[Bro] Understanding the event generation and handling
vern at icir.org
Wed Oct 6 17:42:15 PDT 2010
> So for every event from the event queue, how many handlers is it matched
> against for the right handlers to be invoked?
There's no matching at all. Rather, when policy scripts define new event
handlers, they're directly associated with the name of the event. So when
the event engine generates event_XXX, there's already (scripting) code
associated with a global variable named event_XXX, and that's executed
> Do you think there
> could be scope for optimization?
No. Where optimization would prove fruitful (but hard) is for the script
More information about the Bro