From b0cb05de64bc49120909c82b928a310a1291c98f Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Sat, 27 Nov 2010 12:21:17 -0800 Subject: [PATCH] Merge with Subversion repository as of r7098. --- CHANGES | 12 ++++++++++++ VERSION | 2 +- policy/notice.bro | 2 ++ policy/rotate-logs.bro | 3 ++- src/File.cc | 20 +++++++++++++++----- src/File.h | 3 +++ 6 files changed, 35 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index c8a44bdbb2..b521d0aa3a 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,18 @@ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +1.6-dev.1 Sat Nov 27 12:19:47 PST 2010 + +- Merge with Subversion repository as of r7098. Incorporated changes: + + * Rotation post-processors are now passed an additional argument + indicating whether Bro is terminating (Robin Sommer). + + * Bro now consistently generates a file_opened event for all + fopen() calls. (Robin Sommer). + + * You can now redefine the email_notice_to function (Robin + Sommer). 1.6-dev.0 Fri Nov 26 13:48:11 PST 2010 diff --git a/VERSION b/VERSION index bd94556ba7..1bbb37c5bd 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.6-dev.0 +1.6-dev.1 diff --git a/policy/notice.bro b/policy/notice.bro index b19a4fb860..9b434032f0 100644 --- a/policy/notice.bro +++ b/policy/notice.bro @@ -272,6 +272,8 @@ function build_notice_info_string_tagged(n: notice_info) : string return cur_info; } +global email_notice_to: function(n: notice_info, dest: string) &redef; + function email_notice_to(n: notice_info, dest: string) { if ( reading_traces() || dest == "" ) diff --git a/policy/rotate-logs.bro b/policy/rotate-logs.bro index 65bfa05474..92ab4cf455 100644 --- a/policy/rotate-logs.bro +++ b/policy/rotate-logs.bro @@ -56,10 +56,11 @@ function run_pp(info: rotate_info) if ( pp != "" ) # The date format is hard-coded here to provide a standardized # script interface. - system(fmt("%s %s %s %s %s %s", + system(fmt("%s %s %s %s %s %s %s", pp, info$new_name, info$old_name, strftime("%y-%m-%d_%H.%M.%S", info$open), strftime("%y-%m-%d_%H.%M.%S", info$close), + bro_is_terminating() ? "1" : "0", tag)); else system(fmt("/bin/mv %s %s %s", diff --git a/src/File.cc b/src/File.cc index 3d3401471f..a57147d923 100644 --- a/src/File.cc +++ b/src/File.cc @@ -217,11 +217,8 @@ bool BroFile::Open(FILE* file) return false; } - val_list* vl = new val_list; - Ref(this); - vl->append(new Val(this)); - Event* event = new ::Event(::file_opened, vl); - mgr.Dispatch(event, true); + RaiseOpenEvent(); + return true; } @@ -299,6 +296,7 @@ FILE* BroFile::BringIntoCache() return f; } + RaiseOpenEvent(); UpdateFileSize(); if ( fseek(f, position, SEEK_SET) < 0 ) @@ -783,6 +781,18 @@ int BroFile::Write(const char* data, int len) return true; } +void BroFile::RaiseOpenEvent() + { + if ( ! ::file_opened ) + return; + + val_list* vl = new val_list; + Ref(this); + vl->append(new Val(this)); + Event* event = new ::Event(::file_opened, vl); + mgr.Dispatch(event, true); + } + void BroFile::UpdateFileSize() { struct stat s; diff --git a/src/File.h b/src/File.h index 250729532d..dad0d6da8b 100644 --- a/src/File.h +++ b/src/File.h @@ -112,6 +112,9 @@ protected: // Stats the file to get its current size. void UpdateFileSize(); + // Raises a file_opened event. + void RaiseOpenEvent(); + // Initialize encryption with the given public key. void InitEncrypt(const char* keyfile); // Finalize encryption.