#include "suricata-common.h"#include "suricata.h"#include "debug.h"#include "flow.h"#include "stream.h"#include "stream-tcp.h"#include "runmodes.h"#include "util-hash.h"#include "util-debug.h"#include "util-memcmp.h"#include "util-print.h"#include "app-layer-parser.h"#include "util-validate.h"#include "rust.h"
Go to the source code of this file.
Functions | |
| void | FileForceFilestoreEnable (void) |
| void | FileForceMagicEnable (void) |
| void | FileForceMd5Enable (void) |
| void | FileForceSha1Enable (void) |
| void | FileForceSha256Enable (void) |
| int | FileForceFilestore (void) |
| void | FileReassemblyDepthEnable (uint32_t size) |
| uint32_t | FileReassemblyDepth (void) |
| int | FileForceMagic (void) |
| int | FileForceMd5 (void) |
| int | FileForceSha1 (void) |
| int | FileForceSha256 (void) |
| void | FileForceTrackingEnable (void) |
| void | FileForceHashParseCfg (ConfNode *conf) |
| Function to parse forced file hashing configuration. More... | |
| uint16_t | FileFlowToFlags (const Flow *flow, uint8_t direction) |
| uint64_t | FileDataSize (const File *file) |
| get the size of the file data More... | |
| uint64_t | FileTrackedSize (const File *file) |
| get the size of the file More... | |
| void | FilePrune (FileContainer *ffc) |
| FileContainer * | FileContainerAlloc (void) |
| allocate a FileContainer More... | |
| void | FileContainerRecycle (FileContainer *ffc) |
| Recycle a FileContainer. More... | |
| void | FileContainerFree (FileContainer *ffc) |
| Free a FileContainer. More... | |
| void | FileContainerAdd (FileContainer *ffc, File *ff) |
| int | FileStore (File *ff) |
| Tag a file for storing. More... | |
| int | FileSetTx (File *ff, uint64_t txid) |
| Set the TX id for a file. More... | |
| void | FileContainerSetTx (FileContainer *ffc, uint64_t tx_id) |
| int | FileAppendData (FileContainer *ffc, const uint8_t *data, uint32_t data_len) |
| Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used. More... | |
| int | FileAppendDataById (FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len) |
| Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More... | |
| int | FileAppendGAPById (FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len) |
| Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More... | |
| void | FileSetInspectSizes (File *file, const uint32_t win, const uint32_t min) |
| int | FileSetRange (FileContainer *ffc, uint64_t start, uint64_t end) |
| Sets the offset range for a file. More... | |
| int | FileOpenFileWithId (FileContainer *ffc, const StreamingBufferConfig *sbcfg, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| Open a new File. More... | |
| int | FileCloseFilePtr (File *ff, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| int | FileCloseFile (FileContainer *ffc, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| Close a File. More... | |
| int | FileCloseFileById (FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags) |
| void | FileUpdateFlowFileFlags (Flow *f, uint16_t set_file_flags, uint8_t direction) |
| set a flow's file flags More... | |
| void | FileDisableStoringForTransaction (Flow *f, uint8_t direction, uint64_t tx_id) |
| disable file storing for files in a transaction More... | |
| void | FileStoreFileById (FileContainer *fc, uint32_t file_id) |
| flag a file with id "file_id" to be stored. More... | |
| void | FileStoreAllFilesForTx (FileContainer *fc, uint64_t tx_id) |
| void | FileStoreAllFiles (FileContainer *fc) |
| void | FileTruncateAllOpenFiles (FileContainer *fc) |
Variables | |
| int | g_detect_disabled |
Detailed Description
Definition in file util-file.c.
Function Documentation
◆ FileAppendData()
| int FileAppendData | ( | FileContainer * | ffc, |
| const uint8_t * | data, | ||
| uint32_t | data_len | ||
| ) |
Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used.
Store a chunk of file data in the flow. The open "flowfile" will be used.
- Parameters
-
ffc FileContainer used to append to data data chunk data_len data chunk len
- Return values
-
0 ok -1 error -2 no store for this file
Definition at line 720 of file util-file.c.
References SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by HTPFileStoreChunk(), HttpRangeAppendData(), and HttpRangeClose().
◆ FileAppendDataById()
| int FileAppendDataById | ( | FileContainer * | ffc, |
| uint32_t | track_id, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len | ||
| ) |
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.
- Parameters
-
ffc FileContainer used to append to track_id id to lookup the file data data chunk data_len data chunk len
- Return values
-
0 ok -1 error -2 no store for this file
Definition at line 744 of file util-file.c.
References File_::file_track_id, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by InitGlobal().
◆ FileAppendGAPById()
| int FileAppendGAPById | ( | FileContainer * | ffc, |
| uint32_t | track_id, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len | ||
| ) |
Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.
- Parameters
-
ffc FileContainer used to append to track_id id to lookup the file data data chunk data_len data chunk len
- Return values
-
0 ok -1 error -2 no store for this file
Definition at line 775 of file util-file.c.
References File_::file_track_id, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by InitGlobal().
◆ FileCloseFile()
| int FileCloseFile | ( | FileContainer * | ffc, |
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
Close a File.
- Parameters
-
ffc the container data final data if any data_len data len if any flags flags
- Return values
-
0 ok -1 error
Definition at line 1008 of file util-file.c.
References FileCloseFilePtr(), flags, SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by HTPFileClose().
◆ FileCloseFileById()
| int FileCloseFileById | ( | FileContainer * | ffc, |
| uint32_t | track_id, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
Definition at line 1024 of file util-file.c.
References File_::file_track_id, FileCloseFilePtr(), flags, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.
Referenced by InitGlobal().
◆ FileCloseFilePtr()
| int FileCloseFilePtr | ( | File * | ff, |
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
Definition at line 932 of file util-file.c.
References FILE_NOSTORE, FILE_STATE_OPENED, File_::flags, File_::md5_ctx, SCEnter, SCReturnInt, File_::sha1_ctx, File_::sha256_ctx, File_::size, and File_::state.
Referenced by FileCloseFile(), FileCloseFileById(), and FileTruncateAllOpenFiles().
◆ FileContainerAdd()
| void FileContainerAdd | ( | FileContainer * | ffc, |
| File * | ff | ||
| ) |
Definition at line 540 of file util-file.c.
References FileContainer_::head, File_::next, and FileContainer_::tail.
◆ FileContainerAlloc()
| FileContainer* FileContainerAlloc | ( | void | ) |
allocate a FileContainer
- Return values
-
new newly allocated FileContainer NULL error
Definition at line 426 of file util-file.c.
References SC_ERR_MEM_ALLOC, SCLogError, SCMalloc, and unlikely.
Referenced by SMTPProcessDataChunk().
◆ FileContainerFree()
| void FileContainerFree | ( | FileContainer * | ffc | ) |
Free a FileContainer.
- Parameters
-
ffc FileContainer
Definition at line 462 of file util-file.c.
References FileContainer_::head, next, and File_::next.
◆ FileContainerRecycle()
| void FileContainerRecycle | ( | FileContainer * | ffc | ) |
Recycle a FileContainer.
- Parameters
-
ffc FileContainer
Definition at line 443 of file util-file.c.
References FileContainer_::head, next, and File_::next.
Referenced by InitGlobal().
◆ FileContainerSetTx()
| void FileContainerSetTx | ( | FileContainer * | ffc, |
| uint64_t | tx_id | ||
| ) |
Definition at line 575 of file util-file.c.
References FileSetTx(), and FileContainer_::tail.
Referenced by InitGlobal().
◆ FileDataSize()
| uint64_t FileDataSize | ( | const File * | file | ) |
get the size of the file data
This doesn't reflect how much of the file we have in memory, just the total size of filedata so far.
Definition at line 294 of file util-file.c.
References StreamingBuffer_::buf_offset, File_::sb, SCLogDebug, and StreamingBuffer_::stream_offset.
