rbroccoli 1.1.0

data/ext/broccoli_ext/extconf.rb

@@ -0,0 +1,15 @@
+require 'mkmf'
+
+if ex = find_executable("broccoli-config")
+  $CFLAGS << " " + `#{ex} --cflags`.chomp
+  $LDFLAGS << " " + `#{ex} --libs`.chomp
+else
+  puts "You need to have broccoli-config in your path!"
+  exit(-1)
+end
+
+if have_header("broccoli.h") and
+   have_library("broccoli") and
+   have_library("ssl") 
+  create_makefile('broccoli_ext')
+end

data/ext/broccoli_ext/post-clean.rb

@@ -0,0 +1,3 @@
+
+File.delete 'mkmf.log' if File.exists? 'mkmf.log'
+File.delete 'Makefile' if File.exists? 'Makefile'

data/ext/broccoli_ext/pre-config.rb

@@ -0,0 +1,5 @@
+bc = `which broccoli-config`
+unless bc.length > 0
+  puts "You need to have broccoli-config in your path!"   
+  exit(-1)
+end

data/ext/broccoli_ext/test/broconftest.rb

@@ -0,0 +1,12 @@
+#!/usr/bin/env ruby
+
+require 'broccoli_ext'
+include Broccoli_ext
+
+peer = bro_conf_get_str("PeerName")
+puts "Peer: #{peer}"
+
+ret, port = bro_conf_get_int("PeerPort")
+if(ret)
+  puts "PeerPort: #{ret}"
+end

data/ext/broccoli_ext/test/test.rb

@@ -0,0 +1,174 @@
+# Please don't try to read too much into this file.  It's mostly my 
+# internal test file while I'm building the C binding.
+#
+# Check out the examples directory for better examples that use the ruby
+# library I've built overtop the C bindings.
+
+require './broccoli_ext'
+include Broccoli_ext
+Broccoli_ext::bro_debug_calltrace=false
+Broccoli_ext::bro_debug_messages=false
+
+STDOUT.sync = true
+
+#a= Broccoli_ext::BroString.new
+#a.str_val="asdf"
+
+host_str = "127.0.0.1:12345"
+
+bc = bro_conn_new_str(host_str, BRO_CFLAG_NONE)
+puts "Connection? #{bc}"
+#puts "  Connected" unless bro_conn_connect(bc).zero?
+
+###
+# Test BroString Creation
+###
+
+module SWIG
+  class TYPE_p_bro_conn
+    def method_missing(meth, *args)
+      return bro_conn_data_get(self, meth.id2name)
+    end
+  end
+  
+  class TYPE_p_bro_record
+    # I need to build a full record typemapper to deal with this correctly.
+    
+    def method_missing(meth, *args)
+      #return bro_record_get_named_val(self, meth.id2name, BRO_TYPE_STRING)
+    end
+    
+    def [](position)
+      #return bro_record_get_nth_val(self, position, BRO_TYPE_STRING)
+    end
+  end
+end
+
+
+
+###
+# Test Record Creation
+###
+#rec = bro_record_new()
+#puts "Ruby: Inserting data into the record"
+##time = bro_util_current_time()
+##puts "Ruby: Current time: #{time}"
+#bro_record_add_val(rec, "seq", BRO_TYPE_IPADDR, 213054988)
+#puts "Ruby: Getting the data back out"
+##puts bro_record_get_named_val(rec, "seq", BRO_TYPE_COUNT);
+#puts "  " + bro_record_get_nth_val(rec, 0, BRO_TYPE_IPADDR).to_s
+
+
+
+###
+# Test Callback creation
+###
+
+# Ideal :)
+#bro_ruby_typemap_new("pong", [8,19,0])
+#build_typemap("pong", [:conn,:record])
+
+#while 1
+#  ev = bro_event_new("ping")
+#  bro_event_free(ev)
+#  #GC.start
+#end
+
+bro_pong_record = Proc.new do |conn, rec|
+  now = bro_util_current_time()
+  puts "Pong_record callback"
+  puts rec
+
+  seq = bro_record_get_nth_val(rec, 0, BRO_TYPE_COUNT)
+  src_time = bro_record_get_nth_val(rec, 1, BRO_TYPE_TIME)
+  dst_time = bro_record_get_nth_val(rec, 2, BRO_TYPE_TIME)
+  
+  puts "pong event from #{host_str}: seq=#{seq}, time=#{dst_time-src_time}/#{now-src_time} s"
+end
+
+bro_pong = Proc.new do |conn, src_time, dst_time, seq|
+  puts "Pong callback!"
+  now = bro_util_current_time()
+  puts "pong event from #{host_str}: seq=#{seq}, time=#{dst_time-src_time}/#{now-src_time} s"
+end
+
+new_connection = Proc.new do |conn|
+  puts "Saw a connection!"
+end
+
+dns_request = Proc.new do |conn, msg, query, qtype, qclass|
+  #$count = $count+1
+  #puts "msg: #{msg}"
+  #puts "query: #{query}"
+  #puts "qtype: #{qtype}"
+  #puts "qclass: #{qclass}"
+  #puts "service: #{conn.blah}"
+  #puts "Query output class: #{query.class}"
+  #answers = bro_record_get_nth_val(msg, 11, BRO_TYPE_COUNT).to_s
+  #puts "Number of dns answers: #{answers}"
+  #puts "Query: #{query} - Query type: #{qtype} - Query class: #{qclass}"
+end
+
+#puts "Registering callback..."
+#bro_event_registry_add(bc, "dns_A_reply", dns_reply)
+
+bro_event_registry_add(bc, "dns_request", ["dns_request", [19, 19, 8, 3, 3], dns_request])
+
+#bro_event_registry_add(bc, "pong", ["pong", {"pong", [19]}, bro_pong_record])
+#bro_event_registry_add(bc, "pong", ["pong", {"pong", [6,6,3]}, bro_pong])
+
+#bro_event_registry_add(bc, "wootback", [[8], wootback])
+
+#bro_event_registry_add(bc, "new_connection", ["new_connection", {"new_connection", [19]}, new_connection])
+#bro_event_registry_add(bc, "return_memory", return_memory)
+
+#puts "Done Registering callback..."
+puts "Connected" if bro_conn_connect(bc)
+
+while(1)
+  #puts "Checking input"
+  $count = 0
+  bro_conn_process_input(bc)
+  puts "*" * ($count/2)
+  
+  sleep 0.5
+  
+  GC.start
+end
+exit
+
+###
+# Testing record creation and event sending
+###
+record = false
+(1..100).each do |seq|
+  bro_conn_process_input(bc)
+  #puts "Creating event"
+  ev = bro_event_new("ping")
+  timestamp = bro_util_current_time()
+  if(record)
+    rec = bro_record_new()
+    bro_record_add_val(rec, "seq", BRO_TYPE_COUNT, seq)
+    bro_record_add_val(rec, "src_time", BRO_TYPE_TIME, timestamp)
+    bro_event_add_val(ev, BRO_TYPE_RECORD, rec)
+  else
+    bro_event_add_val(ev, BRO_TYPE_TIME, timestamp)
+    bro_event_add_val(ev, BRO_TYPE_COUNT, seq)
+  end
+  
+  puts "Sending ping..."
+  bro_event_send(bc, ev)
+  # May not need to call this anymore either
+  #bro_event_free(ev)
+  sleep 1
+  #GC.start
+end
+
+#while(1) do
+#  ev = bro_event_new "show_memory"
+#  puts "Sending event"
+#  puts bro_event_send(bc, ev)
+#  sleep 1
+#  puts "Processing input..."
+#  puts bro_conn_process_input(bc)
+#end

data/lib/Bro/connection.rb

@@ -0,0 +1,73 @@
+require 'broccoli_ext'
+
+module Bro
+  class Connection
+    include Broccoli_ext
+    
+    def initialize(hp, flags=nil)
+      flags = (BRO_CFLAG_RECONNECT | BRO_CFLAG_ALWAYS_QUEUE) if flags.nil?
+      @bc = bro_conn_new_str(hp, flags)
+      @io_object = nil
+      @event_blocks = []
+    end
+    
+    def delete
+      bro_conn_delete(@bc)
+    end
+
+    def connect
+      bro_conn_connect(@bc)
+    end
+
+    def connected?
+      bro_conn_alive?(@bc)
+    end
+
+    def process_input
+      bro_conn_process_input(@bc)
+    end
+    
+    def queue_length
+      bro_event_queue_length(@bc)
+    end
+        
+    def flush
+      bro_event_queue_flush(@bc)
+    end
+    
+    def send(event)
+      # .ev is the real event pointer
+      bro_event_send(@bc, event.ev)
+    end
+        
+    def wait
+      unless @io_object
+        fd = bro_conn_get_fd(@bc)
+        return false if fd < 0
+        @io_object = IO.new(fd)
+      end
+      # block until there is data
+      select([@io_object])
+    end
+    
+    def event_handler(event, mapping=nil, &block)
+      # This lets me pass the proc object and the event name into the callback
+      # It needs to be done so that the typemapper can map types before 
+      # calling the proc object.
+      # TODO: maybe make this less hacky?
+      Bro::Typemap.define_event(event, mapping) unless mapping.nil?
+      
+      typemap = Bro::Typemap.get(:callback, event)
+
+      event_block = [event, typemap, block]
+      @event_blocks << event_block
+      
+      bro_event_registry_add(@bc, event, event_block)
+      
+      # Re-request all events if we're already connected.
+      bro_event_registry_request(@bc) if connected?
+    end
+    alias :event_handler_for :event_handler
+    
+  end
+end

data/lib/Bro/event.rb

@@ -0,0 +1,34 @@
+module Bro
+  
+  class Event
+    include Broccoli_ext
+    attr_reader :ev
+    
+    def initialize(name)
+      @event_name = name
+      @ev = bro_event_new(name)
+      @current_val = 0
+      ObjectSpace.define_finalizer(self, Event.create_finalizer(@ev))
+    end
+    
+    def insert(value)
+      name_type, int_type = Bro::Typemap.get(:callback, @event_name, @current_val)
+      #puts "(#{@ev}, #{int_type}, #{value})"
+      # TODO: Yikes! more hacks to get this thing working
+      value = value.rec if int_type == Broccoli_ext::BRO_TYPE_RECORD
+      bro_event_add_val(@ev, int_type, value)
+      @current_val += 1
+    end
+    
+    def free
+      bro_event_free(@ev)
+    end
+    
+    # When the garbage collector comes around, make sure the C structure
+    # is freed.
+    def self.create_finalizer(event)
+      proc { bro_event_free(event) }
+    end
+  end
+
+end

data/lib/Bro/record.rb

@@ -0,0 +1,60 @@
+module Bro
+  
+  class Record
+    include Broccoli_ext
+    attr_accessor :rec
+    
+    def initialize(type=nil)
+      @type = type
+      @rec = bro_record_new()
+      if type
+        @rec.record_type = type 
+      else
+        # Generate a "unique" name for this record since no type was given
+        # It allows the record to read back it's own values by storing types
+        # as it is created.
+        @rec.record_type = rand().to_s
+        # TODO: abstract into typemapper
+        $bro_global_typemap[:record][@rec.record_type] = {}
+      end
+      @current_val = 0
+      ObjectSpace.define_finalizer(self, Record.create_finalizer(@rec))
+    end
+    
+    def method_missing(meth)
+      @rec.send(meth)
+    end
+    
+    def insert(name, value, value_type=nil)
+      if value_type.nil? and @rec.record_type.nil?
+        raise "No type inferred.. type must be given"
+      end
+      if not value_type
+        name_type, int_type = Bro::Typemap.get(:record, @type, name)
+      else
+        int_type = Bro::Typemap.get_int_type(value_type)
+        # TODO: needs to be abstracted into the typemapper
+        $bro_global_typemap[:record][@rec.record_type][name.to_sym] = value_type
+      end
+      #puts "(#{@rec}, #{name.to_s}, #{int_type}, #{value})"
+      Broccoli_ext::bro_record_add_val(@rec, name.to_s, int_type, value)
+      @current_val += 1
+    end
+    
+    def []=(key, val, type)
+      int_type = Bro::Typemap.get_int_type(type)
+      Broccoli_ext::bro_record_set_nth_val(@rec, key, int_type, val)
+    end
+    
+    def free
+      bro_record_free(@rec)
+    end
+    
+    # When the garbage collector comes around, 
+    # make sure the C structure is freed.
+    def self.create_finalizer(record)
+      proc { bro_record_free(record) }
+    end
+  end
+
+end

