#include "suricata-common.h"
#include "suricata.h"
#include "flow.h"
#include "stream.h"
#include "stream-tcp.h"
#include "runmodes.h"
#include "util-hash.h"
#include "util-debug.h"
#include "util-memcmp.h"
#include "util-print.h"
#include "app-layer-parser.h"
#include "util-validate.h"
#include "rust.h"

Include dependency graph for util-file.c:

Functions
void	FileForceFilestoreEnable (void)

void	FileForceMagicEnable (void)

void	FileForceMd5Enable (void)

void	FileForceSha1Enable (void)

void	FileForceSha256Enable (void)

int	FileForceFilestore (void)

void	FileReassemblyDepthEnable (uint32_t size)

uint32_t	FileReassemblyDepth (void)

int	FileForceMagic (void)

int	FileForceMd5 (void)

int	FileForceSha1 (void)

int	FileForceSha256 (void)

void	FileForceTrackingEnable (void)

void	FileForceHashParseCfg (SCConfNode *conf)
	Function to parse forced file hashing configuration. More...

uint16_t	FileFlowFlagsToFlags (const uint16_t flow_file_flags, uint8_t direction)

uint16_t	FileFlowToFlags (const Flow *flow, uint8_t direction)

void	FileApplyTxFlags (const AppLayerTxData txd, const uint8_t direction, File file)

uint64_t	FileDataSize (const File *file)
	get the size of the file data More...

uint64_t	FileTrackedSize (const File *file)
	get the size of the file More...

FileContainer *	FileContainerAlloc (void)
	allocate a FileContainer More...

void	FileContainerRecycle (FileContainer ffc, const StreamingBufferConfig cfg)
	Recycle a FileContainer. More...

void	FileContainerFree (FileContainer ffc, const StreamingBufferConfig cfg)
	Free a FileContainer. More...

void	FileContainerAdd (FileContainer ffc, File ff)

int	FileStore (File *ff)
	Tag a file for storing. More...

int	FileAppendData (FileContainer ffc, const StreamingBufferConfig sbcfg, const uint8_t *data, uint32_t data_len)
	Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used. More...

int	FileAppendDataById (FileContainer ffc, const StreamingBufferConfig sbcfg, uint32_t track_id, const uint8_t *data, uint32_t data_len)
	Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More...

int	FileAppendGAPById (FileContainer ffc, const StreamingBufferConfig sbcfg, uint32_t track_id, const uint8_t *data, uint32_t data_len)
	Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More...

void	FileSetInspectSizes (File *file, const uint32_t win, const uint32_t min)

int	FileSetRange (FileContainer *ffc, uint64_t start, uint64_t end)
	Sets the offset range for a file. More...

int	FileOpenFileWithId (FileContainer ffc, const StreamingBufferConfig sbcfg, uint32_t track_id, const uint8_t name, uint16_t name_len, const uint8_t data, uint32_t data_len, uint16_t flags)
	Open a new File. More...

int	FileCloseFilePtr (File ff, const StreamingBufferConfig sbcfg, const uint8_t *data, uint32_t data_len, uint16_t flags)

int	FileCloseFile (FileContainer ffc, const StreamingBufferConfig sbcfg, const uint8_t *data, uint32_t data_len, uint16_t flags)
	Close a File. More...

int	FileCloseFileById (FileContainer ffc, const StreamingBufferConfig sbcfg, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags)

void	FileUpdateFlowFileFlags (Flow *f, uint16_t set_file_flags, uint8_t direction)
	set a flow's file flags More...

void	FileDisableStoringForTransaction (Flow f, const uint8_t direction, void tx, uint64_t tx_id)
	disable file storing for files in a transaction More...

void	FileStoreFileById (FileContainer *fc, uint32_t file_id)
	flag a file with id "file_id" to be stored. More...

void	FilesPrune (FileContainer fc, const StreamingBufferConfig sbcfg, const bool trunc)

Variables
int	g_detect_disabled

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Pablo Rincon pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om

Definition in file util-file.c.

Function Documentation

◆ FileAppendData()

int FileAppendData	(	FileContainer *	ffc,
		const StreamingBufferConfig *	sbcfg,
		const uint8_t *	data,
		uint32_t	data_len
	)

Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used.

Store a chunk of file data in the flow. The open "flowfile" will be used.

Parameters

ffc	FileContainer used to append to
data	data chunk
data_len	data chunk len

Return values

0	ok
-1	error
-2	no store for this file

Definition at line 766 of file util-file.c.

Referenced by HTPFileStoreChunk().

Here is the caller graph for this function:

◆ FileAppendDataById()

int FileAppendDataById	(	FileContainer *	ffc,
		const StreamingBufferConfig *	sbcfg,
		uint32_t	track_id,
		const uint8_t *	data,
		uint32_t	data_len
	)

Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.

Parameters

ffc	FileContainer used to append to
track_id	id to lookup the file
data	data chunk
data_len	data chunk len

Return values

0	ok
-1	error
-2	no store for this file

Definition at line 791 of file util-file.c.

◆ FileAppendGAPById()

int FileAppendGAPById	(	FileContainer *	ffc,
		const StreamingBufferConfig *	sbcfg,
		uint32_t	track_id,
		const uint8_t *	data,
		uint32_t	data_len
	)

Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.

Parameters

ffc	FileContainer used to append to
track_id	id to lookup the file
data	data chunk
data_len	data chunk len

Return values

0	ok
-1	error
-2	no store for this file

Definition at line 822 of file util-file.c.

◆ FileApplyTxFlags()

void FileApplyTxFlags	(	const AppLayerTxData *	txd,
		const uint8_t	direction,
		File *	file
	)

Definition at line 278 of file util-file.c.

References DEBUG_VALIDATE_BUG_ON, FILE_NOSTORE, FILE_STORE, FileFlowFlagsToFlags(), File_::flags, and SCLogDebug.

Referenced by OutputFiledataLogFfc(), and OutputFileLogFfc().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ FileCloseFile()

int FileCloseFile	(	FileContainer *	ffc,
		const StreamingBufferConfig *	sbcfg,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Close a File.

Parameters

ffc	the container
data	final data if any
data_len	data len if any
flags	flags

Return values

0	ok
-1	error

Definition at line 1062 of file util-file.c.

Referenced by HTPFileClose().

Here is the caller graph for this function:

◆ FileCloseFileById()

int FileCloseFileById	(	FileContainer *	ffc,
		const StreamingBufferConfig *	sbcfg,
		uint32_t	track_id,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Definition at line 1078 of file util-file.c.

◆ FileCloseFilePtr()

int FileCloseFilePtr	(	File *	ff,
		const StreamingBufferConfig *	sbcfg,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Definition at line 980 of file util-file.c.

Referenced by OutputFiledataLogFfc().

Here is the caller graph for this function:

◆ FileContainerAdd()

void FileContainerAdd	(	FileContainer *	ffc,
		File *	ff
	)

Definition at line 595 of file util-file.c.

References FileContainer_::head, File_::next, SCLogDebug, and FileContainer_::tail.

◆ FileContainerAlloc()

FileContainer* FileContainerAlloc ( void )

allocate a FileContainer

Return values

new	newly allocated FileContainer
NULL	error

Definition at line 480 of file util-file.c.

References SCCalloc, SCLogError, and unlikely.

◆ FileContainerFree()

void FileContainerFree	(	FileContainer *	ffc,
		const StreamingBufferConfig *	cfg
	)

Free a FileContainer.

Parameters

ffc	FileContainer

Definition at line 516 of file util-file.c.

References FileContainer_::head, next, File_::next, and SCLogDebug.

◆ FileContainerRecycle()

void FileContainerRecycle	(	FileContainer *	ffc,
		const StreamingBufferConfig *	cfg
	)

Recycle a FileContainer.

Parameters

ffc	FileContainer

Definition at line 496 of file util-file.c.

References FileContainer_::head, next, File_::next, and SCLogDebug.

◆ FileDataSize()

uint64_t FileDataSize ( const File * file )

get the size of the file data

This doesn't reflect how much of the file we have in memory, just the total size of filedata so far.

Definition at line 309 of file util-file.c.

References File_::sb.

Referenced by OutputFiledataLogFfc().

Here is the caller graph for this function:

◆ FileDisableStoringForTransaction()

void FileDisableStoringForTransaction	(	Flow *	f,
		const uint8_t	direction,
		void *	tx,
		uint64_t	tx_id
	)

disable file storing for files in a transaction

disable file storing for a transaction

Parameters

f	LOCKED flow
direction	flow direction
tx_id	transaction id

Definition at line 1139 of file util-file.c.

◆ FileFlowFlagsToFlags()

uint16_t FileFlowFlagsToFlags	(	const uint16_t	flow_file_flags,
		uint8_t	direction
	)

Definition at line 216 of file util-file.c.

References DEBUG_VALIDATE_BUG_ON, FILE_NOMAGIC, FILE_NOMD5, FILE_NOSHA1, FILE_NOSHA256, FILE_NOSTORE, FILE_STORE, flags, FLOWFILE_NO_MAGIC_TC, FLOWFILE_NO_MAGIC_TS, FLOWFILE_NO_MD5_TC, FLOWFILE_NO_MD5_TS, FLOWFILE_NO_SHA1_TC, FLOWFILE_NO_SHA1_TS, FLOWFILE_NO_SHA256_TC, FLOWFILE_NO_SHA256_TS, FLOWFILE_NO_STORE_TC, FLOWFILE_NO_STORE_TS, FLOWFILE_STORE_TC, FLOWFILE_STORE_TS, and SCLogDebug.

Referenced by FileApplyTxFlags(), FileFlowToFlags(), and HTPFileOpen().

Here is the caller graph for this function:

◆ FileFlowToFlags()

uint16_t FileFlowToFlags	(	const Flow *	flow,
		uint8_t	direction
	)

Definition at line 273 of file util-file.c.

References Flow_::file_flags, and FileFlowFlagsToFlags().

Here is the call graph for this function:

◆ FileForceFilestore()

int FileForceFilestore ( void )

Definition at line 122 of file util-file.c.

◆ FileForceFilestoreEnable()

void FileForceFilestoreEnable ( void )

Definition at line 92 of file util-file.c.

◆ FileForceHashParseCfg()

void FileForceHashParseCfg ( SCConfNode * conf )

Function to parse forced file hashing configuration.

Definition at line 170 of file util-file.c.

References BUG_ON, FileForceMd5Enable(), FileForceSha1Enable(), FileForceSha256Enable(), g_disable_hashing, next, SCConfNodeLookupChild(), SCLogInfo, TAILQ_FOREACH, and SCConfNode_::val.

Here is the call graph for this function:

◆ FileForceMagic()

int FileForceMagic ( void )

Definition at line 141 of file util-file.c.

Referenced by OutputFiledataLogFfc(), and OutputFileLogFfc().

Here is the caller graph for this function:

◆ FileForceMagicEnable()

void FileForceMagicEnable ( void )

Definition at line 98 of file util-file.c.

◆ FileForceMd5()

int FileForceMd5 ( void )

Definition at line 146 of file util-file.c.

◆ FileForceMd5Enable()

void FileForceMd5Enable ( void )

Definition at line 104 of file util-file.c.

Referenced by FileForceHashParseCfg().

Here is the caller graph for this function:

◆ FileForceSha1()

int FileForceSha1 ( void )

Definition at line 151 of file util-file.c.

◆ FileForceSha1Enable()

void FileForceSha1Enable ( void )

Definition at line 110 of file util-file.c.

Referenced by FileForceHashParseCfg().

Here is the caller graph for this function:

◆ FileForceSha256()

int FileForceSha256 ( void )

Definition at line 156 of file util-file.c.

◆ FileForceSha256Enable()

void FileForceSha256Enable ( void )

Definition at line 116 of file util-file.c.

Referenced by FileForceHashParseCfg().

Here is the caller graph for this function:

◆ FileForceTrackingEnable()

void FileForceTrackingEnable ( void )

Definition at line 161 of file util-file.c.

◆ FileOpenFileWithId()

int FileOpenFileWithId	(	FileContainer *	ffc,
		const StreamingBufferConfig *	sbcfg,
		uint32_t	track_id,
		const uint8_t *	name,
		uint16_t	name_len,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Open a new File.

Return values

0	ok
-1	failed

Definition at line 967 of file util-file.c.

Referenced by HTPFileOpen().

