FileAnalysis: misc. tweaks/fixes.

- Add a timeout flag to file_analysis.log so it's easy to tell what has had at least one timeout trigger happen. - Fix ftp-data service tag not being set for reused connections. - Fix HTTP::Incorrect_File_Type because mime types returned by FAF have the charset still in them, but the HTTP::mime_types_extensions table does not and it requires an exact string match. (still ugly) - Add TRIGGER_NEW_CONN to track files going over multiple connections. - Add an initial file/mime type guess for non-linear file transfers. - Fix a case where file/mime type detection would never be attempted if the start of the file was a content gap. - Improve mime type tracking of HTTP byte-range/partial-content, even if the requests are pipelined or over multiple connections. - I changed the modbus.events test because having the baseline output be 80+ MB is nuts and it was sensitive to connection record redefs.
2025-10-15 04:58:21 +00:00 · 2013-03-28 16:59:29 -05:00 · 2013-03-28 16:59:29 -05:00 · 3642ecc73e
commit 3642ecc73e
parent f0e9cdc30a
16 changed files with 79842 additions and 159442 deletions
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.out
@ -1,5 +1,9 @@
 FileAnalysis::TRIGGER_NEW
 7gZBKVUgy4l, 0, 0
+FileAnalysis::TRIGGER_TYPE
+file type is set
+mime type is set
+FileAnalysis::TRIGGER_NEW_CONN
 FileAnalysis::TRIGGER_DONE
 7gZBKVUgy4l, 555523, 0
 [orig_h=10.101.84.70, orig_p=10978/tcp, resp_h=129.174.93.161, resp_p=80/tcp]
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out
@ -1,5 +1,8 @@
 FileAnalysis::TRIGGER_NEW
 oDwT1BbzjM1, 0, 0
+FileAnalysis::TRIGGER_TYPE
+file type is set
+mime type is set
 FileAnalysis::TRIGGER_DONE
 oDwT1BbzjM1, 1022920, 0
 [orig_h=192.168.72.14, orig_p=3254/tcp, resp_h=65.54.95.206, resp_p=80/tcp]
@ -7,6 +10,9 @@ total bytes: 1022920
 source: HTTP
 FileAnalysis::TRIGGER_NEW
 oDwT1BbzjM1, 0, 0
+FileAnalysis::TRIGGER_TYPE
+file type is set
+mime type is set
 FileAnalysis::TRIGGER_TIMEOUT
 FileAnalysis::TRIGGER_EOF
 oDwT1BbzjM1, 206024, 0
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out
@ -1,5 +1,9 @@
 FileAnalysis::TRIGGER_NEW
 uHS14uhRKGe, 0, 0
+FileAnalysis::TRIGGER_TYPE
+file type is set
+mime type is set
+FileAnalysis::TRIGGER_NEW_CONN
 FileAnalysis::TRIGGER_DONE
 uHS14uhRKGe, 498702, 0
 [orig_h=10.45.179.94, orig_p=19950/tcp, resp_h=129.174.93.170, resp_p=80/tcp]