Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Move logic to execute HookLoadFile for signatures into rule matcher code.

Browse source 
This (1) fixes an issue where signature files supplied on the command
line wouldn't pass through the hooks, and (2) prepares for allowing
hooks to supply the content of a signature file directly.
This commit is contained in:
Robin Sommer 2021-10-07 09:59:15 +02:00
parent f080a814c4
commit 1efaf8d7a4
9 changed files with 94 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

6
testing/btest/Baseline/plugins.hooks/output
View file

@ -1034,6 +1034,7 @@
0.000000 MetaHookPost LoadFile(0, base<...>/zeek.bif, <...>/zeek.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, builtin-plugins/__load__.zeek, <...>/__load__.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, builtin-plugins/__preload__.zeek, <...>/__preload__.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, s1.sig, ./s1.sig) -> -1
0.000000 MetaHookPost LoadFile(1, ./archive, <...>/archive.sig) -> -1
0.000000 MetaHookPost LoadFile(1, ./audio, <...>/audio.sig) -> -1
0.000000 MetaHookPost LoadFile(1, ./dpd.sig, <...>/dpd.sig) -> -1
@ -1046,6 +1047,7 @@
0.000000 MetaHookPost LoadFile(1, ./office, <...>/office.sig) -> -1
0.000000 MetaHookPost LoadFile(1, ./programming, <...>/programming.sig) -> -1
0.000000 MetaHookPost LoadFile(1, ./video, <...>/video.sig) -> -1
0.000000 MetaHookPost LoadFile(1, s2, ./s2.sig) -> -1
0.000000 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -> <void>
0.000000 MetaHookPost LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, <void ptr>) -> true
0.000000 MetaHookPost QueueEvent(NetControl::init()) -> false
@ -2086,6 +2088,7 @@
0.000000 MetaHookPre LoadFile(0, base<...>/zeek.bif, <...>/zeek.bif.zeek)
0.000000 MetaHookPre LoadFile(0, builtin-plugins/__load__.zeek, <...>/__load__.zeek)
0.000000 MetaHookPre LoadFile(0, builtin-plugins/__preload__.zeek, <...>/__preload__.zeek)
0.000000 MetaHookPre LoadFile(0, s1.sig, ./s1.sig)
0.000000 MetaHookPre LoadFile(1, ./archive, <...>/archive.sig)
0.000000 MetaHookPre LoadFile(1, ./audio, <...>/audio.sig)
0.000000 MetaHookPre LoadFile(1, ./dpd.sig, <...>/dpd.sig)
@ -2098,6 +2101,7 @@
0.000000 MetaHookPre LoadFile(1, ./office, <...>/office.sig)
0.000000 MetaHookPre LoadFile(1, ./programming, <...>/programming.sig)
0.000000 MetaHookPre LoadFile(1, ./video, <...>/video.sig)
0.000000 MetaHookPre LoadFile(1, s2, ./s2.sig)
0.000000 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)})
0.000000 MetaHookPre LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, <void ptr>)
0.000000 MetaHookPre QueueEvent(NetControl::init())
@ -3149,6 +3153,8 @@
0.000000 | HookLoadFile base<...>/zeek.bif <...>/zeek.bif.zeek
0.000000 | HookLoadFile builtin-plugins/__load__.zeek <...>/__load__.zeek
0.000000 | HookLoadFile builtin-plugins/__preload__.zeek <...>/__preload__.zeek
0.000000 | HookLoadFile s1.sig ./s1.sig
0.000000 | HookLoadFile s2 ./s2.sig
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
0.000000 | HookLogWrite packet_filter [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T]
0.000000 | HookQueueEvent NetControl::init()