Help with Bro source code

Yagyesh_Srivastava · October 27, 2016, 9:37pm

Hi,

I am trying to understand the bro events engine for HTTP.
I see that the code has two places where http is handled:

build/src/protocol/http (files like events.bif.cc , events.bif.init.cc and functions.bif.cc)
src/protocol/http (files like HTTP.CC)

I am guessing the first one is the event engine and the second one is for handling the incoming HTTP packets. is that correct?

Does anyone know of a runtime analysis tool which would be helpful in this case?
How do we generally go about to understand bro’s code base, i am just a beginner at this.
Would really appreciate all the help.

Thanks,
Yagyesh

Yagyesh_Srivastava · October 28, 2016, 12:33pm

Thanks Anthony.

I now have a basic understanding having gone through anthony kasza’s blog.

Can someone please help me with any kind of material/slides for understanding bro source code?
Any other help/source would really help me a lot!

Thanks,
Yagyesh

johanna · October 28, 2016, 3:43pm

I am not sure if you already found it - we have
https://www.bro.org/development/howtos/index.html on our webpage for a few
pointers.

Apart from that, I don't think there is much that exists.

Johanna

Topic		Replies	Views
Help with bro Zeek	4	86	May 6, 2022
control flow Zeek	1	65	May 6, 2022
event.bif ?? Zeek	2	79	May 6, 2022
[Bro advanced Architecture ] Zeek	1	107	May 6, 2022
Control flow Zeek	1	72	May 6, 2022

Help with Bro source code

Related topics