static FileContext* get_file_context(void* p, FilePosition position, bool upload) { FileContext* context; Packet *pkt = (Packet *)p; void *ssnptr = pkt->ssnptr; /* Attempt to get a previously allocated context. */ context = stream_api->get_application_data(ssnptr, PP_FILE); if (context && ((position == SNORT_FILE_MIDDLE) || (position == SNORT_FILE_END))) return context; else if (!context) { context = file_context_create(); stream_api->set_application_data(ssnptr, PP_FILE, context, file_context_free); } else { /*Push file event when there is another file in the same packet*/ if (pkt->packet_flags & PKT_FILE_EVENT_SET) { SnortEventqLog(snort_conf->event_queue, p); SnortEventqReset(); pkt->packet_flags &= ~PKT_FILE_EVENT_SET; } file_context_reset(context); } context->file_type_enabled = file_type_id_enabled; context->file_signature_enabled = file_signature_enabled; #ifdef TARGET_BASED /*Check file policy to see whether we want to do either file type or file signature * Note: this happen only on the start of session*/ if (get_file_policy) { int app_id; uint32_t policy_flags = 0; app_id = stream_api->get_application_protocol_id(ssnptr); policy_flags = get_file_policy(ssnptr, (int16_t)app_id, upload); if (!(policy_flags & ENABLE_FILE_TYPE_IDENTIFICATION)) context->file_type_enabled = false; if (!(policy_flags & ENABLE_FILE_SIGNATURE_SHA256)) context->file_signature_enabled = false; } #endif return context; }
static inline FileContext* find_main_file_context(void* p, FilePosition position, bool upload) { FileContext* context = NULL; Packet *pkt = (Packet *)p; void *ssnptr = pkt->ssnptr; FileSession *file_session = get_file_session (ssnptr); /* Attempt to get a previously allocated context. */ if (file_session) context = file_session->main_context; if (context && ((position == SNORT_FILE_MIDDLE) || (position == SNORT_FILE_END))) return context; else if (context) { /*Push file event when there is another file in the same packet*/ if (pkt->packet_flags & PKT_FILE_EVENT_SET) { SnortEventqLog(snort_conf->event_queue, p); SnortEventqReset(); pkt->packet_flags &= ~PKT_FILE_EVENT_SET; } if (context->verdict != FILE_VERDICT_PENDING) { /* Reuse the same context */ file_context_reset(context); file_stats.files_total++; init_file_context(ssnptr, upload, context); context->file_id = file_session->max_file_id++; return context; } } context = create_file_context(ssnptr); file_session = get_file_session (ssnptr); file_session->main_context = context; init_file_context(ssnptr, upload, context); context->file_id = file_session->max_file_id++; return context; }