hashKey.padding[0] = hashKey.padding[1] = hashKey.padding[2] = 0;
FileContext* file = find(hashKey, timeout);
if (to_create and !file)
+ {
file = add(hashKey, timeout);
+ if (file)
+ file->set_processing_flow(flow);
+ }
return file;
}
bool resume, FilePolicyBase* policy)
{
Flow* flow = p->flow;
+ Flow* processing_flow = file_ctx->get_processing_flow();
Active* act = p->active;
struct timeval now = {0, 0};
struct timeval add_time;
return false;
case FILE_VERDICT_LOG:
if (resume)
- policy->log_file_action(flow, file_ctx, FILE_RESUME_LOG);
+ policy->log_file_action(processing_flow, file_ctx, FILE_RESUME_LOG);
return false;
case FILE_VERDICT_BLOCK:
// can't block session inside a session
act->set_delayed_action(Active::ACT_RESET, true);
if (resume)
- policy->log_file_action(flow, file_ctx, FILE_RESUME_BLOCK);
+ policy->log_file_action(processing_flow, file_ctx, FILE_RESUME_BLOCK);
else
file_ctx->verdict = FILE_VERDICT_LOG;
act->set_delayed_action(Active::ACT_RETRY, true);
if (resume)
- policy->log_file_action(flow, file_ctx, FILE_RESUME_BLOCK);
+ policy->log_file_action(processing_flow, file_ctx, FILE_RESUME_BLOCK);
else if (store_verdict(flow, file_ctx, lookup_timeout) != 0)
act->set_delayed_action(Active::ACT_DROP, true);
else
if (resume)
{
file_ctx->log_file_event(flow, policy);
- policy->log_file_action(flow, file_ctx, FILE_RESUME_BLOCK);
+ policy->log_file_action(processing_flow, file_ctx, FILE_RESUME_BLOCK);
}
else if (file_ctx->is_cacheable())
store_verdict(flow, file_ctx, block_timeout);
if (file_found)
{
- /*Query the file policy in case verdict has been changed*/
+ // file_found might be a new context, set the flow here
+ file_found->set_processing_flow(flow);
+ //Query the file policy in case verdict has been changed
verdict = check_verdict(p, file_found, policy);
apply_verdict(p, file_found, verdict, true, policy);
// Update the current file context from cached context
}
context = new FileContext;
+ context->set_processing_flow(flow);
main_context = context;
context->check_policy(flow, dir, file_policy);
else
{
context = new FileContext;
+ context->set_processing_flow(flow);
+
partially_processed_contexts[multi_file_processing_id] = context;
if (partially_processed_contexts.size() > file_counts.max_concurrent_files_per_flow)
file_counts.max_concurrent_files_per_flow = partially_processed_contexts.size();
file_capture_enabled = other.file_capture_enabled;
file_state = other.file_state;
pending_expire_time = other.pending_expire_time;
+ processing_flow = other.processing_flow;
// only one copy of file capture
file_capture = nullptr;
}
}
if (policy and log_needed)
- policy->log_file_action(flow, this, FILE_ACTION_DEFAULT);
+ policy->log_file_action(processing_flow, this, FILE_ACTION_DEFAULT);
if ( config->trace_type )
print(std::cout);
FileVerdict verdict = FILE_VERDICT_UNKNOWN;
bool processing_complete = false;
struct timeval pending_expire_time = {0, 0};
+ void set_processing_flow(Flow* flow) { processing_flow = flow; }
+ Flow* get_processing_flow() { return processing_flow; }
protected:
std::string file_name;
uint8_t* sha256 = nullptr;
uint64_t file_id = 0;
FileCapture* file_capture = nullptr;
+ Flow* processing_flow = nullptr;
bool file_type_enabled = false;
bool file_signature_enabled = false;
bool file_capture_enabled = false;
projects / thirdparty / snort3.git / commitdiff
