diff --git a/scripts/base/protocols/ftp/file-analysis.bro b/scripts/base/protocols/ftp/file-analysis.bro index 9131be6ab2..ca80d53bba 100644 --- a/scripts/base/protocols/ftp/file-analysis.bro +++ b/scripts/base/protocols/ftp/file-analysis.bro @@ -5,46 +5,43 @@ module FTP; export { - ## Determines whether the default :bro:see:`get_file_handle` handler - ## is used to return file handles to the file analysis framework. - ## Redefine to true in order to provide a custom handler which overrides - ## the default for FTP. - const disable_default_file_handle_provider: bool = F &redef; - ## Default file handle provider for FTP. - function get_file_handle(c: connection, is_orig: bool): string - { - if ( [c$id$resp_h, c$id$resp_p] !in ftp_data_expected ) return ""; - - local info: FTP::Info = ftp_data_expected[c$id$resp_h, c$id$resp_p]; - - local rval = fmt("%s %s %s", ANALYZER_FTP_DATA, c$start_time, - id_string(c$id)); - - if ( info$passive ) - # FTP client initiates data channel. - if ( is_orig ) - # Don't care about FTP client data. - return ""; - else - # Do care about FTP server data. - return rval; - else - # FTP server initiates dta channel. - if ( is_orig ) - # Do care about FTP server data. - return rval; - else - # Don't care about FTP client data. - return ""; - } + global get_file_handle: function(c: connection, is_orig: bool): string; } +function get_handle_string(c: connection): string + { + return fmt("%s %s %s", ANALYZER_FTP_DATA, c$start_time, id_string(c$id)); + } + +function get_file_handle(c: connection, is_orig: bool): string + { + if ( [c$id$resp_h, c$id$resp_p] !in ftp_data_expected ) return ""; + + local info: FTP::Info = ftp_data_expected[c$id$resp_h, c$id$resp_p]; + + if ( info$passive ) + # FTP client initiates data channel. + if ( is_orig ) + # Don't care about FTP client data. + return ""; + else + # Do care about FTP server data. + return get_handle_string(c); + else + # FTP server initiates dta channel. + if ( is_orig ) + # Do care about FTP server data. + return get_handle_string(c); + else + # Don't care about FTP client data. + return ""; + } + module GLOBAL; event get_file_handle(tag: AnalyzerTag, c: connection, is_orig: bool) { if ( tag != ANALYZER_FTP_DATA ) return; - if ( FTP::disable_default_file_handle_provider ) return; - return_file_handle(FTP::get_file_handle(c, is_orig)); + set_file_handle(FTP::get_file_handle(c, is_orig)); } diff --git a/scripts/base/protocols/http/file-analysis.bro b/scripts/base/protocols/http/file-analysis.bro index b20e561dfc..ae5fe0f979 100644 --- a/scripts/base/protocols/http/file-analysis.bro +++ b/scripts/base/protocols/http/file-analysis.bro @@ -6,31 +6,26 @@ module HTTP; export { - ## Determines whether the default :bro:see:`get_file_handle` handler - ## is used to return file handles to the file analysis framework. - ## Redefine to true in order to provide a custom handler which overrides - ## the default HTTP. - const disable_default_file_handle_provider: bool = F &redef; - ## Default file handle provider for HTTP. - function get_file_handle(c: connection, is_orig: bool): string - { - if ( ! c?$http ) return ""; - - if ( c$http$range_request ) - return fmt("%s %s %s %s", ANALYZER_HTTP, is_orig, c$id$orig_h, - build_url(c$http)); - - return fmt("%s %s %s %s %s", ANALYZER_HTTP, c$start_time, is_orig, - c$http$trans_depth, id_string(c$id)); - } + global get_file_handle: function(c: connection, is_orig: bool): string; } +function get_file_handle(c: connection, is_orig: bool): string + { + if ( ! c?