Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 09:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

FileAnalysis: file handles now set from events.

Browse source 
Versus from synchronous function calls, which doesn't work well because
the function call can see a script-layer state that doesn't reflect
the state as it will be in terms of the event/network stream.
This commit is contained in:
Jon Siwek 2013-03-25 15:37:58 -05:00
parent 00a1de3593
commit 84a0c2fdac
21 changed files with 362 additions and 392 deletions
Download patch file Download diff file Expand all files Collapse all files

38
src/file_analysis/PendingFile.h
View file

@ -3,6 +3,7 @@
#include "AnalyzerTags.h"
#include "Conn.h"
#include "Info.h"
namespace file_analysis {
@ -11,18 +12,16 @@ public:
virtual ~PendingFile();
virtual bool Retry() const = 0;
bool IsStale() const;
virtual void Finish(const string& handle) const = 0;
protected:
PendingFile(Connection* arg_conn, bool arg_is_orig,
PendingFile(Connection* arg_conn,
AnalyzerTag::Tag arg_tag = AnalyzerTag::Error);
Info* GetInfo(const string& handle) const;
Connection* conn;
bool is_orig;
double creation_time;
AnalyzerTag::Tag tag;
};
@ -30,12 +29,12 @@ class PendingDataInChunk : public PendingFile {
public:
PendingDataInChunk(const u_char* arg_data, uint64 arg_len,
uint64 arg_offset, AnalyzerTag::Tag tag,
Connection* arg_conn, bool arg_is_orig);
uint64 arg_offset, AnalyzerTag::Tag arg_tag,
Connection* arg_conn);
virtual ~PendingDataInChunk();
virtual bool Retry() const;
virtual void Finish(const string& handle) const;
protected:
@ -48,12 +47,11 @@ class PendingDataInStream : public PendingFile {
public:
PendingDataInStream(const u_char* arg_data, uint64 arg_len,
AnalyzerTag::Tag tag, Connection* arg_conn,
bool arg_is_orig);
AnalyzerTag::Tag arg_tag, Connection* arg_conn);
virtual ~PendingDataInStream();
virtual bool Retry() const;
virtual void Finish(const string& handle) const;
protected:
@ -64,10 +62,10 @@ protected:
class PendingGap : public PendingFile {
public:
PendingGap(uint64 arg_offset, uint64 arg_len, AnalyzerTag::Tag tag,
Connection* arg_conn, bool arg_is_orig);
PendingGap(uint64 arg_offset, uint64 arg_len, AnalyzerTag::Tag arg_tag,
Connection* arg_conn);
virtual bool Retry() const;
virtual void Finish(const string& handle) const;
protected:
@ -78,18 +76,18 @@ protected:
class PendingEOF : public PendingFile {
public:
PendingEOF(Connection* arg_conn, bool arg_is_orig);
PendingEOF(AnalyzerTag::Tag arg_tag, Connection* arg_conn);
virtual bool Retry() const;
virtual void Finish(const string& handle) const;
};
class PendingSize : public PendingFile {
public:
PendingSize(uint64 arg_size, AnalyzerTag::Tag tag, Connection* arg_conn,
bool arg_is_orig);
PendingSize(uint64 arg_size, AnalyzerTag::Tag arg_tag,
Connection* arg_conn);
virtual bool Retry() const;
virtual void Finish(const string& handle) const;
protected: