Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

adapt to new folder structure

Browse source
This commit is contained in:
Bernhard Amann 2013-07-31 12:06:59 -07:00
parent daaf091bc3
commit 5122bf4a7c
8 changed files with 128 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/CMakeLists.txt
View file

@ -320,7 +320,6 @@ set(bro_SRCS
Stats.cc Stats.cc
Stmt.cc Stmt.cc
Timer.cc Timer.cc
Topk.cc
Traverse.cc Traverse.cc
Trigger.cc Trigger.cc
TunnelEncapsulation.cc TunnelEncapsulation.cc

114
src/bro.bif
View file

@ -4976,117 +4976,3 @@ function anonymize_addr%(a: addr, cl: IPAddrAnonymizationClass%): addr
} }
%} %}
%%{
#include "Topk.h"
%%}
## Creates a top-k data structure which tracks size elements.
##
## Returns: Opaque pointer to the data structure.
function topk_init%(size: count%): opaque of topk
%{
Topk::TopkVal* v = new Topk::TopkVal(size);
return v;
%}
## Add a new observed object to the data structure. The first
## added object sets the type of data tracked by the top-k data
## structure. All following values have to be of the same type
function topk_add%(handle: opaque of topk, value: any%): any
%{
assert(handle);
Topk::TopkVal* h = (Topk::TopkVal*) handle;
h->Encountered(value);
return 0;
%}
## Get the first k elements of the top-k data structure
##
## Returns: vector of the first k elements
function topk_get_top%(handle: opaque of topk, k: count%): any
%{
assert(handle);
Topk::TopkVal* h = (Topk::TopkVal*) handle;
return h->getTopK(k);
%}
## Get an overestimated count of how often value has been encountered.
## value has to be part of the currently tracked elements, otherwise
## 0 will be returned and an error message will be added to reporter.
##
## Returns: Overestimated number for how often the element has been encountered
function topk_count%(handle: opaque of topk, value: any%): count
%{
assert(handle);
Topk::TopkVal* h = (Topk::TopkVal*) handle;
return new Val(h->getCount(value), TYPE_COUNT);
%}
## Get a the maximal overestimation for count. Same restrictiosn as for topk_count
## apply.
##
## Returns: Number which represents the maximal overesimation for the count of this element.
function topk_epsilon%(handle: opaque of topk, value: any%): count
%{
assert(handle);
Topk::TopkVal* h = (Topk::TopkVal*) handle;
return new Val(h->getEpsilon(value), TYPE_COUNT);
%}
## Get the number of elements this data structure is supposed to track (given on init).
## Note that the actual number of elements in the data structure can be lower or higher
## than this. (higher due to non-pruned merges)
##
## Returns: size given during initialization
function topk_size%(handle: opaque of topk%): count
%{
assert(handle);
Topk::TopkVal* h = (Topk::TopkVal*) handle;
return new Val(h->getSize(), TYPE_COUNT);
%}
## Get the sum of all counts of all elements in the data structure. Is equal to the number
## of all inserted objects if the data structure never has been pruned. Do not use after
## calling topk_merge_prune (will throw a warning message if used afterwards)
##
## Returns: sum of all counts
function topk_sum%(handle: opaque of topk%): count
%{
assert(handle);
Topk::TopkVal* h = (Topk::TopkVal*) handle;
return new Val(h->getSum(), TYPE_COUNT);
%}
## Merge the second topk data structure into the first. Does not remove any elements, the
## resulting data structure can be bigger than the maximum size given on initialization.
function topk_merge%(handle1: opaque of topk, handle2: opaque of topk%): any
%{
assert(handle1);
assert(handle2);
Topk::TopkVal* h1 = (Topk::TopkVal*) handle1;
Topk::TopkVal* h2 = (Topk::TopkVal*) handle2;
h1->Merge(h2);
return 0;
%}
## Merge the second topk data structure into the first and prunes the final data structure
## back to the size given on initialization. Use with care and only when being aware of the
## restrictions this imposed. Do not call topk_size or topk_add afterwards, results will
## probably not be what you expect.
function topk_merge_prune%(handle1: opaque of topk, handle2: opaque of topk%): any
%{
assert(handle1);
assert(handle2);
Topk::TopkVal* h1 = (Topk::TopkVal*) handle1;
Topk::TopkVal* h2 = (Topk::TopkVal*) handle2;
h1->Merge(h2, true);
return 0;
%}

4
src/probabilistic/CMakeLists.txt
View file

@ -10,9 +10,11 @@ set(probabilistic_SRCS
BitVector.cc BitVector.cc
BloomFilter.cc BloomFilter.cc
CounterVector.cc CounterVector.cc
Hasher.cc) Hasher.cc
Topk.cc)
bif_target(bloom-filter.bif) bif_target(bloom-filter.bif)
bif_target(top-k.bif)
bro_add_subdir_library(probabilistic ${probabilistic_SRCS}) bro_add_subdir_library(probabilistic ${probabilistic_SRCS})
add_dependencies(bro_probabilistic generate_outputs) add_dependencies(bro_probabilistic generate_outputs)

