define SWIG_name "_broccoli_intern" -#define SWIGVERSION 0x010335 +#define SWIGVERSION 0x010331 #define SWIG_VERSION SWIGVERSION @@ -2821,14 +2764,94 @@ + #define SWIG_From_long PyInt_FromLong + + +SWIGINTERNINLINE PyObject * +SWIG_From_int (int value) +{ + return SWIG_From_long (value); +} + + +SWIGINTERN swig_type_info* +SWIG_pchar_descriptor(void) +{ + static int init = 0; + static swig_type_info* info = 0; + if (!init) { + info = SWIG_TypeQuery("_p_char"); + init = 1; + } + return info; +} + + +SWIGINTERN int +SWIG_AsCharPtrAndSize(PyObject *obj, char** cptr, size_t* psize, int *alloc) +{ + if (PyString_Check(obj)) { + char *cstr; Py_ssize_t len; + PyString_AsStringAndSize(obj, &cstr, &len); + if (cptr) { + if (alloc) { + /* + In python the user should not be able to modify the inner + string representation. To warranty that, if you define + SWIG_PYTHON_SAFE_CSTRINGS, a new/copy of the python string + buffer is always returned. + + The default behavior is just to return the pointer value, + so, be careful. + */ +#if defined(SWIG_PYTHON_SAFE_CSTRINGS) + if (*alloc != SWIG_OLDOBJ) +#else + if (*alloc == SWIG_NEWOBJ) +#endif + { + *cptr = (char *)memcpy((char *)malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1)); + *alloc = SWIG_NEWOBJ; + } + else { + *cptr = cstr; + *alloc = SWIG_OLDOBJ; + } + } else { + *cptr = PyString_AsString(obj); + } + } + if (psize) *psize = len + 1; + return SWIG_OK; + } else { + swig_type_info* pchar_descriptor = SWIG_pchar_descriptor(); + if (pchar_descriptor) { + void* vptr = 0; + if (SWIG_ConvertPtr(obj, &vptr, pchar_descriptor, 0) == SWIG_OK) { + if (cptr) *cptr = (char *) vptr; + if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0; + if (alloc) *alloc = SWIG_OLDOBJ; + return SWIG_OK; + } + } + } + return SWIG_TypeError; +} + + + + + #include -#if !defined(SWIG_NO_LLONG_MAX) -# if !defined(LLONG_MAX) && defined(__GNUC__) && defined (__LONG_LONG_MAX__) -# define LLONG_MAX __LONG_LONG_MAX__ -# define LLONG_MIN (-LLONG_MAX - 1LL) -# define ULLONG_MAX (LLONG_MAX * 2ULL + 1ULL) -# endif +#ifndef LLONG_MIN +# define LLONG_MIN LONG_LONG_MIN #endif +#ifndef LLONG_MAX +# define LLONG_MAX LONG_LONG_MAX +#endif +#ifndef ULLONG_MAX +# define ULLONG_MAX ULONG_LONG_MAX +#endif SWIGINTERN int @@ -2966,2052 +2989,24 @@ } - #define SWIG_From_long PyInt_FromLong - - -SWIGINTERNINLINE PyObject * -SWIG_From_int (int value) -{ - return SWIG_From_long (value); -} - - -SWIGINTERN int -SWIG_AsVal_unsigned_SS_long (PyObject *obj, unsigned long *val) -{ - if (PyInt_Check(obj)) { - long v = PyInt_AsLong(obj); - if (v >= 0) { - if (val) *val = v; - return SWIG_OK; - } else { - return SWIG_OverflowError; - } - } else if (PyLong_Check(obj)) { - unsigned long v = PyLong_AsUnsignedLong(obj); - if (!PyErr_Occurred()) { - if (val) *val = v; - return SWIG_OK; - } else { - PyErr_Clear(); - } - } -#ifdef SWIG_PYTHON_CAST_MODE - { - int dispatch = 0; - unsigned long v = PyLong_AsUnsignedLong(obj); - if (!PyErr_Occurred()) { - if (val) *val = v; - return SWIG_AddCast(SWIG_OK); - } else { - PyErr_Clear(); - } - if (!dispatch) { - double d; - int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d)); - if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, 0, ULONG_MAX)) { - if (val) *val = (unsigned long)(d); - return res; - } - } - } -#endif - return SWIG_TypeError; -} - - -SWIGINTERN int -SWIG_AsVal_unsigned_SS_int (PyObject * obj, unsigned int *val) -{ - unsigned long v; - int res = SWIG_AsVal_unsigned_SS_long (obj, &v); - if (SWIG_IsOK(res)) { - if ((v > UINT_MAX)) { - return SWIG_OverflowError; - } else { - if (val) *val = (unsigned int)(v); - } - } - return res; -} - - -SWIGINTERNINLINE PyObject* -SWIG_From_unsigned_SS_long (unsigned long value) -{ - return (value > LONG_MAX) ? - PyLong_FromUnsignedLong(value) : PyInt_FromLong((long)(value)); -} - - -SWIGINTERNINLINE PyObject * -SWIG_From_unsigned_SS_int (unsigned int value) -{ - return SWIG_From_unsigned_SS_long (value); -} - - -SWIGINTERN int -SWIG_AsVal_unsigned_SS_short (PyObject * obj, unsigned short *val) -{ - unsigned long v; - int res = SWIG_AsVal_unsigned_SS_long (obj, &v); - if (SWIG_IsOK(res)) { - if ((v > USHRT_MAX)) { - return SWIG_OverflowError; - } else { - if (val) *val = (unsigned short)(v); - } - } - return res; -} - - -SWIGINTERNINLINE PyObject * -SWIG_From_unsigned_SS_short (unsigned short value) -{ - return SWIG_From_unsigned_SS_long (value); -} - - -SWIGINTERN swig_type_info* -SWIG_pchar_descriptor(void) -{ - static int init = 0; - static swig_type_info* info = 0; - if (!init) { - info = SWIG_TypeQuery("_p_char"); - init = 1; - } - return info; -} - - -SWIGINTERN int -SWIG_AsCharPtrAndSize(PyObject *obj, char** cptr, size_t* psize, int *alloc) -{ - if (PyString_Check(obj)) { - char *cstr; Py_ssize_t len; - PyString_AsStringAndSize(obj, &cstr, &len); - if (cptr) { - if (alloc) { - /* - In python the user should not be able to modify the inner - string representation. To warranty that, if you define - SWIG_PYTHON_SAFE_CSTRINGS, a new/copy of the python string - buffer is always returned. - - The default behavior is just to return the pointer value, - so, be careful. - */ -#if defined(SWIG_PYTHON_SAFE_CSTRINGS) - if (*alloc != SWIG_OLDOBJ) -#else - if (*alloc == SWIG_NEWOBJ) -#endif - { - *cptr = (char *)memcpy((char *)malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1)); - *alloc = SWIG_NEWOBJ; - } - else { - *cptr = cstr; - *alloc = SWIG_OLDOBJ; - } - } else { - *cptr = PyString_AsString(obj); - } - } - if (psize) *psize = len + 1; - return SWIG_OK; - } else { - swig_type_info* pchar_descriptor = SWIG_pchar_descriptor(); - if (pchar_descriptor) { - void* vptr = 0; - if (SWIG_ConvertPtr(obj, &vptr, pchar_descriptor, 0) == SWIG_OK) { - if (cptr) *cptr = (char *) vptr; - if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0; - if (alloc) *alloc = SWIG_OLDOBJ; - return SWIG_OK; - } - } - } - return SWIG_TypeError; -} - - - - - -SWIGINTERNINLINE PyObject * -SWIG_FromCharPtrAndSize(const char* carray, size_t size) -{ - if (carray) { - if (size > INT_MAX) { - swig_type_info* pchar_descriptor = SWIG_pchar_descriptor(); - return pchar_descriptor ? - SWIG_NewPointerObj((char *)(carray), pchar_descriptor, 0) : SWIG_Py_Void(); - } else { - return PyString_FromStringAndSize(carray, (int)(size)); - } - } else { - return SWIG_Py_Void(); - } -} - - -SWIGINTERNINLINE PyObject * -SWIG_FromCharPtr(const char *cptr) -{ - return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0)); -} - - #define SWIG_From_double PyFloat_FromDouble #ifdef __cplusplus extern "C" { #endif -SWIGINTERN int Swig_var_bro_debug_calltrace_set(PyObject *_val) { - { - int val; - int res = SWIG_AsVal_int(_val, &val); - if (!SWIG_IsOK(res)) { - SWIG_exception_fail(SWIG_ArgError(res), "in variable '""bro_debug_calltrace""' of type '""int""'"); - } - bro_debug_calltrace = (int)(val); - } - return 0; -fail: - return 1; -} - - -SWIGINTERN PyObject *Swig_var_bro_debug_calltrace_get(void) { - PyObject *pyobj = 0; - - pyobj = SWIG_From_int((int)(bro_debug_calltrace)); - return pyobj; -} - - -SWIGINTERN int Swig_var_bro_debug_messages_set(PyObject *_val) { - { - int val; - int res = SWIG_AsVal_int(_val, &val); - if (!SWIG_IsOK(res)) { - SWIG_exception_fail(SWIG_ArgError(res), "in variable '""bro_debug_messages""' of type '""int""'"); - } - bro_debug_messages = (int)(val); - } - return 0; -fail: - return 1; -} - - -SWIGINTERN PyObject *Swig_var_bro_debug_messages_get(void) { - PyObject *pyobj = 0; - - pyobj = SWIG_From_int((int)(bro_debug_messages)); - return pyobj; -} - - -SWIGINTERN PyObject *_wrap_BroCtx_lock_func_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *arg1 = (BroCtx *) 0 ; - OpenSSL_lock_func arg2 = (OpenSSL_lock_func) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroCtx_lock_func_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroCtx_lock_func_set" "', argument " "1"" of type '" "BroCtx *""'"); - } - arg1 = (BroCtx *)(argp1); - { - int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_int_int_p_q_const__char_int__void); - if (!SWIG_IsOK(res)) { - SWIG_exception_fail(SWIG_ArgError(res), "in method '" "BroCtx_lock_func_set" "', argument " "2"" of type '" "OpenSSL_lock_func""'"); - } - } - if (arg1) (arg1)->lock_func = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroCtx_lock_func_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *arg1 = (BroCtx *) 0 ; - OpenSSL_lock_func result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroCtx_lock_func_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroCtx_lock_func_get" "', argument " "1"" of type '" "BroCtx *""'"); - } - arg1 = (BroCtx *)(argp1); - result = (OpenSSL_lock_func) ((arg1)->lock_func); - resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_int_int_p_q_const__char_int__void); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroCtx_id_func_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *arg1 = (BroCtx *) 0 ; - OpenSSL_thread_id_func arg2 = (OpenSSL_thread_id_func) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroCtx_id_func_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroCtx_id_func_set" "', argument " "1"" of type '" "BroCtx *""'"); - } - arg1 = (BroCtx *)(argp1); - { - int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_void__unsigned_long); - if (!SWIG_IsOK(res)) { - SWIG_exception_fail(SWIG_ArgError(res), "in method '" "BroCtx_id_func_set" "', argument " "2"" of type '" "OpenSSL_thread_id_func""'"); - } - } - if (arg1) (arg1)->id_func = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroCtx_id_func_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *arg1 = (BroCtx *) 0 ; - OpenSSL_thread_id_func result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroCtx_id_func_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroCtx_id_func_get" "', argument " "1"" of type '" "BroCtx *""'"); - } - arg1 = (BroCtx *)(argp1); - result = (OpenSSL_thread_id_func) ((arg1)->id_func); - resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_void__unsigned_long); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroCtx_dl_create_func_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *arg1 = (BroCtx *) 0 ; - OpenSSL_dynlock_create_func arg2 = (OpenSSL_dynlock_create_func) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroCtx_dl_create_func_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroCtx_dl_create_func_set" "', argument " "1"" of type '" "BroCtx *""'"); - } - arg1 = (BroCtx *)(argp1); - { - int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__char_int__p_CRYPTO_dynlock_value); - if (!SWIG_IsOK(res)) { - SWIG_exception_fail(SWIG_ArgError(res), "in method '" "BroCtx_dl_create_func_set" "', argument " "2"" of type '" "OpenSSL_dynlock_create_func""'"); - } - } - if (arg1) (arg1)->dl_create_func = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroCtx_dl_create_func_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *arg1 = (BroCtx *) 0 ; - OpenSSL_dynlock_create_func result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroCtx_dl_create_func_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroCtx_dl_create_func_get" "', argument " "1"" of type '" "BroCtx *""'"); - } - arg1 = (BroCtx *)(argp1); - result = (OpenSSL_dynlock_create_func) ((arg1)->dl_create_func); - resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_q_const__char_int__p_CRYPTO_dynlock_value); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroCtx_dl_lock_func_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *arg1 = (BroCtx *) 0 ; - OpenSSL_dynlock_lock_func arg2 = (OpenSSL_dynlock_lock_func) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroCtx_dl_lock_func_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroCtx_dl_lock_func_set" "', argument " "1"" of type '" "BroCtx *""'"); - } - arg1 = (BroCtx *)(argp1); - { - int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_int_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void); - if (!SWIG_IsOK(res)) { - SWIG_exception_fail(SWIG_ArgError(res), "in method '" "BroCtx_dl_lock_func_set" "', argument " "2"" of type '" "OpenSSL_dynlock_lock_func""'"); - } - } - if (arg1) (arg1)->dl_lock_func = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroCtx_dl_lock_func_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *arg1 = (BroCtx *) 0 ; - OpenSSL_dynlock_lock_func result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroCtx_dl_lock_func_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroCtx_dl_lock_func_get" "', argument " "1"" of type '" "BroCtx *""'"); - } - arg1 = (BroCtx *)(argp1); - result = (OpenSSL_dynlock_lock_func) ((arg1)->dl_lock_func); - resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_int_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroCtx_dl_free_func_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *arg1 = (BroCtx *) 0 ; - OpenSSL_dynlock_free_func arg2 = (OpenSSL_dynlock_free_func) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroCtx_dl_free_func_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroCtx_dl_free_func_set" "', argument " "1"" of type '" "BroCtx *""'"); - } - arg1 = (BroCtx *)(argp1); - { - int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void); - if (!SWIG_IsOK(res)) { - SWIG_exception_fail(SWIG_ArgError(res), "in method '" "BroCtx_dl_free_func_set" "', argument " "2"" of type '" "OpenSSL_dynlock_free_func""'"); - } - } - if (arg1) (arg1)->dl_free_func = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroCtx_dl_free_func_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *arg1 = (BroCtx *) 0 ; - OpenSSL_dynlock_free_func result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroCtx_dl_free_func_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroCtx_dl_free_func_get" "', argument " "1"" of type '" "BroCtx *""'"); - } - arg1 = (BroCtx *)(argp1); - result = (OpenSSL_dynlock_free_func) ((arg1)->dl_free_func); - resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_new_BroCtx(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *result = 0 ; - - if (!PyArg_ParseTuple(args,(char *)":new_BroCtx")) SWIG_fail; - result = (BroCtx *)calloc(1, sizeof(BroCtx)); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_ctx, SWIG_POINTER_NEW | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_delete_BroCtx(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *arg1 = (BroCtx *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:delete_BroCtx",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_BroCtx" "', argument " "1"" of type '" "BroCtx *""'"); - } - arg1 = (BroCtx *)(argp1); - free((char *) arg1); - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *BroCtx_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *obj; - if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL; - SWIG_TypeNewClientData(SWIGTYPE_p_bro_ctx, SWIG_NewClientData(obj)); - return SWIG_Py_Void(); -} - -SWIGINTERN PyObject *_wrap_BroConnStats_tx_buflen_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConnStats *arg1 = (BroConnStats *) 0 ; - int arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroConnStats_tx_buflen_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn_stats, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroConnStats_tx_buflen_set" "', argument " "1"" of type '" "BroConnStats *""'"); - } - arg1 = (BroConnStats *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "BroConnStats_tx_buflen_set" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - if (arg1) (arg1)->tx_buflen = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroConnStats_tx_buflen_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConnStats *arg1 = (BroConnStats *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroConnStats_tx_buflen_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn_stats, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroConnStats_tx_buflen_get" "', argument " "1"" of type '" "BroConnStats *""'"); - } - arg1 = (BroConnStats *)(argp1); - result = (int) ((arg1)->tx_buflen); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroConnStats_rx_buflen_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConnStats *arg1 = (BroConnStats *) 0 ; - int arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroConnStats_rx_buflen_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn_stats, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroConnStats_rx_buflen_set" "', argument " "1"" of type '" "BroConnStats *""'"); - } - arg1 = (BroConnStats *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "BroConnStats_rx_buflen_set" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - if (arg1) (arg1)->rx_buflen = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroConnStats_rx_buflen_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConnStats *arg1 = (BroConnStats *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroConnStats_rx_buflen_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn_stats, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroConnStats_rx_buflen_get" "', argument " "1"" of type '" "BroConnStats *""'"); - } - arg1 = (BroConnStats *)(argp1); - result = (int) ((arg1)->rx_buflen); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_new_BroConnStats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConnStats *result = 0 ; - - if (!PyArg_ParseTuple(args,(char *)":new_BroConnStats")) SWIG_fail; - result = (BroConnStats *)calloc(1, sizeof(BroConnStats)); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_conn_stats, SWIG_POINTER_NEW | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_delete_BroConnStats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConnStats *arg1 = (BroConnStats *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:delete_BroConnStats",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn_stats, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_BroConnStats" "', argument " "1"" of type '" "BroConnStats *""'"); - } - arg1 = (BroConnStats *)(argp1); - free((char *) arg1); - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *BroConnStats_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *obj; - if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL; - SWIG_TypeNewClientData(SWIGTYPE_p_bro_conn_stats, SWIG_NewClientData(obj)); - return SWIG_Py_Void(); -} - -SWIGINTERN PyObject *_wrap_BroString_str_len_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - uint32 arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - unsigned int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroString_str_len_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroString_str_len_set" "', argument " "1"" of type '" "BroString *""'"); - } - arg1 = (BroString *)(argp1); - ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "BroString_str_len_set" "', argument " "2"" of type '" "uint32""'"); - } - arg2 = (uint32)(val2); - if (arg1) (arg1)->str_len = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroString_str_len_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - uint32 result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroString_str_len_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroString_str_len_get" "', argument " "1"" of type '" "BroString *""'"); - } - arg1 = (BroString *)(argp1); - result = (uint32) ((arg1)->str_len); - resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroString_str_val_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - uchar *arg2 = (uchar *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroString_str_val_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroString_str_val_set" "', argument " "1"" of type '" "BroString *""'"); - } - arg1 = (BroString *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_unsigned_char, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "BroString_str_val_set" "', argument " "2"" of type '" "uchar *""'"); - } - arg2 = (uchar *)(argp2); - if (arg1) (arg1)->str_val = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroString_str_val_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - uchar *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroString_str_val_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroString_str_val_get" "', argument " "1"" of type '" "BroString *""'"); - } - arg1 = (BroString *)(argp1); - result = (uchar *) ((arg1)->str_val); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_char, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_new_BroString(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *result = 0 ; - - if (!PyArg_ParseTuple(args,(char *)":new_BroString")) SWIG_fail; - result = (BroString *)calloc(1, sizeof(BroString)); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_string, SWIG_POINTER_NEW | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_delete_BroString(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:delete_BroString",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_BroString" "', argument " "1"" of type '" "BroString *""'"); - } - arg1 = (BroString *)(argp1); - free((char *) arg1); - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *BroString_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *obj; - if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL; - SWIG_TypeNewClientData(SWIGTYPE_p_bro_string, SWIG_NewClientData(obj)); - return SWIG_Py_Void(); -} - -SWIGINTERN PyObject *_wrap_BroPort_port_num_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroPort *arg1 = (BroPort *) 0 ; - uint16 arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - unsigned short val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroPort_port_num_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_port, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroPort_port_num_set" "', argument " "1"" of type '" "BroPort *""'"); - } - arg1 = (BroPort *)(argp1); - ecode2 = SWIG_AsVal_unsigned_SS_short(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "BroPort_port_num_set" "', argument " "2"" of type '" "uint16""'"); - } - arg2 = (uint16)(val2); - if (arg1) (arg1)->port_num = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroPort_port_num_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroPort *arg1 = (BroPort *) 0 ; - uint16 result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroPort_port_num_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_port, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroPort_port_num_get" "', argument " "1"" of type '" "BroPort *""'"); - } - arg1 = (BroPort *)(argp1); - result = (uint16) ((arg1)->port_num); - resultobj = SWIG_From_unsigned_SS_short((unsigned short)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroPort_port_proto_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroPort *arg1 = (BroPort *) 0 ; - int arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroPort_port_proto_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_port, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroPort_port_proto_set" "', argument " "1"" of type '" "BroPort *""'"); - } - arg1 = (BroPort *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "BroPort_port_proto_set" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - if (arg1) (arg1)->port_proto = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroPort_port_proto_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroPort *arg1 = (BroPort *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroPort_port_proto_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_port, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroPort_port_proto_get" "', argument " "1"" of type '" "BroPort *""'"); - } - arg1 = (BroPort *)(argp1); - result = (int) ((arg1)->port_proto); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_new_BroPort(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroPort *result = 0 ; - - if (!PyArg_ParseTuple(args,(char *)":new_BroPort")) SWIG_fail; - result = (BroPort *)calloc(1, sizeof(BroPort)); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_port, SWIG_POINTER_NEW | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_delete_BroPort(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroPort *arg1 = (BroPort *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:delete_BroPort",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_port, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_BroPort" "', argument " "1"" of type '" "BroPort *""'"); - } - arg1 = (BroPort *)(argp1); - free((char *) arg1); - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *BroPort_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *obj; - if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL; - SWIG_TypeNewClientData(SWIGTYPE_p_bro_port, SWIG_NewClientData(obj)); - return SWIG_Py_Void(); -} - -SWIGINTERN PyObject *_wrap_BroSubnet_sn_net_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSubnet *arg1 = (BroSubnet *) 0 ; - uint32 arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - unsigned int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroSubnet_sn_net_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_subnet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroSubnet_sn_net_set" "', argument " "1"" of type '" "BroSubnet *""'"); - } - arg1 = (BroSubnet *)(argp1); - ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "BroSubnet_sn_net_set" "', argument " "2"" of type '" "uint32""'"); - } - arg2 = (uint32)(val2); - if (arg1) (arg1)->sn_net = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroSubnet_sn_net_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSubnet *arg1 = (BroSubnet *) 0 ; - uint32 result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroSubnet_sn_net_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_subnet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroSubnet_sn_net_get" "', argument " "1"" of type '" "BroSubnet *""'"); - } - arg1 = (BroSubnet *)(argp1); - result = (uint32) ((arg1)->sn_net); - resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroSubnet_sn_width_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSubnet *arg1 = (BroSubnet *) 0 ; - uint32 arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - unsigned int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroSubnet_sn_width_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_subnet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroSubnet_sn_width_set" "', argument " "1"" of type '" "BroSubnet *""'"); - } - arg1 = (BroSubnet *)(argp1); - ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "BroSubnet_sn_width_set" "', argument " "2"" of type '" "uint32""'"); - } - arg2 = (uint32)(val2); - if (arg1) (arg1)->sn_width = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroSubnet_sn_width_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSubnet *arg1 = (BroSubnet *) 0 ; - uint32 result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroSubnet_sn_width_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_subnet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroSubnet_sn_width_get" "', argument " "1"" of type '" "BroSubnet *""'"); - } - arg1 = (BroSubnet *)(argp1); - result = (uint32) ((arg1)->sn_width); - resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_new_BroSubnet(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSubnet *result = 0 ; - - if (!PyArg_ParseTuple(args,(char *)":new_BroSubnet")) SWIG_fail; - result = (BroSubnet *)calloc(1, sizeof(BroSubnet)); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_subnet, SWIG_POINTER_NEW | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_delete_BroSubnet(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSubnet *arg1 = (BroSubnet *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:delete_BroSubnet",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_subnet, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_BroSubnet" "', argument " "1"" of type '" "BroSubnet *""'"); - } - arg1 = (BroSubnet *)(argp1); - free((char *) arg1); - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *BroSubnet_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *obj; - if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL; - SWIG_TypeNewClientData(SWIGTYPE_p_bro_subnet, SWIG_NewClientData(obj)); - return SWIG_Py_Void(); -} - -SWIGINTERN PyObject *_wrap_BroEvArg_arg_data_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroEvArg *arg1 = (BroEvArg *) 0 ; - void *arg2 = (void *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroEvArg_arg_data_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_arg, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroEvArg_arg_data_set" "', argument " "1"" of type '" "BroEvArg *""'"); - } - arg1 = (BroEvArg *)(argp1); - res2 = SWIG_ConvertPtr(obj1,SWIG_as_voidptrptr(&arg2), 0, SWIG_POINTER_DISOWN); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "BroEvArg_arg_data_set" "', argument " "2"" of type '" "void *""'"); - } - if (arg1) (arg1)->arg_data = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroEvArg_arg_data_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroEvArg *arg1 = (BroEvArg *) 0 ; - void *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroEvArg_arg_data_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_arg, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroEvArg_arg_data_get" "', argument " "1"" of type '" "BroEvArg *""'"); - } - arg1 = (BroEvArg *)(argp1); - result = (void *) ((arg1)->arg_data); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_void, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroEvArg_arg_type_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroEvArg *arg1 = (BroEvArg *) 0 ; - int arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:BroEvArg_arg_type_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_arg, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroEvArg_arg_type_set" "', argument " "1"" of type '" "BroEvArg *""'"); - } - arg1 = (BroEvArg *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "BroEvArg_arg_type_set" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - if (arg1) (arg1)->arg_type = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_BroEvArg_arg_type_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroEvArg *arg1 = (BroEvArg *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:BroEvArg_arg_type_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_arg, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "BroEvArg_arg_type_get" "', argument " "1"" of type '" "BroEvArg *""'"); - } - arg1 = (BroEvArg *)(argp1); - result = (int) ((arg1)->arg_type); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_new_BroEvArg(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroEvArg *result = 0 ; - - if (!PyArg_ParseTuple(args,(char *)":new_BroEvArg")) SWIG_fail; - result = (BroEvArg *)calloc(1, sizeof(BroEvArg)); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_ev_arg, SWIG_POINTER_NEW | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_delete_BroEvArg(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroEvArg *arg1 = (BroEvArg *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:delete_BroEvArg",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_arg, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_BroEvArg" "', argument " "1"" of type '" "BroEvArg *""'"); - } - arg1 = (BroEvArg *)(argp1); - free((char *) arg1); - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *BroEvArg_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *obj; - if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL; - SWIG_TypeNewClientData(SWIGTYPE_p_bro_ev_arg, SWIG_NewClientData(obj)); - return SWIG_Py_Void(); -} - -SWIGINTERN PyObject *_wrap_bro_ev_meta_ev_name_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - char *arg2 = (char *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_ev_meta_ev_name_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ev_meta_ev_name_set" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_ev_meta_ev_name_set" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = (char *)(buf2); - if (arg2) { - size_t size = strlen((const char *)((const char *)(arg2))) + 1; - arg1->ev_name = (char const *)(char *)memcpy((char *)malloc((size)*sizeof(char)), arg2, sizeof(char)*(size)); - } else { - arg1->ev_name = 0; - } - resultobj = SWIG_Py_Void(); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return resultobj; -fail: - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_ev_meta_ev_name_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - char *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_ev_meta_ev_name_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ev_meta_ev_name_get" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - result = (char *) ((arg1)->ev_name); - resultobj = SWIG_FromCharPtr((const char *)result); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_ev_meta_ev_ts_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - double arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - double val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_ev_meta_ev_ts_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ev_meta_ev_ts_set" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - ecode2 = SWIG_AsVal_double(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_ev_meta_ev_ts_set" "', argument " "2"" of type '" "double""'"); - } - arg2 = (double)(val2); - if (arg1) (arg1)->ev_ts = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_ev_meta_ev_ts_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - double result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_ev_meta_ev_ts_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ev_meta_ev_ts_get" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - result = (double) ((arg1)->ev_ts); - resultobj = SWIG_From_double((double)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_ev_meta_ev_numargs_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - int arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_ev_meta_ev_numargs_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ev_meta_ev_numargs_set" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_ev_meta_ev_numargs_set" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - if (arg1) (arg1)->ev_numargs = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_ev_meta_ev_numargs_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_ev_meta_ev_numargs_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ev_meta_ev_numargs_get" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - result = (int) ((arg1)->ev_numargs); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_ev_meta_ev_args_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - BroEvArg *arg2 = (BroEvArg *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_ev_meta_ev_args_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ev_meta_ev_args_set" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_bro_ev_arg, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_ev_meta_ev_args_set" "', argument " "2"" of type '" "BroEvArg *""'"); - } - arg2 = (BroEvArg *)(argp2); - if (arg1) (arg1)->ev_args = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_ev_meta_ev_args_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - BroEvArg *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_ev_meta_ev_args_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ev_meta_ev_args_get" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - result = (BroEvArg *) ((arg1)->ev_args); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_ev_arg, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_ev_meta_ev_start_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - uchar *arg2 = (uchar *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_ev_meta_ev_start_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ev_meta_ev_start_set" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_unsigned_char, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_ev_meta_ev_start_set" "', argument " "2"" of type '" "uchar const *""'"); - } - arg2 = (uchar *)(argp2); - if (arg1) (arg1)->ev_start = (uchar const *)arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_ev_meta_ev_start_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - uchar *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_ev_meta_ev_start_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ev_meta_ev_start_get" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - result = (uchar *) ((arg1)->ev_start); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_char, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_ev_meta_ev_end_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - uchar *arg2 = (uchar *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_ev_meta_ev_end_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ev_meta_ev_end_set" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_unsigned_char, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_ev_meta_ev_end_set" "', argument " "2"" of type '" "uchar const *""'"); - } - arg2 = (uchar *)(argp2); - if (arg1) (arg1)->ev_end = (uchar const *)arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_ev_meta_ev_end_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - uchar *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_ev_meta_ev_end_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ev_meta_ev_end_get" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - result = (uchar *) ((arg1)->ev_end); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_char, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_new_bro_ev_meta(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *result = 0 ; - - if (!PyArg_ParseTuple(args,(char *)":new_bro_ev_meta")) SWIG_fail; - result = (struct bro_ev_meta *)calloc(1, sizeof(struct bro_ev_meta)); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_ev_meta, SWIG_POINTER_NEW | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_delete_bro_ev_meta(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_ev_meta *arg1 = (struct bro_ev_meta *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:delete_bro_ev_meta",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ev_meta, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_bro_ev_meta" "', argument " "1"" of type '" "struct bro_ev_meta *""'"); - } - arg1 = (struct bro_ev_meta *)(argp1); - free((char *) arg1); - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *bro_ev_meta_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *obj; - if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL; - SWIG_TypeNewClientData(SWIGTYPE_p_bro_ev_meta, SWIG_NewClientData(obj)); - return SWIG_Py_Void(); -} - -SWIGINTERN PyObject *_wrap_bro_packet_pkt_time_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - double arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - double val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_packet_pkt_time_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_pkt_time_set" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - ecode2 = SWIG_AsVal_double(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_packet_pkt_time_set" "', argument " "2"" of type '" "double""'"); - } - arg2 = (double)(val2); - if (arg1) (arg1)->pkt_time = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_pkt_time_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - double result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_packet_pkt_time_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_pkt_time_get" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - result = (double) ((arg1)->pkt_time); - resultobj = SWIG_From_double((double)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_pkt_hdr_size_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - uint32 arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - unsigned int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_packet_pkt_hdr_size_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_pkt_hdr_size_set" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_packet_pkt_hdr_size_set" "', argument " "2"" of type '" "uint32""'"); - } - arg2 = (uint32)(val2); - if (arg1) (arg1)->pkt_hdr_size = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_pkt_hdr_size_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - uint32 result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_packet_pkt_hdr_size_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_pkt_hdr_size_get" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - result = (uint32) ((arg1)->pkt_hdr_size); - resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_pkt_link_type_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - uint32 arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - unsigned int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_packet_pkt_link_type_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_pkt_link_type_set" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_packet_pkt_link_type_set" "', argument " "2"" of type '" "uint32""'"); - } - arg2 = (uint32)(val2); - if (arg1) (arg1)->pkt_link_type = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_pkt_link_type_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - uint32 result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_packet_pkt_link_type_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_pkt_link_type_get" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - result = (uint32) ((arg1)->pkt_link_type); - resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_pkt_pcap_hdr_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - struct pcap_pkthdr arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_packet_pkt_pcap_hdr_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_pkt_pcap_hdr_set" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - { - res2 = SWIG_ConvertPtr(obj1, &argp2, SWIGTYPE_p_pcap_pkthdr, 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_packet_pkt_pcap_hdr_set" "', argument " "2"" of type '" "struct pcap_pkthdr""'"); - } - if (!argp2) { - SWIG_exception_fail(SWIG_ValueError, "invalid null reference " "in method '" "bro_packet_pkt_pcap_hdr_set" "', argument " "2"" of type '" "struct pcap_pkthdr""'"); - } else { - arg2 = *((struct pcap_pkthdr *)(argp2)); - } - } - if (arg1) (arg1)->pkt_pcap_hdr = arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_pkt_pcap_hdr_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - struct pcap_pkthdr result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_packet_pkt_pcap_hdr_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_pkt_pcap_hdr_get" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - result = ((arg1)->pkt_pcap_hdr); - resultobj = SWIG_NewPointerObj((struct pcap_pkthdr *)memcpy((struct pcap_pkthdr *)malloc(sizeof(struct pcap_pkthdr)),&result,sizeof(struct pcap_pkthdr)), SWIGTYPE_p_pcap_pkthdr, SWIG_POINTER_OWN | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_pkt_data_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - u_char *arg2 = (u_char *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_packet_pkt_data_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_pkt_data_set" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_u_char, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_packet_pkt_data_set" "', argument " "2"" of type '" "u_char const *""'"); - } - arg2 = (u_char *)(argp2); - if (arg1) (arg1)->pkt_data = (u_char const *)arg2; - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_pkt_data_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - u_char *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_packet_pkt_data_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_pkt_data_get" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - result = (u_char *) ((arg1)->pkt_data); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_u_char, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_pkt_tag_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - char *arg2 = (char *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_packet_pkt_tag_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_pkt_tag_set" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_packet_pkt_tag_set" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = (char *)(buf2); - if (arg2) { - size_t size = strlen((const char *)((const char *)(arg2))) + 1; - arg1->pkt_tag = (char const *)(char *)memcpy((char *)malloc((size)*sizeof(char)), arg2, sizeof(char)*(size)); - } else { - arg1->pkt_tag = 0; - } - resultobj = SWIG_Py_Void(); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return resultobj; -fail: - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_pkt_tag_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - char *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_packet_pkt_tag_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_pkt_tag_get" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - result = (char *) ((arg1)->pkt_tag); - resultobj = SWIG_FromCharPtr((const char *)result); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_new_bro_packet(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *result = 0 ; - - if (!PyArg_ParseTuple(args,(char *)":new_bro_packet")) SWIG_fail; - result = (struct bro_packet *)calloc(1, sizeof(struct bro_packet)); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_packet, SWIG_POINTER_NEW | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_delete_bro_packet(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct bro_packet *arg1 = (struct bro_packet *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:delete_bro_packet",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, SWIG_POINTER_DISOWN | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_bro_packet" "', argument " "1"" of type '" "struct bro_packet *""'"); - } - arg1 = (struct bro_packet *)(argp1); - free((char *) arg1); - - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *bro_packet_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *obj; - if (!PyArg_ParseTuple(args,(char*)"O:swigregister", &obj)) return NULL; - SWIG_TypeNewClientData(SWIGTYPE_p_bro_packet, SWIG_NewClientData(obj)); - return SWIG_Py_Void(); -} - SWIGINTERN PyObject *_wrap_bro_init(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; BroCtx *arg1 = (BroCtx *) 0 ; int result; - void *argp1 = 0 ; - int res1 = 0 ; + int res1 ; PyObject * obj0 = 0 ; if (!PyArg_ParseTuple(args,(char *)"O:bro_init",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, 0 | 0 ); + res1 = SWIG_ConvertPtr(obj0,SWIG_as_voidptrptr(&arg1), 0, 0); if (!SWIG_IsOK(res1)) { SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_init" "', argument " "1"" of type '" "BroCtx const *""'"); } - arg1 = (BroCtx *)(argp1); - result = (int)bro_init((struct bro_ctx const *)arg1); + result = (int)bro_init((void const *)arg1); resultobj = SWIG_From_int((int)(result)); return resultobj; fail: @@ -5019,67 +3014,6 @@ } -SWIGINTERN PyObject *_wrap_bro_ctx_init(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroCtx *arg1 = (BroCtx *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_ctx_init",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_ctx, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_ctx_init" "', argument " "1"" of type '" "BroCtx *""'"); - } - arg1 = (BroCtx *)(argp1); - bro_ctx_init(arg1); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conn_new(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct in_addr *arg1 = (struct in_addr *) 0 ; - uint16 arg2 ; - int arg3 ; - BroConn *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - unsigned short val2 ; - int ecode2 = 0 ; - int val3 ; - int ecode3 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_conn_new",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_in_addr, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_new" "', argument " "1"" of type '" "struct in_addr *""'"); - } - arg1 = (struct in_addr *)(argp1); - ecode2 = SWIG_AsVal_unsigned_SS_short(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_conn_new" "', argument " "2"" of type '" "uint16""'"); - } - arg2 = (uint16)(val2); - ecode3 = SWIG_AsVal_int(obj2, &val3); - if (!SWIG_IsOK(ecode3)) { - SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "bro_conn_new" "', argument " "3"" of type '" "int""'"); - } - arg3 = (int)(val3); - result = (BroConn *)bro_conn_new(arg1,arg2,arg3); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_conn, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - SWIGINTERN PyObject *_wrap_bro_conn_new_str(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; char *arg1 = (char *) 0 ; @@ -5105,7 +3039,7 @@ } arg2 = (int)(val2); result = (BroConn *)bro_conn_new_str((char const *)arg1,arg2); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_conn, 0 | 0 ); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_void, 0 | 0 ); if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); return resultobj; fail: @@ -5114,43 +3048,11 @@ } -SWIGINTERN PyObject *_wrap_bro_conn_new_socket(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - int arg1 ; - int arg2 ; - BroConn *result = 0 ; - int val1 ; - int ecode1 = 0 ; - int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_conn_new_socket",&obj0,&obj1)) SWIG_fail; - ecode1 = SWIG_AsVal_int(obj0, &val1); - if (!SWIG_IsOK(ecode1)) { - SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "bro_conn_new_socket" "', argument " "1"" of type '" "int""'"); - } - arg1 = (int)(val1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_conn_new_socket" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - result = (BroConn *)bro_conn_new_socket(arg1,arg2); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_conn, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - SWIGINTERN PyObject *_wrap_bro_conn_set_class(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; BroConn *arg1 = (BroConn *) 0 ; char *arg2 = (char *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; + int res1 ; int res2 ; char *buf2 = 0 ; int alloc2 = 0 ; @@ -5158,11 +3060,10 @@ PyObject * obj1 = 0 ; if (!PyArg_ParseTuple(args,(char *)"OO:bro_conn_set_class",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); + res1 = SWIG_ConvertPtr(obj0,SWIG_as_voidptrptr(&arg1), 0, 0); if (!SWIG_IsOK(res1)) { SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_set_class" "', argument " "1"" of type '" "BroConn *""'"); } - arg1 = (BroConn *)(argp1); res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); if (!SWIG_IsOK(res2)) { SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_conn_set_class" "', argument " "2"" of type '" "char const *""'"); @@ -5178,72 +3079,18 @@ } -SWIGINTERN PyObject *_wrap_bro_conn_get_peer_class(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - char *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_conn_get_peer_class",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_get_peer_class" "', argument " "1"" of type '" "BroConn const *""'"); - } - arg1 = (BroConn *)(argp1); - result = (char *)bro_conn_get_peer_class((struct bro_conn const *)arg1); - resultobj = SWIG_FromCharPtr((const char *)result); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conn_get_connstats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - BroConnStats *arg2 = (BroConnStats *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_conn_get_connstats",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_get_connstats" "', argument " "1"" of type '" "BroConn const *""'"); - } - arg1 = (BroConn *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_bro_conn_stats, 0 | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_conn_get_connstats" "', argument " "2"" of type '" "BroConnStats *""'"); - } - arg2 = (BroConnStats *)(argp2); - bro_conn_get_connstats((struct bro_conn const *)arg1,arg2); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - SWIGINTERN PyObject *_wrap_bro_conn_connect(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; BroConn *arg1 = (BroConn *) 0 ; int result; - void *argp1 = 0 ; - int res1 = 0 ; + int res1 ; PyObject * obj0 = 0 ; if (!PyArg_ParseTuple(args,(char *)"O:bro_conn_connect",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); + res1 = SWIG_ConvertPtr(obj0,SWIG_as_voidptrptr(&arg1), 0, 0); if (!SWIG_IsOK(res1)) { SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_connect" "', argument " "1"" of type '" "BroConn *""'"); } - arg1 = (BroConn *)(argp1); result = (int)bro_conn_connect(arg1); resultobj = SWIG_From_int((int)(result)); return resultobj; @@ -5252,138 +3099,18 @@ } -SWIGINTERN PyObject *_wrap_bro_conn_reconnect(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_conn_reconnect",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_reconnect" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - result = (int)bro_conn_reconnect(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conn_delete(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_conn_delete",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_delete" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - result = (int)bro_conn_delete(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conn_alive(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_conn_alive",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_alive" "', argument " "1"" of type '" "BroConn const *""'"); - } - arg1 = (BroConn *)(argp1); - result = (int)bro_conn_alive((struct bro_conn const *)arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conn_adopt_events(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - BroConn *arg2 = (BroConn *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_conn_adopt_events",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_adopt_events" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_conn_adopt_events" "', argument " "2"" of type '" "BroConn *""'"); - } - arg2 = (BroConn *)(argp2); - bro_conn_adopt_events(arg1,arg2); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conn_get_fd(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_conn_get_fd",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_get_fd" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - result = (int)bro_conn_get_fd(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - SWIGINTERN PyObject *_wrap_bro_conn_process_input(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; BroConn *arg1 = (BroConn *) 0 ; int result; - void *argp1 = 0 ; - int res1 = 0 ; + int res1 ; PyObject * obj0 = 0 ; if (!PyArg_ParseTuple(args,(char *)"O:bro_conn_process_input",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); + res1 = SWIG_ConvertPtr(obj0,SWIG_as_voidptrptr(&arg1), 0, 0); if (!SWIG_IsOK(res1)) { SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_process_input" "', argument " "1"" of type '" "BroConn *""'"); } - arg1 = (BroConn *)(argp1); result = (int)bro_conn_process_input(arg1); resultobj = SWIG_From_int((int)(result)); return resultobj; @@ -5392,114 +3119,26 @@ } -SWIGINTERN PyObject *_wrap_bro_conn_data_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { +SWIGINTERN PyObject *_wrap_bro_event_queue_length(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; BroConn *arg1 = (BroConn *) 0 ; - char *arg2 = (char *) 0 ; - void *arg3 = (void *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; - int res3 ; + int result; + int res1 ; PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_conn_data_set",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); + if (!PyArg_ParseTuple(args,(char *)"O:bro_event_queue_length",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0,SWIG_as_voidptrptr(&arg1), 0, 0); if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_data_set" "', argument " "1"" of type '" "BroConn *""'"); + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_queue_length" "', argument " "1"" of type '" "BroConn *""'"); } - arg1 = (BroConn *)(argp1); - res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_conn_data_set" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = (char *)(buf2); - res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0); - if (!SWIG_IsOK(res3)) { - SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "bro_conn_data_set" "', argument " "3"" of type '" "void *""'"); - } - bro_conn_data_set(arg1,(char const *)arg2,arg3); - resultobj = SWIG_Py_Void(); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + result = (int)bro_event_queue_length(arg1); + resultobj = SWIG_From_int((int)(result)); return resultobj; fail: - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); return NULL; } -SWIGINTERN PyObject *_wrap_bro_conn_data_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - char *arg2 = (char *) 0 ; - void *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_conn_data_get",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_data_get" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_conn_data_get" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = (char *)(buf2); - result = (void *)bro_conn_data_get(arg1,(char const *)arg2); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_void, 0 | 0 ); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return resultobj; -fail: - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conn_data_del(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - char *arg2 = (char *) 0 ; - void *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_conn_data_del",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_data_del" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_conn_data_del" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = (char *)(buf2); - result = (void *)bro_conn_data_del(arg1,(char const *)arg2); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_void, 0 | 0 ); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return resultobj; -fail: - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return NULL; -} - - SWIGINTERN PyObject *_wrap_bro_event_new(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; char *arg1 = (char *) 0 ; @@ -5516,7 +3155,7 @@ } arg1 = (char *)(buf1); result = (BroEvent *)bro_event_new((char const *)arg1); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_event, 0 | 0 ); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_void, 0 | 0 ); if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); return resultobj; fail: @@ -5528,16 +3167,14 @@ SWIGINTERN PyObject *_wrap_bro_event_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; BroEvent *arg1 = (BroEvent *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; + int res1 ; PyObject * obj0 = 0 ; if (!PyArg_ParseTuple(args,(char *)"O:bro_event_free",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_event, 0 | 0 ); + res1 = SWIG_ConvertPtr(obj0,SWIG_as_voidptrptr(&arg1), 0, 0); if (!SWIG_IsOK(res1)) { SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_free" "', argument " "1"" of type '" "BroEvent *""'"); } - arg1 = (BroEvent *)(argp1); bro_event_free(arg1); resultobj = SWIG_Py_Void(); return resultobj; @@ -5553,17 +3190,15 @@ char *arg3 = (char *) 0 ; void *arg4 = (void *) 0 ; int result; - void *argp1 = 0 ; - int res1 = 0 ; + int res1 ; PyObject * obj0 = 0 ; PyObject * obj1 = 0 ; if (!PyArg_ParseTuple(args,(char *)"OO:bro_event_add_val",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_event, 0 | 0 ); + res1 = SWIG_ConvertPtr(obj0,SWIG_as_voidptrptr(&arg1), 0, 0); if (!SWIG_IsOK(res1)) { SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_add_val" "', argument " "1"" of type '" "BroEvent *""'"); } - arg1 = (BroEvent *)(argp1); { int type; const char* type_name; @@ -5607,99 +3242,25 @@ } -SWIGINTERN PyObject *_wrap_bro_event_set_val(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroEvent *arg1 = (BroEvent *) 0 ; - int arg2 ; - int arg3 ; - char *arg4 = (char *) 0 ; - void *arg5 = (void *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_event_set_val",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_event, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_set_val" "', argument " "1"" of type '" "BroEvent *""'"); - } - arg1 = (BroEvent *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_event_set_val" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - { - int type; - const char* type_name; - void *data; - - PyObject *val; - - //bro_debug_messages = 1; - //bro_debug_calltrace = 1; - - - if ( ! parseTypeTuple(obj2, &type, &val) ) - return NULL; - - if ( ! pyObjToVal(val, type, &type_name, &data) ) - return NULL; - - arg3 = type; - arg4 = type_name; - arg5 = data; - } - result = (int)bro_event_set_val(arg1,arg2,arg3,(char const *)arg4,(void const *)arg5); - resultobj = SWIG_From_int((int)(result)); - { - // Broccoli makes copies of the passed data so we need to clean up. - freeBroccoliVal(arg3, arg5); - - if ( arg4 ) - free(arg4); - } - return resultobj; -fail: - { - // Broccoli makes copies of the passed data so we need to clean up. - freeBroccoliVal(arg3, arg5); - - if ( arg4 ) - free(arg4); - } - return NULL; -} - - SWIGINTERN PyObject *_wrap_bro_event_send(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; BroConn *arg1 = (BroConn *) 0 ; BroEvent *arg2 = (BroEvent *) 0 ; int result; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; + int res1 ; + int res2 ; PyObject * obj0 = 0 ; PyObject * obj1 = 0 ; if (!PyArg_ParseTuple(args,(char *)"OO:bro_event_send",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); + res1 = SWIG_ConvertPtr(obj0,SWIG_as_voidptrptr(&arg1), 0, 0); if (!SWIG_IsOK(res1)) { SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_send" "', argument " "1"" of type '" "BroConn *""'"); } - arg1 = (BroConn *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_bro_event, 0 | 0 ); + res2 = SWIG_ConvertPtr(obj1,SWIG_as_voidptrptr(&arg2), 0, 0); if (!SWIG_IsOK(res2)) { SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_event_send" "', argument " "2"" of type '" "BroEvent *""'"); } - arg2 = (BroEvent *)(argp2); result = (int)bro_event_send(arg1,arg2); resultobj = SWIG_From_int((int)(result)); return resultobj; @@ -5708,168 +3269,13 @@ } -SWIGINTERN PyObject *_wrap_bro_event_send_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - uchar *arg2 = (uchar *) 0 ; - int arg3 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - int val3 ; - int ecode3 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_event_send_raw",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_send_raw" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_unsigned_char, 0 | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_event_send_raw" "', argument " "2"" of type '" "uchar const *""'"); - } - arg2 = (uchar *)(argp2); - ecode3 = SWIG_AsVal_int(obj2, &val3); - if (!SWIG_IsOK(ecode3)) { - SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "bro_event_send_raw" "', argument " "3"" of type '" "int""'"); - } - arg3 = (int)(val3); - result = (int)bro_event_send_raw(arg1,(unsigned char const *)arg2,arg3); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_event_queue_length(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_event_queue_length",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_queue_length" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - result = (int)bro_event_queue_length(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_event_queue_length_max(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_event_queue_length_max",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_queue_length_max" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - result = (int)bro_event_queue_length_max(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_event_queue_flush(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_event_queue_flush",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_queue_flush" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - result = (int)bro_event_queue_flush(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_event_registry_add(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - char *arg2 = (char *) 0 ; - BroEventFunc arg3 = (BroEventFunc) 0 ; - void *arg4 = (void *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; - int res4 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - PyObject * obj3 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOOO:bro_event_registry_add",&obj0,&obj1,&obj2,&obj3)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_registry_add" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_event_registry_add" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = (char *)(buf2); - { - int res = SWIG_ConvertFunctionPtr(obj2, (void**)(&arg3), SWIGTYPE_p_f_p_struct_bro_conn_p_void_v_______void); - if (!SWIG_IsOK(res)) { - SWIG_exception_fail(SWIG_ArgError(res), "in method '" "bro_event_registry_add" "', argument " "3"" of type '" "BroEventFunc""'"); - } - } - res4 = SWIG_ConvertPtr(obj3,SWIG_as_voidptrptr(&arg4), 0, 0); - if (!SWIG_IsOK(res4)) { - SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "bro_event_registry_add" "', argument " "4"" of type '" "void *""'"); - } - bro_event_registry_add(arg1,(char const *)arg2,arg3,arg4); - resultobj = SWIG_Py_Void(); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return resultobj; -fail: - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return NULL; -} - - SWIGINTERN PyObject *_wrap_bro_event_registry_add_compact(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; BroConn *arg1 = (BroConn *) 0 ; char *arg2 = (char *) 0 ; - BroCompactEventFunc arg3 = (BroCompactEventFunc) 0 ; + BroCompactEventFunc arg3 ; void *arg4 = (void *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; + int res1 ; int res2 ; char *buf2 = 0 ; int alloc2 = 0 ; @@ -5878,11 +3284,10 @@ PyObject * obj2 = 0 ; if (!PyArg_ParseTuple(args,(char *)"OOO:bro_event_registry_add_compact",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); + res1 = SWIG_ConvertPtr(obj0,SWIG_as_voidptrptr(&arg1), 0, 0); if (!SWIG_IsOK(res1)) { SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_registry_add_compact" "', argument " "1"" of type '" "BroConn *""'"); } - arg1 = (BroConn *)(argp1); res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); if (!SWIG_IsOK(res2)) { SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_event_registry_add_compact" "', argument " "2"" of type '" "char const *""'"); @@ -5908,1769 +3313,6 @@ } -SWIGINTERN PyObject *_wrap_bro_event_registry_remove(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - char *arg2 = (char *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_event_registry_remove",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_registry_remove" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_event_registry_remove" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = (char *)(buf2); - bro_event_registry_remove(arg1,(char const *)arg2); - resultobj = SWIG_Py_Void(); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return resultobj; -fail: - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_event_registry_request(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_event_registry_request",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_event_registry_request" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - bro_event_registry_request(arg1); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_new(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *result = 0 ; - - if (!PyArg_ParseTuple(args,(char *)":bro_buf_new")) SWIG_fail; - result = (BroBuf *)bro_buf_new(); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_buf, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_buf_free",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_free" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - bro_buf_free(arg1); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_append(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - void *arg2 = (void *) 0 ; - int arg3 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - int val3 ; - int ecode3 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_buf_append",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_append" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - res2 = SWIG_ConvertPtr(obj1,SWIG_as_voidptrptr(&arg2), 0, 0); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_buf_append" "', argument " "2"" of type '" "void *""'"); - } - ecode3 = SWIG_AsVal_int(obj2, &val3); - if (!SWIG_IsOK(ecode3)) { - SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "bro_buf_append" "', argument " "3"" of type '" "int""'"); - } - arg3 = (int)(val3); - result = (int)bro_buf_append(arg1,arg2,arg3); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_consume(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_buf_consume",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_consume" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - bro_buf_consume(arg1); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_reset(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_buf_reset",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_reset" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - bro_buf_reset(arg1); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - uchar *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_buf_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_get" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - result = (uchar *)bro_buf_get(arg1); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_char, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_get_end(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - uchar *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_buf_get_end",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_get_end" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - result = (uchar *)bro_buf_get_end(arg1); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_char, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_get_size(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - uint result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_buf_get_size",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_get_size" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - result = bro_buf_get_size(arg1); - resultobj = SWIG_NewPointerObj((uint *)memcpy((uint *)malloc(sizeof(uint)),&result,sizeof(uint)), SWIGTYPE_p_uint, SWIG_POINTER_OWN | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_get_used_size(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - uint result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_buf_get_used_size",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_get_used_size" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - result = bro_buf_get_used_size(arg1); - resultobj = SWIG_NewPointerObj((uint *)memcpy((uint *)malloc(sizeof(uint)),&result,sizeof(uint)), SWIGTYPE_p_uint, SWIG_POINTER_OWN | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_ptr_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - uchar *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_buf_ptr_get",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_ptr_get" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - result = (uchar *)bro_buf_ptr_get(arg1); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_char, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_ptr_tell(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - uint32 result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_buf_ptr_tell",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_ptr_tell" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - result = (uint32)bro_buf_ptr_tell(arg1); - resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_ptr_seek(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - int arg2 ; - int arg3 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - int val3 ; - int ecode3 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_buf_ptr_seek",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_ptr_seek" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_buf_ptr_seek" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - ecode3 = SWIG_AsVal_int(obj2, &val3); - if (!SWIG_IsOK(ecode3)) { - SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "bro_buf_ptr_seek" "', argument " "3"" of type '" "int""'"); - } - arg3 = (int)(val3); - result = (int)bro_buf_ptr_seek(arg1,arg2,arg3); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_ptr_check(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - int arg2 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_buf_ptr_check",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_ptr_check" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_buf_ptr_check" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - result = (int)bro_buf_ptr_check(arg1,arg2); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_ptr_read(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - void *arg2 = (void *) 0 ; - int arg3 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - int val3 ; - int ecode3 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_buf_ptr_read",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_ptr_read" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - res2 = SWIG_ConvertPtr(obj1,SWIG_as_voidptrptr(&arg2), 0, 0); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_buf_ptr_read" "', argument " "2"" of type '" "void *""'"); - } - ecode3 = SWIG_AsVal_int(obj2, &val3); - if (!SWIG_IsOK(ecode3)) { - SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "bro_buf_ptr_read" "', argument " "3"" of type '" "int""'"); - } - arg3 = (int)(val3); - result = (int)bro_buf_ptr_read(arg1,arg2,arg3); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_buf_ptr_write(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroBuf *arg1 = (BroBuf *) 0 ; - void *arg2 = (void *) 0 ; - int arg3 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - int val3 ; - int ecode3 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_buf_ptr_write",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_buf, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_buf_ptr_write" "', argument " "1"" of type '" "BroBuf *""'"); - } - arg1 = (BroBuf *)(argp1); - res2 = SWIG_ConvertPtr(obj1,SWIG_as_voidptrptr(&arg2), 0, 0); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_buf_ptr_write" "', argument " "2"" of type '" "void *""'"); - } - ecode3 = SWIG_AsVal_int(obj2, &val3); - if (!SWIG_IsOK(ecode3)) { - SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "bro_buf_ptr_write" "', argument " "3"" of type '" "int""'"); - } - arg3 = (int)(val3); - result = (int)bro_buf_ptr_write(arg1,arg2,arg3); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conf_set_domain(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - char *arg1 = (char *) 0 ; - int res1 ; - char *buf1 = 0 ; - int alloc1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_conf_set_domain",&obj0)) SWIG_fail; - res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conf_set_domain" "', argument " "1"" of type '" "char const *""'"); - } - arg1 = (char *)(buf1); - bro_conf_set_domain((char const *)arg1); - resultobj = SWIG_Py_Void(); - if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); - return resultobj; -fail: - if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conf_get_int(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - char *arg1 = (char *) 0 ; - int *arg2 = (int *) 0 ; - int result; - int res1 ; - char *buf1 = 0 ; - int alloc1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_conf_get_int",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conf_get_int" "', argument " "1"" of type '" "char const *""'"); - } - arg1 = (char *)(buf1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_int, 0 | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_conf_get_int" "', argument " "2"" of type '" "int *""'"); - } - arg2 = (int *)(argp2); - result = (int)bro_conf_get_int((char const *)arg1,arg2); - resultobj = SWIG_From_int((int)(result)); - if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); - return