[Bro-Dev] Were to define global const (const.bif VS. bro.init + NetVar.{cc|h}
Gregor Maier
gregor at icir.org
Fri Dec 10 14:43:53 PST 2010
Hi,
I just noticed that multiple ways are used to define global const that
is accessed / redefined from both event engine and policy layer:
* in const.bif OR in bro.init and NetVar.{h|cc}
* in const.bif OR in a specific .bro script and NetVar.{h|cc}
it seems that all three options are used. I was wondering whether it
makes sense to unify them wrt the general Bro documentation / cleanup
efforts.
At least the ones that use const.bif and bro.init could be unified. Then
there's only a single place (bro.init or const.bif) were users have to
look to find out about global configuration settings.
For analyzer specific configuration options (i.e., ones that are defined
in a particular policy script) be more logical to keep them in the
policy script. (Or they could still be defined in const.bif and then
just redef'ed in the policy script, so that users who look at the policy
script are aware that the const exists)
But, YMMV.
cu
Gregor
--
Gregor Maier gregor at icir.org
Int. Computer Science Institute (ICSI) gregor at icsi.berkeley.edu
1947 Center St., Ste. 600 http://www.icir.org/gregor/
Berkeley, CA 94704
USA
More information about the bro-dev
mailing list