mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
de9f03b0bf
in an easily readable form.
This is for debugging purposes, obviously.
Example, including only SMTP events:
> bro -r smtp.trace misc/dump-events.bro DumpEvents::include=/smtp/
[...]
1254722768.219663 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, [...]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
[4] msg: string = xc90.websitewelcome.com ESMTP Exim 4.69 #1 Mon, 05 Oct 2009 01:05:54 -0500
[5] cont_resp: bool = T
1254722768.219663 smtp_reply
[0] c: connection = [id=[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, [...]
[1] is_orig: bool = F
[2] code: count = 220
[3] cmd: string = >
[4] msg: string = We do not authorize the use of this system to transport unsolicited,
[5] cont_resp: bool = T
[...]
90 lines
2.3 KiB
C++
90 lines
2.3 KiB
C++
// Capsulates local and remote event handlers.
|
|
|
|
#ifndef EVENTHANDLER
|
|
#define EVENTHANDLER
|
|
|
|
#include <assert.h>
|
|
|
|
#include "List.h"
|
|
#include "BroList.h"
|
|
|
|
class Func;
|
|
class FuncType;
|
|
class Serializer;
|
|
class SerialInfo;
|
|
class UnserialInfo;
|
|
|
|
class EventHandler {
|
|
public:
|
|
EventHandler(const char* name);
|
|
~EventHandler();
|
|
|
|
const char* Name() { return name; }
|
|
Func* LocalHandler() { return local; }
|
|
FuncType* FType();
|
|
|
|
void SetLocalHandler(Func* f);
|
|
|
|
void AddRemoteHandler(SourceID peer);
|
|
void RemoveRemoteHandler(SourceID peer);
|
|
|
|
void Call(val_list* vl, bool no_remote = false);
|
|
|
|
// Returns true if there is at least one local or remote handler.
|
|
operator bool() const;
|
|
|
|
void SetUsed() { used = true; }
|
|
bool Used() { return used; }
|
|
|
|
// Handlers marked as error handlers will not be called recursively to
|
|
// avoid infinite loops if they trigger a similar error themselves.
|
|
void SetErrorHandler() { error_handler = true; }
|
|
bool ErrorHandler() { return error_handler; }
|
|
|
|
void SetEnable(bool arg_enable) { enabled = arg_enable; }
|
|
|
|
// We don't serialize the handler(s) itself here, but
|
|
// just the reference to it.
|
|
bool Serialize(SerialInfo* info) const;
|
|
static EventHandler* Unserialize(UnserialInfo* info);
|
|
|
|
private:
|
|
void NewEvent(val_list* vl); // Raise new_event() meta event.
|
|
|
|
const char* name;
|
|
Func* local;
|
|
FuncType* type;
|
|
bool used; // this handler is indeed used somewhere
|
|
bool enabled;
|
|
bool error_handler; // this handler reports error messages.
|
|
|
|
declare(List, SourceID);
|
|
typedef List(SourceID) receiver_list;
|
|
receiver_list receivers;
|
|
};
|
|
|
|
// Encapsulates a ptr to an event handler to overload the boolean operator.
|
|
class EventHandlerPtr {
|
|
public:
|
|
EventHandlerPtr(EventHandler* p = 0) { handler = p; }
|
|
EventHandlerPtr(const EventHandlerPtr& h) { handler = h.handler; }
|
|
|
|
const EventHandlerPtr& operator=(EventHandler* p)
|
|
{ handler = p; return *this; }
|
|
const EventHandlerPtr& operator=(const EventHandlerPtr& h)
|
|
{ handler = h.handler; return *this; }
|
|
|
|
bool operator==(const EventHandlerPtr& h) const
|
|
{ return handler == h.handler; }
|
|
|
|
EventHandler* Ptr() { return handler; }
|
|
|
|
operator bool() const { return handler && *handler; }
|
|
EventHandler* operator->() { return handler; }
|
|
const EventHandler* operator->() const { return handler; }
|
|
|
|
private:
|
|
EventHandler* handler;
|
|
};
|
|
|
|
#endif
|