Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add options to limit extracted file sizes w/ 100MB default.

Browse source
This commit is contained in:
Jon Siwek 2013-08-22 16:37:58 -05:00
parent 40d849a2c5
commit 89ae4ffd05
23 changed files with 929 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/file_analysis/File.cc
View file

@ -14,6 +14,8 @@
#include "analyzer/Analyzer.h"
#include "analyzer/Manager.h"
#include "analyzer/extract/Extract.h"
using namespace file_analysis;
static Val* empty_connection_table()
@ -203,6 +205,22 @@ void File::SetTimeoutInterval(double interval)
val->Assign(timeout_interval_idx, new Val(interval, TYPE_INTERVAL));
}
bool File::SetExtractionLimit(RecordVal* args, uint64 bytes)
{
Analyzer* a = analyzers.Find(file_mgr->GetComponentTag("EXTRACT"), args);
if ( ! a )
return false;
Extract* e = dynamic_cast<Extract*>(a);
if ( ! e )
return false;
e->SetLimit(bytes);
return true;
}
void File::IncrementByteCount(uint64 size, int field_idx)
{
uint64 old = LookupFieldDefaultCount(field_idx);
@ -458,7 +476,7 @@ void File::FileEvent(EventHandlerPtr h, val_list* vl)
}
}
if ( h == file_new || h == file_timeout )
if ( h == file_new || h == file_timeout || h == file_extraction_limit )
{
// immediate feedback is required for these events.
mgr.Drain();