[Bro] Plugin doesn't seem te get instantiated
Bas Vermeulen
basvermeulen80 at yahoo.com
Mon Aug 24 13:15:50 PDT 2015
Thanks! I still have a lot of work to do, but now at least my UpdateConnVal is being called, so there is progress :)
You made my day!
For other people that want to create a dynamic plugin that is invoked for all connections (option 4), this is the progress so far:
In my Plugin.cc I added: void HookSetupAnalyzerTree(Connection *conn)
{
::analyzer::mynamespace_myplugin::PluginAnalyzer::Instantiate(conn);
}
And in my PluginAnalyzer.cc I now have:PluginAnalyzer::PluginAnalyzer(Connection* c)
: tcp::TCP_ApplicationAnalyzer("TEST", c)
{
TCP()->AddChildAnalyzer(this); // this line took me quite a while ;)
}
On Monday, August 24, 2015 5:57 PM, Robin Sommer <robin at icir.org> wrote:
On Sun, Aug 23, 2015 at 15:40 +0000, you wrote:
> Is this all that is required? The plugin still doesn't do anything...
> Any hints? Or does anyone have an example non-built-in plugin that
> work on all connections regardless of ports and signatures?
Sounds like you're suspecting the right thing already: the analyzer
needs to be explicitly activated for all connections it's supposed to
look at, it's not going to receive everything automatically. There
there 4 ways to activate an analyzer: (1) by port, (2) by signature,
(3) in script-land for a future connection, and (4) with recent git
master you can write a C++ hook function that gets called once at the
beginning of each connection when the default analyzer setup has been
determined; that C++ function can then add the customer analyzer at
that point as well.
The interface for (1)-(3) is documented here
https://www.bro.org/sphinx/scripts/base/frameworks/analyzer/main.bro.html.
For (4), this is the merge commit (not further documented yet).
Robin
--
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150824/eefdbec0/attachment.html
More information about the Bro
mailing list