Hi guys,
I don’t know how to pass an array to binpac function and then to BifEvent.
Here is my type definition:
type X(len: uint16) = record {
byteCount: uint8;
registers: uint16[registerCount] &length = byteCount;
here is the function I want to call:
function something( r: X): bool
%{
// here get a pointer to registers and value to byteCount ???
if ( ::some_event )
{
BifEvent::generate_some_event(
connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
is_orig(),bCount,reg);
}
return true;
%}
If BifEvent passes a pointer to the array, then in bro script I can use vector type to print those values?
Thanks,
dina
             
            
              
              
              
            
            
           
          
            
            
              Most people should freely ignore this reply, Dina's asking about an internal detail about connecting protocol analyzers to the Bro script-land.
Here is my type definition:
type X(len: uint16) = record {
        byteCount: uint8;
        registers: uint16[registerCount] &length = byteCount;
I assume you have some bit of code in a &let section you haven't included that is calling your BinPAC function after the 'X' unit is parsed?
here is the function I want to call:
function something( r: X): bool
               %{
You need to convert the C array into the Bro vector type manually.  Something like this...
  for ( unsigned int i = 0; i < \{r\.registers\}\->size\(\); \+\+i \)
    \{
    uint16 register = {r.registers}[i];
    … build a VectorVal …
    }
I probably have something about this code wrong, I just wanted to show that you have to convert C/C++ values into Bro values.
  .Seth