broccoli 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +21 -0
- data/README +44 -0
- data/examples/broconn.bro +26 -0
- data/examples/broconn.rb +47 -0
- data/examples/broenum.rb +122 -0
- data/examples/brohose.bro +30 -0
- data/examples/brohose.rb +169 -0
- data/examples/broping-record.bro +56 -0
- data/examples/broping.bro +37 -0
- data/examples/broping.rb +148 -0
- data/examples/dns_requests.rb +35 -0
- data/ext/broccoli/autogen.sh +3 -0
- data/ext/broccoli/broccoli.i +507 -0
- data/ext/broccoli/broccoli_wrap.c +6125 -0
- data/ext/broccoli/extconf.rb +16 -0
- data/ext/broccoli/post-clean.rb +3 -0
- data/ext/broccoli/pre-config.rb +5 -0
- data/ext/broccoli/test/broconftest.rb +12 -0
- data/ext/broccoli/test/test.rb +174 -0
- data/lib/Bro/connection.rb +78 -0
- data/lib/Bro/event.rb +34 -0
- data/lib/Bro/record.rb +71 -0
- data/lib/bro.rb +87 -0
- data/setup.rb +1585 -0
- metadata +66 -0
@@ -0,0 +1,56 @@
|
|
1
|
+
# Depending on whether you want to use encryption or not,
|
2
|
+
# include "listen-clear" or "listen-ssl":
|
3
|
+
#
|
4
|
+
# @load listen-ssl
|
5
|
+
@load listen-clear
|
6
|
+
|
7
|
+
global ping_log = open_log_file("ping");
|
8
|
+
|
9
|
+
# Let's make sure we use the same port no matter whether we use encryption or not:
|
10
|
+
#
|
11
|
+
@ifdef (listen_port_clear)
|
12
|
+
redef listen_port_clear = 47758/tcp;
|
13
|
+
@endif
|
14
|
+
|
15
|
+
# If we're using encrypted communication, redef the SSL port and hook in
|
16
|
+
# the necessary certificates:
|
17
|
+
#
|
18
|
+
@ifdef (listen_port_ssl)
|
19
|
+
redef listen_port_ssl = 47758/tcp;
|
20
|
+
redef ssl_ca_certificate = "<path>/ca_cert.pem";
|
21
|
+
redef ssl_private_key = "<path>/bro.pem";
|
22
|
+
@endif
|
23
|
+
|
24
|
+
redef Remote::destinations += {
|
25
|
+
["broping"] = [$host = 127.0.0.1, $events = /ping/, $connect=F, $ssl=F]
|
26
|
+
};
|
27
|
+
|
28
|
+
type ping_data: record {
|
29
|
+
seq: count;
|
30
|
+
src_time: time;
|
31
|
+
};
|
32
|
+
|
33
|
+
type pong_data: record {
|
34
|
+
seq: count;
|
35
|
+
src_time: time;
|
36
|
+
dst_time: time;
|
37
|
+
};
|
38
|
+
|
39
|
+
# global pdata: pong_data;
|
40
|
+
|
41
|
+
event ping(data: ping_data)
|
42
|
+
{
|
43
|
+
local pdata: pong_data;
|
44
|
+
|
45
|
+
pdata$seq = data$seq;
|
46
|
+
pdata$src_time = data$src_time;
|
47
|
+
pdata$dst_time = current_time();
|
48
|
+
|
49
|
+
event pong(pdata);
|
50
|
+
}
|
51
|
+
|
52
|
+
event pong(data: pong_data)
|
53
|
+
{
|
54
|
+
print ping_log, fmt("ping received, seq %d, %f at src, %f at dest, one-way: %f",
|
55
|
+
data$seq, data$src_time, data$dst_time, data$dst_time - data$src_time);
|
56
|
+
}
|
@@ -0,0 +1,37 @@
|
|
1
|
+
# Depending on whether you want to use encryption or not,
|
2
|
+
# include "listen-clear" or "listen-ssl":
|
3
|
+
#
|
4
|
+
# @load listen-ssl
|
5
|
+
@load listen-clear
|
6
|
+
|
7
|
+
global ping_log = open_log_file("ping");
|
8
|
+
|
9
|
+
# Let's make sure we use the same port no matter whether we use encryption or not:
|
10
|
+
#
|
11
|
+
@ifdef (listen_port_clear)
|
12
|
+
redef listen_port_clear = 47758/tcp;
|
13
|
+
@endif
|
14
|
+
|
15
|
+
# If we're using encrypted communication, redef the SSL port and hook in
|
16
|
+
# the necessary certificates:
|
17
|
+
#
|
18
|
+
@ifdef (listen_port_ssl)
|
19
|
+
redef listen_port_ssl = 47758/tcp;
|
20
|
+
redef ssl_ca_certificate = "<path>/ca_cert.pem";
|
21
|
+
redef ssl_private_key = "<path>/bro.pem";
|
22
|
+
@endif
|
23
|
+
|
24
|
+
redef Remote::destinations += {
|
25
|
+
["broping"] = [$host = 127.0.0.1, $events = /ping/, $connect=F, $ssl=F]
|
26
|
+
};
|
27
|
+
|
28
|
+
event ping(src_time: time, seq: count)
|
29
|
+
{
|
30
|
+
event pong(src_time, current_time(), seq);
|
31
|
+
}
|
32
|
+
|
33
|
+
event pong(src_time: time, dst_time: time, seq: count)
|
34
|
+
{
|
35
|
+
print ping_log, fmt("ping received, seq %d, %f at src, %f at dest, one-way: %f",
|
36
|
+
seq, src_time, dst_time, dst_time-src_time);
|
37
|
+
}
|
data/examples/broping.rb
ADDED
@@ -0,0 +1,148 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
begin
|
4
|
+
require 'bro' # If installed as a native extension
|
5
|
+
rescue LoadError
|
6
|
+
require 'rubygems' # If install as a gem
|
7
|
+
gem 'broccoli'
|
8
|
+
require 'bro'
|
9
|
+
end
|
10
|
+
|
11
|
+
require 'logger'
|
12
|
+
require 'optparse'
|
13
|
+
require 'ostruct'
|
14
|
+
require 'ipaddr'
|
15
|
+
|
16
|
+
class BropingApp < Logger::Application
|
17
|
+
include Bro
|
18
|
+
|
19
|
+
def run
|
20
|
+
opt = parse_opts()
|
21
|
+
|
22
|
+
# Set debugging vars
|
23
|
+
Bro.debug_messages=true if opt.debug > 0
|
24
|
+
Bro.debug_calltrace=true if opt.debug > 1
|
25
|
+
|
26
|
+
# Create the connection object
|
27
|
+
bc = Bro::Connection.new("#{opt.host}:#{opt.port}", BRO_CFLAG_RECONNECT | BRO_CFLAG_ALWAYS_QUEUE)
|
28
|
+
|
29
|
+
if opt.record
|
30
|
+
# Register the pong event handler
|
31
|
+
bc.event_handler_for "pong" do |p|
|
32
|
+
now = Bro::current_time_f
|
33
|
+
printf "pong event from %s: seq=%i, time=%6f/%6f s\n", opt.host,
|
34
|
+
p.seq,
|
35
|
+
p.dst_time-p.src_time,
|
36
|
+
now-p.src_time;
|
37
|
+
end
|
38
|
+
else
|
39
|
+
# Register the pong event handler
|
40
|
+
bc.event_handler_for "pong" do |src_time, dst_time, seq|
|
41
|
+
now = Bro::current_time_f
|
42
|
+
printf "pong event from %s: seq=%i, time=%6f/%6f s\n", opt.host,
|
43
|
+
seq,
|
44
|
+
dst_time-src_time,
|
45
|
+
now-src_time;
|
46
|
+
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
if bc.connect
|
51
|
+
seq = 0
|
52
|
+
#puts "connected"
|
53
|
+
while true
|
54
|
+
break if opt.count > 0 && seq == opt.count
|
55
|
+
|
56
|
+
ev = Bro::Event.new("ping")
|
57
|
+
if opt.record
|
58
|
+
rec = Bro::Record.new
|
59
|
+
rec.insert("seq", seq, :count)
|
60
|
+
rec.insert("src_time", Bro::current_time_f, :time)
|
61
|
+
ev.insert(rec, :record)
|
62
|
+
else
|
63
|
+
ev.insert(Bro.current_time_f, :time)
|
64
|
+
ev.insert(seq, :count)
|
65
|
+
end
|
66
|
+
bc.send(ev)
|
67
|
+
sleep 1
|
68
|
+
bc.process_input
|
69
|
+
seq += 1
|
70
|
+
end
|
71
|
+
else
|
72
|
+
puts "Couldn't connect to Bro server."
|
73
|
+
end
|
74
|
+
|
75
|
+
end
|
76
|
+
|
77
|
+
private
|
78
|
+
|
79
|
+
def initialize
|
80
|
+
super('app')
|
81
|
+
STDERR.sync = true
|
82
|
+
self.level = Logger::FATAL
|
83
|
+
end
|
84
|
+
|
85
|
+
def parse_opts
|
86
|
+
options = OpenStruct.new
|
87
|
+
options.debug = 0
|
88
|
+
options.port = 47758
|
89
|
+
options.count = -1
|
90
|
+
options.record = false
|
91
|
+
|
92
|
+
opts = OptionParser.new do |opts|
|
93
|
+
opts.banner = "rbroping - sends ping events to a Bro agent, expecting pong events (written in ruby).\nUsage: #{$0} [options] host"
|
94
|
+
|
95
|
+
opts.separator ""
|
96
|
+
opts.separator "Specific options:"
|
97
|
+
|
98
|
+
opts.on('-p', '--port PORT',
|
99
|
+
'The port your bro agent is listening on') do |port|
|
100
|
+
options.port = port
|
101
|
+
end
|
102
|
+
|
103
|
+
opts.on('-c', '--count COUNT',
|
104
|
+
'The number of pings you\'d like to send (10 by default)') do |c|
|
105
|
+
options.count = c.to_i
|
106
|
+
end
|
107
|
+
|
108
|
+
opts.on('-r', '--records',
|
109
|
+
'Send ping records to the bro instance instead of event arguments') do
|
110
|
+
options.record = true
|
111
|
+
end
|
112
|
+
|
113
|
+
opts.separator ""
|
114
|
+
opts.separator "Common options:"
