Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 02:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Minor refactor of file analysis prototype interfaces.

Browse source
This commit is contained in:
Jon Siwek 2013-01-16 14:28:19 -06:00
parent 69bd46b3af
commit 4a6fdfbc9c
2 changed files with 34 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

37
src/FileAnalysisManager.cc
View file

@ -40,7 +40,7 @@ int Info::total_bytes_idx = -1;
int Info::undelivered_idx = -1; int Info::undelivered_idx = -1;
int Info::timeout_interval_idx = -1; int Info::timeout_interval_idx = -1;
Info::Info(const string& file_id, Connection* conn, AnalyzerTag::Tag at) Info::Info(const string& file_id, Connection* conn, const string& protocol)
: val(0), last_activity_time(network_time), postpone_timeout(false) : val(0), last_activity_time(network_time), postpone_timeout(false)
{ {
DBG_LOG(DBG_FILE_ANALYSIS, "Creating new Info object %s", file_id.c_str()); DBG_LOG(DBG_FILE_ANALYSIS, "Creating new Info object %s", file_id.c_str());
@ -63,8 +63,8 @@ Info::Info(const string& file_id, Connection* conn, AnalyzerTag::Tag at)
UpdateConnectionFields(conn); UpdateConnectionFields(conn);
if ( at != AnalyzerTag::Error ) if ( protocol != "" )
val->Assign(protocol_idx, new StringVal(Analyzer::GetTagName(at))); val->Assign(protocol_idx, new StringVal(protocol.c_str()));
ScheduleInactivityTimer(); ScheduleInactivityTimer();
Manager::EvaluatePolicy(BifEnum::FileAnalysis::TRIGGER_NEW, this); Manager::EvaluatePolicy(BifEnum::FileAnalysis::TRIGGER_NEW, this);
@ -171,27 +171,37 @@ void Manager::Terminate()
} }
void Manager::DataIn(const string& file_id, const u_char* data, uint64 len, void Manager::DataIn(const string& file_id, const u_char* data, uint64 len,
uint64 offset, Connection* conn, AnalyzerTag::Tag at) uint64 offset, Connection* conn, const string& protocol)
{ {
Info* info = IDtoInfo(file_id, conn, at); Info* info = IDtoInfo(file_id, conn, protocol);
info->UpdateLastActivityTime(); info->UpdateLastActivityTime();
info->UpdateConnectionFields(conn); info->UpdateConnectionFields(conn);
// TODO: more stuff // TODO: more stuff
} }
void Manager::DataIn(const string& file_id, const u_char* data, uint64 len, void Manager::DataIn(const string& file_id, const u_char* data, uint64 len,
Connection* conn, AnalyzerTag::Tag at) Connection* conn, const string& protocol)
{ {
Info* info = IDtoInfo(file_id, conn, at); Info* info = IDtoInfo(file_id, conn, protocol);
info->UpdateLastActivityTime(); info->UpdateLastActivityTime();
info->UpdateConnectionFields(conn); info->UpdateConnectionFields(conn);
// TODO: more stuff // TODO: more stuff
} }
void Manager::SetSize(const string& file_id, uint64 size, void Manager::EndOfData(const string& file_id, Connection* conn,
Connection* conn, AnalyzerTag::Tag at) const string& protocol)
{ {
Info* info = IDtoInfo(file_id, conn, at); Info* info = IDtoInfo(file_id, conn, protocol);
info->UpdateLastActivityTime();
info->UpdateConnectionFields(conn);
Manager::EvaluatePolicy(BifEnum::FileAnalysis::TRIGGER_DONE, info);
Remove(file_id);
}
void Manager::SetSize(const string& file_id, uint64 size,
Connection* conn, const string& protocol)
{
Info* info = IDtoInfo(file_id, conn, protocol);
info->UpdateLastActivityTime(); info->UpdateLastActivityTime();
info->UpdateConnectionFields(conn); info->UpdateConnectionFields(conn);
info->SetTotalBytes(size); info->SetTotalBytes(size);
@ -224,11 +234,11 @@ bool Manager::PostponeTimeout(const string& file_id) const
} }
Info* Manager::IDtoInfo(const string& file_id, Connection* conn, Info* Manager::IDtoInfo(const string& file_id, Connection* conn,
AnalyzerTag::Tag at) const string& protocol)
{ {
Info* rval = file_map[file_id]; Info* rval = file_map[file_id];
if ( ! rval ) if ( ! rval )
rval = file_map[file_id] = new Info(file_id, conn, at); rval = file_map[file_id] = new Info(file_id, conn, protocol);
return rval; return rval;
} }
@ -261,8 +271,7 @@ void Manager::Timeout(const string& file_id, bool is_terminating)
DBG_LOG(DBG_FILE_ANALYSIS, "File analysis timeout for %s", DBG_LOG(DBG_FILE_ANALYSIS, "File analysis timeout for %s",
info->FileID().c_str()); info->FileID().c_str());
file_map.erase(file_id); Remove(file_id);
delete info;
} }
void Manager::Remove(const string& file_id) void Manager::Remove(const string& file_id)

19
src/FileAnalysisManager.h
View file

@ -6,7 +6,6 @@
#include "Conn.h" #include "Conn.h"
#include "Analyzer.h" #include "Analyzer.h"
#include "AnalyzerTags.h"
#include "Timer.h" #include "Timer.h"
#include "Val.h" #include "Val.h"
#include "Reporter.h" #include "Reporter.h"
@ -62,7 +61,7 @@ protected:
* Constructor; only file_analysis::Manager should be creating these. * Constructor; only file_analysis::Manager should be creating these.
*/ */
Info(const string& file_id, Connection* conn = 0, Info(const string& file_id, Connection* conn = 0,
AnalyzerTag::Tag at = AnalyzerTag::Error); const string& protocol = "");
/** /**
* Updates the "conn_ids" and "conn_uids" fields in #val record with the * Updates the "conn_ids" and "conn_uids" fields in #val record with the
@ -132,20 +131,25 @@ public:
*/ */
void DataIn(const string& file_id, const u_char* data, uint64 len, void DataIn(const string& file_id, const u_char* data, uint64 len,
uint64 offset, Connection* conn = 0, uint64 offset, Connection* conn = 0,
AnalyzerTag::Tag at = AnalyzerTag::Error); const string& protocol = "");
/** /**
* Pass in sequential file data. * Pass in sequential file data.
*/ */
void DataIn(const string& file_id, const u_char* data, uint64 len, void DataIn(const string& file_id, const u_char* data, uint64 len,
Connection* conn = 0, Connection* conn = 0, const string& protocol = "");
AnalyzerTag::Tag at = AnalyzerTag::Error);
/**
* Signal the end of file data.
*/
void EndOfData(const string& file_id, Connection* conn = 0,
const string& protocol = "");
/** /**
* Provide the expected number of bytes that comprise a file. * Provide the expected number of bytes that comprise a file.
*/ */
void SetSize(const string& file_id, uint64 size, Connection* conn = 0, void SetSize(const string& file_id, uint64 size, Connection* conn = 0,
AnalyzerTag::Tag at = AnalyzerTag::Error); const string& protocol = "");
/** /**
* Discard the file_analysis::Info object associated with \a file_id. * Discard the file_analysis::Info object associated with \a file_id.
@ -174,13 +178,12 @@ protected:
* doesn't exist. * doesn't exist.
*/ */
Info* IDtoInfo(const string& file_id, Connection* conn = 0, Info* IDtoInfo(const string& file_id, Connection* conn = 0,
AnalyzerTag::Tag at = AnalyzerTag::Error); const string& protocol = "");
/** /**
* @return the Info object mapped to \a file_id, or a null pointer if no * @return the Info object mapped to \a file_id, or a null pointer if no
* mapping exists. * mapping exists.
*/ */
Info* Lookup(const string& file_id) const; Info* Lookup(const string& file_id) const;
/** /**