[Bro-Dev] Plugin branch status

Robin Sommer robin at icir.org
Fri May 17 18:17:17 PDT 2013 

The plugin branch is almost ready for merging, except for some
clean-up and missing API docs. It does two things:

    (1) Move all protocol analyzers over to new infrastructure code
    that's structured around standalone modules (plugins): everything
    that's part of an analyzer is now contained to a single directory
    (incl. C++ code, bif, pac). Currently all these plugins are still
    compiled in statically but in the future (not 2.2) there will also
    be an option to compile individual analyzers standalone into
    dynamic libraries.

    (2) Make analyzer activation/deactivation dynamic, controllable by
    function calls via the new analyzer framework (dpd_config is
    gone).

In the future, the infrastructure for (1) will also faciliate moving
other components to the plugin-model as well (e.g., readers/writers,
packet sources)

So, my question is if I should go ahead merging this into master for
2.2. At the user-level it doesn't change much other than what relates
to (2), but internally it moves things move around quite a bit,
including renaming analyzers classes and introducing an analyzer
namespace. I think generally that's fine, but let me know what you
think.

Also, there's one particular issue coming with a merge that we would
need to fix: the Broxygen docs for analyzer bifs are now spread out
over many files, and look pretty ugly in the generated pages. I think
what we'll need to do is switching from a purely file-based model to
documenting semantic groups, like a specific analyzer. I don't think
this will actually be too difficult, the plugin infrastructure comes
with "introspection" functinality that gives you all bif elements that
a plugin defines. I believe Broxygen could just go through and turn it
into one corresponding pages (see below for output of the new "-N"
switch that summarizes this information for all available plugins).
However, it's probably still a bit of work to get this into a nice
shape. 

So my question is, mostly for Jon: is that something we could tackle
for 2.2 final (during beta would be ok)? If that's too much work to be
realistic, I'm wondering if we should postpone the plugin branch for
2.3.

Robin

--------- cut -------------------------------------------------------


# bro -NN

[...]

Plugin: Bro::FTP - FTP analyzer (built-in)
    [Analyzer] FTP (ANALYZER_FTP, enabled)
    [Analyzer] FTP_ADAT (enabled)
    [Event] ftp_request
    [Event] ftp_reply
    [Type] ftp_port
    [Function] parse_ftp_port
    [Function] parse_eftp_port
    [Function] parse_ftp_pasv
    [Function] parse_ftp_epsv
    [Function] fmt_ftp_port

[...]



-- 
Robin Sommer * Phone +1 (510) 722-6541 *     robin at icir.org
ICSI/LBNL    * Fax   +1 (510) 666-2956 * www.icir.org/robin

More information about the bro-dev mailing list