[Bro] SIP Analyzer and SDP payload
Johanna Amann
johanna at icir.org
Mon Mar 7 17:08:15 PST 2016
Hello Valerio,
> Unfortunately, I am not able to see where the boolean variable
> "sip_reply" accessed in sip-analyzer.pac:37 is actually defined and set.
> The same holds for sip_request (sip-analyzer.pac:22), sip_header
> (sip-analyzer.pac:53).
> Can someone point me where and how these variables are populated?
That is a tad tricky - the variables are populated in autogenerated code.
The easiest way to figure out whate exactly happens might be to look into
the code that is generated in the build/ directory after building bro is
done.
The in-a-nutshel variant is - since sip_reply is defined as an event, a
EventHandlerPtr variable named sip_reply is created. This variable is
populated automatically (by a call to the function internal_handler).
Performing an if (sip_reply) call will return true if the sip_reply event
is used somewhere in Bro scriptland and false otherwise.
Johanna
More information about the Bro
mailing list