[Bro] Broadcast detection

anthony kasza anthony.kasza at gmail.com
Thu Sep 3 19:41:38 PDT 2015 

I believe I have some logic that solves this. I created an xor (^)
operator for IPAddr types similar to the inclusive or (|) and am
making use of it to calculate the broadcast address of a subnet. My
BiF follows:

function subnet_end%(snet: subnet%): addr
        %{
        IPAddr broadcast;

        if (snet->Prefix().GetFamily() == IPv4)   //ipv4
                {
                broadcast = (IPAddr(string("255.255.255.255")) ^
snet->Mask()) | snet->Prefix();
                }
        else if (snet->Prefix().GetFamily() == IPv6)    //ipv6
                {
                broadcast =
(IPAddr(string("ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")) ^
snet->Mask()) | snet->Prefix();
                }
        else
                {
                reporter->InternalError("Unsupported address size. Not
IPv4 or IPv6.");
                }

        return new AddrVal(broadcast);
        %}


When calling this from scriptland, v6 addresses work properly.
However, v4 addresses are represented as v6 addresses still. I am
missing some concept around how IPAddrs can be either v4 or v6 and how
scriptland knows the difference. How might I properly indicate the
IPAddr in the returned AddrVal is meant to represent a v4 address
instead of a v6 address?
Thanks!

-AK

On Thu, Aug 27, 2015 at 8:03 AM, Robin Sommer <robin at icir.org> wrote:
>
>
> On Wed, Aug 26, 2015 at 18:12 -0700, anthony kasza wrote:
>
>> I'm looking to write a bif which does this. How can I access a subnet's
>> prefix as an int?
>
> snet->Prefix() yields an IPAddr. You don't easily get that as an int,
> but it has a method for getting it as a sequence of bytes:
>
>     int GetBytes(const uint32_t** bytes)
>
> That works for both IPv4 and v6.
>
> That said, I think you can solve this more easily by combining some
> other methods that IPAddr offers as well:
>
>      /**
>          * Masks out lower bits of the address.
>          [...]
>          */
>         void Mask(int top_bits_to_keep);
>
>      /**
>          * Masks out top bits of the address.
>         [...]
>          */
>         void ReverseMask(int top_bits_to_chop);
>
>       /**
>          * Bitwise OR operator returns the IP address resulting from the bitwise
>          * OR operation on the raw bytes of this address with another.
>          */
>        IPAddr operator|(const IPAddr& other)
>
> You'd mask out the lower bits of the prefix, mask out the upper bits
> of 255.255.255.255 (for IPv4), and then "or" the two together.
>
> Robin
>
> --
> Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin

More information about the Bro mailing list