Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

FileAnalysis: checkpoint in middle of big reorganization.

Browse source 
- FileAnalysis::Info is now just a record used for logging, the fa_file
  record type is defined in init-bare.bro as the analogue to a
  connection record.

- Starting to transfer policy hook triggers and analyzer results to
  events.
This commit is contained in:
Jon Siwek 2013-04-09 15:49:58 -05:00
parent e73a261262
commit 641154f8e8
68 changed files with 855 additions and 871 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/file_analysis/Action.h
View file

@ -8,10 +8,10 @@ namespace file_analysis {
typedef BifEnum::FileAnalysis::Action ActionTag;
class Info;
class File;
/**
* Base class for actions that can be attached to a file_analysis::Info object.
* Base class for actions that can be attached to a file_analysis::File object.
*/
class Action {
public:
@ -67,9 +67,9 @@ public:
RecordVal* Args() const { return args; }
/**
* @return the file_analysis::Info object to which the action is attached.
* @return the file_analysis::File object to which the action is attached.
*/
Info* GetInfo() const { return info; }
File* GetFile() const { return file; }
/**
* @return the action tag equivalent of the 'act' field from the ActionArgs
@ -84,17 +84,17 @@ public:
protected:
Action(RecordVal* arg_args, Info* arg_info)
Action(RecordVal* arg_args, File* arg_file)
: tag(Action::ArgsTag(arg_args)), args(arg_args->Ref()->AsRecordVal()),
info(arg_info)
file(arg_file)
{}
ActionTag tag;
RecordVal* args;
Info* info;
File* file;
};
typedef Action* (*ActionInstantiator)(RecordVal* args, Info* info);
typedef Action* (*ActionInstantiator)(RecordVal* args, File* file);
} // namespace file_analysis