Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Refactor how file analysis actions are tracked.

Browse source 
The Info record now uses a "table[ActionArgs] of ActionResults", which
allows for simultaneous actions of a given type as long as other args
(fields in the ActionArgs record) are different.
This commit is contained in:
Jon Siwek 2013-02-25 16:35:42 -06:00
parent 4b30cc2e24
commit 691622b3aa
13 changed files with 233 additions and 158 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/file_analysis/DataEvent.cc
View file

@ -7,13 +7,13 @@
using namespace file_analysis;
DataEvent::DataEvent(Info* arg_info, EventHandlerPtr ce, EventHandlerPtr se)
: Action(arg_info, BifEnum::FileAnalysis::ACTION_DATA_EVENT),
chunk_event(ce), stream_event(se)
DataEvent::DataEvent(RecordVal* args, Info* info,
EventHandlerPtr ce, EventHandlerPtr se)
: Action(args, info), chunk_event(ce), stream_event(se)
{
}
Action* DataEvent::Instantiate(const RecordVal* args, Info* info)
Action* DataEvent::Instantiate(RecordVal* args, Info* info)
{
using BifType::Record::FileAnalysis::ActionArgs;
@ -36,7 +36,7 @@ Action* DataEvent::Instantiate(const RecordVal* args, Info* info)
if ( stream_val )
stream = event_registry->Lookup(stream_val->AsFunc()->GetID()->Name());
return new DataEvent(info, chunk, stream);
return new DataEvent(args, info, chunk, stream);
}
bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset)