Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 09:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

FileAnalysis: replace script-layer http file analysis.

Browse source 
Other misc:

- Remove HTTP::MD5 notice.

- Add "last_active" field to FileAnalysis::Info record.

- Replace "conn_uids", "conn_ids" fields in FileAnalysis::Info record
  with just a "conns" fields containing full connection records.

- The http-methods unit test is failing now, but I think it will be
  fixed once I change the file handle callback mechanism to use events
  instead.
This commit is contained in:
Jon Siwek 2013-03-22 16:14:06 -05:00
parent 7034785810
commit 71f0e2d276
61 changed files with 411 additions and 625 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/file_analysis/PendingFile.h
View file

@ -1,6 +1,7 @@
#ifndef FILE_ANALYSIS_PENDINGFILE_H
#define FILE_ANALYSIS_PENDINGFILE_H
#include "AnalyzerTags.h"
#include "Conn.h"
namespace file_analysis {
@ -16,19 +17,21 @@ public:
protected:
PendingFile(Connection* arg_conn, bool arg_is_orig);
PendingFile(Connection* arg_conn, bool arg_is_orig,
AnalyzerTag::Tag arg_tag = AnalyzerTag::Error);
Connection* conn;
bool is_orig;
double creation_time;
AnalyzerTag::Tag tag;
};
class PendingDataInChunk : public PendingFile {
public:
PendingDataInChunk(const u_char* arg_data, uint64 arg_len,
uint64 arg_offset, Connection* arg_conn,
bool arg_is_orig);
uint64 arg_offset, AnalyzerTag::Tag tag,
Connection* arg_conn, bool arg_is_orig);
virtual ~PendingDataInChunk();
@ -45,7 +48,8 @@ class PendingDataInStream : public PendingFile {
public:
PendingDataInStream(const u_char* arg_data, uint64 arg_len,
Connection* arg_conn, bool arg_is_orig);
AnalyzerTag::Tag tag, Connection* arg_conn,
bool arg_is_orig);
virtual ~PendingDataInStream();
@ -60,8 +64,8 @@ protected:
class PendingGap : public PendingFile {
public:
PendingGap(uint64 arg_offset, uint64 arg_len, Connection* arg_conn,
bool arg_is_orig);
PendingGap(uint64 arg_offset, uint64 arg_len, AnalyzerTag::Tag tag,
Connection* arg_conn, bool arg_is_orig);
virtual bool Retry() const;
@ -82,7 +86,8 @@ public:
class PendingSize : public PendingFile {
public:
PendingSize(uint64 arg_size, Connection* arg_conn, bool arg_is_orig);
PendingSize(uint64 arg_size, AnalyzerTag::Tag tag, Connection* arg_conn,
bool arg_is_orig);
virtual bool Retry() const;