#include "suricata-common.h"
#include "suricata.h"
#include "debug.h"
#include "flow.h"
#include "stream.h"
#include "stream-tcp.h"
#include "runmodes.h"
#include "util-hash.h"
#include "util-debug.h"
#include "util-memcmp.h"
#include "util-print.h"
#include "app-layer-parser.h"
#include "util-validate.h"
#include "rust.h"

Include dependency graph for util-file.c:

Functions
void	FileForceFilestoreEnable (void)

void	FileForceMagicEnable (void)

void	FileForceMd5Enable (void)

void	FileForceSha1Enable (void)

void	FileForceSha256Enable (void)

int	FileForceFilestore (void)

void	FileReassemblyDepthEnable (uint32_t size)

uint32_t	FileReassemblyDepth (void)

int	FileForceMagic (void)

int	FileForceMd5 (void)

int	FileForceSha1 (void)

int	FileForceSha256 (void)

void	FileForceTrackingEnable (void)

void	FileForceHashParseCfg (ConfNode *conf)
	Function to parse forced file hashing configuration. More...

uint16_t	FileFlowToFlags (const Flow *flow, uint8_t direction)

uint64_t	FileDataSize (const File *file)
	get the size of the file data More...

uint64_t	FileTrackedSize (const File *file)
	get the size of the file More...

void	FilePrune (FileContainer *ffc)

FileContainer *	FileContainerAlloc (void)
	allocate a FileContainer More...

void	FileContainerRecycle (FileContainer *ffc)
	Recycle a FileContainer. More...

void	FileContainerFree (FileContainer *ffc)
	Free a FileContainer. More...

void	FileContainerAdd (FileContainer ffc, File ff)

int	FileStore (File *ff)
	Tag a file for storing. More...

int	FileSetTx (File *ff, uint64_t txid)
	Set the TX id for a file. More...

void	FileContainerSetTx (FileContainer *ffc, uint64_t tx_id)

int	FileAppendData (FileContainer ffc, const uint8_t data, uint32_t data_len)
	Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used. More...

int	FileAppendDataById (FileContainer ffc, uint32_t track_id, const uint8_t data, uint32_t data_len)
	Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More...

int	FileAppendGAPById (FileContainer ffc, uint32_t track_id, const uint8_t data, uint32_t data_len)
	Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used. More...

void	FileSetInspectSizes (File *file, const uint32_t win, const uint32_t min)

int	FileSetRange (FileContainer *ffc, uint64_t start, uint64_t end)
	Sets the offset range for a file. More...

int	FileOpenFileWithId (FileContainer ffc, const StreamingBufferConfig sbcfg, uint32_t track_id, const uint8_t name, uint16_t name_len, const uint8_t data, uint32_t data_len, uint16_t flags)
	Open a new File. More...

int	FileCloseFilePtr (File ff, const uint8_t data, uint32_t data_len, uint16_t flags)

int	FileCloseFile (FileContainer ffc, const uint8_t data, uint32_t data_len, uint16_t flags)
	Close a File. More...

int	FileCloseFileById (FileContainer ffc, uint32_t track_id, const uint8_t data, uint32_t data_len, uint16_t flags)

void	FileUpdateFlowFileFlags (Flow *f, uint16_t set_file_flags, uint8_t direction)
	set a flow's file flags More...

void	FileDisableStoringForTransaction (Flow *f, uint8_t direction, uint64_t tx_id)
	disable file storing for files in a transaction More...

void	FileStoreFileById (FileContainer *fc, uint32_t file_id)
	flag a file with id "file_id" to be stored. More...

void	FileStoreAllFilesForTx (FileContainer *fc, uint64_t tx_id)

void	FileStoreAllFiles (FileContainer *fc)

void	FileTruncateAllOpenFiles (FileContainer *fc)

Variables
int	g_detect_disabled

Detailed Description

Author: Victor Julien victo.nosp@m.r@in.nosp@m.linia.nosp@m.c.ne.nosp@m.t; Pablo Rincon pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om

Definition in file util-file.c.

Function Documentation

◆ FileAppendData()

int FileAppendData	(	FileContainer *	ffc,
		const uint8_t *	data,
		uint32_t	data_len
	)

Store/handle a chunk of file data in the File structure The last file in the FileContainer will be used.

Store a chunk of file data in the flow. The open "flowfile" will be used.

Parameters

ffc	FileContainer used to append to
data	data chunk
data_len	data chunk len

Return values

0	ok
-1	error
-2	no store for this file

Definition at line 720 of file util-file.c.

References SCEnter, SCReturnInt, and FileContainer_::tail.

Referenced by HTPFileStoreChunk(), HttpRangeAppendData(), and HttpRangeClose().