resultobj; -fail: - if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conf_get_dbl(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - char *arg1 = (char *) 0 ; - double *arg2 = (double *) 0 ; - int result; - int res1 ; - char *buf1 = 0 ; - int alloc1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_conf_get_dbl",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conf_get_dbl" "', argument " "1"" of type '" "char const *""'"); - } - arg1 = (char *)(buf1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_double, 0 | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_conf_get_dbl" "', argument " "2"" of type '" "double *""'"); - } - arg2 = (double *)(argp2); - result = (int)bro_conf_get_dbl((char const *)arg1,arg2); - resultobj = SWIG_From_int((int)(result)); - if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); - return resultobj; -fail: - if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conf_get_str(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - char *arg1 = (char *) 0 ; - char *result = 0 ; - int res1 ; - char *buf1 = 0 ; - int alloc1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_conf_get_str",&obj0)) SWIG_fail; - res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conf_get_str" "', argument " "1"" of type '" "char const *""'"); - } - arg1 = (char *)(buf1); - result = (char *)bro_conf_get_str((char const *)arg1); - resultobj = SWIG_FromCharPtr((const char *)result); - if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); - return resultobj; -fail: - if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_string_init(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_string_init",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_string_init" "', argument " "1"" of type '" "BroString *""'"); - } - arg1 = (BroString *)(argp1); - bro_string_init(arg1); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_string_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - char *arg2 = (char *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_string_set",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_string_set" "', argument " "1"" of type '" "BroString *""'"); - } - arg1 = (BroString *)(argp1); - res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_string_set" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = (char *)(buf2); - result = (int)bro_string_set(arg1,(char const *)arg2); - resultobj = SWIG_From_int((int)(result)); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return resultobj; -fail: - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_string_set_data(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - uchar *arg2 = (uchar *) 0 ; - int arg3 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - int val3 ; - int ecode3 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_string_set_data",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_string_set_data" "', argument " "1"" of type '" "BroString *""'"); - } - arg1 = (BroString *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_unsigned_char, 0 | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_string_set_data" "', argument " "2"" of type '" "uchar const *""'"); - } - arg2 = (uchar *)(argp2); - ecode3 = SWIG_AsVal_int(obj2, &val3); - if (!SWIG_IsOK(ecode3)) { - SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "bro_string_set_data" "', argument " "3"" of type '" "int""'"); - } - arg3 = (int)(val3); - result = (int)bro_string_set_data(arg1,(unsigned char const *)arg2,arg3); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_string_get_data(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - uchar *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_string_get_data",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_string_get_data" "', argument " "1"" of type '" "BroString const *""'"); - } - arg1 = (BroString *)(argp1); - result = (uchar *)bro_string_get_data((struct bro_string const *)arg1); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_char, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_string_get_length(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - uint32 result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_string_get_length",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_string_get_length" "', argument " "1"" of type '" "BroString const *""'"); - } - arg1 = (BroString *)(argp1); - result = (uint32)bro_string_get_length((struct bro_string const *)arg1); - resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_string_copy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - BroString *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_string_copy",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_string_copy" "', argument " "1"" of type '" "BroString *""'"); - } - arg1 = (BroString *)(argp1); - result = (BroString *)bro_string_copy(arg1); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_string, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_string_assign(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - BroString *arg2 = (BroString *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_string_assign",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_string_assign" "', argument " "1"" of type '" "BroString *""'"); - } - arg1 = (BroString *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_string_assign" "', argument " "2"" of type '" "BroString *""'"); - } - arg2 = (BroString *)(argp2); - bro_string_assign(arg1,arg2); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_string_cleanup(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_string_cleanup",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_string_cleanup" "', argument " "1"" of type '" "BroString *""'"); - } - arg1 = (BroString *)(argp1); - bro_string_cleanup(arg1); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_string_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroString *arg1 = (BroString *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_string_free",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_string, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_string_free" "', argument " "1"" of type '" "BroString *""'"); - } - arg1 = (BroString *)(argp1); - bro_string_free(arg1); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_record_new(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroRecord *result = 0 ; - - if (!PyArg_ParseTuple(args,(char *)":bro_record_new")) SWIG_fail; - result = (BroRecord *)bro_record_new(); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_record, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_record_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroRecord *arg1 = (BroRecord *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_record_free",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_record, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_record_free" "', argument " "1"" of type '" "BroRecord *""'"); - } - arg1 = (BroRecord *)(argp1); - bro_record_free(arg1); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_record_get_length(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroRecord *arg1 = (BroRecord *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_record_get_length",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_record, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_record_get_length" "', argument " "1"" of type '" "BroRecord *""'"); - } - arg1 = (BroRecord *)(argp1); - result = (int)bro_record_get_length(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_record_add_val(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroRecord *arg1 = (BroRecord *) 0 ; - char *arg2 = (char *) 0 ; - int arg3 ; - char *arg4 = (char *) 0 ; - void *arg5 = (void *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_record_add_val",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_record, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_record_add_val" "', argument " "1"" of type '" "BroRecord *""'"); - } - arg1 = (BroRecord *)(argp1); - res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_record_add_val" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = (char *)(buf2); - { - int type; - const char* type_name; - void *data; - - PyObject *val; - - //bro_debug_messages = 1; - //bro_debug_calltrace = 1; - - - if ( ! parseTypeTuple(obj2, &type, &val) ) - return NULL; - - if ( ! pyObjToVal(val, type, &type_name, &data) ) - return NULL; - - arg3 = type; - arg4 = type_name; - arg5 = data; - } - result = (int)bro_record_add_val(arg1,(char const *)arg2,arg3,(char const *)arg4,(void const *)arg5); - resultobj = SWIG_From_int((int)(result)); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - { - // Broccoli makes copies of the passed data so we need to clean up. - freeBroccoliVal(arg3, arg5); - - if ( arg4 ) - free(arg4); - } - return resultobj; -fail: - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - { - // Broccoli makes copies of the passed data so we need to clean up. - freeBroccoliVal(arg3, arg5); - - if ( arg4 ) - free(arg4); - } - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_record_get_nth_val(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroRecord *arg1 = (BroRecord *) 0 ; - int arg2 ; - int *arg3 = (int *) 0 ; - void *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - void *argp3 = 0 ; - int res3 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_record_get_nth_val",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_record, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_record_get_nth_val" "', argument " "1"" of type '" "BroRecord *""'"); - } - arg1 = (BroRecord *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_record_get_nth_val" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_int, 0 | 0 ); - if (!SWIG_IsOK(res3)) { - SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "bro_record_get_nth_val" "', argument " "3"" of type '" "int *""'"); - } - arg3 = (int *)(argp3); - result = (void *)bro_record_get_nth_val(arg1,arg2,arg3); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_void, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_record_get_nth_name(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroRecord *arg1 = (BroRecord *) 0 ; - int arg2 ; - char *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_record_get_nth_name",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_record, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_record_get_nth_name" "', argument " "1"" of type '" "BroRecord *""'"); - } - arg1 = (BroRecord *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_record_get_nth_name" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - result = (char *)bro_record_get_nth_name(arg1,arg2); - resultobj = SWIG_FromCharPtr((const char *)result); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_record_get_named_val(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroRecord *arg1 = (BroRecord *) 0 ; - char *arg2 = (char *) 0 ; - int *arg3 = (int *) 0 ; - void *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; - void *argp3 = 0 ; - int res3 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_record_get_named_val",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_record, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_record_get_named_val" "', argument " "1"" of type '" "BroRecord *""'"); - } - arg1 = (BroRecord *)(argp1); - res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_record_get_named_val" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = (char *)(buf2); - res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_int, 0 | 0 ); - if (!SWIG_IsOK(res3)) { - SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "bro_record_get_named_val" "', argument " "3"" of type '" "int *""'"); - } - arg3 = (int *)(argp3); - result = (void *)bro_record_get_named_val(arg1,(char const *)arg2,arg3); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_void, 0 | 0 ); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return resultobj; -fail: - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_record_set_nth_val(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroRecord *arg1 = (BroRecord *) 0 ; - int arg2 ; - int arg3 ; - char *arg4 = (char *) 0 ; - void *arg5 = (void *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_record_set_nth_val",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_record, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_record_set_nth_val" "', argument " "1"" of type '" "BroRecord *""'"); - } - arg1 = (BroRecord *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_record_set_nth_val" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - { - int type; - const char* type_name; - void *data; - - PyObject *val; - - //bro_debug_messages = 1; - //bro_debug_calltrace = 1; - - - if ( ! parseTypeTuple(obj2, &type, &val) ) - return NULL; - - if ( ! pyObjToVal(val, type, &type_name, &data) ) - return NULL; - - arg3 = type; - arg4 = type_name; - arg5 = data; - } - result = (int)bro_record_set_nth_val(arg1,arg2,arg3,(char const *)arg4,(void const *)arg5); - resultobj = SWIG_From_int((int)(result)); - { - // Broccoli makes copies of the passed data so we need to clean up. - freeBroccoliVal(arg3, arg5); - - if ( arg4 ) - free(arg4); - } - return resultobj; -fail: - { - // Broccoli makes copies of the passed data so we need to clean up. - freeBroccoliVal(arg3, arg5); - - if ( arg4 ) - free(arg4); - } - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_record_set_named_val(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroRecord *arg1 = (BroRecord *) 0 ; - char *arg2 = (char *) 0 ; - int arg3 ; - char *arg4 = (char *) 0 ; - void *arg5 = (void *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_record_set_named_val",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_record, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_record_set_named_val" "', argument " "1"" of type '" "BroRecord *""'"); - } - arg1 = (BroRecord *)(argp1); - res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_record_set_named_val" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = (char *)(buf2); - { - int type; - const char* type_name; - void *data; - - PyObject *val; - - //bro_debug_messages = 1; - //bro_debug_calltrace = 1; - - - if ( ! parseTypeTuple(obj2, &type, &val) ) - return NULL; - - if ( ! pyObjToVal(val, type, &type_name, &data) ) - return NULL; - - arg3 = type; - arg4 = type_name; - arg5 = data; - } - result = (int)bro_record_set_named_val(arg1,(char const *)arg2,arg3,(char const *)arg4,(void const *)arg5); - resultobj = SWIG_From_int((int)(result)); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - { - // Broccoli makes copies of the passed data so we need to clean up. - freeBroccoliVal(arg3, arg5); - - if ( arg4 ) - free(arg4); - } - return resultobj; -fail: - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - { - // Broccoli makes copies of the passed data so we need to clean up. - freeBroccoliVal(arg3, arg5); - - if ( arg4 ) - free(arg4); - } - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_table_new(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroTable *result = 0 ; - - if (!PyArg_ParseTuple(args,(char *)":bro_table_new")) SWIG_fail; - result = (BroTable *)bro_table_new(); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_table, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_table_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroTable *arg1 = (BroTable *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_table_free",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_table, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_table_free" "', argument " "1"" of type '" "BroTable *""'"); - } - arg1 = (BroTable *)(argp1); - bro_table_free(arg1); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_table_insert(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroTable *arg1 = (BroTable *) 0 ; - int arg2 ; - void *arg3 = (void *) 0 ; - int arg4 ; - void *arg5 = (void *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - int res3 ; - int val4 ; - int ecode4 = 0 ; - int res5 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - PyObject * obj3 = 0 ; - PyObject * obj4 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOOOO:bro_table_insert",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_table, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_table_insert" "', argument " "1"" of type '" "BroTable *""'"); - } - arg1 = (BroTable *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_table_insert" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0); - if (!SWIG_IsOK(res3)) { - SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "bro_table_insert" "', argument " "3"" of type '" "void const *""'"); - } - ecode4 = SWIG_AsVal_int(obj3, &val4); - if (!SWIG_IsOK(ecode4)) { - SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "bro_table_insert" "', argument " "4"" of type '" "int""'"); - } - arg4 = (int)(val4); - res5 = SWIG_ConvertPtr(obj4,SWIG_as_voidptrptr(&arg5), 0, 0); - if (!SWIG_IsOK(res5)) { - SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "bro_table_insert" "', argument " "5"" of type '" "void const *""'"); - } - result = (int)bro_table_insert(arg1,arg2,(void const *)arg3,arg4,(void const *)arg5); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_table_find(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroTable *arg1 = (BroTable *) 0 ; - void *arg2 = (void *) 0 ; - void *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_table_find",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_table, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_table_find" "', argument " "1"" of type '" "BroTable *""'"); - } - arg1 = (BroTable *)(argp1); - res2 = SWIG_ConvertPtr(obj1,SWIG_as_voidptrptr(&arg2), 0, 0); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_table_find" "', argument " "2"" of type '" "void const *""'"); - } - result = (void *)bro_table_find(arg1,(void const *)arg2); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_void, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_table_get_size(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroTable *arg1 = (BroTable *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_table_get_size",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_table, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_table_get_size" "', argument " "1"" of type '" "BroTable *""'"); - } - arg1 = (BroTable *)(argp1); - result = (int)bro_table_get_size(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_table_foreach(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroTable *arg1 = (BroTable *) 0 ; - BroTableCallback arg2 = (BroTableCallback) 0 ; - void *arg3 = (void *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int res3 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_table_foreach",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_table, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_table_foreach" "', argument " "1"" of type '" "BroTable *""'"); - } - arg1 = (BroTable *)(argp1); - { - int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void_p_void_p_void__int); - if (!SWIG_IsOK(res)) { - SWIG_exception_fail(SWIG_ArgError(res), "in method '" "bro_table_foreach" "', argument " "2"" of type '" "BroTableCallback""'"); - } - } - res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0); - if (!SWIG_IsOK(res3)) { - SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "bro_table_foreach" "', argument " "3"" of type '" "void *""'"); - } - bro_table_foreach(arg1,arg2,arg3); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_table_get_types(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroTable *arg1 = (BroTable *) 0 ; - int *arg2 = (int *) 0 ; - int *arg3 = (int *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - void *argp3 = 0 ; - int res3 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_table_get_types",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_table, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_table_get_types" "', argument " "1"" of type '" "BroTable *""'"); - } - arg1 = (BroTable *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_int, 0 | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_table_get_types" "', argument " "2"" of type '" "int *""'"); - } - arg2 = (int *)(argp2); - res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_int, 0 | 0 ); - if (!SWIG_IsOK(res3)) { - SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "bro_table_get_types" "', argument " "3"" of type '" "int *""'"); - } - arg3 = (int *)(argp3); - bro_table_get_types(arg1,arg2,arg3); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_set_new(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSet *result = 0 ; - - if (!PyArg_ParseTuple(args,(char *)":bro_set_new")) SWIG_fail; - result = (BroSet *)bro_set_new(); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_table, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_set_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSet *arg1 = (BroSet *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_set_free",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_table, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_set_free" "', argument " "1"" of type '" "BroSet *""'"); - } - arg1 = (BroSet *)(argp1); - bro_set_free(arg1); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_set_insert(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSet *arg1 = (BroSet *) 0 ; - int arg2 ; - void *arg3 = (void *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - int res3 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_set_insert",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_table, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_set_insert" "', argument " "1"" of type '" "BroSet *""'"); - } - arg1 = (BroSet *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_set_insert" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0); - if (!SWIG_IsOK(res3)) { - SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "bro_set_insert" "', argument " "3"" of type '" "void const *""'"); - } - result = (int)bro_set_insert(arg1,arg2,(void const *)arg3); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_set_find(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSet *arg1 = (BroSet *) 0 ; - void *arg2 = (void *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - int res2 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_set_find",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_table, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_set_find" "', argument " "1"" of type '" "BroSet *""'"); - } - arg1 = (BroSet *)(argp1); - res2 = SWIG_ConvertPtr(obj1,SWIG_as_voidptrptr(&arg2), 0, 0); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_set_find" "', argument " "2"" of type '" "void const *""'"); - } - result = (int)bro_set_find(arg1,(void const *)arg2); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_set_get_size(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSet *arg1 = (BroSet *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_set_get_size",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_table, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_set_get_size" "', argument " "1"" of type '" "BroSet *""'"); - } - arg1 = (BroSet *)(argp1); - result = (int)bro_set_get_size(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_set_foreach(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSet *arg1 = (BroSet *) 0 ; - BroSetCallback arg2 = (BroSetCallback) 0 ; - void *arg3 = (void *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - int res3 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_set_foreach",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_table, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_set_foreach" "', argument " "1"" of type '" "BroSet *""'"); - } - arg1 = (BroSet *)(argp1); - { - int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void_p_void__int); - if (!SWIG_IsOK(res)) { - SWIG_exception_fail(SWIG_ArgError(res), "in method '" "bro_set_foreach" "', argument " "2"" of type '" "BroSetCallback""'"); - } - } - res3 = SWIG_ConvertPtr(obj2,SWIG_as_voidptrptr(&arg3), 0, 0); - if (!SWIG_IsOK(res3)) { - SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "bro_set_foreach" "', argument " "3"" of type '" "void *""'"); - } - bro_set_foreach(arg1,arg2,arg3); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_set_get_type(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroSet *arg1 = (BroSet *) 0 ; - int *arg2 = (int *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_set_get_type",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_table, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_set_get_type" "', argument " "1"" of type '" "BroSet *""'"); - } - arg1 = (BroSet *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_int, 0 | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_set_get_type" "', argument " "2"" of type '" "int *""'"); - } - arg2 = (int *)(argp2); - bro_set_get_type(arg1,arg2); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conn_set_packet_ctxt(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - int arg2 ; - void *argp1 = 0 ; - int res1 = 0 ; - int val2 ; - int ecode2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_conn_set_packet_ctxt",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_set_packet_ctxt" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - ecode2 = SWIG_AsVal_int(obj1, &val2); - if (!SWIG_IsOK(ecode2)) { - SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "bro_conn_set_packet_ctxt" "', argument " "2"" of type '" "int""'"); - } - arg2 = (int)(val2); - bro_conn_set_packet_ctxt(arg1,arg2); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_conn_get_packet_ctxt(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - int *arg2 = (int *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_conn_get_packet_ctxt",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_conn_get_packet_ctxt" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_int, 0 | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_conn_get_packet_ctxt" "', argument " "2"" of type '" "int *""'"); - } - arg2 = (int *)(argp2); - bro_conn_get_packet_ctxt(arg1,arg2); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_new(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct pcap_pkthdr *arg1 = (struct pcap_pkthdr *) 0 ; - u_char *arg2 = (u_char *) 0 ; - char *arg3 = (char *) 0 ; - BroPacket *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - int res3 ; - char *buf3 = 0 ; - int alloc3 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOO:bro_packet_new",&obj0,&obj1,&obj2)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_pcap_pkthdr, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_new" "', argument " "1"" of type '" "struct pcap_pkthdr const *""'"); - } - arg1 = (struct pcap_pkthdr *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_u_char, 0 | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_packet_new" "', argument " "2"" of type '" "u_char const *""'"); - } - arg2 = (u_char *)(argp2); - res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3); - if (!SWIG_IsOK(res3)) { - SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "bro_packet_new" "', argument " "3"" of type '" "char const *""'"); - } - arg3 = (char *)(buf3); - result = (BroPacket *)bro_packet_new((struct pcap_pkthdr const *)arg1,(u_char const *)arg2,(char const *)arg3); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_packet, 0 | 0 ); - if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); - return resultobj; -fail: - if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_clone(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroPacket *arg1 = (BroPacket *) 0 ; - BroPacket *result = 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_packet_clone",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_clone" "', argument " "1"" of type '" "BroPacket const *""'"); - } - arg1 = (BroPacket *)(argp1); - result = (BroPacket *)bro_packet_clone((struct bro_packet const *)arg1); - resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_bro_packet, 0 | 0 ); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_free(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroPacket *arg1 = (BroPacket *) 0 ; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_packet_free",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_free" "', argument " "1"" of type '" "BroPacket *""'"); - } - arg1 = (BroPacket *)(argp1); - bro_packet_free(arg1); - resultobj = SWIG_Py_Void(); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_bro_packet_send(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - BroConn *arg1 = (BroConn *) 0 ; - BroPacket *arg2 = (BroPacket *) 0 ; - int result; - void *argp1 = 0 ; - int res1 = 0 ; - void *argp2 = 0 ; - int res2 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OO:bro_packet_send",&obj0,&obj1)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_bro_conn, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_packet_send" "', argument " "1"" of type '" "BroConn *""'"); - } - arg1 = (BroConn *)(argp1); - res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_bro_packet, 0 | 0 ); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "bro_packet_send" "', argument " "2"" of type '" "BroPacket *""'"); - } - arg2 = (BroPacket *)(argp2); - result = (int)bro_packet_send(arg1,arg2); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - SWIGINTERN PyObject *_wrap_bro_util_current_time(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; double result; @@ -7684,344 +3326,42 @@ } -SWIGINTERN PyObject *_wrap_bro_util_timeval_to_double(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - struct timeval *arg1 = (struct timeval *) 0 ; - double result; - void *argp1 = 0 ; - int res1 = 0 ; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:bro_util_timeval_to_double",&obj0)) SWIG_fail; - res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_timeval, 0 | 0 ); - if (!SWIG_IsOK(res1)) { - SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "bro_util_timeval_to_double" "', argument " "1"" of type '" "struct timeval const *""'"); - } - arg1 = (struct timeval *)(argp1); - result = (double)bro_util_timeval_to_double((struct timeval const *)arg1); - resultobj = SWIG_From_double((double)(result)); - return resultobj; -fail: - return NULL; -} - - static PyMethodDef SwigMethods[] = { - { (char *)"BroCtx_lock_func_set", _wrap_BroCtx_lock_func_set, METH_VARARGS, NULL}, - { (char *)"BroCtx_lock_func_get", _wrap_BroCtx_lock_func_get, METH_VARARGS, NULL}, - { (char *)"BroCtx_id_func_set", _wrap_BroCtx_id_func_set, METH_VARARGS, NULL}, - { (char *)"BroCtx_id_func_get", _wrap_BroCtx_id_func_get, METH_VARARGS, NULL}, - { (char *)"BroCtx_dl_create_func_set", _wrap_BroCtx_dl_create_func_set, METH_VARARGS, NULL}, - { (char *)"BroCtx_dl_create_func_get", _wrap_BroCtx_dl_create_func_get, METH_VARARGS, NULL}, - { (char *)"BroCtx_dl_lock_func_set", _wrap_BroCtx_dl_lock_func_set, METH_VARARGS, NULL}, - { (char *)"BroCtx_dl_lock_func_get", _wrap_BroCtx_dl_lock_func_get, METH_VARARGS, NULL}, - { (char *)"BroCtx_dl_free_func_set", _wrap_BroCtx_dl_free_func_set, METH_VARARGS, NULL}, - { (char *)"BroCtx_dl_free_func_get", _wrap_BroCtx_dl_free_func_get, METH_VARARGS, NULL}, - { (char *)"new_BroCtx", _wrap_new_BroCtx, METH_VARARGS, NULL}, - { (char *)"delete_BroCtx", _wrap_delete_BroCtx, METH_VARARGS, NULL}, - { (char *)"BroCtx_swigregister", BroCtx_swigregister, METH_VARARGS, NULL}, - { (char *)"BroConnStats_tx_buflen_set", _wrap_BroConnStats_tx_buflen_set, METH_VARARGS, NULL}, - { (char *)"BroConnStats_tx_buflen_get", _wrap_BroConnStats_tx_buflen_get, METH_VARARGS, NULL}, - { (char *)"BroConnStats_rx_buflen_set", _wrap_BroConnStats_rx_buflen_set, METH_VARARGS, NULL}, - { (char *)"BroConnStats_rx_buflen_get", _wrap_BroConnStats_rx_buflen_get, METH_VARARGS, NULL}, - { (char *)"new_BroConnStats", _wrap_new_BroConnStats, METH_VARARGS, NULL}, - { (char *)"delete_BroConnStats", _wrap_delete_BroConnStats, METH_VARARGS, NULL}, - { (char *)"BroConnStats_swigregister", BroConnStats_swigregister, METH_VARARGS, NULL}, - { (char *)"BroString_str_len_set", _wrap_BroString_str_len_set, METH_VARARGS, NULL}, - { (char *)"BroString_str_len_get", _wrap_BroString_str_len_get, METH_VARARGS, NULL}, - { (char *)"BroString_str_val_set", _wrap_BroString_str_val_set, METH_VARARGS, NULL}, - { (char *)"BroString_str_val_get", _wrap_BroString_str_val_get, METH_VARARGS, NULL}, - { (char *)"new_BroString", _wrap_new_BroString, METH_VARARGS, NULL}, - { (char *)"delete_BroString", _wrap_delete_BroString, METH_VARARGS, NULL}, - { (char *)"BroString_swigregister", BroString_swigregister, METH_VARARGS, NULL}, - { (char *)"BroPort_port_num_set", _wrap_BroPort_port_num_set, METH_VARARGS, NULL}, - { (char *)"BroPort_port_num_get", _wrap_BroPort_port_num_get, METH_VARARGS, NULL}, - { (char *)"BroPort_port_proto_set", _wrap_BroPort_port_proto_set, METH_VARARGS, NULL}, - { (char *)"BroPort_port_proto_get", _wrap_BroPort_port_proto_get, METH_VARARGS, NULL}, - { (char *)"new_BroPort", _wrap_new_BroPort, METH_VARARGS, NULL}, - { (char *)"delete_BroPort", _wrap_delete_BroPort, METH_VARARGS, NULL}, - { (char *)"BroPort_swigregister", BroPort_swigregister, METH_VARARGS, NULL}, - { (char *)"BroSubnet_sn_net_set", _wrap_BroSubnet_sn_net_set, METH_VARARGS, NULL}, - { (char *)"BroSubnet_sn_net_get", _wrap_BroSubnet_sn_net_get, METH_VARARGS, NULL}, - { (char *)"BroSubnet_sn_width_set", _wrap_BroSubnet_sn_width_set, METH_VARARGS, NULL}, - { (char *)"BroSubnet_sn_width_get", _wrap_BroSubnet_sn_width_get, METH_VARARGS, NULL}, - { (char *)"new_BroSubnet", _wrap_new_BroSubnet, METH_VARARGS, NULL}, - { (char *)"delete_BroSubnet", _wrap_delete_BroSubnet, METH_VARARGS, NULL}, - { (char *)"BroSubnet_swigregister", BroSubnet_swigregister, METH_VARARGS, NULL}, - { (char *)"BroEvArg_arg_data_set", _wrap_BroEvArg_arg_data_set, METH_VARARGS, NULL}, - { (char *)"BroEvArg_arg_data_get", _wrap_BroEvArg_arg_data_get, METH_VARARGS, NULL}, - { (char *)"BroEvArg_arg_type_set", _wrap_BroEvArg_arg_type_set, METH_VARARGS, NULL}, - { (char *)"BroEvArg_arg_type_get", _wrap_BroEvArg_arg_type_get, METH_VARARGS, NULL}, - { (char *)"new_BroEvArg", _wrap_new_BroEvArg, METH_VARARGS, NULL}, - { (char *)"delete_BroEvArg", _wrap_delete_BroEvArg, METH_VARARGS, NULL}, - { (char *)"BroEvArg_swigregister", BroEvArg_swigregister, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_ev_name_set", _wrap_bro_ev_meta_ev_name_set, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_ev_name_get", _wrap_bro_ev_meta_ev_name_get, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_ev_ts_set", _wrap_bro_ev_meta_ev_ts_set, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_ev_ts_get", _wrap_bro_ev_meta_ev_ts_get, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_ev_numargs_set", _wrap_bro_ev_meta_ev_numargs_set, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_ev_numargs_get", _wrap_bro_ev_meta_ev_numargs_get, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_ev_args_set", _wrap_bro_ev_meta_ev_args_set, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_ev_args_get", _wrap_bro_ev_meta_ev_args_get, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_ev_start_set", _wrap_bro_ev_meta_ev_start_set, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_ev_start_get", _wrap_bro_ev_meta_ev_start_get, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_ev_end_set", _wrap_bro_ev_meta_ev_end_set, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_ev_end_get", _wrap_bro_ev_meta_ev_end_get, METH_VARARGS, NULL}, - { (char *)"new_bro_ev_meta", _wrap_new_bro_ev_meta, METH_VARARGS, NULL}, - { (char *)"delete_bro_ev_meta", _wrap_delete_bro_ev_meta, METH_VARARGS, NULL}, - { (char *)"bro_ev_meta_swigregister", bro_ev_meta_swigregister, METH_VARARGS, NULL}, - { (char *)"bro_packet_pkt_time_set", _wrap_bro_packet_pkt_time_set, METH_VARARGS, NULL}, - { (char *)"bro_packet_pkt_time_get", _wrap_bro_packet_pkt_time_get, METH_VARARGS, NULL}, - { (char *)"bro_packet_pkt_hdr_size_set", _wrap_bro_packet_pkt_hdr_size_set, METH_VARARGS, NULL}, - { (char *)"bro_packet_pkt_hdr_size_get", _wrap_bro_packet_pkt_hdr_size_get, METH_VARARGS, NULL}, - { (char *)"bro_packet_pkt_link_type_set", _wrap_bro_packet_pkt_link_type_set, METH_VARARGS, NULL}, - { (char *)"bro_packet_pkt_link_type_get", _wrap_bro_packet_pkt_link_type_get, METH_VARARGS, NULL}, - { (char *)"bro_packet_pkt_pcap_hdr_set", _wrap_bro_packet_pkt_pcap_hdr_set, METH_VARARGS, NULL}, - { (char *)"bro_packet_pkt_pcap_hdr_get", _wrap_bro_packet_pkt_pcap_hdr_get, METH_VARARGS, NULL}, - { (char *)"bro_packet_pkt_data_set", _wrap_bro_packet_pkt_data_set, METH_VARARGS, NULL}, - { (char *)"bro_packet_pkt_data_get", _wrap_bro_packet_pkt_data_get, METH_VARARGS, NULL}, - { (char *)"bro_packet_pkt_tag_set", _wrap_bro_packet_pkt_tag_set, METH_VARARGS, NULL}, - { (char *)"bro_packet_pkt_tag_get", _wrap_bro_packet_pkt_tag_get, METH_VARARGS, NULL}, - { (char *)"new_bro_packet", _wrap_new_bro_packet, METH_VARARGS, NULL}, - { (char *)"delete_bro_packet", _wrap_delete_bro_packet, METH_VARARGS, NULL}, - { (char *)"bro_packet_swigregister", bro_packet_swigregister, METH_VARARGS, NULL}, { (char *)"bro_init", _wrap_bro_init, METH_VARARGS, NULL}, - { (char *)"bro_ctx_init", _wrap_bro_ctx_init, METH_VARARGS, NULL}, - { (char *)"bro_conn_new", _wrap_bro_conn_new, METH_VARARGS, NULL}, { (char *)"bro_conn_new_str", _wrap_bro_conn_new_str, METH_VARARGS, NULL}, - { (char *)"bro_conn_new_socket", _wrap_bro_conn_new_socket, METH_VARARGS, NULL}, { (char *)"bro_conn_set_class", _wrap_bro_conn_set_class, METH_VARARGS, NULL}, - { (char *)"bro_conn_get_peer_class", _wrap_bro_conn_get_peer_class, METH_VARARGS, NULL}, - { (char *)"bro_conn_get_connstats", _wrap_bro_conn_get_connstats, METH_VARARGS, NULL}, { (char *)"bro_conn_connect", _wrap_bro_conn_connect, METH_VARARGS, NULL}, - { (char *)"bro_conn_reconnect", _wrap_bro_conn_reconnect, METH_VARARGS, NULL}, - { (char *)"bro_conn_delete", _wrap_bro_conn_delete, METH_VARARGS, NULL}, - { (char *)"bro_conn_alive", _wrap_bro_conn_alive, METH_VARARGS, NULL}, - { (char *)"bro_conn_adopt_events", _wrap_bro_conn_adopt_events, METH_VARARGS, NULL}, - { (char *)"bro_conn_get_fd", _wrap_bro_conn_get_fd, METH_VARARGS, NULL}, { (char *)"bro_conn_process_input", _wrap_bro_conn_process_input, METH_VARARGS, NULL}, - { (char *)"bro_conn_data_set", _wrap_bro_conn_data_set, METH_VARARGS, NULL}, - { (char *)"bro_conn_data_get", _wrap_bro_conn_data_get, METH_VARARGS, NULL}, - { (char *)"bro_conn_data_del", _wrap_bro_conn_data_del, METH_VARARGS, NULL}, + { (char *)"bro_event_queue_length", _wrap_bro_event_queue_length, METH_VARARGS, NULL}, { (char *)"bro_event_new", _wrap_bro_event_new, METH_VARARGS, NULL}, { (char *)"bro_event_free", _wrap_bro_event_free, METH_VARARGS, NULL}, { (char *)"bro_event_add_val", _wrap_bro_event_add_val, METH_VARARGS, NULL}, - { (char *)"bro_event_set_val", _wrap_bro_event_set_val, METH_VARARGS, NULL}, { (char *)"bro_event_send", _wrap_bro_event_send, METH_VARARGS, NULL}, - { (char *)"bro_event_send_raw", _wrap_bro_event_send_raw, METH_VARARGS, NULL}, - { (char *)"bro_event_queue_length", _wrap_bro_event_queue_length, METH_VARARGS, NULL}, - { (char *)"bro_event_queue_length_max", _wrap_bro_event_queue_length_max, METH_VARARGS, NULL}, - { (char *)"bro_event_queue_flush", _wrap_bro_event_queue_flush, METH_VARARGS, NULL}, - { (char *)"bro_event_registry_add", _wrap_bro_event_registry_add, METH_VARARGS, NULL}, { (char *)"bro_event_registry_add_compact", _wrap_bro_event_registry_add_compact, METH_VARARGS, NULL}, - { (char *)"bro_event_registry_remove", _wrap_bro_event_registry_remove, METH_VARARGS, NULL}, - { (char *)"bro_event_registry_request", _wrap_bro_event_registry_request, METH_VARARGS, NULL}, - { (char *)"bro_buf_new", _wrap_bro_buf_new, METH_VARARGS, NULL}, - { (char *)"bro_buf_free", _wrap_bro_buf_free, METH_VARARGS, NULL}, - { (char *)"bro_buf_append", _wrap_bro_buf_append, METH_VARARGS, NULL}, - { (char *)"bro_buf_consume", _wrap_bro_buf_consume, METH_VARARGS, NULL}, - { (char *)"bro_buf_reset", _wrap_bro_buf_reset, METH_VARARGS, NULL}, - { (char *)"bro_buf_get", _wrap_bro_buf_get, METH_VARARGS, NULL}, - { (char *)"bro_buf_get_end", _wrap_bro_buf_get_end, METH_VARARGS, NULL}, - { (char *)"bro_buf_get_size", _wrap_bro_buf_get_size, METH_VARARGS, NULL}, - { (char *)"bro_buf_get_used_size", _wrap_bro_buf_get_used_size, METH_VARARGS, NULL}, - { (char *)"bro_buf_ptr_get", _wrap_bro_buf_ptr_get, METH_VARARGS, NULL}, - { (char *)"bro_buf_ptr_tell", _wrap_bro_buf_ptr_tell, METH_VARARGS, NULL}, - { (char *)"bro_buf_ptr_seek", _wrap_bro_buf_ptr_seek, METH_VARARGS, NULL}, - { (char *)"bro_buf_ptr_check", _wrap_bro_buf_ptr_check, METH_VARARGS, NULL}, - { (char *)"bro_buf_ptr_read", _wrap_bro_buf_ptr_read, METH_VARARGS, NULL}, - { (char *)"bro_buf_ptr_write", _wrap_bro_buf_ptr_write, METH_VARARGS, NULL}, - { (char *)"bro_conf_set_domain", _wrap_bro_conf_set_domain, METH_VARARGS, NULL}, - { (char *)"bro_conf_get_int", _wrap_bro_conf_get_int, METH_VARARGS, NULL}, - { (char *)"bro_conf_get_dbl", _wrap_bro_conf_get_dbl, METH_VARARGS, NULL}, - { (char *)"bro_conf_get_str", _wrap_bro_conf_get_str, METH_VARARGS, NULL}, - { (char *)"bro_string_init", _wrap_bro_string_init, METH_VARARGS, NULL}, - { (char *)"bro_string_set", _wrap_bro_string_set, METH_VARARGS, NULL}, - { (char *)"bro_string_set_data", _wrap_bro_string_set_data, METH_VARARGS, NULL}, - { (char *)"bro_string_get_data", _wrap_bro_string_get_data, METH_VARARGS, NULL}, - { (char *)"bro_string_get_length", _wrap_bro_string_get_length, METH_VARARGS, NULL}, - { (char *)"bro_string_copy", _wrap_bro_string_copy, METH_VARARGS, NULL}, - { (char *)"bro_string_assign", _wrap_bro_string_assign, METH_VARARGS, NULL}, - { (char *)"bro_string_cleanup", _wrap_bro_string_cleanup, METH_VARARGS, NULL}, - { (char *)"bro_string_free", _wrap_bro_string_free, METH_VARARGS, NULL}, - { (char *)"bro_record_new", _wrap_bro_record_new, METH_VARARGS, NULL}, - { (char *)"bro_record_free", _wrap_bro_record_free, METH_VARARGS, NULL}, - { (char *)"bro_record_get_length", _wrap_bro_record_get_length, METH_VARARGS, NULL}, - { (char *)"bro_record_add_val", _wrap_bro_record_add_val, METH_VARARGS, NULL}, - { (char *)"bro_record_get_nth_val", _wrap_bro_record_get_nth_val, METH_VARARGS, NULL}, - { (char *)"bro_record_get_nth_name", _wrap_bro_record_get_nth_name, METH_VARARGS, NULL}, - { (char *)"bro_record_get_named_val", _wrap_bro_record_get_named_val, METH_VARARGS, NULL}, - { (char *)"bro_record_set_nth_val", _wrap_bro_record_set_nth_val, METH_VARARGS, NULL}, - { (char *)"bro_record_set_named_val", _wrap_bro_record_set_named_val, METH_VARARGS, NULL}, - { (char *)"bro_table_new", _wrap_bro_table_new, METH_VARARGS, NULL}, - { (char *)"bro_table_free", _wrap_bro_table_free, METH_VARARGS, NULL}, - { (char *)"bro_table_insert", _wrap_bro_table_insert, METH_VARARGS, NULL}, - { (char *)"bro_table_find", _wrap_bro_table_find, METH_VARARGS, NULL}, - { (char *)"bro_table_get_size", _wrap_bro_table_get_size, METH_VARARGS, NULL}, - { (char *)"bro_table_foreach", _wrap_bro_table_foreach, METH_VARARGS, NULL}, - { (char *)"bro_table_get_types", _wrap_bro_table_get_types, METH_VARARGS, NULL}, - { (char *)"bro_set_new", _wrap_bro_set_new, METH_VARARGS, NULL}, - { (char *)"bro_set_free", _wrap_bro_set_free, METH_VARARGS, NULL}, - { (char *)"bro_set_insert", _wrap_bro_set_insert, METH_VARARGS, NULL}, - { (char *)"bro_set_find", _wrap_bro_set_find, METH_VARARGS, NULL}, - { (char *)"bro_set_get_size", _wrap_bro_set_get_size, METH_VARARGS, NULL}, - { (char *)"bro_set_foreach", _wrap_bro_set_foreach, METH_VARARGS, NULL}, - { (char *)"bro_set_get_type", _wrap_bro_set_get_type, METH_VARARGS, NULL}, - { (char *)"bro_conn_set_packet_ctxt", _wrap_bro_conn_set_packet_ctxt, METH_VARARGS, NULL}, - { (char *)"bro_conn_get_packet_ctxt", _wrap_bro_conn_get_packet_ctxt, METH_VARARGS, NULL}, - { (char *)"bro_packet_new", _wrap_bro_packet_new, METH_VARARGS, NULL}, - { (char *)"bro_packet_clone", _wrap_bro_packet_clone, METH_VARARGS, NULL}, - { (char *)"bro_packet_free", _wrap_bro_packet_free, METH_VARARGS, NULL}, - { (char *)"bro_packet_send", _wrap_bro_packet_send, METH_VARARGS, NULL}, { (char *)"bro_util_current_time", _wrap_bro_util_current_time, METH_VARARGS, NULL}, - { (char *)"bro_util_timeval_to_double", _wrap_bro_util_timeval_to_double, METH_VARARGS, NULL}, { NULL, NULL, 0, NULL } }; /* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */ -static swig_type_info _swigt__p_bro_buf = {"_p_bro_buf", "BroBuf *|struct bro_buf *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_bro_conn = {"_p_bro_conn", "struct bro_conn *|BroConn *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_bro_conn_stats = {"_p_bro_conn_stats", "struct bro_conn_stats *|BroConnStats *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_bro_ctx = {"_p_bro_ctx", "struct bro_ctx *|BroCtx *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_bro_ev_arg = {"_p_bro_ev_arg", "struct bro_ev_arg *|BroEvArg *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_bro_ev_meta = {"_p_bro_ev_meta", "struct bro_ev_meta *|BroEvMeta *|bro_ev_meta *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_bro_event = {"_p_bro_event", "struct bro_event *|BroEvent *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_bro_packet = {"_p_bro_packet", "struct bro_packet *|bro_packet *|BroPacket *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_bro_port = {"_p_bro_port", "struct bro_port *|BroPort *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_bro_record = {"_p_bro_record", "struct bro_record *|BroRecord *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_bro_string = {"_p_bro_string", "struct bro_string *|BroString *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_bro_subnet = {"_p_bro_subnet", "struct bro_subnet *|BroSubnet *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_bro_table = {"_p_bro_table", "struct bro_table *|BroTable *|BroSet *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_BroCompactEventFunc = {"_p_BroCompactEventFunc", "BroCompactEventFunc *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_double = {"_p_double", "double *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_f_int_int_p_q_const__char_int__void = {"_p_f_int_int_p_q_const__char_int__void", "OpenSSL_lock_func|void (*)(int,int,char const *,int)", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_f_int_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void = {"_p_f_int_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void", "OpenSSL_dynlock_lock_func|void (*)(int,struct CRYPTO_dynlock_value *,char const *,int)", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_f_p_q_const__char_int__p_CRYPTO_dynlock_value = {"_p_f_p_q_const__char_int__p_CRYPTO_dynlock_value", "struct CRYPTO_dynlock_value *(*)(char const *,int)|OpenSSL_dynlock_create_func", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_f_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void = {"_p_f_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void", "OpenSSL_dynlock_free_func|void (*)(struct CRYPTO_dynlock_value *,char const *,int)", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_f_p_struct_bro_conn_p_void_p_struct_bro_ev_meta__void = {"_p_f_p_struct_bro_conn_p_void_p_struct_bro_ev_meta__void", "void (*)(struct bro_conn *,void *,struct bro_ev_meta *)|BroCompactEventFunc", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_f_p_struct_bro_conn_p_void_v_______void = {"_p_f_p_struct_bro_conn_p_void_v_______void", "void (*)(struct bro_conn *,void *,...)