Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

A new event bro_script_loaded() raised for each policy script loaded.

Browse source 
Also removing the -l command-line option as that can now be done at
the script-level.

A couple tests fail now that use -l. Leaving that until we have
script-level replacement.
This commit is contained in:
Robin Sommer 2011-07-07 10:40:52 -07:00
parent df1b2f922b
commit 97b5f812c7
7 changed files with 46 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/Net.cc
View file

@ -71,6 +71,7 @@ double current_timestamp = 0.0;
PktSrc* current_pktsrc = 0; PktSrc* current_pktsrc = 0;
IOSource* current_iosrc; IOSource* current_iosrc;
std::list<ScannedFile> files_scanned;
RETSIGTYPE watchdog(int /* signo */) RETSIGTYPE watchdog(int /* signo */)
{ {

14
src/Net.h
View file

@ -90,4 +90,18 @@ extern PktDumper* pkt_dumper; // where to save packets
extern char* writefile; extern char* writefile;
// Script file we have already scanned (or are in the process of scanning).
// They are identified by inode number.
struct ScannedFile {
ino_t inode;
int include_level;
string name;
ScannedFile(ino_t arg_inode, int arg_include_level, string arg_name)
: inode(arg_inode), include_level(arg_include_level), name(arg_name)
{ }
};
extern std::list<ScannedFile> files_scanned;
#endif #endif

3
src/event.bif
View file

@ -480,3 +480,6 @@ event netflow_v5_record%(r: nf_v5_record%);
event reporter_info%(t: time, msg: string, location: string%) &error_handler; event reporter_info%(t: time, msg: string, location: string%) &error_handler;
event reporter_warning%(t: time, msg: string, location: string%) &error_handler; event reporter_warning%(t: time, msg: string, location: string%) &error_handler;
event reporter_error%(t: time, msg: string, location: string%) &error_handler; event reporter_error%(t: time, msg: string, location: string%) &error_handler;
# Raised for each policy script loaded.
event bro_script_loaded%(path: string, level: count%);

17
src/main.cc
View file

@ -91,7 +91,6 @@ DPM* dpm = 0;
int optimize = 0; int optimize = 0;
int do_notice_analysis = 0; int do_notice_analysis = 0;
int rule_bench = 0; int rule_bench = 0;
int print_loaded_scripts = 0;
int generate_documentation = 0; int generate_documentation = 0;
SecondaryPath* secondary_path = 0; SecondaryPath* secondary_path = 0;
ConnCompressor* conn_compressor = 0; ConnCompressor* conn_compressor = 0;
@ -145,7 +144,6 @@ void usage()
fprintf(stderr, " -g|--dump-config | dump current config into .state dir\n"); fprintf(stderr, " -g|--dump-config | dump current config into .state dir\n");
fprintf(stderr, " -h|--help|-? | command line help\n"); fprintf(stderr, " -h|--help|-? | command line help\n");
fprintf(stderr, " -i|--iface <interface> | read from given interface\n"); fprintf(stderr, " -i|--iface <interface> | read from given interface\n");
fprintf(stderr, " -l|--print-scripts | print all loaded scripts\n");
fprintf(stderr, " -Z|--doc-scripts | generate documentation for all loaded scripts\n"); fprintf(stderr, " -Z|--doc-scripts | generate documentation for all loaded scripts\n");
fprintf(stderr, " -p|--prefix <prefix> | add given prefix to policy file resolution\n"); fprintf(stderr, " -p|--prefix <prefix> | add given prefix to policy file resolution\n");
fprintf(stderr, " -r|--readfile <readfile> | read from given tcpdump file\n"); fprintf(stderr, " -r|--readfile <readfile> | read from given tcpdump file\n");
@ -440,7 +438,7 @@ int main(int argc, char** argv)
opterr = 0; opterr = 0;
char opts[256]; char opts[256];
safe_strncpy(opts, "B:D:e:f:I:i:K:n:p:R:r:s:T:t:U:w:x:X:y:Y:z:CFGHLOPSWdghlvZ", safe_strncpy(opts, "B:D:e:f:I:i:K:n:p:R:r:s:T:t:U:w:x:X:y:Y:z:CFGHLOPSWdghvZ",
sizeof(opts)); sizeof(opts));
#ifdef USE_PERFTOOLS #ifdef USE_PERFTOOLS
@ -471,10 +469,6 @@ int main(int argc, char** argv)
interfaces.append(optarg); interfaces.append(optarg);
break; break;
case 'l':
print_loaded_scripts = 1;
break;
case 'p': case 'p':
prefixes.append(optarg); prefixes.append(optarg);
break; break;
@ -965,6 +959,15 @@ int main(int argc, char** argv)
if ( override_ignore_checksums ) if ( override_ignore_checksums )
ignore_checksums = 1; ignore_checksums = 1;
// Queue events reporting loaded scripts.
for ( std::list<ScannedFile>::iterator i = files_scanned.begin(); i != files_scanned.end(); i++ )
{
val_list* vl = new val_list;
vl->append(new StringVal(i->name.c_str()));
vl->append(new Val(i->include_level, TYPE_COUNT));
mgr.QueueEvent(bro_script_loaded, vl);
}
dpm->PostScriptInit(); dpm->PostScriptInit();
reporter->ReportViaEvents(true); reporter->ReportViaEvents(true);

