// Gets current set as a HashSet<BroValue>
private HashSet <BroValue> GetHashSet()
{
if (m_setPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot execute set operation, Bro set is disposed.");
}
HashSet <BroValue> set = new HashSet <BroValue>();
BroType type = this.Type;
BroApi.bro_set_foreach(m_setPtr,
(value, userData) =>
{
try
{
set.Add(BroValue.CreateFromPtr(value, type));
return(~0);
}
catch
{
return(0);
}
},
IntPtr.Zero);
return(set);
}
/// <summary>
/// Replaces a parameter in this <see cref="BroEvent"/>.
/// </summary>
/// <param name="index">Parameter index.</param>
/// <param name="value">The <see cref="BroValue"/> to replace.</param>
/// <returns><c>true</c> if operation was successful; otherwise, <c>false</c>.</returns>
/// <exception cref="ArgumentNullException">Cannot add a <c>null</c> <see cref="BroValue"/>.</exception>
/// <exception cref="ObjectDisposedException">Cannot add parameter, <see cref="BroEvent"/> is disposed.</exception>
/// <exception cref="ArgumentOutOfRangeException"><paramref name="index"/> is not a valid parameter index.</exception>
public bool ReplaceParameter(int index, BroValue value)
{
if ((object)value == null)
{
throw new ArgumentNullException("value");
}
if (m_eventPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot replace value, Bro event is disposed.");
}
if (index < 0 || index >= m_parameters.Count)
{
throw new ArgumentOutOfRangeException("index");
}
if (value.ExecuteWithFixedPtr(ptr => BroApi.bro_event_set_val(m_eventPtr, index, value.Type, value.TypeName, ptr) == 0))
{
return(false);
}
m_parameters[index] = value;
return(true);
}
/// <summary>
/// Converts this <see cref="BroSet"/> into a <see cref="List{BroValue}"/>.
/// </summary>
/// <returns>Current <see cref="BroSet"/> as a <see cref="List{BroValue}"/>.</returns>
/// <exception cref="ObjectDisposedException">Cannot get list, <see cref="BroSet"/> is disposed.</exception>
public List <BroValue> ToList()
{
if (m_setPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot get list, Bro set is disposed.");
}
List <BroValue> list = new List <BroValue>(Count);
BroType type = this.Type;
BroApi.bro_set_foreach(m_setPtr,
(value, userData) =>
{
try
{
list.Add(BroValue.CreateFromPtr(value, type));
return(~0);
}
catch
{
return(0);
}
},
IntPtr.Zero);
return(list);
}
internal BroSet(IntPtr sourceSetPtr)
#endif
: this()
{
if (sourceSetPtr.IsInvalid())
{
return;
}
BroType type = BroType.Unknown;
BroApi.bro_set_get_type(sourceSetPtr, ref type);
BroApi.bro_set_foreach(sourceSetPtr,
(value, userData) =>
{
try
{
BroApi.bro_set_insert(m_setPtr, type, value);
return(~0);
}
catch
{
return(0);
}
},
IntPtr.Zero);
}
internal BroTable(IntPtr sourceTablePtr)
#endif
: this()
{
if (sourceTablePtr.IsInvalid())
{
return;
}
BroType keyType = BroType.Unknown;
BroType valueType = BroType.Unknown;
BroApi.bro_table_get_types(sourceTablePtr, ref keyType, ref valueType);
BroApi.bro_table_foreach(sourceTablePtr,
(key, value, userData) =>
{
try
{
BroApi.bro_table_insert(m_tablePtr, keyType, key, valueType, value);
return(~0);
}
catch
{
return(0);
}
},
IntPtr.Zero);
}
/// <summary>
/// Unregisters for events that arrive with the name of <paramref name="eventName"/>.
