Overload Bro Events

dw21 · April 12, 2018, 7:23pm

Hello,

it is possible to overload events in Bro based on the event-parameter and trigger the "right" event based on the given parameter?

E.g. I would define events like this

event overload%(c: connection%);
event overload%(c: connection, h: header%);
event overload%(c: connection, h: header, d: data%);
...

In the protocol parser source:

...
EventHandlerPtr ev = overload;
val_list* vl = new val_list();

switch(type) {
case 1:
vl->append(BuildConnVal());
case 2:
vl->append(BuildConnVal());
vl->append(header);
case 3:
vl->append(BuildConnVal());
vl->append(header);
vl->append(data);
}
ConnectionEvent(ev, vl);

Dane

Jon_Siwek · April 12, 2018, 7:44pm

Overloading is not supported for functions in general (function/event/hook).

- Jon

robin · April 12, 2018, 9:33pm

This has interesting implication for BIT-1431: if overloading worked
work, that could take the place of the &default attribute suggested
there.

Robin

Topic		Replies	Views
How to use Broker::Data in an event handler? Development development	5	96	May 6, 2022
Clean way to pass events from Bro to C++ Zeek	3	50	May 6, 2022
Receiving bro events via broccoli API Zeek	4	88	May 6, 2022
about event handle Zeek	1	58	May 6, 2022
"Meta" event handling? Zeek	4	65	May 6, 2022

Overload Bro Events

Related Topics