[Bro] Activating a scanner within a scanner?
Ruoming Pang
rpang at cs.princeton.edu
Thu May 17 10:40:33 PDT 2007
> > I tried looking at the HTTP analyzer, because this protocol uses a
> > newline to show when the header is finished, but to no avail.
>
> If I understand you correctly, you should be able to do this in the
> same way as the HTTP analyer does it. I thinkt this is the relevant
> type from http-protocol.pac:
>
> type HTTP_Headers = HTTP_Header[] &until($input.length() == 0);
>
> Does something similar work for you?
Richard,
>From what you described, it should work for you. Please keep us
updated if it doesn't.
To provide a bit of background, $input in the "until" clause
corresponds to a line without the trailing CRLF, because HTTP_Header
is defined with a &oneline attribute. By the way, this means $input
can also be used in more fancy conditions, such as ($input == "foo").
Ruoming
More information about the Bro
mailing list