|
115
|
+
|
116
|
+
# No argument, shows at tail. This will print an options summary.
|
117
|
+
# Try it and see!
|
118
|
+
opts.on_tail("-h", "--help", "Show this message") do
|
119
|
+
puts opts
|
120
|
+
exit
|
121
|
+
end
|
122
|
+
|
123
|
+
opts.on_tail('-d', '--debug',
|
124
|
+
'Use this option once for debug messages and twice for calltraces') do
|
125
|
+
options.debug += 1
|
126
|
+
end
|
127
|
+
|
128
|
+
end
|
129
|
+
|
130
|
+
begin
|
131
|
+
opts.parse!(ARGV)
|
132
|
+
raise(OptionParser::InvalidOption, "missing host") unless ARGV[0]
|
133
|
+
options.host = ARGV[0]
|
134
|
+
rescue OptionParser::InvalidOption => e
|
135
|
+
puts "Invalid option! (#{e})"
|
136
|
+
puts opts
|
137
|
+
exit
|
138
|
+
end
|
139
|
+
options
|
140
|
+
end
|
141
|
+
|
142
|
+
end
|
143
|
+
|
144
|
+
begin
|
145
|
+
BropingApp.new.start
|
146
|
+
rescue Interrupt => e
|
147
|
+
# Catch interrupts quietly
|
148
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
begin
|
4
|
+
require 'bro' # If installed as a native extension
|
5
|
+
rescue LoadError
|
6
|
+
require 'rubygems' # If install as a gem
|
7
|
+
gem 'broccoli'
|
8
|
+
require 'bro'
|
9
|
+
end
|
10
|
+
|
11
|
+
require 'ipaddr'
|
12
|
+
require 'time'
|
13
|
+
include Bro
|
14
|
+
|
15
|
+
bc = Bro::Connection.new("localhost:47758")
|
16
|
+
|
17
|
+
bc.event_handler_for "dns_request" do |c, msg, query, qtype, qclass|
|
18
|
+
begin
|
19
|
+
src = IPAddr.ntop(c.id.orig_h)
|
20
|
+
dst = IPAddr.ntop(c.id.resp_h)
|
21
|
+
rescue
|
22
|
+
print "bug!"
|
23
|
+
end
|
24
|
+
time = Time.at(c.start_time).strftime("%Y-%m-%d %H:%M:%S")
|
25
|
+
puts "#{time} #{src}:#{c.id.orig_p} -> #{dst}:#{c.id.resp_p} #{query}"
|
26
|
+
end
|
27
|
+
|
28
|
+
if bc.connect
|
29
|
+
puts "connected"
|
30
|
+
while bc.wait
|
31
|
+
bc.process_input
|
32
|
+
end
|
33
|
+
else
|
34
|
+
puts "Could not connect to server"
|
35
|
+
end
|
@@ -0,0 +1,507 @@
|
|
1
|
+
%module "broccoli"
|
2
|
+
|
3
|
+
%include cpointer.i
|
4
|
+
%include typemaps.i
|
5
|
+
|
6
|
+
%{
|
7
|
+
/* Includes the header in the wrapper code */
|
8
|
+
#include "broccoli.h"
|
9
|
+
%}
|
10
|
+
|
11
|
+
%{
|
12
|
+
|
13
|
+
/* Convert Ruby String to BroString */
|
14
|
+
BroString to_brostring(VALUE obj){
|
15
|
+
if(!NIL_P(obj)){
|
16
|
+
Check_Type(obj, T_STRING);
|
17
|
+
BroString bs;
|
18
|
+
bro_string_set(&bs, STR2CSTR(obj));
|
19
|
+
return bs;
|
20
|
+
}
|
21
|
+
}
|
22
|
+
|
23
|
+
static void
|
24
|
+
wrap_BroCompactEventFunc(BroConn *bc, void *data, int num_args, BroEvArg *args)
|
25
|
+
{
|
26
|
+
int i;
|
27
|
+
int callback_arity = 0;
|
28
|
+
VALUE proc = (VALUE)data;
|
29
|
+
VALUE out[15] = {Qnil,Qnil,Qnil,Qnil,Qnil,Qnil,Qnil,Qnil,
|
30
|
+
Qnil,Qnil,Qnil,Qnil,Qnil,Qnil,Qnil};
|
31
|
+
|
32
|
+
callback_arity = NUM2INT(rb_funcall(proc, rb_intern("arity"), 0));
|
33
|
+
if ( callback_arity != num_args )
|
34
|
+
{
|
35
|
+
printf("ERROR: callback has %d arguments when it should have %d arguments.\n",
|
36
|
+
callback_arity,
|
37
|
+
num_args);
|
38
|
+
}
|
39
|
+
for(i=0 ; i < num_args ; i++)
|
40
|
+
{
|
41
|
+
//printf("Loop #%i\n", i);
|
42
|
+
switch (args[i].arg_meta->val_type)
|
43
|
+
{
|
44
|
+
case BRO_TYPE_RECORD:
|
45
|
+
