Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Refactor how file analysis actions are tracked.

Browse source 
The Info record now uses a "table[ActionArgs] of ActionResults", which
allows for simultaneous actions of a given type as long as other args
(fields in the ActionArgs record) are different.
This commit is contained in:
Jon Siwek 2013-02-25 16:35:42 -06:00
parent 4b30cc2e24
commit 691622b3aa
13 changed files with 233 additions and 158 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/file_analysis/Extract.cc
View file

@ -5,9 +5,8 @@
using namespace file_analysis;
Extract::Extract(Info* arg_info, const string& arg_filename)
: Action(arg_info, BifEnum::FileAnalysis::ACTION_EXTRACT),
filename(arg_filename)
Extract::Extract(RecordVal* args, Info* info, const string& arg_filename)
: Action(args, info), filename(arg_filename)
{
fd = open(filename.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0666);
@ -26,15 +25,15 @@ Extract::~Extract()
safe_close(fd);
}
Action* Extract::Instantiate(const RecordVal* args, Info* info)
Action* Extract::Instantiate(RecordVal* args, Info* info)
{
using BifType::Record::FileAnalysis::ActionArgs;
const char* field = "extract_filename";
int off = BifType::Record::FileAnalysis::ActionArgs->FieldOffset(field);
Val* v = args->Lookup(off);
Val* v = args->Lookup(ActionArgs->FieldOffset(field));
if ( ! v ) return 0;
return new Extract(info, v->AsString()->CheckString());
return new Extract(args, info, v->AsString()->CheckString());
}
bool Extract::DeliverChunk(const u_char* data, uint64 len, uint64 offset)