Update SMB, NFS, HTTP2.
track_id: u32,
chunk_left: u32,
+ pub file: FileContainer,
+ pub file_flags: u16,
+
pub tx_id: u64,
fill_bytes: u8,
!self.file_open
}
- fn open(&mut self, config: &'static SuricataFileContext,
- files: &mut FileContainer, flags: u16, name: &[u8]) -> i32
+ fn open(&mut self, config: &'static SuricataFileContext, name: &[u8]) -> i32
{
- let r = files.file_open(config, self.track_id, name, flags);
+ let r = self.file.file_open(config, self.track_id, name, self.file_flags);
if r == 0 {
self.file_open = true;
}
r
}
- pub fn close(&mut self, config: &'static SuricataFileContext,
- files: &mut FileContainer, flags: u16)
+ pub fn close(&mut self, config: &'static SuricataFileContext)
{
if !self.file_is_truncated {
SCLogDebug!("closing file with id {}", self.track_id);
- files.file_close(config, &self.track_id, flags);
+ self.file.file_close(config, &self.track_id, self.file_flags);
}
self.file_open = false;
self.tracked = 0;
}
- pub fn trunc (&mut self, config: &'static SuricataFileContext,
- files: &mut FileContainer, flags: u16)
+ pub fn trunc (&mut self, config: &'static SuricataFileContext)
{
if self.file_is_truncated || !self.file_open {
return;
}
- let myflags = flags | 1; // TODO util-file.c::FILE_TRUNCATED
- files.file_close(config, &self.track_id, myflags);
+ let myflags = self.file_flags | 1; // TODO util-file.c::FILE_TRUNCATED
+ self.file.file_close(config, &self.track_id, myflags);
SCLogDebug!("truncated file");
self.file_is_truncated = true;
self.chunks.clear();
}
pub fn new_chunk(&mut self, config: &'static SuricataFileContext,
- files: &mut FileContainer, flags: u16,
name: &[u8], data: &[u8], chunk_offset: u64, chunk_size: u32,
fill_bytes: u8, is_last: bool, xid: &u32) -> u32
{
if self.chunk_left != 0 || self.fill_bytes != 0 {
SCLogDebug!("current chunk incomplete: truncating");
- self.trunc(config, files, flags);
+ self.trunc(config);
}
SCLogDebug!("NEW CHUNK: chunk_size {} fill_bytes {}", chunk_size, fill_bytes);
SCLogDebug!("NEW CHUNK IS OOO: expected {}, got {}", self.tracked, chunk_offset);
if is_last {
SCLogDebug!("last chunk is out of order, this means we missed data before");
- self.trunc(config, files, flags);
+ self.trunc(config);
}
self.chunk_is_ooo = true;
self.cur_ooo_chunk_offset = chunk_offset;
if !self.file_open {
SCLogDebug!("NEW CHUNK: FILE OPEN");
self.track_id = *xid;
- self.open(config, files, flags, name);
+ self.open(config, name);
}
if self.file_open {
- let res = self.update(config, files, flags, data, 0);
+ let res = self.update(config, data, 0);
SCLogDebug!("NEW CHUNK: update res {:?}", res);
return res;
}
/// update the file tracker
/// If gap_size > 0 'data' should not be used.
