mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
d6c22295bd
Zeek's analyzer API makes it hard to determine during analyzer shutdown whether a regular end-of-data has been reached, or if we're aborting in the middle of a session (e.g., because Zeek missed the remaining packets): the corresponding analyzer method, `EndOfData()` gets called in both cases. In an earlier change, we had stopped signaling Spicy analyzers a regular finish when that `EndOfData()` method executes, because doing so could trigger a parse error if it wasn't a regular shutdown—-which isn't desired, a user request was to just silently stop processing in this case. However, that behavior now seems unfortunate in the case that one deliberately calls `zeek::protocol_handle_close()` to terminate an analyzer: this feels like a regular shutdown that should just immediately happen. We achieve this now in this function by additionally signaling the shutdown at the TCP layer as an "end of file", which, for Spicy analyzers, happens to run the final, orderly tear-down. Not exactly great, but ti seems to thread the needle to achieve the desired semantics in both cases. |
||
|---|---|---|
| .. | ||
| benchmark/broker | ||
| btest | ||
| builtin-plugins | ||
| coverage | ||
| external | ||
| scripts | ||
| .gitignore | ||
| CMakeLists.txt | ||
| Makefile | ||
| README | ||
This directory contains suites for testing for Zeek's correct
operation:
btest/
An ever-growing set of small unit tests testing Zeek's
functionality.
external/
A framework for downloading additional test sets that run more
complex Zeek configuration on larger traces files. Due to their
size, these are not included directly. See the README for more
information.
scripts/
Helpers scripts used by some tests.