Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Plugins: Clean up explicit uses of namespaces in places where they're not necessary.

Browse source 
This commit covers all of the plugin classes.
This commit is contained in:
Tim Wojtulewicz 2020-08-21 09:45:16 -07:00
parent fe0c22c789
commit 70c2397f69
169 changed files with 3139 additions and 3141 deletions
Download patch file Download diff file Expand all files Collapse all files

58
src/input/readers/ascii/Ascii.cc
View file

@ -18,16 +18,16 @@ using zeek::threading::Field;
namespace zeek::input::reader::detail {
FieldMapping::FieldMapping(const string& arg_name, const zeek::TypeTag& arg_type, int arg_position)
: name(arg_name), type(arg_type), subtype(zeek::TYPE_ERROR)
FieldMapping::FieldMapping(const string& arg_name, const TypeTag& arg_type, int arg_position)
: name(arg_name), type(arg_type), subtype(TYPE_ERROR)
{
position = arg_position;
secondary_position = -1;
present = true;
}
FieldMapping::FieldMapping(const string& arg_name, const zeek::TypeTag& arg_type,
const zeek::TypeTag& arg_subtype, int arg_position)
FieldMapping::FieldMapping(const string& arg_name, const TypeTag& arg_type,
const TypeTag& arg_subtype, int arg_position)
: name(arg_name), type(arg_type), subtype(arg_subtype)
{
position = arg_position;
@ -47,7 +47,7 @@ FieldMapping FieldMapping::subType()
return FieldMapping(name, subtype, position);
}
Ascii::Ascii(zeek::input::ReaderFrontend *frontend) : zeek::input::ReaderBackend(frontend)
Ascii::Ascii(ReaderFrontend *frontend) : ReaderBackend(frontend)
{
mtime = 0;
ino = 0;
@ -67,23 +67,23 @@ bool Ascii::DoInit(const ReaderInfo& info, int num_fields, const Field* const* f
{
StopWarningSuppression();
separator.assign( (const char*) zeek::BifConst::InputAscii::separator->Bytes(),
zeek::BifConst::InputAscii::separator->Len());
separator.assign( (const char*) BifConst::InputAscii::separator->Bytes(),
BifConst::InputAscii::separator->Len());
set_separator.assign( (const char*) zeek::BifConst::InputAscii::set_separator->Bytes(),
zeek::BifConst::InputAscii::set_separator->Len());
set_separator.assign( (const char*) BifConst::InputAscii::set_separator->Bytes(),
BifConst::InputAscii::set_separator->Len());
empty_field.assign( (const char*) zeek::BifConst::InputAscii::empty_field->Bytes(),
zeek::BifConst::InputAscii::empty_field->Len());
empty_field.assign( (const char*) BifConst::InputAscii::empty_field->Bytes(),
BifConst::InputAscii::empty_field->Len());
unset_field.assign( (const char*) zeek::BifConst::InputAscii::unset_field->Bytes(),
zeek::BifConst::InputAscii::unset_field->Len());
unset_field.assign( (const char*) BifConst::InputAscii::unset_field->Bytes(),
BifConst::InputAscii::unset_field->Len());
fail_on_invalid_lines = zeek::BifConst::InputAscii::fail_on_invalid_lines;
fail_on_file_problem = zeek::BifConst::InputAscii::fail_on_file_problem;
fail_on_invalid_lines = BifConst::InputAscii::fail_on_invalid_lines;
fail_on_file_problem = BifConst::InputAscii::fail_on_file_problem;
path_prefix.assign((const char*) zeek::BifConst::InputAscii::path_prefix->Bytes(),
zeek::BifConst::InputAscii::path_prefix->Len());
path_prefix.assign((const char*) BifConst::InputAscii::path_prefix->Bytes(),
BifConst::InputAscii::path_prefix->Len());
// Set per-filter configuration options.
for ( ReaderInfo::config_map::const_iterator i = info.config.begin(); i != info.config.end(); i++ )
@ -113,8 +113,8 @@ bool Ascii::DoInit(const ReaderInfo& info, int num_fields, const Field* const* f
if ( set_separator.size() != 1 )
Error("set_separator length has to be 1. Separator will be truncated.");
zeek::threading::formatter::Ascii::SeparatorInfo sep_info(separator, set_separator, unset_field, empty_field);
formatter = unique_ptr<zeek::threading::Formatter>(new zeek::threading::formatter::Ascii(this, sep_info));
threading::formatter::Ascii::SeparatorInfo sep_info(separator, set_separator, unset_field, empty_field);
formatter = unique_ptr<threading::Formatter>(new threading::formatter::Ascii(this, sep_info));
return DoUpdate();
}
@ -274,7 +274,7 @@ bool Ascii::DoUpdate()
return ! fail_on_file_problem;
switch ( Info().mode ) {
case zeek::input::MODE_REREAD:
case MODE_REREAD:
{
// check if the file has changed
struct stat sb;
@ -301,14 +301,14 @@ bool Ascii::DoUpdate()
// File changed. Fall through to re-read.
}
case zeek::input::MODE_MANUAL:
case zeek::input::MODE_STREAM:
case MODE_MANUAL:
case MODE_STREAM:
{
// dirty, fix me. (well, apparently after trying seeking, etc
// - this is not that bad)
if ( file.is_open() )
{
if ( Info().mode == zeek::input::MODE_STREAM )
if ( Info().mode == MODE_STREAM )
{
file.clear(); // remove end of file evil bits
if ( ! ReadHeader(true) )
@ -407,7 +407,7 @@ bool Ascii::DoUpdate()
if ( (*fit).secondary_position != -1 )
{
// we have a port definition :)
assert(val->type == zeek::TYPE_PORT );
assert(val->type == TYPE_PORT );
// Error(Fmt("Got type %d != PORT with secondary position!", val->type));
val->val.port_val.proto = formatter->ParseProto(stringfields[(*fit).secondary_position]);
@ -434,13 +434,13 @@ bool Ascii::DoUpdate()
//printf("fpos: %d, second.num_fields: %d\n", fpos, (*it).second.num_fields);
assert ( fpos == NumFields() );
if ( Info().mode == zeek::input::MODE_STREAM )
if ( Info().mode == MODE_STREAM )
Put(fields);
else
SendEntry(fields);
}
if ( Info().mode != zeek::input::MODE_STREAM )
if ( Info().mode != MODE_STREAM )
EndCurrentSend();
return true;
@ -453,12 +453,12 @@ bool Ascii::DoHeartbeat(double network_time, double current_time)
switch ( Info().mode )
{
case zeek::input::MODE_MANUAL:
case MODE_MANUAL:
// yay, we do nothing :)
break;
case zeek::input::MODE_REREAD:
case zeek::input::MODE_STREAM:
case MODE_REREAD:
case MODE_STREAM:
Update(); // Call Update, not DoUpdate, because Update
// checks the "disabled" flag.
break;

16
src/input/readers/ascii/Ascii.h
View file

@ -16,14 +16,14 @@ namespace zeek::input::reader::detail {
// Description for input field mapping.
struct FieldMapping {
std::string name;
zeek::TypeTag type;
zeek::TypeTag subtype; // internal type for sets and vectors
TypeTag type;
TypeTag subtype; // internal type for sets and vectors
int position;
int secondary_position; // for ports: pos of the second field
bool present;
FieldMapping(const std::string& arg_name, const zeek::TypeTag& arg_type, int arg_position);
FieldMapping(const std::string& arg_name, const zeek::TypeTag& arg_type, const zeek::TypeTag& arg_subtype, int arg_position);
FieldMapping(const std::string& arg_name, const TypeTag& arg_type, int arg_position);
FieldMapping(const std::string& arg_name, const TypeTag& arg_type, const TypeTag& arg_subtype, int arg_position);
FieldMapping(const FieldMapping& arg);
FieldMapping() { position = -1; secondary_position = -1; }
@ -34,9 +34,9 @@ struct FieldMapping {
/**
* Reader for structured ASCII files.
*/
class Ascii : public zeek::input::ReaderBackend {
class Ascii : public ReaderBackend {
public:
explicit Ascii(zeek::input::ReaderFrontend* frontend);
explicit Ascii(ReaderFrontend* frontend);
~Ascii() override;
// prohibit copying and moving
@ -45,7 +45,7 @@ public:
Ascii& operator=(const Ascii&) = delete;
Ascii& operator=(Ascii&&) = delete;
static zeek::input::ReaderBackend* Instantiate(zeek::input::ReaderFrontend* frontend) { return new Ascii(frontend); }
static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new Ascii(frontend); }
protected:
bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields) override;
@ -82,7 +82,7 @@ private:
bool fail_on_file_problem;
std::string path_prefix;
std::unique_ptr<zeek::threading::Formatter> formatter;
std::unique_ptr<threading::Formatter> formatter;
};
} // namespace zeek::input::reader::detail

78
src/input/readers/benchmark/Benchmark.cc
View file

@ -16,20 +16,20 @@ using threading::Field;
namespace zeek::input::reader::detail {
Benchmark::Benchmark(zeek::input::ReaderFrontend *frontend) : zeek::input::ReaderBackend(frontend)
Benchmark::Benchmark(ReaderFrontend *frontend) : ReaderBackend(frontend)
{
num_lines = 0;
multiplication_factor = double(zeek::BifConst::InputBenchmark::factor);
autospread = double(zeek::BifConst::InputBenchmark::autospread);
spread = int(zeek::BifConst::InputBenchmark::spread);
add = int(zeek::BifConst::InputBenchmark::addfactor);
multiplication_factor = double(BifConst::InputBenchmark::factor);
autospread = double(BifConst::InputBenchmark::autospread);
spread = int(BifConst::InputBenchmark::spread);
add = int(BifConst::InputBenchmark::addfactor);
autospread_time = 0;
stopspreadat = int(zeek::BifConst::InputBenchmark::stopspreadat);
timedspread = double(zeek::BifConst::InputBenchmark::timedspread);
stopspreadat = int(BifConst::InputBenchmark::stopspreadat);
timedspread = double(BifConst::InputBenchmark::timedspread);
heartbeatstarttime = 0;
heartbeat_interval = double(zeek::BifConst::Threading::heartbeat_interval);
heartbeat_interval = double(BifConst::Threading::heartbeat_interval);
ascii = new zeek::threading::formatter::Ascii(this, zeek::threading::formatter::Ascii::SeparatorInfo());
ascii = new threading::formatter::Ascii(this, threading::formatter::Ascii::SeparatorInfo());
}
Benchmark::~Benchmark()
@ -43,7 +43,7 @@ void Benchmark::DoClose()
{
}
bool Benchmark::DoInit(const ReaderInfo& info, int num_fields, const zeek::threading::Field* const* fields)
bool Benchmark::DoInit(const ReaderInfo& info, int num_fields, const threading::Field* const* fields)
{
num_lines = atoi(info.source);
@ -88,11 +88,11 @@ bool Benchmark::DoUpdate()
int linestosend = num_lines * heartbeat_interval;
for ( int i = 0; i < linestosend; i++ )
{
zeek::threading::Value** field = new zeek::threading::Value*[NumFields()];
threading::Value** field = new threading::Value*[NumFields()];
for (int j = 0; j < NumFields(); j++ )
field[j] = EntryToVal(Fields()[j]->type, Fields()[j]->subtype);
if ( Info().mode == zeek::input::MODE_STREAM )
if ( Info().mode == MODE_STREAM )
// do not do tracking, spread out elements over the second that we have...
Put(field);
else
@ -118,69 +118,69 @@ bool Benchmark::DoUpdate()
}
if ( Info().mode != zeek::input::MODE_STREAM )
if ( Info().mode != MODE_STREAM )
EndCurrentSend();
return true;
}
zeek::threading::Value* Benchmark::EntryToVal(zeek::TypeTag type, zeek::TypeTag subtype)
threading::Value* Benchmark::EntryToVal(TypeTag type, TypeTag subtype)
{
auto* val = new zeek::threading::Value(type, subtype, true);
auto* val = new threading::Value(type, subtype, true);
// basically construct something random from the fields that we want.
switch ( type ) {
case zeek::TYPE_ENUM:
case TYPE_ENUM:
assert(false); // no enums, please.
case zeek::TYPE_STRING:
case TYPE_STRING:
{
std::string rnd = RandomString(10);
val->val.string_val.data = zeek::util::copy_string(rnd.c_str());
val->val.string_val.data = util::copy_string(rnd.c_str());
val->val.string_val.length = rnd.size();
break;
}
case zeek::TYPE_BOOL:
case TYPE_BOOL:
val->val.int_val = 1; // we never lie.
break;
case zeek::TYPE_INT:
case TYPE_INT:
val->val.int_val = random();
break;
case zeek::TYPE_TIME:
case TYPE_TIME:
val->val.double_val = CurrTime();
break;
case zeek::TYPE_DOUBLE:
case zeek::TYPE_INTERVAL:
case TYPE_DOUBLE:
case TYPE_INTERVAL:
val->val.double_val = random();
break;
case zeek::TYPE_COUNT:
case TYPE_COUNT:
val->val.uint_val = random();
break;
case zeek::TYPE_PORT:
case TYPE_PORT:
val->val.port_val.port = random() / (RAND_MAX / 60000);
val->val.port_val.proto = TRANSPORT_UNKNOWN;
break;
case zeek::TYPE_SUBNET:
case TYPE_SUBNET:
{
val->val.subnet_val.prefix = ascii->ParseAddr("192.168.17.1");
val->val.subnet_val.length = 16;
}
break;
case zeek::TYPE_ADDR:
case TYPE_ADDR:
val->val.addr_val = ascii->ParseAddr("192.168.17.1");
break;
case zeek::TYPE_TABLE:
case zeek::TYPE_VECTOR:
case TYPE_TABLE:
case TYPE_VECTOR:
// First - common initialization
// Then - initialization for table.
// Then - initialization for vector.
@ -189,14 +189,14 @@ zeek::threading::Value* Benchmark::EntryToVal(zeek::TypeTag type, zeek::TypeTag
// how many entries do we have...
unsigned int length = random() / (RAND_MAX / 15);
zeek::threading::Value** lvals = new zeek::threading::Value* [length];
threading::Value** lvals = new threading::Value* [length];
if ( type == zeek::TYPE_TABLE )
if ( type == TYPE_TABLE )
{
val->val.set_val.vals = lvals;
val->val.set_val.size = length;
}
else if ( type == zeek::TYPE_VECTOR )
else if ( type == TYPE_VECTOR )
{
val->val.vector_val.vals = lvals;
val->val.vector_val.size = length;
@ -209,7 +209,7 @@ zeek::threading::Value* Benchmark::EntryToVal(zeek::TypeTag type, zeek::TypeTag
for ( unsigned int pos = 0; pos < length; pos++ )
{
zeek::threading::Value* newval = EntryToVal(subtype, zeek::TYPE_ENUM);
threading::Value* newval = EntryToVal(subtype, TYPE_ENUM);
if ( newval == nullptr )
{
Error("Error while reading set");
@ -241,19 +241,19 @@ bool Benchmark::DoHeartbeat(double network_time, double current_time)
heartbeatstarttime = CurrTime();
switch ( Info().mode ) {
case zeek::input::MODE_MANUAL:
case MODE_MANUAL:
// yay, we do nothing :)
break;
case zeek::input::MODE_REREAD:
case zeek::input::MODE_STREAM:
case MODE_REREAD:
case MODE_STREAM:
if ( multiplication_factor != 1 || add != 0 )
{
// we have to document at what time we changed the factor to what value.
zeek::threading::Value** v = new zeek::threading::Value*[2];
v[0] = new zeek::threading::Value(zeek::TYPE_COUNT, true);
threading::Value** v = new threading::Value*[2];
v[0] = new threading::Value(TYPE_COUNT, true);
v[0]->val.uint_val = num_lines;
v[1] = new zeek::threading::Value(zeek::TYPE_TIME, true);
v[1] = new threading::Value(TYPE_TIME, true);
v[1]->val.double_val = CurrTime();
SendEvent("lines_changed", 2, v);

10
src/input/readers/benchmark/Benchmark.h
View file

@ -10,12 +10,12 @@ namespace zeek::input::reader::detail {
/**
* A benchmark reader to measure performance of the input framework.
*/
class Benchmark : public zeek::input::ReaderBackend {
class Benchmark : public ReaderBackend {
public:
explicit Benchmark(zeek::input::ReaderFrontend* frontend);
explicit Benchmark(ReaderFrontend* frontend);
~Benchmark() override;
static zeek::input::ReaderBackend* Instantiate(zeek::input::ReaderFrontend* frontend) { return new Benchmark(frontend); }
static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new Benchmark(frontend); }
protected:
bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields) override;
@ -26,7 +26,7 @@ protected:
private:
double CurrTime();
std::string RandomString(const int len);
threading::Value* EntryToVal(zeek::TypeTag Type, zeek::TypeTag subtype);
threading::Value* EntryToVal(TypeTag Type, TypeTag subtype);
int num_lines;
double multiplication_factor;
@ -39,7 +39,7 @@ private:
double timedspread;
double heartbeat_interval;
zeek::threading::formatter::Ascii* ascii;
threading::formatter::Ascii* ascii;
};
} // namespace zeek::input::reader

46
src/input/readers/binary/Binary.cc
View file

@ -15,12 +15,12 @@ namespace zeek::input::reader::detail {
streamsize Binary::chunk_size = 0;
Binary::Binary(zeek::input::ReaderFrontend *frontend)
: zeek::input::ReaderBackend(frontend), in(nullptr), mtime(0), ino(0), firstrun(true)
Binary::Binary(ReaderFrontend *frontend)
: ReaderBackend(frontend), in(nullptr), mtime(0), ino(0), firstrun(true)
{
if ( ! chunk_size )
{
chunk_size = zeek::BifConst::InputBinary::chunk_size;
chunk_size = BifConst::InputBinary::chunk_size;
if ( ! chunk_size )
chunk_size = 1024;
@ -61,7 +61,7 @@ bool Binary::CloseInput()
}
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "Binary reader starting close");
Debug(DBG_INPUT, "Binary reader starting close");
#endif
in->close();
@ -69,7 +69,7 @@ bool Binary::CloseInput()
in = nullptr;
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "Binary reader finished close");
Debug(DBG_INPUT, "Binary reader finished close");
#endif
return true;
@ -83,8 +83,8 @@ bool Binary::DoInit(const ReaderInfo& info, int num_fields,
ino = 0;
firstrun = true;
path_prefix.assign((const char*) zeek::BifConst::InputBinary::path_prefix->Bytes(),
zeek::BifConst::InputBinary::path_prefix->Len());
path_prefix.assign((const char*) BifConst::InputBinary::path_prefix->Bytes(),
BifConst::InputBinary::path_prefix->Len());
if ( ! info.source || strlen(info.source) == 0 )
{
@ -100,7 +100,7 @@ bool Binary::DoInit(const ReaderInfo& info, int num_fields,
return false;
}
if ( fields[0]->type != zeek::TYPE_STRING )
if ( fields[0]->type != TYPE_STRING )
{
Error("Filter for binary reader contains a non-string field.");
return false;
@ -130,14 +130,14 @@ bool Binary::DoInit(const ReaderInfo& info, int num_fields,
return false;
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "Binary reader created, will perform first update");
Debug(DBG_INPUT, "Binary reader created, will perform first update");
#endif
// after initialization - do update
DoUpdate();
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "Binary reader did first update");
Debug(DBG_INPUT, "Binary reader did first update");
#endif
return true;
@ -198,7 +198,7 @@ bool Binary::DoUpdate()
else
{
switch ( Info().mode ) {
case zeek::input::MODE_REREAD:
case MODE_REREAD:
{
switch ( UpdateModificationTime() ) {
case -1:
@ -213,9 +213,9 @@ bool Binary::DoUpdate()
// fallthrough
}
case zeek::input::MODE_MANUAL:
case zeek::input::MODE_STREAM:
if ( Info().mode == zeek::input::MODE_STREAM && in )
case MODE_MANUAL:
case MODE_STREAM:
if ( Info().mode == MODE_STREAM && in )
{
in->clear(); // remove end of file evil bits
break;
@ -242,22 +242,22 @@ bool Binary::DoUpdate()
Value** fields = new Value*[1];
// filter has exactly one text field. convert to it.
Value* val = new Value(zeek::TYPE_STRING, true);
Value* val = new Value(TYPE_STRING, true);
val->val.string_val.data = chunk;
val->val.string_val.length = size;
fields[0] = val;
if ( Info().mode == zeek::input::MODE_STREAM )
if ( Info().mode == MODE_STREAM )
Put(fields);
else
SendEntry(fields);
}
if ( Info().mode != zeek::input::MODE_STREAM )
if ( Info().mode != MODE_STREAM )
EndCurrentSend();
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "DoUpdate finished successfully");
Debug(DBG_INPUT, "DoUpdate finished successfully");
#endif
return true;
@ -266,19 +266,19 @@ bool Binary::DoUpdate()
bool Binary::DoHeartbeat(double network_time, double current_time)
{
switch ( Info().mode ) {
case zeek::input::MODE_MANUAL:
case MODE_MANUAL:
// yay, we do nothing :)
break;
case zeek::input::MODE_REREAD:
case zeek::input::MODE_STREAM:
case MODE_REREAD:
case MODE_STREAM:
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "Starting Heartbeat update");
Debug(DBG_INPUT, "Starting Heartbeat update");
#endif
Update(); // call update and not DoUpdate, because update
// checks disabled.
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "Finished with heartbeat update");
Debug(DBG_INPUT, "Finished with heartbeat update");
#endif
break;
default:

6
src/input/readers/binary/Binary.h
View file

@ -12,12 +12,12 @@ namespace zeek::input::reader::detail {
/**
* Binary mode file reader.
*/
class Binary : public zeek::input::ReaderBackend {
class Binary : public ReaderBackend {
public:
explicit Binary(zeek::input::ReaderFrontend* frontend);
explicit Binary(ReaderFrontend* frontend);
~Binary() override;
static zeek::input::ReaderBackend* Instantiate(zeek::input::ReaderFrontend* frontend)
static ReaderBackend* Instantiate(ReaderFrontend* frontend)
{ return new Binary(frontend); }
protected:

