Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/fastpath'

Browse source 
* origin/fastpath:
  Small but important fix for the input framework. BroStrings were constructed without a final \0 - which means that strings read by the input framework are unusable by basically all internal functions (like to_count).
This commit is contained in:
Robin Sommer 2012-10-02 11:59:29 -07:00
commit 4d7eabc2a9
6 changed files with 20 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

9
CHANGES
View file

@ -1,4 +1,13 @@
2.1-47 | 2012-10-02 11:59:29 -0700
* Fix for the input framework: BroStrings were constructed without a
final \0, which makes them unusable by basically all internal
functions (like to_count). (Bernhard Amann)
* Remove deprecated script functionality (see NEWS for details).
(Daniel Thayer)
2.1-39 | 2012-09-29 14:09:16 -0700 2.1-39 | 2012-09-29 14:09:16 -0700
* Reliability adjustments to istate tests with network * Reliability adjustments to istate tests with network

3
NEWS
View file

@ -28,8 +28,9 @@ Changed Functionality
make_connection_persistent(), generate_idmef(), make_connection_persistent(), generate_idmef(),
split_complete() split_complete()
- "this" is no longer a reserved keyword. - Removed a now unused argument from "do_split" helper function.
- "this" is no longer a reserved keyword.
Bro 2.1 Bro 2.1
------- -------

2
VERSION
View file

@ -1 +1 @@
2.1-39 2.1-47

2
src/input/Manager.cc
View file

@ -2007,7 +2007,7 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type)
case TYPE_STRING: case TYPE_STRING:
{ {
BroString *s = new BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, 0); BroString *s = new BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, 1);
return new StringVal(s); return new StringVal(s);
} }

3
testing/btest/Baseline/scripts.base.frameworks.input.basic/out
View file

@ -1,5 +1,5 @@
{ {
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242, sc={
2, 2,
4, 4,
1, 1,
@ -12,3 +12,4 @@ BB
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
} }
4242

8
testing/btest/scripts/base/frameworks/input/basic.bro
View file

@ -8,9 +8,9 @@
@TEST-START-FILE input.log @TEST-START-FILE input.log
#separator \x09 #separator \x09
#path ssh #path ssh
#fields b i e c p sn a d t iv s sc ss se vc ve f #fields b i e c p sn a d t iv s sc ss se vc ve ns
#types bool int enum count port subnet addr double time interval string table table table vector vector func #types bool int enum count port subnet addr double time interval string table table table vector vector string
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242
@TEST-END-FILE @TEST-END-FILE
@load base/protocols/ssh @load base/protocols/ssh
@ -37,6 +37,7 @@ type Val: record {
t: time; t: time;
iv: interval; iv: interval;
s: string; s: string;
ns: string;
sc: set[count]; sc: set[count];
ss: set[string]; ss: set[string];
se: set[string]; se: set[string];
@ -57,6 +58,7 @@ event bro_init()
event Input::update_finished(name: string, source:string) event Input::update_finished(name: string, source:string)
{ {
print outfile, servers; print outfile, servers;
print outfile, to_count(servers[-42]$ns); # try to actually use a string. If null-termination is wrong this will fail.
close(outfile); close(outfile);
terminate(); terminate();
} }