On Nov 21, 2013, at 9:33 PM, anthony kasza <anthony.kasza(a)gmail.com> wrote:
I'm curious if Bro in bare mode is ever used for
The intention for mode is to allow users more choice in what script-level functionality to
load. In practice, I don’t know how often it’s used for that.
The other thing I frequently use it for is unit tests, where I want minimal test cases and
faster parse time.
I'm not surprised to see bare mode include bifs.
Is there a design decision
why bare mode includes things like the input and logging framework but
not the protocol directories that make use of them (e.g.
If it’s something that’s tightly coupled with internals and only has parse-time
performance cost, then that’s something to expect to be loaded in bare mode. The protocol
analysis packages don’t satisfy either condition — internals don’t depend on them to be
loaded and loading them can have run-time performance costs.