mirror of
https://github.com/zeek/zeek.git
synced 2025-10-11 19:18:19 +00:00
Review/fix/change file reassembly functionality.
- Re-arrange how some fa_file fields (e.g. source, connection info, mime type) get updated/set for consistency. - Add more robust mechanisms for flushing the reassembly buffer. The goal being to report all gaps and deliveries to file analyzers regardless of the state of the reassembly buffer at the time it has to be flushed.
This commit is contained in:
Jon Siwek
parent
edaf7edc11
commit
cbbe7b52dc
26 changed files with 370 additions and 238 deletions
|
|
@ -133,7 +133,7 @@ export {
|
|||
## each file.
|
||||
const enable_reassembler = T &redef;
|
||||
|
||||
## The default allow per-file reassembly buffer size.
|
||||
## The default per-file reassembly buffer size.
|
||||
const reassembly_buffer_size = 1048576 &redef;
|
||||
|
||||
## Allows the file reassembler to be used if it's necessary because the
|
||||
|
|
@ -490,7 +490,6 @@ event file_mime_type(f: fa_file, mime_type: string) &priority=10
|
|||
|
||||
f$info$mime_type = mime_type;
|
||||
|
||||
|
||||
if ( analyze_by_mime_type_automatically &&
|
||||
mime_type in mime_type_to_analyzers )
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue