broccoli 1.3.0

data/ext/broccoli/extconf.rb

@@ -0,0 +1,16 @@
+require 'mkmf'
+
+if ex = find_executable("broccoli-config")
+  $CFLAGS << " " + `#{ex} --cflags`.chomp
+  $LDFLAGS << " " + `#{ex} --libs`.chomp
+else
+  raise "You need to have 'broccoli-config' in your path!"
+end
+
+if have_header("broccoli.h") and
+   # check the broccoli library for the existence 
+   # of the new event registration function
+   have_library("broccoli", "bro_event_registry_add_compact") and
+   have_library("ssl")
+  create_makefile("broccoli")
+end

data/ext/broccoli/post-clean.rb

@@ -0,0 +1,3 @@
+
+File.delete 'mkmf.log' if File.exists? 'mkmf.log'
+File.delete 'Makefile' if File.exists? 'Makefile'

data/ext/broccoli/pre-config.rb

@@ -0,0 +1,5 @@
+bc = `which broccoli-config`
+unless bc.length > 0
+  puts "You need to have broccoli-config in your path!"   
+  exit(-1)
+end

data/ext/broccoli/test/broconftest.rb

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+require 'broccoli_ext'
+include Broccoli_ext
+
+peer = bro_conf_get_str("PeerName")
+puts "Peer: #{peer}"
+
+ret, port = bro_conf_get_int("PeerPort")
+if(ret)
+  puts "PeerPort: #{ret}"
+end

