FileAnalysis: checkpoint in middle of big reorganization.

- FileAnalysis::Info is now just a record used for logging, the fa_file record type is defined in init-bare.bro as the analogue to a connection record. - Starting to transfer policy hook triggers and analyzer results to events.
2025-10-06 00:28:21 +00:00 · 2013-04-09 15:49:58 -05:00 · 2013-04-09 15:49:58 -05:00 · 641154f8e8
commit 641154f8e8
parent e73a261262
68 changed files with 855 additions and 871 deletions
--- a/src/file_analysis/FileTimer.cc
+++ b/src/file_analysis/FileTimer.cc
@ -0,0 +1,38 @@
+#include "Manager.h"
+#include "File.h"
+
+using namespace file_analysis;
+
+
+FileTimer::FileTimer(double t, const FileID& id, double interval)
+    : Timer(t + interval, TIMER_FILE_ANALYSIS_INACTIVITY), file_id(id)
+	{
+	DBG_LOG(DBG_FILE_ANALYSIS, "New %f second timeout timer for %s",
+	        file_id.c_str(), interval);
+	}
+
+void FileTimer::Dispatch(double t, int is_expire)
+	{
+	File* file = file_mgr->Lookup(file_id);
+
+	if ( ! file ) return;
+
+	double last_active = file->GetLastActivityTime();
+	double inactive_time = t > last_active ? t - last_active : 0.0;
+
+	DBG_LOG(DBG_FILE_ANALYSIS, "Checking inactivity for %s, last active at %f, "
+		    "inactive for %f", file_id.c_str(), last_active, inactive_time);
+
+	if ( last_active == 0.0 )
+		{
+		// was created when network_time was zero, so re-schedule w/ valid time
+		file->UpdateLastActivityTime();
+		file->ScheduleInactivityTimer();
+		return;
+		}
+
+	if ( inactive_time >= file->GetTimeoutInterval() )
+		file_mgr->Timeout(file_id);
+	else if ( ! is_expire )
+		file->ScheduleInactivityTimer();
+	}