74
src/input/readers/config/Config.cc
View file

@ -20,7 +20,7 @@ using zeek::threading::Field;
namespace zeek::input::reader::detail {
Config::Config(zeek::input::ReaderFrontend *frontend) : zeek::input::ReaderBackend(frontend)
Config::Config(ReaderFrontend *frontend) : ReaderBackend(frontend)
{
mtime = 0;
ino = 0;
@ -35,18 +35,18 @@ Config::Config(zeek::input::ReaderFrontend *frontend) : zeek::input::ReaderBacke
if ( ! id->IsOption() )
continue;
if ( id->GetType()->Tag() == zeek::TYPE_RECORD ||
! zeek::input::Manager::IsCompatibleType(id->GetType().get()) )
if ( id->GetType()->Tag() == TYPE_RECORD ||
! Manager::IsCompatibleType(id->GetType().get()) )
{
option_types[id->Name()] = std::make_tuple(zeek::TYPE_ERROR, id->GetType()->Tag());
option_types[id->Name()] = std::make_tuple(TYPE_ERROR, id->GetType()->Tag());
continue;
}
zeek::TypeTag primary = id->GetType()->Tag();
zeek::TypeTag secondary = zeek::TYPE_VOID;
if ( primary == zeek::TYPE_TABLE )
TypeTag primary = id->GetType()->Tag();
TypeTag secondary = TYPE_VOID;
if ( primary == TYPE_TABLE )
secondary = id->GetType()->AsSetType()->GetIndices()->GetPureType()->Tag();
else if ( primary == zeek::TYPE_VECTOR )
else if ( primary == TYPE_VECTOR )
secondary = id->GetType()->AsVectorType()->Yield()->Tag();
option_types[id->Name()] = std::make_tuple(primary, secondary);
@ -63,17 +63,17 @@ void Config::DoClose()
bool Config::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fields)
{
fail_on_file_problem = zeek::BifConst::InputConfig::fail_on_file_problem;
fail_on_file_problem = BifConst::InputConfig::fail_on_file_problem;
set_separator.assign( (const char*) zeek::BifConst::InputConfig::set_separator->Bytes(),
zeek::BifConst::InputConfig::set_separator->Len());
set_separator.assign( (const char*) BifConst::InputConfig::set_separator->Bytes(),
BifConst::InputConfig::set_separator->Len());
empty_field.assign( (const char*) zeek::BifConst::InputConfig::empty_field->Bytes(),
zeek::BifConst::InputConfig::empty_field->Len());
empty_field.assign( (const char*) BifConst::InputConfig::empty_field->Bytes(),
BifConst::InputConfig::empty_field->Len());
zeek::threading::formatter::Ascii::SeparatorInfo sep_info("\t", set_separator, "", empty_field);
formatter = std::unique_ptr<zeek::threading::Formatter>(
new zeek::threading::formatter::Ascii(this, sep_info));
threading::formatter::Ascii::SeparatorInfo sep_info("\t", set_separator, "", empty_field);
formatter = std::unique_ptr<threading::Formatter>(
new threading::formatter::Ascii(this, sep_info));
return DoUpdate();
}
@ -119,7 +119,7 @@ bool Config::DoUpdate()
return ! fail_on_file_problem;
switch ( Info().mode ) {
case zeek::input::MODE_REREAD:
case MODE_REREAD:
{
// check if the file has changed
struct stat sb;
@ -146,14 +146,14 @@ bool Config::DoUpdate()
// File changed. Fall through to re-read.
}
case zeek::input::MODE_MANUAL:
case zeek::input::MODE_STREAM:
case MODE_MANUAL:
case MODE_STREAM:
{
// dirty, fix me. (well, apparently after trying seeking, etc
// - this is not that bad)
if ( file.is_open() )
{
if ( Info().mode == zeek::input::MODE_STREAM )
if ( Info().mode == MODE_STREAM )
{
file.clear(); // remove end of file evil bits
break;
@ -210,10 +210,10 @@ bool Config::DoUpdate()
continue;
}
if ( std::get<0>((*typeit).second) == zeek::TYPE_ERROR )
if ( std::get<0>((*typeit).second) == TYPE_ERROR )
{
Warning(Fmt("Option '%s' has type '%s', which is not supported for file input. Ignoring line.",
key.c_str(), zeek::type_name(std::get<1>((*typeit).second))));
key.c_str(), type_name(std::get<1>((*typeit).second))));
continue;
}
@ -246,16 +246,16 @@ bool Config::DoUpdate()
{
Value** fields = new Value*[2];
Value* keyval = new threading::Value(zeek::TYPE_STRING, true);
Value* keyval = new threading::Value(TYPE_STRING, true);
keyval->val.string_val.length = key.size();
keyval->val.string_val.data = zeek::util::copy_string(key.c_str());
keyval->val.string_val.data = util::copy_string(key.c_str());
fields[0] = keyval;
Value* val = new threading::Value(zeek::TYPE_STRING, true);
Value* val = new threading::Value(TYPE_STRING, true);
val->val.string_val.length = value.size();
val->val.string_val.data = zeek::util::copy_string(value.c_str());
val->val.string_val.data = util::copy_string(value.c_str());
fields[1] = val;
if ( Info().mode == zeek::input::MODE_STREAM )
if ( Info().mode == MODE_STREAM )
Put(fields);
else
SendEntry(fields);
@ -263,14 +263,14 @@ bool Config::DoUpdate()
{
Value** vals = new Value*[4];
vals[0] = new Value(zeek::TYPE_STRING, true);
vals[0]->val.string_val.data = zeek::util::copy_string(Info().name);
vals[0] = new Value(TYPE_STRING, true);
vals[0]->val.string_val.data = util::copy_string(Info().name);
vals[0]->val.string_val.length = strlen(Info().name);
vals[1] = new Value(zeek::TYPE_STRING, true);
vals[1]->val.string_val.data = zeek::util::copy_string(Info().source);
vals[1] = new Value(TYPE_STRING, true);
vals[1]->val.string_val.data = util::copy_string(Info().source);
vals[1]->val.string_val.length = strlen(Info().source);
vals[2] = new Value(zeek::TYPE_STRING, true);
vals[2]->val.string_val.data = zeek::util::copy_string(key.c_str());
vals[2] = new Value(TYPE_STRING, true);
vals[2]->val.string_val.data = util::copy_string(key.c_str());
vals[2]->val.string_val.length = key.size();
vals[3] = eventval;
@ -280,7 +280,7 @@ bool Config::DoUpdate()
regfree(&re);
if ( Info().mode != zeek::input::MODE_STREAM )
if ( Info().mode != MODE_STREAM )
EndCurrentSend();
// clean up all options we did not see
@ -294,12 +294,12 @@ bool Config::DoHeartbeat(double network_time, double current_time)
{
switch ( Info().mode )
{
case zeek::input::MODE_MANUAL:
case MODE_MANUAL:
// yay, we do nothing :)
break;
case zeek::input::MODE_REREAD:
case zeek::input::MODE_STREAM:
case MODE_REREAD:
case MODE_STREAM:
Update(); // Call Update, not DoUpdate, because Update
// checks the "disabled" flag.
break;

10
src/input/readers/config/Config.h
View file

@ -17,9 +17,9 @@ namespace zeek::input::reader::detail {
/**
* Reader for Configuration files.
*/
class Config : public zeek::input::ReaderBackend {
class Config : public ReaderBackend {
public:
explicit Config(zeek::input::ReaderFrontend* frontend);
explicit Config(ReaderFrontend* frontend);
~Config() override;
// prohibit copying and moving
@ -28,7 +28,7 @@ public:
Config& operator=(const Config&) = delete;
Config& operator=(Config&&) = delete;
static zeek::input::ReaderBackend* Instantiate(zeek::input::ReaderFrontend* frontend) { return new Config(frontend); }
static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new Config(frontend); }
protected:
bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields) override;
@ -49,8 +49,8 @@ private:
std::string set_separator;
std::string empty_field;
std::unique_ptr<zeek::threading::Formatter> formatter;
std::unordered_map<std::string, std::tuple<zeek::TypeTag, zeek::TypeTag>> option_types;
std::unique_ptr<threading::Formatter> formatter;
std::unordered_map<std::string, std::tuple<TypeTag, TypeTag>> option_types;
std::unordered_map<std::string, std::string> option_values;
};

4
src/input/readers/raw/Plugin.h
View file

@ -10,11 +10,11 @@
namespace zeek::plugin::detail::Zeek_RawReader {
class Plugin : public zeek::plugin::Plugin {
class Plugin : public plugin::Plugin {
public:
Plugin();
zeek::plugin::Configuration Configure() override;
plugin::Configuration Configure() override;
void InitPreScript() override;
void Done() override;

