|
suricata
|
|
suricata
|
#include "suricata-common.h"#include "suricata.h"#include "debug.h"#include "flow.h"#include "stream.h"#include "stream-tcp.h"#include "runmodes.h"#include "util-hash.h"#include "util-debug.h"#include "util-memcmp.h"#include "util-print.h"#include "app-layer-parser.h"#include "util-validate.h"
Go to the source code of this file.
Functions | |
| void | FileForceFilestoreEnable (void) |
| void | FileForceMagicEnable (void) |
| void | FileForceMd5Enable (void) |
| void | FileForceSha1Enable (void) |
| void | FileForceSha256Enable (void) |
| int | FileForceFilestore (void) |
| void | FileReassemblyDepthEnable (uint32_t size) |
| uint32_t | FileReassemblyDepth (void) |
| int | FileForceMagic (void) |
| int | FileForceMd5 (void) |
| int | FileForceSha1 (void) |
| int | FileForceSha256 (void) |
| void | FileForceTrackingEnable (void) |
| void | FileForceHashParseCfg (ConfNode *conf) |
| Function to parse forced file hashing configuration. More... | |
| uint16_t | FileFlowToFlags (const Flow *flow, uint8_t direction) |
| uint64_t | FileDataSize (const File *file) |
| get the size of the file data More... | |
| uint64_t | FileTrackedSize (const File *file) |
| get the size of the file More... | |
| void | FilePrune (FileContainer *ffc) |
| FileContainer * | FileContainerAlloc (void) |
| allocate a FileContainer More... | |
| void | FileContainerRecycle (FileContainer *ffc) |
| Recycle a FileContainer. More... | |
| void | FileContainerFree (FileContainer *ffc) |
| Free a FileContainer. More... | |
| void | FileContainerAdd (FileContainer *ffc, File *ff) |
| int | FileStore (File *ff) |
| Tag a file for storing. More... | |
| int | FileSetTx (File *ff, uint64_t txid) |
| Set the TX id for a file. More... | |
| void | FileContainerSetTx (FileContainer *ffc, uint64_t tx_id) |
| int | FileAppendData (FileContainer *ffc, const uint8_t *data, uint32_t data_len) |
| Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used. More... | |
| int | FileAppendDataById (FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len) |
| Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More... | |
| int | FileAppendGAPById (FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len) |
| Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More... | |
| int | FileSetRange (FileContainer *ffc, uint64_t start, uint64_t end) |
| Sets the offset range for a file. More... | |
| File * | FileOpenFile (FileContainer *ffc, const StreamingBufferConfig *sbcfg, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| Open a new File. More... | |
| int | FileOpenFileWithId (FileContainer *ffc, const StreamingBufferConfig *sbcfg, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| int | FileCloseFilePtr (File *ff, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| int | FileCloseFile (FileContainer *ffc, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| Close a File. More... | |
| int | FileCloseFileById (FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| void | FileDisableStoring (Flow *f, uint8_t direction) |
| disable file storage for a flow More... | |
| void | FileDisableMagic (Flow *f, uint8_t direction) |
| disable file magic lookups for this flow More... | |
| void | FileDisableMd5 (Flow *f, uint8_t direction) |
| disable file md5 calc for this flow More... | |
| void | FileDisableSha1 (Flow *f, uint8_t direction) |
| disable file sha1 calc for this flow More... | |
| void | FileDisableSha256 (Flow *f, uint8_t direction) |
| disable file sha256 calc for this flow More... | |
| void | FileDisableFilesize (Flow *f, uint8_t direction) |
| disable file size tracking for this flow More... | |
| void | FileDisableStoringForTransaction (Flow *f, uint8_t direction, uint64_t tx_id) |
| disable file storing for files in a transaction More... | |
| void | FileStoreFileById (FileContainer *fc, uint32_t file_id) |
| flag a file with id "file_id" to be stored. More... | |
| void | FileStoreAllFilesForTx (FileContainer *fc, uint64_t tx_id) |
| void | FileStoreAllFiles (FileContainer *fc) |
| void | FileTruncateAllOpenFiles (FileContainer *fc) |
Definition in file util-file.c.
| int FileAppendData | ( | FileContainer * | ffc, |
| const uint8_t * | data, | ||
| uint32_t | data_len | ||
| ) |
Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used.
