rbroccoli 1.1.0

data/data/bro/record-typemaps.yml

@@ -0,0 +1,332 @@
+# This file was autogenerated on Tue Aug 22 15:06:07 EDT 2006
+# Please do not edit!
+--- 
+:X509: 
+  :subject: :string
+  :orig_addr: :addr
+  :issuer: :string
+:nfs3_lookup_args: 
+  :name: :string
+  :fh: :string
+:udp_hdr: 
+  :sport: :port
+  :ulen: :count
+  :dport: :port
+:pcap_packet: 
+  :len: :count
+  :ts_sec: :count
+  :ts_usec: :count
+  :data: :string
+  :caplen: :count
+:event_peer: 
+  :host: :addr
+  :p: :port
+  :is_local: :bool
+  :descr: :string
+  :id: :peer_id
+:endpoint: 
+  :size: :count
+  :state: :count
+:icmp_context: 
+  :frag_offset: :count
+  :bad_hdr_len: :bool
+  :len: :count
+  :bad_checksum: :bool
+  :MF: :bool
+  :DF: :bool
+  :proto: :count
+  :id: :conn_id
+:dns_soa: 
+  :serial: :count
+  :mname: :string
+  :minimum: :interval
+  :rname: :string
+  :refresh: :interval
+  :expire: :interval
+  :retry: :interval
+:pm_mapping: 
+  :p: :port
+  :version: :count
+  :program: :count
+:irc_join_info: 
+  :usermode: :string
+  :password: :string
+  :nick: :string
+  :channel: :string
+:nfs3_lookup_reply: 
+  :dir_attr: :nfs3_opt_attrs
+  :fh: :string
+  :file_attr: :nfs3_opt_attrs
+:net_stats: 
+  :pkts_recvd: :count
+  :pkts_dropped: :count
+  :pkts_link: :count
+:dns_edns_additional: 
+  :query: :string
+  :TTL: :interval
+  :is_query: :count
+  :qtype: :count
+  :payload_size: :count
+  :extended_rcode: :count
+  :z_field: :count
+  :t: :count
+  :version: :count
+:pm_port_request: 
+  :is_tcp: :bool
+  :version: :count
+  :program: :count
+:sw_substring: 
+  :new: :bool
+  :aligns: :sw_align_vec
+  :str: :string
+:packet: 
+  :conn: :connection
+  :seq: :count
+  :timestamp: :time
+  :is_orig: :bool
+:connection: 
+  :addl: :string
+  :hot: :count
+  :history: :string
+  :start_time: :time
+  :duration: :interval
+  :resp: :endpoint
+  :orig: :endpoint
+  :service: :string
+  :id: :conn_id
+:software_version: 
+  :addl: :string
+  :minor: :int
+  :minor2: :int
+  :major: :int
+:nfs3_fsstat: 
+  :tfiles: :double
+  :ffiles: :double
+  :attrs: :nfs3_opt_attrs
+  :afiles: :double
+  :tbytes: :double
+  :invarsec: :interval
+  :fbytes: :double
+  :abytes: :double
+:rotate_info: 
+  :open: :time
+  :old_name: :string
+  :new_name: :string
+  :close: :time
+:endpoint_stats: 
+  :num_repl: :count
+  :num_pkts: :count
+  :endian_type: :count
+  :num_rxmit: :count
+  :num_rxmit_bytes: :count
+  :num_in_order: :count
+  :num_OO: :count
+:pattern_match_result: 
+  :matched: :bool
+  :off: :count
+  :str: :string
+:signature_state: 
+  :conn: :connection
+  :payload_size: :count
+  :is_orig: :bool
+  :id: :string
+:dns_tsig_additional: 
+  :query: :string
+  :orig_id: :count
+  :is_query: :count
+  :rr_error: :count
+  :qtype: :count
+  :alg_name: :string
+  :sig: :string
+  :time_signed: :time
+  :fudge: :time
+:pkt_hdr: 
+  :ip: :ip_hdr
+:ntp_msg: 
+  :receive_t: :time
+  :precision: :int
+  :xmit_t: :time
+  :distance: :interval
+  :dispersion: :interval
+  :ref_t: :time
+  :stratum: :count
+  :originate_t: :time
+  :code: :count
+  :id: :count
+  :poll: :count
+:nfs3_opt_attrs: {}
+
+:ip_hdr: 
+  :len: :count
+  :hl: :count
+  :tos: :count
+  :src: :addr
+  :p: :count
+  :dst: :addr
+  :ttl: :count
+  :id: :count
+:sw_params: {}
+
+:software: 
+  :name: :string
+  :version: :software_version
+:http_message_stat: 
+  :body_length: :count
+  :start: :time
+  :content_gap_length: :count
+  :header_length: :count
+  :interrupted: :bool
+  :finish_msg: :string
+:pm_callit_request: 
+  :proc: :count
+  :arg_size: :count
+  :version: :count
+  :program: :count
+:tcp_hdr: 
+  :ack: :count
+  :hl: :count
+  :dl: :count
+  :seq: :count
+  :win: :count
+  :flags: :count
+  :sport: :port
+  :dport: :port
+:bro_resources: 
+  :num_packets: :count
+  :system_time: :interval
+  :max_ICMP_conns: :count
+  :num_context: :count
+  :num_timers: :count
+  :minor_faults: :count
+  :debug: :bool
+  :max_fragments: :count
+  :num_TCP_conns: :count
+  :mem: :count
+  :num_events_queued: :count
+  :major_faults: :count
+  :max_timers: :count
+  :num_UDP_conns: :count
+  :start_time: :time
+  :num_events_dispatched: :count
+  :num_swap: :count
+  :num_ICMP_conns: :count
+  :real_time: :interval
+  :max_TCP_conns: :count
+  :blocking_input: :count
+  :num_fragments: :count
+  :user_time: :interval
+  :max_UDP_conns: :count
+  :blocking_output: :count
+  :version: :string
+:icmp_hdr: 
+  :icmp_type: :count
+:interconn_endp_stats: 
+  :is_partial: :bool
+  :num_pkts: :count
+  :num_7bit_ascii: :count
+  :num_keystrokes_two_in_row: :count
+  :num_lines: :count
+  :num_normal_interarrivals: :count
+  :num_normal_lines: :count
+  :num_8k0_pkts: :count
+  :num_bytes: :count
+  :num_8k4_pkts: :count
+:dns_msg: 
+  :num_answers: :count
+  :AA: :bool
+  :num_auth: :count
+  :TC: :bool
+  :num_addl: :count
+  :RD: :bool
+  :opcode: :count
+  :RA: :bool
+  :rcode: :count
+  :Z: :count
+  :num_queries: :count
+  :QR: :bool
+  :id: :count
+:mime_header_rec: 
+  :value: :string
+  :name: :string
+:sw_align: 
+  :index: :count
+  :str: :string
+:SYN_packet: 
+  :win_scale: :int
+  :MSS: :count
+  :size: :count
+  :SACK_OK: :bool
+  :is_orig: :bool
+  :ttl: :count
+  :DF: :bool
+  :win_size: :count
+:http_stats_rec: 
+  :num_requests: :count
+  :num_replies: :count
+  :request_version: :double
+  :reply_version: :double
+:nfs3_attrs: 
+  :mtime: :time
+  :rdev2: :count
+  :mode: :count
+  :ctime: :time
+  :fsid: :double
+  :nlink: :count
+  :fileid: :double
+  :uid: :count
+  :size: :double
+  :gid: :count
+  :used: :double
+  :ftype: :nfs3_file_type
+  :atime: :time
+  :rdev1: :count
+:ftp_port: 
+  :valid: :bool
+  :p: :port
+  :h: :addr
+:icmp_conn: 
+  :itype: :count
+  :len: :count
+  :orig_h: :addr
+  :icode: :count
+  :resp_h: :addr
+:OS_version: 
+  :match_type: :OS_version_inference
+  :genre: :string
+  :detail: :string
+  :dist: :count
+:backdoor_endp_stats: 
+  :is_partial: :bool
+  :num_pkts: :count
+  :num_7bit_ascii: :count
+  :num_lines: :count
+  :num_normal_lines: :count
+  :num_8k0_pkts: :count
+  :num_bytes: :count
+  :num_8k4_pkts: :count
+:dns_answer: 
+  :query: :string
+  :TTL: :interval
+  :qtype: :count
+  :answer_type: :count
+  :qclass: :count
+:matcher_stats: 
+  :dfa_states: :count
+  :computed: :count
+  :mem: :count
+  :hits: :count
+  :misses: :count
+  :avg_nfa_states: :count
+  :matchers: :count
+:dns_mapping: 
+  :req_host: :string
+  :req_addr: :addr
+  :hostname: :string
+  :valid: :bool
+  :addrs: :addr_set
+  :creation_time: :time
+:conn_id: 
+  :orig_h: :addr
+  :orig_p: :port
+  :resp_h: :addr