90
src/input/readers/raw/Raw.cc
View file

@ -27,7 +27,7 @@ namespace zeek::input::reader::detail {
const int Raw::block_size = 4096; // how big do we expect our chunks of data to be.
Raw::Raw(zeek::input::ReaderFrontend *frontend) : zeek::input::ReaderBackend(frontend), file(nullptr, fclose), stderrfile(nullptr, fclose)
Raw::Raw(ReaderFrontend *frontend) : ReaderBackend(frontend), file(nullptr, fclose), stderrfile(nullptr, fclose)
{
execute = false;
firstrun = true;
@ -35,10 +35,10 @@ Raw::Raw(zeek::input::ReaderFrontend *frontend) : zeek::input::ReaderBackend(fro
ino = 0;
forcekill = false;
offset = 0;
separator.assign( (const char*) zeek::BifConst::InputRaw::record_separator->Bytes(),
zeek::BifConst::InputRaw::record_separator->Len());
separator.assign( (const char*) BifConst::InputRaw::record_separator->Bytes(),
BifConst::InputRaw::record_separator->Len());
sep_length = zeek::BifConst::InputRaw::record_separator->Len();
sep_length = BifConst::InputRaw::record_separator->Len();
bufpos = 0;
@ -82,7 +82,7 @@ void Raw::ClosePipeEnd(int i)
if ( pipes[i] == -1 )
return;
zeek::util::safe_close(pipes[i]);
util::safe_close(pipes[i]);
pipes[i] = -1;
}
@ -92,7 +92,7 @@ bool Raw::SetFDFlags(int fd, int cmd, int flags)
return true;
char buf[256];
zeek::util::zeek_strerror_r(errno, buf, sizeof(buf));
util::zeek_strerror_r(errno, buf, sizeof(buf));
Error(Fmt("failed to set fd flags: %s", buf));
return false;
}
@ -109,7 +109,7 @@ std::unique_lock<std::mutex> Raw::AcquireForkMutex()
catch ( const std::system_error& e )
{
zeek::reporter->FatalErrorWithCore("cannot lock fork mutex: %s", e.what());
reporter->FatalErrorWithCore("cannot lock fork mutex: %s", e.what());
}
return lock;
@ -199,7 +199,7 @@ bool Raw::Execute()
else
{
char buf[256];
zeek::util::zeek_strerror_r(errno, buf, sizeof(buf));
util::zeek_strerror_r(errno, buf, sizeof(buf));
Warning(Fmt("Could not set child process group: %s", buf));
}
}
@ -208,7 +208,7 @@ bool Raw::Execute()
ClosePipeEnd(stdout_out);
if ( Info().mode == zeek::input::MODE_STREAM )
if ( Info().mode == MODE_STREAM )
{
if ( ! SetFDFlags(pipes[stdout_in], F_SETFL, O_NONBLOCK) )
return false;
@ -295,7 +295,7 @@ bool Raw::OpenInput()
if ( fseek(file.get(), pos, whence) < 0 )
{
char buf[256];
zeek::util::zeek_strerror_r(errno, buf, sizeof(buf));
util::zeek_strerror_r(errno, buf, sizeof(buf));
Error(Fmt("Seek failed in init: %s", buf));
}
}
@ -312,7 +312,7 @@ bool Raw::CloseInput()
return false;
}
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "Raw reader starting close");
Debug(DBG_INPUT, "Raw reader starting close");
#endif
file.reset(nullptr);
@ -327,7 +327,7 @@ bool Raw::CloseInput()
}
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "Raw reader finished close");
Debug(DBG_INPUT, "Raw reader finished close");
#endif
return true;
@ -378,15 +378,15 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie
}
it = info.config.find("offset"); // we want to seek to a given offset inside the file
if ( it != info.config.end() && ! execute && (Info().mode == zeek::input::MODE_STREAM ||
Info().mode == zeek::input::MODE_MANUAL) )
if ( it != info.config.end() && ! execute && (Info().mode == MODE_STREAM ||
Info().mode == MODE_MANUAL) )
{
std::string offset_s = it->second;
offset = strtoll(offset_s.c_str(), 0, 10);
}
else if ( it != info.config.end() )
{
Error("Offset only is supported for zeek::input::MODE_STREAM and zeek::input::MODE_MANUAL; it is also not supported when executing a command");
Error("Offset only is supported for MODE_STREAM and MODE_MANUAL; it is also not supported when executing a command");
return false;
}
@ -398,18 +398,18 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie
return false;
}
if ( fields[0]->type != zeek::TYPE_STRING )
if ( fields[0]->type != TYPE_STRING )
{
Error("First field for raw reader always has to be of type string.");
return false;
}
if ( use_stderr && fields[1]->type != zeek::TYPE_BOOL )
if ( use_stderr && fields[1]->type != TYPE_BOOL )
{
Error("Second field for raw reader always has to be of type bool.");
return false;
}
if ( execute && Info().mode == zeek::input::MODE_REREAD )
if ( execute && Info().mode == MODE_REREAD )
{
// for execs this makes no sense - would have to execute each heartbeat?
Error("Rereading only supported for files, not for executables.");
@ -423,14 +423,14 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie
return result;
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "Raw reader created, will perform first update");
Debug(DBG_INPUT, "Raw reader created, will perform first update");
#endif
// after initialization - do update
DoUpdate();
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "First update went through");
