Friday, August 9, 2013

Intro to Brogramming - Variables and Simple Data Types

The wordplay titles stop here. Sorry to disappoint.

Brolang is strictly typed which means a variable must be assigned a type and can only act in a specific way.  If you've written C code, you're used to this. If you come from the lazy land of Perl, you should expect your variables to rely more on how you define them.
Bro has been built to accommodate network programming which makes it very good at doing just that. Some of these accommodations can be seen when looking at the native data types Bro has to offer a brogrammer. For example, having variables of type addr is rather convenient when working with network data. MySQL users know all too well the pains of not having native IP address data types.
Bro includes the following atomic data types:
  • addr – an addr can contain a network address. IPv4 and IPv6 addresses can be held within an addr type.
  • subnet – a CIDR notation subnet ( Even though a subnet is a collection of addresses, Bro still treats subnets as atomic data types.
  • bool – a bool can contain only two values, True or False. This data type behaves similarly to boolean variables in other languages. An example usage of this variable could be to determine if a condition is met or not.
  • count – a variable of type count contains an unsigned 64 integer (positive number). Bro has potential for looking at huge amounts of data off the wire. Sometimes you want to count things (you can’t have a negative number of SSH login attempts).
  • double – a variable of type double hold values of double-precision decimal numbers. Bro has the ability to do math for you and a situation could arise where simple integer math does not fulfill needs.
  • int – similar to counts but signed (can be positive or negative). An example usage of an integer is determining the change in number of connections seen between this hour and a previous hour.
  • interval – a range of time (3 sec/min/hr/day[s]). An interval can be used to measure time relative from something else. You may want to instruct Bro to set a timeout for something or to wait a specific amount of time after starting up to execute a function.
  • pattern – a regular express. Regular expression are fantastically powerful. Bro's dynamic protocol detection uses regular expressions to identify protocols on the wire instead of relying solely on standard port numbers.
  • port – a port number and associated protocol (they take the format of 53/udp or 80/tcp). What use is a network programming language without addresses and ports?
  • string – a string of bytes. Strings occur all over the place in Bro. Strings could be domain names, URLs, or even email messages.
  • time – an absolute epoch style time (this data type is global, compare to set which is local). This data type references a specific time (clock on the wall time). Sometimes a brogrammer might want to record the exact time a connection took place.
  • void - the absence of a type. This type is usually seen associate to function (we'll get to those later).
  • any - this type is used to bypass Bro's strong typing. This type is also associated mostly with functions.
Just like many other programming language, brolang has the concept of scope. A variable can be declared to have one of three different scopes.
  • const - the variable cannot be changed (this can be trumped with decorations)
  • global - the variable is available to all loaded scripts
  • local - the variable is local to the module, function or event
Declaring and defining a variable can be done by deciding a scope, name, type, and value for the variable. Let's say I want to print my name to the screen. I'll need a variable of type string and I'd like to call it 'myname'. The variable can be defined and declared the following way
    const global myname: string = "anthony";
Because myname probably won't change, I've set it to be a constant.
If I wanted to have a variable that held my age, I could define it in the following way
    global myage: count = 42;
Because myage will never be negative, I've assigned it a type of count and not int. Run this script and try to understand what happens with the myage variable and its scope. The bro_done event won't fire until you terminate the Bro process (ctrl+c).

No comments:

Post a Comment