[Bro-Dev] changing Notice::policy mechanism
Seth Hall
seth at icir.org
Thu Nov 8 09:03:00 PST 2012
On Nov 8, 2012, at 11:36 AM, "Siwek, Jonathan Luke" <jsiwek at illinois.edu> wrote:
> More variants…
>
> It could be like synchronous signal handling with "raise" and "trap" keywords.
Oh, I kind of like this. To me it even makes the break-ing more obvious since there are a series of traps being executed. I've been thinking of these more and more like an easy to use hooking mechanism and I think raise and trap fit in with that.
Actually, what about just "hook"?
hook trigger(n: Notice::Info) &priority=5
{
if ( xxx )
break; # short circuit
}
hook trigger(n: Notice::Info) &priority=-5
{
if ( yyy )
do_someting();
}
[...]
local n: Notice::Info;
hook trigger(n);
[…]
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list