[Bro-Dev] [Bro-Commits] [git/bro] topic/policy-scripts-new: Extract packet data for the dpd.log (7c168e0)
seth at icir.org
Thu Apr 21 09:13:02 PDT 2011
On Apr 21, 2011, at 10:42 AM, Robin Sommer wrote:
> This is a nice idea but get_current_packet() has some fuzzy semantics:
> the current packet is not necessarily the one triggering the event. It
> probably works often, but not always, and I'm wondering if when it
> doesn't, it could be very confusing to show the data here?
The fairly limited testing I did last night was giving me the correct data. What would you think if I just leave that field disabled by default? We could implement that field in a separate script and put a big disclaimer in the script that about how it could give incorrect packet data. Assuming that people are reading the docs we should be safe.
International Computer Science Institute
(Bro) because everyone has a network
More information about the bro-dev