[Bro-Dev] [Bro-Commits] [git/bro] topic/policy-scripts-new: Extract packet data for the dpd.log (7c168e0)
Seth Hall
seth at icir.org
Thu Apr 21 09:13:02 PDT 2011
On Apr 21, 2011, at 10:42 AM, Robin Sommer wrote:
> This is a nice idea but get_current_packet() has some fuzzy semantics:
> the current packet is not necessarily the one triggering the event. It
> probably works often, but not always, and I'm wondering if when it
> doesn't, it could be very confusing to show the data here?
The fairly limited testing I did last night was giving me the correct data. What would you think if I just leave that field disabled by default? We could implement that field in a separate script and put a big disclaimer in the script that about how it could give incorrect packet data. Assuming that people are reading the docs we should be safe.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list