[Bro] Implementing broping.c in broscript

James Hook jamesfhook at gmail.com
Thu Oct 10 14:01:28 PDT 2013 

Hi Seth,

I think I have got to the bottom of why I was getting the events going down
the connection. I think there is one (maybe two) reasons:

1) the event_peer class (not sure about this?)
in the broping.bro script I dumped the event_peer record in the
remote_event_registered handler.
from the C program it shows as "class=<uninitialized>"
from the bro script it comes through as "class="
I'm not sure whether this has any bearing on it, or whether "" and
"<uninitialized>" are treated as equals. Using bro_conn_set_class() from

2) firing events in "bro_init"
I rewrote bro_init() like this

event bro_init()
{
  event ping(current_time(),1);
  schedule 1 secs
     {
         ping(current_time(),1)
     };
}

i'm only seeing the event get fired once (the scheduled event). Could it be
that the event firing plumbing isn't fully initialised before bro_init is
called?

Anyway, it seems to be working now. Thanks for your help
James



On 10 October 2013 19:05, Seth Hall <seth at icir.org> wrote:

>
> On Oct 10, 2013, at 12:59 PM, James Hook <jamesfhook at gmail.com> wrote:
>
> > redef Communication::nodes += {
> >      ["broping2"] = [$host = 127.0.0.1, $p = 47758/tcp, $events =
> /pong/, $connect=T, $ssl=F]
>
> It sounds like you want your Bro node to subscribe to ping events since
> that's what your broccoli application is sending.  If you have it listening
> for pong, the C application might send the ping event, but Bro won't listen
> to it since it's only listening for pong events.
>
> You could even make Bro listen for all events like this (not recommended
> for anything other than testing)…
>
> >      ["broping2"] = [$host = 127.0.0.1, $p = 47758/tcp, $events = /.*/,
> $connect=T, $ssl=F]
>
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131010/b6012b66/attachment.html

More information about the Bro mailing list