git.ipfire.org Git - thirdparty/suricata.git/commit

author	Gaurav Singh <gauravjs@google.com>
	Tue, 17 Oct 2017 01:01:53 +0000 (18:01 -0700)
committer	Victor Julien <victor@inliniac.net>
	Fri, 1 Dec 2017 14:13:08 +0000 (15:13 +0100)
commit	637a7c8e55e005edc2644a9b5774771926dd3f29
tree	aaccf92d8e9816b07997c5db9992c52701c1f446	tree
parent	a1f8cf40e233fdf7a604ad6f4b28cc489324aecb	commit \| diff

Adds options to mark when a file is final.

This takes the form of an option to add the pid of the process to file
names. Additionally, it adds a suffix to the file name to indicate it is
not finalized.

Adding the pid to the file name reduces the likelihood that a file is
overwritten when suricata is unexpectedly killed. The number in the
waldo file is only written out during a clean shutdown. In the event
of an improper shutdown, extracted files will be written using the old
number and existing files with the same name will be overwritten.

Writes extracted files and their metadata to a temporary file suffixed
with '.tmp'. Renames the files when they are completely done being
written. As-is there is no way to know that a file on disk is still
being written to by suricata.

doc/userguide/file-extraction/file-extraction.rst		diff \| blob \| blame \| history
src/log-filestore.c		diff \| blob \| blame \| history
src/util-error.c		diff \| blob \| blame \| history
src/util-error.h		diff \| blob \| blame \| history
suricata.yaml.in		diff \| blob \| blame \| history