[Bro-Dev] Documenting Weirds
Robin Sommer
robin at icir.org
Tue Jul 1 09:12:30 PDT 2014
On Sat, Jun 28, 2014 at 11:46 -0400, you wrote:
> Maybe more generally, we should to make a Weird closer to a Notice. For
> example, if a file analyzer generates a weird, there are no fields in the
> weird.log to map it back to the offending file.
Yeah, that would make a lot sense.
> I realize that that's trickier, since Weirds can be generated from
> either the core or script-land.
One thing to keep in mind is that it shouldn't become burdensome to
write the code for generating a Weird, in particular in core land. The
situations that they report are (supposedly) rare, so it's not worth
spending much time on. Right now, one appeal of the Weirds is that
it's to say "alright, shouldn't happen, weird() if it does"; but if
one would need to start building Vals etc. to pass the right
parameters with it, one might become more inclined to skip the check
(because it shouldn't happen anyways :) This is not a huge issue, and
could probably be solved with a few wrappers covering common cases
(and we have some of that already, like the WeirdConn() etc.; could
extend that a bit more).
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin
More information about the bro-dev
mailing list