/// return how much we consumed of data
- pub fn update(&mut self, config: &'static SuricataFileContext,
- files: &mut FileContainer, flags: u16, data: &[u8], gap_size: u32) -> u32
+ pub fn update(&mut self, config: &'static SuricataFileContext, data: &[u8], gap_size: u32) -> u32
{
if self.file_is_truncated {
let consumed = std::cmp::min(data.len() as u32, self.chunk_left);
//SCLogDebug!("UPDATE: nothing to do");
if self.chunk_is_last {
SCLogDebug!("last empty chunk, closing");
- self.close(config, files, flags);
+ self.close(config);
self.chunk_is_last = false;
}
return 0
let d = &data[0..self.chunk_left as usize];
if !self.chunk_is_ooo {
- let res = files.file_append(config, &self.track_id, d, is_gap);
+ let res = self.file.file_append(config, &self.track_id, d, is_gap);
match res {
0 => { },
-2 => {
Some(c) => {
self.in_flight -= c.chunk.len() as u64;
- let res = files.file_append(config, &self.track_id, &c.chunk, c.contains_gap);
+ let res = self.file.file_append(config, &self.track_id, &c.chunk, c.contains_gap);
match res {
0 => { },
-2 => {
}
if self.chunk_is_last {
SCLogDebug!("last chunk, closing");
- self.close(config, files, flags);
+ self.close(config);
self.chunk_is_last = false;
} else {
SCLogDebug!("NOT last chunk, keep going");
} else {
if !self.chunk_is_ooo {
- let res = files.file_append(config, &self.track_id, data, is_gap);
+ let res = self.file.file_append(config, &self.track_id, data, is_gap);
match res {
0 => { },
-2 => {
pub tx_data: AppLayerTxData,
pub ft_tc: FileTransferTracker,
- ft_ts: FileTransferTracker,
+ pub ft_ts: FileTransferTracker,
//temporary escaped header for detection
//must be attached to transaction for memory management (be freed at the right time)
pub escaped: Vec<Vec<u8>>,
-
- pub files: Files,
}
impl Transaction for HTTP2Transaction {
ft_tc: FileTransferTracker::new(),
ft_ts: FileTransferTracker::new(),
escaped: Vec::with_capacity(16),
- files: Files::default(),
}
}
}
pub fn update_file_flags(&mut self, flow_file_flags: u16) {
- self.files.flags_ts = unsafe { FileFlowFlagsToFlags(flow_file_flags, STREAM_TOSERVER) | FILE_USE_DETECT };
- self.files.flags_tc = unsafe { FileFlowFlagsToFlags(flow_file_flags, STREAM_TOCLIENT) | FILE_USE_DETECT };
+ self.ft_ts.file_flags = unsafe { FileFlowFlagsToFlags(flow_file_flags, STREAM_TOSERVER) | FILE_USE_DETECT };
+ self.ft_tc.file_flags = unsafe { FileFlowFlagsToFlags(flow_file_flags, STREAM_TOCLIENT) | FILE_USE_DETECT };
}
fn decompress<'a>(
range::http2_range_append(sfcm, self.file_range, decompressed)
}
}
- let (files, flags) = self.files.get(Direction::ToClient);
self.ft_tc.new_chunk(
sfcm,
- files,
- flags,
b"",
decompressed,
self.ft_tc.tracked, //offset = append
if !self.ft_ts.file_open {
self.tx_data.incr_files_opened();
}
- let (files, flags) = self.files.get(Direction::ToServer);
self.ft_ts.new_chunk(
sfcm,
- files,
- flags,
b"",
decompressed,
self.ft_ts.tracked, //offset = append
impl Drop for HTTP2Transaction {
fn drop(&mut self) {
if let Some(sfcm) = unsafe { SURICATA_HTTP2_FILE_CONFIG } {
- self.files.files_ts.free(sfcm);
- self.files.files_tc.free(sfcm);
+ self.ft_ts.file.free(sfcm);
+ self.ft_tc.file.free(sfcm);
}
self.free();
}
if let Some(sfcm) = unsafe { SURICATA_HTTP2_FILE_CONFIG } {
(c.HTPFileCloseHandleRange)(
sfcm.files_sbcfg,
- &mut tx.files.files_tc,
+ &mut tx.ft_tc.file,
0,
tx.file_range,
std::ptr::null_mut(),
if let Some(sfcm) = unsafe { SURICATA_HTTP2_FILE_CONFIG } {
(c.HTPFileCloseHandleRange)(
sfcm.files_sbcfg,
- &mut tx.files.files_tc,
+ &mut tx.ft_tc.file,
0,
tx.file_range,
std::ptr::null_mut(),
tx: *mut std::os::raw::c_void, direction: u8,
) -> AppLayerGetFileState {
let tx = cast_pointer!(tx, HTTP2Transaction);
- let (files, _flags) = tx.files.get(direction.into());
if let Some(sfcm) = { SURICATA_HTTP2_FILE_CONFIG } {
- return AppLayerGetFileState { fc: files, cfg: sfcm.files_sbcfg }
+ if direction & STREAM_TOSERVER != 0 {
+ return AppLayerGetFileState { fc: &mut tx.ft_ts.file, cfg: sfcm.files_sbcfg }
+ } else {
+ return AppLayerGetFileState { fc: &mut tx.ft_tc.file, cfg: sfcm.files_sbcfg }
+ }
}
AppLayerGetFileState::err()
}
// whole file in one range
return;
}
- let (_, flags) = tx.files.get(dir);
+ let flags = if dir == Direction::ToServer { tx.ft_ts.file_flags } else { tx.ft_tc.file_flags };
if let Ok((key, index)) = http2_range_key_get(tx) {
let name = &key[index..];
tx.file_range = unsafe {
) {
let added = if let Some(c) = unsafe { SC } {
if let Some(sfcm) = unsafe { SURICATA_HTTP2_FILE_CONFIG } {
- let (files, flags) = tx.files.get(dir);
+ let (files, flags) = if dir == Direction::ToServer {
+ (&mut tx.ft_ts.file, tx.ft_ts.file_flags)
+ } else {
+ (&mut tx.ft_tc.file, tx.ft_tc.file_flags)
+ };
let added = (c.HTPFileCloseHandleRange)(
sfcm.files_sbcfg,
files,
#[derive(Default, Debug)]
pub struct NFSTransactionFile {
+ /// file transactions are unidirectional in the sense that they track
+ /// a single file on one direction
+ pub direction: Direction, // Direction::ToClient or Direction::ToServer
+
/// additional procedures part of a single file transfer. Currently
/// only COMMIT on WRITEs.
