Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/topic/robin/file-analysis-fixes'

Browse source 
* origin/topic/robin/file-analysis-fixes:
  Adding test with command line that used to trigger a crash.
  Cleaning up a couple of comments.
  Fix delay in disabling file analyzers.
  Fix file analyzer memory management.

The merge changes around functionality a bit again - instead of having
a list of done analyzers, analyzers are simply set to skipping when they
are removed, and cleaned up later on destruction of the AnalyzerSet.

BIT-1782 #merged
This commit is contained in:
Johanna Amann 2017-02-01 14:03:08 -08:00
commit 9db27a6d60
7 changed files with 72 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

30
src/file_analysis/File.cc
View file

@ -391,9 +391,15 @@ void File::DeliverStream(const u_char* data, uint64 len)
// Catch this analyzer up with the BOF buffer.
for ( int i = 0; i < num_bof_chunks_behind; ++i )
{
if ( ! a->DeliverStream(bof_buffer.chunks[i]->Bytes(),
bof_buffer.chunks[i]->Len()) )
analyzers.QueueRemove(a->Tag(), a->Args());
if ( ! a->Skipping() )
{
if ( ! a->DeliverStream(bof_buffer.chunks[i]->Bytes(),
bof_buffer.chunks[i]->Len()) )
{
a->SetSkip(true);
analyzers.QueueRemove(a->Tag(), a->Args());
}
}
bytes_delivered += bof_buffer.chunks[i]->Len();
}
@ -403,8 +409,14 @@ void File::DeliverStream(const u_char* data, uint64 len)
// Analyzer should be fully caught up to stream_offset now.
}
if ( ! a->DeliverStream(data, len) )
analyzers.QueueRemove(a->Tag(), a->Args());
if ( ! a->Skipping() )
{
if ( ! a->DeliverStream(data, len) )
{
a->SetSkip(true);
analyzers.QueueRemove(a->Tag(), a->Args());
}
}
}
stream_offset += len;
@ -468,9 +480,13 @@ void File::DeliverChunk(const u_char* data, uint64 len, uint64 offset)
while ( (a = analyzers.NextEntry(c)) )
{
DBG_LOG(DBG_FILE_ANALYSIS, "chunk delivery to analyzer %s", file_mgr->GetComponentName(a->Tag()).c_str());
if ( ! a->DeliverChunk(data, len, offset) )
if ( ! a->Skipping() )
{
analyzers.QueueRemove(a->Tag(), a->Args());
if ( ! a->DeliverChunk(data, len, offset) )
{
a->SetSkip(true);
analyzers.QueueRemove(a->Tag(), a->Args());
}
}
}