[Bro-Dev] [desired broker api as oppose to whats in known-hosts.bro]
Robin Sommer
robin at icir.org
Mon Mar 6 08:43:34 PST 2017
On Sat, Mar 04, 2017 at 00:21 +0000, you wrote:
> Broker::exists(Cluster::cluster_store, Broker::data("known_hosts"))
> Broker::lookup(Cluster::cluster_store, Broker::data("known_hosts"))
> Broker::set_contains(res2$result, Broker::data(host))
> Broker::add_to_set(Cluster::cluster_store, Broker::data("known_hosts"), Broker::data(host));
The first step will be getting this down to (some version of) this
form instead:
Broker::exists(Cluster::cluster_store, "known_hosts")
result = Broker::lookup(Cluster::cluster_store, "known_hosts")
Broker::set_contains(result, host)
Broker::add_to_set(Cluster::cluster_store, "known_hosts"), host);
This should be relatively straight-forward to achieve once we have the
changes in that Matthias is currently working on.
And hopefully we can then also get rid of the "when" statement for
using these.
As reminder, this is the current proposal for next Broker steps:
https://www.bro.org/development/projects/broker-lang-ext.html
Whether we want to go further, like with Aashish's &store proposal, we
can see then, I'm still a bit undecided there. Either way, a better
Bro-side UI for Broker is coming, we just need to get the various
pieces in place first that people are working on currently before we
can move forward.
Robin
--
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the bro-dev
mailing list