Date: Fri, 1 Jul 2022 21:20:04 GMT From: Craig Leres <leres@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: b8b4094a465f - main - security/zeek: Patch to provide tail -F semantics for input framework MODE_STREAM Message-ID: <202207012120.261LK44H075807@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by leres: URL: https://cgit.FreeBSD.org/ports/commit/?id=b8b4094a465f9fcc646b4d1f01871f8f220cfc92 commit b8b4094a465f9fcc646b4d1f01871f8f220cfc92 Author: Craig Leres <leres@FreeBSD.org> AuthorDate: 2022-07-01 21:19:09 +0000 Commit: Craig Leres <leres@FreeBSD.org> CommitDate: 2022-07-01 21:19:09 +0000 security/zeek: Patch to provide tail -F semantics for input framework MODE_STREAM This is a backport of this github pull request: https://github.com/zeek/zeek/pull/2097 --- security/zeek/Makefile | 1 + .../zeek/files/patch-src_input_readers_raw_Raw.cc | 117 +++++++++++++++++++++ .../zeek/files/patch-src_input_readers_raw_Raw.h | 10 ++ 3 files changed, 128 insertions(+) diff --git a/security/zeek/Makefile b/security/zeek/Makefile index b7291f9d8155..8c32993625ae 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -2,6 +2,7 @@ PORTNAME= zeek PORTVERSION= 4.0.7 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= https://download.zeek.org/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} diff --git a/security/zeek/files/patch-src_input_readers_raw_Raw.cc b/security/zeek/files/patch-src_input_readers_raw_Raw.cc new file mode 100644 index 000000000000..ac3198ce5f04 --- /dev/null +++ b/security/zeek/files/patch-src_input_readers_raw_Raw.cc @@ -0,0 +1,117 @@ +--- src/input/readers/raw/Raw.cc.orig 2022-07-01 19:51:26 UTC ++++ src/input/readers/raw/Raw.cc +@@ -34,6 +34,7 @@ Raw::Raw(ReaderFrontend *frontend) : ReaderBackend(fro + firstrun = true; + mtime = 0; + ino = 0; ++ dev = 0; + forcekill = false; + offset = 0; + separator.assign( (const char*) BifConst::InputRaw::record_separator->Bytes(), +@@ -278,12 +279,32 @@ bool Raw::OpenInput() + else + { + file = std::unique_ptr<FILE, int(*)(FILE*)>(fopen(fname.c_str(), "r"), fclose); ++ if ( ! file && Info().mode == MODE_STREAM ) ++ { ++ // Watch /dev/null until the file appears ++ file = std::unique_ptr<FILE, int (*)(FILE*)>(fopen("/dev/null", "r"), fclose); ++ } ++ + if ( ! file ) + { + Error(Fmt("Init: cannot open %s", fname.c_str())); + return false; + } + ++ if ( Info().mode == MODE_STREAM ) ++ { ++ struct stat sb; ++ if ( fstat(fileno(file.get()), &sb) == -1 ) ++ { ++ // This is unlikely to fail ++ Error(Fmt("Could not get fstat for %s", fname.c_str())); ++ return false; ++ } ++ ino = sb.st_ino; ++ dev = sb.st_dev; ++ } ++ ++ + if ( ! SetFDFlags(fileno(file.get()), F_SETFD, FD_CLOEXEC) ) + Warning(Fmt("Init: cannot set close-on-exec for %s", fname.c_str())); + } +@@ -345,6 +366,7 @@ bool Raw::DoInit(const ReaderInfo& info, int num_field + fname = info.source; + mtime = 0; + ino = 0; ++ dev = 0; + execute = false; + firstrun = true; + int want_fields = 1; +@@ -565,24 +587,58 @@ bool Raw::DoUpdate() + + mtime = sb.st_mtime; + ino = sb.st_ino; ++ dev = sb.st_dev; + // file changed. reread. + // + // fallthrough + } + + case MODE_MANUAL: +- case MODE_STREAM: +- if ( Info().mode == MODE_STREAM && file ) +- { +- clearerr(file.get()); // remove end of file evil bits +- break; +- } +- + CloseInput(); + if ( ! OpenInput() ) + return false; + + break; ++ ++ case MODE_STREAM: ++ // Clear possible EOF condition ++ if ( file ) ++ clearerr(file.get()); ++ ++ // Done if reading from a pipe ++ if ( execute ) ++ break; ++ ++ // Check if the file has changed ++ struct stat sb; ++ if ( stat(fname.c_str(), &sb) == -1 ) ++ // File was removed ++ break; ++ ++ // Is it the same file? ++ if ( sb.st_ino == ino && sb.st_dev == dev ) ++ break; ++ ++ // File was replaced ++ FILE* tfile; ++ tfile = fopen(fname.c_str(), "r"); ++ if ( ! tfile ) ++ break; ++ ++ // Stat newly opened file ++ if ( fstat(fileno(tfile), &sb) == -1 ) ++ { ++ // This is unlikely to fail ++ Error(Fmt("Could not fstat %s", fname.c_str())); ++ return false; ++ } ++ file.reset(nullptr); ++ file = std::unique_ptr<FILE, int (*)(FILE*)>(tfile, fclose); ++ ino = sb.st_ino; ++ dev = sb.st_dev; ++ offset = 0; ++ bufpos = 0; ++ break; + + default: + assert(false); diff --git a/security/zeek/files/patch-src_input_readers_raw_Raw.h b/security/zeek/files/patch-src_input_readers_raw_Raw.h new file mode 100644 index 000000000000..2dacf9bb7baa --- /dev/null +++ b/security/zeek/files/patch-src_input_readers_raw_Raw.h @@ -0,0 +1,10 @@ +--- src/input/readers/raw/Raw.h.orig 2022-07-01 20:33:23 UTC ++++ src/input/readers/raw/Raw.h +@@ -52,6 +52,7 @@ class Raw : public ReaderBackend { (private) + bool firstrun; + time_t mtime; + ino_t ino; ++ dev_t dev; + + // options set from the script-level. + std::string separator;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202207012120.261LK44H075807>