[Bro-Dev] [JIRA] (BIT-1530) protocol_confirmation event cannot be hooked by plugin

[Robin Sommer (JIRA)]

    [ https://bro-tracker.atlassian.net/browse/BIT-1530?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=24008#comment-24008 ] 

Robin Sommer commented on BIT-1530:
-----------------------------------

Yeah, I think I agree this should be changed. The original motivation was to trigger that event as quickly as possible, but not sure it's really worth going a non-standard route for that; in particular now that we have plugins hooking into the standard route.

I'm not sure but there may indeed be a couple more places avoiding the normal event queueing in the same way, might be worth checking them as well.

> protocol_confirmation event cannot be hooked by plugin
> ------------------------------------------------------
>
>                 Key: BIT-1530
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1530
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.4
>            Reporter: Jeff Barber
>
> The way the 'protocol_confirmation' event is raised bypasses the plugin event-hook mechanism. Plugin event hooks are triggered via EventMgr.QueueEvent which is in the usual event generation interface. However, protocol_confirmation is generated via this code in src/analyzer/Analyzer.cc:
> {{
>         // We immediately raise the event so that the analyzer can quickly
>         // react if necessary.
>         ::Event* e = new ::Event(protocol_confirmation, vl, SOURCE_LOCAL);
>         mgr.Dispatch(e);
> }}
> The EventMgr.Dispatch method doesn't invoke the hook so at present it's not possible for a plugin to hook this event. It would be nice if this were orthogonal with other events.



--
This message was sent by Atlassian JIRA
(v7.1.0-OD-05-006#71001)