Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/Baseline/spicy.file-analysis-data-in
History
Exact
Robin Sommer 56b9a79a65
Spicy: Query Zeek scriptland for file handles. 
Like traditional file analyzers, we now query Zeek's
`get_file_handle()` event for handles when a connection begins
analyzing an embedded file. That means that Spicy-side protocol
analyzers that are forwarding data into file analysis now need to call
Zeek's `Files::register_protocol()` and provide a callback for
computing file handles. If that's missing, Zeek will now issue a
warning. This aligns with the requirements Zeek's traditional protocol
analyzers. (If the EVT file defines a protocol analyzer to `replace`
an existing one, that one's `register_protocol()` will be consulted.)

Because Zeek's `get_file_handle()` event requires a current
connection, if a Spicy file analyzer isn't directly part of a
connection context (e.g., with nested files), we continue to use
hardcoded, built-in file handle. Scriptland won't be consulted in
that case, just like before.

Closes #3440.
2024-05-06 09:20:38 +02:00
..
files-2.log Spicy: allow providing file id in zeek::file_begin 2023-11-22 16:31:40 +00:00
files.log
output-1 Spicy: Query Zeek scriptland for file handles. 2024-05-06 09:20:38 +02:00
output-2 Spicy: allow providing file id in zeek::file_begin 2023-11-23 17:17:48 +00:00
x509.log