Debug(DBG_INPUT, "First update went through");
#endif
return true;
}
@ -459,8 +459,8 @@ int64_t Raw::GetLine(FILE* arg_file)
// researching everything each time is a bit... cpu-intensive. But otherwhise we have
// to deal with situations where the separator is multi-character and split over multiple
// reads...
int found = zeek::util::strstr_n(pos, (unsigned char*) buf.get(),
separator.size(), (unsigned char*) separator.c_str());
int found = util::strstr_n(pos, (unsigned char*) buf.get(),
separator.size(), (unsigned char*) separator.c_str());
if ( found == -1 )
{
@ -531,7 +531,7 @@ void Raw::WriteToStdin()
if ( stdin_towrite == 0 ) // send EOF when we are done.
ClosePipeEnd(stdin_out);
if ( Info().mode == zeek::input::MODE_MANUAL && stdin_towrite != 0 )
if ( Info().mode == MODE_MANUAL && stdin_towrite != 0 )
{
Error(Fmt("Could not write whole string to stdin of child process in one go. Please use STREAM mode to pass more data to child."));
}
@ -547,7 +547,7 @@ bool Raw::DoUpdate()
else
{
switch ( Info().mode ) {
case zeek::input::MODE_REREAD:
case MODE_REREAD:
{
assert(childpid == -1); // mode may not be used to execute child programs
// check if the file has changed
@ -569,9 +569,9 @@ bool Raw::DoUpdate()
// fallthrough
}
case zeek::input::MODE_MANUAL:
case zeek::input::MODE_STREAM:
if ( Info().mode == zeek::input::MODE_STREAM && file )
case MODE_MANUAL:
case MODE_STREAM:
if ( Info().mode == MODE_STREAM && file )
{
clearerr(file.get()); // remove end of file evil bits
break;
@ -608,14 +608,14 @@ bool Raw::DoUpdate()
Value** fields = new Value*[2]; // just always reserve 2. This means that our [] is too long by a count of 1 if not using stderr. But who cares...
// filter has exactly one text field. convert to it.
Value* val = new Value(zeek::TYPE_STRING, true);
Value* val = new Value(TYPE_STRING, true);
val->val.string_val.data = outbuf.release();
val->val.string_val.length = length;
fields[0] = val;
if ( use_stderr )
{
Value* bval = new Value(zeek::TYPE_BOOL, true);
Value* bval = new Value(TYPE_BOOL, true);
bval->val.int_val = 0;
fields[1] = bval;
}
@ -636,11 +636,11 @@ bool Raw::DoUpdate()
break;
Value** fields = new Value*[2];
Value* val = new Value(zeek::TYPE_STRING, true);
Value* val = new Value(TYPE_STRING, true);
val->val.string_val.data = outbuf.release();
val->val.string_val.length = length;
fields[0] = val;
Value* bval = new Value(zeek::TYPE_BOOL, true);
Value* bval = new Value(TYPE_BOOL, true);
bval->val.int_val = 1; // yes, we are stderr
fields[1] = bval;
@ -648,7 +648,7 @@ bool Raw::DoUpdate()
}
}
if ( ( Info().mode == zeek::input::MODE_MANUAL ) || ( Info().mode == zeek::input::MODE_REREAD ) )
if ( ( Info().mode == MODE_MANUAL ) || ( Info().mode == MODE_REREAD ) )
// done with the current data source
EndCurrentSend();
@ -678,19 +678,19 @@ bool Raw::DoUpdate()
assert(false);
Value** vals = new Value*[4];
vals[0] = new Value(zeek::TYPE_STRING, true);
vals[0]->val.string_val.data = zeek::util::copy_string(Info().name);
vals[0] = new Value(TYPE_STRING, true);
vals[0]->val.string_val.data = util::copy_string(Info().name);
vals[0]->val.string_val.length = strlen(Info().name);
vals[1] = new Value(zeek::TYPE_STRING, true);
vals[1]->val.string_val.data = zeek::util::copy_string(Info().source);
vals[1] = new Value(TYPE_STRING, true);
vals[1]->val.string_val.data = util::copy_string(Info().source);
vals[1]->val.string_val.length = strlen(Info().source);
vals[2] = new Value(zeek::TYPE_COUNT, true);
vals[2] = new Value(TYPE_COUNT, true);
vals[2]->val.int_val = code;
vals[3] = new Value(zeek::TYPE_BOOL, true);
vals[3] = new Value(TYPE_BOOL, true);
vals[3]->val.int_val = signal;
// and in this case we can signal end_of_data even for the streaming reader
if ( Info().mode == zeek::input::MODE_STREAM )
if ( Info().mode == MODE_STREAM )
EndCurrentSend();
SendEvent("InputRaw::process_finished", 4, vals);
@ -700,7 +700,7 @@ bool Raw::DoUpdate()
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "DoUpdate finished successfully");
Debug(DBG_INPUT, "DoUpdate finished successfully");
#endif
return true;
@ -709,19 +709,19 @@ bool Raw::DoUpdate()
bool Raw::DoHeartbeat(double network_time, double current_time)
{
switch ( Info().mode ) {
case zeek::input::MODE_MANUAL:
case MODE_MANUAL:
// yay, we do nothing :)
break;
case zeek::input::MODE_REREAD:
case zeek::input::MODE_STREAM:
case MODE_REREAD:
case MODE_STREAM:
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "Starting Heartbeat update");
Debug(DBG_INPUT, "Starting Heartbeat update");
#endif
Update(); // call update and not DoUpdate, because update
// checks disabled.
#ifdef DEBUG
Debug(zeek::DBG_INPUT, "Finished with heartbeat update");
Debug(DBG_INPUT, "Finished with heartbeat update");
#endif
break;
default:

6
src/input/readers/raw/Raw.h
View file

@ -15,9 +15,9 @@ namespace zeek::input::reader::detail {
* A reader that returns a file (or the output of a command) as a single
* blob.
*/
class Raw : public zeek::input::ReaderBackend {
class Raw : public ReaderBackend {
public:
explicit Raw(zeek::input::ReaderFrontend* frontend);
explicit Raw(ReaderFrontend* frontend);
~Raw() override;
// prohibit copying and moving
@ -26,7 +26,7 @@ public:
Raw& operator=(const Raw&) = delete;
Raw& operator=(Raw&&) = delete;
static zeek::input::ReaderBackend* Instantiate(zeek::input::ReaderFrontend* frontend) { return new Raw(frontend); }
static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new Raw(frontend); }
protected:
bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* fields) override;

50
src/input/readers/sqlite/SQLite.cc
View file

@ -20,27 +20,27 @@ using zeek::threading::Field;
namespace zeek::input::reader::detail {
SQLite::SQLite(zeek::input::ReaderFrontend *frontend)
: zeek::input::ReaderBackend(frontend),
SQLite::SQLite(ReaderFrontend *frontend)
: ReaderBackend(frontend),
fields(), num_fields(), mode(), started(), query(), db(), st()
{
set_separator.assign(
(const char*) zeek::BifConst::LogSQLite::set_separator->Bytes(),
zeek::BifConst::InputSQLite::set_separator->Len()
(const char*) BifConst::LogSQLite::set_separator->Bytes(),
BifConst::InputSQLite::set_separator->Len()
);
unset_field.assign(
(const char*) zeek::BifConst::LogSQLite::unset_field->Bytes(),
zeek::BifConst::InputSQLite::unset_field->Len()
(const char*) BifConst::LogSQLite::unset_field->Bytes(),
BifConst::InputSQLite::unset_field->Len()
);
empty_field.assign(
(const char*) zeek::BifConst::LogAscii::empty_field->Bytes(),
zeek::BifConst::InputSQLite::empty_field->Len()
(const char*) BifConst::LogAscii::empty_field->Bytes(),
BifConst::InputSQLite::empty_field->Len()
);
io = new zeek::threading::formatter::Ascii(this, zeek::threading::formatter::Ascii::SeparatorInfo(
std::string(), set_separator, unset_field, empty_field));
io = new threading::formatter::Ascii(this, threading::formatter::Ascii::SeparatorInfo(
std::string(), set_separator, unset_field, empty_field));
}
SQLite::~SQLite()
@ -84,7 +84,7 @@ bool SQLite::DoInit(const ReaderInfo& info, int arg_num_fields, const threading:
// allows simultaneous writes to one file.
sqlite3_enable_shared_cache(1);
if ( Info().mode != zeek::input::MODE_MANUAL )
if ( Info().mode != MODE_MANUAL )
{
Error("SQLite only supports manual reading mode.");
return false;
@ -138,8 +138,8 @@ Value* SQLite::EntryToVal(sqlite3_stmt *st, const threading::Field *field, int p
Value* val = new Value(field->type, true);
switch ( field->type ) {
case zeek::TYPE_ENUM:
case zeek::TYPE_STRING:
case TYPE_ENUM:
case TYPE_STRING:
{
const char *text = (const char*) sqlite3_column_text(st, pos);
int length = sqlite3_column_bytes(st, pos);
@ -152,7 +152,7 @@ Value* SQLite::EntryToVal(sqlite3_stmt *st, const threading::Field *field, int p
break;
}
case zeek::TYPE_BOOL:
case TYPE_BOOL:
{
if ( sqlite3_column_type(st, pos) != SQLITE_INTEGER )
{
@ -174,21 +174,21 @@ Value* SQLite::EntryToVal(sqlite3_stmt *st, const threading::Field *field, int p
break;
}
case zeek::TYPE_INT:
case TYPE_INT:
val->val.int_val = sqlite3_column_int64(st, pos);
break;
case zeek::TYPE_DOUBLE:
case zeek::TYPE_TIME:
case zeek::TYPE_INTERVAL:
case TYPE_DOUBLE:
case TYPE_TIME:
case TYPE_INTERVAL:
val->val.double_val = sqlite3_column_double(st, pos);
break;
case zeek::TYPE_COUNT:
case TYPE_COUNT:
val->val.uint_val = sqlite3_column_int64(st, pos);
break;
case zeek::TYPE_PORT:
case TYPE_PORT:
{
val->val.port_val.port = sqlite3_column_int(st, pos);
val->val.port_val.proto = TRANSPORT_UNKNOWN;
@ -207,7 +207,7 @@ Value* SQLite::EntryToVal(sqlite3_stmt *st, const threading::Field *field, int p
break;
}
case zeek::TYPE_SUBNET:
case TYPE_SUBNET:
{
const char *text = (const char*) sqlite3_column_text(st, pos);
std::string s(text, sqlite3_column_bytes(st, pos));
@ -220,7 +220,7 @@ Value* SQLite::EntryToVal(sqlite3_stmt *st, const threading::Field *field, int p
break;
}
case zeek::TYPE_ADDR:
case TYPE_ADDR:
{
const char *text = (const char*) sqlite3_column_text(st, pos);
std::string s(text, sqlite3_column_bytes(st, pos));
@ -228,8 +228,8 @@ Value* SQLite::EntryToVal(sqlite3_stmt *st, const threading::Field *field, int p
break;
}
case zeek::TYPE_TABLE:
case zeek::TYPE_VECTOR:
case TYPE_TABLE:
case TYPE_VECTOR:
{
const char *text = (const char*) sqlite3_column_text(st, pos);
std::string s(text, sqlite3_column_bytes(st, pos));
@ -282,7 +282,7 @@ bool SQLite::DoUpdate()
if ( fields[j]->secondary_name != nullptr && strcmp(fields[j]->secondary_name, name) == 0 )
{
assert(fields[j]->type == zeek::TYPE_PORT);
assert(fields[j]->type == TYPE_PORT);
if ( submapping[j] != -1 )
{
Error(Fmt("SQLite statement returns several columns with name %s! Cannot decide which to choose, aborting", name));

12
src/input/readers/sqlite/SQLite.h
View file

@ -13,15 +13,15 @@
namespace zeek::input::reader::detail {
class SQLite : public zeek::input::ReaderBackend {
class SQLite : public ReaderBackend {
public:
explicit SQLite(zeek::input::ReaderFrontend* frontend);
explicit SQLite(ReaderFrontend* frontend);
~SQLite() override;
static zeek::input::ReaderBackend* Instantiate(zeek::input::ReaderFrontend* frontend) { return new SQLite(frontend); }
static ReaderBackend* Instantiate(ReaderFrontend* frontend) { return new SQLite(frontend); }
protected:
bool DoInit(const ReaderInfo& info, int arg_num_fields, const zeek::threading::Field* const* arg_fields) override;
bool DoInit(const ReaderInfo& info, int arg_num_fields, const threading::Field* const* arg_fields) override;
void DoClose() override;
bool DoUpdate() override;
bool DoHeartbeat(double network_time, double current_time) override { return true; }
@ -29,7 +29,7 @@ protected:
private:
bool checkError(int code);
zeek::threading::Value* EntryToVal(sqlite3_stmt *st, const zeek::threading::Field *field, int pos, int subpos);
threading::Value* EntryToVal(sqlite3_stmt *st, const threading::Field *field, int pos, int subpos);
const threading::Field* const * fields; // raw mapping
unsigned int num_fields;
@ -38,7 +38,7 @@ private:
std::string query;
sqlite3 *db;
sqlite3_stmt *st;
zeek::threading::formatter::Ascii* io;
threading::formatter::Ascii* io;
std::string set_separator;
std::string unset_field;