From 0325b5ea32f9b86c89ca020097de4586d782f636 Mon Sep 17 00:00:00 2001 From: Matthias Vallentin Date: Sun, 20 Nov 2011 21:41:41 -0800 Subject: [PATCH] to_port() now parses a string instead of a count. Addresses #684. --- scripts/base/protocols/irc/dcc-send.bro | 2 +- src/bro.bif | 22 ++++++++++++++++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/scripts/base/protocols/irc/dcc-send.bro b/scripts/base/protocols/irc/dcc-send.bro index b2a48a472a..669cc03e55 100644 --- a/scripts/base/protocols/irc/dcc-send.bro +++ b/scripts/base/protocols/irc/dcc-send.bro @@ -99,7 +99,7 @@ event irc_dcc_message(c: connection, is_orig: bool, return; c$irc$dcc_file_name = argument; c$irc$dcc_file_size = size; - local p = to_port(dest_port, tcp); + local p = count_to_port(dest_port, tcp); expect_connection(to_addr("0.0.0.0"), address, p, ANALYZER_FILE, 5 min); dcc_expected_transfers[address, p] = c$irc; } diff --git a/src/bro.bif b/src/bro.bif index a2f97356a7..6d4d7ce1dd 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -586,9 +586,27 @@ function raw_bytes_to_v4_addr%(b: string%): addr return new AddrVal(htonl(a)); %} -function to_port%(num: count, proto: transport_proto%): port +function to_port%(s: string%): port %{ - return new PortVal(num, (TransportProto)proto->AsEnum()); + int port = 0; + if ( s->Len() < 10 ) + { + char* slash; + port = strtol(s->CheckString(), &slash, 10); + if ( port ) + { + ++slash; + if ( streq(slash, "tcp") ) + return new PortVal(port, TRANSPORT_TCP); + else if ( streq(slash, "udp") ) + return new PortVal(port, TRANSPORT_UDP); + else if ( streq(slash, "icmp") ) + return new PortVal(port, TRANSPORT_ICMP); + } + } + + builtin_error("wrong port format, must be /[0-9]{1,5}\\/(tcp|udp|icmp)/"); + return new PortVal(port, TRANSPORT_UNKNOWN); %} function mask_addr%(a: addr, top_bits_to_keep: count%): subnet