[Bro-Dev] Organizing plugins (Re: [JIRA] (BIT-1222) topic/robin/reader-writer-plugins)
Robin Sommer
robin at icir.org
Tue Aug 5 14:33:52 PDT 2014
On Mon, Aug 04, 2014 at 21:15 -0400, you wrote:
> Mmmppphhh... Not sure if I should say "let's do it!" or not. I'm
> *really* tempted to say that we should make the break. We're early in
> the 2.4 dev cycle and now's the perfect time to get that plugin
> organizational experience.
Well, my preference would be to first get experience with maintaining
some external plugins before we take the step to reorganize all the
existing stuff. That's quite a bit of work, and if we get it wrong
we'll have to do it again later ...
> the community. Only one way to get the experience. :) �� I'm
> actually starting to wonder now what you mean by "standard scripts"?
> You're obviously saying that the ES and dataseries scripts should be
> broken out, but could you give an example where you think we should
> leave it alone for now?
Take the HTTP analyzer for example. The event engine code lives in
src/analyzer/protocol/http/. If this were an external plugin, it would
have its corresponding Bro scripts in src/analyzer/protocol/http/. So
I guess that means we would now move
scripts/{base,policy}/protocols/http in there.
But I'm not sure it's always clear-cut where existign scripts would
move; and what about those that don't have a corresponding src/* part?
I think the answer is that those would move into script-only plugins,
which in principle should already be supported as well; but where do
they live? Maybe we want to move all the plugins out of src/ anyways?
And how does this all play along with the envisioned CBAN (or whatever
we call it these days)?
So, I'm with you that should figure this all out, but I would prefer
to do that as a separate step that for now leaves the existing
structure in place until we know these answers.
> And libgeoip!
Good point, although this would hurt a bit more: geoip is optional but
still pretty standard functionality that we would now require people
to install separately ... So while I agree that this should move into
its own plugin as well, maybe that's also somethign for later
(generally, most of the bifs should move to plugins as well; we should
reorg them broadly by functionality).
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin
More information about the bro-dev
mailing list