From c436930acfb0746d044ae666ac23bae52b41cdf2 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Fri, 12 Aug 2011 22:04:05 -0700
Subject: [PATCH] Functions can now be logged.

The function's code is rendered as ASCII and included as a string.
Closes #506.

Note that I'm not sure if the formatting is as desired: should the LFs
and tabs be rendered as \xXX or removed?.
---
 src/LogMgr.cc                                 |  19 +++++++++++++++++-
 src/LogWriterAscii.cc                         |   1 +
 .../policy.frameworks.logging.types/ssh.log   | Bin 165 -> 278 bytes
 .../btest/policy/frameworks/logging/types.bro |  12 ++++++++++-
 4 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/src/LogMgr.cc b/src/LogMgr.cc
index 9f8c33a107..461238f025 100644
--- a/src/LogMgr.cc
+++ b/src/LogMgr.cc
@@ -89,7 +89,7 @@ bool LogField::Write(SerializationFormat* fmt) const
 
 LogVal::~LogVal()
 	{
-	if ( (type == TYPE_ENUM || type == TYPE_STRING || type == TYPE_FILE)
+	if ( (type == TYPE_ENUM || type == TYPE_STRING || type == TYPE_FILE || type == TYPE_FUNC)
 	     && present )
 		delete val.string_val;
 
@@ -130,6 +130,7 @@ bool LogVal::IsCompatibleType(BroType* t, bool atomic_only)
 	case TYPE_ENUM:
 	case TYPE_STRING:
 	case TYPE_FILE:
+	case TYPE_FUNC:
 		return true;
 
 	case TYPE_RECORD:
@@ -231,6 +232,7 @@ bool LogVal::Read(SerializationFormat* fmt)
 	case TYPE_ENUM:
 	case TYPE_STRING:
 	case TYPE_FILE:
+	case TYPE_FUNC:
 		{
 		val.string_val = new string;
 		return fmt->Read(val.string_val, "string");
@@ -343,6 +345,7 @@ bool LogVal::Write(SerializationFormat* fmt) const
 	case TYPE_ENUM:
 	case TYPE_STRING:
 	case TYPE_FILE:
+	case TYPE_FUNC:
 		return fmt->Write(*val.string_val, "string");
 
 	case TYPE_TABLE:
@@ -648,6 +651,11 @@ bool LogMgr::TraverseRecord(Stream* stream, Filter* filter, RecordType* rt,
 				// That's ok, we handle it below.
 				}
 
+			else if ( t->Tag() == TYPE_FUNC )
+				{
+				// That's ok, we handle it below.
+				}
+
 			else
 				{
 				reporter->Error("unsupported field type for log column");
@@ -1074,6 +1082,15 @@ LogVal* LogMgr::ValToLogVal(Val* val, BroType* ty)
 		break;
 		}
 
+	case TYPE_FUNC:
+		{
+		ODesc d;
+		const Func* f = val->AsFunc();
+		f->Describe(&d);
+		lval->val.string_val = new string(d.Description());
+		break;
+		}
+
 	case TYPE_TABLE:
 		{
 		ListVal* set = val->AsTableVal()->ConvertToPureList();
diff --git a/src/LogWriterAscii.cc b/src/LogWriterAscii.cc
index ad2adbfee1..446d6c8d65 100644
--- a/src/LogWriterAscii.cc
+++ b/src/LogWriterAscii.cc
@@ -155,6 +155,7 @@ bool LogWriterAscii::DoWriteOne(ODesc* desc, LogVal* val, const LogField* field)
 	case TYPE_ENUM:
 	case TYPE_STRING:
 	case TYPE_FILE:
+	case TYPE_FUNC:
 		{
 		int size = val->val.string_val->size();
 		if ( size )
diff --git a/testing/btest/Baseline/policy.frameworks.logging.types/ssh.log b/testing/btest/Baseline/policy.frameworks.logging.types/ssh.log
index 02e5b6957931b9a559adf898cb06d37e27366d51..5666db73c61ea038aee21a2da9238340327da95f 100644
GIT binary patch
delta 143
zcmZ3=IE`t7787UML@jH6Lt`UDBU2MgJri?dQ!~Sf#fJHu!NDF@R%!Y9F%<@h3=Gu@
z5IQqWLBl}7Mgc6FsR<PY%2_fLrIwTy<tb>m<>zZ!LsX~c6sJO1C@P#1i(o1svb9_Q
Dqnajl

delta 29
kcmbQnw3Kmz)<hj^J_8d2OJfrwV?8rN3qzBMWrmDg0CTqo4FCWD

diff --git a/testing/btest/policy/frameworks/logging/types.bro b/testing/btest/policy/frameworks/logging/types.bro
index 21cfd1fa70..2c4d52f34e 100644
--- a/testing/btest/policy/frameworks/logging/types.bro
+++ b/testing/btest/policy/frameworks/logging/types.bro
@@ -29,9 +29,18 @@ export {
 		se: set[string];
 		vc: vector of count;
 		ve: vector of string;
+		f: function(i: count) : string;
 	} &log;
 }
 
+function foo(i : count) : string
+	{
+	if ( i > 0 )
+		return "Foo";
+	else
+		return "Bar";
+	}
+
 event bro_init()
 {
 	Log::create_stream(SSH, [$columns=Log]);
@@ -56,7 +65,8 @@ event bro_init()
 		$ss=set("AA", "BB", "CC"),
 		$se=empty_set,
 		$vc=vector(10, 20, 30),
-		$ve=empty_vector
+		$ve=empty_vector,
+		$f=foo
 		]);
 }