Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

logging/Manager: Split Write()

Browse source 
If we delay in the stream policy hook, we'll need to resume writing
to the attached filters later on. Prepare for that by splitting out
the filter processing.
This commit is contained in:
Arne Welzel 2023-11-12 16:03:23 +01:00
parent 2d0fa13e18
commit 3afd6242c7
2 changed files with 22 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/logging/Manager.h
View file

@ -283,7 +283,7 @@ private:
bool TraverseRecord(Stream* stream, Filter* filter, RecordType* rt, TableVal* include, TableVal* exclude,
const std::string& path, const std::list<int>& indices);
threading::Value** RecordToFilterVals(Stream* stream, Filter* filter, RecordVal* columns);
threading::Value** RecordToFilterVals(const Stream* stream, Filter* filter, RecordVal* columns);
threading::Value* ValToLogVal(std::optional<ZVal>& val, Type* ty);
Stream* FindStream(EnumVal* id);
@ -294,6 +294,13 @@ private:
bool CompareFields(const Filter* filter, const WriterFrontend* writer);
bool CheckFilterWriterConflict(const WriterInfo* winfo, const Filter* filter);
// Verdict of a PolicyHook.
enum class PolicyVerdict {
PASS,
VETO,
};
bool WriteToFilters(const Manager::Stream* stream, zeek::RecordValPtr columns, PolicyVerdict stream_verdict);
bool RemoveStream(unsigned int idx);
std::vector<Stream*> streams; // Indexed by stream enum.