mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
2747e839fb
And added an event called "event_queue_flush_point" to mark where that occured in the event stream. The FAF now uses an explicit event queue flush instead of buffering input in order to wait for a file handle to be returned from script-layer.
52 lines
837 B
C++
52 lines
837 B
C++
#include <string>
|
|
|
|
#include "Hash.h"
|
|
#include "util.h"
|
|
#include "Event.h"
|
|
|
|
using namespace file_analysis;
|
|
|
|
Hash::Hash(RecordVal* args, File* file, HashVal* hv, const char* arg_kind)
|
|
: Action(args, file), hash(hv), fed(false), kind(arg_kind)
|
|
{
|
|
hash->Init();
|
|
}
|
|
|
|
Hash::~Hash()
|
|
{
|
|
Unref(hash);
|
|
}
|
|
|
|
bool Hash::DeliverStream(const u_char* data, uint64 len)
|
|
{
|
|
if ( ! hash->IsValid() ) return false;
|
|
|
|
if ( ! fed )
|
|
fed = len > 0;
|
|
|
|
hash->Feed(data, len);
|
|
return true;
|
|
}
|
|
|
|
bool Hash::EndOfFile()
|
|
{
|
|
Finalize();
|
|
return false;
|
|
}
|
|
|
|
bool Hash::Undelivered(uint64 offset, uint64 len)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
void Hash::Finalize()
|
|
{
|
|
if ( ! hash->IsValid() || ! fed ) return;
|
|
|
|
val_list* vl = new val_list();
|
|
vl->append(file->GetVal()->Ref());
|
|
vl->append(new StringVal(kind));
|
|
vl->append(hash->Get());
|
|
|
|
mgr.QueueEvent(file_hash, vl);
|
|
}
|