Next: General Processing Events, Previous: Activating an Analyzer, Up: Analyzers and Events
The module facility implements namespaces. Everything is in some namespace or other. The default namespace is called "GLOBAL" and is searched by default when doing name resolution. The scoping operator is "::" as in C++. You can only access things in the current namespace, things in the GLOBAL namespace, or things that have been explicitly exported from a different namespace. Exported variables and functions still require fully-qualified names. The syntax is as follows:
module foo; # Sets the current namespace to "foo" export { int i; int j; } int k; module bar; int i; foo::i = 1; bar::i = 2; print i; # bar::i (since we're currently in module bar) j = 3; # ERROR: j is exported, but the fully qualified name # foo::j is required foo::k = 4; # ERROR: k is not exported
The same goes for calling functions.
One restriction currently in place is that variables not in the "GLOBAL" namespace can't shadow those in GLOBAL, so you can't have:
module GLOBAL; global i: int; module other_module; global i: int;
It is a little confusing that the "global" declaration really only means that the variable i is global to the current module, not that it is truly global and thus visible everywhere (that would require that it be in GLOBAL, or if using the full name is okay, that it be exported). Perhaps there will be a change to the syntax in the future to address this.
The "module" statement cuts across @load commands, so that if you say:
module foo; @load other_script;
then other_script will be in module foo. Likewise if other_script changes to module bar, then the current module will be module bar even after other_script is done. However, this functionality may change in the future if it proves problematic.
The policy scripts in the Bro distribution have not yet been updated to use it, but there is a backward-compatibility feature so that existing scripts should work without modification. In particular, everything is put in GLOBAL by default.