$http ) return ""; + + if ( c$http$range_request ) + return fmt("%s %s %s %s", ANALYZER_HTTP, is_orig, c$id$orig_h, + build_url(c$http)); + + return fmt("%s %s %s %s %s", ANALYZER_HTTP, c$start_time, is_orig, + c$http$trans_depth, id_string(c$id)); + } + module GLOBAL; event get_file_handle(tag: AnalyzerTag, c: connection, is_orig: bool) { if ( tag != ANALYZER_HTTP ) return; - if ( HTTP::disable_default_file_handle_provider ) return; - return_file_handle(HTTP::get_file_handle(c, is_orig)); + set_file_handle(HTTP::get_file_handle(c, is_orig)); } diff --git a/scripts/base/protocols/irc/file-analysis.bro b/scripts/base/protocols/irc/file-analysis.bro index f405585b32..858b39fee2 100644 --- a/scripts/base/protocols/irc/file-analysis.bro +++ b/scripts/base/protocols/irc/file-analysis.bro @@ -5,26 +5,20 @@ module IRC; export { - ## Determines whether the default :bro:see:`get_file_handle` handler - ## is used to return file handles to the file analysis framework. - ## Redefine to true in order to provide a custom handler which overrides - ## the default for IRC. - const disable_default_file_handle_provider: bool = F &redef; - ## Default file handle provider for IRC. - function get_file_handle(c: connection, is_orig: bool): string - { - if ( is_orig ) return ""; - return fmt("%s %s %s", ANALYZER_IRC_DATA, c$start_time, - id_string(c$id)); - } + global get_file_handle: function(c: connection, is_orig: bool): string; } +function get_file_handle(c: connection, is_orig: bool): string + { + if ( is_orig ) return ""; + return fmt("%s %s %s", ANALYZER_IRC_DATA, c$start_time, id_string(c$id)); + } + module GLOBAL; event get_file_handle(tag: AnalyzerTag, c: connection, is_orig: bool) { if ( tag != ANALYZER_IRC_DATA ) return; - if ( IRC::disable_default_file_handle_provider ) return; - return_file_handle(IRC::get_file_handle(c, is_orig)); + set_file_handle(IRC::get_file_handle(c, is_orig)); } diff --git a/scripts/base/protocols/smtp/file-analysis.bro b/scripts/base/protocols/smtp/file-analysis.bro index cbc33aa375..85c455ea18 100644 --- a/scripts/base/protocols/smtp/file-analysis.bro +++ b/scripts/base/protocols/smtp/file-analysis.bro @@ -6,27 +6,21 @@ module SMTP; export { - ## Determines whether the default :bro:see:`get_file_handle` handler - ## is used to return file handles to the file analysis framework. - ## Redefine to true in order to provide a custom handler which overrides - ## the default for SMTP. - const disable_default_file_handle_provider: bool = F &redef; - ## Default file handle provider for SMTP. - function get_file_handle(c: connection, is_orig: bool): string - { - if ( ! c?$smtp ) return ""; - - return fmt("%s %s %s %s", ANALYZER_SMTP, c$start_time, - c$smtp$trans_depth, c$smtp_state$mime_level); - } + global get_file_handle: function(c: connection, is_orig: bool): string; } +function get_file_handle(c: connection, is_orig: bool): string + { + if ( ! c?$smtp ) return ""; + return fmt("%s %s %s %s", ANALYZER_SMTP, c$start_time, + c$smtp$trans_depth, c$smtp_state$mime_level); + } + module GLOBAL; event get_file_handle(tag: AnalyzerTag, c: connection, is_orig: bool) { if ( tag != ANALYZER_SMTP ) return; - if ( SMTP::disable_default_file_handle_provider ) return; - return_file_handle(SMTP::get_file_handle(c, is_orig)); + set_file_handle(SMTP::get_file_handle(c, is_orig)); } diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 0ceacd5080..28fe7e6bff 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -452,7 +452,6 @@ set(bro_SRCS file_analysis/Manager.cc file_analysis/File.cc file_analysis/FileTimer.cc - file_analysis/PendingFile.cc file_analysis/FileID.h file_analysis/Action.h file_analysis/ActionSet.cc diff --git a/src/Event.cc b/src/Event.cc index 9250b61e76..9dd3415eaf 100644 --- a/src/Event.cc +++ b/src/Event.cc @@ -6,7 +6,6 @@ #include "Func.h" #include "NetVar.h" #include "Trigger.h" -#include "file_analysis/Manager.h" EventMgr mgr; @@ -111,6 +110,9 @@ void EventMgr::Dispatch() void EventMgr::Drain() { + if ( event_queue_flush_point ) + QueueEvent(event_queue_flush_point, new val_list()); + SegmentProfiler(segment_logger, "draining-events"); draining = true; @@ -125,8 +127,6 @@ void EventMgr::Drain() // processing, we ensure that it's done at a regular basis by checking // them here. Trigger::EvaluatePending(); - - file_mgr->EventDrainDone(); } void EventMgr::Describe(ODesc* d) const diff --git a/src/event.bif b/src/event.bif index 5b178db749..08a2b64a84 100644 --- a/src/event.bif +++ b/src/event.bif @@ -6981,12 +6981,15 @@ event reporter_error%(t: time, msg: string, location: string%) &error_handler; ## recursively for each ``@load``. event bro_script_loaded%(path: string, level: count%); +## Marks a point in the event stream at which the event queue started flushing. +event event_queue_flush_point%(%); + ## This event is handled to provide feedback to the file analysis framework ## about how to identify the logical "file" to which some data/input ## belongs. All incoming data to the framework is buffered, and depends ## on a handler for this event to return a string value that uniquely -## identifies a file. Among all handlers of this event, exactly one must -## call :bro:see:`return_file_handle`. +## identifies a file. Among all handlers of this event, the last one to +## call :bro:see:`set_file_handle` will "win". ## ## tag: The analyzer which is carrying the file data. ## @@ -6994,7 +6997,7 @@ event bro_script_loaded%(path: string, level: count%); ## ## is_orig: The direction the file data is flowing over the connection. ## -## .. bro:see:: return_file_handle +## .. bro:see:: set_file_handle event get_file_handle%(tag: count, c: connection, is_orig: bool%); # TODO: document diff --git a/src/file_analysis.bif b/src/file_analysis.bif index 1d709fe3d1..b3e34f93d2 100644 --- a/src/file_analysis.bif +++ b/src/file_analysis.bif @@ -92,8 +92,8 @@ module GLOBAL; ## handle: A string that uniquely identifies a file. ## ## .. bro:see:: get_file_handle FileAnalysis::policy -function return_file_handle%(handle: string%): any +function set_file_handle%(handle: string%): any %{ - file_mgr->ReceiveHandle(handle->CheckString()); + file_mgr->SetHandle(handle->CheckString()); return 0; %} diff --git a/src/file_analysis/DataEvent.cc b/src/file_analysis/DataEvent.cc index 29bff39d50..d8d8c3c680 100644 --- a/src/file_analysis/DataEvent.cc +++ b/src/file_analysis/DataEvent.cc @@ -47,7 +47,8 @@ bool DataEvent::DeliverChunk(const u_char* data, uint64 len, uint64 offset) args->append(file->GetVal()->Ref()); args->append(new StringVal(new BroString(data, len, 0))); args->append(new Val(offset, TYPE_COUNT)); - mgr.Dispatch(new Event(chunk_event, args)); + + mgr.QueueEvent(chunk_event, args); return true; } @@ -59,7 +60,8 @@ bool DataEvent::DeliverStream(const u_char* data, uint64 len) val_list* args = new val_list; args->append(file->GetVal()->Ref()); args->append(new StringVal(new BroString(data, len, 0))); - mgr.Dispatch(new Event(stream_event, args)); + + mgr.QueueEvent(stream_event, args); return true; } diff --git a/src/file_analysis/File.cc b/src/file_analysis/File.cc index d4e6a2f67a..a4713c32fe 100644 --- a/src/file_analysis/File.cc +++ b/src/file_analysis/File.cc @@ -267,7 +267,7 @@ void File::ReplayBOF() DetectTypes(bs->Bytes(), bs->Len()); file_mgr->FileEvent(file_new, this); - //mgr.Drain(); + mgr.Drain(); // need immediate feedback about actions to add for ( size_t i = 0; i < bof_buffer.chunks.size(); ++i ) DataIn(bof_buffer.chunks[i]->Bytes(), bof_buffer.chunks[i]->Len()); @@ -282,7 +282,7 @@ void File::DataIn(const u_char* data, uint64 len, uint64 offset) // TODO: this should all really be delayed until we attempt reassembly DetectTypes(data, len); file_mgr->FileEvent(file_new, this); - //mgr.Drain(); + mgr.Drain(); // need immediate feedback about actions to add actions.DrainModifications(); first_chunk = false; } @@ -319,7 +319,7 @@ void File::DataIn(const u_char* data, uint64 len) { DetectTypes(data, len); file_mgr->FileEvent(file_new, this); - //mgr.Drain(); + mgr.Drain(); // need immediate feedback about actions to add actions.DrainModifications(); missed_bof = false; } diff --git a/src/file_analysis/Hash.cc b/src/file_analysis/Hash.cc index 66e62aacaa..320fb9aa02 100644 --- a/src/file_analysis/Hash.cc +++ b/src/file_analysis/Hash.cc @@ -48,5 +48,5 @@ void Hash::Finalize() vl->append(new StringVal(kind)); vl->append(hash->Get()); - mgr.Dispatch(new Event(file_hash, vl)); + mgr.QueueEvent(file_hash, vl); } diff --git a/src/file_analysis/Manager.cc b/src/file_analysis/Manager.cc index b1fc3aef1b..1d9849d6b8 100644 --- a/src/file_analysis/Manager.cc +++ b/src/file_analysis/Manager.cc @@ -29,38 +29,18 @@ void Manager::Terminate() Timeout(keys[i], true); } -void Manager::ReceiveHandle(const string& handle) +void Manager::SetHandle(const string& handle) { - if ( pending.empty() ) - reporter->InternalError("File analysis underflow"); - - PendingFile* pf = pending.front(); - if ( ! handle.empty() ) - pf->Finish(handle); - delete pf; - pending.pop(); - } - -void Manager::EventDrainDone() - { - if ( pending.empty() ) return; - - reporter->Error("Too few return_file_handle() calls, discarding pending" - " file analysis input."); - - while ( ! pending.empty() ) - { - delete pending.front(); - pending.pop(); - } + current_handle = handle; } void Manager::DataIn(const u_char* data, uint64 len, uint64 offset, AnalyzerTag::Tag tag, Connection* conn, bool is_orig) { if ( IsDisabled(tag) ) return; - if ( ! QueueHandleEvent(tag, conn, is_orig) ) return; - pending.push(new PendingDataInChunk(data, len, offset, tag, conn)); + + GetFileHandle(tag, conn, is_orig); + DataIn(data, len, offset, GetFile(current_handle, conn, tag)); } void Manager::DataIn(const u_char* data, uint64 len, uint64 offset, @@ -84,8 +64,8 @@ void Manager::DataIn(const u_char* data, uint64 len, AnalyzerTag::Tag tag, Connection* conn, bool is_orig) { if ( IsDisabled(tag) ) return; - if ( ! QueueHandleEvent(tag, conn, is_orig) ) return; - pending.push(new PendingDataInStream(data, len, tag, conn)); + GetFileHandle(tag, conn, is_orig); + DataIn(data, len, GetFile(current_handle, conn, tag)); } void Manager::DataIn(const u_char* data, uint64 len, const string& unique) @@ -112,8 +92,9 @@ void Manager::EndOfFile(AnalyzerTag::Tag tag, Connection* conn) void Manager::EndOfFile(AnalyzerTag::Tag tag, Connection* conn, bool is_orig) { if ( IsDisabled(tag) ) return; - if ( ! QueueHandleEvent(tag, conn, is_orig) ) return; - pending.push(new PendingEOF(tag, conn)); + + GetFileHandle(tag, conn, is_orig); + EndOfFile(current_handle); } void