Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Adding NEWS entry for plugins.

Browse source 
Also editing the plugin CHANGES somewhat.
This commit is contained in:
Robin Sommer 2014-07-31 09:02:59 -07:00
parent 69b1ba653d
commit 024c26d982
2 changed files with 62 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

83
CHANGES
View file

@ -3,69 +3,58 @@
* Minor adjustments to plugin code/docs. (Jon Siwek) * Minor adjustments to plugin code/docs. (Jon Siwek)
* Dynamic plugin support. (Robin Sommer) * Dynamic plugin support. (Rpbin Sommer)
- An overview of main functionality is in doc/devel/plugins.rst. Bro now supports extending core functionality, like protocol and
file analysis, dynamically with external plugins in the form of
shared libraries. See doc/devel/plugins.rst for an overview of the
main functionality. Changes coming with this:
- This removes the old Plugin macro magic, and hence touches all the - Replacing the old Plugin macro magic with a new API.
existing analyzers to move them to the new API.
- The plugin API changed to generally use std::strings instead of - The plugin API changed to generally use std::strings instead
const char*. of const char*.
- There are a number of invocations of PLUGIN_HOOK_ - There are a number of invocations of PLUGIN_HOOK_
{VOID,WITH_RESULT} across the code base, which allow plugins to {VOID,WITH_RESULT} across the code base, which allow plugins
hook into the processing at those locations. These are macros to to hook into the processing at those locations.
make sure the overhead remains as low as possible when no plugin
actually defines a hook (i.e., the normal case). See
src/plugin/Manager.h for the macros' definition.
- There's one hook which could be potentially expensive: plugins can - A few new accessor methods to various classes to allow
be notified if a BroObj they are interested in gets destroyed. But plugins to get to that information.
I didn't see a performance impact in my tests (with no such hook
defined), and the memory usage doesn't change due to field
alignment.
- Adds a few new accessor methods to various classes to allow - network_time cannot be just assigned to anymore, there's now
plugins to get to that information. function net_update_time() for that.
- network_time cannot be just assigned to anymore, there's now - Redoing how builtin variables are initialized, so that it
function net_update_time() for that. works for plugins as well. No more init_net_var(), but
instead bifcl-generated code that registers them.
- Redos how builtin variables are initialized, so that it - Various changes for adjusting to the now dynamic generation
works for plugins as well. No more init_net_var(), but instead of analyzer instances.
bifcl-generated code that registers them.
- same_type() gets an optional extra argument allowing record type - same_type() gets an optional extra argument allowing record type
comparision to ignore if field names don't match. comparision to ignore if field names don't match. (Robin Sommer)
- There are various changes for adjusting to the now dynamic - Further unify file analysis API with the protocol analyzer API
generation of analyzer instances. (assigning IDs to analyzers; adding Init()/Done() methods;
adding subtypes). (Robin Sommer)
- The file analysis API gets unified further with the protocol - A new command line option -Q that prints some basic execution
analyzer API (assigning IDs to analyzers; adding Init()/Done() time stats. (Robin Sommer)
methods; adding subtypes).
- Adding a new command line option -Q that prints some basic - Add support to the file analysis for activating analyzers by
execution time stats. Seems generally useful, and I'm planing MIME type. (Robin Sommer)
to provide a plugin hook for measuring custom stuff.
- I'm not yet happy with the current conventions for the C++ - File::register_for_mime_type(tag: Analyzer::Tag, mt:
namespaces that plugins are in. I'm planing to clean that up later string): Associates a file analyzer with a MIME type.
though, as I have some more branches relying on the current scheme
and it will be easier to clean things up once everything is in.
- There's a new piece of functionality for the file analysis - File::add_analyzers_for_mime_type(f: fa_file, mtype:
framework: activate analyzers by MIME type. Pieces going in there: string): Activates all analyzers registered for a MIME
type for the file.
- File::register_for_mime_type(tag: Analyzer::Tag, mt: string): - The default file_new() handler calls
Associates a file analyzer with a MIME type. File::add_analyzers_for_mime_type() with the file's MIME
type.
- File::add_analyzers_for_mime_type(f: fa_file, mtype: string):
Activates all analyzers registered for a MIME type for the file.
- The default file_new() handler calls
File::add_analyzers_for_mime_type() with the file's MIME type.
2.3-20 | 2014-07-22 17:41:02 -0700 2.3-20 | 2014-07-22 17:41:02 -0700

25
NEWS
View file

@ -4,6 +4,31 @@ release. For an exhaustive list of changes, see the ``CHANGES`` file
(note that submodules, such as BroControl and Broccoli, come with (note that submodules, such as BroControl and Broccoli, come with
their own ``CHANGES``.) their own ``CHANGES``.)
Bro 2.4 (in progress)
=====================
Dependencies
------------
New Functionality
-----------------
- Bro now has support for external plugins that can extend its core
functionality, like protocol/file analysis, via shared libraries.
Plugins can be developed and distributed externally, and will be
pulled in dynamically at startup. Currently, a plugin can provide
custom protocol analyzers, file analyzers, log writers[TODO], input
readers[TODO], packet sources[TODO], and new built-in functions. A
plugin can furthermore hook into Bro's processing a number of places
to add custom logic.
See http://www.bro.org/sphinx-git/devel/plugins.html for more
information on writing plugins.
Changed Functionality
---------------------
Bro 2.3 Bro 2.3
======= =======