Previous: Conditions, Up: Signature language



8.2.2 Actions

Actions define what to do if a signature matches. Currently, there is only one action defined: event string raises a signature_match event. The event handler has the following type:

event signature_match(state: signature_state, msg: string, data: string)

See \f{fig:signature-state} for a description of signature_state. The given string is passed as msg, and data is the current part of the payload that has eventually lead to the signature match (this may be empty for signatures without content conditions).