[Bro-Dev] changing Notice::policy mechanism

Vern Paxson vern at icir.org
Sun Nov 4 23:13:06 PST 2012

> Continuing the discussion from the group call, I think that we're starting
> to converge on adding a "policy" keyword to the language to represent
> something between a function and an event.

Hmmmm.  This is sounding weird.  I think it's telling that you're heading
towards introducing a concept that isn't (in terms of the name that comes
to mind for it) about anything relating to language semantics, but rather
to intended use, i.e., that this mechanism is for honing policy.  That's
often a sign that it's time to stop & rethink things.

Let's start with what's deficient about the current style.  The overarching
problem is it's hard to understand/explain, correct?  How much of this is
the funky [$pred...] syntax, vs. that we've wound up adding a bunch of
separate hooks into the framework so it's hard to know which hook to use,
and/or it's hard to understand what a given collection of hooks does?

I feel like we need to better determine just what problem we want/need to
solve in order to then think about how to coherently provide better support
for it.


More information about the bro-dev mailing list