[Bro-Dev] #999: BiFs to control packet reading
Bro Tracker
bro at tracker.bro.org
Tue May 14 11:35:21 PDT 2013
#999: BiFs to control packet reading
-----------------------------+------------------------
Reporter: seth | Owner:
Type: Feature Request | Status: new
Priority: Low | Milestone: Bro2.2
Component: Bro | Version: git/master
Keywords: |
-----------------------------+------------------------
It would be handy to have BiFs to control packet reading if reading from a
tracefile. This is coming up because someone wants to match intelligence
data with the intelligence framework against tracefiles, but the
intelligence loading is asynchronous so in some cases the tracefile has
already finished by the time the intelligence is fully loaded.
Two bifs like this would be handy:
{{{
# Return true if the packet reading was "playing"
function packet_reading_pause(): bool
# Return true if the packet reading was "paused"
function packet_reading_play(): bool
}}}
I think that by default Bro should in the "play" state to keep the current
behavior. We could call packet_reading_pause() in bro_init or outside of
an event handler to avoid reading packets after bro_init is dispatched.
--
Ticket URL: <http://tracker.bro.org/bro/ticket/999>
Bro Tracker <http://tracker.bro.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list