◆ FileDisableStoringForTransaction()
| void FileDisableStoringForTransaction | ( | Flow * | f, |
| uint8_t | direction, | ||
| uint64_t | tx_id | ||
| ) |
disable file storing for files in a transaction
disable file storing for a transaction
- Parameters
-
f LOCKED flow direction flow direction tx_id transaction id
Definition at line 1146 of file util-file.c.
References AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, FILE_STORE, File_::flags, FileContainer_::head, File_::next, SCEnter, SCLogDebug, and File_::txid.
◆ FileFlowToFlags()
| uint16_t FileFlowToFlags | ( | const Flow * | flow, |
| uint8_t | direction | ||
| ) |
Definition at line 234 of file util-file.c.
References Flow_::file_flags, FILE_NOMAGIC, FILE_NOMD5, FILE_NOSHA1, FILE_NOSHA256, FILE_NOSTORE, flags, FLOWFILE_NO_MAGIC_TC, FLOWFILE_NO_MAGIC_TS, FLOWFILE_NO_MD5_TC, FLOWFILE_NO_MD5_TS, FLOWFILE_NO_SHA1_TC, FLOWFILE_NO_SHA1_TS, FLOWFILE_NO_SHA256_TC, FLOWFILE_NO_SHA256_TS, FLOWFILE_NO_STORE_TC, and FLOWFILE_NO_STORE_TS.
Referenced by SMTPProcessDataChunk().
◆ FileForceFilestore()
| int FileForceFilestore | ( | void | ) |
Definition at line 123 of file util-file.c.
◆ FileForceFilestoreEnable()
| void FileForceFilestoreEnable | ( | void | ) |
Definition at line 93 of file util-file.c.
◆ FileForceHashParseCfg()
| void FileForceHashParseCfg | ( | ConfNode * | conf | ) |
Function to parse forced file hashing configuration.
Definition at line 171 of file util-file.c.
References BUG_ON, ConfNodeLookupChild(), ConfNodeLookupChildValue(), ConfValIsTrue(), FileForceMd5Enable(), FileForceSha1Enable(), FileForceSha256Enable(), g_disable_hashing, next, SC_ERR_DEPRECATED_CONF, SCLogInfo, SCLogWarning, TAILQ_FOREACH, and ConfNode_::val.
◆ FileForceMagic()
| int FileForceMagic | ( | void | ) |
Definition at line 142 of file util-file.c.
◆ FileForceMagicEnable()
| void FileForceMagicEnable | ( | void | ) |
Definition at line 99 of file util-file.c.
◆ FileForceMd5()
| int FileForceMd5 | ( | void | ) |
Definition at line 147 of file util-file.c.
◆ FileForceMd5Enable()
| void FileForceMd5Enable | ( | void | ) |
Definition at line 105 of file util-file.c.
Referenced by FileForceHashParseCfg().
◆ FileForceSha1()
| int FileForceSha1 | ( | void | ) |
Definition at line 152 of file util-file.c.
◆ FileForceSha1Enable()
| void FileForceSha1Enable | ( | void | ) |
Definition at line 111 of file util-file.c.
Referenced by FileForceHashParseCfg().
◆ FileForceSha256()
| int FileForceSha256 | ( | void | ) |
Definition at line 157 of file util-file.c.
◆ FileForceSha256Enable()
| void FileForceSha256Enable | ( | void | ) |
Definition at line 117 of file util-file.c.
Referenced by FileForceHashParseCfg().
◆ FileForceTrackingEnable()
| void FileForceTrackingEnable | ( | void | ) |
Definition at line 162 of file util-file.c.
◆ FileOpenFileWithId()
| int FileOpenFileWithId | ( | FileContainer * | ffc, |
| const StreamingBufferConfig * | sbcfg, | ||
| uint32_t | track_id, | ||
| const uint8_t * | name, | ||
| uint16_t | name_len, | ||
| const uint8_t * | data, | ||
| uint32_t | data_len, | ||
| uint16_t | flags | ||
| ) |
Open a new File.
- Return values
-
0 ok -1 failed
Definition at line 920 of file util-file.c.
Referenced by InitGlobal().
◆ FilePrune()
| void FilePrune | ( | FileContainer * | ffc | ) |
Definition at line 391 of file util-file.c.
