analyzer: Have exited processes read all data#332
Merged
Conversation
mattnibs
force-pushed
the
proc-readall
branch
5 times, most recently
from
39e916b to
8f4d167
Compare
Contributor
tl;drThis is a functional 👍 for me! DetailsI pointed my Zui at the Brimcap commit from this branch and tested it out with the pcaps I mentioned in #331 comments and saw the improvements expected in both cases.
to this accurate one:
and that latter error message will go away entirely when the Zeek v6.0.3-based artifact is in use since that has support for this link type.
to a successful import:
i.e., Suricata quietly refused to do anything with this pcap since it doesn't support the link layer protocol, but since it returned an exit code of 0 the Zui user gets only Zeek events. This seems like a fine place to be while we wait to see if the Suricata people ever catch up and address the existing issues. |
This commit changes the behavior for analyzer processes so that processes that have successfully exited without reading all the data will continue to consume data from the byte stream insteading of returning an error and putting a stop to the copy goroutine. Closes #331
mattnibs
force-pushed
the
proc-readall
branch
from
8f4d167 to
20ff91e
Compare
nwt
approved these changes
Jan 29, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit changes the behavior for analyzer processes so that processes that have successfully exited without reading all the data will continue to consume data from the byte stream insteading of returning an error and putting a stop to the copy goroutine.
Closes #331