Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add input interface to forward data for file analysis.

Browse source 
The new Input::add_analysis function is used to automatically forward
input data on to the file analysis framework.
This commit is contained in:
Jon Siwek 2013-05-21 10:29:22 -05:00
parent 90fa331279
commit 0ef074594d
9 changed files with 219 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/file_analysis/Manager.h
View file

@ -56,11 +56,18 @@ public:
void DataIn(const u_char* data, uint64 len, AnalyzerTag::Tag tag,
Connection* conn, bool is_orig);
/**
* Pass in sequential file data from external source (e.g. input framework).
*/
void DataIn(const u_char* data, uint64 len, const string& file_id,
const string& source);
/**
* Signal the end of file data.
*/
void EndOfFile(AnalyzerTag::Tag tag, Connection* conn);
void EndOfFile(AnalyzerTag::Tag tag, Connection* conn, bool is_orig);
void EndOfFile(const string& file_id);
/**
* Signal a gap in the file data stream.
@ -118,13 +125,13 @@ protected:
typedef map<string, File*> IDMap;
/**
* @return the File object mapped to #current_file_id or a null pointer if
* @return the File object mapped to \a file_id or a null pointer if
* analysis is being ignored for the associated file. An File
* object may be created if a mapping doesn't exist, and if it did
* exist, the activity time is refreshed along with any
* connection-related fields.
*/
File* GetFile(Connection* conn = 0,
File* GetFile(const string& file_id, Connection* conn = 0,
AnalyzerTag::Tag tag = AnalyzerTag::Error,
bool is_orig = false, bool update_conn = true);