[Bro] [Bro type clash]
erik clark
philosnef at gmail.com
Thu Nov 24 12:33:35 PST 2016
Just for clarification, is_valid_ip actually does more than run a basic
regex against the string. For ipv4 it slices the address and then runs an
evaluation against each piece, which is faster than the regex as far as I
can tell from my testing. I don't recall offhand how it determines valid
ipv6 addresses offhand, as I don't have the addrs.bro script handy.
On Thu, Nov 24, 2016 at 2:48 PM, erik clark <philosnef at gmail.com> wrote:
> ---
> I want to check if
>
> n$id$orig_h
>
> contains a valid ip address.
> ---
>
> In the framework there is already something that does this....
>
> https://www.bro.org/sphinx/scripts/base/utils/addrs.bro.html
>
> Specifically:
>
> is_valid_ip
> <https://www.bro.org/sphinx/scripts/base/utils/addrs.bro.html#id-is_valid_ip>
> : function
> <https://www.bro.org/sphinx/script-reference/types.html#type-function>
> <https://www.bro.org/sphinx/script-reference/types.html#type-function>
>
> This is a VERY useful function, as it validates both ipv4 and ipv6....
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161124/becc8434/attachment.html
More information about the Bro
mailing list