mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 09:08:20 +00:00
Move API for disabling packet analyzers into component.
Before, that API was part of the analyzers themselves, which meant we couldn't disable a packet analyzer before it had been instantiated. That's different from protocol/file analyzers, where we disable them through the corresponding component. The lack of the component-side API prevented Spicy from replacing packet analyzers at startup. The reason we had put this into analyzer originally was performance so that we don't need a component lookup for every packet. This change keeps that optimization by caching the on/off state in the analyzer itself as well, but now with the component being the one controlling it.
This commit is contained in:
Robin Sommer
parent
a84d06a2c3
commit
b114850283
5 changed files with 44 additions and 19 deletions
|
|
@ -71,13 +71,6 @@ public:
|
||||||
*/
|
*/
|
||||||
bool IsAnalyzer(const char* name);
|
bool IsAnalyzer(const char* name);
|
||||||
|
|
||||||
/**
|
|
||||||
* Enable or disable this analyzer.
|
|
||||||
*
|
|
||||||
* @param value The new enabled value.
|
|
||||||
*/
|
|
||||||
void SetEnabled(bool value) { enabled = value; }
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return whether this analyzer is enabled or not.
|
* Return whether this analyzer is enabled or not.
|
||||||
*
|
*
|
||||||
|
|
@ -201,6 +194,7 @@ public:
|
||||||
void Weird(const char* name, Packet* packet = nullptr, const char* addl = "") const;
|
void Weird(const char* name, Packet* packet = nullptr, const char* addl = "") const;
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
|
friend class Component;
|
||||||
friend class Manager;
|
friend class Manager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -221,6 +215,14 @@ protected:
|
||||||
*/
|
*/
|
||||||
AnalyzerPtr LoadAnalyzer(const std::string& name);
|
AnalyzerPtr LoadAnalyzer(const std::string& name);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Enable or disable this analyzer. This is meant for internal use by
|
||||||
|
* manager and component.
|
||||||
|
*
|
||||||
|
* @param value The new enabled value.
|
||||||
|
*/
|
||||||
|
void SetEnabled(bool value) { enabled = value; }
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the module name corresponding to the analyzer, i.e. its script-land
|
* Returns the module name corresponding to the analyzer, i.e. its script-land
|
||||||
* namespace. Configuration values for the analyzer are expected in this module.
|
* namespace. Configuration values for the analyzer are expected in this module.
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
#include "zeek/packet_analysis/Component.h"
|
#include "zeek/packet_analysis/Component.h"
|
||||||
|
|
||||||
#include "zeek/Desc.h"
|
#include "zeek/Desc.h"
|
||||||
|
#include "zeek/packet_analysis/Analyzer.h"
|
||||||
#include "zeek/packet_analysis/Manager.h"
|
#include "zeek/packet_analysis/Manager.h"
|
||||||
|
|
||||||
using namespace zeek::packet_analysis;
|
using namespace zeek::packet_analysis;
|
||||||
|
|
@ -21,11 +22,23 @@ void Component::Initialize()
|
||||||
packet_mgr->RegisterComponent(this, "ANALYZER_");
|
packet_mgr->RegisterComponent(this, "ANALYZER_");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void Component::SetEnabled(bool arg_enabled)
|
||||||
|
{
|
||||||
|
enabled = arg_enabled;
|
||||||
|
|
||||||
|
// If we already have instantiated an analyzer, update its state.
|
||||||
|
if ( auto analyzer = packet_mgr->GetAnalyzer(Tag().AsVal().get()) )
|
||||||
|
analyzer->SetEnabled(enabled);
|
||||||
|
}
|
||||||
|
|
||||||
void Component::DoDescribe(ODesc* d) const
|
void Component::DoDescribe(ODesc* d) const
|
||||||
{
|
{
|
||||||
if ( factory )
|
if ( factory )
|
||||||
{
|
{
|
||||||
d->Add("ANALYZER_");
|
d->Add("ANALYZER_");
|
||||||
d->Add(CanonicalName());
|
d->Add(CanonicalName());
|
||||||
|
d->Add(", ");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
d->Add(enabled ? "enabled" : "disabled");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,20 @@ public:
|
||||||
*/
|
*/
|
||||||
factory_callback Factory() const { return factory; }
|
factory_callback Factory() const { return factory; }
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns true if the analyzer is currently enabled and hence
|
||||||
|
* available for use.
|
||||||
|
*/
|
||||||
|
bool Enabled() const { return enabled; }
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Enables or disables this analyzer.
|
||||||
|
*
|
||||||
|
* @param arg_enabled True to enabled, false to disable.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
void SetEnabled(bool arg_enabled);
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
/**
|
/**
|
||||||
* Overriden from plugin::Component.
|
* Overriden from plugin::Component.
|
||||||
|
|
@ -44,6 +58,7 @@ protected:
|
||||||
|
|
||||||
private:
|
private:
|
||||||
factory_callback factory; // The analyzer's factory callback.
|
factory_callback factory; // The analyzer's factory callback.
|
||||||
|
bool enabled = true; // True if the analyzer is enabled.
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,10 @@ void Manager::InitPostScript(const std::string& unprocessed_output_file)
|
||||||
for ( const auto& analyzerComponent : GetComponents() )
|
for ( const auto& analyzerComponent : GetComponents() )
|
||||||
{
|
{
|
||||||
if ( AnalyzerPtr newAnalyzer = InstantiateAnalyzer(analyzerComponent->Tag()) )
|
if ( AnalyzerPtr newAnalyzer = InstantiateAnalyzer(analyzerComponent->Tag()) )
|
||||||
|
{
|
||||||
|
newAnalyzer->SetEnabled(analyzerComponent->Enabled());
|
||||||
analyzers.emplace(analyzerComponent->Name(), newAnalyzer);
|
analyzers.emplace(analyzerComponent->Name(), newAnalyzer);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Initialize all analyzers
|
// Initialize all analyzers
|
||||||
|
|
@ -91,11 +94,7 @@ AnalyzerPtr Manager::GetAnalyzer(const std::string& name)
|
||||||
bool Manager::EnableAnalyzer(EnumVal* tag)
|
bool Manager::EnableAnalyzer(EnumVal* tag)
|
||||||
{
|
{
|
||||||
Component* c = Lookup(tag);
|
Component* c = Lookup(tag);
|
||||||
AnalyzerPtr a = GetAnalyzer(c->Name());
|
c->SetEnabled(true);
|
||||||
if ( ! a )
|
|
||||||
return false;
|
|
||||||
|
|
||||||
a->SetEnabled(true);
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
@ -103,11 +102,7 @@ bool Manager::EnableAnalyzer(EnumVal* tag)
|
||||||
bool Manager::DisableAnalyzer(EnumVal* tag)
|
bool Manager::DisableAnalyzer(EnumVal* tag)
|
||||||
{
|
{
|
||||||
Component* c = Lookup(tag);
|
Component* c = Lookup(tag);
|
||||||
AnalyzerPtr a = GetAnalyzer(c->Name());
|
c->SetEnabled(false);
|
||||||
if ( ! a )
|
|
||||||
return false;
|
|
||||||
|
|
||||||
a->SetEnabled(false);
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||||
PacketDemo::Bar - Demo packet analyzers (RawLayer, LLC). (dynamic, version 1.0.0)
|
PacketDemo::Bar - Demo packet analyzers (RawLayer, LLC). (dynamic, version 1.0.0)
|
||||||
[Packet Analyzer] LLC_Demo (ANALYZER_LLC_DEMO)
|
[Packet Analyzer] LLC_Demo (ANALYZER_LLC_DEMO, enabled)
|
||||||
[Packet Analyzer] Raw_Layer (ANALYZER_RAW_LAYER)
|
[Packet Analyzer] Raw_Layer (ANALYZER_RAW_LAYER, enabled)
|
||||||
[Event] raw_layer_message
|
[Event] raw_layer_message
|
||||||
[Event] llc_demo_message
|
[Event] llc_demo_message
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue