Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 23:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Refactor how file analysis actions are tracked.

Browse source 
The Info record now uses a "table[ActionArgs] of ActionResults", which
allows for simultaneous actions of a given type as long as other args
(fields in the ActionArgs record) are different.
This commit is contained in:
Jon Siwek 2013-02-25 16:35:42 -06:00
parent 4b30cc2e24
commit 691622b3aa
13 changed files with 233 additions and 158 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/file_analysis/Hash.cc
View file

@ -5,9 +5,12 @@
using namespace file_analysis;
Hash::Hash(Info* arg_info, ActionTag tag, HashVal* hv)
: Action(arg_info, tag), hash(hv)
Hash::Hash(RecordVal* args, Info* info, HashVal* hv, const char* field)
: Action(args, info), hash(hv)
{
using BifType::Record::FileAnalysis::ActionResults;
if ( (result_field_idx = ActionResults->FieldOffset(field)) < 0 )
reporter->InternalError("Missing ActionResults field: %s", field);
hash->Init();
}
@ -15,7 +18,7 @@ Hash::~Hash()
{
// maybe it's all there...
Finalize();
delete hash;
Unref(hash);
}
bool Hash::DeliverStream(const u_char* data, uint64 len)
@ -45,10 +48,5 @@ void Hash::Finalize()
if ( ! hash->IsValid() ) return;
StringVal* sv = hash->Get();
int i = GetResultFieldOffset();
if ( i < 0 )
reporter->InternalError("Hash Action result field not found");
info->GetResults()->Assign(i, sv);
info->GetResults(args)->Assign(result_field_idx, sv);
}