pub file_additional_procs: Vec<u32>,
/// file tracker for a single file. Boxed so that we don't use
/// as much space if we're not a file tx.
pub file_tracker: FileTransferTracker,
-
- /// storage for the actual file
- pub files: Files,
}
impl NFSTransactionFile {
}
}
pub fn update_file_flags(&mut self, flow_file_flags: u16) {
- self.files.flags_ts = unsafe { FileFlowFlagsToFlags(flow_file_flags, STREAM_TOSERVER) | FILE_USE_DETECT };
- self.files.flags_tc = unsafe { FileFlowFlagsToFlags(flow_file_flags, STREAM_TOCLIENT) | FILE_USE_DETECT };
+ let dir_flag = if self.direction == Direction::ToServer { STREAM_TOSERVER } else { STREAM_TOCLIENT };
+ self.file_tracker.file_flags = unsafe { FileFlowFlagsToFlags(flow_file_flags, dir_flag) | FILE_USE_DETECT };
}
}
pub unsafe extern "C" fn rs_nfs_gettxfiles(_state: *mut std::ffi::c_void, tx: *mut std::ffi::c_void, direction: u8) -> AppLayerGetFileState {
let tx = cast_pointer!(tx, NFSTransaction);
if let Some(NFSTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, _flags) = tdf.files.get(direction.into());
- if let Some(sfcm) = { SURICATA_NFS_FILE_CONFIG } {
- return AppLayerGetFileState { fc: files, cfg: sfcm.files_sbcfg }
+ let tx_dir : u8 = tdf.direction.into();
+ if direction & tx_dir != 0 {
+ if let Some(sfcm) = { SURICATA_NFS_FILE_CONFIG } {
+ return AppLayerGetFileState { fc: &mut tdf.file_tracker.file, cfg: sfcm.files_sbcfg }
+ }
}
}
AppLayerGetFileState::err()
/// is a special file tx that we look up by file_handle instead of XID
pub is_file_tx: bool,
pub is_file_closed: bool,
- /// file transactions are unidirectional in the sense that they track
- /// a single file on one direction
- pub file_tx_direction: Direction, // Direction::ToClient or Direction::ToServer
pub file_handle: Vec<u8>,
/// Procedure type specific data
nfs_version:0,
is_file_tx: false,
is_file_closed: false,
- file_tx_direction: Direction::ToServer,
file_handle:Vec::new(),
type_data: None,
tx_data: AppLayerTxData::new(),
fn drop(&mut self) {
if let Some(NFSTransactionTypeData::FILE(ref mut tdf)) = self.type_data {
if let Some(sfcm) = unsafe { SURICATA_NFS_FILE_CONFIG } {
- tdf.files.files_ts.free(sfcm);
- tdf.files.files_tc.free(sfcm);
+ tdf.file_tracker.file.free(sfcm);
}
}
self.free();
}
/// little wrapper around the FileTransferTracker::new_chunk method
-pub fn filetracker_newchunk(ft: &mut FileTransferTracker, files: &mut FileContainer,
- flags: u16, name: &[u8], data: &[u8],
+pub fn filetracker_newchunk(ft: &mut FileTransferTracker, name: &[u8], data: &[u8],
chunk_offset: u64, chunk_size: u32, fill_bytes: u8, is_last: bool, xid: &u32)
{
if let Some(sfcm) = unsafe { SURICATA_NFS_FILE_CONFIG } {
- ft.new_chunk(sfcm, files, flags, name, data, chunk_offset,
+ ft.new_chunk(sfcm, name, data, chunk_offset,
chunk_size, fill_bytes, is_last, xid);
}
}
-fn filetracker_trunc(ft: &mut FileTransferTracker, files: &mut FileContainer,
- flags: u16)
+fn filetracker_trunc(ft: &mut FileTransferTracker)
{
if let Some(sfcm) = unsafe { SURICATA_NFS_FILE_CONFIG } {
- ft.trunc(sfcm, files, flags);
+ ft.trunc(sfcm);
}
}
-pub fn filetracker_close(ft: &mut FileTransferTracker, files: &mut FileContainer,
- flags: u16)
+pub fn filetracker_close(ft: &mut FileTransferTracker)
{
if let Some(sfcm) = unsafe { SURICATA_NFS_FILE_CONFIG } {
- ft.close(sfcm, files, flags);
+ ft.close(sfcm);
}
}
-fn filetracker_update(ft: &mut FileTransferTracker, files: &mut FileContainer,
- flags: u16, data: &[u8], gap_size: u32) -> u32
+fn filetracker_update(ft: &mut FileTransferTracker, data: &[u8], gap_size: u32) -> u32
{
if let Some(sfcm) = unsafe { SURICATA_NFS_FILE_CONFIG } {
- ft.update(sfcm, files, flags, data, gap_size)
+ ft.update(sfcm, data, gap_size)
} else {
0
}
if self.ts > f.post_gap_ts {
tx.request_done = true;
tx.response_done = true;
- let (files, flags) = f.files.get(tx.file_tx_direction);
- filetracker_trunc(&mut f.file_tracker, files, flags);
+ filetracker_trunc(&mut f.file_tracker);
} else {
post_gap_txs = true;
}
tx.file_name = file_name.to_vec();
tx.file_handle = file_handle.to_vec();
tx.is_file_tx = true;
- tx.file_tx_direction = direction;
tx.type_data = Some(NFSTransactionTypeData::FILE(NFSTransactionFile::new()));
if let Some(NFSTransactionTypeData::FILE(ref mut d)) = tx.type_data {
+ d.direction = direction;
d.file_tracker.tx_id = tx.id - 1;
tx.tx_data.update_file_flags(self.state_data.file_flags);
d.update_file_flags(tx.tx_data.file_flags);
for tx in &mut self.transactions {
if let Some(NFSTransactionTypeData::FILE(ref mut d)) = tx.type_data {
if tx.is_file_tx && !tx.is_file_closed &&
- direction == tx.file_tx_direction &&
+ direction == d.direction &&
tx.file_handle == fh
{
tx.tx_data.update_file_flags(self.state_data.file_flags);
let found = match self.get_file_tx_by_handle(&file_handle, Direction::ToServer) {
Some(tx) => {
if let Some(NFSTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(Direction::ToServer);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, w.file_data, w.offset,
w.file_len, fill_bytes as u8, is_last, &r.hdr.xid);
tdf.chunk_count += 1;
if !found {
let tx = self.new_file_tx(&file_handle, &file_name, Direction::ToServer);
if let Some(NFSTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(Direction::ToServer);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, w.file_data, w.offset,
w.file_len, fill_bytes as u8, is_last, &r.hdr.xid);
tx.procedure = NFSPROC3_WRITE;
let consumed = match self.get_file_tx_by_handle(&file_handle, direction) {
Some(tx) => {
if let Some(NFSTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(direction);
if ssn_gap {
let queued_data = tdf.file_tracker.get_queued_size();
if queued_data > 2000000 { // TODO should probably be configurable
SCLogDebug!("QUEUED size {} while we've seen GAPs. Truncating file.", queued_data);
- filetracker_trunc(&mut tdf.file_tracker, files, flags);
+ filetracker_trunc(&mut tdf.file_tracker);
}
}
}
tdf.chunk_count += 1;
- let cs = filetracker_update(&mut tdf.file_tracker, files, flags, data, gap_size);
+ let cs = filetracker_update(&mut tdf.file_tracker, data, gap_size);
/* see if we need to close the tx */
if tdf.file_tracker.is_done() {
if direction == Direction::ToClient {
Some(tx) => {
SCLogDebug!("updated TX {:?}", tx);
if let Some(NFSTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(Direction::ToClient);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, reply.data, chunk_offset,
reply.count, fill_bytes as u8, is_last, &r.hdr.xid);
tdf.chunk_count += 1;
if !found {
let tx = self.new_file_tx(&file_handle, &file_name, Direction::ToClient);
