Type conversion and table initialization

It's been a couple weeks since I had a problem, so now I've got two.

1) hex-string to addr type conversion

I've got a udp packet that contains an IP address in the packet
contents[*]. I can easily grab it with sub_bytes() and end up with a
string like "\x8d\x8e\xde!" [**]. I'd like to convert that to an addr so I can do comparisons easily. After looking though the *.bif.bro files for conversion functions I'm stuck. There's to_addr(), but the string would need to actually be the IP address and not a hex representation.

2) table of set initialization (curiosity)

I have something like this that works:
global myset: set[addr] = {192.168.1.1};
global mytable: table[string] of set[addr] = {
  ["blaa"] = myset,
};

When I try to combine that into one it breaks:
global mytable: table[string] of set[addr] = {
  ["blaa"] = 192.168.1.1,
};

bad tag in Val::CONVERTER (addr/table)

I read somewhere that 'bad tag' is an internal error and I should never see it. I saw it.

-Mike

[*] -- It's a klog request for afs-kaserver3 through kaforwarder and
fakeka. So the originating requester's IP is stored in the epoch time
field of the RX packet. Whee!

[**] -- 141.142.222.33

I've got a udp packet that contains an IP address in the packet
contents[*].

Hmmm... can't think of any other way than adding a new built-in
ffunction specifically for this.

global myset: set[addr] = {192.168.1.1};
global mytable: table[string] of set[addr] = {
  ["blaa"] = myset,
};

Yeah, unfortunately this is the way to do it. Clumsy, but we don't
have set constructors at the moment.

  ["blaa"] = 192.168.1.1,

The problem is here that you're initialiazing a set[addr] with just
an addr (rather than a set of addrs). The natural way would be:

     ["blaa"] = { 192.168.1.1 }

But that is not supported.

I read somewhere that 'bad tag' is an internal error and I should never
see it.

That's true, at least in theory. In practice, there are a couple
of places where this can happen when types don't match. Not nice but
hasn't been a high priority so far to fix.

Robin

Robin Sommer wrote:

I've got a udp packet that contains an IP address in the packet
contents[*].

Hmmm... can't think of any other way than adding a new built-in
ffunction specifically for this.

I think this is as simple as adding to bro.bif:

function hex_to_addr%(str: string%): addr
     %{
     int a,b,c,d;
     int r;
     r = sscanf(str->CheckString(), "%x.%x.%x.%x", &a, &b, &c, &d);
     if ( r != 4 )
         run_time("hex addr not parseable");
     return new AddrVal(dotted_to_addr(fmt("%d.%d.%d.%d", a,b,c,d)));
     %}

You may need to tweak the format, eg, for the \x format, to something
like "\\x%x\\x%x\\x%x\\x%x".

Mark

Haha.. you beat me to it. Here's what I was about to submit (patch attached):

# Returns an addr from a string
function rawstring_to_addr%(s: string%): addr
        %{
        char* x = new char[16];
        const u_char* sp = s->Bytes();

        if(s->Len() != 4){
                sprintf(x,"0.0.0.0");
        }else{
                sprintf(x,"%i.%i.%i.%i",sp[0],sp[1],sp[2],sp[3]);
        }

        Val* ret = new AddrVal(x);
        delete [] x;
        return ret;
        %}

Mark Dedlow wrote:

rawstring_to_addr.patch (657 Bytes)

Would it be possible to get this added in before the 1.3 release?

Thanks,
Mike

Mike Dopheide wrote:

Would it be possible to get this added in before the 1.3 release?

Please try the appended and let me know if it works as you need.

    Vern

Index: src/bro.bif

Vern,

That works great. The only issue is that the packets I'm dealing with have it in host order rather than network order.

-Mike

Vern Paxson wrote: