[Bro-Dev] #699: Reorganizing layout of protocol analyzers
Bro Tracker
bro at tracker.bro-ids.org
Tue Nov 29 09:32:19 PST 2011
#699: Reorganizing layout of protocol analyzers
---------------------+------------------------
Reporter: robin | Owner:
Type: Task | Status: new
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version: git/master
Resolution: | Keywords:
---------------------+------------------------
Comment (by gregor):
{{{
#!rst
I like the idea. However, the trickier part is IMHO the way analyzers have
to be added in other places. In particular ``AnalyzerTags.h``,
``Analyzer.h``, and ``Analyzer.cc``. We should solve this. Eventually,
this might enable us to have a plug-in interface for analyzers in which
analyzers can be compiled as .so files and then loaded with dlopen().
Hopefully, this makes writing (and later integrating) analyzer for
external developers easier.
Regarding BiF:
If an analyzer comes with BiF's then, the files generated by ``bifcl``
(there are 5 or so) need to be included in the appropriate places in the
source code. This can probably be automated. E.g., consider the
``*.bif.func_def`` files. In the ``.cc/.h`` file we include a
``FOOBAR.func_def`` , which is automatically generated by the build system
based and in turn has ``#includes`` for all generated ``*.bif.func_def``.
This would also allow us to more easily split ``bro.bif`` in smaller
chunks. Right now pretty much everything goes in there.
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/699#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list