Merge remote-tracking branch 'origin/master' into topic/bernhard/file-analysis-x509

Conflicts: src/analyzer/protocol/ssl/events.bif Still broken.
2025-10-05 16:18:19 +00:00 · 2014-01-28 06:43:08 -08:00 · 2014-01-28 06:43:08 -08:00 · f821a13cce
commit f821a13cce
parent 2c7e7f962e 392d1cb759
736 changed files with 16014 additions and 17843 deletions
--- a/src/file_analysis/Manager.cc
+++ b/src/file_analysis/Manager.cc
@ -362,12 +362,19 @@ Analyzer* Manager::InstantiateAnalyzer(Tag tag, RecordVal* args, File* f) const
 	Component* c = Lookup(tag);

 	if ( ! c )
-		reporter->InternalError("cannot instantiate unknown file analyzer: %s",
-		                        tag.AsString().c_str());
+		{
+		reporter->InternalWarning(
+		            "unknown file analyzer instantiation request: %s",
+		            tag.AsString().c_str());
+		return 0;
+		}

 	if ( ! c->Factory() )
-		reporter->InternalError("file analyzer %s cannot be instantiated "
+		{
+		reporter->InternalWarning("file analyzer %s cannot be instantiated "
 								"dynamically", c->CanonicalName());
+		return 0;
+		}

 	return c->Factory()(args, f);
 	}
--- a/src/file_analysis/analyzer/data_event/DataEvent.cc
+++ b/src/file_analysis/analyzer/data_event/DataEvent.cc
@ -20,13 +20,8 @@ DataEvent::DataEvent(RecordVal* args, File* file,

 file_analysis::Analyzer* DataEvent::Instantiate(RecordVal* args, File* file)
 	{
-	using BifType::Record::Files::AnalyzerArgs;
-
-	int chunk_off = AnalyzerArgs->FieldOffset("chunk_event");
-	int stream_off = AnalyzerArgs->FieldOffset("stream_event");
-
-	Val* chunk_val = args->Lookup(chunk_off);
-	Val* stream_val = args->Lookup(stream_off);
+	Val* chunk_val = args->Lookup("chunk_event");
+	Val* stream_val = args->Lookup("stream_event");

 	if ( ! chunk_val && ! stream_val ) return 0;

--- a/src/file_analysis/analyzer/extract/Extract.cc
+++ b/src/file_analysis/analyzer/extract/Extract.cc
@ -33,8 +33,7 @@ Extract::~Extract()

 static Val* get_extract_field_val(RecordVal* args, const char* name)
 	{
-	using BifType::Record::Files::AnalyzerArgs;
-	Val* rval = args->Lookup(AnalyzerArgs->FieldOffset(name));
+	Val* rval = args->Lookup(name);

 	if ( ! rval )
 		reporter->Error("File extraction analyzer missing arg field: %s", name);
--- a/src/file_analysis/analyzer/extract/events.bif
+++ b/src/file_analysis/analyzer/extract/events.bif
@ -1,6 +1,6 @@
 ## This event is generated when a file extraction analyzer is about
-## to exceed the maximum permitted file size allowed by
-## *extract_size_limit* field of :bro:see:`Files::AnalyzerArgs`.
+## to exceed the maximum permitted file size allowed by the
+## *extract_limit* field of :bro:see:`Files::AnalyzerArgs`.
 ## The analyzer is automatically removed from file *f*.
 ##
 ## f: The file.
@ -13,7 +13,7 @@
 ##
 ## offset: The offset at which a file chunk is about to be written.
 ##
-## len:: The length of the file chunk about to be written.
+## len: The length of the file chunk about to be written.
 ##
 ## .. bro:see:: Files::add_analyzer Files::ANALYZER_EXTRACT
 event file_extraction_limit%(f: fa_file, args: any, limit: count, offset: count, len: count%);
--- a/src/file_analysis/analyzer/unified2/Unified2.h
+++ b/src/file_analysis/analyzer/unified2/Unified2.h
@ -30,7 +30,6 @@ private:
 	binpac::Unified2::Unified2_Analyzer* interp;

 	string filename;
-	int fd;
 };

 } // namespace file_analysis
--- a/src/file_analysis/analyzer/unified2/events.bif
+++ b/src/file_analysis/analyzer/unified2/events.bif
@ -1,7 +1,17 @@

 ## Abstract all of the various Unified2 event formats into 
 ## a single event.
+##
+## f: The file.
+##
+## ev: TODO.
+##
 event unified2_event%(f: fa_file, ev: Unified2::IDSEvent%);

 ## The Unified2 packet format event.
+##
+## f: The file.
+##
+## pkt: TODO.
+##
 event unified2_packet%(f: fa_file, pkt: Unified2::Packet%);