[Bro-Dev] Looking on feedback on PACF/reaction framework
Scott Campbell
scampbell at lbl.gov
Fri Jun 20 17:08:59 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/19/14 2:41 PM, Robin Sommer wrote:
>
> I have revised the proposed API a bit, see
>
> http://www.bro.org/development/projects/pacf.html
>
> I would be interested in feedback regarding if (1) the User API is
> generally expressed at a good level, and (2) if this covers the
> functionality that people have implemented, or plan to, for
> interfacing with their network gear.
>
> Any other thoughts are welcome too, of course.
>
> (The details for individual operations aren't cast in stone yet
> and could certainly be adjusted/extended).
>
> Robin
>
>
Besides all of Vlad's excellent points, I might add that OpenFlow
related activity should be pointed at a controller rather than an
individual switch. This might be one way to address the load
balancing issues as well.
The other question that I have is how you would identify the flow
direction in the conn_id object in the instance where I want to shunt
out one side of a connection?
Might be nice to have a count() as well since many hardware devices
have hard limits on what they can deal with. This also might make a
nice example for an extension of the RuleType.
Looks like you might have answered the flow question already via
ORIG/RESP?
thanks!
scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlOkzRsACgkQK2Plq8B7ZBy7SgCfUP8O4IprafnjoA0k5L9Z1WcK
Pe8AoIzL57yQJFYAsGV7b3rr0t2DwiBb
=xMhK
-----END PGP SIGNATURE-----
More information about the bro-dev
mailing list