[Bro] Understanding the event generation and handling
Sunjeet Singh
sstattla at gmail.com
Wed Oct 6 17:37:39 PDT 2010
Hi Vern,
> The architecture here is described in the paper:
>
> http://www.icir.org/robin/papers/usenix06.pdf
>
Thanks! I'll take a look.
> Well, I use gdb, and if I must, I start with invocations of
> NetSessions::NextPacket .
>
This is helpful.
> If you want to sketch your particular goal, that might help with giving
> you more focussed advice.
>
I'm interested in Bro in general, but right now I'd be interested to
know details about how event handling was implemented in Bro.
So for every event from the event queue, how many handlers is it matched
against for the right handlers to be invoked? All?(Probably not)
Could you please shed some light on the details here? Do you think there
could be scope for optimization?
Thank you,
Sunjeet Singh
More information about the Bro
mailing list