[Bro] Calling external functions in binpac protocol parser

[Shuai Hao]

Thanks for your detailed reply, Johanna!


Ok, I will give a slightly long answer to this. First - assuming that the
> test function is just a c++ function, chances are that you want to develop
> it outside of the binpac files -


Yes. We are developing a module written by C++ that analyzes the traffic
pattern.

you can e.g. move it into a separate
> class that is accessible by everyone. Depending on the things that your
> function does, it even might be possible to make it a static function.
>

Yes, as you mentioned, we do want a module that can be accessed and called
by every protocol analyzer. Regarding the "separate class that is
accessible by everyone",
where we should implement this module? Do we need put the C++ files in
bro/src?


> The second answer is - since binpac files are only compiles to c++ you
> have to do the same thing that the other protocol analyzers do - include
> the headers using #include statements. I think you can just use relative
> paths from where the files are located, in addition to absolute paths from
> the bro base. So - doing something like #include "../your.h" might work
> fine.

Also note that you probably should not put your plugins into
> bro-aux/plugin-support in the first case. Having them in a separate
> directory is probably preferable - completely outside of the Bro source
> tree.
>

Sorry I don't get the point of this part. In my understanding, wherever we
develop
the plugins, it will be complied into bro's library /bro/lib/.../plugin.
What do you mean
(and how) "outside of the Bro source tree"?

Thanks a lot!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180101/677aea0b/attachment.html