Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Refactoring code to reuse ApplyScheduledAnalyzers().

Browse source 
This is potentially changing the exact time when the
scheduled_analyzer_applied() event is executed, but that should be
fine afaict.
This commit is contained in:
Robin Sommer 2014-03-13 14:58:30 -07:00
parent 126bd298fe
commit 4eb81de08e
4 changed files with 31 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -1,4 +1,9 @@
2.2-229 | 2014-03-13 14:58:30 -0700
* Refactoring analyzer manager code to reuse
ApplyScheduledAnalyzers(). (Robin Sommer)
2.2-228 | 2014-03-13 14:25:53 -0700 2.2-228 | 2014-03-13 14:25:53 -0700
* Teach async DNS lookup builtin-functions about BRO_DNS_FAKE. * Teach async DNS lookup builtin-functions about BRO_DNS_FAKE.

2
VERSION
View file

@ -1 +1 @@
2.2-228 2.2-229

45
src/analyzer/Manager.cc
View file

@ -358,7 +358,6 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
udp::UDP_Analyzer* udp = 0; udp::UDP_Analyzer* udp = 0;
icmp::ICMP_Analyzer* icmp = 0; icmp::ICMP_Analyzer* icmp = 0;
TransportLayerAnalyzer* root = 0; TransportLayerAnalyzer* root = 0;
tag_set expected;
pia::PIA* pia = 0; pia::PIA* pia = 0;
bool analyzed = false; bool analyzed = false;
bool check_port = false; bool check_port = false;
@ -368,7 +367,6 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
case TRANSPORT_TCP: case TRANSPORT_TCP:
root = tcp = new tcp::TCP_Analyzer(conn); root = tcp = new tcp::TCP_Analyzer(conn);
pia = new pia::PIA_TCP(conn); pia = new pia::PIA_TCP(conn);
expected = GetScheduled(conn);
check_port = true; check_port = true;
DBG_ANALYZER(conn, "activated TCP analyzer"); DBG_ANALYZER(conn, "activated TCP analyzer");
break; break;
@ -376,7 +374,6 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
case TRANSPORT_UDP: case TRANSPORT_UDP:
root = udp = new udp::UDP_Analyzer(conn); root = udp = new udp::UDP_Analyzer(conn);
pia = new pia::PIA_UDP(conn); pia = new pia::PIA_UDP(conn);
expected = GetScheduled(conn);
check_port = true; check_port = true;
DBG_ANALYZER(conn, "activated UDP analyzer"); DBG_ANALYZER(conn, "activated UDP analyzer");
break; break;
@ -393,25 +390,12 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
return false; return false;
} }
// Any scheduled analyzer? bool scheduled = ApplyScheduledAnalyzers(conn, false, root);
for ( tag_set::iterator i = expected.begin(); i != expected.end(); i++ )
{
Analyzer* analyzer = analyzer_mgr->InstantiateAnalyzer(*i, conn);
if ( analyzer )
{
root->AddChildAnalyzer(analyzer, false);
DBG_ANALYZER_ARGS(conn, "activated %s analyzer as scheduled",
analyzer_mgr->GetComponentName(*i));
}
}
// Hmm... Do we want *just* the expected analyzer, or all // Hmm... Do we want *just* the expected analyzer, or all
// other potential analyzers as well? For now we only take // other potential analyzers as well? For now we only take
// the scheduled ones. // the scheduled ones.
if ( expected.size() == 0 ) if ( ! scheduled )
{ // Let's see if it's a port we know. { // Let's see if it's a port we know.
if ( check_port && ! dpd_ignore_ports ) if ( check_port && ! dpd_ignore_ports )
{ {
@ -519,13 +503,6 @@ bool Manager::BuildInitialAnalyzerTree(Connection* conn)
if ( ! analyzed ) if ( ! analyzed )
conn->SetLifetime(non_analyzed_lifetime); conn->SetLifetime(non_analyzed_lifetime);
for ( tag_set::iterator i = expected.begin(); i != expected.end(); i++ )
{
EnumVal* tag = i->AsEnumVal();
Ref(tag);
conn->Event(scheduled_analyzer_applied, 0, tag);
}
return true; return true;
} }
@ -637,12 +614,13 @@ Manager::tag_set Manager::GetScheduled(const Connection* conn)
return result; return result;
} }
void Manager::ApplyScheduledAnalyzers(Connection* conn) bool Manager::ApplyScheduledAnalyzers(Connection* conn, bool init, TransportLayerAnalyzer* parent)
{ {
TransportLayerAnalyzer* root = conn->GetRootAnalyzer(); if ( ! parent )
parent = conn->GetRootAnalyzer();
if ( ! root ) if ( ! parent )
return; return false;
tag_set expected = GetScheduled(conn); tag_set expected = GetScheduled(conn);
@ -653,8 +631,15 @@ void Manager::ApplyScheduledAnalyzers(Connection* conn)
if ( ! analyzer ) if ( ! analyzer )
continue; continue;
root->AddChildAnalyzer(analyzer, true); parent->AddChildAnalyzer(analyzer, init);
EnumVal* tag = it->AsEnumVal();
Ref(tag);
conn->Event(scheduled_analyzer_applied, 0, tag);
DBG_ANALYZER_ARGS(conn, "activated %s analyzer as scheduled", DBG_ANALYZER_ARGS(conn, "activated %s analyzer as scheduled",
analyzer_mgr->GetComponentName(*it)); analyzer_mgr->GetComponentName(*it));
} }
return expected.size();
} }

11
src/analyzer/Manager.h
View file

@ -297,8 +297,17 @@ public:
* and then attaches them. * and then attaches them.
* *
* @param conn The connection to which scheduled analyzers are attached. * @param conn The connection to which scheduled analyzers are attached.
*
* @param init True if the newly added analyzers should be
* immediately initialized.
*
* @param root If given, the scheduled analyzers will become childs
* of this; if not given the connection's root analyzer is used
* instead.
*
* @return True if at least one scheduled analyzer was found.
*/ */
void ApplyScheduledAnalyzers(Connection* conn); bool ApplyScheduledAnalyzers(Connection* conn, bool init_and_event = true, TransportLayerAnalyzer* parent = 0);
/** /**
* Schedules a particular analyzer for an upcoming connection. Once * Schedules a particular analyzer for an upcoming connection. Once