+  :resp_p: :port

data/ext/broccoli_ext/autogen.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+swig -ruby `broccoli-config --cflags` broccoli.i 

data/ext/broccoli_ext/broccoli.i

@@ -0,0 +1,463 @@
+%module "broccoli_ext"
+
+%include cpointer.i
+%include typemaps.i
+
+%{
+/* Includes the header in the wrapper code */
+#include "broccoli.h"
+#include "stdarg.h"
+%}
+
+%{
+  
+/* Convert Ruby String to BroString */
+BroString to_brostring(VALUE obj){
+  if(!NIL_P(obj)){
+    Check_Type(obj, T_STRING);
+    BroString bs;
+    bro_string_set(&bs, STR2CSTR(obj));
+    return bs;
+  }
+}
+
+//VALUE 
+//from_brostring(BroString *bs) {
+//  printf("Converting a brostring to char*\n");
+//  return rb_str_new( (uchar *) (bs->str_val), bs->str_len );
+//}
+
+
+
+void
+wrap_BroEventFunc(BroConn *bc, void *data, ...)
+{
+  va_list argp;
+  int i = 0;
+  int callback_arity = 0;
+  int typemap_arity = 0;
+  VALUE proc;
+  VALUE event_name;
+  VALUE typemap;
+  VALUE input = (VALUE)data;
+  VALUE class_name;
+  VALUE out[15] = {Qnil,Qnil,Qnil,Qnil,Qnil,Qnil,Qnil,Qnil,
+                   Qnil,Qnil,Qnil,Qnil,Qnil,Qnil,Qnil};
+  
+  if (strcmp("Array",
+      STR2CSTR(rb_funcall(rb_funcall(input, rb_intern("class"), 0), rb_intern("to_s"), 0))) != 0)
+  {
+    printf("There is a problem!\n");
+    return;
+  }
+  
+  event_name = rb_funcall(input, rb_intern("at"), 1, INT2NUM(0));
+  typemap = rb_funcall(input, rb_intern("at"), 1, INT2NUM(1));
+  proc = rb_funcall(input, rb_intern("at"), 1, INT2NUM(2));
+  
+  callback_arity = NUM2INT(rb_funcall(proc, rb_intern("arity"), 0));
+  typemap_arity = NUM2INT(rb_funcall(typemap, rb_intern("size"), 0));
+  if( callback_arity != typemap_arity ) {
+    printf("There is a problem with the argument definition for either the typemap "
+           "or the callback for the %s event handler\n", STR2CSTR(event_name));
+  }
+  va_start(argp, data);
+  for(i=0 ; i < callback_arity ; i++) {
+    //printf("Loop #%i\n", i);
+    switch (NUM2INT(rb_funcall(typemap, rb_intern("at"), 1, INT2NUM(i))))
+    {
+      case BRO_TYPE_RECORD:
+        //printf("Found a BroRecord in the callback wrapper\n");
+        out[i] = SWIG_NewPointerObj(SWIG_as_voidptr( va_arg(argp, BroRecord *) ), SWIGTYPE_p_bro_record, 0 |  0 );
+        rb_funcall(out[i], rb_intern("from_callback="), 1, event_name);
+        rb_funcall(out[i], rb_intern("arg_num="), 1, INT2NUM(i));
+        break;
+      case BRO_TYPE_PORT:
+        out[i] = SWIG_NewPointerObj(SWIG_as_voidptr( va_arg(argp, BroPort *) ), SWIGTYPE_p_bro_port, 0 |  0 );
+        break;
+      case BRO_TYPE_INT:
+      case BRO_TYPE_ENUM:
+        //printf("Found an integer in the callback wrapper\n");
+        out[i] = INT2NUM( *((int *)(va_arg(argp, int*))) );
+        break;
+      case BRO_TYPE_BOOL:
+        //printf("Found a boolean in the callback wrapper\n");
+        out[i] = *((int *)(va_arg(argp, int*))) ? Qtrue : Qfalse;
+        break;
+      case BRO_TYPE_STRING:
+        1; //for some reason the compiler doesn't like variable defs in the first line
+        //printf("Found a BroString in the callback wrapper\n");
+        BroString *foo_string = va_arg(argp, BroString *);
+        out[i] = rb_str_new( (char*) bro_string_get_data(foo_string), bro_string_get_length(foo_string) );    
+        //out[i] = rb_str_new2(foo_string->str_val);
+        break;
+      case BRO_TYPE_TIME:
+      case BRO_TYPE_DOUBLE:
+      case BRO_TYPE_INTERVAL:
+        //printf("Found a double in the callback wrapper\n");
+        out[i] = rb_float_new( *((double *)(va_arg(argp, double *))) );
+        break;
+      case BRO_TYPE_COUNT:
+      case BRO_TYPE_NET:
+        //printf("Found a 32bit unsigned integer in the callback wrapper\n");
+        //uint32 *int_tt_foo = va_arg(argp, uint32 *);
+        //out[i] = UINT2NUM( *int_tt_foo );
+        out[i] = UINT2NUM( *((uint32 *)(va_arg(argp, uint32 *))) );
+        break;
+      case BRO_TYPE_IPADDR:
+        //printf("I found an ip addres... making it a string\n");
+        //output ip addresses as strings that can be unpacked from ruby.
+        out[i] = rb_str_new2( (char *) (va_arg(argp, char *)) );
+        break;
+      default:
+        printf("Invalid type was registered for callback!\n");
+        va_arg(argp, void*); // do this to throw out an item and keep 'i' correct
+        break;
+    }
+  }
+  va_end(argp);
+
+  // Call the ruby proc object finally!
+  rb_funcall2(proc, rb_intern("call"), callback_arity, out);
+  
+  bc = NULL;
+  data = NULL;
+}
+
+%}
+
+
+%typemap(in) (BroEventFunc func, void *user_data)
+{
+  $1 = (BroEventFunc) wrap_BroEventFunc;
+  $2 = (void *)$input;
+}
+
+// The equality comparisons in this are a hack and throw 
+// a lot of compiler warnings because this typemap is used for
+// two different functions that have different numbers of args
+%typemap(in) (const char *type_name, const void *val)
+{
+  // Get the ruby class of the incoming data
+  char *class = STR2CSTR(rb_funcall(rb_funcall($input, rb_intern("class"), 0), rb_intern("to_s"), 0));
+  //printf("Received type: %s...", class);
+  if(arg3 == BRO_TYPE_INT  || arg2 == BRO_TYPE_INT ||
+     arg3 == BRO_TYPE_ENUM || arg2 == BRO_TYPE_ENUM ||
+     arg3 == BRO_TYPE_BOOL || arg2 == BRO_TYPE_BOOL) {
+    int foo;
+    if(strcmp(class, "TrueClass") == 0 || strcmp(class, "FalseClass") == 0) {
+      //printf("Matched on boolean!  Storing value as an integer\n");
+      foo = $input ? 1 : 0;
+    } else {
+      //printf("Matched on Fixnum!  Storing value as an int (%i)\n", NUM2INT($input));
+      foo = NUM2INT($input);
+    }
+    $2 = &foo;
+  }
+  else if(arg3 == BRO_TYPE_DOUBLE   || arg2 == BRO_TYPE_DOUBLE ||
+          arg3 == BRO_TYPE_TIME     || arg2 == BRO_TYPE_TIME ||
+          arg3 == BRO_TYPE_INTERVAL || arg2 == BRO_TYPE_INTERVAL) {
+    //printf("Storing value as a double (%f)\n", rb_num2dbl($input));
+    double foo = rb_num2dbl($input);
+    $2 = &foo;
+  }
+  else if(arg3 == BRO_TYPE_COUNT  || arg2 == BRO_TYPE_COUNT ||
+          arg3 == BRO_TYPE_IPADDR || arg2 == BRO_TYPE_IPADDR ||
+          arg3 == BRO_TYPE_NET    || arg2 == BRO_TYPE_NET) {
+    //printf("Storing value as a uint32\n");
+    uint32 foo = rb_num2ulong($input);
+    $2 = &foo;
+  }
+  else if(arg3 == BRO_TYPE_STRING || arg2 == BRO_TYPE_STRING) {
+    //printf("Storing value as a BroString\n");
+    BroString foo = to_brostring($input);
+    $2 = &foo;
+  }
+  else if(arg3 == BRO_TYPE_PORT || arg2 == BRO_TYPE_PORT) {
+    //printf("Storing value as a BroPort\n");
+    void *p1 = 0;
+    int res = 0;
