[Bro] string to address issue w/ is_v6_addr

Wed Apr 1 10:03:03 PDT 2015

This confused me for quite some time this morning so I thought I'd share.
The script should make it clear, but when attempting to take a url string
and test to see if it's a valid address, the output from to_addr creates a
'valid' ipv6 address.

Is that a requirement for some reason internally?

-Dop

http://try.bro.org/#/trybro/saved/1313

event bro_init() {

    # is_v6_addr isn't giving the correct result because is_addr returns ::

    # assume url extracted from http:// or ftp:// string via regex:
    local url: string = "www.es.net";

    if(is_v4_addr(to_addr(url))){
        print fmt("hostname is v4 addr");
    }else{
        print fmt("hostname is not v4 addr");
    }

    if(is_v6_addr(to_addr(url))){
        print fmt("hostname is v6 addr");
    }else{
        print fmt("hostname is not v6 addr");
    }

    print fmt("Why? %s",to_addr(url));

}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150401/77d7f69b/attachment-0001.html 