[Bro-Dev] #699: Reorganizing layout of protocol analyzers

Bro Tracker bro at tracker.bro-ids.org
Tue Nov 29 09:32:19 PST 2011


#699: Reorganizing layout of protocol analyzers
---------------------+------------------------
  Reporter:  robin   |      Owner:
      Type:  Task    |     Status:  new
  Priority:  Normal  |  Milestone:  Bro2.1
 Component:  Bro     |    Version:  git/master
Resolution:          |   Keywords:
---------------------+------------------------

Comment (by gregor):

 {{{
 #!rst

 I like the idea. However, the trickier part is IMHO the way analyzers have
 to be added in other places. In particular ``AnalyzerTags.h``,
 ``Analyzer.h``, and ``Analyzer.cc``. We should solve this. Eventually,
 this might enable us to have a plug-in interface for analyzers in which
 analyzers can be compiled as .so files and then loaded with dlopen().
 Hopefully, this makes writing (and later integrating) analyzer for
 external developers easier.

 Regarding BiF:
 If an analyzer comes with BiF's then, the files generated by ``bifcl``
 (there are 5 or so) need to be included in the appropriate places in the
 source code. This can probably be automated. E.g., consider the
 ``*.bif.func_def`` files. In the ``.cc/.h`` file we include a
 ``FOOBAR.func_def`` , which is automatically generated by the build system
 based and in turn has ``#includes`` for all generated ``*.bif.func_def``.

 This would also allow us to more easily split ``bro.bif`` in smaller
 chunks. Right now pretty much everything goes in there.

 }}}

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/699#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker



More information about the bro-dev mailing list