util-file.c File Reference

#include "suricata-common.h"
#include "suricata.h"
#include "flow.h"
#include "stream.h"
#include "stream-tcp.h"
#include "runmodes.h"
#include "util-hash.h"
#include "util-debug.h"
#include "util-memcmp.h"
#include "util-print.h"
#include "app-layer-parser.h"
#include "util-validate.h"
#include "rust.h"

Include dependency graph for util-file.c:

Go to the source code of this file.

Functions
void	FileForceFilestoreEnable (void)
void	FileForceMagicEnable (void)
void	FileForceMd5Enable (void)
void	FileForceSha1Enable (void)
void	FileForceSha256Enable (void)
int	FileForceFilestore (void)
void	FileReassemblyDepthEnable (uint32_t size)
uint32_t	FileReassemblyDepth (void)
int	FileForceMagic (void)
int	FileForceMd5 (void)
int	FileForceSha1 (void)
int	FileForceSha256 (void)
void	FileForceTrackingEnable (void)
void	FileForceHashParseCfg (ConfNode *conf)
	Function to parse forced file hashing configuration. More...
uint16_t	FileFlowFlagsToFlags (const uint16_t flow_file_flags, uint8_t direction)
uint16_t	FileFlowToFlags (const Flow *flow, uint8_t direction)
void	FileApplyTxFlags (const AppLayerTxData *txd, const uint8_t direction, File *file)
uint64_t	FileDataSize (const File *file)
	get the size of the file data More...
uint64_t	FileTrackedSize (const File *file)
	get the size of the file More...
void	FilePrune (FileContainer *ffc)
FileContainer *	FileContainerAlloc (void)
	allocate a FileContainer More...
void	FileContainerRecycle (FileContainer *ffc)
	Recycle a FileContainer. More...
void	FileContainerFree (FileContainer *ffc)
	Free a FileContainer. More...
void	FileContainerAdd (FileContainer *ffc, File *ff)
int	FileStore (File *ff)
	Tag a file for storing. More...
int	FileAppendData (FileContainer *ffc, const uint8_t *data, uint32_t data_len)
	Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used. More...
int	FileAppendDataById (FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len)
	Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More...
int	FileAppendGAPById (FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len)
	Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More...
void	FileSetInspectSizes (File *file, const uint32_t win, const uint32_t min)
int	FileSetRange (FileContainer *ffc, uint64_t start, uint64_t end)
	Sets the offset range for a file. More...
int	FileOpenFileWithId (FileContainer *ffc, const StreamingBufferConfig *sbcfg, uint32_t track_id, const uint8_t *name, uint16_t name_len, const uint8_t *data, uint32_t data_len, uint16_t flags)
	Open a new File. More...
int	FileCloseFilePtr (File *ff, const uint8_t *data, uint32_t data_len, uint16_t flags)
int	FileCloseFile (FileContainer *ffc, const uint8_t *data, uint32_t data_len, uint16_t flags)
	Close a File. More...
int	FileCloseFileById (FileContainer *ffc, uint32_t track_id, const uint8_t *data, uint32_t data_len, uint16_t flags)
void	FileUpdateFlowFileFlags (Flow *f, uint16_t set_file_flags, uint8_t direction)
	set a flow's file flags More...
void	FileDisableStoringForTransaction (Flow *f, const uint8_t direction, void *tx, uint64_t tx_id)
	disable file storing for files in a transaction More...
void	FileStoreFileById (FileContainer *fc, uint32_t file_id)
	flag a file with id "file_id" to be stored. More...
void	FileTruncateAllOpenFiles (FileContainer *fc)

Variables
int	g_detect_disabled

Detailed Description

Author

Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t

Pablo Rincon pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om

Definition in file util-file.c.

Function Documentation

FileAppendData()

int FileAppendData	(	FileContainer *	ffc,
		const uint8_t *	data,
		uint32_t	data_len
	)

Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used.

Store a chunk of file data in the flow. The open "flowfile" will be used.

