Raise http_entity_data in line with data arrival.

As opposed to delaying until a certain-sized-buffer fills, which is problematic because then the event becomes out of sync with the "rest of the world". E.g. content_gap handlers being called sooner than expected. Addresses BIT-1240.
2025-10-05 16:18:19 +00:00 · 2014-09-10 13:20:47 -05:00 · 2014-09-10 13:20:47 -05:00 · f97f58e9db
commit f97f58e9db
parent 9563726612
8 changed files with 46 additions and 151 deletions
--- a/testing/btest/scripts/base/protocols/http/entity-gap.bro
+++ b/testing/btest/scripts/base/protocols/http/entity-gap.bro
@ -0,0 +1,24 @@
+# @TEST-EXEC: bro -r $TRACES/http/entity_gap.trace %INPUT
+# @TEST-EXEC: btest-diff entity_data
+# @TEST-EXEC: btest-diff extract_files/file0
+
+global f = open("entity_data");
+global fn = 0;
+
+event http_entity_data(c: connection, is_orig: bool, length: count,
+                       data: string)
+	{
+	print f, data;
+	}
+
+event content_gap(c: connection, is_orig: bool, seq: count, length: count)
+	{
+	print f, fmt("<%d byte gap>", length);
+	}
+
+event file_new(f: fa_file)
+	{
+	Files::add_analyzer(f, Files::ANALYZER_EXTRACT,
+					   [$extract_filename=fmt("file%d", fn)]);
+	++fn;
+	}