mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 08:08:19 +00:00
FileAnalysis: add is_orig field to fa_file & Info.
This commit is contained in:
Jon Siwek
parent
cd0a8bfbdb
commit
f07760ba00
7 changed files with 29 additions and 15 deletions
|
|
@ -37,6 +37,7 @@ static RecordVal* get_conn_id_val(const Connection* conn)
|
|||
int File::id_idx = -1;
|
||||
int File::parent_id_idx = -1;
|
||||
int File::source_idx = -1;
|
||||
int File::is_orig_idx = -1;
|
||||
int File::conns_idx = -1;
|
||||
int File::last_active_idx = -1;
|
||||
int File::seen_bytes_idx = -1;
|
||||
|
|
@ -59,6 +60,7 @@ void File::StaticInit()
|
|||
id_idx = Idx("id");
|
||||
parent_id_idx = Idx("parent_id");
|
||||
source_idx = Idx("source");
|
||||
is_orig_idx = Idx("is_orig");
|
||||
conns_idx = Idx("conns");
|
||||
last_active_idx = Idx("last_active");
|
||||
seen_bytes_idx = Idx("seen_bytes");
|
||||
|
|
@ -75,7 +77,8 @@ void File::StaticInit()
|
|||
salt = BifConst::FileAnalysis::salt->CheckString();
|
||||
}
|
||||
|
||||
File::File(const string& unique, Connection* conn, AnalyzerTag::Tag tag)
|
||||
File::File(const string& unique, Connection* conn, AnalyzerTag::Tag tag,
|
||||
bool is_orig)
|
||||
: id(""), unique(unique), val(0), postpone_timeout(false),
|
||||
first_chunk(true), missed_bof(false), need_reassembly(false), done(false),
|
||||
analyzers(this)
|
||||
|
|
@ -98,8 +101,9 @@ File::File(const string& unique, Connection* conn, AnalyzerTag::Tag tag)
|
|||
|
||||
if ( conn )
|
||||
{
|
||||
// add source and connection fields
|
||||
// add source, connection, is_orig fields
|
||||
val->Assign(source_idx, new StringVal(::Analyzer::GetTagName(tag)));
|
||||
val->Assign(is_orig_idx, new Val(is_orig, TYPE_BOOL));
|
||||
UpdateConnectionFields(conn);
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -133,7 +133,7 @@ protected:
|
|||
* Constructor; only file_analysis::Manager should be creating these.
|
||||
*/
|
||||
File(const string& unique, Connection* conn = 0,
|
||||
AnalyzerTag::Tag tag = AnalyzerTag::Error);
|
||||
AnalyzerTag::Tag tag = AnalyzerTag::Error, bool is_orig = false);
|
||||
|
||||
/**
|
||||
* Updates the "conn_ids" and "conn_uids" fields in #val record with the
|
||||
|
|
@ -214,6 +214,7 @@ protected:
|
|||
static int id_idx;
|
||||
static int parent_id_idx;
|
||||
static int source_idx;
|
||||
static int is_orig_idx;
|
||||
static int conns_idx;
|
||||
static int last_active_idx;
|
||||
static int seen_bytes_idx;
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ void Manager::DataIn(const u_char* data, uint64 len, uint64 offset,
|
|||
if ( IsDisabled(tag) ) return;
|
||||
|
||||
GetFileHandle(tag, conn, is_orig);
|
||||
DataIn(data, len, offset, GetFile(current_handle, conn, tag));
|
||||
DataIn(data, len, offset, GetFile(current_handle, conn, tag, is_orig));
|
||||
}
|
||||
|
||||
void Manager::DataIn(const u_char* data, uint64 len, uint64 offset,
|
||||
|
|
@ -67,7 +67,7 @@ void Manager::DataIn(const u_char* data, uint64 len, AnalyzerTag::Tag tag,
|
|||
GetFileHandle(tag, conn, is_orig);
|
||||
// Sequential data input shouldn't be going over multiple conns, so don't
|
||||
// do the check to update connection set.
|
||||
DataIn(data, len, GetFile(current_handle, conn, tag, false));
|
||||
DataIn(data, len, GetFile(current_handle, conn, tag, is_orig, false));
|
||||
}
|
||||
|
||||
void Manager::DataIn(const u_char* data, uint64 len, const string& unique)
|
||||
|
|
@ -110,7 +110,7 @@ void Manager::Gap(uint64 offset, uint64 len, AnalyzerTag::Tag tag,
|
|||
if ( IsDisabled(tag) ) return;
|
||||
|
||||
GetFileHandle(tag, conn, is_orig);
|
||||
Gap(offset, len, GetFile(current_handle, conn, tag));
|
||||
Gap(offset, len, GetFile(current_handle, conn, tag, is_orig));
|
||||
}
|
||||
|
||||
void Manager::Gap(uint64 offset, uint64 len, const string& unique)
|
||||
|
|
@ -131,7 +131,7 @@ void Manager::SetSize(uint64 size, AnalyzerTag::Tag tag, Connection* conn,
|
|||
if ( IsDisabled(tag) ) return;
|
||||
|
||||
GetFileHandle(tag, conn, is_orig);
|
||||
SetSize(size, GetFile(current_handle, conn, tag));
|
||||
SetSize(size, GetFile(current_handle, conn, tag, is_orig));
|
||||
}
|
||||
|
||||
void Manager::SetSize(uint64 size, const string& unique)
|
||||
|
|
@ -188,7 +188,7 @@ bool Manager::RemoveAnalyzer(const FileID& file_id, const RecordVal* args) const
|
|||
}
|
||||
|
||||
File* Manager::GetFile(const string& unique, Connection* conn,
|
||||
AnalyzerTag::Tag tag, bool update_conn)
|
||||
AnalyzerTag::Tag tag, bool is_orig, bool update_conn)
|
||||
{
|
||||
if ( unique.empty() ) return 0;
|
||||
if ( IsIgnored(unique) ) return 0;
|
||||
|
|
@ -197,7 +197,7 @@ File* Manager::GetFile(const string& unique, Connection* conn,
|
|||
|
||||
if ( ! rval )
|
||||
{
|
||||
rval = str_map[unique] = new File(unique, conn, tag);
|
||||
rval = str_map[unique] = new File(unique, conn, tag, is_orig);
|
||||
FileID id = rval->GetID();
|
||||
|
||||
if ( id_map[id] )
|
||||
|
|
|
|||
|
|
@ -135,7 +135,7 @@ protected:
|
|||
*/
|
||||
File* GetFile(const string& unique, Connection* conn = 0,
|
||||
AnalyzerTag::Tag tag = AnalyzerTag::Error,
|
||||
bool update_conn = true);
|
||||
bool is_orig = false, bool update_conn = true);
|
||||
|
||||
/**
|
||||
* @return the File object mapped to \a file_id, or a null pointer if no
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue