#include "suricata-common.h"
#include "suricata.h"
#include "debug.h"
#include "flow.h"
#include "stream.h"
#include "stream-tcp.h"
#include "runmodes.h"
#include "util-hash.h"
#include "util-debug.h"
#include "util-memcmp.h"
#include "util-print.h"
#include "app-layer-parser.h"
#include "util-validate.h"

Include dependency graph for util-file.c:

Functions
void	FileForceFilestoreEnable (void)

void	FileForceMagicEnable (void)

void	FileForceMd5Enable (void)

void	FileForceSha1Enable (void)

void	FileForceSha256Enable (void)

int	FileForceFilestore (void)

void	FileReassemblyDepthEnable (uint32_t size)

uint32_t	FileReassemblyDepth (void)

int	FileForceMagic (void)

int	FileForceMd5 (void)

int	FileForceSha1 (void)

int	FileForceSha256 (void)

void	FileForceTrackingEnable (void)

void	FileForceHashParseCfg (ConfNode *conf)
	Function to parse forced file hashing configuration. More...

uint16_t	FileFlowToFlags (const Flow *flow, uint8_t direction)

uint64_t	FileDataSize (const File *file)
	get the size of the file data More...

uint64_t	FileTrackedSize (const File *file)
	get the size of the file More...

void	FilePrune (FileContainer *ffc)

FileContainer *	FileContainerAlloc (void)
	allocate a FileContainer More...

void	FileContainerRecycle (FileContainer *ffc)
	Recycle a FileContainer. More...

void	FileContainerFree (FileContainer *ffc)
	Free a FileContainer. More...

void	FileContainerAdd (FileContainer ffc, File ff)

int	FileStore (File *ff)
	Tag a file for storing. More...

int	FileSetTx (File *ff, uint64_t txid)
	Set the TX id for a file. More...

void	FileContainerSetTx (FileContainer *ffc, uint64_t tx_id)

int	FileAppendData (FileContainer ffc, const uint8_t data, uint32_t data_len)
	Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used. More...

int	FileAppendDataById (FileContainer ffc, uint32_t track_id, const uint8_t data, uint32_t data_len)
	Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More...

int	FileAppendGAPById (FileContainer ffc, uint32_t track_id, const uint8_t data, uint32_t data_len)
	Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More...

void	FileSetInspectSizes (File *file, const uint32_t win, const uint32_t min)

int	FileSetRange (FileContainer *ffc, uint64_t start, uint64_t end)
	Sets the offset range for a file. More...

int	FileOpenFileWithId (FileContainer ffc, const StreamingBufferConfig sbcfg, uint32_t track_id, const uint8_t name, uint16_t name_len, const uint8_t data, uint32_t data_len, uint16_t flags)
	Open a new File. More...

int	FileCloseFilePtr (File ff, const uint8_t data, uint32_t data_len, uint16_t flags)

int	FileCloseFile (FileContainer ffc, const uint8_t data, uint32_t data_len, uint16_t flags)
	Close a File. More...

int	FileCloseFileById (FileContainer ffc, uint32_t track_id, const uint8_t data, uint32_t data_len, uint16_t flags)

void	FileUpdateFlowFileFlags (Flow *f, uint16_t set_file_flags, uint8_t direction)
	set a flow's file flags More...

void	FileDisableStoringForTransaction (Flow *f, uint8_t direction, uint64_t tx_id)
	disable file storing for files in a transaction More...

void	FileStoreFileById (FileContainer *fc, uint32_t file_id)
	flag a file with id "file_id" to be stored. More...

void	FileStoreAllFilesForTx (FileContainer *fc, uint64_t tx_id)

void	FileStoreAllFiles (FileContainer *fc)

void	FileTruncateAllOpenFiles (FileContainer *fc)

Variables
int	g_detect_disabled

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Pablo Rincon pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om

Definition in file util-file.c.

Function Documentation

◆ FileAppendData()

int FileAppendData	(	FileContainer *	ffc,
		const uint8_t *	data,
		uint32_t	data_len
	)

Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used.

Store a chunk of file data in the flow. The open "flowfile" will be used.

Parameters

ffc	FileContainer used to append to
data	data chunk
data_len	data chunk len

Return values

0	ok
-1	error
-2	no store for this file

Definition at line 707 of file util-file.c.

References SCEnter, SCReturnInt, and FileContainer_::tail.

Referenced by HTPFileStoreChunk().

Here is the caller graph for this function:

◆ FileAppendDataById()

int FileAppendDataById	(	FileContainer *	ffc,
		uint32_t	track_id,
		const uint8_t *	data,
		uint32_t	data_len
	)

Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.

Parameters

ffc	FileContainer used to append to
track_id	id to lookup the file
data	data chunk
data_len	data chunk len

Return values

0	ok
-1	error
-2	no store for this file

Definition at line 731 of file util-file.c.

References File_::file_track_id, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.

Referenced by InitGlobal().

Here is the caller graph for this function:

◆ FileAppendGAPById()

int FileAppendGAPById	(	FileContainer *	ffc,
		uint32_t	track_id,
		const uint8_t *	data,
		uint32_t	data_len
	)

Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.

Parameters

ffc	FileContainer used to append to
track_id	id to lookup the file
data	data chunk
data_len	data chunk len

Return values

0	ok
-1	error
-2	no store for this file

Definition at line 762 of file util-file.c.

References FILE_HAS_GAPS, FILE_MD5, FILE_NOMD5, FILE_NOSHA1, FILE_NOSHA256, FILE_SHA1, FILE_SHA256, File_::file_track_id, File_::flags, FileContainer_::head, File_::next, SCEnter, SCLogDebug, SCReturnInt, and FileContainer_::tail.

Referenced by InitGlobal().

Here is the caller graph for this function:

◆ FileCloseFile()

int FileCloseFile	(	FileContainer *	ffc,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Close a File.

Parameters

ffc	the container
data	final data if any
data_len	data len if any
flags	flags

Return values

0	ok
-1	error

Definition at line 1012 of file util-file.c.

References FileCloseFilePtr(), flags, SCEnter, SCReturnInt, and FileContainer_::tail.

Referenced by HTPFileClose().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ FileCloseFileById()

int FileCloseFileById	(	FileContainer *	ffc,
		uint32_t	track_id,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Definition at line 1028 of file util-file.c.

References File_::file_track_id, FileCloseFilePtr(), flags, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.

Referenced by InitGlobal().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ FileCloseFilePtr()

int FileCloseFilePtr	(	File *	ff,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Definition at line 930 of file util-file.c.

References FILE_NOSTORE, FILE_STATE_OPENED, File_::flags, SCEnter, SCReturnInt, File_::size, and File_::state.

Referenced by FileCloseFile(), FileCloseFileById(), and FileTruncateAllOpenFiles().

Here is the caller graph for this function:

◆ FileContainerAdd()

void FileContainerAdd	(	FileContainer *	ffc,
		File *	ff
	)

Definition at line 539 of file util-file.c.

References FileContainer_::head, File_::next, and FileContainer_::tail.

◆ FileContainerAlloc()

FileContainer* FileContainerAlloc ( void )

allocate a FileContainer

Return values

new	newly allocated FileContainer
NULL	error

Definition at line 423 of file util-file.c.

References SC_ERR_MEM_ALLOC, SCLogError, SCMalloc, and unlikely.

Referenced by SMTPProcessDataChunk().

Here is the caller graph for this function:

◆ FileContainerFree()

void FileContainerFree ( FileContainer * ffc )

Free a FileContainer.

Parameters

ffc	FileContainer

Definition at line 459 of file util-file.c.

References FileContainer_::head, next, and File_::next.

◆ FileContainerRecycle()

void FileContainerRecycle ( FileContainer * ffc )

Recycle a FileContainer.

Parameters

ffc	FileContainer

Definition at line 440 of file util-file.c.

References FileContainer_::head, next, and File_::next.

Referenced by InitGlobal().

Here is the caller graph for this function:

◆ FileContainerSetTx()

void FileContainerSetTx	(	FileContainer *	ffc,
		uint64_t	tx_id
	)

Definition at line 574 of file util-file.c.

References FileSetTx(), and FileContainer_::tail.

Referenced by InitGlobal().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ FileDataSize()

uint64_t FileDataSize ( const File * file )

get the size of the file data

This doesn't reflect how much of the file we have in memory, just the total size of filedata so far.

Definition at line 291 of file util-file.c.

References StreamingBuffer_::buf_offset, File_::sb, SCLogDebug, and StreamingBuffer_::stream_offset.

◆ FileDisableStoringForTransaction()

void FileDisableStoringForTransaction	(	Flow *	f,
		uint8_t	direction,
		uint64_t	tx_id
	)

disable file storing for files in a transaction

disable file storing for a transaction

Parameters

f	LOCKED flow
direction	flow direction
tx_id	transaction id

Definition at line 1154 of file util-file.c.

References AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, FILE_STORE, File_::flags, FileContainer_::head, File_::next, SCEnter, SCLogDebug, and File_::txid.

Here is the call graph for this function:

◆ FileFlowToFlags()

uint16_t FileFlowToFlags	(	const Flow *	flow,
		uint8_t	direction
	)

Definition at line 231 of file util-file.c.

References Flow_::file_flags, FILE_NOMAGIC, FILE_NOMD5, FILE_NOSHA1, FILE_NOSHA256, FILE_NOSTORE, flags, FLOWFILE_NO_MAGIC_TC, FLOWFILE_NO_MAGIC_TS, FLOWFILE_NO_MD5_TC, FLOWFILE_NO_MD5_TS, FLOWFILE_NO_SHA1_TC, FLOWFILE_NO_SHA1_TS, FLOWFILE_NO_SHA256_TC, FLOWFILE_NO_SHA256_TS, FLOWFILE_NO_STORE_TC, FLOWFILE_NO_STORE_TS, and STREAM_TOSERVER.

Referenced by SMTPProcessDataChunk().

Here is the caller graph for this function:

◆ FileForceFilestore()

int FileForceFilestore ( void )

Definition at line 124 of file util-file.c.

◆ FileForceFilestoreEnable()

void FileForceFilestoreEnable ( void )

Definition at line 94 of file util-file.c.

◆ FileForceHashParseCfg()

void FileForceHashParseCfg ( ConfNode * conf )

Function to parse forced file hashing configuration.

Definition at line 172 of file util-file.c.

References BUG_ON, ConfNodeLookupChild(), ConfNodeLookupChildValue(), ConfValIsTrue(), FileForceMd5Enable(), FileForceSha1Enable(), FileForceSha256Enable(), next, SC_ERR_DEPRECATED_CONF, SCLogInfo, SCLogWarning, TAILQ_FOREACH, and ConfNode_::val.

Here is the call graph for this function:

◆ FileForceMagic()

int FileForceMagic ( void )

Definition at line 143 of file util-file.c.

◆ FileForceMagicEnable()

void FileForceMagicEnable ( void )

Definition at line 100 of file util-file.c.

◆ FileForceMd5()

int FileForceMd5 ( void )

Definition at line 148 of file util-file.c.

◆ FileForceMd5Enable()

void FileForceMd5Enable ( void )

Definition at line 106 of file util-file.c.

Referenced by FileForceHashParseCfg().

Here is the caller graph for this function:

◆ FileForceSha1()

int FileForceSha1 ( void )

Definition at line 153 of file util-file.c.

◆ FileForceSha1Enable()

void FileForceSha1Enable ( void )

Definition at line 112 of file util-file.c.

Referenced by FileForceHashParseCfg().

Here is the caller graph for this function:

◆ FileForceSha256()

int FileForceSha256 ( void )

Definition at line 158 of file util-file.c.

◆ FileForceSha256Enable()

void FileForceSha256Enable ( void )

Definition at line 118 of file util-file.c.

Referenced by FileForceHashParseCfg().

Here is the caller graph for this function:

◆ FileForceTrackingEnable()

void FileForceTrackingEnable ( void )

Definition at line 163 of file util-file.c.

◆ FileOpenFileWithId()

int FileOpenFileWithId	(	FileContainer *	ffc,
		const StreamingBufferConfig *	sbcfg,
		uint32_t	track_id,
		const uint8_t *	name,
		uint16_t	name_len,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)