[Bro-Dev] Overload Bro Events
DW
brot212 at googlemail.com
Thu Apr 12 12:23:21 PDT 2018
Hello,
it is possible to overload events in Bro based on the event-parameter
and trigger the "right" event based on the given parameter?
E.g. I would define events like this
event overload%(c: connection%);
event overload%(c: connection, h: header%);
event overload%(c: connection, h: header, d: data%);
...
In the protocol parser source:
...
EventHandlerPtr ev = overload;
val_list* vl = new val_list();
switch(type) {
case 1:
vl->append(BuildConnVal());
case 2:
vl->append(BuildConnVal());
vl->append(header);
case 3:
vl->append(BuildConnVal());
vl->append(header);
vl->append(data);
}
ConnectionEvent(ev, vl);
Dane
More information about the bro-dev
mailing list