Manager::EndOfFile(const string& unique) @@ -125,8 +106,9 @@ void Manager::Gap(uint64 offset, uint64 len, AnalyzerTag::Tag tag, Connection* conn, bool is_orig) { if ( IsDisabled(tag) ) return; - if ( ! QueueHandleEvent(tag, conn, is_orig) ) return; - pending.push(new PendingGap(offset, len, tag, conn)); + + GetFileHandle(tag, conn, is_orig); + Gap(offset, len, GetFile(current_handle, conn, tag)); } void Manager::Gap(uint64 offset, uint64 len, const string& unique) @@ -145,8 +127,9 @@ void Manager::SetSize(uint64 size, AnalyzerTag::Tag tag, Connection* conn, bool is_orig) { if ( IsDisabled(tag) ) return; - if ( ! QueueHandleEvent(tag, conn, is_orig) ) return; - pending.push(new PendingSize(size, tag, conn)); + + GetFileHandle(tag, conn, is_orig); + SetSize(size, GetFile(current_handle, conn, tag)); } void Manager::SetSize(uint64 size, const string& unique) @@ -166,12 +149,13 @@ void Manager::SetSize(uint64 size, File* file) void Manager::FileEvent(EventHandlerPtr h, File* file) { - if ( IsIgnored(file->GetUnique()) ) return; if ( ! h ) return; + if ( IsIgnored(file->GetUnique()) ) return; val_list * vl = new val_list(); vl->append(file->GetVal()->Ref()); - mgr.Dispatch(new Event(h, vl)); + + mgr.QueueEvent(h, vl); } bool Manager::PostponeTimeout(const FileID& file_id) const @@ -205,6 +189,7 @@ bool Manager::RemoveAction(const FileID& file_id, const RecordVal* args) const File* Manager::GetFile(const string& unique, Connection* conn, AnalyzerTag::Tag tag) { + if ( unique.empty() ) return 0; if ( IsIgnored(unique) ) return 0; File* rval = str_map[unique]; @@ -251,6 +236,7 @@ void Manager::Timeout(const FileID& file_id, bool is_terminating) file->postpone_timeout = false; FileEvent(file_timeout, file); + mgr.Drain(); // need immediate feedback about whether to postpone if ( file->postpone_timeout && ! is_terminating ) { @@ -306,6 +292,21 @@ bool Manager::IsIgnored(const string& unique) return ignored.find(unique) != ignored.end(); } +void Manager::GetFileHandle(AnalyzerTag::Tag tag, Connection* c, bool is_orig) + { + current_handle.clear(); + + if ( ! get_file_handle ) return; + + val_list* vl = new val_list(); + vl->append(new Val(tag, TYPE_COUNT)); + vl->append(c->BuildConnVal()); + vl->append(new Val(is_orig, TYPE_BOOL)); + + mgr.QueueEvent(get_file_handle, vl); + mgr.Drain(); // need file handle immediately so we don't have to buffer data + } + bool Manager::IsDisabled(AnalyzerTag::Tag tag) { if ( ! disabled ) @@ -322,17 +323,3 @@ bool Manager::IsDisabled(AnalyzerTag::Tag tag) return rval; } - -bool Manager::QueueHandleEvent(AnalyzerTag::Tag tag, Connection* conn, - bool is_orig) - { - if ( ! get_file_handle ) return false; - - val_list* vl = new val_list(); - vl->append(new Val(tag, TYPE_COUNT)); - vl->append(conn->BuildConnVal()); - vl->append(new Val(is_orig, TYPE_BOOL)); - - mgr.QueueEvent(get_file_handle, vl); - return true; - } diff --git a/src/file_analysis/Manager.h b/src/file_analysis/Manager.h index a98401d538..0fc6384e40 100644 --- a/src/file_analysis/Manager.h +++ b/src/file_analysis/Manager.h @@ -17,7 +17,6 @@ #include "File.h" #include "FileTimer.h" #include "FileID.h" -#include "PendingFile.h" namespace file_analysis { @@ -26,7 +25,6 @@ namespace file_analysis { */ class Manager { friend class FileTimer; -friend class PendingFile; public: @@ -40,17 +38,9 @@ public: void Terminate(); /** - * Associates a handle with the next element in the #pending queue, which - * will immediately push that element all the way through the file analysis - * framework, possibly