Greetings, In working on authoring a new protocol analyzer plugin I have encountered the following issues:
1) When adding a new type to be passed to an event handler, thus handled upstream by a protocol analyzer script, types.bif only supports enums. In order to deal with this during build time, I have added custom rule and custom target to augment events.bif.bro before it is installed. Am I missing something here? Is there a more streamlined approach for doing this? 2) There seems to be an oddity with including an analyzer script along side the plugin. I can see, via loaded_scripts.log, that everything is being loaded properly. However, events are not being fired from the analyzer script loaded from the plugins directory. If I run bro on the command line with an accompanying PCAP, I can see all the appropriate debug I have put into the plugin, but no events fire in the analyzer script. If I run the same command line AND add a different analyzer script that handles the same events, they fire and can be verified via print. Most of the examples that exist aren't trying to do anything along these lines and, while I have the rest of the protocol defined well via BinPac, the last mile of making use of that work has been a bit uphill. Any insight into the two oddities above would be greatly appreciated. Aaron
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