Store a chunk of file data in the flow. The open "flowfile" will be used.
| ffc | FileContainer used to append to |
| data | data chunk |
| data_len | data chunk len |
| 0 | ok |
| -1 | error |
| -2 | no store for this file |
Definition at line 663 of file util-file.c.
References SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by HTPFileStoreChunk(), and SMTPProcessDataChunk().
| int FileAppendDataById | ( | FileContainer * | ffc, |
| uint32_t | track_id, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len | ||
| ) |
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.
| ffc | FileContainer used to append to |
| track_id | id to lookup the file |
| data | data chunk |
| data_len | data chunk len |
| 0 | ok |
| -1 | error |
| -2 | no store for this file |
Definition at line 687 of file util-file.c.
References File_::file_track_id, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by main().
| int FileAppendGAPById | ( | FileContainer * | ffc, |
| uint32_t | track_id, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len | ||
| ) |
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.
| ffc | FileContainer used to append to |
| track_id | id to lookup the file |
| data | data chunk |
| data_len | data chunk len |
| 0 | ok |
| -1 | error |
| -2 | no store for this file |
Definition at line 718 of file util-file.c.
References FILE_HAS_GAPS, FILE_MD5, FILE_NOMD5, FILE_NOSHA1, FILE_NOSHA256, FILE_SHA1, FILE_SHA256, File_::file_track_id, File_::flags, FileContainer_::head, File_::next, SCEnter, SCLogDebug, SCReturnInt, and FileContainer_::tail.
Referenced by main().
| int FileCloseFile | ( | FileContainer * | ffc, |
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
Close a File.
| ffc | the container |
| data | final data if any |
| data_len | data len if any |
| flags | flags |
| 0 | ok |
| -1 | error |
Definition at line 963 of file util-file.c.
References FileCloseFilePtr(), SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by HTPFileClose(), and SMTPProcessDataChunk().
| int FileCloseFileById | ( | FileContainer * | ffc, |
| uint32_t | track_id, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
Definition at line 979 of file util-file.c.
References File_::file_track_id, FileCloseFilePtr(), FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by main().
| int FileCloseFilePtr | ( | File * | ff, |
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
Definition at line 881 of file util-file.c.
References FILE_HAS_GAPS, FILE_MD5, FILE_NOSTORE, FILE_SHA1, FILE_STATE_CLOSED, FILE_STATE_ERROR, FILE_STATE_OPENED, FILE_STATE_TRUNCATED, FILE_TRUNCATED, File_::flags, len, SCEnter, SCLogDebug, SCReturnInt, File_::size, and File_::state.
Referenced by FileCloseFile(), FileCloseFileById(), FileDisableFilesize(), FileTruncateAllOpenFiles(), and OutputRegisterFiledataLogger().
| void FileContainerAdd | ( | FileContainer * | ffc, |
| File * | ff | ||
| ) |
Definition at line 496 of file util-file.c.
References FileContainer_::head, File_::next, and FileContainer_::tail.
Referenced by FileOpenFile().
| FileContainer* FileContainerAlloc | ( | void | ) |
allocate a FileContainer
| new | newly allocated FileContainer |
| NULL | error |
Definition at line 380 of file util-file.c.
References SC_ERR_MEM_ALLOC, SCLogError, SCMalloc, and unlikely.
Referenced by HTPFileOpen(), and SMTPProcessDataChunk().
| void FileContainerFree | ( | FileContainer * | ffc | ) |
Free a FileContainer.
| ffc | FileContainer |
Definition at line 416 of file util-file.c.
References FileContainer_::head, File_::name, File_::next, next, File_::sb, SC_ERR_MEM_ALLOC, SCFree, SCLogError, SCMalloc, File_::sid, StreamingBufferFree(), FileContainer_::tail, and unlikely.
Referenced by HTPStateFree(), and SMTPStateAlloc().
| void FileContainerRecycle | ( | FileContainer * | ffc | ) |
Recycle a FileContainer.
| ffc | FileContainer |
Definition at line 397 of file util-file.c.
References FileContainer_::head, File_::next, next, and FileContainer_::tail.
Referenced by main().
| void FileContainerSetTx | ( | FileContainer * | ffc, |
| uint64_t | tx_id | ||
| ) |
Definition at line 531 of file util-file.c.
