[Bro-Dev] Looking on feedback on PACF/reaction framework
Robin Sommer
robin at icir.org
Sat Jun 21 10:08:03 PDT 2014
On Fri, Jun 20, 2014 at 20:08 -0400, you wrote:
> Besides all of Vlad's excellent points, I might add that OpenFlow
> related activity should be pointed at a controller rather than an
> individual switch.
Yeah, the OpenFlow-related code in there is just some dummy code. Once
we start writing an actual OpenFlow plugin, we can see how to
structure that internally. I guess we may even end up having several
ones if we want to interface to different controllers.
> The other question that I have is how you would identify the flow
> direction in the conn_id object in the instance where I want to shunt
> out one side of a connection?
You would specify EntityType::FLOW and then, by definition,
conn_id$orig would be the source side and conn_i$resp the destination.
I admit that might be a bit confusing, so we could also extend Entity
with a separate flow_id item so that things don't get mixed up with
standard connection semantics for conn_id.
> Might be nice to have a count() as well since many hardware devices
> have hard limits on what they can deal with.
What would it count? Number of rules put in so far? At the level of
the API (i.e., number of add() calls), or at the hardware level? (one
add() could translate into multiple hardware filters I suppose).
Thanks,
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org/robin
More information about the bro-dev
mailing list