[Bro-Dev] Autodoc: how to link to another script?

Gregor Maier gregor at icir.org
Wed Aug 10 14:25:52 PDT 2011


On 8/10/11 13:56 , Seth Hall wrote:
>
> On Aug 10, 2011, at 4:40 PM, Gregor Maier wrote:
>
>> (1) and (3) are kinda related. I always found it very hard to know and understand what all the 100's of redef'able consts in bro.init did. I think doing it this way is nice way of putting the documentation together and giving users and easy way to access the functionality (load the tunnel script, look at it's documentation for details)
>>
>> We can probably split it up and put (1) in policy/ and (2) in base/. However, (2) only works if the connection_compressor is disabled (otherwise the identity of the tunnel is lost), so this makes it more problematic to put it in base (at least while the connection_compressor remains on by default)
>
> Ah, ok.  That makes sense.  That's probably the right way to do it.  Make it disabled by default (with scripts using it loaded in base) and create a file named policy/protocols/conn/decapsulate-tunnels.bro (or something like that).  In the decapsulate-tunnels.bro script, you could document that it relies on the connection compressor being disabled.  If people don't read the docs for scripts before @load-ing them it's hard to blame the script author. :)

I was just about to implement it this way, when the following occurred 
to me: If I split it up, then conn.log will always contain a column 
"tunneltype" (since (2) is in base) even if the tunnel decapsulation 
isn't enabled. This might be counter intuitive for users, since the 
presence of the column would suggest that something with tunnels is 
happening (esp. now that we have extendable log files)


(Just for the tunnels this whole discussion is definitely overblown, but 
IMHO we'll face such questions more often further down the road, so I 
think we should figure out what the best way to do it is)

cu
gregor
-- 
Gregor Maier
<gregor at icir.org>  <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA
http://www.icir.org/gregor/


More information about the bro-dev mailing list