mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 02:28:21 +00:00
Delay file_over_new_connection events until after file_new occurs.
This commit is contained in:
Jon Siwek
parent
5dbc354898
commit
6a5b825058
2 changed files with 25 additions and 2 deletions
|
|
@ -75,7 +75,8 @@ void File::StaticInit()
|
|||
File::File(const string& file_id, Connection* conn, analyzer::Tag tag,
|
||||
bool is_orig)
|
||||
: id(file_id), val(0), postpone_timeout(false), first_chunk(true),
|
||||
missed_bof(false), need_reassembly(false), done(false), analyzers(this)
|
||||
missed_bof(false), need_reassembly(false), done(false),
|
||||
did_file_new_event(false), analyzers(this)
|
||||
{
|
||||
StaticInit();
|
||||
|
||||
|
|
@ -99,6 +100,7 @@ File::~File()
|
|||
{
|
||||
DBG_LOG(DBG_FILE_ANALYSIS, "Destroying File object %s", id.c_str());
|
||||
Unref(val);
|
||||
assert(fonc_queue.empty());
|
||||
}
|
||||
|
||||
void File::UpdateLastActivityTime()
|
||||
|
|
@ -135,7 +137,12 @@ void File::UpdateConnectionFields(Connection* conn)
|
|||
val_list* vl = new val_list();
|
||||
vl->append(val->Ref());
|
||||
vl->append(conn_val->Ref());
|
||||
|
||||
if ( did_file_new_event )
|
||||
FileEvent(file_over_new_connection, vl);
|
||||
else
|
||||
fonc_queue.push(pair<EventHandlerPtr, val_list*>(
|
||||
file_over_new_connection, vl));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -432,6 +439,18 @@ void File::FileEvent(EventHandlerPtr h, val_list* vl)
|
|||
{
|
||||
mgr.QueueEvent(h, vl);
|
||||
|
||||
if ( h == file_new )
|
||||
{
|
||||
did_file_new_event = true;
|
||||
|
||||
while ( ! fonc_queue.empty() )
|
||||
{
|
||||
pair<EventHandlerPtr, val_list*> p = fonc_queue.front();
|
||||
mgr.QueueEvent(p.first, p.second);
|
||||
fonc_queue.pop();
|
||||
}
|
||||
}
|
||||
|
||||
if ( h == file_new || h == file_timeout )
|
||||
{
|
||||
// immediate feedback is required for these events.
|
||||
|
|
|
|||
|
|
@ -3,7 +3,9 @@
|
|||
#ifndef FILE_ANALYSIS_FILE_H
|
||||
#define FILE_ANALYSIS_FILE_H
|
||||
|
||||
#include <queue>
|
||||
#include <string>
|
||||
#include <utility>
|
||||
#include <vector>
|
||||
|
||||
#include "Conn.h"
|
||||
|
|
@ -239,7 +241,9 @@ private:
|
|||
bool missed_bof; /**< Flags that we missed start of file. */
|
||||
bool need_reassembly; /**< Whether file stream reassembly is needed. */
|
||||
bool done; /**< If this object is about to be deleted. */
|
||||
bool did_file_new_event; /**< Whether the file_new event has been done. */
|
||||
AnalyzerSet analyzers; /**< A set of attached file analyzer. */
|
||||
queue<pair<EventHandlerPtr, val_list*> > fonc_queue;
|
||||
|
||||
struct BOF_Buffer {
|
||||
BOF_Buffer() : full(false), replayed(false), size(0) {}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue