[Bro-Dev] Bare Mode
Siwek, Jonathan Luke
jsiwek at illinois.edu
Fri Nov 22 07:38:23 PST 2013
On Nov 21, 2013, at 9:33 PM, anthony kasza <anthony.kasza at gmail.com> wrote:
> I'm curious if Bro in bare mode is ever used for anything.
The intention for mode is to allow users more choice in what script-level functionality to load. In practice, I don’t know how often it’s used for that.
The other thing I frequently use it for is unit tests, where I want minimal test cases and faster parse time.
> I'm not surprised to see bare mode include bifs. Is there a design decision
> why bare mode includes things like the input and logging framework but
> not the protocol directories that make use of them (e.g.
> bro/base/protocols/conn) ?
If it’s something that’s tightly coupled with internals and only has parse-time performance cost, then that’s something to expect to be loaded in bare mode. The protocol analysis packages don’t satisfy either condition — internals don’t depend on them to be loaded and loading them can have run-time performance costs.
- Jon
More information about the bro-dev
mailing list