evaluating any policy hooks. + * Take in a unique file handle string to identifiy incoming file data. */ - void ReceiveHandle(const string& handle); - - /** - * Called when all events have been drained from the event queue. - * There should be no pending file input/data at this point. - */ - void EventDrainDone(); + void SetHandle(const string& handle); /** * Pass in non-sequential file data. @@ -121,7 +111,7 @@ public: bool RemoveAction(const FileID& file_id, const RecordVal* args) const; /** - * Dispatches an event related to the file's life-cycle. + * Queues an event related to the file's life-cycle. */ void FileEvent(EventHandlerPtr h, File* file); @@ -130,7 +120,6 @@ protected: typedef map StrMap; typedef set StrSet; typedef map IDMap; - typedef queue PendingQueue; /** * @return the File object mapped to \a unique or a null pointer if analysis @@ -165,22 +154,22 @@ protected: */ bool IsIgnored(const string& unique); + /** + * Sets #current_handle to a unique file handle string based on what the + * \c get_file_handle event derives from the connection params. The + * event queue is flushed so that we can get the handle value immediately. + */ + void GetFileHandle(AnalyzerTag::Tag tag, Connection* c, bool is_orig); + /** * @return whether file analysis is disabled for the given analyzer. */ static bool IsDisabled(AnalyzerTag::Tag tag); - /** - * Queues \c get_file_handle event in order to retrieve unique file handle. - * @return true if there is a handler for the event, else false. - */ - static bool QueueHandleEvent(AnalyzerTag::Tag tag, Connection* conn, - bool is_orig); - StrMap str_map; /**< Map unique string to file_analysis::File. */ IDMap id_map; /**< Map file ID to file_analysis::File records. */ StrSet ignored; /**< Ignored files. Will be finally removed on EOF. */ - PendingQueue pending; /**< Files awaiting a unique handle. */ + string current_handle; /**< Last file handle set by get_file_handle event.*/ static TableVal* disabled; /**< Table of disabled analyzers. */ }; diff --git a/src/file_analysis/PendingFile.cc b/src/file_analysis/PendingFile.cc deleted file mode 100644 index 6fd0da953d..0000000000 --- a/src/file_analysis/PendingFile.cc +++ /dev/null @@ -1,111 +0,0 @@ -#include "PendingFile.h" -#include "Manager.h" - -using namespace file_analysis; - -static void copy_data(const u_char** dst, const u_char* src, uint64 len) - { - u_char* tmp = new u_char[len]; - memcpy(tmp, src, len); - *dst = tmp; - } - -static string conn_str(Connection* c) - { - char op[256], rp[256]; - modp_ulitoa10(ntohs(c->OrigPort()), op); - modp_ulitoa10(ntohs(c->RespPort()), rp); - string rval = c->OrigAddr().AsString() + ":" + op + "->" + - c->RespAddr().AsString() + ":" + rp; - return rval; - } - -PendingFile::PendingFile(Connection* arg_conn, AnalyzerTag::Tag arg_tag) - : conn(arg_conn), tag(arg_tag) - { - Ref(conn); - DBG_LOG(DBG_FILE_ANALYSIS, "New pending file: %s", conn_str(conn).c_str()); - } - -PendingFile::~PendingFile() - { - Unref(conn); - DBG_LOG(DBG_FILE_ANALYSIS, "Delete pending file: %s", - conn_str(conn).c_str()); - } - -File* PendingFile::GetFile(const string& handle) const - { - return file_mgr->GetFile(handle, conn, tag); - } - -PendingDataInChunk::PendingDataInChunk(const u_char* arg_data, uint64 arg_len, - uint64 arg_offset, - AnalyzerTag::Tag arg_tag, - Connection* arg_conn) - : PendingFile(arg_conn, arg_tag), len(arg_len), - offset(arg_offset) - { - copy_data(&data, arg_data, len); - } - -void PendingDataInChunk::Finish(const string& handle) const - { - file_mgr->DataIn(data, len, offset, GetFile(handle)); - } - -PendingDataInChunk::~PendingDataInChunk() - { - delete [] data; - } - -PendingDataInStream::PendingDataInStream(const u_char* arg_data, uint64 arg_len, - AnalyzerTag::Tag arg_tag, - Connection* arg_conn) - : PendingFile(arg_conn, arg_tag), len(arg_len) - { - copy_data(&data, arg_data, len); - } - -void PendingDataInStream::Finish(const string& handle) const - { - file_mgr->DataIn(data, len, GetFile(handle)); - } - -PendingDataInStream::~PendingDataInStream() - { - delete [] data; - } - -PendingGap::PendingGap(uint64 arg_offset, uint64 arg_len, - AnalyzerTag::Tag arg_tag, Connection* arg_conn) - : PendingFile(arg_conn, arg_tag), offset(arg_offset), - len(arg_len) - { - } - -void PendingGap::Finish(const string& handle) const - { - file_mgr->Gap(offset, len, GetFile(handle)); - } - -PendingEOF::PendingEOF(AnalyzerTag::Tag arg_tag, Connection* arg_conn) - : PendingFile(arg_conn, arg_tag) - { - } - -void PendingEOF::Finish(const string& handle) const - { - file_mgr->EndOfFile(handle); - } - -PendingSize::PendingSize(uint64 arg_size, AnalyzerTag::Tag arg_tag, - Connection* arg_conn) - : PendingFile(arg_conn, arg_tag), size(arg_size) - { - } - -void PendingSize::Finish(const string& handle) const - { - file_mgr->SetSize(size, GetFile(handle)); - } diff --git a/src/file_analysis/PendingFile.h b/src/file_analysis/PendingFile.h deleted file mode 100644 index e4c7349983..0000000000 --- a/src/file_analysis/PendingFile.h +++ /dev/null @@ -1,103 +0,0 @@ -#ifndef FILE_ANALYSIS_PENDINGFILE_H -#define FILE_ANALYSIS_PENDINGFILE_H - -#include "AnalyzerTags.h" -#include "Conn.h" -#include "File.h" - -namespace file_analysis { - -/** - * Provides buffering for file contents until the script-layer is able to - * return a unique file handle for it. - */ -class PendingFile { -public: - - virtual ~PendingFile(); - - virtual void Finish(const string& handle) const = 0; - -protected: - - PendingFile(Connection* arg_conn, - AnalyzerTag::Tag arg_tag = AnalyzerTag::Error); - - File* GetFile(const string& handle) const; - - Connection* conn; - AnalyzerTag::Tag tag; -}; - -class PendingDataInChunk : public PendingFile { -public: - - PendingDataInChunk(const u_char* arg_data, uint64 arg_len, - uint64 arg_offset, AnalyzerTag::Tag arg_tag, - Connection* arg_conn); - - virtual ~PendingDataInChunk(); - - virtual void Finish(const string& handle) const; - -protected: - - const u_char* data; - uint64 len; - uint64 offset; -}; - -class PendingDataInStream : public PendingFile { -public: - - PendingDataInStream(const u_char* arg_data, uint64 arg_len, - AnalyzerTag::Tag arg_tag, Connection* arg_conn); - - virtual ~PendingDataInStream(); - - virtual void Finish(const string& handle) const; - -protected: - - const u_char* data; - uint64 len; -}; - -class PendingGap : public PendingFile { -public: - - PendingGap(uint64 arg_offset, uint64 arg_len, AnalyzerTag::Tag arg_tag, - Connection* arg_conn); - - virtual void Finish(const string& handle) const; - -protected: - - uint64 offset; - uint64 len; -}; - -class PendingEOF : public PendingFile { -public: - - PendingEOF(AnalyzerTag::Tag arg_tag, Connection* arg_conn); - - virtual void Finish(const string& handle) const; -}; - -class PendingSize : public PendingFile { -public: - - PendingSize(uint64 arg_size, AnalyzerTag::Tag arg_tag, - Connection* arg_conn); - - virtual void Finish(const string& handle) const; - -protected: - - uint64 size; -}; - -} // namespace file_analysis - -#endif