4
src/Topk.cc → src/probabilistic/Topk.cc
View file

@ -1,13 +1,13 @@
// See the file "COPYING" in the main distribution directory for copyright. // See the file "COPYING" in the main distribution directory for copyright.
#include "Topk.h" #include "probabilistic/Topk.h"
#include "CompHash.h" #include "CompHash.h"
#include "Reporter.h" #include "Reporter.h"
#include "Serializer.h" #include "Serializer.h"
#include "NetVar.h" #include "NetVar.h"
namespace Topk { namespace probabilistic {
IMPLEMENT_SERIAL(TopkVal, SER_TOPK_VAL); IMPLEMENT_SERIAL(TopkVal, SER_TOPK_VAL);

2
src/Topk.h → src/probabilistic/Topk.h
View file

@ -10,7 +10,7 @@
// This class implements the top-k algorithm. Or - to be more precise - my interpretation of it. // This class implements the top-k algorithm. Or - to be more precise - my interpretation of it.
namespace Topk { namespace probabilistic {
struct Element; struct Element;

122
src/probabilistic/top-k.bif Normal file
View file

@ -0,0 +1,122 @@
# ===========================================================================
#
# Top-K Functions
#
# ===========================================================================
%%{
#include "probabilistic/Topk.h"
%%}
## Creates a top-k data structure which tracks size elements.
##
## Returns: Opaque pointer to the data structure.
function topk_init%(size: count%): opaque of topk
%{
probabilistic::TopkVal* v = new probabilistic::TopkVal(size);
return v;
%}
## Add a new observed object to the data structure. The first
## added object sets the type of data tracked by the top-k data
## structure. All following values have to be of the same type
function topk_add%(handle: opaque of topk, value: any%): any
%{
assert(handle);
probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle;
h->Encountered(value);
return 0;
%}
## Get the first k elements of the top-k data structure
##
## Returns: vector of the first k elements
function topk_get_top%(handle: opaque of topk, k: count%): any
%{
assert(handle);
probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle;
return h->getTopK(k);
%}
## Get an overestimated count of how often value has been encountered.
## value has to be part of the currently tracked elements, otherwise
## 0 will be returned and an error message will be added to reporter.
##
## Returns: Overestimated number for how often the element has been encountered
function topk_count%(handle: opaque of topk, value: any%): count
%{
assert(handle);
probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle;
return new Val(h->getCount(value), TYPE_COUNT);
%}
## Get a the maximal overestimation for count. Same restrictiosn as for topk_count
## apply.
##
## Returns: Number which represents the maximal overesimation for the count of this element.
function topk_epsilon%(handle: opaque of topk, value: any%): count
%{
assert(handle);
probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle;
return new Val(h->getEpsilon(value), TYPE_COUNT);
%}
## Get the number of elements this data structure is supposed to track (given on init).
## Note that the actual number of elements in the data structure can be lower or higher
## than this. (higher due to non-pruned merges)
##
## Returns: size given during initialization
function topk_size%(handle: opaque of topk%): count
%{
assert(handle);
probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle;
return new Val(h->getSize(), TYPE_COUNT);
%}
## Get the sum of all counts of all elements in the data structure. Is equal to the number
## of all inserted objects if the data structure never has been pruned. Do not use after
## calling topk_merge_prune (will throw a warning message if used afterwards)
##
## Returns: sum of all counts
function topk_sum%(handle: opaque of topk%): count
%{
assert(handle);
probabilistic::TopkVal* h = (probabilistic::TopkVal*) handle;
return new Val(h->getSum(), TYPE_COUNT);
%}
## Merge the second topk data structure into the first. Does not remove any elements, the
## resulting data structure can be bigger than the maximum size given on initialization.
function topk_merge%(handle1: opaque of topk, handle2: opaque of topk%): any
%{
assert(handle1);
assert(handle2);
probabilistic::TopkVal* h1 = (probabilistic::TopkVal*) handle1;
probabilistic::TopkVal* h2 = (probabilistic::TopkVal*) handle2;
h1->Merge(h2);
return 0;
%}
## Merge the second topk data structure into the first and prunes the final data structure
## back to the size given on initialization. Use with care and only when being aware of the
## restrictions this imposed. Do not call topk_size or topk_add afterwards, results will
## probably not be what you expect.
function topk_merge_prune%(handle1: opaque of topk, handle2: opaque of topk%): any
%{
assert(handle1);
assert(handle2);
probabilistic::TopkVal* h1 = (probabilistic::TopkVal*) handle1;
probabilistic::TopkVal* h2 = (probabilistic::TopkVal*) handle2;
h1->Merge(h2, true);
return 0;
%}

0
testing/btest/Baseline/bifs.topk_persistence/out → testing/btest/Baseline/istate.topk/out
View file

0
testing/btest/bifs/topk_persistence.bro → testing/btest/istate/topk.bro
View file