On Mar 13, 2014, at 9:45 AM, Bernhard Amann <[email protected]> wrote:
> What I did was to call…
>
> file_mgr->DataIn(reinterpret_cast<const u_char*>(cert.data()), cert.length(),
> bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn(), ${rec.is_orig});
> file_mgr->EndOfFile(bro_analyzer()->GetAnalyzerTag(), bro_analyzer()->Conn(),
> ${rec.is_orig});
>
> in exactly this order (so - directly following each other). Which does not
> work.
It think it should work provided that matching file handles are generated at
the script-layer for this type of file. (not sure whether they are in this
case, didn’t check)
> I also do not really think this is sufficiently documented in the comments of
> Manager.h. This basically is not mentioned at all there…
Yeah, it should probably at least link to [1] at least once. Do you think it
would help to link to that in each method where it matters?
[1] http://www.bro.org/development/howtos/file-analysis-file-id.html
- Jon
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