Here is the caller graph for this function:

◆ FileAppendDataById()

int FileAppendDataById	(	FileContainer *	ffc,
		uint32_t	track_id,
		const uint8_t *	data,
		uint32_t	data_len
	)

Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.

Parameters

ffc	FileContainer used to append to
track_id	id to lookup the file
data	data chunk
data_len	data chunk len

Return values

0	ok
-1	error
-2	no store for this file

Definition at line 744 of file util-file.c.

References File_::file_track_id, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.

Referenced by InitGlobal().

Here is the caller graph for this function:

◆ FileAppendGAPById()

int FileAppendGAPById	(	FileContainer *	ffc,
		uint32_t	track_id,
		const uint8_t *	data,
		uint32_t	data_len
	)

Store/handle a chunk of file data in the File structure The file with 'track_id' in the FileContainer will be used.

Parameters

ffc	FileContainer used to append to
track_id	id to lookup the file
data	data chunk
data_len	data chunk len

Return values

0	ok
-1	error
-2	no store for this file

Definition at line 775 of file util-file.c.

References File_::file_track_id, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.

Referenced by InitGlobal().

Here is the caller graph for this function:

◆ FileCloseFile()

int FileCloseFile	(	FileContainer *	ffc,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Close a File.

Parameters

ffc	the container
data	final data if any
data_len	data len if any
flags	flags

Return values

0	ok
-1	error

Definition at line 1008 of file util-file.c.

References FileCloseFilePtr(), flags, SCEnter, SCReturnInt, and FileContainer_::tail.

Referenced by HTPFileClose().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ FileCloseFileById()

int FileCloseFileById	(	FileContainer *	ffc,
		uint32_t	track_id,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Definition at line 1024 of file util-file.c.

References File_::file_track_id, FileCloseFilePtr(), flags, FileContainer_::head, File_::next, SCEnter, SCReturnInt, and FileContainer_::tail.

Referenced by InitGlobal().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ FileCloseFilePtr()

int FileCloseFilePtr	(	File *	ff,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Definition at line 932 of file util-file.c.

References FILE_NOSTORE, FILE_STATE_OPENED, File_::flags, File_::md5_ctx, SCEnter, SCReturnInt, File_::sha1_ctx, File_::sha256_ctx, File_::size, and File_::state.

Referenced by FileCloseFile(), FileCloseFileById(), and FileTruncateAllOpenFiles().

Here is the caller graph for this function:

◆ FileContainerAdd()

void FileContainerAdd	(	FileContainer *	ffc,
		File *	ff
	)

Definition at line 540 of file util-file.c.

References FileContainer_::head, File_::next, and FileContainer_::tail.

◆ FileContainerAlloc()

FileContainer* FileContainerAlloc ( void )

allocate a FileContainer

Return values

new	newly allocated FileContainer
NULL	error

Definition at line 426 of file util-file.c.

References SC_ERR_MEM_ALLOC, SCLogError, SCMalloc, and unlikely.

Referenced by SMTPProcessDataChunk().

Here is the caller graph for this function:

◆ FileContainerFree()

void FileContainerFree ( FileContainer * ffc )

Free a FileContainer.

Parameters

ffc	FileContainer

Definition at line 462 of file util-file.c.

References FileContainer_::head, next, and File_::next.

◆ FileContainerRecycle()

void FileContainerRecycle ( FileContainer * ffc )

Recycle a FileContainer.

Parameters

ffc	FileContainer

Definition at line 443 of file util-file.c.

References FileContainer_::head, next, and File_::next.

Referenced by InitGlobal().

Here is the caller graph for this function:

◆ FileContainerSetTx()

void FileContainerSetTx	(	FileContainer *	ffc,
		uint64_t	tx_id
	)

Definition at line 575 of file util-file.c.

References FileSetTx(), and FileContainer_::tail.

Referenced by InitGlobal().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ FileDataSize()

uint64_t FileDataSize ( const File * file )

get the size of the file data

This doesn't reflect how much of the file we have in memory, just the total size of filedata so far.

Definition at line 294 of file util-file.c.

References StreamingBuffer_::buf_offset, File_::sb, SCLogDebug, and StreamingBuffer_::stream_offset.

◆ FileDisableStoringForTransaction()

void FileDisableStoringForTransaction	(	Flow *	f,
		uint8_t	direction,
		uint64_t	tx_id
	)

disable file storing for files in a transaction

disable file storing for a transaction

Parameters

f	LOCKED flow
direction	flow direction
tx_id	transaction id

Definition at line 1146 of file util-file.c.

References AppLayerParserGetFiles(), DEBUG_ASSERT_FLOW_LOCKED, FILE_STORE, File_::flags, FileContainer_::head, File_::next, SCEnter, SCLogDebug, and File_::txid.

Here is the call graph for this function:

◆ FileFlowToFlags()

uint16_t FileFlowToFlags	(	const Flow *	flow,
		uint8_t	direction
	)

Definition at line 234 of file util-file.c.

References Flow_::file_flags, FILE_NOMAGIC, FILE_NOMD5, FILE_NOSHA1, FILE_NOSHA256, FILE_NOSTORE, flags, FLOWFILE_NO_MAGIC_TC, FLOWFILE_NO_MAGIC_TS, FLOWFILE_NO_MD5_TC, FLOWFILE_NO_MD5_TS, FLOWFILE_NO_SHA1_TC, FLOWFILE_NO_SHA1_TS, FLOWFILE_NO_SHA256_TC, FLOWFILE_NO_SHA256_TS, FLOWFILE_NO_STORE_TC, FLOWFILE_NO_STORE_TS, and STREAM_TOSERVER.

Referenced by SMTPProcessDataChunk().

Here is the caller graph for this function:

◆ FileForceFilestore()

int FileForceFilestore ( void )

Definition at line 123 of file util-file.c.

◆ FileForceFilestoreEnable()

void FileForceFilestoreEnable ( void )

Definition at line 93 of file util-file.c.

◆ FileForceHashParseCfg()

void FileForceHashParseCfg ( ConfNode * conf )

Function to parse forced file hashing configuration.

Definition at line 171 of file util-file.c.

References BUG_ON, ConfNodeLookupChild(), ConfNodeLookupChildValue(), ConfValIsTrue(), FileForceMd5Enable(), FileForceSha1Enable(), FileForceSha256Enable(), g_disable_hashing, next, SC_ERR_DEPRECATED_CONF, SCLogInfo, SCLogWarning, TAILQ_FOREACH, and ConfNode_::val.

Here is the call graph for this function:

◆ FileForceMagic()

int FileForceMagic ( void )

Definition at line 142 of file util-file.c.

◆ FileForceMagicEnable()

void FileForceMagicEnable ( void )

Definition at line 99 of file util-file.c.

◆ FileForceMd5()

int FileForceMd5 ( void )

Definition at line 147 of file util-file.c.

◆ FileForceMd5Enable()

void FileForceMd5Enable ( void )

Definition at line 105 of file util-file.c.

Referenced by FileForceHashParseCfg().

Here is the caller graph for this function:

◆ FileForceSha1()

int FileForceSha1 ( void )

Definition at line 152 of file util-file.c.

◆ FileForceSha1Enable()

void FileForceSha1Enable ( void )

Definition at line 111 of file util-file.c.

Referenced by FileForceHashParseCfg().

Here is the caller graph for this function:

◆ FileForceSha256()

int FileForceSha256 ( void )

Definition at line 157 of file util-file.c.

◆ FileForceSha256Enable()

void FileForceSha256Enable ( void )

Definition at line 117 of file util-file.c.

Referenced by FileForceHashParseCfg().

Here is the caller graph for this function:

◆ FileForceTrackingEnable()

void FileForceTrackingEnable ( void )

Definition at line 162 of file util-file.c.

◆ FileOpenFileWithId()

int FileOpenFileWithId	(	FileContainer *	ffc,
		const StreamingBufferConfig *	sbcfg,
		uint32_t	track_id,
		const uint8_t *	name,
		uint16_t	name_len,
		const uint8_t *	data,
		uint32_t	data_len,
		uint16_t	flags
	)

Open a new File.

Return values

0	ok
-1	failed

Definition at line 920 of file util-file.c.

Referenced by InitGlobal(), and SMTPProcessDataChunk().

Here is the caller graph for this function:

◆ FilePrune()

void FilePrune ( FileContainer * ffc )

Definition at line 391 of file util-file.c.

References FileContainer_::head.

Referenced by InitGlobal().

Here is the caller graph for this function:

◆ FileReassemblyDepth()

uint32_t FileReassemblyDepth ( void )

Definition at line 134 of file util-file.c.

◆ FileReassemblyDepthEnable()

void FileReassemblyDepthEnable ( uint32_t size )

Definition at line 128 of file util-file.c.

◆ FileSetInspectSizes()

void FileSetInspectSizes	(	File *	file,
		const uint32_t	win,
		const uint32_t	min
	)

Definition at line 796 of file util-file.c.

References File_::inspect_min_size, and File_::inspect_window.

◆ FileSetRange()

int FileSetRange	(	FileContainer *	ffc,
		uint64_t	start,
		uint64_t	end
	)

Sets the offset range for a file.

Parameters

ffc	the container
start	start offset
end	end offset

Return values

0	ok
-1	error

Definition at line 812 of file util-file.c.

