Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

FileAnalysis: checkpoint in middle of big reorganization.

Browse source 
- FileAnalysis::Info is now just a record used for logging, the fa_file
  record type is defined in init-bare.bro as the analogue to a
  connection record.

- Starting to transfer policy hook triggers and analyzer results to
  events.
This commit is contained in:
Jon Siwek 2013-04-09 15:49:58 -05:00
parent e73a261262
commit 641154f8e8
68 changed files with 855 additions and 871 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/file_analysis/Extract.cc
View file

@ -5,8 +5,8 @@
using namespace file_analysis;
Extract::Extract(RecordVal* args, Info* info, const string& arg_filename)
: Action(args, info), filename(arg_filename)
Extract::Extract(RecordVal* args, File* file, const string& arg_filename)
: Action(args, file), filename(arg_filename)
{
fd = open(filename.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0666);
@ -25,7 +25,7 @@ Extract::~Extract()
safe_close(fd);
}
Action* Extract::Instantiate(RecordVal* args, Info* info)
Action* Extract::Instantiate(RecordVal* args, File* file)
{
using BifType::Record::FileAnalysis::ActionArgs;
const char* field = "extract_filename";
@ -33,7 +33,7 @@ Action* Extract::Instantiate(RecordVal* args, Info* info)
if ( ! v ) return 0;
return new Extract(args, info, v->AsString()->CheckString());
return new Extract(args, file, v->AsString()->CheckString());
}
bool Extract::DeliverChunk(const u_char* data, uint64 len, uint64 offset)