FileContext* create_file_context(void *ssnptr) { FileSession *file_session; FileContext *context = file_context_create(); /* Create file session if not yet*/ file_session = get_file_session (ssnptr); if(!file_session) { file_session = (FileSession *)SnortAlloc(sizeof(*file_session)); session_api->set_application_data(ssnptr, PP_FILE, file_session, file_session_free); } file_stats.files_total++; return context; }
static FileContext* get_file_context(void* p, FilePosition position, bool upload) { FileContext* context; Packet *pkt = (Packet *)p; void *ssnptr = pkt->ssnptr; /* Attempt to get a previously allocated context. */ context = stream_api->get_application_data(ssnptr, PP_FILE); if (context && ((position == SNORT_FILE_MIDDLE) || (position == SNORT_FILE_END))) return context; else if (!context) { context = file_context_create(); stream_api->set_application_data(ssnptr, PP_FILE, context, file_context_free); } else { /*Push file event when there is another file in the same packet*/ if (pkt->packet_flags & PKT_FILE_EVENT_SET) { SnortEventqLog(snort_conf->event_queue, p); SnortEventqReset(); pkt->packet_flags &= ~PKT_FILE_EVENT_SET; } file_context_reset(context); } context->file_type_enabled = file_type_id_enabled; context->file_signature_enabled = file_signature_enabled; #ifdef TARGET_BASED /*Check file policy to see whether we want to do either file type or file signature * Note: this happen only on the start of session*/ if (get_file_policy) { int app_id; uint32_t policy_flags = 0; app_id = stream_api->get_application_protocol_id(ssnptr); policy_flags = get_file_policy(ssnptr, (int16_t)app_id, upload); if (!(policy_flags & ENABLE_FILE_TYPE_IDENTIFICATION)) context->file_type_enabled = false; if (!(policy_flags & ENABLE_FILE_SIGNATURE_SHA256)) context->file_signature_enabled = false; } #endif return context; }