mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
74 lines
2.5 KiB
C++
74 lines
2.5 KiB
C++
// See the file "COPYING" in the main distribution directory for copyright.
|
|
|
|
#pragma once
|
|
|
|
#include <string>
|
|
|
|
#include "Val.h"
|
|
#include "File.h"
|
|
#include "Analyzer.h"
|
|
#include "EventHandler.h"
|
|
|
|
namespace zeek::file_analysis::detail {
|
|
|
|
/**
|
|
* An analyzer to send file data to script-layer via events.
|
|
*/
|
|
class DataEvent : public zeek::file_analysis::Analyzer {
|
|
public:
|
|
|
|
/**
|
|
* Generates the event, if any, specified by the "chunk_event" field of this
|
|
* analyzer's \c AnalyzerArgs. This is for non-sequential file data input.
|
|
* @param data pointer to start of file data chunk.
|
|
* @param len number of bytes in the data chunk.
|
|
* @param offset number of bytes from start of file at which chunk occurs.
|
|
* @return always true
|
|
*/
|
|
bool DeliverChunk(const u_char* data, uint64_t len, uint64_t offset) override;
|
|
|
|
/**
|
|
* Generates the event, if any, specified by the "stream_event" field of
|
|
* this analyzer's \c AnalyzerArgs. This is for sequential file data input.
|
|
* @param data pointer to start of file data chunk.
|
|
* @param len number of bytes in the data chunk.
|
|
* @return always true
|
|
*/
|
|
bool DeliverStream(const u_char* data, uint64_t len) override;
|
|
|
|
/**
|
|
* Create a new instance of a DataEvent analyzer.
|
|
* @param args the \c AnalyzerArgs value which represents the analyzer.
|
|
* @param file the file to which the analyzer will be attached.
|
|
* @return the new DataEvent analyzer instance or a null pointer if
|
|
* no "chunk_event" or "stream_event" field was specfied in \a args.
|
|
*/
|
|
static zeek::file_analysis::Analyzer* Instantiate(zeek::RecordValPtr args,
|
|
zeek::file_analysis::File* file);
|
|
|
|
protected:
|
|
|
|
/**
|
|
* Constructor.
|
|
* @param args the \c AnalyzerArgs value which represents the analyzer.
|
|
* @param file the file to which the analyzer will be attached.
|
|
* @param ce pointer to event handler which will be called to receive
|
|
* non-sequential file data.
|
|
* @param se pointer to event handler which will be called to receive
|
|
* sequential file data.
|
|
*/
|
|
DataEvent(zeek::RecordValPtr args, zeek::file_analysis::File* file,
|
|
zeek::EventHandlerPtr ce, zeek::EventHandlerPtr se);
|
|
|
|
private:
|
|
zeek::EventHandlerPtr chunk_event;
|
|
zeek::EventHandlerPtr stream_event;
|
|
};
|
|
|
|
} // namespace zeek::file_analysis::detail
|
|
|
|
namespace file_analysis {
|
|
|
|
using DataEvent [[deprecated("Remove in v4.1. Use zeek::file_analysis::detail::DataEvent.")]] = zeek::file_analysis::detail::DataEvent;
|
|
|
|
} // namespace file_analysis
|