//printf("Found a BroRecord in the callback wrapper\n");
|
46
|
+
out[i] = SWIG_NewPointerObj(SWIG_as_voidptr(args[i].arg_data), SWIGTYPE_p_bro_record, 0 | 0 );
|
47
|
+
break;
|
48
|
+
case BRO_TYPE_PORT:
|
49
|
+
out[i] = SWIG_NewPointerObj(SWIG_as_voidptr(args[i].arg_data), SWIGTYPE_p_bro_port, 0 | 0 );
|
50
|
+
break;
|
51
|
+
case BRO_TYPE_INT:
|
52
|
+
case BRO_TYPE_ENUM:
|
53
|
+
//printf("Found an integer in the callback wrapper\n");
|
54
|
+
out[i] = INT2NUM( *((int *) args[i].arg_data) );
|
55
|
+
break;
|
56
|
+
case BRO_TYPE_BOOL:
|
57
|
+
//printf("Found a boolean in the callback wrapper\n");
|
58
|
+
out[i] = *((int *) args[i].arg_data) ? Qtrue : Qfalse;
|
59
|
+
break;
|
60
|
+
case BRO_TYPE_STRING:
|
61
|
+
//printf("Found a BroString in the callback wrapper\n");
|
62
|
+
out[i] = rb_str_new( (char*) bro_string_get_data( (BroString*) args[i].arg_data ),
|
63
|
+
bro_string_get_length( (BroString*) args[i].arg_data ) );
|
64
|
+
break;
|
65
|
+
case BRO_TYPE_TIME:
|
66
|
+
case BRO_TYPE_DOUBLE:
|
67
|
+
case BRO_TYPE_INTERVAL:
|
68
|
+
//printf("Found a double in the callback wrapper\n");
|
69
|
+
out[i] = rb_float_new( *((double *) args[i].arg_data) );
|
70
|
+
break;
|
71
|
+
case BRO_TYPE_COUNT:
|
72
|
+
case BRO_TYPE_NET:
|
73
|
+
//printf("Found a 32bit unsigned integer in the callback wrapper\n");
|
74
|
+
out[i] = UINT2NUM( *((uint32 *) args[i].arg_data) );
|
75
|
+
break;
|
76
|
+
case BRO_TYPE_IPADDR:
|
77
|
+
//printf("Found an ip address... making it a string\n");
|
78
|
+
//output ip addresses as strings that can be unpacked from ruby.
|
79
|
+
out[i] = rb_str_new2((char *) args[i].arg_data);
|
80
|
+
break;
|
81
|
+
case BRO_TYPE_COUNTER:
|
82
|
+
case BRO_TYPE_TIMER:
|
83
|
+
case BRO_TYPE_PATTERN:
|
84
|
+
case BRO_TYPE_SUBNET:
|
85
|
+
case BRO_TYPE_ANY:
|
86
|
+
case BRO_TYPE_TABLE:
|
87
|
+
case BRO_TYPE_UNION:
|
88
|
+
case BRO_TYPE_LIST:
|
89
|
+
case BRO_TYPE_FUNC:
|
90
|
+
case BRO_TYPE_FILE:
|
91
|
+
case BRO_TYPE_VECTOR:
|
92
|
+
case BRO_TYPE_ERROR:
|
93
|
+
case BRO_TYPE_MAX:
|
94
|
+
printf("Type not yet handled.\n");
|
95
|
+
break;
|
96
|
+
default:
|
97
|
+
printf("Invalid type was registered for callback!\n");
|
98
|
+
break;
|
99
|
+
}
|
100
|
+
}
|
101
|
+
|
102
|
+
// Call the ruby proc object
|
103
|
+
rb_funcall2(proc, rb_intern("call"), callback_arity, out);
|
104
|
+
|
105
|
+
bc = NULL;
|
106
|
+
data = NULL;
|
107
|
+
}
|
108
|
+
|
109
|
+
%}
|
110
|
+
|
111
|
+
%typemap(in) (BroCompactEventFunc func, void *user_data)
|
112
|
+
{
|
113
|
+
$1 = (BroCompactEventFunc) wrap_BroCompactEventFunc;
|
114
|
+
$2 = (void *)$input;
|
115
|
+
}
|
116
|
+
|
117
|
+
// Clean up bro strings after they're used
|
118
|
+
%typemap(ret) int bro_record_add_val,
|
119
|
+
int bro_record_set_named_val,
|
120
|
+
int bro_record_set_nth_val
|
121
|
+
{
|
122
|
+
if(arg3 == BRO_TYPE_STRING) { bro_string_cleanup(arg5); }
|
123
|
+
}
|
124
|
+
%typemap(ret) int bro_event_add_val
|
125
|
+
{
|
126
|
+
if(arg2 == BRO_TYPE_STRING) { bro_string_cleanup(arg4); }
|
127
|
+
}
|
128
|
+
|
129
|
+
//bro_record_add_val
|
130
|
+
//bro_record_set_named_val
|
131
|
+
//bro_record_set_nth_val
|
132
|
+
//bro_event_add_val
|
133
|
+
