git: b8b4094a465f - main - security/zeek: Patch to provide tail -F semantics for input framework MODE_STREAM

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Craig Leres <leres_at_FreeBSD.org>
Date: Fri, 01 Jul 2022 21:20:04 UTC
The branch main has been updated by leres:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b8b4094a465f9fcc646b4d1f01871f8f220cfc92

commit b8b4094a465f9fcc646b4d1f01871f8f220cfc92
Author:     Craig Leres <leres@FreeBSD.org>
AuthorDate: 2022-07-01 21:19:09 +0000
Commit:     Craig Leres <leres@FreeBSD.org>
CommitDate: 2022-07-01 21:19:09 +0000

    security/zeek: Patch to provide  tail -F semantics for input framework MODE_STREAM
    
    This is a backport of this github pull request:
    
        https://github.com/zeek/zeek/pull/2097
---
 security/zeek/Makefile                             |   1 +
 .../zeek/files/patch-src_input_readers_raw_Raw.cc  | 117 +++++++++++++++++++++
 .../zeek/files/patch-src_input_readers_raw_Raw.h   |  10 ++
 3 files changed, 128 insertions(+)

diff --git a/security/zeek/Makefile b/security/zeek/Makefile
index b7291f9d8155..8c32993625ae 100644
--- a/security/zeek/Makefile
+++ b/security/zeek/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	zeek
 PORTVERSION=	4.0.7
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	https://download.zeek.org/
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}
diff --git a/security/zeek/files/patch-src_input_readers_raw_Raw.cc b/security/zeek/files/patch-src_input_readers_raw_Raw.cc
new file mode 100644
index 000000000000..ac3198ce5f04
--- /dev/null
+++ b/security/zeek/files/patch-src_input_readers_raw_Raw.cc
@@ -0,0 +1,117 @@
+--- src/input/readers/raw/Raw.cc.orig	2022-07-01 19:51:26 UTC
++++ src/input/readers/raw/Raw.cc
+@@ -34,6 +34,7 @@ Raw::Raw(ReaderFrontend *frontend) : ReaderBackend(fro
+ 	firstrun = true;
+ 	mtime = 0;
+ 	ino = 0;
++	dev = 0;
+ 	forcekill = false;
+ 	offset = 0;
+ 	separator.assign( (const char*) BifConst::InputRaw::record_separator->Bytes(),
+@@ -278,12 +279,32 @@ bool Raw::OpenInput()
+ 	else
+ 		{
+ 		file = std::unique_ptr<FILE, int(*)(FILE*)>(fopen(fname.c_str(), "r"), fclose);
++		if ( ! file && Info().mode == MODE_STREAM )
++			{
++			// Watch /dev/null until the file appears
++			file = std::unique_ptr<FILE, int (*)(FILE*)>(fopen("/dev/null", "r"), fclose);
++			}
++
+ 		if ( ! file )
+ 			{
+ 			Error(Fmt("Init: cannot open %s", fname.c_str()));
+ 			return false;
+ 			}
+ 
++		if ( Info().mode == MODE_STREAM )
++			{
++			struct stat sb;
++			if ( fstat(fileno(file.get()), &sb) == -1 )
++				{
++				// This is unlikely to fail
++				Error(Fmt("Could not get fstat for %s", fname.c_str()));
++				return false;
++				}
++			ino = sb.st_ino;
++			dev = sb.st_dev;
++			}
++
++
+ 		if ( ! SetFDFlags(fileno(file.get()), F_SETFD, FD_CLOEXEC) )
+ 			Warning(Fmt("Init: cannot set close-on-exec for %s", fname.c_str()));
+ 		}
+@@ -345,6 +366,7 @@ bool Raw::DoInit(const ReaderInfo& info, int num_field
+ 	fname = info.source;
+ 	mtime = 0;
+ 	ino = 0;
++	dev = 0;
+ 	execute = false;
+ 	firstrun = true;
+ 	int want_fields = 1;
+@@ -565,24 +587,58 @@ bool Raw::DoUpdate()
+ 
+ 			mtime = sb.st_mtime;
+ 			ino = sb.st_ino;
++			dev = sb.st_dev;
+ 			// file changed. reread.
+ 			//
+ 			// fallthrough
+ 			}
+ 
+ 		case MODE_MANUAL:
+-		case MODE_STREAM:
+-			if ( Info().mode == MODE_STREAM && file )
+-				{
+-				clearerr(file.get());  // remove end of file evil bits
+-				break;
+-				}
+-
+ 			CloseInput();
+ 			if ( ! OpenInput() )
+ 				return false;
+ 
+ 			break;
++
++			case MODE_STREAM:
++				// Clear possible EOF condition
++				if ( file )
++					clearerr(file.get());
++
++				// Done if reading from a pipe
++				if ( execute )
++					break;
++
++				// Check if the file has changed
++				struct stat sb;
++				if ( stat(fname.c_str(), &sb) == -1 )
++					// File was removed
++					break;
++
++				// Is it the same file?
++				if ( sb.st_ino == ino && sb.st_dev == dev )
++					break;
++
++				// File was replaced
++				FILE* tfile;
++				tfile = fopen(fname.c_str(), "r");
++				if ( ! tfile )
++					break;
++
++				// Stat newly opened file
++				if ( fstat(fileno(tfile), &sb) == -1 )
++					{
++					// This is unlikely to fail
++					Error(Fmt("Could not fstat %s", fname.c_str()));
++					return false;
++					}
++				file.reset(nullptr);
++				file = std::unique_ptr<FILE, int (*)(FILE*)>(tfile, fclose);
++				ino = sb.st_ino;
++				dev = sb.st_dev;
++				offset = 0;
++				bufpos = 0;
++ 				break;
+ 
+ 		default:
+ 			assert(false);
diff --git a/security/zeek/files/patch-src_input_readers_raw_Raw.h b/security/zeek/files/patch-src_input_readers_raw_Raw.h
new file mode 100644
index 000000000000..2dacf9bb7baa
--- /dev/null
+++ b/security/zeek/files/patch-src_input_readers_raw_Raw.h
@@ -0,0 +1,10 @@
+--- src/input/readers/raw/Raw.h.orig	2022-07-01 20:33:23 UTC
++++ src/input/readers/raw/Raw.h
+@@ -52,6 +52,7 @@ class Raw : public ReaderBackend { (private)
+ 	bool firstrun;
+ 	time_t mtime;
+ 	ino_t ino;
++	dev_t dev;
+ 
+ 	// options set from the script-level.
+ 	std::string separator;