Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 04:58:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Adding NEWS entry for plugins.

Browse source 
Also editing the plugin CHANGES somewhat.
This commit is contained in:
Robin Sommer 2014-07-31 09:02:59 -07:00
parent 69b1ba653d
commit 024c26d982
2 changed files with 62 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

85
CHANGES
View file

@ -3,69 +3,58 @@
* Minor adjustments to plugin code/docs. (Jon Siwek)
* Dynamic plugin support. (Robin Sommer)
* Dynamic plugin support. (Rpbin Sommer)
- An overview of main functionality is in doc/devel/plugins.rst.
Bro now supports extending core functionality, like protocol and
file analysis, dynamically with external plugins in the form of
shared libraries. See doc/devel/plugins.rst for an overview of the
main functionality. Changes coming with this:
- This removes the old Plugin macro magic, and hence touches all the
existing analyzers to move them to the new API.
- Replacing the old Plugin macro magic with a new API.
- The plugin API changed to generally use std::strings instead
of const char*.
- The plugin API changed to generally use std::strings instead of
const char*.
- There are a number of invocations of PLUGIN_HOOK_
{VOID,WITH_RESULT} across the code base, which allow plugins
to hook into the processing at those locations.
- There are a number of invocations of PLUGIN_HOOK_
{VOID,WITH_RESULT} across the code base, which allow plugins to
hook into the processing at those locations. These are macros to
make sure the overhead remains as low as possible when no plugin
actually defines a hook (i.e., the normal case). See
src/plugin/Manager.h for the macros' definition.
- A few new accessor methods to various classes to allow
plugins to get to that information.
- There's one hook which could be potentially expensive: plugins can
be notified if a BroObj they are interested in gets destroyed. But
I didn't see a performance impact in my tests (with no such hook
defined), and the memory usage doesn't change due to field
alignment.
- network_time cannot be just assigned to anymore, there's now
function net_update_time() for that.
- Adds a few new accessor methods to various classes to allow
plugins to get to that information.
- Redoing how builtin variables are initialized, so that it
works for plugins as well. No more init_net_var(), but
instead bifcl-generated code that registers them.
- network_time cannot be just assigned to anymore, there's now
function net_update_time() for that.
- Redos how builtin variables are initialized, so that it
works for plugins as well. No more init_net_var(), but instead
bifcl-generated code that registers them.
- Various changes for adjusting to the now dynamic generation
of analyzer instances.
- same_type() gets an optional extra argument allowing record type
comparision to ignore if field names don't match.
comparision to ignore if field names don't match. (Robin Sommer)
- There are various changes for adjusting to the now dynamic
generation of analyzer instances.
- Further unify file analysis API with the protocol analyzer API
(assigning IDs to analyzers; adding Init()/Done() methods;
adding subtypes). (Robin Sommer)
- The file analysis API gets unified further with the protocol
analyzer API (assigning IDs to analyzers; adding Init()/Done()
methods; adding subtypes).
- A new command line option -Q that prints some basic execution
time stats. (Robin Sommer)
- Adding a new command line option -Q that prints some basic
execution time stats. Seems generally useful, and I'm planing
to provide a plugin hook for measuring custom stuff.
- Add support to the file analysis for activating analyzers by
MIME type. (Robin Sommer)
- I'm not yet happy with the current conventions for the C++
namespaces that plugins are in. I'm planing to clean that up later
though, as I have some more branches relying on the current scheme
and it will be easier to clean things up once everything is in.
- File::register_for_mime_type(tag: Analyzer::Tag, mt:
string): Associates a file analyzer with a MIME type.
- There's a new piece of functionality for the file analysis
framework: activate analyzers by MIME type. Pieces going in there:
- File::add_analyzers_for_mime_type(f: fa_file, mtype:
string): Activates all analyzers registered for a MIME
type for the file.
- File::register_for_mime_type(tag: Analyzer::Tag, mt: string):
Associates a file analyzer with a MIME type.
- File::add_analyzers_for_mime_type(f: fa_file, mtype: string):
Activates all analyzers registered for a MIME type for the file.
- The default file_new() handler calls
File::add_analyzers_for_mime_type() with the file's MIME type.
- The default file_new() handler calls
File::add_analyzers_for_mime_type() with the file's MIME
type.
2.3-20 | 2014-07-22 17:41:02 -0700

25
NEWS
View file

@ -4,6 +4,31 @@ release. For an exhaustive list of changes, see the ``CHANGES`` file
(note that submodules, such as BroControl and Broccoli, come with
their own ``CHANGES``.)
Bro 2.4 (in progress)
=====================
Dependencies
------------
New Functionality
-----------------
- Bro now has support for external plugins that can extend its core
functionality, like protocol/file analysis, via shared libraries.
Plugins can be developed and distributed externally, and will be
pulled in dynamically at startup. Currently, a plugin can provide
custom protocol analyzers, file analyzers, log writers[TODO], input
readers[TODO], packet sources[TODO], and new built-in functions. A
plugin can furthermore hook into Bro's processing a number of places
to add custom logic.
See http://www.bro.org/sphinx-git/devel/plugins.html for more
information on writing plugins.
Changed Functionality
---------------------
Bro 2.3
=======