-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/19/14 2:41 PM, Robin Sommer wrote: > > I have revised the proposed API a bit, see > > http://www.bro.org/development/projects/pacf.html > > I would be interested in feedback regarding if (1) the User API is > generally expressed at a good level, and (2) if this covers the > functionality that people have implemented, or plan to, for > interfacing with their network gear. > > Any other thoughts are welcome too, of course. > > (The details for individual operations aren't cast in stone yet > and could certainly be adjusted/extended). > > Robin > > Besides all of Vlad's excellent points, I might add that OpenFlow related activity should be pointed at a controller rather than an individual switch. This might be one way to address the load balancing issues as well.
The other question that I have is how you would identify the flow direction in the conn_id object in the instance where I want to shunt out one side of a connection? Might be nice to have a count() as well since many hardware devices have hard limits on what they can deal with. This also might make a nice example for an extension of the RuleType. Looks like you might have answered the flow question already via ORIG/RESP? thanks! scott -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlOkzRsACgkQK2Plq8B7ZBy7SgCfUP8O4IprafnjoA0k5L9Z1WcK Pe8AoIzL57yQJFYAsGV7b3rr0t2DwiBb =xMhK -----END PGP SIGNATURE----- _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev