git.ipfire.org Git - thirdparty/suricata.git/commit

author	Philippe Antoine <pantoine@oisf.net>
	Thu, 25 Jan 2024 13:26:09 +0000 (14:26 +0100)
committer	Victor Julien <victor@inliniac.net>
	Thu, 15 Feb 2024 14:34:04 +0000 (15:34 +0100)
commit	5b93de0ec21400e110d750f51be55a4674280a27
tree	23e7d584b9dc7b5c2d9cc0925eef43a7c1e54531	tree
parent	e917baafe7748fb3f6d6588dd7d94d81734691a6	commit \| diff

detect: respect directionality for filestore

Ticket: 6617

So that rules with keyword like `filestore:to_server,flow`
only store the files to server and not the ones to client...

Directionality only worked with the default scope, ie the
current file, and not the scope tx or scope flow.
For non-default scope, tx or flow, both directions were stored
whatever the directionality specified.

For these non-default scopes, this commit keeps a default
of both directions, but use only one direction if specified.

Need to split flag FLOWFILE_STORE per direction, so that Suricata
can retain this (optional) directional info from the filestore
keyword.

Fixes: 79499e476979 ("app-layer: move files into transactions")
(cherry picked from commit 63caa0b40a66ecf1a34bbb6d942d4a044b7728a5)

src/detect-filestore.c		diff \| blob \| blame \| history
src/flow.h		diff \| blob \| blame \| history
src/util-file.c		diff \| blob \| blame \| history