data/ext/broccoli/test/test.rb

@@ -0,0 +1,174 @@
+# Please don't try to read too much into this file.  It's mostly my 
+# internal test file while I'm building the C binding.
+#
+# Check out the examples directory for better examples that use the ruby
+# library I've built overtop the C bindings.
+
+require './broccoli_ext'
+include Broccoli_ext
+Broccoli_ext::bro_debug_calltrace=false
+Broccoli_ext::bro_debug_messages=false
+
+STDOUT.sync = true
+
+#a= Broccoli_ext::BroString.new
+#a.str_val="asdf"
+
+host_str = "127.0.0.1:12345"
+
+bc = bro_conn_new_str(host_str, BRO_CFLAG_NONE)
+puts "Connection? #{bc}"
+#puts "  Connected" unless bro_conn_connect(bc).zero?
+
+###
+# Test BroString Creation
+###
+
+module SWIG
+  class TYPE_p_bro_conn
+    def method_missing(meth, *args)
+      return bro_conn_data_get(self, meth.id2name)
+    end
+  end
+  
+  class TYPE_p_bro_record
+    # I need to build a full record typemapper to deal with this correctly.
+    
+    def method_missing(meth, *args)
+      #return bro_record_get_named_val(self, meth.id2name, BRO_TYPE_STRING)
+    end
+    
+    def [](position)
+      #return bro_record_get_nth_val(self, position, BRO_TYPE_STRING)
+    end
+  end
+end
+
+
+
+###
+# Test Record Creation
+###
+#rec = bro_record_new()
+#puts "Ruby: Inserting data into the record"
+##time = bro_util_current_time()
+##puts "Ruby: Current time: #{time}"
+#bro_record_add_val(rec, "seq", BRO_TYPE_IPADDR, 213054988)
+#puts "Ruby: Getting the data back out"
+##puts bro_record_get_named_val(rec, "seq", BRO_TYPE_COUNT);
+#puts "  " + bro_record_get_nth_val(rec, 0, BRO_TYPE_IPADDR).to_s
+
+
+
+###
+# Test Callback creation
+###
+
+# Ideal :)
+#bro_ruby_typemap_new("pong", [8,19,0])
+#build_typemap("pong", [:conn,:record])
+
+#while 1
+#  ev = bro_event_new("ping")
+#  bro_event_free(ev)
+#  #GC.start
+#end
+
+bro_pong_record = Proc.new do |conn, rec|
+  now = bro_util_current_time()
+  puts "Pong_record callback"
+  puts rec
+
+  seq = bro_record_get_nth_val(rec, 0, BRO_TYPE_COUNT)
+  src_time = bro_record_get_nth_val(rec, 1, BRO_TYPE_TIME)
+  dst_time = bro_record_get_nth_val(rec, 2, BRO_TYPE_TIME)
+  
+  puts "pong event from #{host_str}: seq=#{seq}, time=#{dst_time-src_time}/#{now-src_time} s"
+end
+
+bro_pong = Proc.new do |conn, src_time, dst_time, seq|
+  puts "Pong callback!"
+  now = bro_util_current_time()
+  puts "pong event from #{host_str}: seq=#{seq}, time=#{dst_time-src_time}/#{now-src_time} s"
+end
+
+new_connection = Proc.new do |conn|
+  puts "Saw a connection!"
+end
+
+dns_request = Proc.new do |conn, msg, query, qtype, qclass|
+  #$count = $count+1
+  #puts "msg: #{msg}"
+  #puts "query: #{query}"
+  #puts "qtype: #{qtype}"
+  #puts "qclass: #{qclass}"
+  #puts "service: #{conn.blah}"
+  #puts "Query output class: #{query.class}"
+  #answers = bro_record_get_nth_val(msg, 11, BRO_TYPE_COUNT).to_s
+  #puts "Number of dns answers: #{answers}"
+  #puts "Query: #{query} - Query type: #{qtype} - Query class: #{qclass}"
+end
+
+#puts "Registering callback..."
+#bro_event_registry_add(bc, "dns_A_reply", dns_reply)
+
+bro_event_registry_add(bc, "dns_request", ["dns_request", [19, 19, 8, 3, 3], dns_request])
+
+#bro_event_registry_add(bc, "pong", ["pong", {"pong", [19]}, bro_pong_record])
+#bro_event_registry_add(bc, "pong", ["pong", {"pong", [6,6,3]}, bro_pong])
+
+#bro_event_registry_add(bc, "wootback", [[8], wootback])
+
+#bro_event_registry_add(bc, "new_connection", ["new_connection", {"new_connection", [19]}, new_connection])
+#bro_event_registry_add(bc, "return_memory", return_memory)
+
+#puts "Done Registering callback..."
+puts "Connected" if bro_conn_connect(bc)
+
+while(1)
+  #puts "Checking input"
+  $count = 0
+  bro_conn_process_input(bc)
+  puts "*" * ($count/2)
+  
+  sleep 0.5
+  
+  GC.start
+end
+exit
+
+###
+# Testing record creation and event sending
+###
+record = false
+(1..100).each do |seq|
+  bro_conn_process_input(bc)
+  #puts "Creating event"
+  ev = bro_event_new("ping")
+  timestamp = bro_util_current_time()
+  if(record)
+    rec = bro_record_new()
+    bro_record_add_val(rec, "seq", BRO_TYPE_COUNT, seq)
+    bro_record_add_val(rec, "src_time", BRO_TYPE_TIME, timestamp)
+    bro_event_add_val(ev, BRO_TYPE_RECORD, rec)
+  else
+    bro_event_add_val(ev, BRO_TYPE_TIME, timestamp)
+    bro_event_add_val(ev, BRO_TYPE_COUNT, seq)
+  end
+  
+  puts "Sending ping..."
+  bro_event_send(bc, ev)
+  # May not need to call this anymore either
+  #bro_event_free(ev)
+  sleep 1
+  #GC.start
+end
+
+#while(1) do
+#  ev = bro_event_new "show_memory"
+#  puts "Sending event"
+#  puts bro_event_send(bc, ev)
+#  sleep 1
+#  puts "Processing input..."
+#  puts bro_conn_process_input(bc)
+#end

data/lib/Bro/connection.rb

@@ -0,0 +1,78 @@
+# This gives a nice interface for retrieving fields from connections
+module SWIG
+  class TYPE_p_bro_conn    
+    def method_missing(meth, *args)
+      return Broccoli::bro_conn_data_get(self, meth.id2name)
+    end
+  end
+end
+
+module Bro
+  class Connection
+    include Broccoli
+    
+    def initialize(hp, flags=nil)
+      flags ||= (BRO_CFLAG_RECONNECT | BRO_CFLAG_ALWAYS_QUEUE)
+      @bc = bro_conn_new_str(hp, flags)
+      @io_object = nil
+      @event_blocks = []
+    end
+    
+    def disconnect
+      bro_conn_delete(@bc)
+    end
+
+    def connect
+      bro_conn_connect(@bc)
+    end
+
+    def connected?
+      bro_conn_alive?(@bc)
+    end
+
+    def process_input
+      bro_conn_process_input(@bc)
+    end
+    
+    def queue_length
+      bro_event_queue_length(@bc)
+    end
+    
+    def queue_length_max
+      bro_event_queue_length_max(@bc)
+    end
+        
+    def queue_flush
+      bro_event_queue_flush(@bc)
+    end
+    
+    def send(event)
+      # .ev is the real event pointer
+      bro_event_send(@bc, event.ev)
+    end
+        
+    def wait
+      unless @io_object
+        fd = bro_conn_get_fd(@bc)
+        return false if fd < 0
+        @io_object = IO.new(fd)
+        @io_object.sync = true # don't buffer
+      end
+      # block until there is data
+      if @io_object.closed?
+        puts "ERROR: connection lost!"
+        exit -1
+      else
+        IO.select([@io_object])
+      end
+    end
+    
+    def event_handler(event, &callback)
+      bro_event_registry_add_compact(@bc, event, callback)   
+      # Re-request all events if we're already connected.
+      bro_event_registry_request(@bc) if connected?
+    end
+    alias :event_handler_for :event_handler
+    
+  end
+end

data/lib/Bro/event.rb

@@ -0,0 +1,34 @@
+module Bro
+  
+  class Event
+    include Broccoli
+    attr_reader :ev
+    
+    def initialize(name)
+      @ev = bro_event_new(name)
+      # Kill the BroEvent when the ruby object is garbage collected
+      ObjectSpace.define_finalizer(self, Event.create_finalizer(@ev))
+    end
+
+    # Insert a value into an event.
+    def insert(value, type, type_name=nil)
+      value = value.rec if type == :record
+      bro_event_add_val(@ev, [Bro::TYPES[type], type_name, value])
+    end
+    
+    private
+    
+    # Free the underlying C event data structure.  User's are likely 
+    # never going to need this call.
+    def free
+      bro_event_free(@ev)
+    end
+    
+    # When the garbage collector comes around, make sure the C structure
+    # is freed.
+    def self.create_finalizer(event)
+      proc { bro_event_free(event) }
+    end
+  end
+
+end

data/lib/Bro/record.rb

@@ -0,0 +1,71 @@
+# This gives a nice interface for retrieving fields from records
+module SWIG
+  class TYPE_p_bro_record   
+    include Broccoli
+    
+    # .id is a method for all ruby objects.  Move it out of the way for records.
+    alias :orig_id :id
+    def id
+      return method_missing(:id)
+    end
+    
+    # Retrieve record value by name
+    def method_missing(meth, *args)
+      bro_record_get_named_val(self, meth.id2name)
+    end
+
+    # Retrieve record value by position
+    def [](pos)
+      bro_record_get_nth_val(self, pos.to_i)
+    end
+  end
+end
+
+
+module Bro
+  class Record
+    include Broccoli
+    attr_accessor :rec
+    
+    def initialize
+      @rec = bro_record_new()
+      # Kill the BroRecord when the ruby object is garbage collected
+      ObjectSpace.define_finalizer(self, Record.create_finalizer(@rec))
+    end
+    
+    # .id is a method for all ruby objects.  Move it out of the way for records.
+    alias :orig_id :id
+    def id
+      return method_missing(:id)
+    end
+    
+    # Forward any missing methods on to the actual record object
+    def method_missing(meth)
+      @rec.send(meth)
+    end
+    
+    def insert(name, value, type, type_name=nil)
+      value = value.rec if type == :record
+      bro_record_add_val(@rec, name.to_s, [Bro::TYPES[type], type_name, value])
+    end
+    
+    def insert_at(pos, value, type, type_name=nil)
+      value = value.rec if type == :record
+      bro_record_set_nth_val(@rec, pos, [Bro::TYPES[type], type_name, value])
+    end
+    alias :insert_at_position :insert_at
+    
+    private 
+    
+    def free
+      bro_record_free(@rec)
+    end
+    
+    # When the garbage collector comes around, 
+    # make sure the C structure is freed.
+    def self.create_finalizer(record)
+      proc { bro_record_free(record) }
+    end
+  end
+
+end

data/lib/bro.rb

@@ -0,0 +1,87 @@
+require 'broccoli'
+require 'time'
+
+require 'bro/connection'
+require 'bro/event'
+require 'bro/record'
+
+module Bro
+  include Broccoli
+  
+  TYPES = {:unknown => BRO_TYPE_UNKNOWN, # not really sure how this should be handled.
+           :bool => BRO_TYPE_BOOL,
+           :int => BRO_TYPE_INT,
+           :count => BRO_TYPE_COUNT,
+           :counter => BRO_TYPE_COUNTER,
+           :double => BRO_TYPE_DOUBLE,
+           :time => BRO_TYPE_TIME,
+           :interval => BRO_TYPE_INTERVAL,
+           :string => BRO_TYPE_STRING,
+           :enum => BRO_TYPE_ENUM,
+           :timer => BRO_TYPE_TIMER,
+           :port => BRO_TYPE_PORT,
+           :addr => BRO_TYPE_IPADDR,
+           :net => BRO_TYPE_NET,
+           :subnet => BRO_TYPE_SUBNET,
+           :record => BRO_TYPE_RECORD,
+           # These are not handled by the ruby binding.
+           :packet => BRO_TYPE_PACKET,
+           :max => BRO_TYPE_MAX,
+           # All types below are NOT handled by broccoli.
+           :pattern => BRO_TYPE_PATTERN,
+           :any => BRO_TYPE_ANY,
+           :table => BRO_TYPE_TABLE,
+           :union => BRO_TYPE_UNION,
+           :list => BRO_TYPE_LIST,
+           :func => BRO_TYPE_FUNC,
+           :file => BRO_TYPE_FILE,
+           :vector => BRO_TYPE_VECTOR,
+           :error => BRO_TYPE_ERROR
+          }
+  
+  def Bro.current_time_f
+    Broccoli::bro_util_current_time
+  end
+
+  def Bro.current_time
+    Time.at( current_time_f() )
+  end
+
+  def Bro.debug_calltrace=(v)
+    Broccoli::bro_debug_calltrace=v
+  end
+
+  def Bro.debug_messages=(v)
+    Broccoli::bro_debug_messages=v
+  end
+end
+
+class Broccoli::BroPort
+  @@protocols = {0=>'ip', 1=>'icmp', 2=>'igmp', 3=>'ggp', 4=>'ipv4',
+                 6=>'tcp', 7=>'st', 8=>'egp', 9=>'pigp', 10=>'rccmon',
+                 11=>'nvpii', 12=>'pup', 13=>'argus', 14=>'emcon',
+                 15=>'xnet', 16=>'chaos', 17=>'udp', 18=>'mux', 19=>'meas',
+                 20=>'hmp', 21=>'prm', 22=>'idp', 23=>'trunk1', 24=>'trunk2',
+                 25=>'leaf1', 26=>'leaf2', 27=>'rdp', 28=>'irtp', 29=>'tp',
+                 30=>'blt', 31=>'nsp', 32=>'inp', 33=>'sep', 34=>'3pc',
+                 35=>'idpr', 36=>'xtp', 37=>'ddp', 38=>'cmtp', 39=>'tpxx',
+                 40=>'il', 41=>'ipv6', 42=>'sdrp', 43=>'routing', 
+                 44=>'fragment', 45=>'idrp', 46=>'rsvp', 47=>'gre', 48=>'mhrp',
+                 49=>'bha', 50=>'esp', 51=>'ah', 52=>'inlsp', 53=>'swipe', 
+                 54=>'nhrp', 58=>'icmpv6', 59=>'nonext', 60=>'dstopts',
+                 61=>'ahip', 62=>'cftp', 63=>'hello', 64=>'satexpak', 
+                 65=>'kryptolan', 66=>'rvd', 67=>'ippc', 68=>'adfs', 
+                 69=>'satmon', 70=>'visa', 71=>'ipcv', 72=>'cpnx', 73=>'cphb',
+                 74=>'wsn', 75=>'pvp', 76=>'brsatmon', 77=>'nd', 78=>'wbmon',
+                 79=>'wbexpak', 80=>'eon', 81=>'vmtp', 82=>'svmtp', 
+                 83=>'vines', 84=>'ttp', 85=>'igp', 86=>'dgp', 87=>'tcf', 
+                 88=>'igrp', 89=>'ospfigp', 90=>'srpc', 91=>'larp', 92=>'mtp',
+                 93=>'ax25', 94=>'ipeip', 95=>'micp', 96=>'sccsp', 
+                 97=>'etherip', 98=>'encap', 99=>'apes', 100=>'gmtp', 
+                 103=>'pim', 108=>'ipcomp', 113=>'pgm', 254=>'divert', 
+                 255=>'raw'}
+  def to_s
+    #"#{port_num}/#{@@protocols[port_proto]}"
+    port_num.to_s
+  end
+end