Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 13:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

FileAnalysis: refactor add/remove/stop BIFs, add BOF triggers/fields.

Browse source 
The add_action, remove_action, and stop BIFs now go through a queue to
ensure that modifications are made at well-defined times and don't end
up invalidating loop iterators.
This commit is contained in:
Jon Siwek 2013-02-28 17:19:16 -06:00
parent 691622b3aa
commit 720858fb36
13 changed files with 517 additions and 169 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/file_analysis.bif
View file

@ -35,13 +35,13 @@ enum Trigger %{
## Raised when the beginning of a file is available and that beginning
## is at least the number of bytes indicated by the *bof_buffer_size*
## field of :bro:see:`FileAnalysis::Info`.
TRIGGER_BOF_BUFFER_AVAIL,
## Raised when the mime type of a file is matched based on magic
## numbers. TODO: re-purposing protocols/http/file-ident.sig for
## doing this is tricky since the signature engine doesn't expect
TRIGGER_BOF_BUFFER,
## Raised when an initial guess at the file/mime type of a file is matched
## based on magic numbers. TODO: re-purposing protocols/http/file-ident.sig
## for doing this is tricky since the signature engine doesn't expect
## to be decoupled from connections, so figure out what work needs
## done there.
TRIGGER_MIME_TYPE,
TRIGGER_TYPE,
## Raised when the end of a file is detected. If the file is not
## being transferred linearly, then this doesn't have to mean the full
## file has been transferred.