[Bro-Dev] Autodoc: how to link to another script?

[Gregor Maier]

> You may want to check out: http://www.bro-ids.org/development/script-conventions.html

ooops. will do.

>> I could actually add this tunnel_parent field in my tunnel.bro script that logs child-conn-id<-->  parent_t
>
> I'm actually starting to wonder if tunnel.bro should go in base/protocols/conn/.  That actually seems like the appropriate place since it has to do with connections.  It's just using extra core support to find and log these tunnels.  I would still extend the Conn::Info type in the tunnels.bro script though.  What do you think?

sounds good to me. However, I wouldn't put it in base. I think the 
default should be to not decapsulate tunnels!

[snip]

> You've got it.  I'm hoping to get everyone away from the notion of column numbers even.  Once we get binary logging added it will really be inconsequential because you will essentially load a log (or logs) and request specifically named fields from the log since the binary log doesn't have a notion of column ordering anyway.  For the ascii logs, looking at the headers certainly works though.

Yeah. People using awk will hate that....
(But I'm using mostly python these days anyways)

> In most cases if people just use the default loaded scripts as-is we should maintain pretty steady column ordering for most columns.


That's what's worrying me: people assuming a fixed ordering when writing 
analysis scripts. We should probably just mention this somewhere in the 
Getting Starting and From 1.5 to 2.0 HowTo.


cu
Gregor

-- 
Gregor Maier
<gregor at icir.org>  <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA
http://www.icir.org/gregor/