[Bro-Dev] [Bro-Commits] [git/bro] topic/policy-scripts-new: Extract packet data for the dpd.log (7c168e0)

Seth Hall seth at icir.org
Thu Apr 21 09:13:02 PDT 2011


On Apr 21, 2011, at 10:42 AM, Robin Sommer wrote:

> This is a nice idea but get_current_packet() has some fuzzy semantics:
> the current packet is not necessarily the one triggering the event. It
> probably works often, but not always, and I'm wondering if when it
> doesn't, it could be very confusing to show the data here?


The fairly limited testing I did last night was giving me the correct data.  What would you think if I just leave that field disabled by default?  We could implement that field in a separate script and put a big disclaimer in the script that about how it could give incorrect packet data.  Assuming that people are reading the docs we should be safe.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/




More information about the bro-dev mailing list