testing cross bro communication

[Robin Sommer]

On Tue, Jun 22, 2004 at 14:18 -0700, Scott Campbell wrote:

> Does anybody have any sort of documentation or examples?  Anything would 
> be helpful at this point...

Do you already have a copy of the independent-state paper? (If not,
I may send a you one). It describes the basic mechanisms, and shows
a few lines of code. Unfortunately, that's all the documentation
that exists currently.

Quick example: One Bro loads listen-clear.bro which opens a port for
incoming connections. A second Bro gets

         @load remote
         redef remote_peers_clear += {
               [127.0.0.1, 47756/tcp] = [$events = /.*/, $retry = 60 secs]
               };

Upon startup, it will connect and request all events matching the
regxp '.*'.

Christian is right that some network activity is needed - at least
if Bro listens on some port *and* one some capture interface
simultaniously (Christian is working on some nicer select()-based
event loop which should avoid these kinds of problems. Thanks!). If
you don't give a capture interface to the receiving Bro, it *should*
work w/o any network traffic (obviously, as there is none). In fact,
it used to do that (I used that for quite some time), but, as I've
just seen, it doesn't anymore. I'll have to look into the code to
see what goes wrong.

Note that the communication interface is going to change quite soon
(I'm now cleaning-up the serialization; communication will be next
and it will affect the script-level interface). So, before relying
on the communication, it could be worth waiting a bit more.

Robin

-- 
Robin Sommer * Room        01.08.055 * www.net.in.tum.de
TU Muenchen  * Phone (089) 289-18006 *  sommer at in.tum.de