[Bro] pybroker with 'optional' fields

Jeff Barber jbarber at computer.org
Tue May 19 10:54:10 PDT 2015


Jon,

That does seem to work at the top-most level (i.e. pkt_hdr). But then in
trying to break apart the next layer (ip_hdr), it doesn't. I get a seg
fault in the "vector_of_field" iterator.

With:
rec = p.as_record()
fields = rec.fields()
ip, ip6, tcp, udp, icmp = [f.get() if f.valid() else None for f in fields]
if ip is not None:
    fields = ip.as_record().fields()
    fields = [f for f in fields]

This happens in the last line:
Program received signal SIGSEGV, Segmentation fault.
0xb76a1386 in broker::util::optional<broker::data>::optional
(this=0x846f688, other=...) at
/home/jbarber/src/bro/aux/broker/broker/util/optional.hh:84
84            { if ( other.is_valid ) create(other.value); }
(gdb) bt
#0  0xb76a1386 in broker::util::optional<broker::data>::optional
(this=0x846f688, other=...) at
/home/jbarber/src/bro/aux/broker/broker/util/optional.hh:84
#1  0xb7704471 in swig::traits_from<broker::util::optional<broker::data>
>::from (val=...)
    at
/home/jbarber/src/bro/build/aux/broker/bindings/python/pybrokerPYTHON_wrap.cxx:3909
#2  0xb770419a in swig::from<broker::util::optional<broker::data> >
(val=...)
    at
/home/jbarber/src/bro/build/aux/broker/bindings/python/pybrokerPYTHON_wrap.cxx:3928
#3  0xb7703cc1 in swig::from_oper<broker::util::optional<broker::data>
>::operator() (this=0x84345a4, v=...)
    at
/home/jbarber/src/bro/build/aux/broker/bindings/python/pybrokerPYTHON_wrap.cxx:4481
#4  0xb77030ec in
swig::SwigPyIteratorClosed_T<__gnu_cxx::__normal_iterator<broker::util::optional<broker::data>*,
std::vector<broker::util::optional<broker::data>,
std::allocator<broker::util::optional<broker::data> > > >,
broker::util::optional<broker::data>,
swig::from_oper<broker::util::optional<broker::data> > >::value (
    this=0x8434598) at
/home/jbarber/src/bro/build/aux/broker/bindings/python/pybrokerPYTHON_wrap.cxx:4549
#5  0xb769f12c in swig::SwigPyIterator::next (this=0x8434598) at
/home/jbarber/src/bro/build/aux/broker/bindings/python/pybrokerPYTHON_wrap.cxx:3243
#6  0xb76358b2 in _wrap_SwigPyIterator_next (args=0xb77af38c) at
/home/jbarber/src/bro/build/aux/broker/bindings/python/pybrokerPYTHON_wrap.cxx:7044
#7  0x08156a91 in PyEval_EvalFrameEx ()
...
(gdb) print other
$1 = (const broker::util::optional<broker::data> &) @0x0: <error reading
variable>

With the maze of templates plus the swig stuff, it's difficult to follow
where things went south.

Interestingly, if I stop the script in the python debugger, just before
that last line and print some values:
(Pdb) fields.size()
2577038276L
(Pdb) len(fields)
*** OverflowError: long int too large to convert to int

(Both of those statements return sane results (5) at the top-level record.)



On Tue, May 19, 2015 at 11:45 AM, Siwek, Jon <jsiwek at illinois.edu> wrote:

>
> > On May 18, 2015, at 1:50 PM, Jeff Barber <jbarber at computer.org> wrote:
> >
> > Yeah. Using valid() works but it makes the code clumsy and unpythonic.
> Below is my code. Uncomment the second "sub_recs = ..." line in ppkt() (in
> place of the first one) to see the issue.
> >
> > def get_fields(fields, n_fields):
> >     new_fields = []
> >     for n in range(n_fields):
> >         f = fields[n]
> >         if f.valid():
> >             new_fields.append(f.get())
> >         else:
> >             new_fields.append(None)
> >     return new_fields
> >
> > def ppkt(p):
> >     rec = p.as_record()
> >     sub_recs = get_fields(rec.fields(), rec.size())
> >     #===>>> sub_recs = [f.get() for f in fields]
> >     print sub_recs
>
> Does something like the following work to transform it into the format you
> want?
>
>         sub_recs = [f.get() if f.valid() else None for f in fields]
>
> - Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150519/c122a4b9/attachment-0001.html 


More information about the Bro mailing list