Friday, August 9, 2013

Intro to Brogramming - Built in Functions

Defining functions within a script is good and useful, but Bro has very useful functions already built in to C++ core for brogrammers to call from scriptland. These functions, available to Brogrammers from scriptland are called built-in functions.

Being an open source project Bro get contributions left and right from people who extend its functionality. The file located at
/usr/local/bro/share/bro/base/bro.bif.bro has a list of all the functions available for general programming in Bro. /usr/local/bro/share/bro/base/strings.bro.bif has a list of all the string related functions Bro has built in. In fact, you should familiarize yourself with the every .bif (built in function) file in that directory. Alternatively, you can browse the auto-generated documentation those files create by following the hyperlinks.

Bro has functions for doing math, string manipulation, address manipulation, file handling, type conversions, events, all sorts of stuff. Functions and events can be decorated with attributes too. The &priority attribute can be used to set an event's priority in the core's event handling queue. When an event occurs, the core of Bro collects all blocks of code associated with that event and executes them (you could have eight scripts loaded into the running Bro process and all eight scripts could have code blocks associated with a single event). Setting a priority on an event from one of those eight scripts ensures the code block is executed by the core with a higher priority.

Run this script and find the bif's it used in the built in function files (or their auto generated documentation equivalents). Try to find at least five new functions you think sound interesting or useful. Pay attention to the parameters' types the functions require and the type returned by the functions.

