Fixed more bugs with delayed emails.

2025-10-14 04:28:20 +00:00 · 2011-12-15 15:57:42 -05:00 · 2011-12-15 15:57:42 -05:00 · b66c73baaa
commit b66c73baaa
parent 667dcb251a
2 changed files with 19 additions and 6 deletions
--- a/scripts/base/frameworks/notice/extend-email/hostnames.bro
+++ b/scripts/base/frameworks/notice/extend-email/hostnames.bro
@ -2,6 +2,14 @@

 module Notice;

+function lookup_addr_wrapper(n: Info, a: addr): string
+	{
+	return when ( local name = lookup_addr(a) )
+		{
+		return name;
+		}
+	}
+
 event Notice::notice(n: Notice::Info) &priority=10
 	{
 	if ( ! n?$src && ! n?$dst )
@ -19,9 +27,9 @@ event Notice::notice(n: Notice::Info) &priority=10
 	if ( n?$src )
 		{
 		add n$email_delay_tokens["hostnames-src"];
-		when ( local src_name = lookup_addr(n$src) )
+		when ( local src_name = lookup_addr_wrapper(n, n$src) )
 			{
-			output = string_cat("orig_h/src hostname: ", src_name, "\n");
+			output = string_cat("orig/src hostname: ", src_name, "\n");
 			n$email_body_sections[|n$email_body_sections|] = output;
 			delete n$email_delay_tokens["hostnames-src"];
 			}
@ -29,9 +37,9 @@ event Notice::notice(n: Notice::Info) &priority=10
 	if ( n?$dst )
 		{
 		add n$email_delay_tokens["hostnames-dst"];
-		when ( local dst_name = lookup_addr(n$dst) )
+		when ( local dst_name = lookup_addr_wrapper(n, n$dst) )
 			{
-			output = string_cat("resp_h/dst hostname: ", dst_name, "\n");
+			output = string_cat("resp/dst hostname: ", dst_name, "\n");
 			n$email_body_sections[|n$email_body_sections|] = output;
 			delete n$email_delay_tokens["hostnames-dst"];
 			}
--- a/scripts/base/frameworks/notice/main.bro
+++ b/scripts/base/frameworks/notice/main.bro
@ -96,7 +96,7 @@ export {
 		## expand on notices that are being emailed.  The normal way to add text
 		## is to extend the vector by handling the :bro:id:`Notice::notice`
 		## event and modifying the notice in place.
-		email_body_sections:  vector of string &default=vector();
+		email_body_sections:  vector of string &optional;
 		
 		## Adding a string "token" to this set will cause the notice framework's
 		## built-in emailing functionality to delay sending the email until 
@ -371,7 +371,10 @@ function email_notice_to(n: Notice::Info, dest: string, extend: bool)
 			{
 			# If we still are within the max_email_delay, keep delaying.
 			if ( n$ts + max_email_delay > network_time() )
+				{
 				schedule 1sec { delay_sending_email(n, dest, extend) };
+				return;
+				}
 			else
 				{
 				event reporter_info(network_time(), 
@ -503,7 +506,9 @@ function apply_policy(n: Notice::Info)
 	
 	if ( ! n?$actions )
 		n$actions = set();
-		
+	
+	if ( ! n?$email_body_sections )
+		n$email_body_sections = vector();
 	if ( ! n?$email_delay_tokens )
 		n$email_delay_tokens = set();