git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <victor@inliniac.net>
	Thu, 16 Jan 2014 14:20:09 +0000 (15:20 +0100)
committer	Victor Julien <victor@inliniac.net>
	Mon, 27 Jan 2014 14:20:59 +0000 (15:20 +0100)
commit	9ff6608668d31787e59fd7fc997c460bfb7b38e2
tree	bcf4a71b7e83ff92c0e149a4998328442b1ac854	tree
parent	b31e0abffe936f4f04275ab195212d51d7407e9e	commit \| diff

Introduce Filedata Logger API

A new logger API for registering file storage handlers. Where the
FileLog handler is called once per file, this handler will be called
for each data chunk so that storing the entire file is possible.

The logger call in the API is as follows:
typedef int (*FiledataLogger)(ThreadVars *, void *thread_data,
const Packet *, const File *, const FileData *, uint8_t flags);

All data is const, thus should be read only. The final flags field
is used to indicate to the caller that the file is new, or if it's
being closed.

Files use an internal unique id 'file_id' which can be used by the
loggers to create unique file names. This id can use the 'waldo'
feature of the log-filestore module. This patch moves that waldo
loading and storing logic to this API's implementation. A new
configuration directive 'file-store-waldo: <filename>' is added,
but the existing waldo settings will also continue to work.

src/Makefile.am		diff \| blob \| blame \| history
src/output-filedata.c	[new file with mode: 0644]	blob
src/output-filedata.h	[new file with mode: 0644]	blob
src/output.c		diff \| blob \| blame \| history
src/output.h		diff \| blob \| blame \| history
src/runmodes.c		diff \| blob \| blame \| history
src/suricata.c		diff \| blob \| blame \| history
src/tm-modules.c		diff \| blob \| blame \| history
src/tm-threads-common.h		diff \| blob \| blame \| history