References FileContainer_::head.
Referenced by InitGlobal().
◆ FileReassemblyDepth()
| uint32_t FileReassemblyDepth | ( | void | ) |
Definition at line 134 of file util-file.c.
◆ FileReassemblyDepthEnable()
| void FileReassemblyDepthEnable | ( | uint32_t | size | ) |
Definition at line 128 of file util-file.c.
◆ FileSetInspectSizes()
| void FileSetInspectSizes | ( | File * | file, |
| const uint32_t | win, | ||
| const uint32_t | min | ||
| ) |
Definition at line 796 of file util-file.c.
References File_::inspect_min_size, and File_::inspect_window.
◆ FileSetRange()
| int FileSetRange | ( | FileContainer * | ffc, |
| uint64_t | start, | ||
| uint64_t | end | ||
| ) |
Sets the offset range for a file.
- Parameters
-
ffc the container start start offset end end offset
- Return values
-
0 ok -1 error
Definition at line 812 of file util-file.c.
References File_::end, SCEnter, SCReturnInt, File_::start, and FileContainer_::tail.
◆ FileSetTx()
| int FileSetTx | ( | File * | ff, |
| uint64_t | txid | ||
| ) |
Set the TX id for a file.
- Parameters
-
ff The file to store txid the tx id
Definition at line 567 of file util-file.c.
References SCLogDebug, SCReturnInt, and File_::txid.
Referenced by FileContainerSetTx().
◆ FileStore()
| int FileStore | ( | File * | ff | ) |
Tag a file for storing.
- Parameters
-
ff The file to store
Definition at line 555 of file util-file.c.
References FILE_STORE, File_::flags, and SCReturnInt.
Referenced by FileStoreAllFiles(), FileStoreAllFilesForTx(), and FileStoreFileById().
◆ FileStoreAllFiles()
| void FileStoreAllFiles | ( | FileContainer * | fc | ) |
Definition at line 1207 of file util-file.c.
References FileStore(), FileContainer_::head, File_::next, and SCEnter.
◆ FileStoreAllFilesForTx()
| void FileStoreAllFilesForTx | ( | FileContainer * | fc, |
| uint64_t | tx_id | ||
| ) |
Definition at line 1192 of file util-file.c.
References FileStore(), FileContainer_::head, File_::next, SCEnter, and File_::txid.
◆ FileStoreFileById()
| void FileStoreFileById | ( | FileContainer * | fc, |
| uint32_t | file_id | ||
| ) |
flag a file with id "file_id" to be stored.
- Parameters
-
fc file store file_id the file's id
Definition at line 1177 of file util-file.c.
References File_::file_track_id, FileStore(), FileContainer_::head, File_::next, and SCEnter.
◆ FileTrackedSize()
| uint64_t FileTrackedSize | ( | const File * | file | ) |
get the size of the file
This doesn't reflect how much of the file we have in memory, just the total size of file so far.
Definition at line 311 of file util-file.c.
References File_::size.
Referenced by EveFileInfo().
◆ FileTruncateAllOpenFiles()
| void FileTruncateAllOpenFiles | ( | FileContainer * | fc | ) |
Definition at line 1220 of file util-file.c.
References FILE_STATE_OPENED, FILE_TRUNCATED, FileCloseFilePtr(), FileContainer_::head, File_::next, SCEnter, and File_::state.
◆ FileUpdateFlowFileFlags()
| void FileUpdateFlowFileFlags | ( | Flow * | f, |
| uint16_t | set_file_flags, | ||
| uint8_t | direction | ||
| ) |
set a flow's file flags
- Parameters
-
set_file_flags flags in both directions that are requested to set
This function will ignore the flags for the irrelevant direction and also mask the flags with the global settings.
Definition at line 1049 of file util-file.c.
References DEBUG_ASSERT_FLOW_LOCKED, FLOWFILE_NONE_TC, and SCEnter.
Variable Documentation
◆ g_detect_disabled
| int g_detect_disabled |
global indicating if detection is enabled
Definition at line 217 of file suricata.c.
