bro script q.

Dk_Jack · October 7, 2016, 9:00pm

Hi,
Can a function defined in one script be accessed from another script? Currently, I have the following in two files:

File A:

global myfunc: function(c: connection, msg: string): string

function myfunc(c: connection, msg: string): string
{
…
print fmt(“myfunc: called from %s”, msg);
…
return mystring;
}

event someEventA(c: connection, …)
{
…
c$fileA$myfunc_result = myfunc(c, “fileA”);
}

File B:

global myfunc: function(c: connection, msg: string): string

even someEventB(c: connection, …)
{
…
c$fileB$myfunc_result = myfunc(c, “fileB”);
…
}

This compiles and runs fine when I run against a pcap. The events ‘someEventA’ and ‘someEventB’ write to two different log files. In log fileA, I see all the columns populated include myfunc_result column. However, in log fileB, I the myfunc_result shows the default string ‘NA’. In the standard out file, I only see ‘myfunc: called from fileA’ messages.

Since the myfunc function is performing a lookup on a table (loaded from file on disk), I’d like both the events to be able to see the same info. What am I doing wrong which is preventing me from accessing myfunc function from fileB. Thanks.

Dk.

anthony_kasza1 · October 7, 2016, 9:24pm

In your example you’re defining the same function twice within the global namespace. This might be causing an issue.
Try using the module and export functionality of the scripting language.

-AK

Dk_Jack · October 7, 2016, 10:30pm

Could you direct me to an example on how to do that? I’ve only seen export being used with export info records… thanks.

anthony_kasza1 · October 8, 2016, 12:08am

Look at this script. It does things with PE files.

https://github.com/bro/bro/blob/master/scripts/base/files/pe/main.bro

Someone may want to correct me here:
Line 1 declares a new module, which I believe is analogous to C++ namespaces, named “PE”. The export at line 5 declares exported things under the PE namespace. So, to reference the event log_pe from the global namespace, as your script is doing, it would need to use PE::log_pe().
Try exporting your function with a module name declared above it.

-AK

Dk_Jack · October 8, 2016, 12:16am

Thanks,
I figured it after sending the email. Thanks.

anthony_kasza1 · October 8, 2016, 2:42am

Was that your issue? If you want to PM me your scripts I can take a look.

-AK

Topic		Replies	Views
Share vector Zeek	4	77	May 6, 2022
Questions about bro module declarations Zeek	4	84	May 6, 2022
is that possible to use a global variable defined in other policy script? Zeek	3	78	May 6, 2022
true global functions/tables/variables Zeek	3	60	May 6, 2022
Question about Controller Framework Zeek	4	70	May 6, 2022

bro script q.

Related topics