+    res = SWIG_ConvertPtr($input, &p1, SWIGTYPE_p_bro_port, 0 |  0 );
+    if (!SWIG_IsOK(res)) {
+      SWIG_exception_fail(SWIG_ArgError(res), "the val was supposed to be a BroPort"); 
+    }
+    BroPort *output;
+    output = (BroPort *)(p1);
+    $2 = output;
+  }
+  else if(arg3 == BRO_TYPE_SUBNET || arg2 == BRO_TYPE_SUBNET) {
+    //printf("Storing value as a BroSubnet\n");
+    void *p1 = 0;
+    int res = 0;
+    res = SWIG_ConvertPtr($input, &p1, SWIGTYPE_p_bro_subnet, 0 |  0 );
+    if (!SWIG_IsOK(res)) {
+      SWIG_exception_fail(SWIG_ArgError(res), "the val was supposed to be a BroSubnet"); 
+    }
+    BroSubnet *output = (BroSubnet *) 0 ;
+    output = (BroSubnet *)(p1);
+    $2 = output;
+  }
+  else if(arg3 == BRO_TYPE_RECORD || arg2 == BRO_TYPE_RECORD) {
+    //printf("Storing value as a BroRecord\n");
+    void *p1 = 0;
+    int res = 0;
+    res = SWIG_ConvertPtr($input, &p1, SWIGTYPE_p_bro_record, 0 | 0 );
+    if (!SWIG_IsOK(res)) {
+      SWIG_exception_fail(SWIG_ArgError(res), "the val was supposed to be a BroRecord"); 
+    }
+    BroRecord *output;
+    output = (BroRecord *)(p1);
+    $2 = output;
+  }
+  else {
+    printf("Couldn't find a type to convert to\n");
+  }
+  // This seems to always be null, so keep it out of the ruby api for now.
+  $1 = NULL; 
+}
+
+
+%typemap(out) void* bro_conn_data_get {
+  if( strcmp(arg2, "service") == 0 ||
+      strcmp(arg2, "addl") == 0 ||
+      strcmp(arg2, "history") == 0) {
+    //printf("converting to a ruby string...\n");
+    $result = rb_str_new( (char*)bro_string_get_data((BroString*) $1), bro_string_get_length((BroString*) $1) );    
+  }
+  else if( strcmp(arg2, "") == 0 ) {
+    
+  }
+  else
+  {
+    printf("Couldn't find the correct data type to convert to...\n");
+    $result = Qnil;
+  }
+} 
+
+%typemap(out) void* bro_record_get_named_val, 
+              void* bro_record_get_nth_val {
+  if(arg3 == BRO_TYPE_BOOL) {
+    //printf("Ruby: Getting data matched on boolean\n");
+    int *i = $1;
+    $result = (*i ? Qtrue : Qfalse);
+  }
+  else if(arg3 == BRO_TYPE_INT ||
+          arg3 == BRO_TYPE_ENUM) {
+    //printf("Ruby: Getting data matched on int\n");
+    int *i = $1;
+    $result = INT2NUM(*i);
+  }
+  else if(arg3 == BRO_TYPE_TIME ||
+          arg3 == BRO_TYPE_DOUBLE ||
+          arg3 == BRO_TYPE_INTERVAL) {
+    //printf("Ruby: Getting data matched on time\n");
+    double *i = $1;
+    $result = rb_float_new(*i);
+  }
+  else if(arg3 == BRO_TYPE_STRING) {
+    BroString *i = $1;
+    $result = rb_str_new((char*)i->str_val, i->str_len);
+  }
+  else if(arg3 == BRO_TYPE_COUNT) {
+    //printf("Ruby: Getting data matched on uint32\n");   
+    uint32 *i = $1;
+    $result = ULONG2NUM(*i);
+  }
+  else if(arg3 == BRO_TYPE_IPADDR ||
+          arg3 == BRO_TYPE_NET) {
+    //printf("I found an ip address... making it a network byte ordered string\n");
+    $result = rb_str_new2( (char *) $1);
+  }
+  else if(arg3 == BRO_TYPE_RECORD) {
+    //printf("Ruby: Getting data matched as a BroRecord\n");
+    $result = SWIG_NewPointerObj(SWIG_as_voidptr( (BroRecord *) $1 ), SWIGTYPE_p_bro_record, 0);
+  }
+  else if(arg3 == BRO_TYPE_PORT) {
+    $result = SWIG_NewPointerObj(SWIG_as_voidptr( (BroPort *) $1 ), SWIGTYPE_p_bro_port, 0);
+  }
+  else {
+    printf("No type recognized when getting value\n");
+  }
+} 
+
+
+
+// When methods output an integer, it's usually boolean, make it so.
+%typemap(out) int bro_conn_connect,
+              int bro_conn_alive,
+              int bro_conn_delete,
+              int bro_conn_process_input,
+              int bro_event_add_val,
+              int bro_event_set_val,
+              int bro_event_send,
+              int bro_record_set_nth_val,
+              int bro_record_set_named_val,
+              int bro_packet_send "$result = $1 ? Qtrue:Qfalse;"
+
+// Allow "true" and "false" for setting debug vars
+%typemap(varin) int bro_debug_calltrace, 
+                int bro_debug_messages "$1 = $input ? 1:0;"
+                
+%typemap(in) uchar * "$1 = (uchar*)STR2CSTR($input);"
+%typemap(out) uchar * "$result = rb_str_new2((char*)$1);"
+
+/* Convert Ruby string to BroString (i'm not sure BroString's are ever
+   used in an applicable situation) */
+/*%typemap(in) BroString "$1 = to_BroString($input);";*/
+
+%predicate bro_conn_alive(const BroConn *bc);
+
+BroString to_brostring(VALUE obj);
+
+//%freefunc BroEvent  "bro_event_free";
+//%freefunc BroRecord "bro_record_free";
+//%freefunc BroString "bro_string_free";
+//// I may not want to do the following line...
+//%freefunc BroConn "bro_conn_delete";
+
+//%apply SWIGTYPE *DISOWN { BroEvent *ev };
+
+
+
+extern int bro_debug_calltrace;
+extern int bro_debug_messages;
+
+#define BRO_TYPE_BOOL              1
+#define BRO_TYPE_INT               2
+#define BRO_TYPE_COUNT             3
+#define BRO_TYPE_COUNTER           4
+#define BRO_TYPE_DOUBLE            5
+#define BRO_TYPE_TIME              6
+#define BRO_TYPE_INTERVAL          7
+#define BRO_TYPE_STRING            8
+#define BRO_TYPE_PATTERN           9
+#define BRO_TYPE_ENUM             10
+#define BRO_TYPE_TIMER            11
+#define BRO_TYPE_PORT             12
+#define BRO_TYPE_IPADDR           13
+#define BRO_TYPE_NET              14
+#define BRO_TYPE_SUBNET           15
+#define BRO_TYPE_ANY              16
+#define BRO_TYPE_TABLE            17
+#define BRO_TYPE_UNION            18
+#define BRO_TYPE_RECORD           19
+#define BRO_TYPE_LIST             20
+#define BRO_TYPE_FUNC             21
+#define BRO_TYPE_FILE             22
+#define BRO_TYPE_VECTOR           23
+#define BRO_TYPE_ERROR            24
+#define BRO_TYPE_PACKET           25 /* CAUTION -- not defined in Bro! */
+#define BRO_TYPE_MAX              26
+
+
+#define BRO_CFLAG_NONE                      0
+#define BRO_CFLAG_RECONNECT           (1 << 0) /* Attempt transparent reconnects */
+#define BRO_CFLAG_ALWAYS_QUEUE        (1 << 1) /* Queue events sent while disconnected */
+#define BRO_CFLAG_SHAREABLE           (1 << 2) /* Allow sharing handle across threads/procs */
+#define BRO_CFLAG_DONTCACHE           (1 << 3) /* Ask peer not to use I/O cache */
+
+typedef unsigned int   uint32;
+typedef unsigned short uint16;
+typedef unsigned char  uchar;
+
+typedef struct bro_conn BroConn;
+typedef struct bro_event BroEvent;
+typedef struct bro_buf BroBuf;
+typedef struct bro_record BroRecord;
+
+typedef void (*BroEventFunc) (BroConn *bc, ...);
+
+typedef struct bro_string {
+  uint32       str_len;
+  uchar       *str_val;
+} BroString;
+
+typedef struct bro_port {
+  uint16       port_num;   /* port number in host byte order */
