[Bro-Dev] Splitting up init-bare?
Seth Hall
seth at icir.org
Sat Feb 11 21:20:04 PST 2017
> On Feb 10, 2017, at 1:03 PM, Johanna Amann <johanna at icir.org> wrote:
>
>> For the protocols, I could see having a file such as
>> protocols/kerberos/bare.bro which defines the appropriate types which are
>> currently in init-bare.
>
> That sounds like a good idea - I am not a big fan of the fact that a lot
> of the protocol dependent datatypes are in init-bare currently.
If we started structuring the analyzers internally more like external plugins with the scripts and everything in them, it would feel more comfortable to me. It seems like we'd be able to keep all of a protocol ephemera tied closely with it.
Would that work? I know that internal and external plugins have some differences, but I don't know if that means we're limited in a bit in how we handle script land required data structures for analyzers.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the bro-dev
mailing list