Parameters

ffc	FileContainer used to append to
data	data chunk
data_len	data chunk len

Return values

0	ok
-1	error
-2	no store for this file

Definition at line 774 of file util-file.c.

References SCEnter, SCReturnInt, and FileContainer_::tail.

Referenced by HTPFileStoreChunk(), HttpRangeAppendData(), and HttpRangeClose().

Here is the caller graph for this function:

FileAppendDataById()

int FileAppendDataById	(	FileContainer *	ffc,
		uint32_t	track_id,
		const uint8_t *	data,
		uint32_t	data_len
	)

Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.

Parameters

ffc	FileContainer used to append to
track_id	id to lookup the file
data	data chunk
data_len	data chunk len

Return values

0	ok
-1	error
-2	no store for this file

Definition at line 798 of file util-file.c.

References File_::file_track_id, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.

FileAppendGAPById()

int FileAppendGAPById	(	FileContainer *	ffc,
		uint32_t	track_id,
		const uint8_t *	data,
		uint32_t	data_len
	)

Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.

Parameters

ffc	FileContainer used to append to
track_id	id to lookup the file
data	data chunk
data_len	data chunk len

Return values

0	ok
-1	error
-2	no store for this file

Definition at line 829 of file util-file.c.

References File_::file_track_id, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.

FileApplyTxFlags()

void FileApplyTxFlags	(	const AppLayerTxData *	txd,
		const uint8_t	direction,
		File *	file
	)

Definition at line 292 of file util-file.c.

References DEBUG_VALIDATE_BUG_ON, FILE_NOSTORE, FILE_STORE, FileFlowFlagsToFlags(), File_::flags, and SCLogDebug.

Referenced by OutputFiledataLogFfc(), and OutputFileLogFfc().

Here is the call graph for this function:

Here is the caller graph for this function:

FileCloseFile()

int FileCloseFile	(	FileContainer *	ffc,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Close a File.

Parameters

ffc	the container
data	final data if any
data_len	data len if any
flags	flags

Return values

0	ok
-1	error

Definition at line 1074 of file util-file.c.

References FileCloseFilePtr(), flags, SCEnter, SCReturnInt, and FileContainer_::tail.

Referenced by HTPFileClose().

Here is the call graph for this function:

Here is the caller graph for this function:

FileCloseFileById()

int FileCloseFileById	(	FileContainer *	ffc,
		uint32_t	track_id,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Definition at line 1090 of file util-file.c.

References File_::file_track_id, FileCloseFilePtr(), flags, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.

Here is the call graph for this function:

FileCloseFilePtr()

int FileCloseFilePtr	(	File *	ff,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Definition at line 991 of file util-file.c.

References FILE_NOSTORE, FILE_STATE_OPENED, File_::flags, File_::md5_ctx, SCEnter, SCLogDebug, SCReturnInt, File_::sha1_ctx, File_::sha256_ctx, File_::size, and File_::state.

Referenced by FileCloseFile(), FileCloseFileById(), FileTruncateAllOpenFiles(), and OutputFiledataLogFfc().

Here is the caller graph for this function:

FileContainerAdd()

void FileContainerAdd	(	FileContainer *	ffc,
		File *	ff
	)

Definition at line 607 of file util-file.c.

References FileContainer_::head, File_::next, SCLogDebug, and FileContainer_::tail.

FileContainerAlloc()

FileContainer* FileContainerAlloc

(

void

)

allocate a FileContainer

Return values

new	newly allocated FileContainer
NULL	error

Definition at line 490 of file util-file.c.

References SC_ERR_MEM_ALLOC, SCLogError, SCMalloc, and unlikely.

FileContainerFree()

void FileContainerFree

(

FileContainer *

ffc

)

Free a FileContainer.

Parameters

ffc	FileContainer

Definition at line 527 of file util-file.c.

References FileContainer_::head, next, File_::next, and SCLogDebug.

FileContainerRecycle()

void FileContainerRecycle

(

FileContainer *

ffc

)

Recycle a FileContainer.

Parameters

ffc	FileContainer

Definition at line 507 of file util-file.c.

References FileContainer_::head, next, File_::next, and SCLogDebug.

FileDataSize()

uint64_t FileDataSize

(

const File *

file

)

get the size of the file data

This doesn't reflect how much of the file we have in memory, just the total size of filedata so far.

Definition at line 323 of file util-file.c.

References StreamingBuffer_::buf_offset, File_::sb, SCLogDebug, and StreamingBuffer_::stream_offset.

Referenced by OutputFiledataLogFfc().

Here is the caller graph for this function:

FileDisableStoringForTransaction()

void FileDisableStoringForTransaction	(	Flow *	f,
		const uint8_t	direction,
		void *	tx,
		uint64_t	tx_id
	)

disable file storing for files in a transaction

disable file storing for a transaction

Parameters

f	LOCKED flow
direction	flow direction
tx_id	transaction id

Definition at line 1151 of file util-file.c.

FileFlowFlagsToFlags()

uint16_t FileFlowFlagsToFlags	(	const uint16_t	flow_file_flags,
		uint8_t	direction
	)

Definition at line 233 of file util-file.c.

References DEBUG_VALIDATE_BUG_ON, FILE_NOMAGIC, FILE_NOMD5, FILE_NOSHA1, FILE_NOSHA256, FILE_NOSTORE, FILE_STORE, flags, FLOWFILE_NO_MAGIC_TC, FLOWFILE_NO_MAGIC_TS, FLOWFILE_NO_MD5_TC, FLOWFILE_NO_MD5_TS, FLOWFILE_NO_SHA1_TC, FLOWFILE_NO_SHA1_TS, FLOWFILE_NO_SHA256_TC, FLOWFILE_NO_SHA256_TS, FLOWFILE_NO_STORE_TC, FLOWFILE_NO_STORE_TS, FLOWFILE_STORE, and SCLogDebug.

Referenced by FileApplyTxFlags(), and FileFlowToFlags().

Here is the caller graph for this function:

FileFlowToFlags()

uint16_t FileFlowToFlags	(	const Flow *	flow,
		uint8_t	direction
	)

Definition at line 287 of file util-file.c.

References Flow_::file_flags, and FileFlowFlagsToFlags().

Referenced by SMTPProcessDataChunk().

Here is the call graph for this function:

Here is the caller graph for this function:

FileForceFilestore()

int FileForceFilestore

(

void

)

Definition at line 122 of file util-file.c.

FileForceFilestoreEnable()

void FileForceFilestoreEnable

(

void

)

Definition at line 92 of file util-file.c.

FileForceHashParseCfg()

void FileForceHashParseCfg

(

ConfNode *

conf

)

Function to parse forced file hashing configuration.

Definition at line 170 of file util-file.c.

References BUG_ON, ConfNodeLookupChild(), ConfNodeLookupChildValue(), ConfValIsTrue(), FileForceMd5Enable(), FileForceSha1Enable(), FileForceSha256Enable(), g_disable_hashing, next, SC_ERR_DEPRECATED_CONF, SCLogInfo, SCLogWarning, TAILQ_FOREACH, and ConfNode_::val.

Here is the call graph for this function:

FileForceMagic()

int FileForceMagic

(

void

)

Definition at line 141 of file util-file.c.

Referenced by OutputFiledataLogFfc(), and OutputFileLogFfc().

Here is the caller graph for this function:

FileForceMagicEnable()

void FileForceMagicEnable

(

void

)

Definition at line 98 of file util-file.c.

FileForceMd5()

int FileForceMd5

(

void

)

Definition at line 146 of file util-file.c.

FileForceMd5Enable()

void FileForceMd5Enable

(

void

)

Definition at line 104 of file util-file.c.

Referenced by FileForceHashParseCfg().

Here is the caller graph for this function:

FileForceSha1()

int FileForceSha1

(

void

)

Definition at line 151 of file util-file.c.

FileForceSha1Enable()

void FileForceSha1Enable

(

void

)

Definition at line 110 of file util-file.c.

