[Bro-Dev] Protocol Analyzer Plugin Question
Jan Grashöfer
jan.grashoefer at gmail.com
Tue May 16 02:28:58 PDT 2017
Hi,
> 1) When adding a new type to be passed to an event handler, thus handled
> upstream by a protocol analyzer script, types.bif only supports enums. In
> order to deal with this during build time, I have added custom rule and
> custom target to augment events.bif.bro before it is installed.
>
> Am I missing something here? Is there a more streamlined approach for doing
> this?
not sure whether this is of any help but I once added a new opaque type
using a plugin. As far as I remember, there was no need to adapt
anything to make that work.
Jan
More information about the bro-dev
mailing list