[Bro] Activating a scanner within a scanner?

Robin Sommer robin at icir.org
Thu May 10 15:23:10 PDT 2007

On Thu, May 10, 2007 at 11:35 +0200, you wrote:

(Disclaimer: I've no idea about SIP/SDP).

> I am not sure if it would make more sense to hook another analyzer into
> the SIP analyzer or to just parse the SDP payload within my SIP
> analyzer.

How closely are the two coupled? Is there information which needs to
be passed between the two? 

If the coupling is not too tight, I'd say separating the two looks
nicer, as it shows that semantically they are seperat.  The outer
analyzer can instantiate an instance of the inner if necessary
(i.e., if there's a body) and then call it's DeliverStream() method
for the data. 

> Another consideration would be how to write the SDP analyzer in a way
> that accounts for both for standalone detection and as a plugin for my
> SIP analyzer (working on packets vs working on data i feed it directly).

Not sure I understand that. Does this mean SDP can be encapulated
inside SIP but does not have to?


Robin Sommer * Phone +1 (510) 931-5555 * robin at icir.org 
LBNL/ICSI    * Fax   +1 (510) 666-2956 *   www.icir.org

More information about the Bro mailing list