Hi,
I have a question about BIF example. I am trying to write my own BIF functions. I’d like to store some data (i.e. pass in a record to a BIF function) and retrieve it later as a record when I am processing traffic. In the example, I see ‘foobar’ record is defined in bro.init. There is a declaration of foobar record in types.bif. This is being accessed in bro.bif. How is the ‘foobar’ record type resolved when it’s referenced in bro.bif? Is the example complete or is it missing some includes and such?
I tried to the same but my bro script fails because my bif file doesn’t know about my record type. I included my ‘types.bif.h’ in my bif file get it compiled without errors. But it fails to load because it does not know about my record type. I get the error ‘identifier not defined:’. Any help is appreciated. Thanks.
I have a question about BIF example
<https://www.bro.org/development/howtos/bif-doc/example.html>\. I am trying
to write my own BIF functions. I'd like to store some data (i.e. pass in a
record to a BIF function) and retrieve it later as a record when I am
processing traffic.
I am not quite sure that I understand - do you want the bif to store data
that can be accessed later by the same (or a different) bif? I am not sure
if I know of anyone doing that - it is more common for a bif to return
data, that the user then can store somewhere in scriptland (e.g. in the
connection record).
In the example, I see 'foobar' record is defined in bro.init. There is a
declaration of foobar record in types.bif. This is being accessed in
bro.bif. How is the 'foobar' record type resolved when it's referenced
in bro.bif? Is the example complete or is it missing some includes and
such?
The example is a bit out of date here as bro.init does not exist anymore.
I assume the best way to see how something like this works is to look at
the bifs that are added by one of the individual protocol or file
analyzers, since they are smaller, all necessary files are contained in a
directory, and they work very similar to how you would add bifs in a
package that you create.
That being said, the general approach is correct - you create a type in
scriptland, e.g. by adding it to init-bare.bro, you then can add it to
types.bif, and use it, either globally in bro.bif (which is a bit
special), or if you are creating your own functions.bif, in there, after
including types.bif.h.
I tried to the same but my bro script fails because my bif file doesn't
know about my record type. I included my 'types.bif.h' in my bif file get
it compiled without errors. But it fails to load because it does not know
about my record type. I get the error 'identifier not defined:'. Any help
is appreciated. Thanks.
That sounds like more of a problem with the original definition of the
type - where exactly did you define it? init-bare?