Hi, I am trying to work with the bro control framework and I had two main questions about it:
1) Is it possible for one BRO script (Script 1) to send a request to another BRO script(Script 2), possibly on the same device , and for Script 2 to return a list of all of its local/global variables without Script 1 having known about any of them?
I am working on an SDN project and my goal is to have a BRO box running a master script and whenever I send a generic bro script to the box, I am trying to get the new script to return a list of all variables to the master bro script(script 1), and from the master script, send it back to the original sender.
2) Is it possible for Script 1 to modify variables on script 2 on the fly?
Any help is appreciated.
- Alex
1) Is it possible for one BRO script (Script 1) to send a request to another BRO script(Script 2), possibly on the same device , and for Script 2 to return a list of all of its local/global variables without Script 1 having known about any of them?
There is the global_ids() function [1] to discover globals and whether they’re “exported”, which might be what you want in terms of telling whether it’s a “local” variable — local usually refers to function scope within Bro which probably isn’t what you want. The other two scopes are module (i.e. private to the modules namespace) and global (i.e. visible across module namespaces), which are determined by whether it’s exported
As far as sending the return value of global_ids() from one Bro instance to another, that should be possible — Bro instances commonly exchange events w/ one another, so it’s just a matter of defining an event to carry this information.
2) Is it possible for Script 1 to modify variables on script 2 on the fly?
The send_id() function [2] may be one way to do that.
- Jon
[1] http://bro.org/sphinx-git/scripts/base/bif/bro.bif.bro.html#id-global_ids
[2] http://bro.org/sphinx-git/scripts/base/bif/bro.bif.bro.html#id-send_id
Sounds great! I’m playing around with the global_ids() function, but I’m having the problem of getting too much information. My goal is to only identify global variables that are created in the script, but I am getting internal global variables that I never actually created.
In my sample bro script I define:
I don’t think that location info (file & line number) is currently exposed for use in script-layer logic, but it is available internally (that’s why error messages are able to provide it).
I can think of a few methods to patch the functionality in. One would be to change global_ids() to accept an optional argument to filter results to a particular script and/or have its return value provide the location information for each identifier. Another would be to add a builtin-function specifically for retrieving location info given a single identifier.
Either seems like a reasonable request if you want to create a ticket at tracker.bro.org. A patch would probably also be welcomed/accepted if you’re able/willing to try to make one.
- Jon