make logging framework send the protocol to the writer.

for use in future writers, that have a special type for port, which includes the protocol.
2025-10-10 10:38:20 +00:00 · 2011-12-05 16:18:54 -08:00 · 2011-12-05 16:18:54 -08:00 · aecbbdd966
commit aecbbdd966
parent 78b24da7e4
3 changed files with 37 additions and 4 deletions
--- a/src/LogMgr.cc
+++ b/src/LogMgr.cc
@ -118,6 +118,10 @@ LogVal::~LogVal()

 		delete [] val.vector_val.vals;
 		}
+
+//	if ( type == TYPE_PORT && present )
+//		delete val.port_val.proto;
+
 	}

 bool LogVal::IsCompatibleType(BroType* t, bool atomic_only)
@ -190,9 +194,12 @@ bool LogVal::Read(SerializationFormat* fmt)

 	case TYPE_COUNT:
 	case TYPE_COUNTER:
-	case TYPE_PORT:
 		return fmt->Read(&val.uint_val, "uint");

+	case TYPE_PORT:
+		val.port_val.proto = new string;
+		return fmt->Read(&val.port_val.port, "port") && fmt->Read(val.port_val.proto, "proto");
+
 	case TYPE_SUBNET:
 		{
 		uint32 net[4];
@ -305,9 +312,11 @@ bool LogVal::Write(SerializationFormat* fmt) const

 	case TYPE_COUNT:
 	case TYPE_COUNTER:
-	case TYPE_PORT:
 		return fmt->Write(val.uint_val, "uint");

+	case TYPE_PORT:
+		return fmt->Write(val.port_val.port, "port") && fmt->Write(*val.port_val.proto, "proto");
+
 	case TYPE_SUBNET:
 		{
 		uint32 net[4];
@ -1066,6 +1075,22 @@ bool LogMgr::Write(EnumVal* id, RecordVal* columns)
 	return true;
 	}

+string LogMgr::TransportProtoToString(TransportProto p) {
+	switch ( p ) {
+		case TRANSPORT_UNKNOWN:
+		       return "unknown";
+		case TRANSPORT_TCP:
+			return "tcp";
+		case TRANSPORT_UDP:
+			return "udp";
+		case TRANSPORT_ICMP:
+			return "icmp";
+	}
+
+	assert(false);
+	return "";
+}
+
 LogVal* LogMgr::ValToLogVal(Val* val, BroType* ty)
 	{
 	if ( ! ty )
@ -1097,7 +1122,8 @@ LogVal* LogMgr::ValToLogVal(Val* val, BroType* ty)
 		break;

 	case TYPE_PORT:
-		lval->val.uint_val = val->AsPortVal()->Port();
+		lval->val.port_val.port = val->AsPortVal()->Port();
+		lval->val.port_val.proto = new string(TransportProtoToString(val->AsPortVal()->PortType()));
 		break;

 	case TYPE_SUBNET:
--- a/src/LogMgr.h
+++ b/src/LogMgr.h
@ -38,10 +38,12 @@ struct LogVal {
 	// types we can log directly.
 	struct set_t { bro_int_t size; LogVal** vals; };
 	typedef set_t vec_t;
+	struct port_t { bro_uint_t port; string* proto; };

 	union _val {
 		bro_int_t int_val;
 		bro_uint_t uint_val;
+		port_t port_val;
 		uint32 addr_val[NUM_ADDR_WORDS];
 		subnet_type subnet_val;
 		double double_val;
@ -136,6 +138,8 @@ private:
 	Filter* FindFilter(EnumVal* id, StringVal* filter);
 	WriterInfo* FindWriter(LogWriter* writer);

+	string TransportProtoToString(TransportProto p);
+
 	vector<Stream *> streams;	// Indexed by stream enum.
 };

--- a/src/LogWriterAscii.cc
+++ b/src/LogWriterAscii.cc
@ -169,10 +169,13 @@ bool LogWriterAscii::DoWriteOne(ODesc* desc, LogVal* val, const LogField* field)

 	case TYPE_COUNT:
 	case TYPE_COUNTER:
-	case TYPE_PORT:
 		desc->Add(val->val.uint_val);
 		break;

+	case TYPE_PORT:
+		desc->Add(val->val.port_val.port);
+		break;
+
 	case TYPE_SUBNET:
 		desc->Add(dotted_addr(val->val.subnet_val.net));
 		desc->Add("/");