Here is the caller graph for this function:

◆ FileReassemblyDepth()

uint32_t FileReassemblyDepth ( void )

Definition at line 133 of file util-file.c.

◆ FileReassemblyDepthEnable()

void FileReassemblyDepthEnable ( uint32_t size )

Definition at line 127 of file util-file.c.

◆ FileSetInspectSizes()

void FileSetInspectSizes	(	File *	file,
		const uint32_t	win,
		const uint32_t	min
	)

Definition at line 843 of file util-file.c.

References File_::inspect_min_size, and File_::inspect_window.

Referenced by HTPFileOpen().

Here is the caller graph for this function:

◆ FileSetRange()

int FileSetRange	(	FileContainer *	ffc,
		uint64_t	start,
		uint64_t	end
	)

Sets the offset range for a file.

Parameters

ffc	the container
start	start offset
end	end offset

Return values

0	ok
-1	error

Definition at line 859 of file util-file.c.

References File_::end, SCEnter, SCReturnInt, File_::start, and FileContainer_::tail.

◆ FilesPrune()

void FilesPrune	(	FileContainer *	fc,
		const StreamingBufferConfig *	sbcfg,
		const bool	trunc
	)

Definition at line 1187 of file util-file.c.

◆ FileStore()

int FileStore ( File * ff )

Tag a file for storing.

Parameters

ff	The file to store

Definition at line 611 of file util-file.c.

References FILE_STORE, File_::flags, SCLogDebug, and SCReturnInt.

Referenced by FileStoreFileById().

Here is the caller graph for this function:

◆ FileStoreFileById()

void FileStoreFileById	(	FileContainer *	fc,
		uint32_t	file_id
	)

flag a file with id "file_id" to be stored.

Parameters

fc	file store
file_id	the file's id

Definition at line 1157 of file util-file.c.

References File_::file_track_id, FileStore(), FileContainer_::head, File_::next, and SCEnter.

Here is the call graph for this function:

◆ FileTrackedSize()

uint64_t FileTrackedSize ( const File * file )

get the size of the file

This doesn't reflect how much of the file we have in memory, just the total size of file so far.

Definition at line 326 of file util-file.c.

References File_::size.

Referenced by EveFileInfo().

Here is the caller graph for this function:

◆ FileUpdateFlowFileFlags()

void FileUpdateFlowFileFlags	(	Flow *	f,
		uint16_t	set_file_flags,
		uint8_t	direction
	)

set a flow's file flags

Parameters

set_file_flags flags in both directions that are requested to set

This function will ignore the flags for the irrelevant direction and also mask the flags with the global settings.

Definition at line 1103 of file util-file.c.

References DEBUG_ASSERT_FLOW_LOCKED, FLOWFILE_NONE_TC, and SCEnter.

Variable Documentation

◆ g_detect_disabled

int g_detect_disabled

global indicating if detection is enabled

Definition at line 186 of file suricata.c.

Functions

Variables

Detailed Description

Function Documentation

◆ FileAppendData()

◆ FileAppendDataById()

◆ FileAppendGAPById()

◆ FileApplyTxFlags()

◆ FileCloseFile()

◆ FileCloseFileById()

◆ FileCloseFilePtr()

◆ FileContainerAdd()

◆ FileContainerAlloc()

◆ FileContainerFree()

◆ FileContainerRecycle()

◆ FileDataSize()

◆ FileDisableStoringForTransaction()

◆ FileFlowFlagsToFlags()

◆ FileFlowToFlags()

◆ FileForceFilestore()

◆ FileForceFilestoreEnable()

◆ FileForceHashParseCfg()

◆ FileForceMagic()

◆ FileForceMagicEnable()

◆ FileForceMd5()

◆ FileForceMd5Enable()

◆ FileForceSha1()

◆ FileForceSha1Enable()

◆ FileForceSha256()

◆ FileForceSha256Enable()

◆ FileForceTrackingEnable()

◆ FileOpenFileWithId()

◆ FileReassemblyDepth()

◆ FileReassemblyDepthEnable()

◆ FileSetInspectSizes()

◆ FileSetRange()

◆ FilesPrune()

◆ FileStore()

◆ FileStoreFileById()

◆ FileTrackedSize()

◆ FileUpdateFlowFileFlags()

Variable Documentation

◆ g_detect_disabled