Greetings
I don't know why I've had such poor like with 'broping' (and thanks to Christian for all his help) but I have been successful receiving the predefined events in conn.bro. However, the compiler is complaining about the call-back function argument in my interface: "passing arg 3 of 'bro_event_registry_add' from incompatible pointer type". I have tried to type this as void and as BroEventFunc with the same results. I haven't found much that's helpful searching the Internet, can anybody clue me in about what's going on?
The events in conn.bro have 'connection' objects as their parameters. As I understand the manuals, I can get the fields out of the object with the bro_record_get_xxxx methods?
Thanks
Mike
Hi Mike,
However, the compiler is complaining about
the call-back function argument in my interface: "passing arg 3 of
'bro_event_registry_add' from incompatible pointer type". I have tried to
type this as void and as BroEventFunc with the same results.
The return type of the function should be void:
void your_callback_func(BroConn* bc, ...) { ... }
Not to confuse with that, the 3rd argument to bro_event_registry_add()
is expected to be of BroEventFunc. In order to cast your function
accordingly when passing it, you can do:
bro_event_registry_add(bc, "your_event_name",
(BroEventFunc)your_callback_func);
The events in conn.bro have 'connection' objects as their parameters. As I
understand the manuals, I can get the fields out of the object with the
bro_record_get_xxxx methods?
Your callback function needs to have a BroRecord* as one of its
arguments at the appropriate position, and yes, then you can use the
bro_record_get_xxxx functions to access the fields in that record
passed to your callback when the event arrives.
-- Stefan
Stefan
However, the compiler is complaining about
the call-back function argument in my interface: "passing arg 3 of
'bro_event_registry_add' from incompatible pointer type". I have tried to
type this as void and as BroEventFunc with the same results.
The return type of the function should be void:
void your_callback_func(BroConn* bc, ...) { ... }
Not to confuse with that, the 3rd argument to bro_event_registry_add()
is expected to be of BroEventFunc. In order to cast your function
accordingly when passing it, you can do:
bro_event_registry_add(bc, "your_event_name",
(BroEventFunc)your_callback_func);
Doh. I completely forgot about the trick. Thanks.
The events in conn.bro have 'connection' objects as their parameters. As I
understand the manuals, I can get the fields out of the object with the
bro_record_get_xxxx methods?
Your callback function needs to have a BroRecord* as one of its
arguments at the appropriate position, and yes, then you can use the
bro_record_get_xxxx functions to access the fields in that record
passed to your callback when the event arrives.
I'll give that a shot. Thanks again.
Cheers
Mike
Yeah, exactly. Note that connection records are rather complex to handle
at the Broccoli level because they contain nested records, so it may
require a bit of work to get to the fields you're interested in. Just
follow the structure laid out in bro.init.
Cheers,
Christian.