Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

FileAnalysis: checkpoint in middle of big reorganization.

Browse source 
- FileAnalysis::Info is now just a record used for logging, the fa_file
  record type is defined in init-bare.bro as the analogue to a
  connection record.

- Starting to transfer policy hook triggers and analyzer results to
  events.
This commit is contained in:
Jon Siwek 2013-04-09 15:49:58 -05:00
parent e73a261262
commit 641154f8e8
68 changed files with 855 additions and 871 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/file_analysis/DataEvent.cc
View file

@ -7,13 +7,13 @@
using namespace file_analysis;
DataEvent::DataEvent(RecordVal* args, Info* info,
DataEvent::DataEvent(RecordVal* args, File* file,
EventHandlerPtr ce, EventHandlerPtr se)
: Action(args, info), chunk_event(ce), stream_event(se)
: Action(args, file), chunk_event(ce), stream_event(se)
{
}
Action* DataEvent::Instantiate(RecordVal* args, Info* info)
Action* DataEvent::Instantiate(RecordVal* args, File* file)
{
using BifType::Record::FileAnalysis::ActionArgs;
@ -36,7 +36,7 @@ Action* DataEvent::Instantiate(RecordVal* args, Info* info)
if ( stream_val )
stream = event_registry->Lookup(stream_val->AsFunc()->Name());
return new DataEvent(args, info, chunk, stream);
return new DataEvent(args, file, chunk, stream);
}
bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset)
@ -44,10 +44,10 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset)
if ( ! chunk_event ) return true;
val_list* args = new val_list;
args->append(info->GetVal()->Ref());
args->append(file->GetVal()->Ref());
args->append(new StringVal(new BroString(data, len, 0)));
args->append(new Val(offset, TYPE_COUNT));
mgr.QueueEvent(chunk_event, args);
mgr.Dispatch(new Event(chunk_event, args));
return true;
}
@ -57,9 +57,9 @@ bool DataEvent::DeliverStream(const u_char* data, uint64 len)
if ( ! stream_event ) return true;
val_list* args = new val_list;
args->append(info->GetVal()->Ref());
args->append(file->GetVal()->Ref());
args->append(new StringVal(new BroString(data, len, 0)));
mgr.QueueEvent(stream_event, args);
mgr.Dispatch(new Event(stream_event, args));
return true;
}