//bro_event_set_val
|
134
|
+
%typemap(in) (int type, const char *type_name, const void *val)
|
135
|
+
{
|
136
|
+
int tmp_int;
|
137
|
+
double tmp_double;
|
138
|
+
uint32 tmp_uint32;
|
139
|
+
BroString tmp_brostring;
|
140
|
+
void *tmp_swigpointer;
|
141
|
+
int res;
|
142
|
+
int type;
|
143
|
+
VALUE value;
|
144
|
+
VALUE type_name;
|
145
|
+
|
146
|
+
// Use ruby's array accessor method to get the type, type_name and value
|
147
|
+
type = NUM2INT(rb_funcall($input, rb_intern("at"), 1, INT2NUM(0)));
|
148
|
+
$1 = type;
|
149
|
+
type_name = rb_funcall($input, rb_intern("at"), 1, INT2NUM(1));
|
150
|
+
if ( rb_funcall(type_name, rb_intern("=="), 1, Qnil) == Qtrue )
|
151
|
+
{
|
152
|
+
$2 = NULL;
|
153
|
+
} else {
|
154
|
+
Check_Type(type_name, T_STRING);
|
155
|
+
$2 = (char *)STR2CSTR(type_name);
|
156
|
+
}
|
157
|
+
value = rb_funcall($input, rb_intern("at"), 1, INT2NUM(2));
|
158
|
+
|
159
|
+
switch(type)
|
160
|
+
{
|
161
|
+
case BRO_TYPE_INT:
|
162
|
+
case BRO_TYPE_ENUM:
|
163
|
+
//printf("Matched on Fixnum! Storing value as an int (%i)\n", NUM2INT($input));
|
164
|
+
tmp_int = NUM2INT(value);
|
165
|
+
$3 = &tmp_int;
|
166
|
+
break;
|
167
|
+
|
168
|
+
case BRO_TYPE_BOOL:
|
169
|
+
//printf("Matched on boolean! Storing value as an integer\n");
|
170
|
+
tmp_int = value ? 1 : 0;
|
171
|
+
$3 = &tmp_int;
|
172
|
+
break;
|
173
|
+
|
174
|
+
case BRO_TYPE_TIME:
|
175
|
+
case BRO_TYPE_DOUBLE:
|
176
|
+
case BRO_TYPE_INTERVAL:
|
177
|
+
//printf("Storing value as a double (%f)\n", rb_num2dbl($input));
|
178
|
+
tmp_double = rb_num2dbl(value);
|
179
|
+
$3 = &tmp_double;
|
180
|
+
break;
|
181
|
+
|
182
|
+
case BRO_TYPE_COUNT:
|
183
|
+
case BRO_TYPE_IPADDR:
|
184
|
+
case BRO_TYPE_NET:
|
185
|
+
//printf("Storing value as a uint32\n");
|
186
|
+
tmp_uint32 = rb_num2ulong(value);
|
187
|
+
$3 = &tmp_uint32;
|
188
|
+
break;
|
189
|
+
|
190
|
+
case BRO_TYPE_STRING:
|
191
|
+
//printf("Storing value as a BroString\n");
|
192
|
+
tmp_brostring = to_brostring(value);
|
193
|
+
$3 = &tmp_brostring;
|
194
|
+
break;
|
195
|
+
|
196
|
+
case BRO_TYPE_PORT:
|
197
|
+
//printf("Storing value as a BroPort\n");
|
198
|
+
res = SWIG_ConvertPtr(value, &tmp_swigpointer, SWIGTYPE_p_bro_port, 0);
|
199
|
+
if (!SWIG_IsOK(res)) {
|
200
|
+
SWIG_exception_fail(SWIG_ArgError(res), "the value for $symname was supposed to be a BroPort");
|
201
|
+
}
|
202
|
+
$3 = (BroPort *)(tmp_swigpointer);
|
203
|
+
break;
|
204
|
+
|
205
|
+
case BRO_TYPE_SUBNET:
|
206
|
+
//printf("Storing value as a BroSubnet\n");
|
207
|
+
res = SWIG_ConvertPtr(value, &tmp_swigpointer, SWIGTYPE_p_bro_subnet, 0);
|
208
|
+
if (!SWIG_IsOK(res)) {
|
209
|
+
SWIG_exception_fail(SWIG_ArgError(res), "the value for $symname was supposed to be a BroSubnet");
|
210
|
+
}
|
211
|
+
$3 = (BroSubnet *)(tmp_swigpointer);
|
212
|
+
break;
|
213
|
+
|
214
|
+
case BRO_TYPE_RECORD:
|
215
|
+
//printf("Storing value as a BroRecord\n");
|
216
|
+
res = SWIG_ConvertPtr(value, &tmp_swigpointer, SWIGTYPE_p_bro_record, 0);
|
217
|
+
if (!SWIG_IsOK(res)) {
|
218
|
+
SWIG_exception_fail(SWIG_ArgError(res), "the value for $symname was supposed to be a BroRecord");
|
219
|
+
}
|
220
|
+
$3 = (BroRecord *)(tmp_swigpointer);
|
221
|
+
break;
|
222
|
+
|
223
|
+
default:
|
224
|
+
printf("ERROR($symname): no valid type defined\n");
|
225
|
+
break;
|
226
|
+
}
|
227
|
+
}
|
228
|
+
|
229
|
+
|
230
|
+
%typemap(out) void* bro_conn_data_get {
|
231
|
+
if( strcmp(arg2, "service") == 0 ||
|
232
|
+
strcmp(arg2, "addl") == 0 ||
|
233
|
+
strcmp(arg2, "history") == 0) {
|
234
|
+
$result = rb_str_new( (char *) bro_string_get_data((BroString*) $1),
|
235
|
+
bro_string_get_length((BroString*) $1) );
|
236
|
+
}
|
237
|
+
else if( strcmp(arg2, "") == 0 ) {
|
238
|
+
|
239
|
+
}
|
240
|
+
else
|
241
|
+
{
|
242
|
+
printf("Couldn't find the correct data type to convert to...\n");
|
243
|
+
$result = Qnil;
|
244
|
+
}
|
245
|
+
}
|
246
|
+
|
247
|
+
%typemap(in) (const char *name, int *type) {
|
248
|
+
$1 = (char*) STR2CSTR($input);
|
249
|
+
// This is to pass arg 3 (int *type) as a value-result argument
|
250
|
+
int mytemp3 = 0;
|
251
|
+
$2 = &mytemp3;
|
252
|
+
}
|
253
|
+
|
254
|
+
%typemap(in) (int num, int *type) {
|
255
|
+
$1 = NUM2INT($input);
|
256
|
+
// This is to pass arg 3 (int *type) as a value-result argument
|
257
|
+
int mytemp3 = 0;
|
258
|
+
$2 = &mytemp3;
|
259
|
+
}
|
260
|
+
|
261
|
+
%typemap(out) void* bro_record_get_named_val,
|
262
|
+
void* bro_record_get_nth_val {
|
263
|
+
switch(*arg3)
|
264
|
+
{
|
265
|
+
case BRO_TYPE_BOOL:
|
266
|
+
//printf("Ruby: Getting data matched on boolean\n");
|
267
|
+
$result = (((int *) $1) ? Qtrue : Qfalse);
|
268
|
+
break;
|
269
|
+
|
270
|
+
case BRO_TYPE_INT:
|
271
|
+
case BRO_TYPE_ENUM:
|
272
|
+
//printf("Ruby: Getting data matched on int\n");
|
273
|
+
$result = INT2NUM( *((int *) $1) );
|
274
|
+
break;
|
275
|
+
|
276
|
+
case BRO_TYPE_TIME:
|
277
|
+
case BRO_TYPE_DOUBLE:
|
278
|
+
case BRO_TYPE_INTERVAL:
|
279
|
+
//printf("Ruby: Getting data matched on time\n");
|
280
|
+
$result = rb_float_new( *((double *) $1) );
|
281
|
+
break;
|
282
|
+
|
283
|
+
case BRO_TYPE_STRING:
|
284
|
+
//printf("Ruby: getting data matched on string\n");
|
285
|
+
$result = rb_str_new( (char *)((BroString *) $1)->str_val, ((BroString *) $1)->str_len );
|
286
|
+
break;
|
287
|
+
|
288
|
+
case BRO_TYPE_COUNT:
|
289
|
+
//printf("Ruby: Getting data matched on uint32\n");
|
290
|
+
$result = ULONG2NUM( *((uint32 *) $1) );
|
291
|
+
break;
|
292
|
+
|
293
|
+
case BRO_TYPE_IPADDR:
|
294
|
+
case BRO_TYPE_NET:
|
295
|
+
//printf("I found an ip address... making it a network byte ordered string\n");
|
296
|
+
$result = rb_str_new2( (char *) $1);
|
297
|
+
break;
|
298
|
+
|
299
|
+
case BRO_TYPE_RECORD:
|
300
|
+
//printf("Ruby: Getting data matched as a BroRecord\n");
|
301
|
+
$result = SWIG_NewPointerObj(SWIG_as_voidptr( (BroRecord *) $1 ), SWIGTYPE_p_bro_record, 0);
|
302
|
+
break;
|
303
|
+
|
304
|
+
case BRO_TYPE_PORT:
|
305
|
+
//printf("Ruby: Getting data matched as a BroPort\n");
|
306
|
+
$result = SWIG_NewPointerObj(SWIG_as_voidptr( (BroPort *) $1 ), SWIGTYPE_p_bro_port, 0);
|
307
|
+
break;
|
308
|
+
|
309
|
+
default:
|
310
|
+
printf("No type recognized when getting value\n");
|
311
|
+
}
|
312
|
+
}
|
313
|
+
|
314
|
+
// When methods output an integer, it's usually boolean, make it so.
|
315
|
+
%typemap(out) int bro_conn_connect,
|
316
|
+
int bro_conn_alive,
|
317
|
+
int bro_conn_delete,
|
318
|
+
int bro_conn_process_input,
|
319
|
+
int bro_event_add_val,
|
320
|
+
int bro_event_set_val,
|
321
|
+
int bro_event_send,
|
322
|
+
int bro_record_set_nth_val,
|
323
|
+
int bro_record_set_named_val,
|
324
|
+
int bro_packet_send "$result = $1 ? Qtrue:Qfalse;"
|
325
|
+
|
326
|
+
// Allow "true" and "false" for setting debug vars
|
327
|
+
%typemap(varin) int bro_debug_calltrace,
|
328
|
+
int bro_debug_messages "$1 = $input ? 1:0;"
|
329
|
+
|
330
|
+
%typemap(in) uchar * "$1 = (uchar*)STR2CSTR($input);"
|
331
|
+
%typemap(out) uchar * "$result = rb_str_new2((char*)$1);"
|
332
|
+
|
333
|
+
%predicate bro_conn_alive(const BroConn *bc);
|
334
|
+
|
335
|
+
BroString to_brostring(VALUE obj);
|
336
|
+
|
337
|
+
//********************
|
338
|
+
// Header file stuff below
|
339
|
+
//********************
|
340
|
+
%include "broccoli.h"
|
341
|
+
|
342
|
+
//// Changes from the default header file.
|
343
|
+
////void* bro_record_get_named_val(BroRecord *rec, const char *name, int *OUTPUT);
|
344
|
+
////int bro_conf_get_int(const char *val_name, int *OUTPUT);
|
345
|
+
////int bro_conf_get_dbl(const char *val_name, double *OUTPUT);
|
346
|
+
//
|
347
|
+
//extern int bro_debug_calltrace;
|
348
|
+
//extern int bro_debug_messages;
|
349
|
+
//
|
350
|
+
//#define BRO_TYPE_UNKNOWN 0
|
351
|
+
//#define BRO_TYPE_BOOL 1
|
352
|
+
//#define BRO_TYPE_INT 2
|
353
|
+
//#define BRO_TYPE_COUNT 3
|
354
|
+
//#define BRO_TYPE_COUNTER 4
|
355
|
+
//#define BRO_TYPE_DOUBLE 5
|
356
|
+
//#define BRO_TYPE_TIME 6
|
357
|
+
//#define BRO_TYPE_INTERVAL 7
|
358
|
+
//#define BRO_TYPE_STRING 8
|
359
|
+
//#define BRO_TYPE_PATTERN 9
|
360
|
+
//#define BRO_TYPE_ENUM 10
|
361
|
+
//#define BRO_TYPE_TIMER 11
|
362
|
+
//#define BRO_TYPE_PORT 12
|
363
|
+
//#define BRO_TYPE_IPADDR 13
|
364
|
+
//#define BRO_TYPE_NET 14
|
365
|
+
//#define BRO_TYPE_SUBNET 15
|
366
|
+
//#define BRO_TYPE_ANY 16
|
367
|
+
//#define BRO_TYPE_TABLE 17
|
368
|
+
//#define BRO_TYPE_UNION 18
|
369
|
+
//#define BRO_TYPE_RECORD 19
|
370
|
+
//#define BRO_TYPE_LIST 20
|
371
|
+
//#define BRO_TYPE_FUNC 21
|
372
|
+
//#define BRO_TYPE_FILE 22
|
373
|
+
//#define BRO_TYPE_VECTOR 23
|
374
|
+
//#define BRO_TYPE_ERROR 24
|
375
|
+
//#define BRO_TYPE_PACKET 25 /* CAUTION -- not defined in Bro! */
|
376
|
+
//#define BRO_TYPE_MAX 26
|
377
|
+
//
|
378
|
+
//#define BRO_CFLAG_NONE 0
|
379
|
+
//#define BRO_CFLAG_RECONNECT (1 << 0) /* Attempt transparent reconnects */
|
380
|
+
//#define BRO_CFLAG_ALWAYS_QUEUE (1 << 1) /* Queue events sent while disconnected */
|
381
|
+
//#define BRO_CFLAG_SHAREABLE (1 << 2) /* Allow sharing handle across threads/procs */
|
382
|
+
//#define BRO_CFLAG_DONTCACHE (1 << 3) /* Ask peer not to use I/O cache */
|
383
|
+
//
|
384
|
+
//typedef unsigned int uint32;
|
385
|
+
//typedef unsigned short uint16;
|
386
|
+
//typedef unsigned char uchar;
|
387
|
+
//
|
388
|
+
//typedef struct bro_conn BroConn;
|
389
|
+
//typedef struct bro_event BroEvent;
|
390
|
+
//typedef struct bro_buf BroBuf;
|
391
|
+
//typedef struct bro_record BroRecord;
|
392
|
+
//
|
393
|
+
//typedef void (*BroCompactEventFunc) (BroConn *bc, void *user_data,
|
394
|
+
// int num_args, BroEvArg *args);
|
395
|
+
//typedef struct bro_val_meta {
|
396
|
+
// int val_type; /* A BRO_TYPE_xxx constant */
|
397
|
+
//} BroValMeta;
|
398
|
+
//typedef struct bro_ev_arg {
|
399
|
+
// void *arg_data; /* Pointer to the actual event argument */
|
400
|
+
// BroValMeta *arg_meta; /* Pointer to metadata for the argument */
|
401
|
+
//} BroEvArg;
|
402
|
+
//
|
403
|
+
//typedef struct bro_string {
|
404
|
+
// uint32 str_len;
|
405
|
+
// uchar *str_val;
|
406
|
+
//} BroString;
|
407
|
+
//
|
408
|
+
//typedef struct bro_port {
|
409
|
+
// uint16 port_num; /* port number in host byte order */
|
410
|
+
// int port_proto; /* IPPROTO_xxx */
|
411
|
+
//} BroPort;
|
412
|
+
//
|
413
|
+
//typedef struct bro_subnet
|
414
|
+
//{
|
415
|
+
// uint32 sn_net; /* IP address in network byte order */
|
416
|
+
// uint32 sn_width; /* Length of prefix to consider. */
|
417
|
+
//} BroSubnet;
|
418
|
+
//
|
419
|
+
//BroConn* bro_conn_new_str(const char *hostname,
|
420
|
+
// int flags);
|
421
|
+
//
|
422
|
+
//int bro_conn_connect (BroConn *bc);
|
423
|
+
//int bro_conn_process_input (BroConn *bc);
|
424
|
+
//int bro_conn_delete (BroConn *bc);
|
425
|
+
//int bro_conn_alive (const BroConn *bc);
|
426
|
+
//void* bro_conn_data_get (BroConn *bc, const char *key);
|
427
|
+
//void* bro_conn_data_del (BroConn *bc, const char *key);
|
428
|
+
//int bro_conn_get_fd (BroConn *bc);
|
429
|
+
//void bro_conn_adopt_events (BroConn *src, BroConn *dst);
|
430
|
+
//
|
431
|
+
//int bro_conf_get_int (const char *val_name, int *OUTPUT);
|
432
|
+
//int bro_conf_get_dbl (const char *val_name, double *OUTPUT);
|
433
|
+
//const char* bro_conf_get_str (const char *val_name);
|
434
|
+
////
|
435
|
+
////void bro_string_init (BroString *bs);
|
436
|
+
////int bro_string_set (BroString *bs,
|
437
|
+
//// const char *s);
|
438
|
+
////int bro_string_set_data (BroString *bs,
|
439
|
+
//// const uchar *data,
|
440
|
+
//// int data_len);
|
441
|
+
////const uchar* bro_string_get_data (const BroString *bs);
|
442
|
+
////uint32 bro_string_get_length (const BroString *bs);
|
443
|
+
////BroString* bro_string_copy (BroString *bs);
|
444
|
+
////void bro_string_cleanup (BroString *bs);
|
445
|
+
////void bro_string_free (BroString *bs);
|
446
|
+
//
|
447
|
+
//BroRecord* bro_record_new (void);
|
448
|
+
//int bro_record_add_val (BroRecord *rec,
|
449
|
+
// const char *name,
|
450
|
+
// int type,
|
451
|
+
// const char *type_name,
|
452
|
+
// const void *val);
|
453
|
+
//void* bro_record_get_named_val (BroRecord *rec,
|
454
|
+
// const char *name,
|
455
|
+
// int *OUTPUT);
|
456
|
+
//void* bro_record_get_nth_val (BroRecord *rec,
|
457
|
+
// int num,
|
458
|
+
// int *type);
|
459
|
+
//int bro_record_set_nth_val (BroRecord *rec,
|
460
|
+
// int num,
|
461
|
+
// int type,
|
462
|
+
// const char *type_name,
|
463
|
+
// const void *val);
|
464
|
+
//int bro_record_set_named_val (BroRecord *rec,
|
465
|
+
// const char *name,
|
466
|
+
// int type,
|
467
|
+
// const char *type_name,
|
468
|
+
// const void *val);
|
469
|
+
//void bro_record_free (BroRecord *rec);
|
470
|
+
//
|
471
|
+
//BroEvent *bro_event_new (const char *event_name);
|
472
|
+
//
|
473
|
+
//int bro_event_add_val (BroEvent *be,
|
474
|
+
// int type,
|
475
|
+
// const char *type_name,
|
476
|
+
// const void *val);
|
477
|
+
//int bro_event_set_val (BroEvent *be,
|
478
|
+
// int val_num,
|
479
|
+
// int type,
|
480
|
+
// const char *type_name,
|
481
|
+
// const void *val);
|
482
|
+
//
|
483
|
+
//void bro_event_registry_add (BroConn *bc,
|
484
|
+
// const char *event_name,
|
485
|
+
// BroEventFunc func,
|
486
|
+
// void *user_data);
|
487
|
+
//void bro_event_registry_add_compact (BroConn *bc,
|
488
|
+
// const char *event_name,
|
489
|
+
// BroCompactEventFunc func,
|
490
|
+
// void *user_data);
|
491
|
+
//void bro_event_registry_remove (BroConn *bc,
|
492
|
+
// const char *event_name);
|
493
|
+
//void bro_event_registry_request (BroConn *bc);
|
494
|
+
//
|
495
|
+
//int bro_event_queue_length_max (BroConn *bc);
|
496
|
+
//int bro_event_queue_length (BroConn *bc);
|
497
|
+
//int bro_event_queue_flush (BroConn *bc);
|
498
|
+
//
|
499
|
+
//int bro_event_send (BroConn *bc,
|
500
|
+
// BroEvent *be);
|
501
|
+
//
|
502
|
+
//void bro_event_free (BroEvent *be);
|
503
|
+
//
|
504
|
+
//double bro_util_current_time (void);
|
505
|
+
//
|
506
|
+
//
|
507
|
+
//
|