[Bro-Dev] #510: Upgrade How-To

Bro Tracker bro at tracker.bro-ids.org
Wed Aug 31 11:17:42 PDT 2011 

#510: Upgrade How-To
----------------------+------------------------
  Reporter:  robin    |      Owner:
      Type:  Problem  |     Status:  new
  Priority:  Normal   |  Milestone:  Bro1.6
 Component:  Bro      |    Version:  git/master
Resolution:           |   Keywords:  preview
----------------------+------------------------

Comment (by jsiwek):

 Transferring the following list of topics from the wiki for the upgrade
 guide, and expanding on some:

 - Explain new script organization's hierarchy
   - top-level source dir name changed from `policy` to `scripts`
   - the new `base` subdir differs from the new `policy` subdir in that
 `base` is all scripts that are loaded by Bro by default (unless the `-b`
 option is given)
   - default/builtin BROPATH only looks in `policy` and `site`, not `base`
 (important to know for those running in `-b` mode)
 - Scripting-layer API changes
   - The `@prefixes` directive works differently, see
 [d97003892bf1e3f6d642ca93bf992488f0c9bb7b/bro]
   - `mask_addr` BIF returns `subnet` vs. `addr`
   - `net` type has been removed
   - `remote.bro` has evolved into the communication framework
      - `Remote` module renamed to `Communication`
      - `Remote::destinations` renamed to `Communication::nodes` (the table
 of peers)
      - `Remote::Destination` renamed to `Communication::Node` (the type
 defining a remote peer)
 - The default packet filter now examines all packets instead of
 dynamically building a filter based on which protocol analysis scripts are
 loaded.  See `PacketFilter::all_packets`.
 - Dynamic Protocol Detection (DPD) is now enabled/loaded by default
 - The "default" conn.log does not use well known ports for the service
 field, may be an added field in an extension script, see #576
 - The majority of shipped Bro scripts have been overhauled to take
 advantage of modern Bro features.  This includes using a new logging
 framework to standardize the format of logs across scripts.
 - The "notice" framework has been overhauled to make it easier for a user
 to define their site's policy.  Might need more details/examples here.
 - The development process has moved from using SVN to Git for revision
 control and from Autotools to CMake for the build system.

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/510#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list