[Bro-Dev] A consistent order of precedence for broctl options

Daniel Thayer dnthayer at illinois.edu
Mon Aug 20 11:48:24 PDT 2012


On 08/20/2012 12:06 PM, Slagell, Adam J wrote:
> Ticket [837] came up in discussion today. It does not appear that this issue was ever resolved. However, I think it is just a specific instance of a more general problem. We don't have any well-defined order of precedence for broctl options, and that leads to ambiguity and frustration (If I am wrong, someone please clarify it in documentation and we can answer this ticket in a consistent way).
>
> I hope we can at least agree on two points. First, there should be a well-defined precedence that is documented and followed as uniformly as possible. If you're on board with that, do you agree with my second assertion that broctl should get the last word and override all others?
>
> Maybe as a first step we could list all the places and ways such settings could be made, and then work to order that list?
>
> :Adam Slagell
>
> [837] http://tracker.bro-ids.org/bro/ticket/837
> ------

Out of the 60+ broctl options that currently exist, there are 8 or so
of them that could clash with values defined in a bro script
(confusingly, the bro script variable name is usually different
than the name of the corresponding broctl option).
Currently, in such a case the broctl option value will be used
instead of the corresponding bro script variable.  The only
exception is if the "aux_scripts" option is defined in etc/node.cfg,
and then only if such an aux. script contains a variable that
overrides a broctl option.

I have already improved the broctl README document (although this is
not currently visible on the bro web site due to an issue with
updates not appearing) to better explain the load order (in the
"Site-specific Customization" section), but it might also be
useful to add a note in the "Option Reference" section for each
broctl option that can be set via a bro script variable (for example,
"this option overrides the bro script variable 
'default_rotation_interval'").
We may also want to switch the load order so that broctl options
will override the aux_scripts (if any).



More information about the bro-dev mailing list