[Bro] Help with Bro source code

Yagyesh Srivastava ysrivas at ncsu.edu
Thu Oct 27 14:37:44 PDT 2016


Hi,

I am trying to understand the bro events engine for HTTP.
I see that the code has two places where http is handled:
1) build/src/protocol/http (files like events.bif.cc , events.bif.init.cc
and functions.bif.cc)
2) src/protocol/http (files like HTTP.CC)

I am guessing the first one is the event engine and the second one is for
handling the incoming HTTP packets. is that correct?

Does anyone know of a runtime analysis tool which would be helpful in this
case?
How do we generally go about to understand bro's code base, i am just a
beginner at this.
Would really appreciate all the help.

Thanks,
Yagyesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161027/831b0c6c/attachment.html 


More information about the Bro mailing list