/** *
* @param sip - source IP address
* @param dip - destination IP address
* @param sport - server sport number
* @param file_sig - file signature
* @param expiry - session expiry in seconds.
*/
int file_resume_block_add_file(void *pkt, uint32_t file_sig, uint32_t timeout,
File_Verdict verdict, uint32_t file_type_id, uint8_t *signature)
{
FileHashKey hashKey;
SFXHASH_NODE *hash_node = NULL;
FileNode *node;
FileNode new_node;
snort_ip_p srcIP;
snort_ip_p dstIP;
Packet *p = (Packet *)pkt;
time_t now = p->pkth->ts.tv_sec;
srcIP = GET_SRC_IP(p);
dstIP = GET_DST_IP(p);
IP_COPY_VALUE(hashKey.dip, dstIP);
IP_COPY_VALUE(hashKey.sip, srcIP);
hashKey.file_sig = file_sig;
hash_node = sfxhash_find_node(fileHash, &hashKey);
if (hash_node)
{
if (!(node = hash_node->data))
sfxhash_free_node(fileHash, hash_node);
}
else
node = NULL;
if (node)
{
node->expires = now + timeout;
updateFileNode(node, verdict, file_type_id, signature);
}
else
{
DEBUG_WRAP(DebugMessage(DEBUG_FILE, "Adding file node\n"););
updateFileNode(&new_node, verdict, file_type_id, signature);
/*
* use the time that we keep files around
* since this info would effectively be invalid
* after that anyway because the file that
* caused this will be gone.
*/
new_node.expires = now + timeout;
/* Add it to the table */
if (sfxhash_add(fileHash, &hashKey, &new_node) != SFXHASH_OK)
{
/* Uh, shouldn't get here...
* There is already a node or couldn't alloc space
* for key. This means bigger problems, but fail
* gracefully.
*/
DEBUG_WRAP(DebugMessage(DEBUG_FILE,
"Failed to add file node to hash table\n"););
/** *
* @param sip - source IP address
* @param dip - destination IP address
* @param sport - server sport number
* @param file_sig - file signature
* @param expiry - session expiry in seconds.
*/
int file_resume_block_add_file(void *pkt, uint32_t file_sig, uint32_t timeout,
File_Verdict verdict, uint32_t file_type_id, uint8_t *signature)
{
FileHashKey hashKey;
SFXHASH_NODE *hash_node = NULL;
FileNode *node;
FileNode new_node;
sfaddr_t* srcIP;
sfaddr_t* dstIP;
Packet *p = (Packet*)pkt;
time_t now = p->pkth->ts.tv_sec;
srcIP = GET_SRC_IP(p);
dstIP = GET_DST_IP(p);
sfaddr_copy_to_raw(&hashKey.dip, dstIP);
sfaddr_copy_to_raw(&hashKey.sip, srcIP);
hashKey.file_sig = file_sig;
#ifdef HAVE_DAQ_DP_ADD_DC
{
DAQ_DC_Params params;
memset(¶ms, 0, sizeof(params));
params.flags = DAQ_DC_ALLOW_MULTIPLE | DAQ_DC_PERSIST;
params.timeout_ms = 5 * 60 * 1000; /* 5 minutes */
if (p->packet_flags & PKT_FROM_CLIENT)
DAQ_Add_Dynamic_Protocol_Channel(p, srcIP, 0, dstIP, p->dp, GET_IPH_PROTO(p),
¶ms);
else if (p->packet_flags & PKT_FROM_SERVER)
DAQ_Add_Dynamic_Protocol_Channel(p, dstIP, 0, srcIP, p->sp, GET_IPH_PROTO(p),
¶ms);
}
#endif
hash_node = sfxhash_find_node(fileHash, &hashKey);
if (hash_node)
{
if (!(node = hash_node->data))
sfxhash_free_node(fileHash, hash_node);
}
else
node = NULL;
if (node)
{
node->expires = now + timeout;
updateFileNode(node, verdict, file_type_id, signature);
}
else
{
DEBUG_WRAP(DebugMessage(DEBUG_FILE, "Adding file node\n"););
updateFileNode(&new_node, verdict, file_type_id, signature);
/*
* use the time that we keep files around
* since this info would effectively be invalid
* after that anyway because the file that
* caused this will be gone.
*/
new_node.expires = now + timeout;
/* Add it to the table */
if (sfxhash_add(fileHash, &hashKey, &new_node) != SFXHASH_OK)
{
/* Uh, shouldn't get here...
* There is already a node or couldn't alloc space
* for key. This means bigger problems, but fail
* gracefully.
*/
DEBUG_WRAP(DebugMessage(DEBUG_FILE,
"Failed to add file node to hash table\n"););
