Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Move logic to execute HookLoadFile for signatures into rule matcher code.

Browse source 
This (1) fixes an issue where signature files supplied on the command
line wouldn't pass through the hooks, and (2) prepares for allowing
hooks to supply the content of a signature file directly.
This commit is contained in:
Robin Sommer 2021-10-07 09:59:15 +02:00
parent f080a814c4
commit 1efaf8d7a4
9 changed files with 94 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/zeek-setup.cc
View file

@ -737,15 +737,19 @@ SetupResult setup(int argc, char** argv, Options* zopts)
id->SetVal(make_intrusive<StringVal>(*options.pcap_filter));
}
auto all_signature_files = options.signature_files;
std::vector<SignatureFile> all_signature_files;
// Append signature files given on the command line
for ( const auto& sf : options.signature_files )
all_signature_files.push_back(sf);
// Append signature files defined in "signature_files" script option
for ( auto&& sf : get_script_signature_files() )
all_signature_files.emplace_back(std::move(sf));
all_signature_files.push_back(std::move(sf));
// Append signature files defined in @load-sigs
for ( const auto& sf : zeek::detail::sig_files )
all_signature_files.emplace_back(sf);
all_signature_files.push_back(sf);
if ( ! all_signature_files.empty() )
{