To the Bro-IDS team,
My name is James Swaro and I am a graduate student at Ohio University. I am performing research on the retransmission timeout mechanism of TCP and I am using Bro to do this. Bro provides a very good base for my research and I would like to modify the system as needed to create the events and policy files necessary. The documentation that is available on your wiki is extensive and has been very helpful to understanding the general structure of the system.
Mark Allman and Katrina were generous to share the RTT branch that they were working on. I need to add events to the systems to generate specific information when congestion control states have possibly been triggered. I've attempted to create an event in the source code by editing event.bif and TCP.cc, but it does not seem to recognize the event and crashes. Either that, or I've misunderstood the way that the data from the event is created.
Am I incorrect with the process of adding a new event?
1. Add the event in event.bif. (Ex. event test_something...)
2. Add the event in the intended location to be called by Bro as it parses the file. (Ex. Add Event(test_something, vl); to some file).
3. recompile and test.
I am still learning the framework and I appreciate any help. Thank you for your time.
Sincerely,
James Swaro