base/protocols/conn/removal-hooks.zeek

Conn

Adds a framework for registering “connection removal hooks”. All registered hooks for a given connection get run within the connection_state_remove event for that connection. This functionality is useful from a performance/scaling concern: if every new protocol-analysis script uses connection_state_remove to implement its finalization/cleanup logic, then all connections take the performance hit of dispatching that event, even if they aren’t related to that specific protocol.

Namespace:Conn

Summary

Redefinitions

connection: record  

Functions

Conn::register_removal_hook: function Register a hook that will later be called during a connection’s connection_state_remove event.
Conn::unregister_removal_hook: function Unregister a hook that would have been called during a connection’s connection_state_remove event such that it will no longer be called.

Detailed Interface

Types

Conn::RemovalHook
Type:hook (c: connection) : bool

A hook function for use with either Conn::register_removal_hook or Conn::unregister_removal_hook. The connection argument refers to the connection currently being removed within a connection_state_remove event.

Functions

Conn::register_removal_hook
Type:function (c: connection, hk: Conn::RemovalHook) : bool

Register a hook that will later be called during a connection’s connection_state_remove event.

C:The associated connection whose connection_state_remove event should trigger a callback to hk.
Hk:The hook function to use as a callback.
Returns:false if the provided hook was previously registered, else true.
Conn::unregister_removal_hook
Type:function (c: connection, hk: Conn::RemovalHook) : bool

Unregister a hook that would have been called during a connection’s connection_state_remove event such that it will no longer be called.

C:The associated connection whose connection_state_remove event could have triggered a callback to hk.
Hk:The hook function that would have been used as a callback.
Returns:true if the provided hook was previously registered, else false.