[Bro] error when defining an enumerated data type

Daniel Thayer dnthayer at illinois.edu
Fri Aug 14 10:18:10 PDT 2015 

In the reference documentation for type "port", it mentions you can
use function "get_port_transport_proto" to obtain the protocol type of
a port.  If you look at the reference documentation for that function,
you can see it returns something of type "transport_proto".
If you look at the reference documentation for type "transport_proto",
you can see it's the enum type that you mentioned.

Now that you know the type, you can declare a local variable like this:

event bro_init()
{
   local x: transport_proto = tcp;
   print x;
}


On 08/14/2015 12:06 PM, Earl Eiland wrote:
> I looked at that.  It covers enumerated data types in general, and the port type.  The port type includes both the port # and protocol.   It also covers how to extract the protocol from the port type with the function get_port_transport_proto.  However, there's nothing on the protocol type's label.
>
> -----Original Message-----
> From: Daniel Thayer [mailto:dnthayer at illinois.edu]
> Sent: Friday, August 14, 2015 11:58 AM
> To: Earl Eiland <earl.eiland at root9b.com>; bro at bro.org
> Subject: Re: [Bro] error when defining an enumerated data type
>
> There is some reference documentation here:
> https://www.bro.org/sphinx/script-reference/index.html
>
>
> On 08/14/2015 11:50 AM, Earl Eiland wrote:
>> Bro has an enumerated type for layer 3 protocols:  enum { tcp, udp,
>> icmp, unknown }.  I want to create a variable with this type, but
>> haven’t found the label in the documentation.  Where do I find such
>> information?  I tried defining my own enumerated data type, but that
>> generates the error ”identifier or enumerator value in enumerated type
>> definition already exists”.
>>
>> Best Regards,
>>
>> Earl Eiland,
>>
>> Sr. Cyber Security Engineer,
>>
>> Emerging Technologies, root9B,
>>
>> San Antonio, Texas
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity named.  If you
>> are not the named addressee you are notified that disclosing, copying,
>> distributing or taking any action in reliance on the contents of this
>> information is strictly prohibited.  Please notify the sender
>> immediately by email if you received this email in error and delete
>> this email from your system. Any views or opinions presented in this
>> e-mail are solely those of the author and do not necessarily represent
>> those of root9B LLC.​
>>
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>

More information about the Bro mailing list