Merge remote-tracking branch 'origin/topic/robin/spicy-get-file-handle'

* origin/topic/robin/spicy-get-file-handle: spicy-protocol-analyzer: Add sample `get_file_handle` function.
zeek · May 7, 2024 · 55a93dd · 55a93dd
2 parents bf33ac8 + beb0080
commit 55a93dd
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/features/spicy-protocol-analyzer/scripts/main.zeek@ALT-one-unit@ b/features/spicy-protocol-analyzer/scripts/main.zeek@ALT-one-unit@
@@ -45,11 +45,23 @@ redef record connection += {
 
 redef likely_server_ports += { ports };
 
+# TODO: If you're going to send file data into the file analysis framework, you
+# need to provide a file handle function. This is a simple example that's
+# sufficient if the protocol only transfers a single, complete file at a time.
+#
+# function get_file_handle(c: connection, is_orig: bool): string
+#	{
+#	return cat(Analyzer::ANALYZER_@ANALYZER_UPPER@, c$start_time, c$id, is_orig);
+#	}
+
 event zeek_init() &priority=5
 	{
 	Log::create_stream(@ANALYZER@::LOG, [$columns=Info, $ev=log_@ANALYZER_LOWER@, $path="@ANALYZER_LOWER@", $policy=log_policy]);
 
 	Analyzer::register_for_ports(Analyzer::ANALYZER_@ANALYZER_UPPER@, ports);
+
+	# TODO: To activate the file handle function above, uncomment this.
+	# Files::register_protocol(Analyzer::ANALYZER_@ANALYZER_UPPER@, [$get_file_handle=@ANALYZER@::get_file_handle ]);
 	}
 
 # Initialize logging state.

diff --git a/features/spicy-protocol-analyzer/scripts/main.zeek@ALT-two-units@ b/features/spicy-protocol-analyzer/scripts/main.zeek@ALT-two-units@
@@ -45,11 +45,23 @@ redef record connection += {
 
 redef likely_server_ports += { ports };
 
+# TODO: If you're going to send file data into the file analysis framework, you
+# need to provide a file handle function. This is a simple example that's
+# sufficient if the protocol only transfers a single, complete file at a time.
+#
+# function get_file_handle(c: connection, is_orig: bool): string
+# 	{
+# 	return cat(Analyzer::ANALYZER_@ANALYZER_UPPER@, c$start_time, c$id, is_orig);
+# 	}
+
 event zeek_init() &priority=5
 	{
 	Log::create_stream(@ANALYZER@::LOG, [$columns=Info, $ev=log_@ANALYZER_LOWER@, $path="@ANALYZER_LOWER@", $policy=log_policy]);
 
 	Analyzer::register_for_ports(Analyzer::ANALYZER_@ANALYZER_UPPER@, ports);
+
+	# TODO: To activate the file handle function above, uncomment this.
+	# Files::register_protocol(Analyzer::ANALYZER_@ANALYZER_UPPER@, [$get_file_handle=@ANALYZER@::get_file_handle ]);
 	}
 
 # Initialize logging state.