Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

FileAnalysis: replace script-layer http file analysis.

Browse source 
Other misc:

- Remove HTTP::MD5 notice.

- Add "last_active" field to FileAnalysis::Info record.

- Replace "conn_uids", "conn_ids" fields in FileAnalysis::Info record
  with just a "conns" fields containing full connection records.

- The http-methods unit test is failing now, but I think it will be
  fixed once I change the file handle callback mechanism to use events
  instead.
This commit is contained in:
Jon Siwek 2013-03-22 16:14:06 -05:00
parent 7034785810
commit 71f0e2d276
61 changed files with 411 additions and 625 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/file_analysis/Manager.h
View file

@ -7,6 +7,7 @@
#include <list>
#include "Net.h"
#include "AnalyzerTags.h"
#include "Conn.h"
#include "Val.h"
#include "Analyzer.h"
@ -47,7 +48,7 @@ public:
* Pass in non-sequential file data.
*/
bool DataIn(const u_char* data, uint64 len, uint64 offset,
Connection* conn, bool is_orig);
AnalyzerTag::Tag tag, Connection* conn, bool is_orig);
void DataIn(const u_char* data, uint64 len, uint64 offset,
const string& unique);
void DataIn(const u_char* data, uint64 len, uint64 offset,
@ -56,7 +57,8 @@ public:
/**
* Pass in sequential file data.
*/
bool DataIn(const u_char* data, uint64 len, Connection* conn, bool is_orig);
bool DataIn(const u_char* data, uint64 len, AnalyzerTag::Tag tag,
Connection* conn, bool is_orig);
void DataIn(const u_char* data, uint64 len, const string& unique);
void DataIn(const u_char* data, uint64 len, Info* info);
@ -70,14 +72,16 @@ public:
/**
* Signal a gap in the file data stream.
*/
bool Gap(uint64 offset, uint64 len, Connection* conn, bool is_orig);
bool Gap(uint64 offset, uint64 len, AnalyzerTag::Tag tag, Connection* conn,
bool is_orig);
void Gap(uint64 offset, uint64 len, const string& unique);
void Gap(uint64 offset, uint64 len, Info* info);
/**
* Provide the expected number of bytes that comprise a file.
*/
bool SetSize(uint64 size, Connection* conn, bool is_orig);
bool SetSize(uint64 size, AnalyzerTag::Tag tag, Connection* conn,
bool is_orig);
void SetSize(uint64 size, const string& unique);
void SetSize(uint64 size, Info* info);
@ -131,7 +135,8 @@ protected:
* activity time is refreshed along with any connection-related
* fields.
*/
Info* GetInfo(const string& unique, Connection* conn = 0);
Info* GetInfo(const string& unique, Connection* conn = 0,
AnalyzerTag::Tag tag = AnalyzerTag::Error);
/**
* @return a string which can uniquely identify the file being transported