[Bro-Dev] Adding child analyzer to TCP using a non-built-in plugin
Robin Sommer
robin at icir.org
Fri Jul 3 09:26:18 PDT 2015
On Thu, Jul 02, 2015 at 12:18 -0500, you wrote:
> something more abstract needs to happen. I'm at a loss and curious to know
> if this has been done in the past. If so, who might know how to do this?
Do I see it right that the main challenge is the code in
analyzer/Manager.cc that adds TCPRS as a child analyzer? That's
currently hardcoded but needs to become dynamic with a plugin.
Here's an idea for that: we could add a new plugin hook that executes
at the end of BuildInitialAnalyzerTree(), giving plugins an
opportunity to augment the tree further at that point, for example by
adding another child analyzer like TCPRS. See plugin/Plugin.h for the
API for existing hooks; we'd add another one of those Hook*() methods
to the Plugin class. Would that work for you?
Robin
--
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the bro-dev
mailing list