mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
56b9a79a65
Like traditional file analyzers, we now query Zeek's `get_file_handle()` event for handles when a connection begins analyzing an embedded file. That means that Spicy-side protocol analyzers that are forwarding data into file analysis now need to call Zeek's `Files::register_protocol()` and provide a callback for computing file handles. If that's missing, Zeek will now issue a warning. This aligns with the requirements Zeek's traditional protocol analyzers. (If the EVT file defines a protocol analyzer to `replace` an existing one, that one's `register_protocol()` will be consulted.) Because Zeek's `get_file_handle()` event requires a current connection, if a Spicy file analyzer isn't directly part of a connection context (e.g., with nested files), we continue to use hardcoded, built-in file handle. Scriptland won't be consulted in that case, just like before. Closes #3440.
5 lines
199 B
Text
5 lines
199 B
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
FU6P513gQKLVP6iwmf
|
|
FU6P513gQKLVP6iwmf
|
|
get_file_handle called
|
|
get_file_handle called
|