/// <summary>
/// Creates a new <see cref="BroField"/> from the provided <paramref name="value"/> and specified field <paramref name="name"/>.
/// </summary>
/// <param name="value"><see cref="BroValue"/> for <see cref="BroField"/> to be based upon.</param>
/// <param name="name">The field name for the <see cref="BroField"/>, can be empty string for <see cref="BroType.List">BroType.List</see> source.</param>
/// <remarks>
/// Field <paramref name="name"/> is optional when using field with a <see cref="BroRecord"/> implemented as a <see cref="BroType.List">BroType.List</see>.
/// </remarks>
/// <exception cref="ArgumentNullException"><paramref name="name"/> is <c>null</c>.</exception>
public BroField(BroValue value, string name = "")
: this(
(object)value == null ? null : value.Value,
(object)value == null ? BroType.Unknown : value.Type, name,
(object)value == null ? null : value.TypeName)
{
}
/// <summary>
/// Adds new <paramref name="value"/> to this <see cref="BroRecord"/> with specified <paramref name="fieldName"/>.
/// </summary>
/// <param name="value"><see cref="BroValue"/> to add to record as a field.</param>
/// <param name="fieldName">Name of field to add to record, can be empty string for <see cref="BroType.List">BroType.List</see> source.</param>
/// <returns><c>true</c> if successful; otherwise, <c>false</c>.</returns>
/// <remarks>
/// Field name is optional when using Bro record as a <see cref="BroType.List">BroType.List</see>.
/// </remarks>
/// <exception cref="ArgumentNullException">Cannot add a <c>null</c> <see cref="BroValue"/>.</exception>
/// <exception cref="ObjectDisposedException">Cannot add item, <see cref="BroRecord"/> is disposed.</exception>
public bool Add(BroValue value, string fieldName = "")
{
if ((object)value == null)
{
throw new ArgumentNullException("value");
}
return(Add(new BroField(value, fieldName)));
}
/// <summary>
/// Attempts to get a new <see cref="BroValue"/> based on the provided <paramref name="value"/> converted to the specified <paramref name="type"/>.
/// </summary>
/// <param name="value"><see cref="BroValue"/> to convert.</param>
/// <param name="type"><see cref="BroType"/> to convert to.</param>
/// <returns><see cref="BroValue"/> converted to <paramref name="type"/> if successful; otherwise, <c>null</c>.</returns>
/// <exception cref="ArgumentNullException"><paramref name="value"/> is <c>null</c>.</exception>
public static BroValue ConvertToType(this BroValue value, BroType type)
{
if ((object)value == null)
{
throw new ArgumentNullException("value");
}
if (value.Type == type)
{
return(value);
}
switch (value.Type)
{
case BroType.Bool:
return(ConvertIntToType(value.GetValueAsInt(), type));
case BroType.Int:
case BroType.Count:
case BroType.Counter:
case BroType.Enum:
return(ConvertULongToType(value.GetValueAsULong(), type));
case BroType.Double:
case BroType.Time:
case BroType.Interval:
return(ConvertDoubleToType(value.GetValueAsDouble(), type));
case BroType.Port:
return(ConvertBroPortToType(value.GetValueAsBroPort(), type));
case BroType.IpAddr:
return(ConvertBroAddressToType(value.GetValueAsBroAddress(), type));
case BroType.Subnet:
return(ConvertBroSubnetToType(value.GetValueAsBroSubnet(), type));
case BroType.String:
return(ConvertBroStringToType(value.Value as BroString, type));
case BroType.Table:
return(ConvertBroTableToType(value.Value as BroTable, type));
case BroType.List:
case BroType.Record:
return(ConvertBroRecordToType(value.Value as BroRecord, type));
case BroType.Vector:
return(ConvertBroVectorToType(value.Value as BroVector, type));
case BroType.Set:
return(ConvertBroSetToType(value.Value as BroSet, type));
}
return(null);
}
/// <summary>
/// Determines whether the specified <see cref="Object"/> is equal to the current <see cref="BroField"/>.
/// </summary>
/// <returns>
/// <c>true</c> if the specified object is equal to the current object; otherwise, <c>false</c>.
/// </returns>
/// <param name="obj">The object to compare with the current object. </param>
public override bool Equals(object obj)
{
BroField field = obj as BroField;
if ((object)field != null)
{
return(Equals(field));
}
BroValue value = obj as BroValue;
return((object)value != null && Equals(value));
}
/// <summary>
/// Gets or sets the <see cref="BroField"/> at the specified <paramref name="index"/>.
/// </summary>
/// <returns>
/// The <see cref="BroField"/> at the specified <paramref name="index"/>, or <c>null</c> if there was an issue retrieving value.
/// </returns>
/// <param name="index">The zero-based index of the element to get or set.</param>
/// <exception cref="ObjectDisposedException">Cannot get or set <see cref="BroField"/>, Bro record is disposed.</exception>
/// <exception cref="ArgumentOutOfRangeException"><paramref name="index"/> is not a valid index in this <see cref="BroRecord"/>.</exception>
/// <exception cref="ArgumentNullException">Cannot set a <c>null</c> <see cref="BroField"/>.</exception>
/// <exception cref="InvalidOperationException">Failed to update <see cref="BroField"/> at <paramref name="index"/>.</exception>
public BroField this[int index]
{
get
{
if (m_recordPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot get field, Bro record is disposed.");
}
if (index < 0 || index >= Count)
{
throw new ArgumentOutOfRangeException("index");
}
BroType type = BroType.Unknown;
IntPtr valuePtr = BroApi.bro_record_get_nth_val(m_recordPtr, index, ref type);
string name = Marshal.PtrToStringAnsi(BroApi.bro_record_get_nth_name(m_recordPtr, index));
return(new BroField(BroValue.CreateFromPtr(valuePtr, type), name));
}
set
{
if (m_recordPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot set field, Bro record is disposed.");
}
if (index < 0 || index >= Count)
{
throw new ArgumentOutOfRangeException("index");
}
if ((object)value == null)
{
throw new ArgumentNullException("value");
}
if (value.ExecuteWithFixedPtr(ptr => BroApi.bro_record_set_nth_val(m_recordPtr, index, value.Type, value.TypeName, ptr) == 0))
{
throw new InvalidOperationException(string.Format("Failed to update field at index {0}.", index));
}
}
}
/// <summary>
/// Gets or sets the <see cref="BroValue"/> for the specified field <paramref name="name"/>.
/// </summary>
/// <returns>
/// The <see cref="BroField"/> with the specified field name, or <c>null</c> if there was an issue retrieving value.
/// </returns>
/// <param name="name">Then name of the <see cref="BroField"/> to get or set.</param>
/// <exception cref="ObjectDisposedException">Cannot get or set <see cref="BroField"/>, Bro record is disposed.</exception>
/// <exception cref="ArgumentNullException"><paramref name="name"/> is <c>null</c>.</exception>
/// <exception cref="ArgumentNullException">Cannot set a <c>null</c> <see cref="BroField"/>.</exception>
/// <exception cref="InvalidOperationException">Failed to update <see cref="BroField"/> with <paramref name="name"/>.</exception>
public BroValue this[string name]
{
get
{
if (m_recordPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot get field, Bro record is disposed.");
}
if ((object)name == null)
{
throw new ArgumentNullException("name");
}
BroType type = BroType.Unknown;
IntPtr valuePtr = BroApi.bro_record_get_named_val(m_recordPtr, name, ref type);
return(new BroField(BroValue.CreateFromPtr(valuePtr, type), name));
}
set
{
if (m_recordPtr.IsInvalid())
{
throw new ObjectDisposedException("Cannot set field, Bro record is disposed.");
}
if ((object)name == null)
{
throw new ArgumentNullException("name");
}
if ((object)value == null)
