Merge remote-tracking branch 'origin/master' into topic/seth/sumstats-updates

Conflicts: scripts/base/frameworks/sumstats/cluster.bro scripts/base/frameworks/sumstats/plugins/average.bro scripts/base/frameworks/sumstats/plugins/max.bro scripts/base/frameworks/sumstats/plugins/min.bro scripts/base/frameworks/sumstats/plugins/sample.bro scripts/base/frameworks/sumstats/plugins/std-dev.bro scripts/base/frameworks/sumstats/plugins/sum.bro scripts/base/frameworks/sumstats/plugins/unique.bro scripts/base/frameworks/sumstats/plugins/variance.bro scripts/policy/protocols/http/detect-sqli.bro testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.bro
2025-10-12 19:48:20 +00:00 · 2013-05-21 22:33:16 -04:00 · 2013-05-21 22:33:16 -04:00 · 0a18b62d12
commit 0a18b62d12
parent bec965b66f e46300a724
349 changed files with 237121 additions and 160465 deletions
--- a/scripts/base/frameworks/sumstats/plugins/last.bro
+++ b/scripts/base/frameworks/sumstats/plugins/last.bro
@ -0,0 +1,58 @@
+@load base/frameworks/sumstats
+@load base/utils/queue
+
+module SumStats;
+
+export {
+	redef enum Calculation += {
+		## Keep last X observations in a queue
+		LAST
+	};
+
+	redef record Reducer += {
+		## number of elements to keep.
+		num_last_elements: count &default=0;
+	};
+
+	redef record ResultVal += {
+		## This is the queue where elements are maintained.  Use the
+		## :bro:see:`SumStats::get_elements` function to get a vector of the current element values.
+		last_elements: Queue::Queue &optional;
+	};
+
+	## Get a vector of element values from a ResultVal.
+	global get_last: function(rv: ResultVal): vector of Observation;
+}
+
+function get_last(rv: ResultVal): vector of Observation
+	{
+	local s: vector of Observation = vector();
+	if ( rv?$last_elements )
+		Queue::get_vector(rv$last_elements, s);
+	return s;
+	}
+
+hook register_observe_plugins()
+	{
+	register_observe_plugin(LAST, function(r: Reducer, val: double, obs: Observation, rv: ResultVal)
+		{
+		if ( r$num_last_elements > 0 )
+			{
+			if ( ! rv?$last_elements )
+				rv$last_elements = Queue::init([$max_len=r$num_last_elements]);
+			Queue::put(rv$last_elements, obs);
+			}
+		});
+	}
+
+
+hook compose_resultvals_hook(result: ResultVal, rv1: ResultVal, rv2: ResultVal)
+	{
+	# Merge $samples
+	if ( rv1?$last_elements && rv2?$last_elements )
+		result$last_elements = Queue::merge(rv1$last_elements, rv2$last_elements);
+	else if ( rv1?$last_elements )
+		result$last_elements = rv1$last_elements;
+	else if ( rv2?$last_elements )
+		result$last_elements = rv2$last_elements;
+	}