References BUG_ON, FILE_NOSTORE, FILE_NOTRACK, FILE_STATE_ERROR, FILE_STATE_OPENED, FILE_STATE_TRUNCATED, FileDataSize(), FileSetTx(), File_::flags, File_::sb, SCEnter, SCLogDebug, SCReturnInt, File_::size, File_::state, StreamingBufferAppendNoTrack(), and FileContainer_::tail.
Referenced by main().
| uint64_t FileDataSize | ( | const File * | file | ) |
get the size of the file data
This doesn't reflect how much of the file we have in memory, just the total size of filedata so far.
Definition at line 277 of file util-file.c.
References StreamingBuffer_::buf_offset, File_::sb, SCLogDebug, and StreamingBuffer_::stream_offset.
Referenced by DetectFilemagicRegister(), FileContainerSetTx(), FileDisableFilesize(), FileTrackedSize(), HTPFileClose(), OutputRegisterFiledataLogger(), and SMTPParserCleanup().
| void FileDisableFilesize | ( | Flow * | f, |
| uint8_t | direction | ||
| ) |
disable file size tracking for this flow
| f | LOCKED flow |
| direction | flow direction |
Definition at line 1184 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, Flow_::file_flags, FILE_NOSTORE, FILE_NOTRACK, FILE_STATE_OPENED, FILE_TRUNCATED, FileCloseFilePtr(), FileDataSize(), File_::flags, FLOWFILE_NO_SIZE_TC, FLOWFILE_NO_SIZE_TS, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, File_::state, and STREAM_TOSERVER.
Referenced by SigMatchSignaturesGetSgh().
| void FileDisableMagic | ( | Flow * | f, |
| uint8_t | direction | ||
| ) |
disable file magic lookups for this flow
| f | LOCKED flow |
| direction | flow direction |
Definition at line 1036 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, Flow_::file_flags, FILE_NOMAGIC, File_::flags, FLOWFILE_NO_MAGIC_TC, FLOWFILE_NO_MAGIC_TS, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, and STREAM_TOSERVER.
Referenced by SigMatchSignaturesGetSgh().
| void FileDisableMd5 | ( | Flow * | f, |
| uint8_t | direction | ||
| ) |
disable file md5 calc for this flow
| f | LOCKED flow |
| direction | flow direction |
Definition at line 1067 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, Flow_::file_flags, FILE_NOMD5, File_::flags, FLOWFILE_NO_MD5_TC, FLOWFILE_NO_MD5_TS, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, and STREAM_TOSERVER.
Referenced by SigMatchSignaturesGetSgh().
| void FileDisableSha1 | ( | Flow * | f, |
| uint8_t | direction | ||
| ) |
disable file sha1 calc for this flow
| f | LOCKED flow |
| direction | flow direction |
Definition at line 1106 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, Flow_::file_flags, FILE_NOSHA1, File_::flags, FLOWFILE_NO_SHA1_TC, FLOWFILE_NO_SHA1_TS, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, and STREAM_TOSERVER.
Referenced by SigMatchSignaturesGetSgh().
| void FileDisableSha256 | ( | Flow * | f, |
| uint8_t | direction | ||
| ) |
disable file sha256 calc for this flow
| f | LOCKED flow |
| direction | flow direction |
Definition at line 1145 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, Flow_::file_flags, FILE_NOSHA256, File_::flags, FLOWFILE_NO_SHA256_TC, FLOWFILE_NO_SHA256_TS, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, and STREAM_TOSERVER.
Referenced by SigMatchSignaturesGetSgh().
| void FileDisableStoring | ( | Flow * | f, |
| uint8_t | direction | ||
| ) |
disable file storage for a flow
| f | LOCKED flow |
| direction | flow direction |
Definition at line 1004 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, Flow_::file_flags, FILE_NOSTORE, FILE_STORE, File_::flags, FLOWFILE_NO_STORE_TC, FLOWFILE_NO_STORE_TS, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, and STREAM_TOSERVER.
Referenced by SigMatchSignaturesGetSgh().
| void FileDisableStoringForTransaction | ( | Flow * | f, |
| uint8_t | direction, | ||
| uint64_t | tx_id | ||
| ) |
disable file storing for files in a transaction
disable file storing for a transaction
| f | LOCKED flow |
| direction | flow direction |
| tx_id | transaction id |
Definition at line 1242 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, FILE_STORE, File_::flags, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, and File_::txid.
Referenced by DetectEngineStateFree().
| uint16_t FileFlowToFlags | ( | const Flow * | flow, |
| uint8_t | direction | ||
| ) |
Definition at line 217 of file util-file.c.
References Flow_::file_flags, FILE_NOMAGIC, FILE_NOMD5, FILE_NOSHA1, FILE_NOSHA256, FILE_NOSTORE, flags, FLOWFILE_NO_MAGIC_TC, FLOWFILE_NO_MAGIC_TS, FLOWFILE_NO_MD5_TC, FLOWFILE_NO_MD5_TS, FLOWFILE_NO_SHA1_TC, FLOWFILE_NO_SHA1_TS, FLOWFILE_NO_SHA256_TC, FLOWFILE_NO_SHA256_TS, FLOWFILE_NO_STORE_TC, FLOWFILE_NO_STORE_TS, and STREAM_TOSERVER.
Referenced by HTPFileOpen(), RegisterNFSTCPParsers(), RegisterNFSUDPParsers(), and SMTPProcessDataChunk().
| int FileForceFilestore | ( | void | ) |
Definition at line 111 of file util-file.c.
Referenced by SigMatchSignaturesGetSgh().
| void FileForceFilestoreEnable | ( | void | ) |
Definition at line 86 of file util-file.c.
| void FileForceHashParseCfg | ( | ConfNode * | conf | ) |
Function to parse forced file hashing configuration.
Definition at line 158 of file util-file.c.
References BUG_ON, ConfNodeLookupChild(), ConfNodeLookupChildValue(), ConfValIsTrue(), FileForceMd5Enable(), FileForceSha1Enable(), FileForceSha256Enable(), next, SC_ERR_DEPRECATED_CONF, SCLogInfo, SCLogWarning, TAILQ_FOREACH, and ConfNode_::val.
| int FileForceMagic | ( | void | ) |
Definition at line 130 of file util-file.c.
Referenced by OutputRegisterFiledataLogger(), OutputRegisterFileLogger(), and SigMatchSignaturesGetSgh().
| void FileForceMagicEnable | ( | void | ) |
Definition at line 91 of file util-file.c.
| int FileForceMd5 | ( | void | ) |
Definition at line 135 of file util-file.c.
Referenced by SigMatchSignaturesGetSgh().
| void FileForceMd5Enable | ( | void | ) |
Definition at line 96 of file util-file.c.
Referenced by FileForceHashParseCfg().
| int FileForceSha1 | ( | void | ) |
Definition at line 140 of file util-file.c.
Referenced by SigMatchSignaturesGetSgh().
| void FileForceSha1Enable | ( | void | ) |
Definition at line 101 of file util-file.c.
Referenced by FileForceHashParseCfg().
| int FileForceSha256 | ( | void | ) |
Definition at line 145 of file util-file.c.
Referenced by SigMatchSignaturesGetSgh().
| void FileForceSha256Enable | ( | void | ) |
Definition at line 106 of file util-file.c.
Referenced by FileForceHashParseCfg().
| void FileForceTrackingEnable | ( | void | ) |
Definition at line 150 of file util-file.c.
| File* FileOpenFile | ( | FileContainer * | ffc, |
| const StreamingBufferConfig * | sbcfg, | ||
| const uint8_t * | name, | ||
| uint16_t | name_len, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
Open a new File.
| ffc | flow container |
| sbcfg | buffer config |
| name | filename character array |
| name_len | filename len |
| data | initial data |
| data_len | initial data len |
| flags | open flags |
| ff | flowfile object |
Definition at line 778 of file util-file.c.
References File_::fd, FILE_NOMAGIC, FILE_NOMD5, FILE_NOSHA1, FILE_NOSHA256, FILE_NOSTORE, FILE_STATE_ERROR, FILE_STATE_OPENED, FILE_STORE, FILE_USE_DETECT, FileContainerAdd(), FileStore(), FileTrackedSize(), File_::flags, File_::sb, SCEnter, SCLogDebug, SCReturnPtr, File_::size, File_::state, and StreamingBufferInit().
Referenced by FileOpenFileWithId(), HTPFileOpen(), and SMTPProcessDataChunk().
| int FileOpenFileWithId | ( | FileContainer * | ffc, |
| const StreamingBufferConfig * | sbcfg, | ||
| uint32_t | track_id, | ||
| const uint8_t * | name, | ||
| uint16_t | name_len, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
| 0 | ok |
| -1 | failed |
Definition at line 868 of file util-file.c.
