Skip to content
This repository was archived by the owner on Oct 13, 2025. It is now read-only.

Update Spicy docs. #304

Merged
rsmmr merged 1 commit into from
Apr 11, 2025
Merged

Update Spicy docs. #304

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions devel/spicy/autogen/zeek-functions.spicy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ If the same analyzer was added previously with `protocol_handle_get_or_create` o
`protocol_begin` with same argument, and not closed with `protocol_handle_close`
or `protocol_end`, no new analyzer will be added.

See `protocol_handle_get_or_create` for the error semantics of this function.
See `protocol_handle_get_or_create` for lifetime and error semantics.

analyzer: type of analyzer to instantiate, specified through its Zeek-side
name (similar to what Zeek's signature action `enable` takes)
Expand All @@ -92,7 +92,7 @@ If the same DPD analyzer was added previously with `protocol_handle_get_or_creat
`protocol_begin` with same argument, and not closed with `protocol_handle_close`
or `protocol_end`, no new analyzer will be added.

See `protocol_handle_get_or_create` for the error semantics of this function.
See `protocol_handle_get_or_create` for lifetime and error semantics.

protocol: the transport-layer protocol on which to perform protocol detection;
only TCP is currently supported here
Expand All @@ -113,6 +113,11 @@ This function will return an error if:
- creation of a child analyzer of the requested type was prevented by a
previous call of `disable_analyzer` with `prevent=T`

By default, any newly created child protocol analyzer will remain alive
until Zeek expires the current connection's state. Alternatively, one
can call `protocol_handle_close` or `protocol_end` to delete the analyzer
earlier.

analyzer: type of analyzer to get or instantiate, specified through its Zeek-side
name (similar to what Zeek's signature action `enable` takes).

Expand Down Expand Up @@ -187,6 +192,11 @@ Optionally, a mime type can be provided. It will be passed on to Zeek's file ana
Optionally, a file ID can be provided. It will be passed on to Zeek's file analysis framework.
Returns the Zeek-side file ID of the new file.

This function creates a new Zeek file analyzer that will remain alive until
either `file_end` gets called, or Zeek eventually expires the analyzer
through a timeout. (As Zeek does not tie a file analyzer's lifetime to any
connection, it may survive the termination of the current connection.)

.. _spicy_fuid:

.. rubric:: ``function zeek::fuid() : string``
Expand Down
Loading