[Bro] SIP Analyzer and SDP payload
Valerio
valerio.click at gmx.com
Thu Mar 10 10:23:09 PST 2016
Hi Johanna,
thanks for the feedback, I'll dig into the compiled source code to
better understand what's going on.
However, even at high-level, I don't understand why it is necessary to
check for an event sip_reply whithin the sole function that is supposed
to generate that very event.
best regards,
Valerio
On 08/03/2016 02:08, Johanna Amann wrote:
> Hello Valerio,
>
>> Unfortunately, I am not able to see where the boolean variable
>> "sip_reply" accessed in sip-analyzer.pac:37 is actually defined and set.
>> The same holds for sip_request (sip-analyzer.pac:22), sip_header
>> (sip-analyzer.pac:53).
>> Can someone point me where and how these variables are populated?
>
> That is a tad tricky - the variables are populated in autogenerated code.
> The easiest way to figure out whate exactly happens might be to look into
> the code that is generated in the build/ directory after building bro is
> done.
>
> The in-a-nutshel variant is - since sip_reply is defined as an event, a
> EventHandlerPtr variable named sip_reply is created. This variable is
> populated automatically (by a call to the function internal_handler).
>
> Performing an if (sip_reply) call will return true if the sip_reply event
> is used somewhere in Bro scriptland and false otherwise.
>
> Johanna
>
More information about the Bro
mailing list