Merge branch 'topic/robin/event-dumper'

Changes: - Changing semantics of the new_event() meta event: it's raised only for events that have a handler defined. There are too many checks in Bro that prevent events wo/ handler from being even prepared to raise to do that differently. - Adding test case. * topic/robin/event-dumper: New script misc/dump-events.bro, along with core support, that dumps events Bro is raising in an easily readable form. Prettyfing Describe() for record types.
2025-10-04 07:38:19 +00:00 · 2013-12-04 12:10:54 -08:00 · 2013-12-04 12:10:54 -08:00 · dadfcde70e
commit dadfcde70e
parent 3abf626908 de9f03b0bf
14 changed files with 420 additions and 8 deletions
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@ -507,7 +507,7 @@ type script_id: record {
 ##    directly and then remove this alias.
 type id_table: table[string] of script_id;

-## Meta-information about a record-field.
+## Meta-information about a record field.
 ##
 ## .. bro:see:: record_fields record_field_table
 type record_field: record {
@ -529,6 +529,25 @@ type record_field: record {
 ##    directly and then remove this alias.
 type record_field_table: table[string] of record_field;

+## Meta-information about a parameter to a function/event.
+##
+## .. bro:see:: call_argument_vector new_event
+type call_argument: record {
+	name: string;	##< The name of the parameter.
+	type_name: string;	##< The name of the parameters's type.
+	default_val: any &optional;	##< The value of the :bro:attr:`&default` attribute if defined.
+
+	## The value of the parameter as passed into a given call instance.
+	## Might be unset in the case a :bro:attr:`&default` attribute is
+	## defined.
+	value: any &optional;
+};
+
+## Vector type used to capture parameters of a function/event call.
+##
+## .. bro:see:: call_argument new_event
+type call_argument_vector: vector of call_argument;
+
 # todo:: Do we still need these here? Can they move into the packet filter
 # framework?
 #
--- a/scripts/policy/misc/dump-events.bro
+++ b/scripts/policy/misc/dump-events.bro
@ -0,0 +1,40 @@
+##! This script dumps the events that Bro raises out to standard output in a
+##! readable form. This is for debugging only and allows to understand events and
+##! their parameters as Bro processes input. Note that it will show only events
+##! for which a handler is defined.
+
+module DumpEvents;
+
+export {
+	## If true, include event arguments in output.
+	const include_args = T &redef;
+
+	## Only include events matching the given pattern into output. By default, the
+	## pattern matches all events.
+	const include = /.*/ &redef;
+}
+
+event new_event(name: string, args: call_argument_vector)
+	{
+	if ( include !in name )
+		return;
+
+	print fmt("%17.6f %s", network_time(), name);
+
+	if ( ! include_args || |args| == 0 )
+		return;
+
+	for ( i in args )
+		{
+		local a = args[i];
+
+		local proto = fmt("%s: %s", a$name, a$type_name);
+
+		if ( a?$value )
+			print fmt("                  [%d] %-18s = %s", i, proto, a$value);
+		else
+			print fmt("                  | %-18s = %s [default]", proto, a$value);
+		}
+
+	print "";
+	}