Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

FileAnalysis: finish switching hooks to events.

Browse source
This commit is contained in:
Jon Siwek 2013-04-10 11:13:43 -05:00
parent 641154f8e8
commit a2d9b47bcd
39 changed files with 219 additions and 305 deletions
Download patch file Download diff file Expand all files Collapse all files

8
scripts/base/protocols/ftp/file-extract.bro
View file

@ -24,10 +24,8 @@ redef record Info += {
extract_file: bool &default=F;
};
hook FileAnalysis::policy(trig: FileAnalysis::Trigger, f: fa_file)
&priority=5
event file_new(f: fa_file) &priority=5
{
if ( trig != FileAnalysis::TRIGGER_NEW ) return;
if ( ! f?$source ) return;
if ( f$source != "FTP_DATA" ) return;
if ( ! f?$conns ) return;
@ -56,10 +54,8 @@ hook FileAnalysis::policy(trig: FileAnalysis::Trigger, f: fa_file)
}
}
hook FileAnalysis::policy(trig: FileAnalysis::Trigger, f: fa_file)
&priority=5
event file_type(f: fa_file) &priority=5
{
if ( trig != FileAnalysis::TRIGGER_TYPE ) return;
if ( ! f?$mime_type ) return;
if ( ! f?$source ) return;
if ( f$source != "FTP_DATA" ) return;