mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
protocol: Add StreamEvent analyzer
This analyzer can be used to transport raw stream data for a given connection to the script layer. For example, adding this analyzer into the HTTP::upgrade_analyzer or using it to configure a child WebSocket analyzer allows to get access to the raw stream data in script land when no more appropriate protocol analyzer is available.
This commit is contained in:
Arne Welzel
parent
2f27db6542
commit
51836d08ae
16 changed files with 201 additions and 6 deletions
14
NEWS
14
NEWS
|
|
@ -86,6 +86,20 @@ New Functionality
|
|||
|
||||
redef LogSQLite::journal_mode=LogSQLite::SQLITE_JOURNAL_MODE_WAL;
|
||||
|
||||
* A pseudo protocol analyzer StreamEvent has been added. Attaching this analyzer
|
||||
to TCP connections allows processing the connection's stream data in the
|
||||
scripting layer. One example use-case is interactive terminal sessions over
|
||||
HTTP connections upgraded to TCP.
|
||||
|
||||
redef HTTP::upgrade_analyzers += {
|
||||
["tcp"] = Analyzer::ANALYZER_STREAM_EVENT,
|
||||
};
|
||||
|
||||
event stream_deliver(c: connection, is_orig: bool, data: string);
|
||||
|
||||
This comes with performance caveats: For use-cases with high-data rates
|
||||
a native protocol analyzer with dedicated events will be far more efficient.
|
||||
|
||||
Changed Functionality
|
||||
---------------------
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue