[Bro] Determine potential events with a specific set of *.bro scripts
Matthias Vallentin
vallentin at ICSI.Berkeley.EDU
Sun Dec 7 10:48:18 PST 2008
On Fri, Dec 05, 2008 at 02:09:22PM -0800, Vern Paxson wrote:
> > I would like to determine which events could potentially be generated
> > after loading a specific set of scripts. Has anyone tried this before?
>
> Internal to Bro there's an analysis of which declared events do not
> have any means of being generated (this is the reporting enabled by
> redef check_for_unused_event_handlers = T). It should be straightforward
> to tweak that to report on which events *can* be generated.
Thanks for the pointer, I attached a little patch that does exactly
that.
Matthias
--
Matthias Vallentin
vallentin at icir.org
http://matthias.vallentin.cc
-------------- next part --------------
Index: src/main.cc
===================================================================
--- src/main.cc (revision 6147)
+++ src/main.cc (working copy)
@@ -1014,6 +1014,18 @@
delete dead_handlers;
+ EventRegistry::string_list* alive_handlers =
+ event_registry->UsedHandlers();
+
+ if ( alive_handlers->length() > 0 && dump_used_event_handlers )
+ {
+ message("invoked event handlers:");
+ for ( int i = 0; i < alive_handlers->length(); ++i )
+ message((*alive_handlers)[i]);
+ }
+
+ delete alive_handlers;
+
if ( do_notice_analysis )
notice_analysis();
Index: src/EventRegistry.cc
===================================================================
--- src/EventRegistry.cc (revision 6147)
+++ src/EventRegistry.cc (working copy)
@@ -54,6 +54,25 @@
return names;
}
+EventRegistry::string_list* EventRegistry::UsedHandlers()
+ {
+ string_list* names = new string_list;
+
+ IterCookie* c = handlers.InitForIteration();
+
+ HashKey* k;
+ EventHandler* v;
+ while ( (v = handlers.NextEntry(k, c)) )
+ {
+ if ( v->LocalHandler() && v->Used() )
+ names->append(v->Name());
+
+ delete k;
+ }
+
+ return names;
+ }
+
void EventRegistry::PrintDebug()
{
IterCookie* c = handlers.InitForIteration();
Index: src/EventRegistry.h
===================================================================
--- src/EventRegistry.h (revision 6147)
+++ src/EventRegistry.h (working copy)
@@ -35,6 +35,7 @@
void EnableGroup(const char* group, bool enable);
string_list* UnusedHandlers();
+ string_list* UsedHandlers();
void PrintDebug();
private:
Index: src/NetVar.h
===================================================================
--- src/NetVar.h (revision 6147)
+++ src/NetVar.h (working copy)
@@ -267,6 +267,7 @@
extern int time_machine_profiling;
extern int check_for_unused_event_handlers;
+extern int dump_used_event_handlers;
extern int suppress_local_output;
Index: src/NetVar.cc
===================================================================
--- src/NetVar.cc (revision 6147)
+++ src/NetVar.cc (working copy)
@@ -263,6 +263,7 @@
int time_machine_profiling;
int check_for_unused_event_handlers;
+int dump_used_event_handlers;
StringVal* trace_output_file;
@@ -314,6 +315,8 @@
check_for_unused_event_handlers =
opt_internal_int("check_for_unused_event_handlers");
+ dump_used_event_handlers =
+ opt_internal_int("dump_used_event_handlers");
suppress_local_output = opt_internal_int("suppress_local_output");
Index: policy/bro.init
===================================================================
--- policy/bro.init (revision 6147)
+++ policy/bro.init (working copy)
@@ -1376,6 +1376,9 @@
# If true, warns about unused event handlers at startup.
const check_for_unused_event_handlers = T &redef;
+# If true, dumps all invoked event handlers at startup.
+const dump_used_event_handlers = F &redef;
+
# If true, we suppress prints to local files if we have a receiver for
# print_hook events. Ignored for files with a &disable_print_hook attribute.
const suppress_local_output = F &redef;
More information about the Bro
mailing list