FileAnalysis: add bif for setting timeout interval

scripts/base/frameworks/file-analysis/main.bro

@@ -120,10 +120,23 @@ export {
 	## generate two handles that would hash to the same file id.
 	const salt = "I recommend changing this." &redef;
 
+	## Sets the *timeout_interval* field of :bro:see:`fa_file`, which is
+	## used to determine the length of inactivity that is allowed for a file
+	## before internal state related to it is cleaned up.
+	##
+	## f: the file.
+	##
+	## t: the amount of time the file can remain inactive before discarding.
+	##
+	## Returns: true if the timeout interval was set, or false if analysis
+	##          for the *id* isn't currently active.
+	global set_timeout_interval: function(f: fa_file, t: interval): bool;
+
 	## Postpones the timeout of file analysis for a given file.
 	## When used within a :bro:see:`file_timeout` handler for, the analysis
 	## the analysis will delay timing out for the period of time indicated by
-	## the *timeout_interval* field of :bro:see:`fa_file`.
+	## the *timeout_interval* field of :bro:see:`fa_file`, which can be set
+	## with :bro:see:`FileAnalysis::set_timeout_interval`.
 	##
 	## f: the file.
 	##
@@ -243,6 +256,11 @@ function set_info(f: fa_file)
 			add f$info$conn_uids[f$conns[cid]$uid];
 	}
 
+function set_timeout_interval(f: fa_file, t: interval): bool
+	{
+	return __set_timeout_interval(f$id, t);
+	}
+
 function postpone_timeout(f: fa_file): bool
 	{
 	return __postpone_timeout(f$id);

src/event.bif

@@ -7024,7 +7024,8 @@ event file_over_new_connection%(f: fa_file, c: connection%);
 ## f: The file.
 ##
 ## .. bro:see:: file_new file_over_new_connection file_gap file_state_remove
-## default_file_timeout_interval
+## default_file_timeout_interval FileAnalysis::postpone_timeout
+## FileAnalysis::set_timeout_interval
 event file_timeout%(f: fa_file%);
 
 ## Indicates that a chunk of the file is missing.

src/file_analysis.bif

@@ -14,6 +14,15 @@ function FileAnalysis::__postpone_timeout%(file_id: string%): bool
 	return new Val(result, TYPE_BOOL);
 	%}
 
+## :bro:see:`FileAnalysis::set_timeout_interval`.
+function FileAnalysis::__set_timeout_interval%(file_id: string, t: interval%): bool
+	%{
+	using file_analysis::FileID;
+	bool result = file_mgr->SetTimeoutInterval(FileID(file_id->CheckString()),
+	                                           t);
+	return new Val(result, TYPE_BOOL);
+	%}
+
 ## :bro:see:`FileAnalysis::add_action`.
 function FileAnalysis::__add_action%(file_id: string, args: any%): bool
 	%{

src/file_analysis/File.cc

@@ -189,6 +189,11 @@ double File::GetTimeoutInterval() const
 	return LookupFieldDefaultInterval(timeout_interval_idx);
 	}
 
+void File::SetTimeoutInterval(double interval)
+	{
+	val->Assign(timeout_interval_idx, new Val(interval, TYPE_INTERVAL));
+	}
+
 void File::IncrementByteCount(uint64 size, int field_idx)
 	{
 	uint64 old = LookupFieldDefaultCount(field_idx);

src/file_analysis/File.h

@@ -34,6 +34,11 @@ public:
 	 */
 	double GetTimeoutInterval() const;
 
+	/**
+	 * Set the "timeout_interval" field from #val record to \a interval seconds.
+	 */
+	void SetTimeoutInterval(double interval);
+
 	/**
 	 * @return value of the "id" field from #val record.
 	 */

src/file_analysis/Manager.cc

@@ -157,6 +157,16 @@ bool Manager::PostponeTimeout(const FileID& file_id) const
 	return true;
 	}
 
+bool Manager::SetTimeoutInterval(const FileID& file_id, double interval) const
+	{
+	File* file = Lookup(file_id);
+
+	if ( ! file ) return false;
+
+	file->SetTimeoutInterval(interval);
+	return true;
+	}
+
 bool Manager::AddAction(const FileID& file_id, RecordVal* args) const
 	{
 	File* file = Lookup(file_id);

src/file_analysis/Manager.h

@@ -96,6 +96,11 @@ public:
 	 */
 	bool PostponeTimeout(const FileID& file_id) const;
 
+	/**
+	 * Set's an inactivity threshold for the file.
+	 */
+	bool SetTimeoutInterval(const FileID& file_id, double interval) const;
+
 	/**
 	 * Queue attachment of an action to the file identifier.  Multiple actions
 	 * of a given type can be attached per file identifier at a time as long as