Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 03:28:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/jsiwek/path-func-record-demote'

Browse source 
* origin/topic/jsiwek/path-func-record-demote:
  Fix filter path_func to allow record argument as a subset of stream's columns.

Conflicts:
	src/LogMgr.cc

Closes #600.
This commit is contained in:
Robin Sommer 2011-09-15 16:45:41 -07:00
commit c2e432c5fa
6 changed files with 87 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/LogMgr.cc
View file

@ -908,7 +908,17 @@ bool LogMgr::Write(EnumVal* id, RecordVal* columns)
path_arg = new StringVal(""); path_arg = new StringVal("");
vl.append(path_arg->Ref()); vl.append(path_arg->Ref());
vl.append(columns->Ref());
Val* rec_arg;
BroType* rt = filter->path_func->FType()->Args()->FieldType("rec");
if ( rt->Tag() == TYPE_RECORD )
rec_arg = columns->CoerceTo(rt->AsRecordType(), true);
else
// Can be TYPE_ANY here.
rec_arg = columns->Ref();
vl.append(rec_arg);
Val* v = filter->path_func->Call(&vl); Val* v = filter->path_func->Call(&vl);

9
src/Val.cc
View file

@ -2863,7 +2863,7 @@ Val* RecordVal::LookupWithDefault(int field) const
return record_type->FieldDefault(field); return record_type->FieldDefault(field);
} }
RecordVal* RecordVal::CoerceTo(const RecordType* t, Val* aggr) const RecordVal* RecordVal::CoerceTo(const RecordType* t, Val* aggr, bool allow_orphaning) const
{ {
if ( ! record_promotion_compatible(t->AsRecordType(), Type()->AsRecordType()) ) if ( ! record_promotion_compatible(t->AsRecordType(), Type()->AsRecordType()) )
return 0; return 0;
@ -2883,6 +2883,9 @@ RecordVal* RecordVal::CoerceTo(const RecordType* t, Val* aggr) const
if ( t_i < 0 ) if ( t_i < 0 )
{ {
if ( allow_orphaning )
continue;
char buf[512]; char buf[512];
safe_snprintf(buf, sizeof(buf), safe_snprintf(buf, sizeof(buf),
"orphan field \"%s\" in initialization", "orphan field \"%s\" in initialization",
@ -2916,7 +2919,7 @@ RecordVal* RecordVal::CoerceTo(const RecordType* t, Val* aggr) const
return ar; return ar;
} }
RecordVal* RecordVal::CoerceTo(RecordType* t) RecordVal* RecordVal::CoerceTo(RecordType* t, bool allow_orphaning)
{ {
if ( same_type(Type(), t) ) if ( same_type(Type(), t) )
{ {
@ -2924,7 +2927,7 @@ RecordVal* RecordVal::CoerceTo(RecordType* t)
return this; return this;
} }
return CoerceTo(t, 0); return CoerceTo(t, 0, allow_orphaning);
} }
void RecordVal::Describe(ODesc* d) const void RecordVal::Describe(ODesc* d) const

7
src/Val.h
View file

@ -909,8 +909,11 @@ public:
// *aggr* is optional; if non-zero, we add to it. See // *aggr* is optional; if non-zero, we add to it. See
// Expr::InitVal(). We leave it out in the non-const version to make // Expr::InitVal(). We leave it out in the non-const version to make
// the choice unambigious. // the choice unambigious.
RecordVal* CoerceTo(const RecordType* other, Val* aggr) const; //
RecordVal* CoerceTo(RecordType* other); // The *allow_orphaning* parameter allows for a record to be demoted
// down to a record type that contains less fields.
RecordVal* CoerceTo(const RecordType* other, Val* aggr, bool allow_orphaning = false) const;
RecordVal* CoerceTo(RecordType* other, bool allow_orphaning = false);
unsigned int MemoryAllocation() const; unsigned int MemoryAllocation() const;
void DescribeReST(ODesc* d) const; void DescribeReST(ODesc* d) const;

34
testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log Normal file
View file

@ -0,0 +1,34 @@
#separator \x09
#path local
#fields ts id.orig_h
#types time addr
1300475168.652003 141.142.220.118
1300475168.724007 141.142.220.118
1300475168.859163 141.142.220.118
1300475168.902635 141.142.220.118
1300475168.892936 141.142.220.118
1300475168.892913 141.142.220.118
1300475168.855305 141.142.220.118
1300475168.855330 141.142.220.118
1300475168.895267 141.142.220.118
1300475168.853899 141.142.220.118
1300475168.893988 141.142.220.118
1300475168.894787 141.142.220.118
1300475173.117362 141.142.220.226
1300475173.153679 141.142.220.238
1300475168.857956 141.142.220.118
1300475168.854378 141.142.220.118
1300475168.854837 141.142.220.118
1300475167.099816 141.142.220.50
1300475168.891644 141.142.220.118
1300475168.892037 141.142.220.118
1300475171.677081 141.142.220.226
1300475168.894422 141.142.220.118
1300475167.096535 141.142.220.202
1300475168.858713 141.142.220.118
1300475168.902195 141.142.220.118
1300475169.899438 141.142.220.44
1300475168.892414 141.142.220.118
1300475168.858306 141.142.220.118
1300475168.901749 141.142.220.118
1300475170.862384 141.142.220.226

5
testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/remote.log Normal file
View file

@ -0,0 +1,5 @@
#separator \x09
#path remote
#fields ts id.orig_h
#types time addr
1300475169.780331 173.192.163.128

26
testing/btest/scripts/base/frameworks/logging/path-func-column-demote.bro Normal file
View file

@ -0,0 +1,26 @@
# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT
# @TEST-EXEC: btest-diff local.log
# @TEST-EXEC: btest-diff remote.log
#
# The record value passed into the path_func should be allowed to contain a
# subset of the fields in the stream's columns.
@load base/utils/site
@load base/protocols/conn
@load base/frameworks/notice
redef Site::local_nets = {141.142.0.0/16};
function split_log(id: Log::ID, path: string, rec: record {id:conn_id;}): string
{
return Site::is_local_addr(rec$id$orig_h) ? "local" : "remote";
}
event bro_init()
{
# Add a new filter to the Conn::LOG stream that logs only
# timestamp and originator address.
local filter: Log::Filter = [$name="dst-only", $path_func=split_log,
$include=set("ts", "id.orig_h")];
Log::add_filter(Conn::LOG, filter);
}