Add reporter hook.

The hook being added is: bool HookReporter(const std::string& prefix, const EventHandlerPtr event, const Connection* conn, const val_list* addl, bool location, const Location* location1, const Location* location2, bool time, const std::string& buffer) override; This hook gives access to basically all information that is available in the function in Reporter.cc that performs the logging. The hook is called each time when anything passes through the reporter in the cases in which an event usually would be called. This includes weirds. The hook can return false to prevent the normal reporter events from being raised.
2025-10-08 01:28:20 +00:00 · 2017-11-16 12:45:11 -08:00 · 2017-11-16 12:45:11 -08:00 · b852437126
commit b852437126
parent bde4404b5e
11 changed files with 275 additions and 2 deletions
--- a/src/plugin/Plugin.h
+++ b/src/plugin/Plugin.h
@ -48,6 +48,7 @@ enum HookType {
 	HOOK_SETUP_ANALYZER_TREE,	//< Activates Plugin::HookAddToAnalyzerTree
 	HOOK_LOG_INIT,			//< Activates Plugin::HookLogInit
 	HOOK_LOG_WRITE,			//< Activates Plugin::HookLogWrite
+	HOOK_REPORTER,			//< Activates Plugin::HookReporter

 	// Meta hooks.
 	META_HOOK_PRE,			//< Activates Plugin::MetaHookPre().
@ -172,7 +173,7 @@ public:
 	 */
 	enum Type {
 		BOOL, DOUBLE, EVENT, FRAME, FUNC, FUNC_RESULT, INT, STRING, VAL,
-		VAL_LIST, VOID, VOIDP, WRITER_INFO, CONN, THREAD_FIELDS
+		VAL_LIST, VOID, VOIDP, WRITER_INFO, CONN, THREAD_FIELDS, LOCATION
 	};

 	/**
@ -250,6 +251,11 @@ public:
 	 */
 	explicit HookArgument(const std::pair<int, const threading::Field* const*> fpair)	{ type = THREAD_FIELDS; tfields = fpair; }

+	/**
+	 * Constructor with a location argument.
+	 */
+	explicit HookArgument(const Location* location)	{ type = LOCATION; arg.loc = location; }
+
 	/**
 	 * Returns the value for a boolen argument. The argument's type must
 	 * match accordingly.
@ -360,6 +366,7 @@ private:
 		const val_list* vals;
 		const void* voidp;
 		const logging::WriterBackend::WriterInfo* winfo;
+		const Location* loc;
 	} arg;

 	// Outside union because these have dtors.
@ -769,6 +776,39 @@ protected:
 	                          const threading::Field* const* fields,
 	                          threading::Value** vals);

+	/**
+	 * Hook into reporting. This method will be called for each reporter call
+	 * made; this includes weirds. The method cannot manipulate the data at
+	 * the current time; however it is possible to prevent script-side events
+	 * from being called by returning false.
+	 *
+	 * @param prefix The prefix passed by the reporter framework
+	 *
+	 * @param event The event to be called
+	 *
+	 * @param conn The associated connection
+	 *
+	 * @param addl Additional Bro values; typically will be passed to the event
+	 *             by the reporter framework.
+	 *
+	 * @param location True if event expects location information
+	 *
+	 * @param location1 First location
+	 *
+	 * @param location2 Second location
+	 *
+	 * @param time True if event expects time information
+	 *
+	 * @param message Message supplied by the reporter framework
+	 *
+	 * @return true if event should be called by the reporter framework, false
+	 *         if the event call should be skipped
+	 */
+	virtual bool HookReporter(const std::string& prefix, const EventHandlerPtr event,
+	                          const Connection* conn, const val_list* addl, bool location,
+	                          const Location* location1, const Location* location2,
+	                          bool time, const std::string& message);
+
 	// Meta hooks.

 	/**