[Bro] Bro - Broccoli Data Type Mismatch issue
Vishak Muthukumar
vmuthu at ucdavis.edu
Thu Oct 10 10:20:02 PDT 2013
The issue is solved,
I needed to do typecasting to receive the correct IP address -
The broccoli script is --
static void bro_pong(BroConn *conn,void *data,BroAddr *address)
{
char addr[INET6_ADDRSTRLEN];
inet_ntop(AF_INET, address->addr + 3, addr, INET6_ADDRSTRLEN);
printf("Received bro_address%s\n", addr);
}
Thanks for your help.
Vishak
On Wed, Oct 9, 2013 at 11:11 AM, Vishak Muthukumar <vishakm92 at gmail.com>wrote:
> I understand that the datatype vector is not supported now. But I can't
> even send IP address from Bro to broccoli.
>
> This is the brocooli script --
>
> static void bro_pong(void *data,BroConn *conn,BroAddr *address)
> {
>
> int i;
> printf("\nAddress:");
> for(i=3;i>=0;i--)
> {
> printf("%"PRIu32"",address->addr[i]);
> }
> printf("\n");
>
>
> }
>
>
> int main(int argc, char **argv)
> {
> BroConn *bc;
> extern char *optarg;
> extern int optind;
> char hostname[512];
> int fd = -1;
>
> bro_init(NULL);
>
> bro_debug_calltrace = 0;
> bro_debug_messages = 0;
>
>
> snprintf(hostname, 512, "%s:%s", host_str, port_str);
>
> if (! (bc = bro_conn_new_str(hostname, BRO_CFLAG_RECONNECT |
> BRO_CFLAG_ALWAYS_QUEUE)))
> {
>
> printf("Could not get Bro connection handle.\n");
> exit(-1);
> }
>
>
>
> void *data;
> data=malloc(300);
>
> bro_event_registry_add(bc, "pong", (BroEventFunc) bro_pong,data);
> bro_event_registry_request (bc);
>
>
> if (! bro_conn_connect(bc))
> {
> printf("Could not connect to Bro at %s:%s.\n", host_str,
> port_str);
> exit(-1);
> }
>
> for ( ; ; )
> {
> BroEvent *ev;
>
> bro_conn_process_input(bc);
>
> #ifdef __MINGW32__
> sleep(1000);
> #else
> sleep(1);
> #endif
> }
>
> /* Disconnect from Bro and release state. */
> bro_conn_delete(bc);
> return 0;
> }
>
> The correseponding BRO script --
>
> module State;
> @load base/protocols/modbus
>
>
> export {
> # Create an ID for our new stream. By convention, this is
> # called "LOG".
> redef enum Log::ID += { LOG };
> }
>
> # Let's make sure we use the same port no matter whether we use encryption
> or not:
> redef Communication::listen_port = 47758/tcp;
>
> # Redef this to global flag: count=0;T if you want to use SSL.
> redef Communication::listen_ssl = F;
>
> global dstg:addr;
> global pong: event(address: addr);
>
> redef Communication::nodes += {
> ["broping"] = [$host = 127.0.0.1, $events = /ping/, $connect=F,
> $ssl=F]
> };
>
> event modbus_read_holding_registers_response(c: connection, headers:
> ModbusHeaders, registers: ModbusRegisters)
> {
> dstg=c$id$resp_h;
> print "IP-",dstg;
> event pong(dstg);
> }
>
> In the Bro script I receive the IP address displayed in the console.
> But in the broccoli, I see junk values.
>
> Hope I made myself clear this time.
>
> Thanks
>
> Vishak
>
>
> On Wed, Oct 9, 2013 at 9:50 AM, Seth Hall <seth at icir.org> wrote:
>
>>
>> On Oct 7, 2013, at 1:45 PM, Vishak Muthukumar <vishakm92 at gmail.com>
>> wrote:
>>
>> > global pong: event(reg: vector of count, ipaddr: addr);
>> <snip>
>> > static void bro_pong(BroConn *conn,void *data,BroRecord *rec,BroAddr
>> *address)
>>
>> I'm not completely sure that Vectors are supported as values in broccoli.
>> From my quick glance it looks like they're an unsupported but you can't
>> just treat them like a record like you are doing. There may be other
>> problems, but I noticed that immediately. You also aren't showing us any
>> code where you are subscribing to events with broccoli so I can't even be
>> sure you are doing that correctly.
>>
>> .Seth
>>
>> --
>> Seth Hall
>> International Computer Science Institute
>> (Bro) because everyone has a network
>> http://www.bro.org/
>>
>>
>
>
> --
>
> Vishak Muthukumar
>
> Graduate Student
>
> University of California, Davis
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131010/52fa0427/attachment.html
More information about the Bro
mailing list