[Bro-Dev] active_conns

Seth Hall seth at icir.org
Mon Mar 21 10:21:13 PDT 2011

On Mar 21, 2011, at 1:11 PM, Robin Sommer wrote:

> On Fri, Mar 18, 2011 at 21:48 -0400, you wrote:
>> 	print c$http_session$log$method;
> This is kind of neat ... We could even extend c?$http_session to check
> whether the record type has that field at all, and then use that as a
> replacement for all the "is this script loaded?" hacks currently in
> use ...

Yeah, that's a good point.  The approach I've been taking with the "is this script loaded?" hacks is to solve the problem a different way.  It seems that many of those hacks are due to one of two things:

1. There is some sort of general library functionality that should probably always be loaded as a sort of base library.
2. The functionality was hacked into an existing script the fastest way possible.

I think the script extension model should make it possible for us to extract a lot of the circular dependencies into separate scripts, but like you said, in the cases where it does make sense to use a "is this script loaded?" hack, checking based on the existence of the protocol specific field certainly makes things cleaner and more regular across all of the scripts.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the bro-dev mailing list