Registering events¶
Events are created by invoking register_event method wich takes as first argument an event name. For our needs, we will create three events:
SmtpDissector:register_event('command')
SmtpDissector:register_event('response')
SmtpDissector:register_streamed_event('mail_content')
Note that the last one (mail_content) is a stream-based event that takes a signaling function as extra argument to cope with data availability.
Triggering events¶
Events are triggered by invoking trigger method which is usually done after successfully parsing a message block. We pass to the trigger method the event name and a list of parameters that will be available later to the security rule through eval‘s arguments. For instance, the following call is made while parsing a smtp command in the state machine:
self:trigger('command', self.smtp)
Note
self is an instance of smtp dissector.