FileAnalysis: add unit tests covering current protocol integration.

And had to make various fixes/refinements after scrutinizing results.

scripts/base/frameworks/file-analysis/main.bro

@@ -22,9 +22,7 @@ export {
 
 	## The default amount of time file analysis will wait for new file data
 	## before giving up.
-	## TODO: what's a reasonable default?
-	#const default_timeout_interval: interval = 2 mins &redef;
-	const default_timeout_interval: interval = 10 sec &redef;
+	const default_timeout_interval: interval = 2 mins &redef;
 
 	# Needed a forward declaration for event parameters...
 	type Info: record {};

scripts/base/protocols/ftp/file-analysis.bro

@@ -5,6 +5,7 @@
 redef FileAnalysis::service_handle_callbacks += {
 	["ftp-data"] = function(c: connection, is_orig: bool): string
 		{
+		if ( is_orig ) return "";
 		return fmt("%s ftp-data: %s", c$start_time, id_string(c$id));
 		},
 };

scripts/base/protocols/http/file-analysis.bro

@@ -10,8 +10,8 @@ function get_file_handle(c: connection, is_orig: bool): string
 	if ( ! c?$http ) return "";
 
 	if ( c$http$range_request )
-		return fmt("%s http(%s): %s: %s", c$start_time, is_orig,
-		           c$id$orig_h, build_url(c$http));
+		return fmt("http(%s): %s: %s", is_orig, c$id$orig_h,
+		           build_url(c$http));
 
 	return fmt("%s http(%s, %s): %s", c$start_time, is_orig,
 	           c$http$trans_depth, id_string(c$id));

scripts/base/protocols/http/main.bro

@@ -74,7 +74,7 @@ export {
 
 		## Indicates if this request can assume 206 partial content in
 		## response.
-		range_request:           bool      &default=F;
+		range_request:           bool &default=F;
 	};
 	
 	## Structure to maintain state for an HTTP connection with multiple 

scripts/base/protocols/irc/file-analysis.bro

@@ -5,6 +5,7 @@
 redef FileAnalysis::service_handle_callbacks += {
 	["irc-dcc-data"] = function(c: connection, is_orig: bool): string
 		{
+		if ( is_orig ) return "";
 		return fmt("%s irc-dcc-data: %s", c$start_time, id_string(c$id));
 		},
 };