Jon Siwek
cbbe7b52dc
Review/fix/change file reassembly functionality.
...
- Re-arrange how some fa_file fields (e.g. source, connection info, mime
type) get updated/set for consistency.
- Add more robust mechanisms for flushing the reassembly buffer.
The goal being to report all gaps and deliveries to file analyzers
regardless of the state of the reassembly buffer at the time it has to
be flushed.
2014-12-16 14:05:15 -06:00
Seth Hall
cafd35e746
Updates the files event api and brings file reassembly up to master.
2014-09-26 00:40:37 -04:00
Jon Siwek
89ae4ffd05
Add options to limit extracted file sizes w/ 100MB default.
2013-08-22 16:37:58 -05:00
Jon Siwek
5fa9c5865b
Factor out the need for a tag field in Files::AnalyzerArgs record.
...
This cleans up internals of how analyzer instances get identified by the
tag plus any args given to it and doesn't change script code a user
would write.
2013-07-31 09:48:19 -05:00
Robin Sommer
d8b05af7e5
Merge remote-tracking branch 'origin/topic/jsiwek/faf-cleanup'
...
Closes #1002 .
* origin/topic/jsiwek/faf-cleanup:
Move file analyzers to new plugin infrastructure.
Add a general file analysis overview/how-to document.
Improve file analysis doxygen comments.
Improve tracking of HTTP file extraction (addresses #988 ).
Fix HTTP multipart body file analysis.
Remove logging of analyzers field of FileAnalysis::Info.
Remove extraction counter in default file extraction scripts.
Remove FileAnalysis::postpone_timeout.
Make default get_file_handle handlers &priority=5.
Add input interface to forward data for file analysis.
File analysis framework interface simplifications.
2013-07-03 16:27:16 -07:00
Jon Siwek
f82167d067
Improve file analysis doxygen comments.
2013-05-23 10:22:49 -05:00
Robin Sommer
7610aa31b6
Various smalle tweaks in preparation for merging.
2013-05-13 16:47:00 -07:00
Jon Siwek
b8c98b8bf7
FileAnalysis: change terminology s/action/analyzer
2013-04-11 14:53:54 -05:00
