mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Merge remote-tracking branch 'origin/topic/robin/gh-4481-test-analyzer'
* origin/topic/robin/gh-4481-test-analyzer: Spicy: Fix missing include. Bump Spicy. Spicy: Add functions to check if Zeek provides an analyzer of a given name.
This commit is contained in:
Robin Sommer
commit
c94ce6b946
9 changed files with 144 additions and 4 deletions
|
|
@ -10,12 +10,13 @@
|
|||
#include <hilti/rt/types/port.h>
|
||||
#include <hilti/rt/util.h>
|
||||
|
||||
#include "net_util.h"
|
||||
#include "zeek/Event.h"
|
||||
#include "zeek/analyzer/Manager.h"
|
||||
#include "zeek/analyzer/protocol/pia/PIA.h"
|
||||
#include "zeek/file_analysis/File.h"
|
||||
#include "zeek/file_analysis/Manager.h"
|
||||
#include "zeek/net_util.h"
|
||||
#include "zeek/packet_analysis/Manager.h"
|
||||
#include "zeek/spicy/manager.h"
|
||||
|
||||
using namespace zeek;
|
||||
|
|
@ -108,6 +109,17 @@ std::string hilti::rt::detail::adl::to_string(const zeek::spicy::rt::ZeekTypeTag
|
|||
return type_name(zeekTypeForTag(v));
|
||||
}
|
||||
|
||||
std::string hilti::rt::detail::adl::to_string(const zeek::spicy::rt::AnalyzerType& v, detail::adl::tag /* unused */) {
|
||||
switch ( v.value() ) {
|
||||
case zeek::spicy::rt::AnalyzerType::File: return "AnalyzerType::File";
|
||||
case zeek::spicy::rt::AnalyzerType::Packet: return "AnalyzerType::Packet";
|
||||
case zeek::spicy::rt::AnalyzerType::Protocol: return "AnalyzerType::Protocol";
|
||||
case zeek::spicy::rt::AnalyzerType::Undef: return "AnalyzerType::Undef";
|
||||
}
|
||||
|
||||
hilti::rt::cannot_be_reached();
|
||||
}
|
||||
|
||||
TypePtr rt::create_enum_type(
|
||||
const std::string& ns, const std::string& id,
|
||||
const hilti::rt::Set<std::tuple<std::optional<std::string>, std::optional<hilti::rt::integer::safe<int64_t>>>>&
|
||||
|
|
@ -515,6 +527,25 @@ void rt::weird(const std::string& id, const std::string& addl) {
|
|||
throw ValueUnavailable("none of $conn, $file, or $packet available for weird reporting");
|
||||
}
|
||||
|
||||
rt::AnalyzerType rt::analyzer_type(const std::string& analyzer, const hilti::rt::Bool& if_enabled) {
|
||||
if ( auto* c = file_mgr->Lookup(analyzer.c_str()) ) {
|
||||
if ( (! if_enabled) || c->Enabled() )
|
||||
return AnalyzerType::File;
|
||||
}
|
||||
|
||||
if ( auto* c = packet_mgr->Lookup(analyzer.c_str()) ) {
|
||||
if ( (! if_enabled) || c->Enabled() )
|
||||
return AnalyzerType::Packet;
|
||||
}
|
||||
|
||||
if ( auto* c = analyzer_mgr->Lookup(analyzer.c_str()) ) {
|
||||
if ( (! if_enabled) || c->Enabled() )
|
||||
return AnalyzerType::Protocol;
|
||||
}
|
||||
|
||||
return AnalyzerType::Undef;
|
||||
}
|
||||
|
||||
void rt::protocol_begin(const std::optional<std::string>& analyzer, const ::hilti::rt::Protocol& proto) {
|
||||
auto _ = hilti::rt::profiler::start("zeek/rt/protocol_begin");
|
||||
|
||||
|
|
|
|||
|
|
@ -170,6 +170,8 @@ enum class ZeekTypeTag : uint8_t {
|
|||
Void,
|
||||
};
|
||||
|
||||
HILTI_RT_ENUM(AnalyzerType, Undef, File, Packet, Protocol);
|
||||
|
||||
extern TypePtr create_base_type(ZeekTypeTag tag);
|
||||
|
||||
extern TypePtr create_enum_type(
|
||||
|
|
@ -344,6 +346,26 @@ private:
|
|||
::hilti::rt::Protocol _proto = ::hilti::rt::Protocol::Undef;
|
||||
};
|
||||
|
||||
/**
|
||||
* Returns the Zeek-side type of an analyzer of a given name.
|
||||
*
|
||||
* @param analyzer the Zeek-side name of the analyzer to check for
|
||||
* @param if_enabled if true, only checks for analyzers that are enabled
|
||||
* @return the type of the analyzer if it exists, or `AnalyzerType::Undef` if it does not.
|
||||
*/
|
||||
AnalyzerType analyzer_type(const std::string& analyzer, const hilti::rt::Bool& if_enabled);
|
||||
|
||||
/**
|
||||
* Checks if there is an analyzer of a given name in Zeek.
|
||||
*
|
||||
* @param analyzer the Zeek-side name of the analyzer to check for
|
||||
* @param if_enabled if true, only checks for analyzers that are enabled
|
||||
* @return true if there is such an analyzer
|
||||
*/
|
||||
inline hilti::rt::Bool has_analyzer(const std::string& analyzer, const hilti::rt::Bool& if_enabled) {
|
||||
return analyzer_type(analyzer, if_enabled) != AnalyzerType::Undef;
|
||||
}
|
||||
|
||||
/**
|
||||
* Adds a Zeek-side child protocol analyzer to the current connection.
|
||||
*
|
||||
|
|
@ -828,5 +850,6 @@ inline std::string to_string(const zeek::spicy::rt::ValVectorPtr& v, detail::adl
|
|||
}
|
||||
|
||||
extern std::string to_string(const zeek::spicy::rt::ZeekTypeTag& v, detail::adl::tag /* unused */);
|
||||
extern std::string to_string(const zeek::spicy::rt::AnalyzerType& x, adl::tag /*unused*/);
|
||||
|
||||
} // namespace hilti::rt::detail::adl
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
#pragma once
|
||||
|
||||
#include <cstring>
|
||||
#include <string>
|
||||
|
||||
#include <hilti/rt/filesystem.h>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue