Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

FileAnalysis: insert explicit event queue flush points.

Browse source 
And added an event called "event_queue_flush_point" to mark where that
occured in the event stream.  The FAF now uses an explicit event queue
flush instead of buffering input in order to wait for a file handle to
be returned from script-layer.
This commit is contained in:
Jon Siwek 2013-04-10 16:48:10 -05:00
parent d9321e2203
commit 2747e839fb
15 changed files with 128 additions and 382 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/file_analysis/File.cc
View file

@ -267,7 +267,7 @@ void File::ReplayBOF()
DetectTypes(bs->Bytes(), bs->Len());
file_mgr->FileEvent(file_new, this);
//mgr.Drain();
mgr.Drain(); // need immediate feedback about actions to add
for ( size_t i = 0; i < bof_buffer.chunks.size(); ++i )
DataIn(bof_buffer.chunks[i]->Bytes(), bof_buffer.chunks[i]->Len());
@ -282,7 +282,7 @@ void File::DataIn(const u_char* data, uint64 len, uint64 offset)
// TODO: this should all really be delayed until we attempt reassembly
DetectTypes(data, len);
file_mgr->FileEvent(file_new, this);
//mgr.Drain();
mgr.Drain(); // need immediate feedback about actions to add
actions.DrainModifications();
first_chunk = false;
}
@ -319,7 +319,7 @@ void File::DataIn(const u_char* data, uint64 len)
{
DetectTypes(data, len);
file_mgr->FileEvent(file_new, this);
//mgr.Drain();
mgr.Drain(); // need immediate feedback about actions to add
actions.DrainModifications();
missed_bof = false;
}