#include "file_service.h"
#include "file_stats.h"
+#define DEFAULT_FILE_LOOKUP_TIMEOUT_CACHED_ITEM 3600 // 1 hour
+
using namespace snort;
class ExpectedFileCache : public XHash
}
FileContext* FileCache::get_file(Flow* flow, uint64_t file_id, bool to_create,
- int64_t timeout)
+ int64_t timeout, bool using_cache_entry)
{
FileHashKey hashKey;
hashKey.dip = flow->client_ip;
hashKey.file_id = file_id;
hashKey.asid = flow->key->addressSpaceId;
hashKey.padding[0] = hashKey.padding[1] = hashKey.padding[2] = 0;
- FileContext* file = find(hashKey, timeout);
+
+ FileContext* file = nullptr;
+ if (using_cache_entry)
+ file = find(hashKey, DEFAULT_FILE_LOOKUP_TIMEOUT_CACHED_ITEM);
+ else
+ file = find(hashKey, timeout);
+
if (to_create and !file)
file = add(hashKey, timeout);
return file;
}
-FileContext* FileCache::get_file(Flow* flow, uint64_t file_id, bool to_create)
+FileContext* FileCache::get_file(Flow* flow, uint64_t file_id, bool to_create, bool using_cache_entry)
{
- return get_file(flow, file_id, to_create, lookup_timeout);
+ return get_file(flow, file_id, to_create, lookup_timeout, using_cache_entry);
}
FileVerdict FileCache::check_verdict(Packet* p, FileInfo* file,
return 0;
}
- FileContext* file_got = get_file(flow, file_id, true, timeout);
+ FileContext* file_got = get_file(flow, file_id, true, timeout, false);
if (file_got)
{
*((FileInfo*)(file_got)) = *file;
return verdict;
}
- FileContext* file_found = get_file(flow, file_id, false);
+ FileContext* file_found = get_file(flow, file_id, false, false);
if (file_found)
{
void set_lookup_timeout(int64_t);
void set_max_files(int64_t);
- snort::FileContext* get_file(snort::Flow*, uint64_t file_id, bool to_create);
+ snort::FileContext* get_file(snort::Flow*, uint64_t file_id, bool to_create, bool using_cache_entry);
FileVerdict cached_verdict_lookup(snort::Packet*, snort::FileInfo*,
snort::FilePolicyBase*);
bool apply_verdict(snort::Packet*, snort::FileContext*, FileVerdict, bool resume,
snort::FileContext* find(const FileHashKey&, int64_t);
snort::FileContext* find_add(const FileHashKey&, int64_t);
snort::FileContext* get_file(snort::Flow*, uint64_t file_id, bool to_create,
- int64_t timeout);
+ int64_t timeout, bool using_cache_entry);
FileVerdict check_verdict(snort::Packet*, snort::FileInfo*, snort::FilePolicyBase*);
int store_verdict(snort::Flow*, snort::FileInfo*, int64_t timeout);
if (!file->get_file_data())
{
if (file_cache)
- file_got = file_cache->get_file(flow, pending_file_id, false);
+ file_got = file_cache->get_file(flow, pending_file_id, false, false);
if (file_got and file_got->get_file_data() and file_got->verdict == FILE_VERDICT_PENDING)
{
file_got->user_file_data_mutex.lock();
current_context_delete_pending = false;
FileCache* file_cache = FileService::get_file_cache();
assert(file_cache);
- FileContext* file_got = file_cache->get_file(flow, file_id, false);
+ FileContext* file_got = file_cache->get_file(flow, file_id, false, false);
if (file_got and file_got->verdict == FILE_VERDICT_PENDING and current_context != file_got)
{
file_got->user_file_data_mutex.lock();
{
FileCache* file_cache = FileService::get_file_cache();
assert(file_cache);
- uint64_t file_id = 0;
- if (current_context)
- file_id = current_context->get_file_id();
- else if (main_context)
- file_id = main_context->get_file_id();
-
- FileContext* file_got = file_cache->get_file(flow, file_id, false);
-
- if (file_got and (file_got->verdict == FILE_VERDICT_PENDING))
- {
- file_got->user_file_data_mutex.lock();
- delete (file_got->get_file_data());
- file_got->set_file_data(nullptr);
- file_got->user_file_data_mutex.unlock();
- }
delete(main_context);
if (current_context_delete_pending)
{
FileCache* file_cache = FileService::get_file_cache();
assert(file_cache);
- context = file_cache->get_file(flow, file_id, false);
+ context = file_cache->get_file(flow, file_id, false, true);
FILE_DEBUG(file_trace, DEFAULT_TRACE_OPTION_ID, TRACE_DEBUG_LEVEL, GET_CURRENT_PACKET,
"get_file_context:trying to get context from cache\n");
}
projects / thirdparty / snort3.git / commitdiff