References File_::file_track_id, FILE_USE_TRACKID, FileOpenFile(), and File_::flags.
Referenced by main().
| void FilePrune | ( | FileContainer * | ffc | ) |
Definition at line 345 of file util-file.c.
References FileContainer_::head, File_::next, SCLogDebug, and FileContainer_::tail.
Referenced by HTPFileClose(), HTPFileOpen(), HTPFileStoreChunk(), main(), OutputRegisterFiledataLogger(), OutputRegisterFileLogger(), and SMTPProcessDataChunk().
| uint32_t FileReassemblyDepth | ( | void | ) |
Definition at line 122 of file util-file.c.
References TcpStreamCnf_::reassembly_depth, and stream_config.
Referenced by DetectFilestoreRegister().
| void FileReassemblyDepthEnable | ( | uint32_t | size | ) |
Definition at line 116 of file util-file.c.
| int FileSetRange | ( | FileContainer * | ffc, |
| uint64_t | start, | ||
| uint64_t | end | ||
| ) |
Sets the offset range for a file.
| ffc | the container |
| start | start offset |
| end | end offset |
| 0 | ok |
| -1 | error |
Definition at line 751 of file util-file.c.
References File_::end, SCEnter, SCReturnInt, File_::start, and FileContainer_::tail.
Referenced by HTPFileSetRange().
| int FileSetTx | ( | File * | ff, |
| uint64_t | txid | ||
| ) |
Set the TX id for a file.
| ff | The file to store |
| txid | the tx id |
Definition at line 523 of file util-file.c.
References SCLogDebug, SCReturnInt, and File_::txid.
Referenced by FileContainerSetTx(), and HTPFileOpen().
| int FileStore | ( | File * | ff | ) |
Tag a file for storing.
| ff | The file to store |
Definition at line 511 of file util-file.c.
References FILE_STORE, File_::flags, and SCReturnInt.
Referenced by FileOpenFile(), FileStoreAllFiles(), FileStoreAllFilesForTx(), and FileStoreFileById().
| void FileStoreAllFiles | ( | FileContainer * | fc | ) |
Definition at line 1303 of file util-file.c.
References FileStore(), FileContainer_::head, File_::next, and SCEnter.
Referenced by DetectFilestoreRegister().
| void FileStoreAllFilesForTx | ( | FileContainer * | fc, |
| uint64_t | tx_id | ||
| ) |
Definition at line 1288 of file util-file.c.
References FileStore(), FileContainer_::head, File_::next, SCEnter, and File_::txid.
Referenced by DetectFilestoreRegister().
| void FileStoreFileById | ( | FileContainer * | fc, |
| uint32_t | file_id | ||
| ) |
flag a file with id "file_id" to be stored.
| fc | file store |
| file_id | the file's id |
Definition at line 1273 of file util-file.c.
References File_::file_store_id, FileStore(), FileContainer_::head, File_::next, and SCEnter.
Referenced by DetectFilestoreRegister().
| uint64_t FileTrackedSize | ( | const File * | file | ) |
get the size of the file
This doesn't reflect how much of the file we have in memory, just the total size of file so far.
Definition at line 294 of file util-file.c.
References File_::content_inspected, File_::content_stored, FILE_LOGGED, FILE_NOMAGIC, FILE_NOSTORE, FILE_STATE_CLOSED, FILE_STORED, FILE_USE_DETECT, FileDataSize(), File_::flags, MIN, RunModeOutputFiledataEnabled(), RunModeOutputFileEnabled(), File_::sb, SCEnter, SCLogDebug, SCReturnInt, File_::size, File_::state, and StreamingBufferSlideToOffset().
Referenced by DetectFilesizeRegister(), FileOpenFile(), and SMTPParserCleanup().
| void FileTruncateAllOpenFiles | ( | FileContainer * | fc | ) |
Definition at line 1316 of file util-file.c.
References FILE_SHA256, FILE_STATE_OPENED, FILE_TRUNCATED, FileCloseFilePtr(), File_::flags, FileContainer_::head, len, File_::next, SCEnter, and File_::state.
Referenced by AppLayerHtpPrintStats(), and SMTPStateAlloc().
1.8.11