FileContext* create_file_context(void *ssnptr)
{
FileSession *file_session;
FileContext *context = file_context_create();
/* Create file session if not yet*/
file_session = get_file_session (ssnptr);
if(!file_session)
{
file_session = (FileSession *)SnortAlloc(sizeof(*file_session));
session_api->set_application_data(ssnptr, PP_FILE, file_session,
file_session_free);
}
file_stats.files_total++;
return context;
}
static FileContext* get_file_context(void* p, FilePosition position, bool upload)
{
FileContext* context;
Packet *pkt = (Packet *)p;
void *ssnptr = pkt->ssnptr;
/* Attempt to get a previously allocated context. */
context = stream_api->get_application_data(ssnptr, PP_FILE);
if (context && ((position == SNORT_FILE_MIDDLE) || (position == SNORT_FILE_END)))
return context;
else if (!context)
{
context = file_context_create();
stream_api->set_application_data(ssnptr, PP_FILE, context, file_context_free);
}
else
{
/*Push file event when there is another file in the same packet*/
if (pkt->packet_flags & PKT_FILE_EVENT_SET)
{
SnortEventqLog(snort_conf->event_queue, p);
SnortEventqReset();
pkt->packet_flags &= ~PKT_FILE_EVENT_SET;
}
file_context_reset(context);
}
context->file_type_enabled = file_type_id_enabled;
context->file_signature_enabled = file_signature_enabled;
#ifdef TARGET_BASED
/*Check file policy to see whether we want to do either file type or file signature
* Note: this happen only on the start of session*/
if (get_file_policy)
{
int app_id;
uint32_t policy_flags = 0;
app_id = stream_api->get_application_protocol_id(ssnptr);
policy_flags = get_file_policy(ssnptr, (int16_t)app_id, upload);
if (!(policy_flags & ENABLE_FILE_TYPE_IDENTIFICATION))
context->file_type_enabled = false;
if (!(policy_flags & ENABLE_FILE_SIGNATURE_SHA256))
context->file_signature_enabled = false;
}
#endif
return context;
}