48
src/scan.l
View file

@ -36,7 +36,6 @@ ptr_compat_int current_depth = 0;
int_list if_stack; int_list if_stack;
int line_number = 1; int line_number = 1;
int include_level = 0;
const char* filename = 0; const char* filename = 0;
BroDoc* current_reST_doc = 0; BroDoc* current_reST_doc = 0;
static BroDoc* last_reST_doc = 0; static BroDoc* last_reST_doc = 0;
@ -52,10 +51,6 @@ char last_tok[128];
if ( ((result = fread(buf, 1, max_size, yyin)) == 0) && ferror(yyin) ) \ if ( ((result = fread(buf, 1, max_size, yyin)) == 0) && ferror(yyin) ) \
reporter->Error(fmt("read failed with \"%s\"", strerror(errno))); reporter->Error(fmt("read failed with \"%s\"", strerror(errno)));
// Files we have already scanned (or are in the process of scanning). They
// are tracked by inode number.
static std::list<ino_t> files_scanned;
// reST documents that we've created (or have at least opened so far). // reST documents that we've created (or have at least opened so far).
std::list<BroDoc*> docs_generated; std::list<BroDoc*> docs_generated;
@ -123,10 +118,6 @@ static PList(FileInfo) file_stack;
// Returns true if the file is new, false if it's already been scanned. // Returns true if the file is new, false if it's already been scanned.
static int load_files_with_prefix(const char* file); static int load_files_with_prefix(const char* file);
// If print_loaded_files is true, print current filename if we haven't
// reported it already.
static void report_file();
// ### TODO: columns too - use yyless with '.' action? // ### TODO: columns too - use yyless with '.' action?
%} %}
@ -219,7 +210,6 @@ ESCSEQ (\\([^\n]|[0-7]+|x[[:xdigit:]]+))
{WS} /* eat whitespace */ {WS} /* eat whitespace */
<INITIAL,IGNORE,DOC>\n { <INITIAL,IGNORE,DOC>\n {
report_file();
++line_number; ++line_number;
++yylloc.first_line; ++yylloc.first_line;
++yylloc.last_line; ++yylloc.last_line;
@ -349,11 +339,13 @@ when return TOK_WHEN;
if ( f ) if ( f )
{ {
ino_t i = get_inode_num(f, full_filename); ScannedFile sf(get_inode_num(f, full_filename), file_stack.length(), full_filename);
files_scanned.push_back(sf);
fclose(f); fclose(f);
delete [] full_filename; delete [] full_filename;
files_scanned.push_back(i);
} }
else else
reporter->Error("failed find file associated with @unload %s", new_file); reporter->Error("failed find file associated with @unload %s", new_file);
} }
@ -566,11 +558,11 @@ static int load_files_with_prefix(const char* orig_file)
if ( f ) if ( f )
{ {
ino_t i = get_inode_num(f, full_filename); ino_t i = get_inode_num(f, full_filename);
std::list<ino_t>::const_iterator it; std::list<ScannedFile>::const_iterator it;
for ( it = files_scanned.begin(); it != files_scanned.end(); ++it ) for ( it = files_scanned.begin(); it != files_scanned.end(); ++it )
{ {
if ( *it == i ) if ( it->inode == i )
{ {
fclose(f); fclose(f);
delete [] full_filename; delete [] full_filename;
@ -579,7 +571,8 @@ static int load_files_with_prefix(const char* orig_file)
} }
} }
files_scanned.push_back(i); ScannedFile sf(i, file_stack.length(), full_filename);
files_scanned.push_back(sf);
if ( g_policy_debug ) if ( g_policy_debug )
{ {
@ -783,8 +776,6 @@ int yywrap()
if ( reporter->Errors() > 0 ) if ( reporter->Errors() > 0 )
return 1; return 1;
--include_level;
if ( ! did_builtin_init && file_stack.length() == 1 ) if ( ! did_builtin_init && file_stack.length() == 1 )
{ {
// ### This is a gross hack - we know that the first file // ### This is a gross hack - we know that the first file
@ -901,7 +892,6 @@ FileInfo::FileInfo(string arg_restore_module)
restore_module = arg_restore_module; restore_module = arg_restore_module;
name = ::filename; name = ::filename;
line = ::line_number; line = ::line_number;
level = ::include_level;
doc = ::current_reST_doc; doc = ::current_reST_doc;
} }
@ -913,7 +903,6 @@ FileInfo::~FileInfo()
yy_switch_to_buffer(buffer_state); yy_switch_to_buffer(buffer_state);
yylloc.filename = filename = name; yylloc.filename = filename = name;
yylloc.first_line = yylloc.last_line = line_number = line; yylloc.first_line = yylloc.last_line = line_number = line;
include_level = level;
last_reST_doc = current_reST_doc; last_reST_doc = current_reST_doc;
current_reST_doc = doc; current_reST_doc = doc;
@ -921,27 +910,6 @@ FileInfo::~FileInfo()
current_module = restore_module; current_module = restore_module;
} }
static void report_file()
{
if ( ! print_loaded_scripts || ! filename )
return;
static PList(char) files_reported;
loop_over_list(files_reported, i)
{
if ( streq(files_reported[i], filename) )
return;
}
for ( int i = include_level - 1; i >= 0; --i )
fprintf(stderr, " ");
fprintf(stderr, "loading %s\n", filename);
++include_level;
files_reported.append(copy_string(filename));
}
static void check_capture_filter_changes() static void check_capture_filter_changes()
{ {
if ( ! generate_documentation ) if ( ! generate_documentation )

0
testing/btest/Baseline/policy.misc.loaded-scripts/output Normal file
View file

7
testing/btest/policy/misc/loaded-scripts.bro Normal file
View file

@ -0,0 +1,7 @@
# @TEST-EXEC: bro %INPUT >output
# @TEST-EXEC: btest-diff output
event bro_script_loaded(path: string, level: count)
{
print level, path;
}