[Bro-Dev] active_conns

Seth Hall seth at icir.org
Mon Mar 21 10:21:13 PDT 2011


On Mar 21, 2011, at 1:11 PM, Robin Sommer wrote:

> On Fri, Mar 18, 2011 at 21:48 -0400, you wrote:
> 
>> 	print c$http_session$log$method;
> 
> This is kind of neat ... We could even extend c?$http_session to check
> whether the record type has that field at all, and then use that as a
> replacement for all the "is this script loaded?" hacks currently in
> use ...


Yeah, that's a good point.  The approach I've been taking with the "is this script loaded?" hacks is to solve the problem a different way.  It seems that many of those hacks are due to one of two things:

1. There is some sort of general library functionality that should probably always be loaded as a sort of base library.
2. The functionality was hacked into an existing script the fastest way possible.

I think the script extension model should make it possible for us to extract a lot of the circular dependencies into separate scripts, but like you said, in the cases where it does make sense to use a "is this script loaded?" hack, checking based on the existence of the protocol specific field certainly makes things cleaner and more regular across all of the scripts.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/




More information about the bro-dev mailing list