(s->flags & HTP_FLAG_STORE_FILES_TX_TS && txid == s->store_tx_id)) {
flags |= FILE_STORE;
}
+
+ if (s->f->flags & FLOW_FILE_NO_MAGIC_TC) {
+ SCLogDebug("no magic for this flow in toclient direction, so none for this file");
+ flags |= FILE_NOMAGIC;
+ }
+
+ if (!(flags & FILE_STORE) && s->f->flags & FLOW_FILE_NO_STORE_TC) {
+ flags |= FILE_NOSTORE;
+ }
} else {
if (s->files_ts == NULL) {
s->files_ts = FileContainerAlloc();
(s->flags & HTP_FLAG_STORE_FILES_TX_TC && txid == s->store_tx_id)) {
flags |= FILE_STORE;
}
+ if (s->f->flags & FLOW_FILE_NO_MAGIC_TS) {
+ SCLogDebug("no magic for this flow in toserver direction, so none for this file");
+ flags |= FILE_NOMAGIC;
+ }
+
+ if (!(flags & FILE_STORE) && s->f->flags & FLOW_FILE_NO_STORE_TS) {
+ flags |= FILE_NOSTORE;
+ }
}
/* if the previous file is in the same txid, we reset the file part of the
}
}
- if (!(flags & FILE_STORE) && s->f->flags & FLOW_FILE_NO_STORE) {
- flags |= FILE_NOSTORE;
- }
- if (s->f->flags & FLOW_FILE_NO_MAGIC) {
- flags |= FILE_NOMAGIC;
- }
-
if (FileOpenFile(files, filename, filename_len,
data, data_len, flags) == NULL)
{
/** At least on packet from the destination address was seen */
#define FLOW_TO_DST_SEEN 0x00000002
-// vacany 3x
+// vacany 1x
+
+/** no magic on files in this flow */
+#define FLOW_FILE_NO_MAGIC_TS 0x00000008
+#define FLOW_FILE_NO_MAGIC_TC 0x00000010
/** Flow was inspected against IP-Only sigs in the toserver direction */
#define FLOW_TOSERVER_IPONLY_SET 0x00000020
#define FLOW_TC_PM_PP_ALPROTO_DETECT_DONE 0x00400000
#define FLOW_TIMEOUT_REASSEMBLY_DONE 0x00800000
/** even if the flow has files, don't store 'm */
-#define FLOW_FILE_NO_STORE 0x01000000
-/** no magic on files in this flow */
-#define FLOW_FILE_NO_MAGIC 0x02000000
+#define FLOW_FILE_NO_STORE_TS 0x01000000
+#define FLOW_FILE_NO_STORE_TC 0x02000000
/** flow is ipv4 */
#define FLOW_IPV4 0x04000000
#include "suricata.h"
#include "debug.h"
#include "flow.h"
+#include "stream.h"
#include "util-hash.h"
#include "util-debug.h"
#include "util-memcmp.h"
/* need magic but haven't set it yet, bail out */
if (file->magic == NULL)
SCReturn;
+ else
+ SCLogDebug("file->magic %s", file->magic);
+ } else {
+ SCLogDebug("file->flags & FILE_NOMAGIC == true");
}
/* okay, we now know we can prune */
ff->store = -1;
}
if (flags & FILE_NOMAGIC) {
+ SCLogDebug("no doing magic for this file");
ff->flags |= FILE_NOMAGIC;
}
DEBUG_ASSERT_FLOW_LOCKED(f);
- f->flags |= FLOW_FILE_NO_STORE;
+ if (direction == STREAM_TOSERVER)
+ f->flags |= FLOW_FILE_NO_STORE_TS;
+ else
+ f->flags |= FLOW_FILE_NO_STORE_TC;
FileContainer *ffc = AppLayerGetFilesFromFlow(f, direction);
if (ffc != NULL) {
DEBUG_ASSERT_FLOW_LOCKED(f);
- f->flags |= FLOW_FILE_NO_MAGIC;
+ if (direction == STREAM_TOSERVER)
+ f->flags |= FLOW_FILE_NO_MAGIC_TS;
+ else
+ f->flags |= FLOW_FILE_NO_MAGIC_TC;
FileContainer *ffc = AppLayerGetFilesFromFlow(f, direction);
if (ffc != NULL) {
for (ptr = ffc->head; ptr != NULL; ptr = ptr->next) {
+ SCLogDebug("disabling magic for file %p from direction %s",
+ ptr, direction == STREAM_TOSERVER ? "toserver":"toclient");
ptr->flags |= FILE_NOMAGIC;
}
}
projects / thirdparty / suricata.git / commitdiff
