Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Refactor how file analysis actions are tracked.

Browse source 
The Info record now uses a "table[ActionArgs] of ActionResults", which
allows for simultaneous actions of a given type as long as other args
(fields in the ActionArgs record) are different.
This commit is contained in:
Jon Siwek 2013-02-25 16:35:42 -06:00
parent 4b30cc2e24
commit 691622b3aa
13 changed files with 233 additions and 158 deletions
Download patch file Download diff file Expand all files Collapse all files

10
scripts/base/frameworks/file-analysis/main.bro
View file

@ -37,6 +37,7 @@ export {
type Info: record {};
type ActionArgs: record {
act: Action;
extract_filename: string &optional;
chunk_event: event(info: Info, data: string, off: count) &optional;
stream_event: event(info: Info, data: string) &optional;
@ -88,13 +89,8 @@ export {
timeout_interval: interval &log &default=default_timeout_interval;
## Actions that have been added to the analysis of this file.
actions: vector of Action &default=vector();
## The corresponding arguments supplied to each element of *actions*.
action_args: vector of ActionArgs &default=vector();
## Some actions may directly yield results in this record.
action_results: ActionResults;
## Not meant to be modified directly by scripts.
actions: table[ActionArgs] of ActionResults;
} &redef;
## TODO: document