|BroEventFunc", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_f_p_void_p_void__int = {"_p_f_p_void_p_void__int", "int (*)(void *,void *)|BroSetCallback", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_f_p_void_p_void_p_void__int = {"_p_f_p_void_p_void_p_void__int", "int (*)(void *,void *,void *)|BroTableCallback", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_f_void__unsigned_long = {"_p_f_void__unsigned_long", "OpenSSL_thread_id_func|unsigned long (*)(void)", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_in_addr = {"_p_in_addr", "struct in_addr *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_int = {"_p_int", "int *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_pcap_pkthdr = {"_p_pcap_pkthdr", "struct pcap_pkthdr *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_timeval = {"_p_timeval", "struct timeval *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_u_char = {"_p_u_char", "u_char *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_uint = {"_p_uint", "uint *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "uchar *|unsigned char *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint32 *|unsigned int *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "uint16 *|unsigned short *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_void = {"_p_void", "void *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_void = {"_p_void", "void *|BroEvent *", 0, 0, (void*)0, 0}; static swig_type_info *swig_type_initial[] = { - &_swigt__p_bro_buf, - &_swigt__p_bro_conn, - &_swigt__p_bro_conn_stats, - &_swigt__p_bro_ctx, - &_swigt__p_bro_ev_arg, - &_swigt__p_bro_ev_meta, - &_swigt__p_bro_event, - &_swigt__p_bro_packet, - &_swigt__p_bro_port, - &_swigt__p_bro_record, - &_swigt__p_bro_string, - &_swigt__p_bro_subnet, - &_swigt__p_bro_table, + &_swigt__p_BroCompactEventFunc, &_swigt__p_char, - &_swigt__p_double, - &_swigt__p_f_int_int_p_q_const__char_int__void, - &_swigt__p_f_int_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void, - &_swigt__p_f_p_q_const__char_int__p_CRYPTO_dynlock_value, - &_swigt__p_f_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void, - &_swigt__p_f_p_struct_bro_conn_p_void_p_struct_bro_ev_meta__void, - &_swigt__p_f_p_struct_bro_conn_p_void_v_______void, - &_swigt__p_f_p_void_p_void__int, - &_swigt__p_f_p_void_p_void_p_void__int, - &_swigt__p_f_void__unsigned_long, - &_swigt__p_in_addr, - &_swigt__p_int, - &_swigt__p_pcap_pkthdr, - &_swigt__p_timeval, - &_swigt__p_u_char, - &_swigt__p_uint, - &_swigt__p_unsigned_char, - &_swigt__p_unsigned_int, - &_swigt__p_unsigned_short, &_swigt__p_void, }; -static swig_cast_info _swigc__p_bro_buf[] = { {&_swigt__p_bro_buf, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_bro_conn[] = { {&_swigt__p_bro_conn, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_bro_conn_stats[] = { {&_swigt__p_bro_conn_stats, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_bro_ctx[] = { {&_swigt__p_bro_ctx, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_bro_ev_arg[] = { {&_swigt__p_bro_ev_arg, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_bro_ev_meta[] = { {&_swigt__p_bro_ev_meta, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_bro_event[] = { {&_swigt__p_bro_event, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_bro_packet[] = { {&_swigt__p_bro_packet, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_bro_port[] = { {&_swigt__p_bro_port, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_bro_record[] = { {&_swigt__p_bro_record, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_bro_string[] = { {&_swigt__p_bro_string, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_bro_subnet[] = { {&_swigt__p_bro_subnet, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_bro_table[] = { {&_swigt__p_bro_table, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_BroCompactEventFunc[] = { {&_swigt__p_BroCompactEventFunc, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_double[] = { {&_swigt__p_double, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_f_int_int_p_q_const__char_int__void[] = { {&_swigt__p_f_int_int_p_q_const__char_int__void, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_f_int_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void[] = { {&_swigt__p_f_int_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_f_p_q_const__char_int__p_CRYPTO_dynlock_value[] = { {&_swigt__p_f_p_q_const__char_int__p_CRYPTO_dynlock_value, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_f_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void[] = { {&_swigt__p_f_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_f_p_struct_bro_conn_p_void_p_struct_bro_ev_meta__void[] = { {&_swigt__p_f_p_struct_bro_conn_p_void_p_struct_bro_ev_meta__void, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_f_p_struct_bro_conn_p_void_v_______void[] = { {&_swigt__p_f_p_struct_bro_conn_p_void_v_______void, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_f_p_void_p_void__int[] = { {&_swigt__p_f_p_void_p_void__int, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_f_p_void_p_void_p_void__int[] = { {&_swigt__p_f_p_void_p_void_p_void__int, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_f_void__unsigned_long[] = { {&_swigt__p_f_void__unsigned_long, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_in_addr[] = { {&_swigt__p_in_addr, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_pcap_pkthdr[] = { {&_swigt__p_pcap_pkthdr, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_timeval[] = { {&_swigt__p_timeval, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_u_char[] = { {&_swigt__p_u_char, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_uint[] = { {&_swigt__p_uint, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_void[] = { {&_swigt__p_void, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info *swig_cast_initial[] = { - _swigc__p_bro_buf, - _swigc__p_bro_conn, - _swigc__p_bro_conn_stats, - _swigc__p_bro_ctx, - _swigc__p_bro_ev_arg, - _swigc__p_bro_ev_meta, - _swigc__p_bro_event, - _swigc__p_bro_packet, - _swigc__p_bro_port, - _swigc__p_bro_record, - _swigc__p_bro_string, - _swigc__p_bro_subnet, - _swigc__p_bro_table, + _swigc__p_BroCompactEventFunc, _swigc__p_char, - _swigc__p_double, - _swigc__p_f_int_int_p_q_const__char_int__void, - _swigc__p_f_int_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void, - _swigc__p_f_p_q_const__char_int__p_CRYPTO_dynlock_value, - _swigc__p_f_p_struct_CRYPTO_dynlock_value_p_q_const__char_int__void, - _swigc__p_f_p_struct_bro_conn_p_void_p_struct_bro_ev_meta__void, - _swigc__p_f_p_struct_bro_conn_p_void_v_______void, - _swigc__p_f_p_void_p_void__int, - _swigc__p_f_p_void_p_void_p_void__int, - _swigc__p_f_void__unsigned_long, - _swigc__p_in_addr, - _swigc__p_int, - _swigc__p_pcap_pkthdr, - _swigc__p_timeval, - _swigc__p_u_char, - _swigc__p_uint, - _swigc__p_unsigned_char, - _swigc__p_unsigned_int, - _swigc__p_unsigned_short, _swigc__p_void, }; @@ -8091,7 +3431,7 @@ SWIG_InitializeModule(void *clientdata) { size_t i; swig_module_info *module_head, *iter; - int found, init; + int found; clientdata = clientdata; @@ -8101,9 +3441,6 @@ swig_module.type_initial = swig_type_initial; swig_module.cast_initial = swig_cast_initial; swig_module.next = &swig_module; - init = 1; - } else { - init = 0; } /* Try and load any already created modules */ @@ -8132,12 +3469,6 @@ module_head->next = &swig_module; } - /* When multiple interpeters are used, a module could have already been initialized in - a different interpreter, but not yet have a pointer in this interpreter. - In this case, we do not want to continue adding types... everything should be - set up already */ - if (init == 0) return; - /* Now work on filling in swig_module.types */ #ifdef SWIGRUNTIME_DEBUG printf("SWIG_InitializeModule: size %d\n", swig_module.size); @@ -8552,11 +3883,6 @@ SWIG_InstallConstants(d,swig_const_table); - PyDict_SetItemString(d,(char*)"cvar", SWIG_globals()); - SWIG_addvarlink(SWIG_globals(),(char*)"bro_debug_calltrace",Swig_var_bro_debug_calltrace_get, Swig_var_bro_debug_calltrace_set); - SWIG_addvarlink(SWIG_globals(),(char*)"bro_debug_messages",Swig_var_bro_debug_messages_get, Swig_var_bro_debug_messages_set); - SWIG_Python_SetConstant(d, "FALSE",SWIG_From_int((int)((0)))); - SWIG_Python_SetConstant(d, "TRUE",SWIG_From_int((int)((!(0))))); SWIG_Python_SetConstant(d, "BRO_TYPE_UNKNOWN",SWIG_From_int((int)(0))); SWIG_Python_SetConstant(d, "BRO_TYPE_BOOL",SWIG_From_int((int)(1))); SWIG_Python_SetConstant(d, "BRO_TYPE_INT",SWIG_From_int((int)(2))); From jklemenc at fnal.gov Thu Feb 11 10:50:38 2010 From: jklemenc at fnal.gov (Joe Klemencic) Date: Thu, 11 Feb 2010 12:50:38 -0600 Subject: [Bro] Fwd: Crash report from bro Message-ID: <4B74517E.4030603@fnal.gov> I have been getting the crash report below on a new Bro installation: Ubuntu Karmic Bro 1.5.1 This happens whenever broctl cron is run. Any pointers would be appreciated since I am new to the Bro world, and have been struggling with the lack of documentation for 1.5.1. Thanks, Joe -------- Original Message -------- Subject: [Bro] Crash report from bro warning: Can't read pathname for load map: Input/output error. ==== stderr.log listening on eth5 /usr/local/bro/share/broctl/scripts/run-bro: line 73: 27429 Segmentation fault (core dumped) nohup $tmpbro $@ ==== stdout.log ==== .status RUNNING [net_run] ==== No prof.log. core Core was generated by `/usr/local/bro/spool/tmp/bro -i eth5 -U .status -p broctl -p standalone -p loca'. Program terminated with signal 11, Segmentation fault. #0 FragTimer::ClearReassembler (this=0x11ae9c70) at Frag.h:62 62 void ClearReassembler() { f = 0; } -- [Automatically generated.] -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4006 bytes Desc: S/MIME Cryptographic Signature Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100211/c815f97d/attachment.bin From robin at icir.org Thu Feb 11 12:24:45 2010 From: robin at icir.org (Robin Sommer) Date: Thu, 11 Feb 2010 12:24:45 -0800 Subject: [Bro] Fwd: Crash report from bro In-Reply-To: <4B74517E.4030603@fnal.gov> References: <4B74517E.4030603@fnal.gov> Message-ID: <20100211202445.GA2578@icir.org> On Thu, Feb 11, 2010 at 12:50 -0600, Joe Klemencic wrote: > This happens whenever broctl cron is run. That's only a symptom: "broctl cron" checks whether Bro has crashed; if so, it mails out the crash report. The crash itself is quite certainly not triggered by "cron" but has occured earlier. > Program terminated with signal 11, Segmentation fault. > #0 FragTimer::ClearReassembler (this=0x11ae9c70) at Frag.h:62 > 62 void ClearReassembler() { f = 0; } Don't know what's causing this but it seems to be related to IP fragments in some form. Are you able to reproduce this offline from a trace captured with tcpdump? Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From jmellander at lbl.gov Thu Feb 11 12:36:40 2010 From: jmellander at lbl.gov (Jim Mellander) Date: Thu, 11 Feb 2010 12:36:40 -0800 Subject: [Bro] SQL usage in Bro Message-ID: <4B746A58.8070101@lbl.gov> Hi Brolist & especially Seth: I've created a Bro policy called 'stomper.bro' which matches http requests against a blacklist (and acts appropriately, issuing temporary host-pair blocks to prevent access to forbidden URLs), which is loaded when bro starts up - the data structure is sufficiently crude that it loads ~ 700k urls in 5 seconds, but is inefficient in usage, although I've thought about amortizing the conversion of the simple structure into a more efficient one during the bro run (the first time a hit is made to a particular domain, convert it to a more efficient representation on the fly). However, I've thought about databasizing this, either via a broccoli enabled 'oracle' program, fed URLs and returning bro events signifying actions to take, or using the database extensions Seth has added to the bro code to access a persistent database instead. Does anyone have any information on performance metrics of the postgresql bindings for bro, both with the sql server on localhost, and being on a remote box (might be accessed by multiple bros)? I would be interested particularly in the rate of requests that can be handled and answered, and the latency (obviously, doing realtime blocking of forbidden domains requires near-instantaneous response). Thanks in advance -- Jim Mellander Incident Response Manager Computer Protection Program Lawrence Berkeley National Laboratory (510) 486-7204 The reason you are having computer problems is: We're on Token Ring, and it looks like the token got loose. From hall.692 at osu.edu Thu Feb 11 12:40:30 2010 From: hall.692 at osu.edu (Seth Hall) Date: Thu, 11 Feb 2010 15:40:30 -0500 Subject: [Bro] Fwd: Crash report from bro In-Reply-To: <20100211202445.GA2578@icir.org> References: <4B74517E.4030603@fnal.gov> <20100211202445.GA2578@icir.org> Message-ID: <22C2BAE0-4C68-4BF8-A53E-BFA60378AB6F@osu.edu> On Feb 11, 2010, at 3:24 PM, Robin Sommer wrote: > > On Thu, Feb 11, 2010 at 12:50 -0600, Joe Klemencic wrote: > >> This happens whenever broctl cron is run. > > That's only a symptom: "broctl cron" checks whether Bro has crashed; > if so, it mails out the crash report. The crash itself is quite > certainly not triggered by "cron" but has occured earlier. > >> Program terminated with signal 11, Segmentation fault. >> #0 FragTimer::ClearReassembler (this=0x11ae9c70) at Frag.h:62 >> 62 void ClearReassembler() { f = 0; } > > Don't know what's causing this but it seems to be related to IP > fragments in some form. Are you able to reproduce this offline from > a trace captured with tcpdump? I've seen lots of crashes in strange places when my analyzers are severely overworked. Are yours running close to 100% CPU usage? Sometimes it will be difficult to tell though if you see occasional dramatic spikes. .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From jklemenc at fnal.gov Thu Feb 11 13:09:12 2010 From: jklemenc at fnal.gov (Joe Klemencic) Date: Thu, 11 Feb 2010 15:09:12 -0600 Subject: [Bro] Fwd: Crash report from bro In-Reply-To: <32E412533D42EF41ACBCFA96B6C230F401232031A816@SUEX07-MBX-07.ad.syr.edu> References: <4B74517E.4030603@fnal.gov> <32E412533D42EF41ACBCFA96B6C230F401232031A816@SUEX07-MBX-07.ad.syr.edu> Message-ID: <4B7471F8.9030505@fnal.gov> I am running on dual Quad-Core AMD Opteron Processor 2378 hardware, and CPU usage is very low. It is running against a 1GB interface fed from a 1GB buffered feed. I'll try the use_connection_compressor and see how it goes. Joe On 02/11/2010 02:26 PM, Louis F Ruppert wrote: > You wouldn't happen to be running on non-intel hardware, would you? I get a similar error when running it on a rack full of ultrasparc based Netra servers. I suspect there may be some parts of bro that are not terribly architecture independent. The following put in your local.bro file serves as a workaround: > > use_connection_compressor=F > > -Lou > > -- > Lou Ruppert > Intrusion Analyst, GCFA > Information Security > Syracuse University > ________________________________________ > From: bro-bounces at ICSI.Berkeley.EDU [bro-bounces at ICSI.Berkeley.EDU] On Behalf Of Joe Klemencic [jklemenc at fnal.gov] > Sent: Thursday, February 11, 2010 1:50 PM > To: bro at bro-ids.org > Subject: [Bro] Fwd: Crash report from bro > > I have been getting the crash report below on a new Bro installation: > Ubuntu Karmic > Bro 1.5.1 > > This happens whenever broctl cron is run. > > Any pointers would be appreciated since I am new to the Bro world, and > have been struggling with the lack of documentation for 1.5.1. > > Thanks, > Joe > > -------- Original Message -------- > Subject: [Bro] Crash report from bro > > > warning: Can't read pathname for load map: Input/output error. > ==== stderr.log > listening on eth5 > /usr/local/bro/share/broctl/scripts/run-bro: line 73: 27429 Segmentation > fault (core dumped) nohup $tmpbro $@ > ==== stdout.log > > ==== .status > RUNNING [net_run] > > ==== No prof.log. > > core > Core was generated by `/usr/local/bro/spool/tmp/bro -i eth5 -U .status > -p broctl -p standalone -p loca'. > Program terminated with signal 11, Segmentation fault. > #0 FragTimer::ClearReassembler (this=0x11ae9c70) at Frag.h:62 > 62 void ClearReassembler() { f = 0; } > > -- > [Automatically generated.] > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4006 bytes Desc: S/MIME Cryptographic Signature Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100211/369c2250/attachment.bin From sroddy at ligo-la.caltech.edu Thu Feb 11 13:14:56 2010 From: sroddy at ligo-la.caltech.edu (Shannon Roddy) Date: Thu, 11 Feb 2010 15:14:56 -0600 Subject: [Bro] Capture bulk traces with Bro. In-Reply-To: <89540455-3959-48CB-AAFC-10CB1949DDA8@osu.edu> References: <628233b11002110743v285e99b2uddd5a3b627eb7a52@mail.gmail.com> <89540455-3959-48CB-AAFC-10CB1949DDA8@osu.edu> Message-ID: <4B747350.9000601@ligo-la.caltech.edu> Seth Hall wrote: > On Feb 11, 2010, at 10:43 AM, Luca Renaud wrote: > >> I have read some of Bro's docs and a script named start-capture-all >> is pointed as a method to help capture >> bulk traces with Bro.However that script is not present in Bro-1.5.1 >> distribution as I know.So,was the function >> it was supposed to do transferred to broctl ? >> Right now,what is the better method to capture bulk traces for >> offline analysis (not using tcpdump) just >> using Bro. > > > There is a command line argument for it... > -w|--writefile | write to given tcpdump file > > Why are you interested in using Bro for capturing your bulk traces? > It seems like it would make more sense to stick with something like > Time Machine[1], tcpdump, or DaemonLogger[2]. tshark is also useful for captures... http://www.wireshark.org/docs/man-pages/tshark.html > > .Seth > > 1. http://www.net.t-labs.tu-berlin.de/research/tm/ > 2. http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html > > --- > Seth Hall > Network Security - Office of the CIO > The Ohio State University > Phone: 614-292-9721 > > _______________________________________________ > Bro mailing list > bro at bro-ids.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro From hall.692 at osu.edu Thu Feb 11 13:41:03 2010 From: hall.692 at osu.edu (Seth Hall) Date: Thu, 11 Feb 2010 16:41:03 -0500 Subject: [Bro] SQL usage in Bro In-Reply-To: <4B746A58.8070101@lbl.gov> References: <4B746A58.8070101@lbl.gov> Message-ID: <12040BDF-3357-44EE-B616-B8E07EEE7FA6@osu.edu> On Feb 11, 2010, at 3:36 PM, Jim Mellander wrote: > However, I've thought about databasizing this, either via a broccoli > enabled > 'oracle' program, fed URLs and returning bro events signifying > actions to take, > or using the database extensions Seth has added to the bro code to > access a > persistent database instead. Heh. I *wish* the database extension was finished. :) It's close, but it doesn't quite work yet. > Does anyone have any information on performance metrics of the > postgresql > bindings for bro, both with the sql server on localhost, and being > on a remote > box (might be accessed by multiple bros)? The way I've been implementing it is that performance of the database wouldn't have much of an impact on anything. It's currently implemented to behave asynchronously where a query is executed and as the data becomes available it is inserted into a hidden internal copy of the variable. Once the query is done returning data, the hidden variable is assigned overtop of the original variable with all of the potentially new data. The timers then continue on and do any other database backed variables that may need to be updated with the same process. It seems that you may be confused about how it works though. What I'm implementing is just for pulling data into variables on a interval. Here's an example..... global bad_urls: set[string] &query="SELECT url FROM bad_urls" &query_interval=1hour; That will place the elements from the single field returned from the query into the string set every hour (replacing the previous data). It's not the end-all solution that people are looking for I think, but it's part of it for sure. .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From JAzoff at uamail.albany.edu Thu Feb 11 14:02:38 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Thu, 11 Feb 2010 17:02:38 -0500 Subject: [Bro] SQL usage in Bro In-Reply-To: <12040BDF-3357-44EE-B616-B8E07EEE7FA6@osu.edu> References: <4B746A58.8070101@lbl.gov> <12040BDF-3357-44EE-B616-B8E07EEE7FA6@osu.edu> Message-ID: <20100211220237.GN14107@datacomm.albany.edu> On Thu, Feb 11, 2010 at 04:41:03PM -0500, Seth Hall wrote: > global bad_urls: set[string] &query="SELECT url FROM bad_urls" > &query_interval=1hour; Interesting.. I was thinking about doing something like this just using broccoli.. start with a plain.. global bad_urls: set[string]; add new events similar to request_id... event set_add(tbl: string, key: string); event set_remove(tbl: string, key: string); event table_add(tbl: string, key: string, val: string); event table_remove(tbl: string, key: string); then you would have code that uses broccoli that selects the rows from the DB and fires off events like set_add("bad_urls", "http://example.com/") This way you could use any database, or even just a flatfile for storing bad urls.. all the logic for getting the actual records would be implemented in python(or C or Ruby...), the only changes to bro would be the new set and table events. -- -- Justin Azoff -- Network Security & Performance Analyst -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100211/2a38151c/attachment.bin From jmellander at lbl.gov Thu Feb 11 14:04:13 2010 From: jmellander at lbl.gov (Jim Mellander) Date: Thu, 11 Feb 2010 14:04:13 -0800 Subject: [Bro] SQL usage in Bro In-Reply-To: <12040BDF-3357-44EE-B616-B8E07EEE7FA6@osu.edu> References: <4B746A58.8070101@lbl.gov> <12040BDF-3357-44EE-B616-B8E07EEE7FA6@osu.edu> Message-ID: <4B747EDD.20709@lbl.gov> Seth Hall wrote: > > On Feb 11, 2010, at 3:36 PM, Jim Mellander wrote: > >> However, I've thought about databasizing this, either via a broccoli >> enabled >> 'oracle' program, fed URLs and returning bro events signifying actions >> to take, >> or using the database extensions Seth has added to the bro code to >> access a >> persistent database instead. > > Heh. I *wish* the database extension was finished. :) It's close, but > it doesn't quite work yet. > >> Does anyone have any information on performance metrics of the postgresql >> bindings for bro, both with the sql server on localhost, and being on >> a remote >> box (might be accessed by multiple bros)? > > The way I've been implementing it is that performance of the database > wouldn't have much of an impact on anything. It's currently implemented > to behave asynchronously where a query is executed and as the data > becomes available it is inserted into a hidden internal copy of the > variable. Once the query is done returning data, the hidden variable is > assigned overtop of the original variable with all of the potentially > new data. The timers then continue on and do any other database backed > variables that may need to be updated with the same process. > > It seems that you may be confused about how it works though. What I'm > implementing is just for pulling data into variables on a interval. > Here's an example..... > > global bad_urls: set[string] &query="SELECT url FROM bad_urls" > &query_interval=1hour; > > That will place the elements from the single field returned from the > query into the string set every hour (replacing the previous data). > It's not the end-all solution that people are looking for I think, but > it's part of it for sure. > > .Seth > Well, thats cool in a different way than I envisioned - I assumed you could issue a query and an event would be raised when the results were available. This is closer the the idea of databased-backed persistent variables, although on a timed basis. Is there some way that an immediate refresh can be requested by bro, e.g. when the backing database changes, sending an event to bro which can then trigger a refresh on the dataset? I'm thinking the paradigm you are using may work for my application, with a few tweaks.... Thanks in advance. -- Jim Mellander Incident Response Manager Computer Protection Program Lawrence Berkeley National Laboratory (510) 486-7204 The reason you are having computer problems is: The Internet is being scanned for viruses. From hall.692 at osu.edu Fri Feb 12 04:01:29 2010 From: hall.692 at osu.edu (Seth Hall) Date: Fri, 12 Feb 2010 07:01:29 -0500 Subject: [Bro] SQL usage in Bro In-Reply-To: <4B747EDD.20709@lbl.gov> References: <4B746A58.8070101@lbl.gov> <12040BDF-3357-44EE-B616-B8E07EEE7FA6@osu.edu> <4B747EDD.20709@lbl.gov> Message-ID: <6C1570D0-E504-4B3F-8B59-2B1CB689C779@osu.edu> I love that this stuff is finally being discussed. :) On Feb 11, 2010, at 5:04 PM, Jim Mellander wrote: > Is there some way that an immediate refresh can be requested > by bro, e.g. when the backing database changes, sending an event to > bro which > can then trigger a refresh on the dataset? I think this could be accommodated by calling a function which would kick off the update immediately. You could wrap the function inside an event handler and then you'd have something that broctl could call. > I'm thinking the paradigm you are using may work for my application, > with a few > tweaks.... The only thing I don't really how to handle the opposite direction. I can't come up with a clean syntax for pushing back into a database. It would be great if you could do... add bad_urls["http://www.microsoft.com/"]; ... and the URL would get pushed into the database. You could use my bro-dblogger project to do it, but you'd have to do the "add" like above in addition to... event db_log("bad_urls", [$url="http://www.microsoft.com/"]; It's kind of messy, but maybe it's not as bad as I'm thinking. .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From ssm_as at yahoo.com Fri Feb 12 07:36:38 2010 From: ssm_as at yahoo.com (ssm_as) Date: Fri, 12 Feb 2010 07:36:38 -0800 (PST) Subject: [Bro] Using Bro IDS in offline analysis Message-ID: <769632.61079.qm@web31505.mail.mud.yahoo.com> Hello, Finally, I installed bro IDS (1.5.1) on my Ubuntu(9.10) machine. Of course, that after the useful information I got from this mailing list. Thanks you all So after: ./configure make make install-broctl I did not do nay sort of configuration this because I am not sure what should I do. I do not want to use Bro for intrusion detection in real time. I am more interested in using it in forensics and intrusion analysis. Shortly, I have several network binary file is PCAP and TCPDUMP format. I want to parse these files with Bro and get the bro alerts in machine readab;e format (txt, csv, or whaterver). 1- Is that possible ( Usually I use snort and it is very easy to accomplish but I am planning to compare between Snort and Bro)? 2- What are the configurations that I need? Thanks, Sherif Saad ? ?? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100212/b2a3afcf/attachment.html From JAzoff at uamail.albany.edu Fri Feb 12 08:54:03 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Fri, 12 Feb 2010 11:54:03 -0500 Subject: [Bro] Using Bro IDS in offline analysis In-Reply-To: <769632.61079.qm@web31505.mail.mud.yahoo.com> References: <769632.61079.qm@web31505.mail.mud.yahoo.com> Message-ID: <20100212165402.GC32097@datacomm.albany.edu> On Fri, Feb 12, 2010 at 07:36:38AM -0800, ssm_as wrote: > Shortly, I have several network binary file is PCAP and TCPDUMP format. I > want to parse these files with Bro and get the bro alerts in machine readab;e > format (txt, csv, or whaterver). > > 1- Is that possible ( Usually I use snort and it is very easy to accomplish > but I am planning to compare between Snort and Bro)? Definitely! > 2- What are the configurations that I need? Not much... bro -f 'ip' -C -r your.pcap brolite will run 'your.pcap' through bro while loading the brolite policy(which loads most things) you could run it through specific policies by just running something like bro -f 'ip' -C -r your.pcap http-request smtp irc That should get you started.. you'll probably want to start writing your own policy scripts to detect the specific things you are looking for and output them in the format you want. -- -- Justin Azoff -- Network Security & Performance Analyst From jmellander at lbl.gov Fri Feb 12 11:33:56 2010 From: jmellander at lbl.gov (Jim Mellander) Date: Fri, 12 Feb 2010 11:33:56 -0800 Subject: [Bro] SQL usage in Bro In-Reply-To: <6C1570D0-E504-4B3F-8B59-2B1CB689C779@osu.edu> References: <4B746A58.8070101@lbl.gov> <12040BDF-3357-44EE-B616-B8E07EEE7FA6@osu.edu> <4B747EDD.20709@lbl.gov> <6C1570D0-E504-4B3F-8B59-2B1CB689C779@osu.edu> Message-ID: <4B75AD24.5060407@lbl.gov> Thanks Seth: Seth Hall wrote: > I love that this stuff is finally being discussed. :) > > On Feb 11, 2010, at 5:04 PM, Jim Mellander wrote: >> Is there some way that an immediate refresh can be requested >> by bro, e.g. when the backing database changes, sending an event to >> bro which >> can then trigger a refresh on the dataset? > > I think this could be accommodated by calling a function which would > kick off the update immediately. You could wrap the function inside an > event handler and then you'd have something that broctl could call. The event handling part is a piece of cake, but I'm unclear on how to 'kick off the update immediately', which I presume is part of your patch. Do you have further data on that piece of the puzzle? > >> I'm thinking the paradigm you are using may work for my application, >> with a few >> tweaks.... > > > The only thing I don't really how to handle the opposite direction. I > can't come up with a clean syntax for pushing back into a database. It > would be great if you could do... > add bad_urls["http://www.microsoft.com/"]; > ... and the URL would get pushed into the database. You could use my > bro-dblogger project to do it, but you'd have to do the "add" like above > in addition to... > event db_log("bad_urls", [$url="http://www.microsoft.com/"]; > > It's kind of messy, but maybe it's not as bad as I'm thinking. > > .Seth > For my application, it isn't necessarily essential to write back to the database, although it would be nice to have statistics columns that could be updated as hits occur - could do that via a brocolli enabled external database helper app. Off the top of my head, tho', as far as pushing back to the database, why not the same syntax as you are using, with an update sql command, and interval along with an invisible 'modified' flag per row, so that only rows which were actually modified were written back???? Still not a true database backed table, but closer... (now if bro supported OOP..., aw never mind.......) -- Jim Mellander Incident Response Manager Computer Protection Program Lawrence Berkeley National Laboratory (510) 486-7204 The reason you are having computer problems is: We're on Token Ring, and it looks like the token got loose. From hall.692 at osu.edu Fri Feb 12 11:50:14 2010 From: hall.692 at osu.edu (Seth Hall) Date: Fri, 12 Feb 2010 14:50:14 -0500 Subject: [Bro] SQL usage in Bro In-Reply-To: <4B75AD24.5060407@lbl.gov> References: <4B746A58.8070101@lbl.gov> <12040BDF-3357-44EE-B616-B8E07EEE7FA6@osu.edu> <4B747EDD.20709@lbl.gov> <6C1570D0-E504-4B3F-8B59-2B1CB689C779@osu.edu> <4B75AD24.5060407@lbl.gov> Message-ID: <4CD1E7FF-2ED6-46EF-BEB5-336DC0CB5ACF@osu.edu> On Feb 12, 2010, at 2:33 PM, Jim Mellander wrote: > The event handling part is a piece of cake, but I'm unclear on how > to 'kick off > the update immediately', which I presume is part of your patch. Do > you have > further data on that piece of the puzzle? My thought would be that you could do something like... > broctl db_update bad_urls That would throw an event named db_update to one or all of the hosts (still haven't decided on this yet) which would be handled like this (theoretically)... event db_update(var) { force_db_update(var); } The force_db_update function could be a built-in-function that would lookup the variable named by the value of the string "var" and force it do update from the database. > could do that via a brocolli enabled external database > helper app. Like bro_dblogger maybe? http://github.com/sethhall/bro-dblogger The syntax I gave in my previous email works for the dblogger project. > Off the top of my head, tho', as far as pushing back to the > database, why not > the same syntax as you are using, with an update sql command, and > interval along > with an invisible 'modified' flag per row, so that only rows which > were actually > modified were written back???? Still not a true database backed > table, but > closer... (now if bro supported OOP..., aw never mind.......) Maybe if there was an attribute to attach to tables and sets to indicate that you'd like to throw an event when an item is added? Off the top of my head now... function new_bad_url(val: string) { event db_log("bad_urls", [$url=val]); } global bad_urls: set[string] &add_func=new_bad_url; Alternatively, that could be written as: global bad_urls: set[string] &add_func=function(val: string) { event db_log("bad_urls", [$url=val]); }; That should work and I don't *think* it would be very difficult to write the &add_func attribute. And it fits right alongside the existing &expire_func attribute. :) .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From jmellander at lbl.gov Fri Feb 12 13:39:11 2010 From: jmellander at lbl.gov (Jim Mellander) Date: Fri, 12 Feb 2010 13:39:11 -0800 Subject: [Bro] SQL usage in Bro In-Reply-To: <4CD1E7FF-2ED6-46EF-BEB5-336DC0CB5ACF@osu.edu> References: <4B746A58.8070101@lbl.gov> <12040BDF-3357-44EE-B616-B8E07EEE7FA6@osu.edu> <4B747EDD.20709@lbl.gov> <6C1570D0-E504-4B3F-8B59-2B1CB689C779@osu.edu> <4B75AD24.5060407@lbl.gov> <4CD1E7FF-2ED6-46EF-BEB5-336DC0CB5ACF@osu.edu> Message-ID: <4B75CA7F.9070401@lbl.gov> Seth Hall wrote: > > My thought would be that you could do something like... > > > broctl db_update bad_urls > > That would throw an event named db_update to one or all of the hosts > (still haven't decided on this yet) which would be handled like this > (theoretically)... > > event db_update(var) > { > force_db_update(var); > } > > The force_db_update function could be a built-in-function that would > lookup the variable named by the value of the string "var" and force > it do update from the database. > Ok, I presume the force_db_update() function is a yet-to-be-created function. The same practical effect would seem to be accrued if there was a way to access the timer, and force an immediate expiration, or if the syntax of the declaration was changed, e.g. your example: global bad_urls: set[string] &query="SELECT url FROM bad_urls" &query_interval=1hour; perhaps could be augmented with an event, ala global bad_urls: set[string] &query="SELECT url FROM bad_urls" &query_interval=1hour &query_event=update_badurls; which would then allow script-level access to the updating process. Perhaps we can work together on this? -- Jim Mellander Incident Response Manager Computer Protection Program Lawrence Berkeley National Laboratory (510) 486-7204 The reason you are having computer problems is: Decreasing electron flux From christian at whoop.org Fri Feb 12 18:13:51 2010 From: christian at whoop.org (Christian Kreibich) Date: Fri, 12 Feb 2010 18:13:51 -0800 Subject: [Bro] Bro bug tracker currently offline Message-ID: <1266027231.19580.618.camel@localhost.localdomain> We're upgrading our systems. Sorry for any inconvenience caused. -- Cheers, Christian From vern at icir.org Sun Feb 14 10:25:50 2010 From: vern at icir.org (Vern Paxson) Date: Sun, 14 Feb 2010 10:25:50 -0800 Subject: [Bro] SQL usage in Bro In-Reply-To: <4CD1E7FF-2ED6-46EF-BEB5-336DC0CB5ACF@osu.edu> (Fri, 12 Feb 2010 14:50:14 EST). Message-ID: <201002141825.o1EIPoOd007481@pork.ICSI.Berkeley.EDU> > the top of my head now... > > function new_bad_url(val: string) > { > event db_log("bad_urls", [$url=val]); > } > global bad_urls: set[string] &add_func=new_bad_url; > > Alternatively, that could be written as: > global bad_urls: set[string] &add_func=function(val: string) { event > db_log("bad_urls", [$url=val]); }; Yeah, that was just the approach I was thinking of too while catching up on this thread. (Well, maybe tweaked slightly so that the &add_func function returns the value to *actually* put in the set, if any.) Vern From vern at icir.org Sun Feb 14 11:22:53 2010 From: vern at icir.org (Vern Paxson) Date: Sun, 14 Feb 2010 11:22:53 -0800 Subject: [Bro] Using Bro IDS in offline analysis In-Reply-To: <20100212165402.GC32097@datacomm.albany.edu> (Fri, 12 Feb 2010 11:54:03 EST). Message-ID: <201002141922.o1EJMrlI008092@pork.ICSI.Berkeley.EDU> > bro -f 'ip' -C -r your.pcap brolite > > will run 'your.pcap' through bro while loading the brolite policy(which loads most things) Yep. A minor nit: you shouldn't need "-f ip", as analysis scripts generally include a tcpdump filter for the packets of interest; and you shouldn't need -C *unless* the capture has bad checksums (which is usually not the case, but can be for systems that are recording their own traffic, for example). Vern From hall.692 at osu.edu Mon Feb 15 11:25:00 2010 From: hall.692 at osu.edu (Seth Hall) Date: Mon, 15 Feb 2010 14:25:00 -0500 Subject: [Bro] SQL usage in Bro In-Reply-To: <4B75CA7F.9070401@lbl.gov> References: <4B746A58.8070101@lbl.gov> <12040BDF-3357-44EE-B616-B8E07EEE7FA6@osu.edu> <4B747EDD.20709@lbl.gov> <6C1570D0-E504-4B3F-8B59-2B1CB689C779@osu.edu> <4B75AD24.5060407@lbl.gov> <4CD1E7FF-2ED6-46EF-BEB5-336DC0CB5ACF@osu.edu> <4B75CA7F.9070401@lbl.gov> Message-ID: <138E77A9-071A-4D9B-818D-A68D7915A8DD@osu.edu> On Feb 12, 2010, at 4:39 PM, Jim Mellander wrote: > perhaps could be augmented with an event, ala > > global bad_urls: set[string] &query="SELECT url FROM bad_urls" > &query_interval=1hour &query_event=update_badurls; > > which would then allow script-level access to the updating process. In your example, when would the event attached to the &query_event attribute be raised and what arguments would be passed into it? > Perhaps we can work together on this? That would be great. It sounds like you're working on the sort of stuff I've been doing for a while where you're trying to take external intelligence and use it to it's full extent within Bro. I'm working on an intelligence framework for integrating that sort of intelligence now, would you be interested in reframing our discussion more in that light since it appears what both of our goals are? .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From Tyler.Schoenke at colorado.edu Tue Feb 16 13:41:42 2010 From: Tyler.Schoenke at colorado.edu (Tyler Schoenke) Date: Tue, 16 Feb 2010 14:41:42 -0700 Subject: [Bro] error: script must be run on manager node Message-ID: <4B7B1116.8050504@colorado.edu> I just installed Bro on Linux, CentOS 5.3 x86_64, and am getting this error message when Bro tries to restart from cron. I can start Bro fine from the command line. Any ideas? Subject: Cron /usr/local/bro/bin/broctl cron Content-Type: text/plain; charset=UTF-8 Auto-Submitted: auto-generated X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: error: script must be run on manager node Previously, I was getting this error when trying to start the cluster via the command line, but I fixed it by renaming the host from the FQDN to just the hostname without the domain extension. On a sidenote, I switched from using the BPF filer within Bro to using Click! to distribute the traffic, and the eight workers are now showing a 6-12% drop rate down from 40-50% drop rate. Tyler -- -- Tyler Schoenke Network Security Analyst IT Security Office University of Colorado - Boulder From Tyler.Schoenke at colorado.edu Tue Feb 16 15:15:08 2010 From: Tyler.Schoenke at colorado.edu (Tyler Schoenke) Date: Tue, 16 Feb 2010 16:15:08 -0700 Subject: [Bro] error: script must be run on manager node In-Reply-To: <4B7B1116.8050504@colorado.edu> References: <4B7B1116.8050504@colorado.edu> Message-ID: <4B7B26FC.20509@colorado.edu> Never mind, I got it working by adding /sbin and /usr/sbin to the path. PATH=/usr/bin:/bin:/sbin:/usr/sbin 0-59/5 * * * * /usr/local/bro/bin/broctl cron Tyler On 02/16/2010 02:41 PM, Tyler Schoenke wrote: > I just installed Bro on Linux, CentOS 5.3 x86_64, and am getting this > error message when Bro tries to restart from cron. I can start Bro fine > from the command line. Any ideas? > > Subject: Cron /usr/local/bro/bin/broctl cron > Content-Type: text/plain; charset=UTF-8 > Auto-Submitted: auto-generated > X-Cron-Env: > X-Cron-Env: > X-Cron-Env: > X-Cron-Env: > X-Cron-Env: > > error: script must be run on manager node > > From hall.692 at osu.edu Tue Feb 16 20:12:25 2010 From: hall.692 at osu.edu (Seth Hall) Date: Tue, 16 Feb 2010 23:12:25 -0500 Subject: [Bro] SQL usage in Bro In-Reply-To: <201002141825.o1EIPoOd007481@pork.ICSI.Berkeley.EDU> References: <201002141825.o1EIPoOd007481@pork.ICSI.Berkeley.EDU> Message-ID: <40898DC8-F327-4988-B210-3C9B105A9EF4@osu.edu> On Feb 14, 2010, at 1:25 PM, Vern Paxson wrote: >> global bad_urls: set[string] &add_func=function(val: string) { event >> db_log("bad_urls", [$url=val]); }; > > Yeah, that was just the approach I was thinking of too while catching > up on this thread. (Well, maybe tweaked slightly so that the > &add_func > function returns the value to *actually* put in the set, if any.) Ah, I'm glad you mentioned this. I would really like to see &add_func work more similarly to &expire_func. The function given to &add_func would return a bool to allow or prevent an item from being added to the table/set. It would make it so that a script developer wouldn't have to anticipate all of the situations where someone using their script would want to exclude data from a table or set. The table or set would just have to be declared with &redef so that a user could add their own &add_func. Is there a better example for returning the value to be put into the set? I can't think of any situations when I'd use that. .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From robin at icir.org Tue Feb 16 20:25:05 2010 From: robin at icir.org (Robin Sommer) Date: Tue, 16 Feb 2010 20:25:05 -0800 Subject: [Bro] error: script must be run on manager node In-Reply-To: <4B7B1116.8050504@colorado.edu> References: <4B7B1116.8050504@colorado.edu> Message-ID: <20100217042505.GC54021@icir.org> On Tue, Feb 16, 2010 at 14:41 -0700, you wrote: > I just installed Bro on Linux, CentOS 5.3 x86_64, and am getting this > error message when Bro tries to restart from cron. I can start Bro fine > from the command line. Any ideas? Hmmm ... Don't know. If you want to dig through the code, the logic for that is in the function isLocal() in BroControl/execute.py. It runs the script bin/local-interfaces to find the local IPs addresses. > On a sidenote, I switched from using the BPF filer within Bro to using > Click! to distribute the traffic, and the eight workers are now showing > a 6-12% drop rate down from 40-50% drop rate. Cool! Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From vern at icir.org Tue Feb 16 20:27:38 2010 From: vern at icir.org (Vern Paxson) Date: Tue, 16 Feb 2010 20:27:38 -0800 Subject: [Bro] SQL usage in Bro In-Reply-To: <40898DC8-F327-4988-B210-3C9B105A9EF4@osu.edu> (Tue, 16 Feb 2010 23:12:25 EST). Message-ID: <201002170427.o1H4RcjK025389@pork.ICSI.Berkeley.EDU> > Is there a better example for returning the value to be put into the > set? I can't think of any situations when I'd use that. Me neither. But perhaps your version could be add_func_pred, just so we preserve the possibility? Vern From JAzoff at uamail.albany.edu Wed Feb 17 05:44:00 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Wed, 17 Feb 2010 08:44:00 -0500 Subject: [Bro] error: script must be run on manager node In-Reply-To: <20100217042505.GC54021@icir.org> References: <4B7B1116.8050504@colorado.edu> <20100217042505.GC54021@icir.org> Message-ID: <20100217134359.GD10245@datacomm.albany.edu> On Tue, Feb 16, 2010 at 08:25:05PM -0800, Robin Sommer wrote: > > On Tue, Feb 16, 2010 at 14:41 -0700, you wrote: > > > I just installed Bro on Linux, CentOS 5.3 x86_64, and am getting this > > error message when Bro tries to restart from cron. I can start Bro fine > > from the command line. Any ideas? > > Hmmm ... Don't know. If you want to dig through the code, the logic > for that is in the function isLocal() in BroControl/execute.py. It > runs the script bin/local-interfaces to find the local IPs > addresses. I fixed the same problem a while back.. The issue is that local-interfaces tries to run ifconfig which is not in the current PATH. -- -- Justin Azoff -- Network Security & Performance Analyst From vgarramone at gmail.com Wed Feb 17 08:10:52 2010 From: vgarramone at gmail.com (V. Garramone) Date: Wed, 17 Feb 2010 09:10:52 -0700 Subject: [Bro] Modifying Report (Log Rotation?) Schedule + General Config Options Message-ID: Hello All, This is probably trivial, but I'm having a bit of trouble... On a default 1.5.1 install, I'm getting summary and alert emails every 12 hours (at noon and midnight). In the documentation, it looks like this should only be happening once a day by default, and that it's tied to log rotation duties. Where/how can I modify this frequency? A larger question, what happened to all of the options from 1.4 that could be set in bro.cfg? Are they all the same, and can I just add the variable/value pairs I need to override into broctl.cfg? Thanks a million, -- Vinnie -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100217/7ac0ef63/attachment.html From robin at icir.org Wed Feb 17 08:38:39 2010 From: robin at icir.org (Robin Sommer) Date: Wed, 17 Feb 2010 08:38:39 -0800 Subject: [Bro] Bro bug tracker currently offline In-Reply-To: <1266027231.19580.618.camel@localhost.localdomain> References: <1266027231.19580.618.camel@localhost.localdomain> Message-ID: <20100217163839.GG76190@icir.org> On Fri, Feb 12, 2010 at 18:13 -0800, Christian Kreibich wrote: > We're upgrading our systems. Sorry for any inconvenience caused. Upgrade is done and the tracker up and running again. Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From robin at icir.org Wed Feb 17 08:51:08 2010 From: robin at icir.org (Robin Sommer) Date: Wed, 17 Feb 2010 08:51:08 -0800 Subject: [Bro] Modifying Report (Log Rotation?) Schedule + General Config Options In-Reply-To: References: Message-ID: <20100217165108.GB80358@icir.org> On Wed, Feb 17, 2010 at 09:10 -0700, you wrote: > On a default 1.5.1 install, I'm getting summary and alert emails every 12 These are indeed send out twice day per default. The intervals are set in {standalone,cluster-manager}.rotate-logs.bro and {standalone,cluster-manager}.mail-alarms.bro. Don't change them there directly but use similar redef's as these scripts do. > A larger question, what happened to all of the options from 1.4 that could > be set in bro.cfg? They are gone (sorry). The old bro.cfg and new broctl.cfg are completely separate frameworks, broctl has been written from scratch. broctl's README.html has a complete list of option that broctl.cfg supports. If you find anything missing, please file a feature request with tracker.icir.org. Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From brad.doctor at gmail.com Thu Feb 18 15:25:30 2010 From: brad.doctor at gmail.com (Brad Doctor) Date: Thu, 18 Feb 2010 16:25:30 -0700 Subject: [Bro] Any known issues with Chelsio 10G cards? Message-ID: The same binary, same rule set that works on other servers, is producing a crazy amount of data in the weird.log, for example: 1266535212.661919 : truncated_IP Yet nothing in any other log, regardless of what interface I am monitoring. Snort on the same box, watching the same interfaces, works fine. The MTU is 9216, but the same happens at 1512 as well. Also using PF_RING, but that isn't unusual in my environment. Any help is appreciated - thanks! -brad -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100218/1584d6b3/attachment.html From mccreary at ucar.edu Sat Feb 20 07:17:35 2010 From: mccreary at ucar.edu (Sean McCreary) Date: Sat, 20 Feb 2010 08:17:35 -0700 Subject: [Bro] internal error: unknown msg type 101 in Poll() Message-ID: <4B7FFD0F.2060403@ucar.edu> I have been seeing several crashes per day due to 'internal error: unknown msg type 101 in Poll()' in the manager process of a bro cluster handling ~2.5 Gb/s of traffic. Here is a typical stack trace: > Program terminated with signal 6, Aborted. > #0 0x000000080158ef6c in kill () from /lib/libc.so.6 > #0 0x000000080158ef6c in kill () from /lib/libc.so.6 > #1 0x000000080158ddfd in abort () from /lib/libc.so.6 > #2 0x000000000040b329 in internal_error () at SSLInterpreter.cc:31 > #3 0x000000000050efde in RemoteSerializer::InternalCommError (this=0x8fd3, > msg=0x8fd3
) at RemoteSerializer.cc:2714 > #4 0x000000000051668b in RemoteSerializer::Poll (this=0x7cb7e0, > may_block=false) at RemoteSerializer.cc:1477 > #5 0x0000000000516c83 in RemoteSerializer::NextTimestamp (this=0x7cb7e0, > local_network_time=0x7fffffffe330) at RemoteSerializer.cc:1294 > #6 0x00000000004d6575 in IOSourceRegistry::FindSoonest (this=0x79a310, > ts=0x7fffffffe518) at stl_list.h:131 > #7 0x00000000004f2df3 in net_run () at Net.cc:509 > #8 0x0000000000408938 in main (argc=36152552, argv=0x0) at main.cc:999 This seems to be the same problem as ticket #203. Robin's comment (see suggests this may be caused by high system load, but that doesn't seem to be the case. To check this, I have set up two clusters fed by the same input traffic. The first is a cluster of seven machines with a single bro instance running on each. The cluster has four workers, two proxies, and the manager node. In broctl, 'top' rarely reports CPU utilization over 10% for any node, and memory consumption is typically < 250 MB per process. The manager process in this cluster crashes several times per day. The second cluster is just one machine: a dual quad-core Xeon system with 16 GB of RAM. It is running six instances of bro: four workers each listening to a different network interface, one proxy, and one manager. CPU utilization is often ~50% on the workers, and as high as 20% on the manager. Although 'netstats' reports more packet loss for this cluster, the manager does not crash. Is there some other line of investigation I should pursue? A single-machine Bro cluster won't handle much more traffic, so this isn't a useful workaround for the long term. From scampbell at lbl.gov Sat Feb 20 09:19:28 2010 From: scampbell at lbl.gov (Scott Campbell) Date: Sat, 20 Feb 2010 11:19:28 -0600 Subject: [Bro] internal error: unknown msg type 101 in Poll() In-Reply-To: <4B7FFD0F.2060403@ucar.edu> References: <4B7FFD0F.2060403@ucar.edu> Message-ID: <4B8019A0.9010105@lbl.gov> Just as a data point, we are seeing the same thing here at NERSC in a two machine cluster. Manager diag output looks like: > %broctl diag manager > [manager] > Could not find the frame base for "RemoteSerializer::InternalCommError(char const*)". > Cannot access memory at address 0x5 > ==== stderr.log > pcap bufsize = 2097152 > listening on em1 > 1266607176.728276 internal error: unknown msg type 101 in Poll() > /bro/share/broctl/scripts/run-bro: line 73: 5695 Abort trap: 6 (core dumped) nohup $tmpbro $@ > ==== stdout.log > > ==== .status > TERMINATED [internal_error] > > ==== No prof.log. > > bro.core > Core was generated by `bro'. > Program terminated with signal 6, Aborted. > #0 0x2870c017 in kill () from /lib/libc.so.7 > #0 0x2870c017 in kill () from /lib/libc.so.7 > #1 0x2870bf76 in raise () from /lib/libc.so.7 > #2 0x2870ab8a in abort () from /lib/libc.so.7 > #3 0x08051894 in internal_error () at SSLInterpreter.cc:30 > #4 0x08164d61 in RemoteSerializer::InternalCommError (this=) at RemoteSerializer.cc:2714 > #5 0x0816c68b in RemoteSerializer::Poll (this=0xbfbfe57c, may_block=116) at RemoteSerializer.cc:1478 > #6 0x0816c87b in RemoteSerializer::NextTimestamp (this=0x82df3c8, local_network_time=0xbfbfe7f8) at RemoteSerializer.cc:1294 > #7 0x08129a7b in IOSourceRegistry::FindSoonest (this=0x82b8f58, ts=0xbfbfe838) at IOSource.cc:61 > #8 0x081465ce in net_run () at Net.cc:509 > #9 0x0804fcef in main (argc=) at main.cc:999 The memory address is consistent across crashes. This is the stock 1.5.1 with the only "unusual" thing running on the system being Seth's policy scripts for DNS, SMTP and HTTP logging. thanks, scott On 2/20/10 9:17 AM, Sean McCreary wrote: > I have been seeing several crashes per day due to 'internal error: > unknown msg type 101 in Poll()' in the manager process of a bro cluster > handling ~2.5 Gb/s of traffic. Here is a typical stack trace: > >> Program terminated with signal 6, Aborted. >> #0 0x000000080158ef6c in kill () from /lib/libc.so.6 >> #0 0x000000080158ef6c in kill () from /lib/libc.so.6 >> #1 0x000000080158ddfd in abort () from /lib/libc.so.6 >> #2 0x000000000040b329 in internal_error () at SSLInterpreter.cc:31 >> #3 0x000000000050efde in RemoteSerializer::InternalCommError (this=0x8fd3, >> msg=0x8fd3
) at RemoteSerializer.cc:2714 >> #4 0x000000000051668b in RemoteSerializer::Poll (this=0x7cb7e0, >> may_block=false) at RemoteSerializer.cc:1477 >> #5 0x0000000000516c83 in RemoteSerializer::NextTimestamp (this=0x7cb7e0, >> local_network_time=0x7fffffffe330) at RemoteSerializer.cc:1294 >> #6 0x00000000004d6575 in IOSourceRegistry::FindSoonest (this=0x79a310, >> ts=0x7fffffffe518) at stl_list.h:131 >> #7 0x00000000004f2df3 in net_run () at Net.cc:509 >> #8 0x0000000000408938 in main (argc=36152552, argv=0x0) at main.cc:999 > > This seems to be the same problem as ticket #203. Robin's comment (see > suggests this may be > caused by high system load, but that doesn't seem to be the case. > > To check this, I have set up two clusters fed by the same input traffic. > The first is a cluster of seven machines with a single bro instance > running on each. The cluster has four workers, two proxies, and the > manager node. In broctl, 'top' rarely reports CPU utilization over 10% > for any node, and memory consumption is typically < 250 MB per process. > The manager process in this cluster crashes several times per day. > > The second cluster is just one machine: a dual quad-core Xeon system > with 16 GB of RAM. It is running six instances of bro: four workers > each listening to a different network interface, one proxy, and one > manager. CPU utilization is often ~50% on the workers, and as high as > 20% on the manager. Although 'netstats' reports more packet loss for > this cluster, the manager does not crash. > > Is there some other line of investigation I should pursue? A > single-machine Bro cluster won't handle much more traffic, so this isn't > a useful workaround for the long term. > _______________________________________________ > Bro mailing list > bro at bro-ids.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro -- We must be careful not to confuse data with the abstractions we use to analyze them. William James (1842-1910) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100220/d072cd70/attachment.bin From hall.692 at osu.edu Sat Feb 20 10:48:02 2010 From: hall.692 at osu.edu (Seth Hall) Date: Sat, 20 Feb 2010 13:48:02 -0500 Subject: [Bro] internal error: unknown msg type 101 in Poll() In-Reply-To: <4B7FFD0F.2060403@ucar.edu> References: <4B7FFD0F.2060403@ucar.edu> Message-ID: <21398958-20C5-418D-94AC-9A4B3CA96CD4@osu.edu> On Feb 20, 2010, at 10:17 AM, Sean McCreary wrote: > I have been seeing several crashes per day due to 'internal error: > unknown msg type 101 in Poll()' in the manager process of a bro > cluster > handling ~2.5 Gb/s of traffic. Here is a typical stack trace: Try two things. 1. Apply this patch... http://tracker.icir.org/bro/ticket/220#comment:13 2. Add the following to your local.bro script: redef notice_action_filters += { [Weird::ContentGap] = ignore_notice, [Weird::AckAboveHole] = ignore_notice, }; redef suppress_notice_actions += { Weird::ContentGap, Weird::AckAboveHole, }; Hopefully those will help. There are bugs buried deeper in some of that code, but those two changes should help to mitigate them on cluster deployments. Let me know how it goes. .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From robin at icir.org Sun Feb 21 10:53:02 2010 From: robin at icir.org (Robin Sommer) Date: Sun, 21 Feb 2010 10:53:02 -0800 Subject: [Bro] internal error: unknown msg type 101 in Poll() In-Reply-To: <4B7FFD0F.2060403@ucar.edu> References: <4B7FFD0F.2060403@ucar.edu> Message-ID: <20100221185302.GA88465@icir.org> On Sat, Feb 20, 2010 at 08:17 -0700, Sean McCreary wrote: > To check this, I have set up two clusters fed by the same input traffic. That's is interesting. Thanks for comparing the two setups. I've seen this problem myself so far only when one of the systems appeared to be under too much load or crashed for some other reason. However, in that case it was then *not* the node with the overload reporting the 101 message, but (I think) always manager or proxy. Therefore, I've been thinking that this message is the result of manager/proxy not being able to deal nicely with other nodes having trouble. But it seems in your tests, none of the other systems showed any kind of unusual behaviour, is that right? To fix this, I'll need some way of reliably reproducing it. I haven't actually seen it myself in a while now. I should build some similar test setup over here I guess. Robin P.S.: Can you send me remote.logs from your setups, ideally one with a crash from the first cluster and the other from the second without a crash, both for (roughly) the same time interval. -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org From mccreary at ucar.edu Sun Feb 21 12:00:07 2010 From: mccreary at ucar.edu (Sean McCreary) Date: Sun, 21 Feb 2010 13:00:07 -0700 Subject: [Bro] internal error: unknown msg type 101 in Poll() In-Reply-To: <20100221185302.GA88465@icir.org> References: <4B7FFD0F.2060403@ucar.edu> <20100221185302.GA88465@icir.org> Message-ID: <4B8190C7.5070407@ucar.edu> Robin Sommer wrote: > On Sat, Feb 20, 2010 at 08:17 -0700, Sean McCreary wrote: >> To check this, I have set up two clusters fed by the same input traffic. It seems that the single machine Bro cluster also suffers from manager crashes, but much less often. Over the past 48 hours the manager in the 7-machine cluster has crashed 13 times, while the manager in the single-machine cluster has crashed twice. [...] > But it seems in your tests, none of the other systems showed any > kind of unusual behaviour, is that right? Yes, I have only seen the manager crash. In both clusters, the error has been the same. From estrada.veronica at gmail.com Mon Feb 22 04:07:56 2010 From: estrada.veronica at gmail.com (Veronica Estrada) Date: Mon, 22 Feb 2010 21:07:56 +0900 Subject: [Bro] BRO with MPLS + 802.1 Q vlan Message-ID: Hello, I need to process an .erf file with contains mpls packets encapsulated in 802.1 q vlan tunnels. How can I process it with BRO? Do I have to redefine any variable? Thanks in advance! Veronica Estrada Nakao's Laboratory The University of Tokyo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100222/7b117e42/attachment.html From hall.692 at osu.edu Mon Feb 22 05:09:45 2010 From: hall.692 at osu.edu (Seth Hall) Date: Mon, 22 Feb 2010 08:09:45 -0500 Subject: [Bro] BRO with MPLS + 802.1 Q vlan In-Reply-To: References: Message-ID: On Feb 22, 2010, at 7:07 AM, Veronica Estrada wrote: > I need to process an .erf file with contains mpls packets > encapsulated in 802.1 q vlan tunnels. How can I process it with BRO? > Do I have to redefine any variable? Bro doesn't support MPLS packets currently. Patches are welcome however. :) I can give you a hand stripping all of the additional headers off-list if you want. It's a little beyond the scope of this list. .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From powellsm at musc.edu Mon Feb 22 07:48:39 2010 From: powellsm at musc.edu (Powell, Scott) Date: Mon, 22 Feb 2010 10:48:39 -0500 Subject: [Bro] Bro Memory Consumtion Message-ID: Bro Gurus, I am having an issue with Bro and memory exhaustion. Currently I'm using click on a system with 8 x CPU cores to break up a network tap into three virtual interfaces (tap0, tap1 and tap2). I'm then running my Bro cluster on the same machine with a three workers operating on different CPU cores and virtual interfaces. The system has 16G of physical RAM. After running for about 24 hours or so all of the physical RAM is exhausted and Bro being to go after swap. I increased swap to 8GB but this is a never ending battle as Bro will eventually eat everything it can find and crash the system. How do I go about diagnosing which scripts/policies are causing this, or if it is an internal memory leak somewhere? I have seen references to reduce-memory.bro and profile.bro in some of the Wiki and or mailing list searches but these don't appear to be in the current 1.5.1 release. I am running a large number of scripts from Seth Hall's script repository in addition to the ones that are enabled by default. Below are the policies I'm loading in local.bro: @load alarm @load notice @load weird @load dpd @load detect-protocols @load detect-protocols-http @load dyn-disable @load inactivity @load dns @load dns-lookup @load finger @load frag @load ftp @load icmp @load hot @load http-request #@load http-reply @load ident @load irc @load irc-bot @load login @load ntp @load pop3 @load portmapper @load scan @load smtp @load ssh @load ssl @load synflood @load tcp @load tftp @load udp @load worm # Seth Hall Scripts @load dns-passive-replication @load http-identified-files redef HTTP::ignored_urls = /^http:\/\/(www\.download\.windowsupdate\.com)|(download\.windowsupdate\.com)|(au\.download\.windowsupdate\.com)|(download\.microsoft\.com)|(office\.microsoft\.com)\//; @load known-hosts @load known-services @load logging.dns-ext @load logging.ftp-ext @load logging.http-ext @load logging.smtp-ext @load logging.ssh-ext @load smtp-ext-count-rejects @load ssh-ext @load ssl-ext redef SSH::authentication_data_size = 4000; Thanks, Scott Powell Unix Systems Engineer / Information Security Analyst Office of the CIO - Information Systems (OCIO-IS) Medical University of South Carolina powellsm at musc.edu (843) 792-6651 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100222/317952cd/attachment.html From robin at icir.org Mon Feb 22 09:19:16 2010 From: robin at icir.org (Robin Sommer) Date: Mon, 22 Feb 2010 09:19:16 -0800 Subject: [Bro] BRO with MPLS + 802.1 Q vlan In-Reply-To: References: Message-ID: <20100222171916.GG90265@icir.org> On Mon, Feb 22, 2010 at 08:09 -0500, Seth Hall wrote: > Bro doesn't support MPLS packets currently. Patches are welcome > however. :) I have one for MPLS actually, it's attached. However, it is old and hasn't seen much testing, which is why it never made it into the distribution. It may also not apply cleanly anymore. The patch adds a new option "mpls_link" that needs to be redefed to true. Robin -- Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org -------------- next part -------------- Index: NetVar.h =================================================================== --- NetVar.h (revision 4921) +++ NetVar.h (working copy) @@ -53,6 +53,7 @@ extern int encap_hdr_size; extern int udp_tunnel_port; +extern int mpls_link; extern double frag_timeout; Index: NetVar.cc =================================================================== --- NetVar.cc (revision 4921) +++ NetVar.cc (working copy) @@ -50,6 +50,7 @@ int encap_hdr_size; int udp_tunnel_port; +int mpls_link; double frag_timeout; @@ -337,6 +338,8 @@ encap_hdr_size = opt_internal_int("encap_hdr_size"); udp_tunnel_port = opt_internal_int("udp_tunnel_port") & ~UDP_PORT_MASK; + + mpls_link = opt_internal_int("mpls_link"); frag_timeout = opt_internal_double("frag_timeout"); Index: bro.bif =================================================================== --- bro.bif (revision 4921) +++ bro.bif (working copy) @@ -716,6 +716,11 @@ return map_conn_type(p->PortType()); %} +function get_port_number%(p: port%): count + %{ + return new Val(p->Port(), TYPE_COUNT); + %} + function current_time%(%): time %{ return new Val(current_time(), TYPE_TIME); Index: PktSrc.cc =================================================================== --- PktSrc.cc (revision 4921) +++ PktSrc.cc (working copy) @@ -204,16 +204,73 @@ current_timestamp = next_timestamp; + int pkt_hdr_size = hdr_size; + + // MPLS decapsulation. + if ( mpls_link ) + { + // Unfortunately some packets on the link might have MPLS labels + // while others don't. That means we need to ask the link-layer if + // labels are in place. + // + // We only support MPLS over DLT_PPP_SERIAL links currently. + // DLT_PPP_SERIAL is "HDLC-like framing for PPP encapsulated packets" + // (RFC 1662). + bool have_mpls = false; + switch ( datalink ) { + case 0x32: // PPP_SERIAL + { + // Skip "HDLC-like" frame (per RFC 1662, 3.1. Note that the + // flags don't show up in our input.) + data += 2; + + // Get PPP protocol. + int protocol = (data[0] << 8) + data[1]; + + if ( protocol == 0x0281 ) + // MPLS Unicast + have_mpls = true; + else if ( protocol != 0x0021 && protocol != 0x0057 ) + { + // Neither IPv4 nor IPv6. + sessions->Weird("non_ip_packet_in_ppp_encapsulation", &hdr, data); + data = 0; + return; + } + + // Skip protocol field. + data += 2; + break; + } + + default: + error(fmt("link-layer %d not supported for MPLS traffic", datalink)); + } + + if ( have_mpls ) + { + // Skip the MPLS label stack. + bool end_of_stack = false; + while ( ! end_of_stack ) + { + end_of_stack = *(data + 2) & 0x01; + data += 4; + } + } + + pkt_hdr_size = 0; + } + if ( pseudo_realtime ) { current_pseudo = CheckPseudoTime(); - net_packet_arrival(current_pseudo, &hdr, data, hdr_size, this); + net_packet_arrival(current_pseudo, &hdr, data, pkt_hdr_size, this); if ( ! first_wallclock ) first_wallclock = current_time(true); } else - net_packet_arrival(current_timestamp, &hdr, data, hdr_size, this); + net_packet_arrival(current_timestamp, &hdr, data, pkt_hdr_size, this); data = 0; } @@ -437,6 +494,11 @@ if ( PrecompileFilter(0, filter) && SetFilter(0) ) { SetHdrSize(); + + if ( closed ) + // Couldn't get header size. + return; + fprintf(stderr, "listening on %s\n", interface); } else @@ -458,6 +520,10 @@ { SetHdrSize(); + if ( closed ) + // Couldn't get header size. + return; + #ifdef USE_SELECT_LOOP // We don't put file sources into non-blocking mode as // otherwise we would not be able to identify the EOF @@ -683,6 +749,9 @@ return 16; #endif + case 0x32: // PPP_SERIAL + return 4; + case DLT_RAW: return 0; } From JAzoff at uamail.albany.edu Mon Feb 22 10:43:20 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Mon, 22 Feb 2010 13:43:20 -0500 Subject: [Bro] Bro Memory Consumtion In-Reply-To: References: Message-ID: <20100222184320.GX10245@datacomm.albany.edu> On Mon, Feb 22, 2010 at 10:48:39AM -0500, Powell, Scott wrote: > Bro Gurus, > > I am having an issue with Bro and memory exhaustion. Currently I'm using > click on a system with 8 x CPU cores to break up a network tap into three > virtual interfaces (tap0, tap1 and tap2). I'm then running my Bro cluster on > the same machine with a three workers operating on different CPU cores and > virtual interfaces. The system has 16G of physical RAM. After running for > about 24 hours or so all of the physical RAM is exhausted and Bro being to go > after swap. I increased swap to 8GB but this is a never ending battle as Bro > will eventually eat everything it can find and crash the system. I'm having a similar problem, but it usually takes about 4 days to get that bad here. I've been considering just going back to restarting bro every day in the middle of the night like I used to. I used to do that before I installed broctl, as it was the easiest way to rotate the logs every day. > redef HTTP::ignored_urls = /^http:\/\/(www\.download\.windowsupdate\.com)|(download\.windowsupdate\.com)|(au\.download\.windowsupdate\.com)|(download\.microsoft\.com)|(office\.microsoft\.com)\//; FYI, I don't think that regex matches what you think it does.. the way the |'s are positioned it matches: /^http:\/\/(www\.download\.windowsupdate\.com) | (download\.windowsupdate\.com) | (au\.download\.windowsupdate\.com) | (download\.microsoft\.com) | (office\.microsoft\.com)\//; Basically you have /^http:\/\/(site)|(site)|(site)|(site)\//; You want something like this: /^http:\/\/(site|site|site|site)\//; -- -- Justin Azoff -- Network Security & Performance Analyst -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100222/007e1adf/attachment.bin From mccreary at ucar.edu Mon Feb 22 11:42:54 2010 From: mccreary at ucar.edu (Sean McCreary) Date: Mon, 22 Feb 2010 12:42:54 -0700 Subject: [Bro] internal error: unknown msg type 101 in Poll() In-Reply-To: <21398958-20C5-418D-94AC-9A4B3CA96CD4@osu.edu> References: <4B7FFD0F.2060403@ucar.edu> <21398958-20C5-418D-94AC-9A4B3CA96CD4@osu.edu> Message-ID: <4B82DE3E.3070307@ucar.edu> On 20/02/10 11:48, Seth Hall wrote: > On Feb 20, 2010, at 10:17 AM, Sean McCreary wrote: > >> I have been seeing several crashes per day due to 'internal error: >> unknown msg type 101 in Poll()' in the manager process of a bro >> cluster >> handling ~2.5 Gb/s of traffic. Here is a typical stack trace: > > > Try two things. > > 1. Apply this patch... > http://tracker.icir.org/bro/ticket/220#comment:13 > > 2. Add the following to your local.bro script: > redef notice_action_filters += { > [Weird::ContentGap] = ignore_notice, > [Weird::AckAboveHole] = ignore_notice, > }; > redef suppress_notice_actions += { > Weird::ContentGap, > Weird::AckAboveHole, > }; Thanks for the suggestions. If I'm understanding correctly, the policy changes should help prevent load spikes from missing packets in the captured traffic. Since I am capturing traffic that includes flows that exceed 1 Gb/s, the workers will see periods of heavy load that are missing a lot of packets. Tweaking small_timeout down should also help prevent buffer overruns during a period of heavy load, at the cost of increasing the overall system load. Will these changes affect Bro in other ways as well? From hall.692 at osu.edu Mon Feb 22 12:31:36 2010 From: hall.692 at osu.edu (Seth Hall) Date: Mon, 22 Feb 2010 15:31:36 -0500 Subject: [Bro] internal error: unknown msg type 101 in Poll() In-Reply-To: <4B82DE3E.3070307@ucar.edu> References: <4B7FFD0F.2060403@ucar.edu> <21398958-20C5-418D-94AC-9A4B3CA96CD4@osu.edu> <4B82DE3E.3070307@ucar.edu> Message-ID: <23BADE6A-A25C-4B01-A447-541C919B78A3@osu.edu> On Feb 22, 2010, at 2:42 PM, Sean McCreary wrote: > Thanks for the suggestions. If I'm understanding correctly, the > policy > changes should help prevent load spikes from missing packets in the > captured traffic. Since I am capturing traffic that includes flows > that > exceed 1 Gb/s, the workers will see periods of heavy load that are > missing a lot of packets. It should prevent spikes in the number of events that your workers are sending to your manager which should help. There are some problems with the pipes between the parent (the real worker) and child (communication) processes being filled and causing other strange issues. I used to see this exact problem, but it has been a fairly long time. If you can try and reduce the number of events your manager is receiving that should help to mitigate the problem until the root problem is found. > Tweaking small_timeout down should also help prevent buffer overruns > during a period of heavy load, at the cost of increasing the overall > system load. Will these changes affect Bro in other ways as well? I think that increased system load should be the only change, but you won't actually see a change in cpu usage if you're running this on an active cluster. The only time you should see any difference is if you are running Bro that isn't seeing any activity. I'll leave it up to Robin or Vern to say for sure though. :) .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721 From Tyler.Schoenke at colorado.edu Mon Feb 22 12:39:45 2010 From: Tyler.Schoenke at colorado.edu (Tyler Schoenke) Date: Mon, 22 Feb 2010 13:39:45 -0700 Subject: [Bro] internal error: unknown msg type 101 in Poll() In-Reply-To: <4B8019A0.9010105@lbl.gov> References: <4B7FFD0F.2060403@ucar.edu> <4B8019A0.9010105@lbl.gov> Message-ID: <4B82EB91.1020101@colorado.edu> On 02/20/2010 10:19 AM, Scott Campbell wrote: > This is the stock 1.5.1 with the only "unusual" thing running on the > system being Seth's policy scripts for DNS, SMTP and HTTP logging. FYI, I tested it, with a vanilla config, i.e. nothing but the stock scripts, and was getting the 101 Poll message. I just migrated my cluster from FreeBSD to Linux, and the error seems to be happening slightly more often on Linux. I just tried Seth's suggestions about filtering ContentGap and AckAboveHole, and it has been quiet for the last couple hours. I had been noticing the error more often during our peak times, so I should see crashes right now. My second proxy seems to be crashing a bit more often after implementing the filter, but it is on a machine with only 4 GB of RAM, so it is using up all of the physical memory. Tyler From JAzoff at uamail.albany.edu Mon Feb 22 13:16:07 2010 From: JAzoff at uamail.albany.edu (Justin Azoff) Date: Mon, 22 Feb 2010 16:16:07 -0500 Subject: [Bro] internal error: unknown msg type 101 in Poll() In-Reply-To: <4B82EB91.1020101@colorado.edu> References: <4B7FFD0F.2060403@ucar.edu> <4B8019A0.9010105@lbl.gov> <4B82EB91.1020101@colorado.edu> Message-ID: <20100222211607.GA10245@datacomm.albany.edu> On Mon, Feb 22, 2010 at 01:39:45PM -0700, Tyler Schoenke wrote: > I just tried Seth's suggestions about filtering ContentGap and > AckAboveHole, and it has been quiet for the last couple hours. I ran into general load issues when I switched to running a single node cluster.. I traced it back to the same problem with ContentGap and AckAboveHole.. I also ignored Weird::WeirdActivity, which helped too. If I ran capstats on the 'lo' interface, I would see Bro doing about 10mbps and a few thousand packets/sec for what seemed like no reason. After ignoring those two event types lo now has under .1 mbps and about 20 packets/sec. -- -- Justin Azoff -- Network Security & Performance Analyst From mccreary at ucar.edu Mon Feb 22 14:37:04 2010 From: mccreary at ucar.edu (Sean McCreary) Date: Mon, 22 Feb 2010 15:37:04 -0700 Subject: [Bro] internal error: unknown msg type 101 in Poll() In-Reply-To: <20100222211607.GA10245@datacomm.albany.edu> References: <4B7FFD0F.2060403@ucar.edu> <4B8019A0.9010105@lbl.gov> <4B82EB91.1020101@colorado.edu> <20100222211607.GA10245@datacomm.albany.edu> Message-ID: <4B830710.5050309@ucar.edu> On 22/02/10 14:16, Justin Azoff wrote: > On Mon, Feb 22, 2010 at 01:39:45PM -0700, Tyler Schoenke wrote: >> I just tried Seth's suggestions about filtering ContentGap and >> AckAboveHole, and it has been quiet for the last couple hours. > > I ran into general load issues when I switched to running a single node > cluster.. I traced it back to the same problem with ContentGap and > AckAboveHole.. I also ignored Weird::WeirdActivity, which helped too. > > If I ran capstats on the 'lo' interface, I would see Bro doing about 10mbps and > a few thousand packets/sec for what seemed like no reason. After ignoring > those two event types lo now has under .1 mbps and about 20 packets/sec. FWIW, I've also observed a significant decrease in CPU load on the manager parent process as displayed by 'broctl top'. The workers still report high utilization, but the manager seems to be largely unaffected. Without Seth's policy changes in local.bro I would see a spike in CPU load on the manager whenever any worker was under heavy load. From estrada.veronica at gmail.com Tue Feb 23 23:37:48 2010 From: estrada.veronica at gmail.com (Veronica Estrada) Date: Wed, 24 Feb 2010 16:37:48 +0900 Subject: [Bro] BRO with MPLS + 802.1 Q vlan In-Reply-To: <20100222171916.GG90265@icir.org> References: <20100222171916.GG90265@icir.org> Message-ID: Thanks everyone for the fast answer. I patched bro with the file that Robin sent me but I cannot make it works. I have two questions. 1) The patch says " We only support MPLS over DLT_PPP_SERIAL links currently." What should I modify if I want to analyze MPLS over 802.1Q/Ethernet? The protocol hierarchy seen in my data is: Frame -Ethernet --802.1Q Virtual LAN ---Internet Protocol ----TCP ----UDP ----Data ---MPLS ----TCP ----UDP ----Data ----ICMP --Short Frame 2) When I run bro using the patch I run bro using this option have_mpls="T" but I get , line 1 (have_mpls): error, "redef" used but not previously defined Where should I redefine this variable or should I load any special filter? Veronica Estrada Nakao's Laboratory The University of Tokyo On Tue, Feb 23, 2010 at 2:19 AM, Robin Sommer wrote: > > On Mon, Feb 22, 2010 at 08:09 -0500, Seth Hall wrote: > > > Bro doesn't support MPLS packets currently. Patches are welcome > > however. :) > > I have one for MPLS actually, it's attached. However, it is old and > hasn't seen much testing, which is why it never made it into the > distribution. It may also not apply cleanly anymore. > > The patch adds a new option "mpls_link" that needs to be redefed to > true. > > Robin > > -- > Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org > ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100224/ca3838d7/attachment.html From hall.692 at osu.edu Thu Feb 25 20:09:51 2010 From: hall.692 at osu.edu (Seth Hall) Date: Thu, 25 Feb 2010 23:09:51 -0500 Subject: [Bro] BRO with MPLS + 802.1 Q vlan In-Reply-To: References: <20100222171916.GG90265@icir.org> Message-ID: On Feb 24, 2010, at 2:37 AM, Veronica Estrada wrote: > Where should I redefine this variable or should I load any special > filter? I don't believe that patch is going to work for you because you're MPLS headers are within VLAN headers. Did you try my suggestion? As long as all of your packets have the same headers on them it should work. Looking at your protocol hierarchy though, it looks like not all of your packets have the mpls header. Is that right? Like I offered before though, I can get you setup with something that will strip all of the vlan and mpls headers where appropriate if you need it. .Seth --- Seth Hall Network Security - Office of the CIO The Ohio State University Phone: 614-292-9721