[Bro] array to BifEvent
Seth Hall
seth at icir.org
Fri Apr 20 21:37:51 PDT 2012
Most people should freely ignore this reply, Dina's asking about an internal detail about connecting protocol analyzers to the Bro script-land.
On Apr 20, 2012, at 8:15 PM, Dina Hadziosmanovic wrote:
> Here is my type definition:
>
> type X(len: uint16) = record {
> byteCount: uint8;
> registers: uint16[registerCount] &length = byteCount;
I assume you have some bit of code in a &let section you haven't included that is calling your BinPAC function after the 'X' unit is parsed?
> here is the function I want to call:
>
> function something( r: X): bool
> %{
You need to convert the C array into the Bro vector type manually. Something like this...
for ( unsigned int i = 0; i < ${r.registers}->size(); ++i )
{
uint16 register = ${r.registers}[i];
… build a VectorVal …
}
I probably have something about this code wrong, I just wanted to show that you have to convert C/C++ values into Bro values.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list