[Bro] SIP Analyzer and SDP payload

Johanna Amann johanna at icir.org
Thu Mar 10 10:34:27 PST 2016

It is not strictly speaking necessary to do that. It reduces load a 
little bit - if there is no one listening for an event, there is no 
reason to create it.

This is especially interesting if generating the event involves actual 
processing of data.


On 10 Mar 2016, at 10:23, Valerio wrote:

> Hi Johanna,
> thanks for the feedback, I'll dig into the compiled source code to
> better understand what's going on.
> However, even at high-level, I don't understand why it is necessary to
> check for an event sip_reply whithin the sole function that is 
> supposed
> to generate that very event.
> best regards,
> Valerio
> On 08/03/2016 02:08, Johanna Amann wrote:
>> Hello Valerio,
>>> Unfortunately, I am not able to see where the boolean variable
>>> "sip_reply" accessed in sip-analyzer.pac:37 is actually defined and 
>>> set.
>>> The same holds for sip_request (sip-analyzer.pac:22), sip_header
>>> (sip-analyzer.pac:53).
>>> Can someone point me where and how these variables are populated?
>> That is a tad tricky - the variables are populated in autogenerated 
>> code.
>> The easiest way to figure out whate exactly happens might be to look 
>> into
>> the code that is generated in the build/ directory after building bro 
>> is
>> done.
>> The in-a-nutshel variant is - since sip_reply is defined as an event, 
>> a
>> EventHandlerPtr variable named sip_reply is created. This variable is
>> populated automatically (by a call to the function internal_handler).
>> Performing an if (sip_reply) call will return true if the sip_reply 
>> event
>> is used somewhere in Bro scriptland and false otherwise.
>> Johanna

More information about the Bro mailing list