Referenced by FileForceHashParseCfg().

Here is the caller graph for this function:

FileForceSha256()

int FileForceSha256

(

void

)

Definition at line 156 of file util-file.c.

FileForceSha256Enable()

void FileForceSha256Enable

(

void

)

Definition at line 116 of file util-file.c.

Referenced by FileForceHashParseCfg().

Here is the caller graph for this function:

FileForceTrackingEnable()

void FileForceTrackingEnable

(

void

)

Definition at line 161 of file util-file.c.

FileOpenFileWithId()

int FileOpenFileWithId	(	FileContainer *	ffc,
		const StreamingBufferConfig *	sbcfg,
		uint32_t	track_id,
		const uint8_t *	name,
		uint16_t	name_len,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Open a new File.

Return values

0	ok
-1	failed

Definition at line 978 of file util-file.c.

FilePrune()

void FilePrune

(

FileContainer *

ffc

)

Definition at line 449 of file util-file.c.

References FilePrintFlags, FileContainer_::head, SCEnter, and SCLogDebug.

FileReassemblyDepth()

uint32_t FileReassemblyDepth

(

void

)

Definition at line 133 of file util-file.c.

FileReassemblyDepthEnable()

void FileReassemblyDepthEnable

(

uint32_t

size

)

Definition at line 127 of file util-file.c.

FileSetInspectSizes()

void FileSetInspectSizes	(	File *	file,
		const uint32_t	win,
		const uint32_t	min
	)

Definition at line 850 of file util-file.c.

References File_::inspect_min_size, and File_::inspect_window.

FileSetRange()

int FileSetRange	(	FileContainer *	ffc,
		uint64_t	start,
		uint64_t	end
	)

Sets the offset range for a file.

Parameters

ffc	the container
start	start offset
end	end offset

Return values

0	ok
-1	error

Definition at line 866 of file util-file.c.

References File_::end, SCEnter, SCReturnInt, File_::start, and FileContainer_::tail.

FileStore()

int FileStore

(

File *

ff

)

Tag a file for storing.

Parameters

ff	The file to store

Definition at line 623 of file util-file.c.

References FILE_STORE, File_::flags, SCLogDebug, and SCReturnInt.

Referenced by FileStoreFileById().

Here is the caller graph for this function:

FileStoreFileById()

void FileStoreFileById	(	FileContainer *	fc,
		uint32_t	file_id
	)

flag a file with id "file_id" to be stored.

Parameters

fc	file store
file_id	the file's id

Definition at line 1171 of file util-file.c.

References File_::file_track_id, FileStore(), FileContainer_::head, File_::next, and SCEnter.

Here is the call graph for this function:

FileTrackedSize()

uint64_t FileTrackedSize

(

const File *

file

)

get the size of the file

This doesn't reflect how much of the file we have in memory, just the total size of file so far.

Definition at line 340 of file util-file.c.

References File_::size.

Referenced by EveFileInfo().

Here is the caller graph for this function:

FileTruncateAllOpenFiles()

void FileTruncateAllOpenFiles

(

FileContainer *

fc

)

Definition at line 1186 of file util-file.c.

References FILE_STATE_OPENED, FILE_TRUNCATED, FileCloseFilePtr(), FileContainer_::head, File_::next, SCEnter, and File_::state.

Here is the call graph for this function:

FileUpdateFlowFileFlags()

void FileUpdateFlowFileFlags	(	Flow *	f,
		uint16_t	set_file_flags,
		uint8_t	direction
	)

set a flow's file flags

Parameters

set_file_flags

flags in both directions that are requested to set

This function will ignore the flags for the irrelevant direction and also mask the flags with the global settings.

Definition at line 1115 of file util-file.c.

References DEBUG_ASSERT_FLOW_LOCKED, FLOWFILE_NONE_TC, and SCEnter.

Variable Documentation

g_detect_disabled

int g_detect_disabled

global indicating if detection is enabled

Definition at line 178 of file suricata.c.