/// </summary>
/// <param name="eventName">Event name to unregister for.</param>
/// <exception cref="ArgumentNullException"><paramref name="eventName"/> is <c>null</c>.</exception>
/// <exception cref="ObjectDisposedException">Cannot unregister for event, <see cref="BroConnection"/> is disposed.</exception>
public void UnregisterForEvent(string eventName)
{
if ((object)eventName == null)
{
throw new ArgumentNullException("eventName");
}
if (m_connectionPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot unregister for event, Bro connection is disposed.");
}
BroApi.bro_event_registry_remove(m_connectionPtr, eventName);
// Remove any user data stored in managed memory space for specified event name
lock (m_userData)
{
m_userData.Remove(eventName);
}
// Detach from common event handler for direct event handlers when no events are registered
lock (m_eventHandlers)
{
if (m_eventHandlers.Remove(eventName) && m_eventHandlers.Count == 0)
{
ReceivedEvent -= CommonDirectEventHandler;
}
}
}
/// <summary>
/// Gets or sets arbitrary data associated with this <see cref="BroConnection"/>.
/// </summary>
/// <param name="key">Key identifier of data.</param>
/// <returns>Data for given <paramref name="key"/>.</returns>
/// <exception cref="ObjectDisposedException">Cannot get or set connection data, <see cref="BroConnection"/> is disposed.</exception>
public IntPtr this[string key]
{
get
{
IntPtr connection = m_parent.GetValuePtr();
if (connection == IntPtr.Zero)
{
throw new ObjectDisposedException("Cannot get connection data, Bro connection is disposed.");
}
return(BroApi.bro_conn_data_get(connection, key));
}
set
{
IntPtr connection = m_parent.GetValuePtr();
if (connection == IntPtr.Zero)
{
throw new ObjectDisposedException("Cannot set connection data, Bro connection is disposed.");
}
BroApi.bro_conn_data_set(connection, key, value);
}
}
// Gets current table as a Dictionary<BroValue, BroValue>
private Dictionary <BroValue, BroValue> GetDictionary()
{
if (m_tablePtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot execute dictionary operation, Bro table is disposed.");
}
Dictionary <BroValue, BroValue> dictionary = new Dictionary <BroValue, BroValue>();
BroType keyType = BroType.Unknown;
BroType valueType = BroType.Unknown;
BroApi.bro_table_get_types(m_tablePtr, ref keyType, ref valueType);
BroApi.bro_table_foreach(m_tablePtr,
(key, value, userData) =>
{
try
{
dictionary.Add(BroValue.CreateFromPtr(key, keyType), BroValue.CreateFromPtr(value, valueType));
return(~0);
}
catch
{
return(0);
}
},
IntPtr.Zero);
return(dictionary);
}
/// <summary>
/// Releases the unmanaged resources used by this <see cref="BroRecord"/> object and optionally releases the managed resources.
/// </summary>
/// <param name="disposing"><c>true</c> to release both managed and unmanaged resources; <c>false</c> to release only unmanaged resources.</param>
protected virtual void Dispose(bool disposing)
{
if (!m_disposed)
{
try
{
#if USE_SAFE_HANDLES
if ((object)m_recordPtr != null && !m_recordPtr.IsInvalid())
{
m_recordPtr.Dispose();
}
#else
if (m_recordPtr != IntPtr.Zero)
{
BroApi.bro_record_free(m_recordPtr);
m_recordPtr = IntPtr.Zero;
}
#endif
}
finally
{
m_disposed = true; // Prevent duplicate dispose.
}
}
}
/// <summary>
/// Gets or sets the <see cref="BroValue"/> with the specified <paramref name="key"/>.
/// </summary>
/// <param name="key">The <see cref="BroValue"/> key of the element to get or set.</param>
/// <returns>
/// The <see cref="BroValue"/> with the specified <paramref name="key"/> if successful; otherwise, <c>null</c>.
/// </returns>
/// <exception cref="ArgumentNullException"><paramref name="key"/> is <c>null</c>.</exception>
/// <exception cref="ArgumentNullException"><paramref name="value"/> is <c>null</c>.</exception>
/// <exception cref="ObjectDisposedException">Cannot get or add key/value pair, <see cref="BroTable"/> is disposed.</exception>
/// <exception cref="InvalidOperationException">Failed to add <see cref="BroValue"/> for the specified <paramref name="key"/>.</exception>
public BroValue this[BroValue key]
{
get
{
if ((object)key == null)
{
throw new ArgumentNullException("key");
}
if (m_tablePtr.IsInvalid())
{
throw new ObjectDisposedException(string.Format("Cannot get value for key \"{0}\", Bro table is disposed.", key));
}
IntPtr valuePtr = key.ExecuteWithFixedPtr(keyPtr => BroApi.bro_table_find(m_tablePtr, keyPtr));
return(BroValue.CreateFromPtr(valuePtr, ValueType));
}
set
{
if (!Add(key, value))
{
throw new InvalidOperationException(string.Format("Failed to add value for key \"{0}\".", key));
}
}
}
internal BroPacket(IntPtr sourcePacketPtr)
#endif
{
if (!sourcePacketPtr.IsInvalid())
{
m_packetPtr = BroApi.bro_packet_clone(sourcePacketPtr);
}
}
/// <summary>
/// Creates a new <see cref="BroSet"/>.
/// </summary>
/// <exception cref="OutOfMemoryException">Failed to create Bro set.</exception>
public BroSet()
{
m_setPtr = BroApi.bro_set_new();
if (m_setPtr.IsInvalid())
{
throw new OutOfMemoryException("Failed to create Bro set.");
}
}
/// <summary>
/// Creates a new <see cref="BroTable"/>/
/// </summary>
/// <exception cref="OutOfMemoryException">Failed to create Bro table.</exception>
public BroTable()
{
m_tablePtr = BroApi.bro_table_new();
if (m_tablePtr.IsInvalid())
{
throw new OutOfMemoryException("Failed to create Bro table.");
}
}
/// <summary>
/// Notifies peering Bro to send events.
/// </summary>
/// <exception cref="ObjectDisposedException">Cannot request events, <see cref="BroConnection"/> is disposed.</exception>
public void RequestEvents()
{
if (m_connectionPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot request events, Bro connection is disposed.");
}
BroApi.bro_event_registry_request(m_connectionPtr);
}
/// <summary>
/// Processes input sent to the sensor by Bro.
/// </summary>
/// <returns><c>true</c> if any input was processed; otherwise, <c>false</c>.</returns>
/// <remarks>
/// This function reads all input sent to the local sensor by the Bro peering at the current
/// <see cref="BroConnection"/>. This function cannot block. <see cref="IsAlive"/> will
/// report the actual state of the connection after a call to <see cref="ProcessInput"/>.
/// </remarks>
/// <exception cref="ObjectDisposedException">Cannot process input, <see cref="BroConnection"/> is disposed.</exception>
public bool ProcessInput()
{
if (m_connectionPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot process input, Bro connection is disposed.");
}
return(BroApi.bro_conn_process_input(m_connectionPtr) != 0);
}
/// <summary>
/// Creates a new <see cref="BroVector"/>.
/// </summary>
/// <exception cref="OutOfMemoryException">Failed to create Bro vector.</exception>
public BroVector()
{
m_vectorPtr = BroApi.bro_vector_new();
if (m_vectorPtr.IsInvalid())
{
throw new OutOfMemoryException("Failed to create Bro vector.");
}
}
/// <summary>
/// Creates a new <see cref="BroRecord"/>.
/// </summary>
/// <exception cref="OutOfMemoryException">Failed to create Bro record.</exception>
public BroRecord()
{
m_recordPtr = BroApi.bro_record_new();
if (m_recordPtr.IsInvalid())
{
throw new OutOfMemoryException("Failed to create Bro record.");
}
}
private bro_conn_stats GetConnectionStats()
{
bro_conn_stats stats = new bro_conn_stats();
if (!m_connectionPtr.IsInvalid())
{
BroApi.bro_conn_get_connstats(m_connectionPtr, ref stats);
}
return(stats);
}
/// <summary>
/// Deletes data associated with specified <paramref name="key"/>.
/// </summary>
/// <param name="key">Key identifier of data.</param>
/// <returns>The removed data if it exists, <see cref="IntPtr.Zero"/> otherwise.</returns>
/// <exception cref="ObjectDisposedException">Cannot delete connection data, <see cref="BroConnection"/> is disposed.</exception>
public IntPtr Delete(string key)
{
IntPtr connection = m_parent.GetValuePtr();
if (connection == IntPtr.Zero)
{
throw new ObjectDisposedException("Cannot delete connection data, Bro connection is disposed.");
}
return(BroApi.bro_conn_data_del(connection, key));
}
/// <summary>
/// Drops the current connection and reconnects, reusing all settings.
/// </summary>
/// <exception cref="ObjectDisposedException">Cannot reconnect, <see cref="BroConnection"/> is disposed.</exception>
/// <exception cref="InvalidOperationException">Failed to reconnect to host.</exception>
public void Reconnect()
{
if (m_connectionPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot reconnect, Bro connection is disposed.");
}
// Attempt reconnection
if (BroApi.bro_conn_reconnect(m_connectionPtr) == 0)
{
throw new InvalidOperationException(string.Format("Failed to reconnect to \"{0}\".", m_hostName));
}
}
/// <summary>
/// Creates a new <see cref="BroConnection"/> using the existing <paramref name="socket"/> handle.
/// </summary>
/// <param name="socket">Existing open socket to use for <see cref="BroConnection"/>.</param>
/// <param name="flags">Connection flags for this <see cref="BroConnection"/>.</param>
/// <exception cref="OutOfMemoryException">Failed to create Bro connection.</exception>
public BroConnection(int socket, BroConnectionFlags flags = BroConnectionFlags.None)
: this()
{
m_connectionPtr = BroApi.bro_conn_new_socket(socket, flags);
if (m_connectionPtr.IsInvalid())
{
throw new OutOfMemoryException("Failed to create Bro connection.");
}
m_hostName = string.Format("@FD={0}", socket);
m_flags = flags;
}
/// <summary>
/// Removes all fields from this <see cref="BroRecord"/>.
/// </summary>
/// <exception cref="ObjectDisposedException">Cannot clear, <see cref="BroRecord"/> is disposed.</exception>
public void Clear()
{
if (m_recordPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot clear items, Bro record is disposed.");
}
#if USE_SAFE_HANDLES
m_recordPtr.Dispose();
#else
BroApi.bro_record_free(m_recordPtr);
#endif
m_recordPtr = BroApi.bro_record_new();
}
/// <summary>
/// Adds <paramref name="value"/> to this <see cref="BroVector"/>.
/// </summary>
/// <param name="value">The <see cref="BroValue"/> to add to this <see cref="BroVector"/>.</param>
/// <returns><c>true</c> if successful; otherwise, <c>false</c>.</returns>
/// <exception cref="ArgumentNullException">Cannot add a <c>null</c> <see cref="BroValue"/>.</exception>
/// <exception cref="ObjectDisposedException">Cannot add item, <see cref="BroVector"/> is disposed.</exception>
public bool Add(BroValue value)
{
if ((object)value == null)
{
throw new ArgumentNullException("value");
}
if (m_vectorPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot add value, Bro vector is disposed.");
}
return(value.ExecuteWithFixedPtr(ptr => BroApi.bro_vector_add_val(m_vectorPtr, value.Type, value.TypeName, ptr) != 0));
}
/// <summary>
/// Requests the same events as those in <paramref name="source"/> Bro connection.
/// </summary>
/// <param name="source">Source <see cref="BroConnection"/> to adopt events from.</param>
/// <exception cref="ArgumentNullException"><paramref name="source"/> is <c>null</c>.</exception>
/// <exception cref="ObjectDisposedException">Cannot adopt events, <see cref="BroConnection"/> is disposed.</exception>
public void AdoptEvents(BroConnection source)
{
if ((object)source == null)
{
throw new ArgumentNullException("source");
}
if (m_connectionPtr.IsInvalid() || source.m_connectionPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot adopt events, Bro connection is disposed.");
}
BroApi.bro_conn_adopt_events(source.m_connectionPtr, m_connectionPtr);
}
/// <summary>
/// Adds <paramref name="field"/> to this <see cref="BroRecord"/>.
/// </summary>
/// <param name="field">The <see cref="BroField"/> to add to this <see cref="BroRecord"/>.</param>
/// <returns><c>true</c> if successful; otherwise, <c>false</c>.</returns>
/// <exception cref="ArgumentNullException">Cannot add a <c>null</c> <see cref="BroField"/>.</exception>
/// <exception cref="ObjectDisposedException">Cannot add item, <see cref="BroRecord"/> is disposed.</exception>
public bool Add(BroField field)
{
if ((object)field == null)
{
throw new ArgumentNullException("field");
}
if (m_recordPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot add value, Bro record is disposed.");
}
return(field.ExecuteWithFixedPtr(ptr => BroApi.bro_record_add_val(m_recordPtr, field.Name == string.Empty ? null : field.Name, field.Type, field.TypeName, ptr) != 0));
}
/// <summary>
/// Releases the unmanaged resources used by this <see cref="BroString"/> object and optionally releases the managed resources.
