Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

More file reassembly work.

Browse source 
- The reassembly behavior can be modified per-file by enabling or
   disabling the reassembler and/or modifying the size of the reassembly
   buffer.

 - Changed the file extraction analyzer to use the stream to avoid
   issues with the chunk based approach not immediately triggering
   the file_new event due to mime-type detection delay.  Early chunks
   frequently ended up lost before.

 - Generally things are working now and I'd consider this in testing.
This commit is contained in:
Seth Hall 2014-01-05 04:58:01 -05:00
parent 0b78f444a1
commit 38dbba7622
23 changed files with 375 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

8
testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
View file

@ -55,3 +55,11 @@ source: HTTP
MD5: 226244811006caf4ac904344841168dd
SHA1: 7222902b8b8e68e25c0422e7f8bdf344efeda54d
SHA256: dd485ecf240e12807516b0a27718fc3ab9a17c1158a452967343c98cefba07a0
FILE_STATE_REMOVE
file #3, 465, 0
[orig_h=141.142.228.5, orig_p=57262/tcp, resp_h=54.243.88.146, resp_p=80/tcp]
total bytes: 465
source: HTTP
MD5: 226244811006caf4ac904344841168dd
SHA1: 7222902b8b8e68e25c0422e7f8bdf344efeda54d
SHA256: dd485ecf240e12807516b0a27718fc3ab9a17c1158a452967343c98cefba07a0