More file reassembly work.

- The reassembly behavior can be modified per-file by enabling or disabling the reassembler and/or modifying the size of the reassembly buffer. - Changed the file extraction analyzer to use the stream to avoid issues with the chunk based approach not immediately triggering the file_new event due to mime-type detection delay. Early chunks frequently ended up lost before. - Generally things are working now and I'd consider this in testing.
2025-10-12 11:38:20 +00:00 · 2014-01-05 04:58:01 -05:00 · 2014-01-05 04:58:01 -05:00 · 38dbba7622
commit 38dbba7622
parent 0b78f444a1
23 changed files with 375 additions and 159 deletions
--- a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout
+++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout
@ -1,5 +1,7 @@
 FILE_NEW
 file #0, 0, 0
+FILE_BOF_BUFFER
+MZ\x90\0^C\0\0\0^D\0\0
 MIME_TYPE
 application/x-dosexec
 FILE_OVER_NEW_CONNECTION
@ -8,15 +10,13 @@ file #0, 1022920, 0
 [orig_h=192.168.72.14, orig_p=3254/tcp, resp_h=65.54.95.206, resp_p=80/tcp]
 total bytes: 1022920
 source: HTTP
-FILE_NEW
-file #1, 0, 0
-MIME_TYPE
-application/octet-stream
-FILE_OVER_NEW_CONNECTION
+MD5: fc13fee1d44ef737a3133f1298b21d28
+SHA1: 7d99803eaf3b6e8dfa3581348bc694089579d25a
+SHA256: dcb87a62a2b5d449abc138776000fd1b14edc690e9da6ea325b8f352ab033202
 FILE_TIMEOUT
 FILE_TIMEOUT
 FILE_STATE_REMOVE
-file #1, 206024, 0
+file #0, 0, 0
 [orig_h=192.168.72.14, orig_p=3257/tcp, resp_h=65.54.95.14, resp_p=80/tcp]
 total bytes: 1022920
 source: HTTP