Review/fix/change file reassembly functionality.

- Re-arrange how some fa_file fields (e.g. source, connection info, mime type) get updated/set for consistency. - Add more robust mechanisms for flushing the reassembly buffer. The goal being to report all gaps and deliveries to file analyzers regardless of the state of the reassembly buffer at the time it has to be flushed.
2025-10-03 15:18:20 +00:00 · 2014-12-16 14:05:15 -06:00 · 2014-12-16 14:05:15 -06:00 · cbbe7b52dc
commit cbbe7b52dc
parent edaf7edc11
26 changed files with 370 additions and 238 deletions
--- a/src/file_analysis/Analyzer.h
+++ b/src/file_analysis/Analyzer.h
@ -111,6 +111,18 @@ public:
 	 */
 	void SetAnalyzerTag(const file_analysis::Tag& tag);

+	/**
+	 * @return true if the analyzer has ever seen a stream-wise delivery.
+	 */
+	bool GotStreamDelivery() const
+		{ return got_stream_delivery; }
+
+	/**
+	 * Flag the analyzer as having seen a stream-wise delivery.
+	 */
+	void SetGotStreamDelivery()
+		{ got_stream_delivery = true; }
+
 protected:

 	/**
@ -123,7 +135,8 @@ protected:
 	Analyzer(file_analysis::Tag arg_tag, RecordVal* arg_args, File* arg_file)
 	    : tag(arg_tag),
 	      args(arg_args->Ref()->AsRecordVal()),
-	      file(arg_file)
+	      file(arg_file),
+	      got_stream_delivery(false)
 		{
 		id = ++id_counter;
 		}
@ -140,7 +153,8 @@ protected:
 	Analyzer(RecordVal* arg_args, File* arg_file)
 	    : tag(),
 	      args(arg_args->Ref()->AsRecordVal()),
-	      file(arg_file)
+	      file(arg_file),
+	      got_stream_delivery(false)
 		{
 		id = ++id_counter;
 		}
@ -151,6 +165,7 @@ private:
 	file_analysis::Tag tag;	/**< The particular type of the analyzer instance. */
 	RecordVal* args;	/**< \c AnalyzerArgs val gives tunable analyzer params. */
 	File* file;	/**< The file to which the analyzer is attached. */
+	bool got_stream_delivery;

 	static ID id_counter;
 };