rbroccoli 1.1.0

data/lib/bro.rb

@@ -0,0 +1,105 @@
+require 'broccoli_ext'
+require 'time'
+
+require 'bro/connection'
+require 'bro/event'
+require 'bro/record'
+require 'bro/typemap'
+  
+class Broccoli_ext::BroPort
+  @@protocols = {0=>'ip', 1=>'icmp', 2=>'igmp', 3=>'ggp', 4=>'ipv4',
+                 6=>'tcp', 7=>'st', 8=>'egp', 9=>'pigp', 10=>'rccmon',
+                 11=>'nvpii', 12=>'pup', 13=>'argus', 14=>'emcon',
+                 15=>'xnet', 16=>'chaos', 17=>'udp', 18=>'mux', 19=>'meas',
+                 20=>'hmp', 21=>'prm', 22=>'idp', 23=>'trunk1', 24=>'trunk2',
+                 25=>'leaf1', 26=>'leaf2', 27=>'rdp', 28=>'irtp', 29=>'tp',
+                 30=>'blt', 31=>'nsp', 32=>'inp', 33=>'sep', 34=>'3pc',
+                 35=>'idpr', 36=>'xtp', 37=>'ddp', 38=>'cmtp', 39=>'tpxx',
+                 40=>'il', 41=>'ipv6', 42=>'sdrp', 43=>'routing', 
+                 44=>'fragment', 45=>'idrp', 46=>'rsvp', 47=>'gre', 48=>'mhrp',
+                 49=>'bha', 50=>'esp', 51=>'ah', 52=>'inlsp', 53=>'swipe', 
+                 54=>'nhrp', 58=>'icmpv6', 59=>'nonext', 60=>'dstopts',
+                 61=>'ahip', 62=>'cftp', 63=>'hello', 64=>'satexpak', 
+                 65=>'kryptolan', 66=>'rvd', 67=>'ippc', 68=>'adfs', 
+                 69=>'satmon', 70=>'visa', 71=>'ipcv', 72=>'cpnx', 73=>'cphb',
+                 74=>'wsn', 75=>'pvp', 76=>'brsatmon', 77=>'nd', 78=>'wbmon',
+                 79=>'wbexpak', 80=>'eon', 81=>'vmtp', 82=>'svmtp', 
+                 83=>'vines', 84=>'ttp', 85=>'igp', 86=>'dgp', 87=>'tcf', 
+                 88=>'igrp', 89=>'ospfigp', 90=>'srpc', 91=>'larp', 92=>'mtp',
+                 93=>'ax25', 94=>'ipeip', 95=>'micp', 96=>'sccsp', 
+                 97=>'etherip', 98=>'encap', 99=>'apes', 100=>'gmtp', 
+                 103=>'pim', 108=>'ipcomp', 113=>'pgm', 254=>'divert', 
+                 255=>'raw'}
+  def to_s
+    "#{port_num}/#{@@protocols[port_proto]}"
+  end
+end
+
+# This gives a nice interface for retrieving fields from records and connections
+module SWIG
+  
+  class TYPE_p_bro_conn
+    def method_missing(meth, *args)
+      return bro_conn_data_get(self, meth.id2name)
+    end
+  end
+  
+  class TYPE_p_bro_record
+    attr_accessor :from_callback
+    attr_accessor :arg_num
+    attr_accessor :record_type
+    
+    # .id is a method for all ruby objects.  Move it out of the way for records.
+    alias :old_id :id
+    def id
+      return method_missing(:id)
+    end
+    
+    # TODO: this is an utter mess, make it less so.
+    def method_missing(meth, *args)
+      if @from_callback and @arg_num
+        name_type, int_type = Bro::Typemap.get(:callback, @from_callback, @arg_num)
+        #puts "(:record, #{name_type}, #{meth.id2name})"
+        name_type, int_type = Bro::Typemap.get(:record, name_type, meth.id2name)
+        rec = Broccoli_ext::bro_record_get_named_val(self, meth.id2name, int_type)
+      elsif @record_type
+        name_type, int_type = Bro::Typemap.get(:record, @record_type, meth.id2name)
+        rec = Broccoli_ext::bro_record_get_named_val(self, meth.id2name, int_type)
+      else
+        puts "oops.. something screwed up in #{__FILE__} around line #{__LINE__}"
+      end
+      if int_type == Broccoli_ext::BRO_TYPE_RECORD
+        rec.record_type = name_type
+      end
+      return rec
+    end
+    
+    # TODO: Getting values from record by position doesn't work yet.
+    #       I need to find a good way to determine type of value.
+    #       I don't think that records are neccesarily stored in 
+    #       the same order that they are defined in the bro.init file.
+    #def [](pos)
+    #  Bro::Typemap.get(:record)[self.record_type]
+    #  return Broccoli_ext::bro_record_get_nth_val(self, @arg_num, BRO_TYPE_STRING)
+    #end
+  end
+end
+
+
+module Bro
+  def Bro.current_time_f
+    Broccoli_ext::bro_util_current_time
+  end
+  
+  def Bro.current_time
+    Time.at( current_time_f() )
+  end
+  
+  def Bro.debug_calltrace(v)
+    Broccoli_ext::bro_debug_calltrace=v
+  end
+  
+  def Bro.debug_messages(v)
+    Broccoli_ext::bro_debug_messages=v
+  end
+end

metadata

@@ -0,0 +1,64 @@
+--- !ruby/object:Gem::Specification 
+rubygems_version: 0.8.11
+specification_version: 1
+name: rbroccoli
+version: !ruby/object:Gem::Version 
+  version: 1.1.0
+date: 2006-08-22 00:00:00 -04:00
+summary: Interface for the Bro Intrusion Detection System.
+require_paths: 
+- lib
+email: seth@net.ohio-state.edu
+homepage: http://rbroccoli.rubyforge.org
+rubyforge_project: rbroccoli
+description: 
+autorequire: bro
+default_executable: 
+bindir: bin
+has_rdoc: false
+required_ruby_version: !ruby/object:Gem::Version::Requirement 
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      version: 0.0.0
+  version: 
+platform: ruby
+signing_key: 
+cert_chain: 
+authors: 
+- Seth Hall
+files: 
+- lib/bro.rb
+- lib/Bro/connection.rb
+- lib/Bro/event.rb
+- lib/Bro/record.rb
+- lib/Bro/typemap.rb
+- data/bro
+- data/bro/callback-typemaps.yml
+- data/bro/record-typemaps.yml
+- README
+- ext/broccoli_ext
+- ext/broccoli_ext/autogen.sh
+- ext/broccoli_ext/broccoli.i
+- ext/broccoli_ext/broccoli_wrap.c
+- ext/broccoli_ext/extconf.rb
+- ext/broccoli_ext/post-clean.rb
+- ext/broccoli_ext/pre-config.rb
+- ext/broccoli_ext/test
+- ext/broccoli_ext/test/broconftest.rb
+- ext/broccoli_ext/test/test.rb
+- MIT-LICENSE
+test_files: []
+
+rdoc_options: []
+
+extra_rdoc_files: []
+
+executables: []
+
+extensions: 
+- ext/broccoli_ext/extconf.rb
+requirements: []
+
+dependencies: []
+