Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 17:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Refactoring code to reuse ApplyScheduledAnalyzers().

Browse source 
This is potentially changing the exact time when the
scheduled_analyzer_applied() event is executed, but that should be
fine afaict.
This commit is contained in:
Robin Sommer 2014-03-13 14:58:30 -07:00
parent 126bd298fe
commit 4eb81de08e
4 changed files with 31 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -1,4 +1,9 @@
2.2-229 | 2014-03-13 14:58:30 -0700
* Refactoring analyzer manager code to reuse
ApplyScheduledAnalyzers(). (Robin Sommer)
2.2-228 | 2014-03-13 14:25:53 -0700
* Teach async DNS lookup builtin-functions about BRO_DNS_FAKE.

2
VERSION
View file

@ -1 +1 @@
2.2-228
2.2-229

45
src/analyzer/Manager.cc
View file

@ -358,7 +358,6 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
udp::UDP_Analyzer* udp = 0;
icmp::ICMP_Analyzer* icmp = 0;
TransportLayerAnalyzer* root = 0;
tag_set expected;
pia::PIA* pia = 0;
bool analyzed = false;
bool check_port = false;
@ -368,7 +367,6 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
case TRANSPORT_TCP:
root = tcp = new tcp::TCP_Analyzer(conn);
pia = new pia::PIA_TCP(conn);
expected = GetScheduled(conn);
check_port = true;
DBG_ANALYZER(conn, "activated TCP analyzer");
break;
@ -376,7 +374,6 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
case TRANSPORT_UDP:
root = udp = new udp::UDP_Analyzer(conn);
pia = new pia::PIA_UDP(conn);
expected = GetScheduled(conn);
check_port = true;
DBG_ANALYZER(conn, "activated UDP analyzer");
break;
@ -393,25 +390,12 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
return false;
}
// Any scheduled analyzer?
for ( tag_set::iterator i = expected.begin(); i != expected.end(); i++ )
{
Analyzer* analyzer = analyzer_mgr->InstantiateAnalyzer(*i, conn);
if ( analyzer )
{
root->AddChildAnalyzer(analyzer, false);
DBG_ANALYZER_ARGS(conn, "activated %s analyzer as scheduled",
analyzer_mgr->GetComponentName(*i));
}
}
bool scheduled = ApplyScheduledAnalyzers(conn, false, root);
// Hmm... Do we want *just* the expected analyzer, or all
// other potential analyzers as well? For now we only take
// the scheduled ones.
if ( expected.size() == 0 )
if ( ! scheduled )
{ // Let's see if it's a port we know.
if ( check_port && ! dpd_ignore_ports )
{
@ -519,13 +503,6 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
if ( ! analyzed )
conn->SetLifetime(non_analyzed_lifetime);
for ( tag_set::iterator i = expected.begin(); i != expected.end(); i++ )
{
EnumVal* tag = i->AsEnumVal();
Ref(tag);
conn->Event(scheduled_analyzer_applied, 0, tag);
}
return true;
}
@ -637,12 +614,13 @@ Manager::tag_set Manager::GetScheduled(const Connection* conn)
return result;
}
void Manager::ApplyScheduledAnalyzers(Connection* conn)
bool Manager::ApplyScheduledAnalyzers(Connection* conn, bool init, TransportLayerAnalyzer* parent)
{
TransportLayerAnalyzer* root = conn->GetRootAnalyzer();
if ( ! parent )
parent = conn->GetRootAnalyzer();
if ( ! root )
return;
if ( ! parent )
return false;
tag_set expected = GetScheduled(conn);
@ -653,8 +631,15 @@ void Manager::ApplyScheduledAnalyzers(Connection* conn)
if ( ! analyzer )
continue;
root->AddChildAnalyzer(analyzer, true);
parent->AddChildAnalyzer(analyzer, init);
EnumVal* tag = it->AsEnumVal();
Ref(tag);
conn->Event(scheduled_analyzer_applied, 0, tag);
DBG_ANALYZER_ARGS(conn, "activated %s analyzer as scheduled",
analyzer_mgr->GetComponentName(*it));
}
return expected.size();
}

11
src/analyzer/Manager.h
View file

@ -297,8 +297,17 @@ public:
* and then attaches them.
*
* @param conn The connection to which scheduled analyzers are attached.
*
* @param init True if the newly added analyzers should be
* immediately initialized.
*
* @param root If given, the scheduled analyzers will become childs
* of this; if not given the connection's root analyzer is used
* instead.
*
* @return True if at least one scheduled analyzer was found.
*/
void ApplyScheduledAnalyzers(Connection* conn);
bool ApplyScheduledAnalyzers(Connection* conn, bool init_and_event = true, TransportLayerAnalyzer* parent = 0);
/**
* Schedules a particular analyzer for an upcoming connection. Once