[Bro-Dev] changing Notice::policy mechanism

Siwek, Jonathan Luke jsiwek at illinois.edu
Mon Nov 5 09:24:39 PST 2012

>> I think the construct we need to solve the problem already exists purely in the script-layer:
>>    type TriggerFunc: function(n: Notice::Info): bool;
>>    global Notice::policy: vector of set[TriggerFunc];
> That doesn't have the attribute that I think we likely want, namely an
> explicit "switch" on the particular notice type.

Right, your switch/case idea reminded me of that optimization.  Would a table work for that?  So revising the example:

    type TriggerType: enum;
    type TriggerFunc: function(n: Notice::Info): bool;
    type PolicyHandlers: vector of set[TriggerFunc];
    global Notice::policy: table[TriggerType] of PolicyHandlers &redef;

Again, the issue probably being the cumbersome syntax of manipulation/redefinitions (if it's even possible right now) that's expected to be done by the user.

> Sepaking of which, maybe we don't want an exact split-case-by-case but
> rather something a bit broader.  Here I'm thinking of policies that I'd
> like to apply to any Notice of n different types; it's important to not
> have to replicate that code, but instead just list the n types and the
> associated predicate.

Think the above example supports that if the common code is just implemented as a TriggerFunc and then inserted in to the PolicyHandlers for the desired TriggerTypes.


More information about the bro-dev mailing list