Log extensions: series of small fixes and new tests.

The extensions now work with optional types, as well with complex types (like subrecords). Not returning a record in the ext_func no longer crashes bro. The default_ext_func was switched to return void in cases where no extension revord is defined (was bool). I also got rid of the offsets in the indices - with the rest of the implementation, that was not really necessary and made the code more complex.
2025-10-11 11:08:20 +00:00 · 2016-08-10 13:51:42 -07:00 · 2016-08-10 13:51:42 -07:00 · 6e769db23b
commit 6e769db23b
parent 79e49e1ab5
12 changed files with 517 additions and 322 deletions
--- a/scripts/base/frameworks/logging/main.bro
+++ b/scripts/base/frameworks/logging/main.bro
@ -117,9 +117,9 @@ export {
 	## data storage and analysis systems.
 	const default_field_name_map: table[string] of string = table() &redef;

-	## Default separator for log field scopes when logs are unrolled and 
+	## Default separator for log field scopes when logs are unrolled and
 	## flattened.  This will be the string between field name components.
-	## For example, setting this to "_" will cause the typical field 
+	## For example, setting this to "_" will cause the typical field
 	## "id.orig_h" to turn into "id_orig_h".
 	const default_scope_sep = "." &redef;

@ -128,13 +128,13 @@ export {
 	## log filter.
 	const Log::default_ext_prefix: string = "_" &redef;

-	## Default log extension function in the case that you would like to 
+	## Default log extension function in the case that you would like to
 	## apply the same extensions to all logs.  The function *must* return
-	## a record with all of the fields to be included in the log.  The 
-	## default function included here returns F as a marker to indicate
-	## that it has no implementation.
-	const Log::default_ext_func: function(path: string): any = 
-		function(path: string): bool { return F; } &redef;
+	## a record with all of the fields to be included in the log. The
+	## default function included here does not return a value to indicate
+	## that no extensions are added.
+	const Log::default_ext_func: function(path: string): any =
+		function(path: string) { } &redef;

 	## A filter type describes how to customize logging streams.
 	type Filter: record {
@ -210,7 +210,7 @@ export {
 		## If true, entries are passed on to remote peers.
 		log_remote: bool &default=enable_remote_logging;

-		## Field name map to rename fields before the fields are written 
+		## Field name map to rename fields before the fields are written
 		## to the output.
 		field_name_map: table[string] of string &default=default_field_name_map;

@ -221,12 +221,12 @@ export {
 		## Default prefix for all extension fields. It's typically
 		## prudent to set this to something that Bro's logging
 		## framework can't normally write out in a field name.
-		ext_prefix: string &default=Log::default_ext_prefix;
+		ext_prefix: string &default=default_ext_prefix;

-		## Function to collect a log extension value.  If not specified, 
+		## Function to collect a log extension value.  If not specified,
 		## no log extension will be provided for the log.
 		## The return value from the function *must* be a record.
-		ext_func: function(path: string): any &default=Log::default_ext_func;
+		ext_func: function(path: string): any &default=default_ext_func;

 		## Rotation interval. Zero disables rotation.
 		interv: interval &default=default_rotation_interval;