Conn/Session: Lift history logic into Session

This should allow to mangle a Session's history also from packet
analyzers without necessarily knowing the concrete connection type.

Given Connection is a subclass of Session, I don't think this
changes much.
This commit is contained in:
Arne Welzel 2023-11-30 17:18:53 +01:00
parent fddbdf6232
commit b4e86f28b8
4 changed files with 97 additions and 60 deletions

View file

@ -186,4 +186,37 @@ void Session::SetAnalyzerState(const zeek::Tag& tag, AnalyzerConfirmationState v
analyzer_confirmations.insert_or_assign(tag, value);
}
bool Session::ScaledHistoryEntry(char code, uint32_t& counter, uint32_t& scaling_threshold, uint32_t scaling_base) {
if ( ++counter == scaling_threshold ) {
AddHistory(code);
auto new_threshold = scaling_threshold * scaling_base;
if ( new_threshold <= scaling_threshold )
// This can happen due to wrap-around. In that
// case, reset the counter but leave the threshold
// unchanged.
counter = 0;
else
scaling_threshold = new_threshold;
return true;
}
return false;
}
void Session::HistoryThresholdEvent(EventHandlerPtr e, bool is_orig, uint32_t threshold) {
if ( ! e )
return;
if ( threshold == 1 )
// This will be far and away the most common case,
// and at this stage it's not a *multiple* instance.
return;
EnqueueEvent(e, nullptr, GetVal(), val_mgr->Bool(is_orig), val_mgr->Count(threshold));
}
} // namespace zeek::session