[Bro] Accessing index of an uint8 array inside record
TQ
nothinrandom at gmail.com
Sun Nov 18 09:30:23 PST 2018
Ah, ok. Thanks for this tip!
On Sun, Nov 18, 2018 at 9:28 AM Jon Siwek <jsiwek at corelight.com> wrote:
> On Sun, Nov 18, 2018 at 10:45 AM TQ <nothinrandom at gmail.com> wrote:
>
> > I ended up using bytestring &length=4, and this allows me to access
> using ${Record_A.record_b.data[0]}. Bizarre as these two are equivalent,
> right?
>
> Logically, "bytestring &length=4" and uint8[4] are equivalent but seem
> to be implemented differently.
>
> A bytestring field ends up being a "datastring<uint8>"
> object/reference from binpac_bytestring.h
>
> A uint8[4] ends up being a pointer to a "std::vector<uint8>".
>
> So that last bit about it being a pointer is likely important, means
> you were probably missing a pointer dereference e.g. you could try
> ${Record_A.record_b.data}->at(0) for accessing a uint8[] at index 0.
>
> All this info should be available for you to find in the generated
> *_pac.cc files and checking those is the best way to confirm what you
> need to be doing.
>
> - Jon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181118/3e37688c/attachment.html
More information about the Bro
mailing list