files: move smtp prune logic to main

Now that we call the file prune loop very regularly, we can move the
SMTP specific inspection pruning logic into this loop. Helps with
cases there we don't (often) update a files inspection trackers.

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
index e13e8af1490271ebdc60f3d8913a888545d2f890..05946af0b4f97eb8e009e55e19306d517f05da24 100644 (file)
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -368,41 +368,6 @@ static SMTPTransaction *SMTPTransactionCreate(void)
     return tx;
 }
 
-/** \internal
- *  \brief update inspected tracker if it gets to far behind
- *
- *  As smtp uses the FILE_USE_DETECT flag in the file API, we are responsible
- *  for making sure that File::content_inspected is not getting too far
- *  behind.
- */
-static void SMTPPruneFiles(FileContainer *files)
-{
-    SCLogDebug("cfg: win %"PRIu32" min_size %"PRIu32,
-            smtp_config.content_inspect_window, smtp_config.content_inspect_min_size);
-
-    File *file = files->head;
-    while (file) {
-        SCLogDebug("file %p", file);
-        uint32_t window = smtp_config.content_inspect_window;
-        if (file->sb->stream_offset == 0)
-            window = MAX(window, smtp_config.content_inspect_min_size);
-
-        uint64_t file_size = FileDataSize(file);
-        uint64_t data_size = file_size - file->sb->stream_offset;
-
-        SCLogDebug("window %"PRIu32", file_size %"PRIu64", data_size %"PRIu64,
-                window, file_size, data_size);
-
-        if (data_size > (window * 3)) {
-            uint64_t left_edge = file_size - window;
-            SCLogDebug("file->content_inspected now %"PRIu64, left_edge);
-            file->content_inspected = left_edge;
-        }
-
-        file = file->next;
-    }
-}
-
 static void FlagDetectStateNewFile(SMTPTransaction *tx)
 {
     if (tx && tx->de_state) {
@@ -473,6 +438,8 @@ int SMTPProcessDataChunk(const uint8_t *chunk, uint32_t len,
                 SCLogDebug("FileOpenFile() failed");
             }
             FlagDetectStateNewFile(smtp_state->curr_tx);
+            files->tail->inspect_window = smtp_config.content_inspect_window;
+            files->tail->inspect_min_size = smtp_config.content_inspect_min_size;
 
             /* If close in the same chunk, then pass in empty bytes */
             if (state->body_end) {
@@ -562,11 +529,6 @@ int SMTPProcessDataChunk(const uint8_t *chunk, uint32_t len,
     } else {
         SCLogDebug("Body not a Ctnt_attachment");
     }
-
-    if (files != NULL) {
-        SMTPPruneFiles(files);
-    }
-
     SCReturnInt(ret);
 }
 

diff --git a/src/util-file.c b/src/util-file.c
index 88a53d135789199e1a6d8cdd8db17e1536356007..aaf631c7678adb71be43261e3ae5caf3d9ab6dd0 100644 (file)
--- a/src/util-file.c
+++ b/src/util-file.c
@@ -319,6 +319,26 @@ static int FilePruneFile(File *file)
     }
     if (file->flags & FILE_USE_DETECT) {
         left_edge = MIN(left_edge, file->content_inspected);
+
+        /* if file has inspect window and min size set, we
+         * do some house keeping here */
+        if (file->inspect_window != 0 && file->inspect_min_size != 0) {
+            uint32_t window = file->inspect_window;
+            if (file->sb->stream_offset == 0)
+                window = MAX(window, file->inspect_min_size);
+
+            uint64_t file_size = FileDataSize(file);
+            uint64_t data_size = file_size - file->sb->stream_offset;
+
+            SCLogDebug("window %"PRIu32", file_size %"PRIu64", data_size %"PRIu64,
+                    window, file_size, data_size);
+
+            if (data_size > (window * 3)) {
+                left_edge = file_size - window;
+                SCLogDebug("file->content_inspected now %"PRIu64, left_edge);
+                file->content_inspected = left_edge;
+            }
+        }
     }
 
     if (left_edge) {

diff --git a/src/util-file.h b/src/util-file.h
index e8077d15ed01f94e902d0aea6e2ace57edea9566..2a77a0fba07e4ce437cd3fa3e53ed29da6d0a80c 100644 (file)
--- a/src/util-file.h
+++ b/src/util-file.h
@@ -87,6 +87,8 @@ typedef struct File_ {
                                      *   flag is set */
     uint64_t content_stored;
     uint64_t size;
+    uint32_t inspect_window;
+    uint32_t inspect_min_size;
     uint64_t start;
     uint64_t end;