[Bro-Dev] Script reorg proposal

Gregor Maier gregor at icir.org
Tue Aug 2 12:55:34 PDT 2011

>> Another question would be whether one would split protocol analysis
>> between base and policy? E.g., is there going to be "base/http/" and
>> "policy/http" and when I load the first as package I get the basic and
>> when I also load "policy/http" as package I get the heavier analysis or
>> would I also cherry-pick additional features in "policy/http/*"?
> Yes, both packages could exist, base/http for basic analysis and policy/http for advanced.  In the later case, my feeling is that cherry-picking is always allowed/encouraged, but if we allow policy/http to be loaded as a whole package, we might need some convention that makes that behavior well-defined or inferable from the naming/hierarchy for the cases where a package contains related-but-conflicting scripts that shouldn't be loaded together and thus require cherry-picking.  If that situation occurs, my suggestion would be to use an opt/ subdir of a given package to reflect such add-on scripts that require the user to do a little thinking before loading it.

Yeah. I think users should have to cherry-pick individual scripts form 
policy/* and not be able to load them via packages.

Gregor Maier
<gregor at icir.org>  <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA

More information about the bro-dev mailing list