[Bro] Help with Bro source code

Yagyesh Srivastava ysrivas at ncsu.edu
Fri Oct 28 05:33:50 PDT 2016


Thanks Anthony.

I now have a basic understanding having gone through anthony kasza's blog.

Can someone please help me with any kind of material/slides for
understanding bro source code?
Any other help/source would really help me a lot!

Thanks,
Yagyesh

On Thu, Oct 27, 2016 at 5:56 PM, anthony kasza <anthony.kasza at gmail.com>
wrote:

> Hi Yagyesh,
>
> I wrote a blog about what I found while first exploring Bro's code base. I
> hope you find it helpful.
> http://supbrosup.blogspot.com/2014/10/out-of-scripts-and-into-core.html
>
> -AK
>
> On Oct 27, 2016 3:46 PM, "Yagyesh Srivastava" <ysrivas at ncsu.edu> wrote:
>
>> Hi,
>>
>> I am trying to understand the bro events engine for HTTP.
>> I see that the code has two places where http is handled:
>> 1) build/src/protocol/http (files like events.bif.cc , events.bif.init.cc
>> and functions.bif.cc)
>> 2) src/protocol/http (files like HTTP.CC)
>>
>> I am guessing the first one is the event engine and the second one is for
>> handling the incoming HTTP packets. is that correct?
>>
>> Does anyone know of a runtime analysis tool which would be helpful in
>> this case?
>> How do we generally go about to understand bro's code base, i am just a
>> beginner at this.
>> Would really appreciate all the help.
>>
>> Thanks,
>> Yagyesh
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161028/c907394d/attachment.html 


More information about the Bro mailing list