Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Delay file_over_new_connection events until after file_new occurs.

Browse source
This commit is contained in:
Jon Siwek 2013-07-09 14:25:41 -05:00
parent 5dbc354898
commit 6a5b825058
2 changed files with 25 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/file_analysis/File.cc
View file

@ -75,7 +75,8 @@ void File::StaticInit()
File::File(const string& file_id, Connection* conn, analyzer::Tag tag, File::File(const string& file_id, Connection* conn, analyzer::Tag tag,
bool is_orig) bool is_orig)
: id(file_id), val(0), postpone_timeout(false), first_chunk(true), : id(file_id), val(0), postpone_timeout(false), first_chunk(true),
missed_bof(false), need_reassembly(false), done(false), analyzers(this) missed_bof(false), need_reassembly(false), done(false),
did_file_new_event(false), analyzers(this)
{ {
StaticInit(); StaticInit();
@ -99,6 +100,7 @@ File::~File()
{ {
DBG_LOG(DBG_FILE_ANALYSIS, "Destroying File object %s", id.c_str()); DBG_LOG(DBG_FILE_ANALYSIS, "Destroying File object %s", id.c_str());
Unref(val); Unref(val);
assert(fonc_queue.empty());
} }
void File::UpdateLastActivityTime() void File::UpdateLastActivityTime()
@ -135,7 +137,12 @@ void File::UpdateConnectionFields(Connection* conn)
val_list* vl = new val_list(); val_list* vl = new val_list();
vl->append(val->Ref()); vl->append(val->Ref());
vl->append(conn_val->Ref()); vl->append(conn_val->Ref());
if ( did_file_new_event )
FileEvent(file_over_new_connection, vl); FileEvent(file_over_new_connection, vl);
else
fonc_queue.push(pair<EventHandlerPtr, val_list*>(
file_over_new_connection, vl));
} }
} }
@ -432,6 +439,18 @@ void File::FileEvent(EventHandlerPtr h, val_list* vl)
{ {
mgr.QueueEvent(h, vl); mgr.QueueEvent(h, vl);
if ( h == file_new )
{
did_file_new_event = true;
while ( ! fonc_queue.empty() )
{
pair<EventHandlerPtr, val_list*> p = fonc_queue.front();
mgr.QueueEvent(p.first, p.second);
fonc_queue.pop();
}
}
if ( h == file_new || h == file_timeout ) if ( h == file_new || h == file_timeout )
{ {
// immediate feedback is required for these events. // immediate feedback is required for these events.

4
src/file_analysis/File.h
View file

@ -3,7 +3,9 @@
#ifndef FILE_ANALYSIS_FILE_H #ifndef FILE_ANALYSIS_FILE_H
#define FILE_ANALYSIS_FILE_H #define FILE_ANALYSIS_FILE_H
#include <queue>
#include <string> #include <string>
#include <utility>
#include <vector> #include <vector>
#include "Conn.h" #include "Conn.h"
@ -239,7 +241,9 @@ private:
bool missed_bof; /**< Flags that we missed start of file. */ bool missed_bof; /**< Flags that we missed start of file. */
bool need_reassembly; /**< Whether file stream reassembly is needed. */ bool need_reassembly; /**< Whether file stream reassembly is needed. */
bool done; /**< If this object is about to be deleted. */ bool done; /**< If this object is about to be deleted. */
bool did_file_new_event; /**< Whether the file_new event has been done. */
AnalyzerSet analyzers; /**< A set of attached file analyzer. */ AnalyzerSet analyzers; /**< A set of attached file analyzer. */
queue<pair<EventHandlerPtr, val_list*> > fonc_queue;
struct BOF_Buffer { struct BOF_Buffer {
BOF_Buffer() : full(false), replayed(false), size(0) {} BOF_Buffer() : full(false), replayed(false), size(0) {}