Review/fix/change file reassembly functionality.

- Re-arrange how some fa_file fields (e.g. source, connection info, mime type) get updated/set for consistency. - Add more robust mechanisms for flushing the reassembly buffer. The goal being to report all gaps and deliveries to file analyzers regardless of the state of the reassembly buffer at the time it has to be flushed.
2025-10-02 22:58:20 +00:00 · 2014-12-16 14:05:15 -06:00 · 2014-12-16 14:05:15 -06:00 · cbbe7b52dc
commit cbbe7b52dc
parent edaf7edc11
26 changed files with 370 additions and 238 deletions
--- a/src/file_analysis/AnalyzerSet.h
+++ b/src/file_analysis/AnalyzerSet.h
@ -57,10 +57,10 @@ public:
 	 * Queue the attachment of an analyzer to #file.
 	 * @param tag the analyzer tag of the file analyzer to add.
 	 * @param args an \c AnalyzerArgs value which specifies an analyzer.
-	 * @param a an analyzer pointer to return the instantiated analyzer to the caller.
-	 * @return true if analyzer was able to be instantiated, else false.
+	 * @return if successful, a pointer to a newly instantiated analyzer else
+	 * a null pointer.  The caller does *not* take ownership of the memory.
 	 */
-	bool QueueAdd(file_analysis::Tag tag, RecordVal* args, file_analysis::Analyzer* a);
+	file_analysis::Analyzer* QueueAdd(file_analysis::Tag tag, RecordVal* args);

 	/**
 	 * Remove an analyzer from #file immediately.