/// </summary>
/// <param name="disposing"><c>true</c> to release both managed and unmanaged resources; <c>false</c> to release only unmanaged resources.</param>
protected virtual void Dispose(bool disposing)
{
if (!m_disposed)
{
try
{
BroApi.bro_string_cleanup(ref m_value);
}
finally
{
m_disposed = true; // Prevent duplicate dispose.
}
}
}
/// <summary>
/// Attempts to send a <see cref="BroEvent"/> to a Bro agent.
/// </summary>
/// <param name="event"><see cref="BroEvent"/> to attempt to send.</param>
/// <returns><c>true</c> if the event was sent or queued for later transmission; otherwise <c>false</c> on error.</returns>
/// <remarks>
/// There are no automatic repeated send attempts (to minimize the effect on the code that Broccoli is linked to).
/// To verify all events were sent, attempt to empty the queue using <see cref="BroEventQueue.Flush"/>.
/// </remarks>
/// <exception cref="ArgumentNullException"><paramref name="event"/> is <c>null</c>.</exception>
/// <exception cref="ObjectDisposedException">Cannot send event, <see cref="BroConnection"/> or <see cref="BroEvent"/> is disposed.</exception>
public bool SendEvent(BroEvent @event)
{
if ((object)@event == null)
{
throw new ArgumentNullException("event");
}
if (m_connectionPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot send event, Bro connection is disposed.");
}
return(BroApi.bro_event_send(m_connectionPtr, @event.GetValuePtr()) != 0);
}
/// <summary>
/// Sends Bro <paramref name="packet"/> from this <see cref="BroConnection"/>.
/// </summary>
/// <param name="packet"><see cref="BroPacket"/> to send.</param>
/// <returns><c>true</c> if successful; otherwise, <c>false</c>.</returns>
/// <exception cref="ArgumentNullException"><paramref name="packet"/> is <c>null</c>.</exception>
/// <exception cref="ObjectDisposedException">Cannot send packet, <see cref="BroConnection"/> is disposed.</exception>
public bool SendPacket(BroPacket packet)
{
if ((object)packet == null)
{
throw new ArgumentNullException("packet");
}
if (m_connectionPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot send packet, Bro connection is disposed.");
}
return(BroApi.bro_packet_send(m_connectionPtr, packet.GetValuePtr()) != 0);
}
/// <summary>
/// Determines whether this <see cref="BroTable"/> contains specified <paramref name="key"/>.
/// </summary>
/// <param name="key">The <see cref="BroValue"/> to locate in this <see cref="BroTable"/>.</param>
/// <returns>
/// <c>true</c> if <paramref name="key"/> is found in this <see cref="BroTable"/>; otherwise, <c>false</c>.
/// </returns>
/// <exception cref="ObjectDisposedException">Cannot execute contains, <see cref="BroTable"/> is disposed.</exception>
public bool ContainsKey(BroValue key)
{
if ((object)key == null)
{
throw new ArgumentNullException("key");
}
if (m_tablePtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot execute contains, Bro table is disposed.");
}
return(key.ExecuteWithFixedPtr(ptr => BroApi.bro_table_find(m_tablePtr, ptr) != IntPtr.Zero));
}
/// <summary>
/// Determines whether this <see cref="BroSet"/> contains specified <paramref name="value"/>.
/// </summary>
/// <param name="value">The <see cref="BroValue"/> to locate in this <see cref="BroSet"/>.</param>
/// <returns>
/// <c>true</c> if <paramref name="value"/> is found in this <see cref="BroSet"/>; otherwise, <c>false</c>.
/// </returns>
/// <exception cref="ObjectDisposedException">Cannot execute contains, <see cref="BroSet"/> is disposed.</exception>
public bool Contains(BroValue value)
{
if ((object)value == null)
{
throw new ArgumentNullException("value");
}
if (m_setPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot execute contains, Bro set is disposed.");
}
return(value.ExecuteWithFixedPtr(ptr => BroApi.bro_set_find(m_setPtr, ptr) != 0));
}
