Registering events

Events are created by invoking register_event method wich takes as first argument an event name. For our needs, we will create three events:


Note that the last one (mail_content) is a stream-based event that takes a signaling function as extra argument to cope with data availability.

Triggering events

Events are triggered by invoking trigger method which is usually done after successfully parsing a message block. We pass to the trigger method the event name and a list of parameters that will be available later to the security rule through eval‘s arguments. For instance, the following call is made while parsing a smtp command in the state machine:

self:trigger('command', self.smtp)


self is an instance of smtp dissector.