data/lib/Bro/typemap.rb

@@ -0,0 +1,158 @@
+require 'yaml'
+require 'time'
+
+module Bro
+  module Typemap
+
+    DATA_TYPEMAP = {:bool => 1,
+                    :int => 2,
+                    :count => 3,
+                    :counter => 4,
+                    :double => 5,
+                    :time => 6,
+                    :interval => 7,
+                    :string => 8,
+                    :pattern => 9,
+                    :enum => 10,
+                    :timer => 11,
+                    :port => 12,
+                    :addr => 13,
+                    :net => 14,
+                    :subnet => 15,
+                    :record => 19
+                   }
+                   
+                   
+    def Typemap.get_int_type(type)
+      type_code = DATA_TYPEMAP[type]
+      if type_code.nil?
+        Broccoli_ext::BRO_TYPE_RECORD
+      else
+        type_code
+      end
+    end
+    
+    # TODO: this is an utter mess
+    def Typemap.get(typemap, name, key=nil)
+      if key
+        if typemap == :record and key.class == Fixnum
+          # this is especially bad
+          foo = $bro_global_typemap[typemap][name].to_a[key][1]
+        elsif typemap == :callback and key.class == Fixnum
+          foo = $bro_global_typemap[typemap][name][key]
+        else
+          foo = $bro_global_typemap[typemap][name.to_sym][key.to_sym]
+        end
+        return [foo, get_int_type(foo)]
+      else
+        foo = $bro_global_typemap[typemap][name]
+        return foo.inject([]) { |out, t| out << get_int_type(t) }
+      end
+    end
+    
+    def Typemap.insert(typemap_type, name, map)
+      $bro_global_typemap[typemap_type][name] = map
+    end
+    
+    def Typemap.define_event(event, mapping)
+      map = mapping.collect { |m| m.to_sym }
+      Bro::Typemap.insert(:callback, event, map)
+    end
+    
+    def Typemap.define_record(record_name, mapping)
+      new_mapping = {}
+      mapping.each { |k,v| new_mapping[k.to_sym] = v.to_sym}
+      Bro::Typemap.insert(:record, record_name.to_sym, new_mapping)
+    end
+    
+    def Typemap.load
+      $bro_global_typemap = {}
+      if __FILE__.match(File.join("gems", "rbroccoli"))
+        # Gem installed
+        dir = File.join(File.dirname(__FILE__), '..', '..', 'data', 'bro')  
+      else
+        # Native install
+        $:.each do |path|
+          if m = path.match(File.join("lib", "ruby"))
+            # Supporting native install
+            tmp_dir = File.join(m.pre_match, "share", "bro")
+            if File.exists?(tmp_dir)
+              dir = tmp_dir 
+              break
+            end
+          end
+        end
+      end
+      
+      if !dir
+        # Check if it isn't installed
+        dir = File.join(File.dirname(__FILE__), '..', '..', 'data', 'bro')  
+      end
+      $bro_global_typemap[:callback] = YAML.load_file("#{dir}/callback-typemaps.yml")
+      $bro_global_typemap[:record] = YAML.load_file("#{dir}/record-typemaps.yml")
+    end
+      
+    # This needs the event.bif.bro file to generate its callback
+    # typemappings for the default bro events.
+    # Distributions will have these files prebuilt for the appropriate
+    # version of Bro.
+    def Typemap.generate_callback_file(input_filename, output_filename)
+      f = open(input_filename)
+    
+      output = {}
+      f.each_line do |line|
+        match = line.match(/^global\s+(.*?):\s+event\((.*)\)/)
+        if match
+          types = []
+          event = match[1]
+          match[2].split(", ").each { |i| types << i.split(": ")[1].to_sym }
+          output[event] = types 
+        end
+      end
+      yaml = open(output_filename, "w")
+      yaml.puts "# This file was autogenerated on #{Time.now}"
+      yaml.puts "# Please do not edit!"
+      yaml.puts output.to_yaml
+    end
+  
+    # This will generate a typemapper for records from the 
+    # bro.init file.
+    def Typemap.generate_record_file(input_filename, output_filename)
+      f = open(input_filename)
+    
+      output = {}
+      fields = {}
+      record_type = ''
+      inside_def = false
+      f.each_line do |line|
+        if line =~ /type (\S+?): record/
+          record_type = $1
+          inside_def = true
+        end
+      
+        if inside_def and line =~ /(\S+): (\S+);/
+          fields[$1.to_sym] = $2.to_sym;
+        end
+      
+        if line =~ /^\};/
+          if inside_def
+            output[record_type.to_sym] = fields
+            fields = {}
+            inside_def = false
+          end
+        end
+      end
+      yaml = open(output_filename, "w")
+      yaml.puts "# This file was autogenerated on #{Time.now}"
+      yaml.puts "# Please do not edit!"
+      yaml.puts output.to_yaml
+    end
+  end
+end
+
+# This is just to get the yaml stuff loaded into the global typemapper hash
+begin
+  Bro::Typemap.load
+rescue
+  STDERR.puts "Typemap files not found!"
+end