mirror of
https://github.com/zeek/zeek.git
synced 2025-10-01 22:28:20 +00:00
67835a6520
Two new canonifiers: one to sort the contents of conn.log "service" field and another to sort the contents of any field of type "set".
60 lines
1.1 KiB
Bash
Executable file
60 lines
1.1 KiB
Bash
Executable file
#! /usr/bin/env bash
|
|
#
|
|
# A diff canonifier that sorts elements within fields of type set[T] for any T.
|
|
|
|
awk '
|
|
BEGIN { FS="\t"; OFS="\t"; }
|
|
|
|
function bubble_sort(arr, len, keep_going, i, tmp)
|
|
{
|
|
keep_going = 1;
|
|
|
|
while ( keep_going == 1 )
|
|
{
|
|
keep_going = 0;
|
|
|
|
for ( i = 1; i <= len - 1; ++i )
|
|
{
|
|
if ( arr[i] > arr[i + 1] )
|
|
{
|
|
tmp = arr[i];
|
|
arr[i] = arr[i + 1];
|
|
arr[i + 1] = tmp;
|
|
keep_going = 1;
|
|
}
|
|
}
|
|
}
|
|
|
|
return len;
|
|
}
|
|
|
|
/^#types/ {
|
|
for ( i = 2; i <= NF; ++i )
|
|
{
|
|
if ( index($i, "set[") == 1 )
|
|
rem[i-1] = 1;
|
|
}
|
|
}
|
|
|
|
/^[^#]/ {
|
|
for ( i in rem )
|
|
{
|
|
if ( $i == "-" )
|
|
# The set has no value, skip sorting it.
|
|
continue;
|
|
|
|
n = split($i, set_contents, ",");
|
|
n = bubble_sort(set_contents, n);
|
|
sorted_field = set_contents[1];
|
|
|
|
for ( e = 2; e <= n; ++e )
|
|
sorted_field = sorted_field "," set_contents[e];
|
|
|
|
$i = sorted_field;
|
|
}
|
|
}
|
|
|
|
{
|
|
print;
|
|
}
|
|
'
|