+  int          port_proto; /* IPPROTO_xxx */
+} BroPort;
+
+typedef struct bro_subnet
+{
+  uint32       sn_net;     /* IP address in network byte order */
+  uint32       sn_width;   /* Length of prefix to consider. */
+} BroSubnet;
+
+BroConn* bro_conn_new_str(const char *hostname,
+                          int flags);
+
+int bro_conn_connect (BroConn *bc);
+int bro_conn_process_input (BroConn *bc);
+int bro_conn_delete (BroConn *bc);
+int bro_conn_alive (const BroConn *bc);
+void* bro_conn_data_get (BroConn *bc, const char *key);
+int bro_conn_get_fd (BroConn *bc);
+
+int bro_conf_get_int(const char *val_name, int *OUTPUT);
+int bro_conf_get_dbl(const char *val_name, double *OUTPUT);
+const char* bro_conf_get_str(const char *val_name);
+
+
+void        bro_string_init                 (BroString *bs);
+int         bro_string_set                  (BroString *bs,
+                                             const char *s);
+int         bro_string_set_data             (BroString *bs,
+                                             const uchar *data,
+                                             int data_len);
+const uchar* bro_string_get_data            (const BroString *bs);
+uint32      bro_string_get_length           (const BroString *bs);
+BroString*  bro_string_copy                 (BroString *bs);
+void        bro_string_cleanup              (BroString *bs);
+void        bro_string_free                 (BroString *bs);
+
+
+
+BroRecord* bro_record_new(void);
+int bro_record_add_val(BroRecord *rec, 
+                       const char *name,
+  				             int type, 
+  				             const char *type_name,
+  				             const void *val);
+void* bro_record_get_named_val(BroRecord *rec,
+                               const char *name,
+                               int type);
+void* bro_record_get_nth_val(BroRecord *rec,
+                             int num,
+                             int type);
+int bro_record_set_nth_val (BroRecord *rec,
+                           int num,
+                           int type,
+                           const char *type_name,
+                           const void *val);
+int bro_record_set_named_val (BroRecord *rec,
+                             const char *name,
+                             int type,
+                             const char *type_name,
+                             const void *val);
+void bro_record_free(BroRecord *rec);
+                             
+BroEvent *bro_event_new(const char *event_name);
+                             
+int bro_event_add_val (BroEvent *be,
+                       int type,
+                       const char *type_name,
+                       const void *val);
+                             
+void bro_event_registry_add (BroConn *bc,
+                             const char *event_name,
+                             BroEventFunc func,
+                             void *user_data);
+
+void bro_event_registry_request (BroConn *bc);
+int bro_event_queue_length (BroConn *bc);
+int bro_event_queue_flush (BroConn *bc);
+                             
+int bro_event_send(BroConn *bc,
+                   BroEvent *be);
+                   
+void bro_event_free(BroEvent *be);
+                             
+double bro_util_current_time(void);
+
+
+