Next: , Previous: Functions, Up: Values



3.16 Event handlers

Event handlers are nearly identical in both syntax and semantics to functions, with the two differences being that event handlers have no return type since they never return a value, and you cannot call an event handler. You declare an event handler using:

event ( argument* )
So, for example,
         local eh: event(attack_source: addr, severity: count)

declares the local variable eh to have a type corresponding to an event handler that takes two arguments, attack_source of type addr, and severity of type count.

To declare an event handler along with its body, the syntax is:

event handler ( argument ) { statement }

As with functions, you can assign event handlers to variables of the same type. Instead of calling event handlers like functions, though, instead they are invoked. This can happen in one of three ways:

From the event engine
When the event engine detects an event for which you have defined a corresponding event handler, it queues an event for that handler. The handler is invoked as soon as the event engine finishes processing the current packet (and invoking any other event handlers that were queued first). The various event handlers known to the event engine are discussed in Chapter N .
Via the event statement
The event statement queues an event for the given event handler for immediate processing. For example:
              event password_exposed(c, user, password);
     

queues an inovocation of the event handler password_exposed with the arguments c, user, and password. Note that password_exposed must have been previously declared as an event handler with a compatible set of arguments.

Or, if we had a local variable eh as defined above, we could execute:

              event eh(src, how_severe);
     

if src is of type addr and how_severe of type count.

Via the schedule expression
The expression queues an event for future invocation. For example:
              schedule 5 secs { password_exposed(c, user, password) };
     

would cause password_exposed to be invoked 5 seconds in the future.