{
throw new ArgumentNullException("value");
}
if (value.ExecuteWithFixedPtr(ptr => BroApi.bro_record_set_named_val(m_recordPtr, name, value.Type, value.TypeName, ptr) == 0))
{
throw new InvalidOperationException(string.Format("Failed to update field with name \"{0}\".", name));
}
}
}
private unsafe void BroCompactEventCallBack(IntPtr bc, IntPtr user_data, bro_ev_meta *meta)
#endif
{
// Bail out if we didn't get a meta structure or event name
if (meta == null || meta->ev_name == IntPtr.Zero)
{
return;
}
// Create new BroEventArgs from call-back metadata
BroEventArgs args = new BroEventArgs();
bro_ev_arg arg;
args.EventName = Marshal.PtrToStringAnsi(meta->ev_name);
args.EventTime = new BroTime(meta->ev_ts);
// Get any user data passed to the call-back for the specified event name
lock (m_userData)
{
object userData;
if (m_userData.TryGetValue(args.EventName, out userData))
{
args.UserData = userData;
}
}
args.Parameters = new BroValue[meta->ev_numargs];
for (int i = 0; i < args.Parameters.Length; i++)
{
arg = meta->ev_args[i];
args.Parameters[i] = BroValue.CreateFromPtr(arg.arg_data, arg.arg_type);
}
OnReceivedEvent(args);
}
/// <summary>
/// Inserts <paramref name="value"/> in this <see cref="BroRecord"/> at the specified <paramref name="index"/> with specified <paramref name="fieldName"/>.
/// </summary>
/// <param name="index">The zero-based index at which <paramref name="value"/> should be inserted.</param>
/// <param name="value"><see cref="BroValue"/> to insert into this <see cref="BroRecord"/> as a field.</param>
/// <param name="fieldName">Name of field to add to record, can be empty string for <see cref="BroType.List">BroType.List</see> source.</param>
/// <remarks>
/// This is not a native Bro record operation. Function will perform expected task, but for large data sets operation may be expensive.
/// </remarks>
/// <exception cref="ObjectDisposedException">Cannot execute list operation, <see cref="BroRecord"/> is disposed.</exception>
/// <exception cref="ArgumentOutOfRangeException"><paramref name="index"/> is not a valid index in this <see cref="BroRecord"/>.</exception>
public void Insert(int index, BroValue value, string fieldName = "")
{
Insert(index, new BroField(value, fieldName));
}
static int Main(string[] args)
{
if (args.Length != 1)
{
Console.WriteLine("Usage:");
Console.WriteLine(" BroPingRecord host:port");
return(1);
}
try
{
string hostName = args[0];
Console.WriteLine("Attempting to establish Bro connection to \"{0}\"...", hostName);
// Create the connection object
using (BroConnection connection = new BroConnection(hostName))
{
// Register to receive the pong event
connection.RegisterForEvent("pong", e =>
{
BroRecord pongData = e.Parameters[0];
DateTime src_time = pongData["src_time"];
DateTime dst_time = pongData["dst_time"];
Console.WriteLine("pong event from {0}: seq={1}, time={2}/{3} s",
hostName,
pongData["seq"],
(dst_time - src_time).TotalSeconds,
(BroTime.Now - src_time).TotalSeconds);
});
connection.Connect();
Console.WriteLine("Bro connection established. Starting ping cycle, press any key to cancel...");
using (BroRecord pingData = new BroRecord())
{
int seq = 0;
// Define columns without any initial value
pingData.Add("seq", BroType.Count);
pingData.Add("src_time", BroType.Time);
while (!Console.KeyAvailable)
{
// Update ping record parameters
pingData["seq"] = new BroValue(seq++, BroType.Count);
pingData["src_time"] = BroTime.Now;
// Send ping
connection.SendEvent("ping", pingData);
// Process any received responses
connection.ProcessInput();
// Wait one second between pings
Thread.Sleep(1000);
}
}
}
return(0);
}
catch (Exception ex)
{
Console.Write("Exception: {0}{1}", ex.Message, Environment.NewLine);
return(1);
}
}
