mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
26b1558cd1
When disabling_analyzer() was introduced, it was added to the GLOBAL module. The awkward side-effect is that implementing a hook handler in another module requires to prefix it with GLOBAL. Alternatively, one can re-open the GLOBAL module and implement the handler in that scope. Both are not great, and prefixing with GLOBAL is ugly, so move the identifier to the Analyzer module and ask users to prefix with Analyzer.
21 lines
594 B
Text
21 lines
594 B
Text
# @TEST-DOC: Hook Analyzer::disabling_analyzer in a module
|
|
# @TEST-EXEC: zeek -b -r $TRACES/http/pipelined-requests.trace %INPUT >out
|
|
# @TEST-EXEC: btest-diff out
|
|
|
|
@load base/protocols/http
|
|
|
|
module MyHTTP;
|
|
|
|
|
|
# Prevent disabling all analyzers.
|
|
hook Analyzer::disabling_analyzer(c: connection, atype: AllAnalyzers::Tag, aid: count)
|
|
{
|
|
print("prevent disabling");
|
|
break;
|
|
}
|
|
|
|
event http_request(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string)
|
|
{
|
|
print "http_request", method, original_URI;
|
|
print disable_analyzer(c$id, current_analyzer(), T, T);
|
|
}
|