References File_::end, SCEnter, SCReturnInt, File_::start, and FileContainer_::tail.

◆ FileSetTx()

int FileSetTx	(	File *	ff,
		uint64_t	txid
	)

Set the TX id for a file.

Parameters

ff	The file to store
txid	the tx id

Definition at line 567 of file util-file.c.

References SCLogDebug, SCReturnInt, and File_::txid.

Referenced by FileContainerSetTx().

Here is the caller graph for this function:

◆ FileStore()

int FileStore ( File * ff )

Tag a file for storing.

Parameters

ff	The file to store

Definition at line 555 of file util-file.c.

References FILE_STORE, File_::flags, and SCReturnInt.

Referenced by FileStoreAllFiles(), FileStoreAllFilesForTx(), and FileStoreFileById().

Here is the caller graph for this function:

◆ FileStoreAllFiles()

void FileStoreAllFiles ( FileContainer * fc )

Definition at line 1207 of file util-file.c.

References FileStore(), FileContainer_::head, File_::next, and SCEnter.

Here is the call graph for this function:

◆ FileStoreAllFilesForTx()

void FileStoreAllFilesForTx	(	FileContainer *	fc,
		uint64_t	tx_id
	)

Definition at line 1192 of file util-file.c.

References FileStore(), FileContainer_::head, File_::next, SCEnter, and File_::txid.

Here is the call graph for this function:

◆ FileStoreFileById()

void FileStoreFileById	(	FileContainer *	fc,
		uint32_t	file_id
	)

flag a file with id "file_id" to be stored.

Parameters

fc	file store
file_id	the file's id

Definition at line 1177 of file util-file.c.

References File_::file_track_id, FileStore(), FileContainer_::head, File_::next, and SCEnter.

Here is the call graph for this function:

◆ FileTrackedSize()

uint64_t FileTrackedSize ( const File * file )

get the size of the file

This doesn't reflect how much of the file we have in memory, just the total size of file so far.

Definition at line 311 of file util-file.c.

References File_::size.

Referenced by EveFileInfo().

Here is the caller graph for this function:

◆ FileTruncateAllOpenFiles()

void FileTruncateAllOpenFiles ( FileContainer * fc )

Definition at line 1220 of file util-file.c.

References FILE_STATE_OPENED, FILE_TRUNCATED, FileCloseFilePtr(), FileContainer_::head, File_::next, SCEnter, and File_::state.

Here is the call graph for this function:

◆ FileUpdateFlowFileFlags()

void FileUpdateFlowFileFlags	(	Flow *	f,
		uint16_t	set_file_flags,
		uint8_t	direction
	)

set a flow's file flags

Parameters

set_file_flags flags in both directions that are requested to set

This function will ignore the flags for the irrelevant direction and also mask the flags with the global settings.

Definition at line 1049 of file util-file.c.

References DEBUG_ASSERT_FLOW_LOCKED, FLOWFILE_NONE_TC, SCEnter, and STREAM_TOSERVER.

Variable Documentation

◆ g_detect_disabled

int g_detect_disabled

global indicating if detection is enabled

Definition at line 213 of file suricata.c.

Functions

Variables

Detailed Description

Function Documentation

◆ FileAppendData()

◆ FileAppendDataById()

◆ FileAppendGAPById()

◆ FileCloseFile()

◆ FileCloseFileById()

◆ FileCloseFilePtr()

◆ FileContainerAdd()

◆ FileContainerAlloc()

◆ FileContainerFree()

◆ FileContainerRecycle()

◆ FileContainerSetTx()

◆ FileDataSize()

◆ FileDisableStoringForTransaction()

◆ FileFlowToFlags()

◆ FileForceFilestore()

◆ FileForceFilestoreEnable()

◆ FileForceHashParseCfg()

◆ FileForceMagic()

◆ FileForceMagicEnable()

◆ FileForceMd5()

◆ FileForceMd5Enable()

◆ FileForceSha1()

◆ FileForceSha1Enable()

◆ FileForceSha256()

◆ FileForceSha256Enable()

◆ FileForceTrackingEnable()

◆ FileOpenFileWithId()

◆ FilePrune()

◆ FileReassemblyDepth()

◆ FileReassemblyDepthEnable()

◆ FileSetInspectSizes()

◆ FileSetRange()

◆ FileSetTx()

◆ FileStore()

◆ FileStoreAllFiles()

◆ FileStoreAllFilesForTx()

◆ FileStoreFileById()

◆ FileTrackedSize()

◆ FileTruncateAllOpenFiles()

◆ FileUpdateFlowFileFlags()

Variable Documentation

◆ g_detect_disabled