Hello,

it is possible to overload events in Bro based on the event-parameter 
and trigger the "right" event based on the given parameter?

E.g. I would define events like this

event overload%(c: connection%);
event overload%(c: connection, h: header%);
event overload%(c: connection, h: header, d: data%);
...

In the protocol parser source:

...
EventHandlerPtr ev = overload;
val_list* vl = new val_list();

switch(type) {
     case 1:
         vl->append(BuildConnVal());
     case 2:
         vl->append(BuildConnVal());
         vl->append(header);
     case 3:
         vl->append(BuildConnVal());
         vl->append(header);
         vl->append(data);
}
ConnectionEvent(ev, vl);


Dane

_______________________________________________
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

Reply via email to