static int LogFilestoreLogger(ThreadVars *tv, void *thread_data, const Packet *p, const File *ff, const FileData *ffd, uint8_t flags)
{
SCEnter();
LogFilestoreLogThread *aft = (LogFilestoreLogThread *)thread_data;
char filename[PATH_MAX] = "";
int file_fd = -1;
int ipver = -1;
/* no flow, no htp state */
if (p->flow == NULL) {
SCReturnInt(TM_ECODE_OK);
}
if (PKT_IS_IPV4(p)) {
ipver = AF_INET;
} else if (PKT_IS_IPV6(p)) {
ipver = AF_INET6;
} else {
return 0;
}
SCLogDebug("ff %p, ffd %p", ff, ffd);
snprintf(filename, sizeof(filename), "%s/file.%u",
g_logfile_base_dir, ff->file_id);
if (flags & OUTPUT_FILEDATA_FLAG_OPEN) {
aft->file_cnt++;
/* create a .meta file that contains time, src/dst/sp/dp/proto */
LogFilestoreLogCreateMetaFile(p, ff, filename, ipver);
file_fd = open(filename, O_CREAT | O_TRUNC | O_NOFOLLOW | O_WRONLY, 0644);
if (file_fd == -1) {
SCLogDebug("failed to create file");
return -1;
}
/* we can get called with a NULL ffd when we need to close */
} else if (ffd != NULL) {
file_fd = open(filename, O_APPEND | O_NOFOLLOW | O_WRONLY);
if (file_fd == -1) {
SCLogDebug("failed to open file %s: %s", filename, strerror(errno));
return -1;
}
}
if (file_fd != -1) {
ssize_t r = write(file_fd, (const void *)ffd->data, (size_t)ffd->len);
if (r == -1) {
SCLogDebug("write failed: %s", strerror(errno));
}
close(file_fd);
}
if (flags & OUTPUT_FILEDATA_FLAG_CLOSE) {
LogFilestoreLogCloseMetaFile(ff);
}
return 0;
}
static void LogFilestoreFinalizeFiles(const File *ff) {
char pid_expression[PATH_MAX] = "";
if (FileIncludePid())
snprintf(pid_expression, sizeof(pid_expression), ".%d", getpid());
char final_filename[PATH_MAX] = "";
if (snprintf(final_filename, sizeof(final_filename), "%s/file%s.%u",
g_logfile_base_dir, pid_expression, ff->file_store_id) == sizeof(final_filename))
return;
char working_filename[PATH_MAX] = "";
if (snprintf(working_filename, sizeof(working_filename), "%s%s",
final_filename, g_working_file_suffix) == sizeof(working_filename))
return;
if (rename(working_filename, final_filename) != 0) {
SCLogWarning(SC_WARN_RENAMING_FILE, "renaming file %s to %s failed",
working_filename, final_filename);
return;
}
if (FileWriteMeta()) {
LogFilestoreLogCloseMetaFile(ff);
char final_metafilename[PATH_MAX] = "";
if (snprintf(final_metafilename, sizeof(final_metafilename),
"%s.meta", final_filename) == sizeof(final_metafilename))
return;
char working_metafilename[PATH_MAX] = "";
if (snprintf(working_metafilename, sizeof(working_metafilename),
"%s%s", final_metafilename, g_working_file_suffix) == sizeof(working_metafilename))
return;
if (rename(working_metafilename, final_metafilename) != 0) {
SCLogWarning(SC_WARN_RENAMING_FILE,
"renaming metafile %s to %s failed", working_metafilename,
final_metafilename);
}
}
}
static TmEcode LogFilestoreLogWrap(ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, PacketQueue *postpq, int ipver)
{
SCEnter();
LogFilestoreLogThread *aft = (LogFilestoreLogThread *)data;
uint8_t flags = 0;
/* no flow, no htp state */
if (p->flow == NULL) {
SCReturnInt(TM_ECODE_OK);
}
if (p->flowflags & FLOW_PKT_TOCLIENT)
flags |= STREAM_TOCLIENT;
else
flags |= STREAM_TOSERVER;
int file_close = (p->flags & PKT_PSEUDO_STREAM_END) ? 1 : 0;
int file_trunc = 0;
FLOWLOCK_WRLOCK(p->flow);
file_trunc = StreamTcpReassembleDepthReached(p);
FileContainer *ffc = AppLayerGetFilesFromFlow(p->flow, flags);
SCLogDebug("ffc %p", ffc);
if (ffc != NULL) {
File *ff;
for (ff = ffc->head; ff != NULL; ff = ff->next) {
int file_fd = -1;
if (FileForceMagic() && ff->magic == NULL) {
FilemagicGlobalLookup(ff);
}
SCLogDebug("ff %p", ff);
if (ff->flags & FILE_STORED) {
SCLogDebug("stored flag set");
continue;
}
if (!(ff->flags & FILE_STORE)) {
SCLogDebug("ff FILE_STORE not set");
continue;
}
FileData *ffd;
for (ffd = ff->chunks_head; ffd != NULL; ffd = ffd->next) {
SCLogDebug("ffd %p", ffd);
if (ffd->stored == 1) {
if (file_close == 1 && ffd->next == NULL) {
LogFilestoreLogCloseMetaFile(ff);
ff->flags |= FILE_STORED;
}
continue;
}
/* store */
SCLogDebug("trying to open file");
char filename[PATH_MAX] = "";
if (ff->file_id == 0) {
ff->file_id = SC_ATOMIC_ADD(file_id, 1);
snprintf(filename, sizeof(filename), "%s/file.%u",
g_logfile_base_dir, ff->file_id);
file_fd = open(filename, O_CREAT | O_TRUNC | O_NOFOLLOW | O_WRONLY, 0644);
if (file_fd == -1) {
SCLogDebug("failed to open file");
continue;
}
/* create a .meta file that contains time, src/dst/sp/dp/proto */
LogFilestoreLogCreateMetaFile(p, ff, filename, ipver);
aft->file_cnt++;
} else {
snprintf(filename, sizeof(filename), "%s/file.%u",
g_logfile_base_dir, ff->file_id);
file_fd = open(filename, O_APPEND | O_NOFOLLOW | O_WRONLY);
if (file_fd == -1) {
SCLogDebug("failed to open file %s: %s", filename, strerror(errno));
continue;
}
}
ssize_t r = write(file_fd, (const void *)ffd->data, (size_t)ffd->len);
if (r == -1) {
SCLogDebug("write failed: %s", strerror(errno));
close(file_fd);
continue;
}
close(file_fd);
if (file_trunc && ff->state < FILE_STATE_CLOSED)
ff->state = FILE_STATE_TRUNCATED;
if (ff->state == FILE_STATE_CLOSED ||
ff->state == FILE_STATE_TRUNCATED ||
ff->state == FILE_STATE_ERROR ||
(file_close == 1 && ff->state < FILE_STATE_CLOSED))
{
if (ffd->next == NULL) {
LogFilestoreLogCloseMetaFile(ff);
ff->flags |= FILE_STORED;
}
}
ffd->stored = 1;
}
}
FilePrune(ffc);
}
FLOWLOCK_UNLOCK(p->flow);
SCReturnInt(TM_ECODE_OK);
}
