Help with Bro source code

Yagyesh_Srivastava · October 27, 2016, 9:37pm

Hi,

I am trying to understand the bro events engine for HTTP.
I see that the code has two places where http is handled:

build/src/protocol/http (files like events.bif.cc , events.bif.init.cc and functions.bif.cc)
src/protocol/http (files like HTTP.CC)

I am guessing the first one is the event engine and the second one is for handling the incoming HTTP packets. is that correct?

Does anyone know of a runtime analysis tool which would be helpful in this case?
How do we generally go about to understand bro’s code base, i am just a beginner at this.
Would really appreciate all the help.

Thanks,
Yagyesh

Yagyesh_Srivastava · October 28, 2016, 12:33pm

Thanks Anthony.

I now have a basic understanding having gone through anthony kasza’s blog.

Can someone please help me with any kind of material/slides for understanding bro source code?
Any other help/source would really help me a lot!

Thanks,
Yagyesh

johanna · October 28, 2016, 3:43pm

I am not sure if you already found it - we have
https://www.bro.org/development/howtos/index.html on our webpage for a few
pointers.

Apart from that, I don't think there is much that exists.

Johanna

Topic		Replies	Views
Understanding the event generation and handling Zeek	4	93	May 6, 2022
http_request event Zeek	7	86	May 6, 2022
just getting started Zeek	1	42	May 6, 2022
just getting started Zeek	1	42	May 6, 2022
About event queue ! Zeek	1	56	May 6, 2022

Help with Bro source code

Related Topics