[Bro-Dev] Bif tuning / overhaul

Gregor Maier gregor at icir.org
Tue Feb 15 15:31:52 PST 2011 

Hi,

I've revamped the Bro bif language a bit. Mainly to add support for
namespaces and features that would be handy for my RPC/NFS analyzers.

I've also documented what one can do with bifs. Find it at:
  http://bro.icir.org/devel/bif-doc/
an overview of all of it:
  http://bro.icir.org/devel/bif-doc/example.html


The main changes (from current master version):

* support for policy-layer namespaces. Either using fully qualified
  names (MODULE::foobar) or using the "module XYZ;" statement.

* C/C++ variables, and functions have their own namespaces:
  BifConst     for consts
  BifTypePtr   for type declartions (RecordType*, EnumType*)
  BifEnum      for C-enums derived from BiFs
  BifFunc      for bif functions
  BifEvent     for (some parts) of events. I haven't moved all of
               the event related C++ variables into this namespace,
               because this would substantial refactoring of existing
               code
  Question: Could also use BroConst, etc. instead of BifConst

* const:
  + can now use any type for consts (previously: only bools)
  + can now only declare but not define consts. You must define
    the const in bro.init. The bif only creates the netvar glue code.
    This will help streamline automatically generated documentation and
    it was necessary for supporting types other than bool

* forward type delcaration: can you declare but not define Bro types
  (records, sets, etc.) in BiF to make them available to C++. The bif
  only generates the netvar glue. The types must be defined in bro.init


Comments?

cu
Gregor
  etc.)

-- 
Gregor Maier
<gregor at icir.org>  <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA
http://www.icir.org/gregor/

More information about the bro-dev mailing list