|
suricata
|
|
suricata
|
#include "suricata-common.h"#include "suricata.h"#include "debug.h"#include "flow.h"#include "stream.h"#include "stream-tcp.h"#include "runmodes.h"#include "util-hash.h"#include "util-debug.h"#include "util-memcmp.h"#include "util-print.h"#include "app-layer-parser.h"#include "util-validate.h"
Go to the source code of this file.
Functions | |
| void | FileForceFilestoreEnable (void) |
| void | FileForceMagicEnable (void) |
| void | FileForceMd5Enable (void) |
| void | FileForceSha1Enable (void) |
| void | FileForceSha256Enable (void) |
| int | FileForceFilestore (void) |
| void | FileReassemblyDepthEnable (uint32_t size) |
| uint32_t | FileReassemblyDepth (void) |
| int | FileForceMagic (void) |
| int | FileForceMd5 (void) |
| int | FileForceSha1 (void) |
| int | FileForceSha256 (void) |
| void | FileForceTrackingEnable (void) |
| void | FileForceHashParseCfg (ConfNode *conf) |
| Function to parse forced file hashing configuration. More... | |
| uint16_t | FileFlowToFlags (const Flow *flow, uint8_t direction) |
| uint64_t | FileDataSize (const File *file) |
| get the size of the file data More... | |
| uint64_t | FileTrackedSize (const File *file) |
| get the size of the file More... | |
| void | FilePrune (FileContainer *ffc) |
| FileContainer * | FileContainerAlloc (void) |
| allocate a FileContainer More... | |
| void | FileContainerRecycle (FileContainer *ffc) |
| Recycle a FileContainer. More... | |
| void | FileContainerFree (FileContainer *ffc) |
| Free a FileContainer. More... | |
| void | FileContainerAdd (FileContainer *ffc, File *ff) |
| int | FileStore (File *ff) |
| Tag a file for storing. More... | |
| int | FileSetTx (File *ff, uint64_t txid) |
| Set the TX id for a file. More... | |
| void | FileContainerSetTx (FileContainer *ffc, uint64_t tx_id) |
| int | FileAppendData (FileContainer *ffc, const uint8_t *data, uint32_t data_len) |
| Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used. More... | |
| int | FileAppendDataById (FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len) |
| Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More... | |
| int | FileAppendGAPById (FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len) |
| Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More... | |
| void | FileSetInspectSizes (File *file, const uint32_t win, const uint32_t min) |
| int | FileSetRange (FileContainer *ffc, uint64_t start, uint64_t end) |
| Sets the offset range for a file. More... | |
| int | FileOpenFileWithId (FileContainer *ffc, const StreamingBufferConfig *sbcfg, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| Open a new File. More... | |
| int | FileCloseFilePtr (File *ff, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| int | FileCloseFile (FileContainer *ffc, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| Close a File. More... | |
| int | FileCloseFileById (FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| void | FileDisableStoring (Flow *f, uint8_t direction) |
| disable file storage for a flow More... | |
| void | FileDisableMagic (Flow *f, uint8_t direction) |
| disable file magic lookups for this flow More... | |
| void | FileDisableMd5 (Flow *f, uint8_t direction) |
| disable file md5 calc for this flow More... | |
| void | FileDisableSha1 (Flow *f, uint8_t direction) |
| disable file sha1 calc for this flow More... | |
| void | FileDisableSha256 (Flow *f, uint8_t direction) |
| disable file sha256 calc for this flow More... | |
| void | FileDisableFilesize (Flow *f, uint8_t direction) |
| disable file size tracking for this flow More... | |
| void | FileDisableStoringForTransaction (Flow *f, uint8_t direction, uint64_t tx_id) |
| disable file storing for files in a transaction More... | |
| void | FileStoreFileById (FileContainer *fc, uint32_t file_id) |
| flag a file with id "file_id" to be stored. More... | |
| void | FileStoreAllFilesForTx (FileContainer *fc, uint64_t tx_id) |
| void | FileStoreAllFiles (FileContainer *fc) |
| void | FileTruncateAllOpenFiles (FileContainer *fc) |
Variables | |
| int | g_detect_disabled |
Definition in file util-file.c.
| int FileAppendData | ( | FileContainer * | ffc, |
| const uint8_t * | data, | ||
| uint32_t | data_len | ||
| ) |
Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used.
Store a chunk of file data in the flow. The open "flowfile" will be used.
| ffc | FileContainer used to append to |
| data | data chunk |
| data_len | data chunk len |
| 0 | ok |
| -1 | error |
| -2 | no store for this file |
Definition at line 695 of file util-file.c.
References SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by HTPFileStoreChunk(), and SMTPProcessDataChunk().
| int FileAppendDataById | ( | FileContainer * | ffc, |
| uint32_t | track_id, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len | ||
| ) |
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.
| ffc | FileContainer used to append to |
| track_id | id to lookup the file |
| data | data chunk |
| data_len | data chunk len |
| 0 | ok |
| -1 | error |
| -2 | no store for this file |
Definition at line 719 of file util-file.c.
References File_::file_track_id, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by main().
| int FileAppendGAPById | ( | FileContainer * | ffc, |
| uint32_t | track_id, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len | ||
| ) |
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.
| ffc | FileContainer used to append to |
| track_id | id to lookup the file |
| data | data chunk |
| data_len | data chunk len |
| 0 | ok |
| -1 | error |
| -2 | no store for this file |
Definition at line 750 of file util-file.c.
References FILE_HAS_GAPS, FILE_MD5, FILE_NOMD5, FILE_NOSHA1, FILE_NOSHA256, FILE_SHA1, FILE_SHA256, File_::file_track_id, File_::flags, FileContainer_::head, File_::next, SCEnter, SCLogDebug, SCReturnInt, and FileContainer_::tail.
Referenced by main().
| int FileCloseFile | ( | FileContainer * | ffc, |
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
Close a File.
| ffc | the container |
| data | final data if any |
| data_len | data len if any |
| flags | flags |
| 0 | ok |
| -1 | error |
Definition at line 1000 of file util-file.c.
References FileCloseFilePtr(), SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by HTPFileClose(), and SMTPProcessDataChunk().
| int FileCloseFileById | ( | FileContainer * | ffc, |
| uint32_t | track_id, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
Definition at line 1016 of file util-file.c.
References File_::file_track_id, FileCloseFilePtr(), FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by main().
| int FileCloseFilePtr | ( | File * | ff, |
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
Definition at line 918 of file util-file.c.
References FILE_HAS_GAPS, FILE_MD5, FILE_NOSTORE, FILE_SHA1, FILE_STATE_CLOSED, FILE_STATE_ERROR, FILE_STATE_OPENED, FILE_STATE_TRUNCATED, FILE_TRUNCATED, File_::flags, len, SCEnter, SCLogDebug, SCReturnInt, File_::size, and File_::state.
Referenced by FileCloseFile(), FileCloseFileById(), FileDisableFilesize(), FileTruncateAllOpenFiles(), and OutputRegisterFiledataLogger().
| void FileContainerAdd | ( | FileContainer * | ffc, |
| File * | ff | ||
| ) |
Definition at line 527 of file util-file.c.
References FileContainer_::head, File_::next, and FileContainer_::tail.
Referenced by FileSetRange().
| FileContainer* FileContainerAlloc | ( | void | ) |
allocate a FileContainer
| new | newly allocated FileContainer |
| NULL | error |
Definition at line 411 of file util-file.c.
References SC_ERR_MEM_ALLOC, SCLogError, SCMalloc, and unlikely.
Referenced by HTPFileOpen(), and SMTPProcessDataChunk().
| void FileContainerFree | ( | FileContainer * | ffc | ) |
Free a FileContainer.
| ffc | FileContainer |
Definition at line 447 of file util-file.c.
References FileContainer_::head, File_::name, File_::next, next, File_::sb, SC_ERR_MEM_ALLOC, SCFree, SCLogError, SCMalloc, File_::sid, StreamingBufferFree(), FileContainer_::tail, and unlikely.
Referenced by HTPStateFree(), and SMTPStateAlloc().
| void FileContainerRecycle | ( | FileContainer * | ffc | ) |
Recycle a FileContainer.
| ffc | FileContainer |
Definition at line 428 of file util-file.c.
References FileContainer_::head, File_::next, next, and FileContainer_::tail.
Referenced by main().
| void FileContainerSetTx | ( | FileContainer * | ffc, |
| uint64_t | tx_id | ||
| ) |
Definition at line 562 of file util-file.c.
References BUG_ON, FILE_NOSTORE, FILE_NOTRACK, FILE_STATE_ERROR, FILE_STATE_OPENED, FILE_STATE_TRUNCATED, FILE_USE_DETECT, FileDataSize(), FileSetTx(), File_::flags, File_::sb, SCEnter, SCLogDebug, SCReturnInt, File_::size, File_::state, StreamingBufferAppendNoTrack(), and FileContainer_::tail.
Referenced by main().
| uint64_t FileDataSize | ( | const File * | file | ) |
get the size of the file data
This doesn't reflect how much of the file we have in memory, just the total size of filedata so far.
Definition at line 279 of file util-file.c.
References StreamingBuffer_::buf_offset, File_::sb, SCLogDebug, and StreamingBuffer_::stream_offset.
Referenced by DetectFilemagicRegister(), FileContainerSetTx(), FileDisableFilesize(), FileTrackedSize(), HTPFileClose(), OutputRegisterFiledataLogger(), and SMTPParserCleanup().
| void FileDisableFilesize | ( | Flow * | f, |
| uint8_t | direction | ||
| ) |
disable file size tracking for this flow
| f | LOCKED flow |
| direction | flow direction |
Definition at line 1221 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, Flow_::file_flags, FILE_NOSTORE, FILE_NOTRACK, FILE_STATE_OPENED, FILE_TRUNCATED, FileCloseFilePtr(), FileDataSize(), File_::flags, FLOWFILE_NO_SIZE_TC, FLOWFILE_NO_SIZE_TS, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, File_::state, and STREAM_TOSERVER.
Referenced by SigMatchSignaturesGetSgh().
| void FileDisableMagic | ( | Flow * | f, |
| uint8_t | direction | ||
| ) |
disable file magic lookups for this flow
| f | LOCKED flow |
| direction | flow direction |
Definition at line 1073 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, Flow_::file_flags, FILE_NOMAGIC, File_::flags, FLOWFILE_NO_MAGIC_TC, FLOWFILE_NO_MAGIC_TS, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, and STREAM_TOSERVER.
Referenced by SigMatchSignaturesGetSgh().
| void FileDisableMd5 | ( | Flow * | f, |
| uint8_t | direction | ||
| ) |
disable file md5 calc for this flow
| f | LOCKED flow |
| direction | flow direction |
Definition at line 1104 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, Flow_::file_flags, FILE_NOMD5, File_::flags, FLOWFILE_NO_MD5_TC, FLOWFILE_NO_MD5_TS, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, and STREAM_TOSERVER.
Referenced by SigMatchSignaturesGetSgh().
| void FileDisableSha1 | ( | Flow * | f, |
| uint8_t | direction | ||
| ) |
disable file sha1 calc for this flow
| f | LOCKED flow |
| direction | flow direction |
Definition at line 1143 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, Flow_::file_flags, FILE_NOSHA1, File_::flags, FLOWFILE_NO_SHA1_TC, FLOWFILE_NO_SHA1_TS, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, and STREAM_TOSERVER.
Referenced by SigMatchSignaturesGetSgh().
| void FileDisableSha256 | ( | Flow * | f, |
| uint8_t | direction | ||
| ) |
disable file sha256 calc for this flow
| f | LOCKED flow |
| direction | flow direction |
Definition at line 1182 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, Flow_::file_flags, FILE_NOSHA256, File_::flags, FLOWFILE_NO_SHA256_TC, FLOWFILE_NO_SHA256_TS, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, and STREAM_TOSERVER.
Referenced by SigMatchSignaturesGetSgh().
| void FileDisableStoring | ( | Flow * | f, |
| uint8_t | direction | ||
| ) |
disable file storage for a flow
| f | LOCKED flow |
| direction | flow direction |
Definition at line 1041 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, Flow_::file_flags, FILE_NOSTORE, FILE_STORE, File_::flags, FLOWFILE_NO_STORE_TC, FLOWFILE_NO_STORE_TS, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, and STREAM_TOSERVER.
Referenced by SigMatchSignaturesGetSgh().
| void FileDisableStoringForTransaction | ( | Flow * | f, |
| uint8_t | direction, | ||
| uint64_t | tx_id | ||
| ) |
disable file storing for files in a transaction
disable file storing for a transaction
| f | LOCKED flow |
| direction | flow direction |
| tx_id | transaction id |
Definition at line 1279 of file util-file.c.
References Flow_::alproto, Flow_::alstate, AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, FILE_STORE, File_::flags, FileContainer_::head, File_::next, Flow_::proto, SCEnter, SCLogDebug, SCReturn, and File_::txid.
Referenced by DetectEngineStateFree().
| uint16_t FileFlowToFlags | ( | const Flow * | flow, |
| uint8_t | direction | ||
| ) |
Definition at line 219 of file util-file.c.
References Flow_::file_flags, FILE_NOMAGIC, FILE_NOMD5, FILE_NOSHA1, FILE_NOSHA256, FILE_NOSTORE, flags, FLOWFILE_NO_MAGIC_TC, FLOWFILE_NO_MAGIC_TS, FLOWFILE_NO_MD5_TC, FLOWFILE_NO_MD5_TS, FLOWFILE_NO_SHA1_TC, FLOWFILE_NO_SHA1_TS, FLOWFILE_NO_SHA256_TC, FLOWFILE_NO_SHA256_TS, FLOWFILE_NO_STORE_TC, FLOWFILE_NO_STORE_TS, and STREAM_TOSERVER.
Referenced by HTPFileOpen(), and SMTPProcessDataChunk().
| int FileForceFilestore | ( | void | ) |
Definition at line 113 of file util-file.c.
Referenced by SigMatchSignaturesGetSgh().
| void FileForceFilestoreEnable | ( | void | ) |
Definition at line 88 of file util-file.c.
Referenced by JsonBuildFileInfoRecord().
| void FileForceHashParseCfg | ( | ConfNode * | conf | ) |
Function to parse forced file hashing configuration.
Definition at line 160 of file util-file.c.
References BUG_ON, ConfNodeLookupChild(), ConfNodeLookupChildValue(), ConfValIsTrue(), FileForceMd5Enable(), FileForceSha1Enable(), FileForceSha256Enable(), next, SC_ERR_DEPRECATED_CONF, SCLogInfo, SCLogWarning, TAILQ_FOREACH, and ConfNode_::val.
Referenced by JsonBuildFileInfoRecord().
| int FileForceMagic | ( | void | ) |
Definition at line 132 of file util-file.c.
Referenced by OutputRegisterFiledataLogger(), OutputRegisterFileLogger(), and SigMatchSignaturesGetSgh().
| void FileForceMagicEnable | ( | void | ) |
Definition at line 93 of file util-file.c.
Referenced by JsonBuildFileInfoRecord().
| int FileForceMd5 | ( | void | ) |
Definition at line 137 of file util-file.c.
Referenced by SigMatchSignaturesGetSgh().
| void FileForceMd5Enable | ( | void | ) |
Definition at line 98 of file util-file.c.
Referenced by FileForceHashParseCfg().
| int FileForceSha1 | ( | void | ) |
Definition at line 142 of file util-file.c.
Referenced by SigMatchSignaturesGetSgh().
| void FileForceSha1Enable | ( | void | ) |
Definition at line 103 of file util-file.c.
Referenced by FileForceHashParseCfg().
| int FileForceSha256 | ( | void | ) |
Definition at line 147 of file util-file.c.
Referenced by SigMatchSignaturesGetSgh().
| void FileForceSha256Enable | ( | void | ) |
Definition at line 108 of file util-file.c.
Referenced by FileForceHashParseCfg().
| void FileForceTrackingEnable | ( | void | ) |
Definition at line 152 of file util-file.c.
Referenced by JsonBuildFileInfoRecord().
| int FileOpenFileWithId | ( | FileContainer * | ffc, |
| const StreamingBufferConfig * | sbcfg, | ||
| uint32_t | track_id, | ||
| const uint8_t * | name, | ||
| uint16_t | name_len, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
Open a new File.
| 0 | ok |
| -1 | failed |
Definition at line 906 of file util-file.c.
References File_::file_track_id.
Referenced by HTPFileOpen(), main(), and SMTPProcessDataChunk().
| void FilePrune | ( | FileContainer * | ffc | ) |
Definition at line 376 of file util-file.c.
References FileContainer_::head, File_::next, SCLogDebug, and FileContainer_::tail.
Referenced by main().
| uint32_t FileReassemblyDepth | ( | void | ) |
Definition at line 124 of file util-file.c.
References TcpStreamCnf_::reassembly_depth, and stream_config.
Referenced by AppLayerHtpNeedFileInspection(), DetectFilestoreRegister(), and HtpConfigRestoreBackup().
| void FileReassemblyDepthEnable | ( | uint32_t | size | ) |
Definition at line 118 of file util-file.c.
Referenced by HtpConfigRestoreBackup().
| void FileSetInspectSizes | ( | File * | file, |
| const uint32_t | win, | ||
| const uint32_t | min | ||
| ) |
Definition at line 773 of file util-file.c.
References File_::inspect_min_size, and File_::inspect_window.
| int FileSetRange | ( | FileContainer * | ffc, |
| uint64_t | start, | ||
| uint64_t | end | ||
| ) |
Sets the offset range for a file.
| ffc | the container |
| start | start offset |
| end | end offset |
| 0 | ok |
| -1 | error |
Definition at line 789 of file util-file.c.
References File_::end, File_::fd, FILE_NOMAGIC, FILE_NOMD5, FILE_NOSHA1, FILE_NOSHA256, FILE_NOSTORE, FILE_STATE_ERROR, FILE_STATE_OPENED, FILE_STORE, FILE_USE_DETECT, FileContainerAdd(), FileStore(), FileTrackedSize(), File_::flags, flags, g_detect_disabled, File_::sb, SCEnter, SCLogDebug, SCReturnInt, SCReturnPtr, File_::size, File_::start, File_::state, StreamingBufferInit(), and FileContainer_::tail.
Referenced by HTPFileSetRange().
| int FileSetTx | ( | File * | ff, |
| uint64_t | txid | ||
| ) |
Set the TX id for a file.
| ff | The file to store |
| txid | the tx id |
Definition at line 554 of file util-file.c.
References SCLogDebug, SCReturnInt, and File_::txid.
Referenced by FileContainerSetTx(), and HTPFileOpen().
| int FileStore | ( | File * | ff | ) |
Tag a file for storing.
| ff | The file to store |
Definition at line 542 of file util-file.c.
References FILE_STORE, File_::flags, and SCReturnInt.
Referenced by FileSetRange(), FileStoreAllFiles(), FileStoreAllFilesForTx(), and FileStoreFileById().
| void FileStoreAllFiles | ( | FileContainer * | fc | ) |
Definition at line 1340 of file util-file.c.
References FileStore(), FileContainer_::head, File_::next, and SCEnter.
Referenced by DetectFilestoreRegister().
| void FileStoreAllFilesForTx | ( | FileContainer * | fc, |
| uint64_t | tx_id | ||
| ) |
Definition at line 1325 of file util-file.c.
References FileStore(), FileContainer_::head, File_::next, SCEnter, and File_::txid.
Referenced by DetectFilestoreRegister().
| void FileStoreFileById | ( | FileContainer * | fc, |
| uint32_t | file_id | ||
| ) |
flag a file with id "file_id" to be stored.
| fc | file store |
| file_id | the file's id |
Definition at line 1310 of file util-file.c.
References File_::file_track_id, FileStore(), FileContainer_::head, File_::next, and SCEnter.
Referenced by DetectFilestoreRegister().
| uint64_t FileTrackedSize | ( | const File * | file | ) |
get the size of the file
This doesn't reflect how much of the file we have in memory, just the total size of file so far.
Definition at line 296 of file util-file.c.
References File_::content_inspected, File_::content_stored, FILE_NOMAGIC, FILE_STATE_CLOSED, FILE_STORE, FILE_USE_DETECT, FileDataSize(), File_::flags, File_::inspect_min_size, File_::inspect_window, MAX, MIN, File_::sb, SCEnter, SCLogDebug, SCReturnInt, File_::size, File_::state, StreamingBuffer_::stream_offset, and StreamingBufferSlideToOffset().
Referenced by DetectFilesizeRegister(), FileSetRange(), JsonBuildFileInfoRecord(), and SMTPParserCleanup().
| void FileTruncateAllOpenFiles | ( | FileContainer * | fc | ) |
Definition at line 1353 of file util-file.c.
References FILE_SHA256, FILE_STATE_OPENED, FILE_TRUNCATED, FileCloseFilePtr(), File_::flags, FileContainer_::head, len, File_::next, SCEnter, and File_::state.
Referenced by AppLayerHtpPrintStats(), and SMTPStateAlloc().
| int g_detect_disabled |
global indicating if detection is enabled
Definition at line 218 of file suricata.c.
Referenced by FileSetRange(), GetProgramVersion(), and RegisterAllModules().
1.8.11