Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

FileAnalysis: finish switching hooks to events.

Browse source
This commit is contained in:
Jon Siwek 2013-04-10 11:13:43 -05:00
parent 641154f8e8
commit a2d9b47bcd
39 changed files with 219 additions and 305 deletions
Download patch file Download diff file Expand all files Collapse all files

28
src/file_analysis/File.cc
View file

@ -147,8 +147,7 @@ void File::UpdateConnectionFields(Connection* conn)
{
conns->AsTableVal()->Assign(idx, conn->BuildConnVal());
if ( ! is_first )
file_mgr->EvaluatePolicy(BifEnum::FileAnalysis::TRIGGER_NEW_CONN,
this);
file_mgr->FileEvent(file_over_new_connection, this);
}
Unref(idx);
@ -223,22 +222,10 @@ bool File::BufferBOF(const u_char* data, uint64 len)
if ( bof_buffer.full || bof_buffer.replayed ) return false;
if ( bof_buffer.chunks.size() == 0 )
file_mgr->EvaluatePolicy(BifEnum::FileAnalysis::TRIGGER_BOF, this);
file_mgr->FileEvent(file_bof, this);
uint64 desired_size = LookupFieldDefaultCount(bof_buffer_size_idx);
/* Leaving out this optimization (I think) for now to keep things simpler.
// If first chunk satisfies desired size, do everything now without copying.
if ( bof_buffer.chunks.empty() && len >= desired_size )
{
bof_buffer.full = bof_buffer.replayed = true;
val->Assign(bof_buffer_idx, new StringVal(new BroString(data, len, 0)));
file_mgr->EvaluatePolicy(TRIGGER_BOF_BUFFER, this);
// TODO: libmagic stuff
return false;
}
*/
bof_buffer.chunks.push_back(new BroString(data, len, 0));
bof_buffer.size += len;
@ -281,11 +268,10 @@ void File::ReplayBOF()
val->Assign(bof_buffer_idx, new StringVal(bs));
bool have_type = DetectTypes(bs->Bytes(), bs->Len());
using BifEnum::FileAnalysis::TRIGGER_BOF_BUFFER;
file_mgr->EvaluatePolicy(TRIGGER_BOF_BUFFER, this);
file_mgr->FileEvent(file_bof_buffer, this);
if ( have_type )
file_mgr->EvaluatePolicy(BifEnum::FileAnalysis::TRIGGER_TYPE, this);
file_mgr->FileEvent(file_type, this);
for ( size_t i = 0; i < bof_buffer.chunks.size(); ++i )
DataIn(bof_buffer.chunks[i]->Bytes(), bof_buffer.chunks[i]->Len());
@ -299,7 +285,7 @@ void File::DataIn(const u_char* data, uint64 len, uint64 offset)
{
if ( DetectTypes(data, len) )
{
file_mgr->EvaluatePolicy(BifEnum::FileAnalysis::TRIGGER_TYPE, this);
file_mgr->FileEvent(file_type, this);
actions.DrainModifications();
}
@ -338,7 +324,7 @@ void File::DataIn(const u_char* data, uint64 len)
{
if ( DetectTypes(data, len) )
{
file_mgr->EvaluatePolicy(BifEnum::FileAnalysis::TRIGGER_TYPE, this);
file_mgr->FileEvent(file_type, this);
actions.DrainModifications();
}
@ -409,7 +395,7 @@ void File::Gap(uint64 offset, uint64 len)
actions.QueueRemoveAction(act->Args());
}
file_mgr->EvaluatePolicy(BifEnum::FileAnalysis::TRIGGER_GAP, this);
file_mgr->FileEvent(file_gap, this);
actions.DrainModifications();
IncrementByteCount(len, missing_bytes_idx);

20
src/file_analysis/Manager.cc
View file

@ -174,22 +174,6 @@ void Manager::FileEvent(EventHandlerPtr h, File* file)
mgr.Dispatch(new Event(h, vl));
}
void Manager::EvaluatePolicy(BifEnum::FileAnalysis::Trigger t, File* file)
{
if ( IsIgnored(file->GetUnique()) ) return;
const ID* id = global_scope()->Lookup("FileAnalysis::policy");
assert(id);
const Func* hook = id->ID_Val()->AsFunc();
val_list vl(2);
vl.append(new EnumVal(t, BifType::Enum::FileAnalysis::Trigger));
vl.append(file->val->Ref());
Val* result = hook->Call(&vl);
Unref(result);
}
bool Manager::PostponeTimeout(const FileID& file_id) const
{
File* file = Lookup(file_id);
@ -237,7 +221,7 @@ File* Manager::GetFile(const string& unique, Connection* conn,
}
id_map[id] = rval;
file_mgr->EvaluatePolicy(BifEnum::FileAnalysis::TRIGGER_NEW, rval);
FileEvent(file_new, rval);
rval->ScheduleInactivityTimer();
if ( IsIgnored(unique) ) return 0;
}
@ -267,7 +251,7 @@ void Manager::Timeout(const FileID& file_id, bool is_terminating)
file->postpone_timeout = false;
file_mgr->EvaluatePolicy(BifEnum::FileAnalysis::TRIGGER_TIMEOUT, file);
FileEvent(file_timeout, file);
if ( file->postpone_timeout && ! is_terminating )
{

9
src/file_analysis/Manager.h
View file

@ -101,8 +101,8 @@ public:
bool IgnoreFile(const FileID& file_id);
/**
* If called during \c FileAnalysis::policy evaluation for a
* \c FileAnalysis::TRIGGER_TIMEOUT, requests deferral of analysis timeout.
* If called during a \c file_timeout event handler, requests deferral of
* analysis timeout.
*/
bool PostponeTimeout(const FileID& file_id) const;
@ -120,11 +120,6 @@ public:
*/
bool RemoveAction(const FileID& file_id, const RecordVal* args) const;
/**
* Calls the \c FileAnalysis::policy hook.
*/
void EvaluatePolicy(BifEnum::FileAnalysis::Trigger t, File* file);
/**
* Dispatches an event related to the file's life-cycle.
*/