fi
fi
+#libnspr
+ AC_ARG_WITH(libnspr_includes,
+ [ --with-libnspr-includes=DIR libnspr include directory],
+ [with_libnspr_includes="$withval"],[with_libnspr_includes=no])
+ AC_ARG_WITH(libnspr_libraries,
+ [ --with-libnspr-libraries=DIR libnspr library directory],
+ [with_libnspr_libraries="$withval"],[with_libnspr_libraries="no"])
+
+ if test "$with_libnspr_includes" != "no"; then
+ CPPFLAGS="${CPPFLAGS} -I${with_libnspr_includes}"
+ fi
+
+ AC_CHECK_HEADER(nspr.h,,[AC_ERROR(nspr.h not found ...)])
+
+ if test "$with_libnspr_libraries" != "no"; then
+ LDFLAGS="${LDFLAGS} -L${with_libnspr_libraries}"
+ fi
+
+ MAGIC=""
+ AC_CHECK_LIB(nspr4, PR_GetCurrentThread,, NSPR="no")
+
+ if test "$NSPR" = "no"; then
+ echo
+ echo " ERROR! libnspr library not found, go get it"
+ echo " from Mozilla."
+ echo
+ exit 1
+ fi
+#libnss
+ AC_ARG_WITH(libnss_includes,
+ [ --with-libnss-includes=DIR libnss include directory],
+ [with_libnss_includes="$withval"],[with_libnss_includes=no])
+ AC_ARG_WITH(libnss_libraries,
+ [ --with-libnss-libraries=DIR libnss library directory],
+ [with_libnss_libraries="$withval"],[with_libnss_libraries="no"])
+
+ if test "$with_libnss_includes" != "no"; then
+ CPPFLAGS="${CPPFLAGS} -I${with_libnss_includes}"
+ fi
+
+ AC_CHECK_HEADER(sechash.h,,[AC_ERROR(sechash.h not found ...)])
+
+ if test "$with_libnss_libraries" != "no"; then
+ LDFLAGS="${LDFLAGS} -L${with_libnss_libraries}"
+ fi
+
+ MAGIC=""
+ AC_CHECK_LIB(nss3, HASH_Begin,, NSS="no")
+
+ if test "$NSS" = "no"; then
+ echo
+ echo " ERROR! libnss library not found, go get it"
+ echo " from Mozilla."
+ echo
+ exit 1
+ fi
+
#libmagic
AC_ARG_WITH(libmagic_includes,
[ --with-libmagic-includes=DIR libmagic include directory],
switch (ff->state) {
case FILE_STATE_CLOSED:
fprintf(fp, "STATE: CLOSED\n");
+ if (ff->flags & FILE_MD5) {
+ fprintf(fp, "MD5: ");
+ size_t x;
+ for (x = 0; x < sizeof(ff->md5); x++) {
+ fprintf(fp, "%02x", ff->md5[x]);
+ }
+ fprintf(fp, "\n");
+ }
break;
case FILE_STATE_TRUNCATED:
fprintf(fp, "STATE: TRUNCATED\n");
SCLogInfo("forcing magic lookup for stored files");
}
+ const char *force_md5 = ConfNodeLookupChildValue(conf, "force-md5");
+ if (force_md5 != NULL && ConfValIsTrue(force_md5)) {
+ FileForceMd5Enable();
+ SCLogInfo("forcing md5 calculation for stored files");
+ }
+
const char *waldo = ConfNodeLookupChildValue(conf, "waldo");
if (waldo != NULL && strlen(waldo) > 0) {
if (PathIsAbsolute(waldo)) {
#include <signal.h>
#include <pthread.h>
+#include <nss.h>
+
#include "suricata.h"
#include "decode.h"
#include "detect.h"
SC_ATOMIC_INIT(engine_stage);
+ /* init NSS for md5 */
+ NSS_NoDB_Init(NULL);
+
/* initialize the logging subsys */
SCLogInitLogModule(NULL);
*/
static int g_file_force_magic = 0;
+/** \brief switch to force md5 calculation on all files
+ * regardless of the rules.
+ */
+static int g_file_force_md5 = 0;
+
/* prototypes */
static void FileFree(File *);
static void FileDataFree(FileData *);
g_file_force_magic = 1;
}
+void FileForceMd5Enable(void) {
+ g_file_force_md5 = 1;
+}
+
int FileForceMagic(void) {
return g_file_force_magic;
}
+int FileForceMd5(void) {
+ return g_file_force_md5;
+}
+
int FileMagicSize(void) {
/** \todo make this size configurable */
return 512;
ff->chunks_cnt_max = ff->chunks_cnt;
#endif
+ if (ff->md5_ctx)
+ HASH_Update(ff->md5_ctx, ffd->data, ffd->len);
SCReturnInt(0);
}
new->name_len = name_len;
memcpy(new->name, name, name_len);
+ if (g_file_force_md5) {
+ new->md5_ctx = HASH_Create(HASH_AlgMD5);
+ if (new->md5_ctx != NULL) {
+ HASH_Begin(new->md5_ctx);
+ }
+ }
return new;
}
}
}
+ if (ff->md5_ctx)
+ HASH_Destroy(ff->md5_ctx);
+
SCLogDebug("ff chunks_cnt %"PRIu64", chunks_cnt_max %"PRIu64,
ff->chunks_cnt, ff->chunks_cnt_max);
SCFree(ff);
} else {
ff->state = FILE_STATE_CLOSED;
SCLogDebug("flowfile state transitioned to FILE_STATE_CLOSED");
+
+ if (ff->md5_ctx) {
+ unsigned int len = 0;
+ HASH_End(ff->md5_ctx, ff->md5, &len, sizeof(ff->md5));
+ ff->flags |= FILE_MD5;
+ }
}
SCReturnInt(0);
#ifndef __UTIL_FILE_H__
#define __UTIL_FILE_H__
+#include "nss/sechash.h"
+
#define FILE_TRUNCATED 0x01
#define FILE_NOSTORE 0x02
#define FILE_NOMAGIC 0x04
#define FILE_STORE 0x08
+#define FILE_MD5 0x10
typedef enum FileState_ {
FILE_STATE_NONE = 0, /**< no state */
FileData *chunks_head;
FileData *chunks_tail;
struct File_ *next;
+ HASHContext *md5_ctx;
+ uint8_t md5[MD5_LENGTH];
#ifdef DEBUG
uint64_t chunks_cnt;
uint64_t chunks_cnt_max;
void FileForceMagicEnable(void);
int FileForceMagic(void);
+void FileForceMd5Enable(void);
+int FileForceMd5(void);
+
void FileStoreAllFiles(FileContainer *);
void FileStoreAllFilesForTx(FileContainer *, uint16_t);
void FileStoreFileById(FileContainer *fc, uint16_t);
projects / thirdparty / suricata.git / commitdiff
