Closed awelzel closed 3 months ago
awelzel
commented
3 months ago One question: what do we do with %port inside a Spicy unit? That actually still works with a Zeek analyzer, too, but I don't think it's documented anywhere afaict.
Benjamin said that is still used for batch file processing on the Spicy side (I don't know so much about it) - so might make sense to keep it for units. On the Zeek side it would only make sense to deprecate that now, too (or even just remove it).
rsmmr
commented
3 months ago One question: what do we do with %port inside a Spicy unit? That actually still works with a Zeek analyzer, too, but I don't think it's documented anywhere afaict.
Benjamin said that is still used for batch file processing on the Spicy side (I don't know so much about it) - so might make sense to keep it for units. On the Zeek side it would only make sense to deprecate that now, too (or even just remove it).
Yeah, definitely want to keep it Spicy-side. But unsure what to do in Zeek: currently, it silently works (to the degree in worked in EVT), but isn't documented. But deprecating (and removing) seems odd given that it's valid Spicy code, and *.spicy should be shareable. And just ignoring it isn't great either.
awelzel
commented
3 months ago I'm going to close this after chatting with Robin - he'd like to re-add port and ports support in .evt with different spin by adding a new event that's raised for loaded/installed spicy analyzers, providing metadata, including ports.
This is for the updates at https://github.com/zeek/spicy-tftp/pull/11- I've already autogen'ed the non-merged branch.