[Bro] string to address issue w/ is_v6_addr
Mike Dopheide
dopheide at gmail.com
Wed Apr 1 10:03:03 PDT 2015
This confused me for quite some time this morning so I thought I'd share.
The script should make it clear, but when attempting to take a url string
and test to see if it's a valid address, the output from to_addr creates a
'valid' ipv6 address.
Is that a requirement for some reason internally?
-Dop
http://try.bro.org/#/trybro/saved/1313
event bro_init() {
# is_v6_addr isn't giving the correct result because is_addr returns ::
# assume url extracted from http:// or ftp:// string via regex:
local url: string = "www.es.net";
if(is_v4_addr(to_addr(url))){
print fmt("hostname is v4 addr");
}else{
print fmt("hostname is not v4 addr");
}
if(is_v6_addr(to_addr(url))){
print fmt("hostname is v6 addr");
}else{
print fmt("hostname is not v6 addr");
}
print fmt("Why? %s",to_addr(url));
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150401/77d7f69b/attachment-0001.html
More information about the Bro
mailing list