Review usage of Reporter::InternalError, addresses BIT-1045.

Replaced some with InternalWarning or InternalAnalyzerError, the later being a new method which signals the analyzer to not process further input. Some usages I just removed if they didn't make sense or clearly couldn't happen. Also did some minor refactors of related code while reviewing/exploring ways to get rid of InternalError usages. Also, for TCP content file write failures there's a new event: "contents_file_write_failure".
2025-10-06 00:28:21 +00:00 · 2013-10-10 14:45:06 -05:00 · 2013-10-10 14:45:06 -05:00 · b828a6ddc7
commit b828a6ddc7
parent 6734260136
51 changed files with 532 additions and 267 deletions
--- a/src/analyzer/protocol/tcp/TCP_Endpoint.cc
+++ b/src/analyzer/protocol/tcp/TCP_Endpoint.cc
@ -34,10 +34,8 @@ TCP_Endpoint::TCP_Endpoint(TCP_Analyzer* arg_analyzer, int arg_is_orig)

 	hist_last_SYN = hist_last_FIN = hist_last_RST = 0;

-	src_addr = is_orig ? tcp_analyzer->Conn()->RespAddr() :
-				tcp_analyzer->Conn()->OrigAddr();
-	dst_addr = is_orig ? tcp_analyzer->Conn()->OrigAddr() :
-				tcp_analyzer->Conn()->RespAddr();
+	src_addr = is_orig ? Conn()->RespAddr() : Conn()->OrigAddr();
+	dst_addr = is_orig ? Conn()->OrigAddr() : Conn()->RespAddr();

 	checksum_base = ones_complement_checksum(src_addr, 0);
 	checksum_base = ones_complement_checksum(dst_addr, checksum_base);
@ -54,6 +52,11 @@ TCP_Endpoint::~TCP_Endpoint()
 	Unref(contents_file);
 	}

+Connection* TCP_Endpoint::Conn() const
+	{
+	return tcp_analyzer->Conn();
+	}
+
 void TCP_Endpoint::Done()
 	{
 	if ( contents_processor )
@ -143,7 +146,7 @@ void TCP_Endpoint::SetState(EndpointState new_state)
 		// handshake.
 		if ( ! is_handshake(new_state) )
 			if ( is_handshake(state) && is_handshake(peer->state) )
-				tcp_analyzer->Conn()->SetInactivityTimeout(tcp_inactivity_timeout);
+				Conn()->SetInactivityTimeout(tcp_inactivity_timeout);

 		prev_state = state;
 		state = new_state;
@ -207,8 +210,20 @@ int TCP_Endpoint::DataSent(double t, int seq, int len, int caplen,
 		FILE* f = contents_file->Seek(seq - contents_start_seq);

 		if ( fwrite(data, 1, len, f) < unsigned(len) )
-			// ### this should really generate an event
-			reporter->InternalError("contents write failed");
+			{
+			char buf[256];
+			strerror_r(errno, buf, sizeof(buf));
+			reporter->Error("TCP contents write failed: %s", buf);
+
+			if ( contents_file_write_failure )
+				{
+				val_list* vl = new val_list();
+				vl->append(Conn()->BuildConnVal());
+				vl->append(new Val(IsOrig(), TYPE_BOOL));
+				vl->append(new StringVal(buf));
+				tcp_analyzer->ConnectionEvent(contents_file_write_failure, vl);
+				}
+			}
 		}

 	return status;
@ -241,7 +256,7 @@ int TCP_Endpoint::CheckHistory(uint32 mask, char code)
 		code = tolower(code);
 		}

-	return tcp_analyzer->Conn()->CheckHistory(mask, code);
+	return Conn()->CheckHistory(mask, code);
 	}

 void TCP_Endpoint::AddHistory(char code)
@ -249,6 +264,6 @@ void TCP_Endpoint::AddHistory(char code)
 	if ( ! IsOrig() )
 		code = tolower(code);

-	tcp_analyzer->Conn()->AddHistory(code);
+	Conn()->AddHistory(code);
 	}