if let Some(NFSTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(Direction::ToClient);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, reply.data, chunk_offset,
reply.count, fill_bytes as u8, is_last, &r.hdr.xid);
tx.procedure = if nfs_version < 4 { NFSPROC3_READ } else { NFSPROC4_READ };
let file_handle = rd.handle.value.to_vec();
if let Some(tx) = self.get_file_tx_by_handle(&file_handle, Direction::ToServer) {
if let Some(NFSTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(Direction::ToServer);
tdf.chunk_count += 1;
tdf.file_additional_procs.push(NFSPROC3_COMMIT);
- filetracker_close(&mut tdf.file_tracker, files, flags);
+ filetracker_close(&mut tdf.file_tracker);
tdf.file_last_xid = r.hdr.xid;
tx.is_last = true;
tx.request_done = true;
let found = match self.get_file_tx_by_handle(&file_handle, Direction::ToServer) {
Some(tx) => {
if let Some(NFSTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(Direction::ToServer);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, w.data, w.offset,
w.write_len, fill_bytes as u8, is_last, &r.hdr.xid);
tdf.chunk_count += 1;
if !found {
let tx = self.new_file_tx(&file_handle, &file_name, Direction::ToServer);
if let Some(NFSTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(Direction::ToServer);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, w.data, w.offset,
w.write_len, fill_bytes as u8, is_last, &r.hdr.xid);
tx.procedure = NFSPROC4_WRITE;
let file_handle = fh.to_vec();
if let Some(tx) = self.get_file_tx_by_handle(&file_handle, Direction::ToServer) {
if let Some(NFSTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(Direction::ToServer);
- filetracker_close(&mut tdf.file_tracker, files, flags);
+ filetracker_close(&mut tdf.file_tracker);
tdf.file_last_xid = r.hdr.xid;
tx.is_last = true;
tx.request_done = true;
/// after a gap, this will be set to a time in the future. If the file
/// receives no updates before that, it will be considered complete.
pub post_gap_ts: u64,
- pub files: Files,
+ //pub files: Files,
}
impl SMBTransactionFile {
}
pub fn update_file_flags(&mut self, flow_file_flags: u16) {
- self.files.flags_ts = unsafe { FileFlowFlagsToFlags(flow_file_flags, STREAM_TOSERVER) | FILE_USE_DETECT };
- self.files.flags_tc = unsafe { FileFlowFlagsToFlags(flow_file_flags, STREAM_TOCLIENT) | FILE_USE_DETECT };
+ let dir_flag = if self.direction == Direction::ToServer { STREAM_TOSERVER } else { STREAM_TOCLIENT };
+ self.file_tracker.file_flags = unsafe { FileFlowFlagsToFlags(flow_file_flags, dir_flag) | FILE_USE_DETECT };
}
}
/// little wrapper around the FileTransferTracker::new_chunk method
-pub fn filetracker_newchunk(ft: &mut FileTransferTracker, files: &mut FileContainer,
- flags: u16, name: &[u8], data: &[u8],
+pub fn filetracker_newchunk(ft: &mut FileTransferTracker, name: &[u8], data: &[u8],
chunk_offset: u64, chunk_size: u32, is_last: bool, xid: &u32)
{
if let Some(sfcm) = unsafe { SURICATA_SMB_FILE_CONFIG } {
- ft.new_chunk(sfcm, files, flags, name, data, chunk_offset,
+ ft.new_chunk(sfcm, name, data, chunk_offset,
chunk_size, 0, is_last, xid);
}
}
-pub fn filetracker_trunc(ft: &mut FileTransferTracker, files: &mut FileContainer,
- flags: u16)
+pub fn filetracker_trunc(ft: &mut FileTransferTracker)
{
if let Some(sfcm) = unsafe { SURICATA_SMB_FILE_CONFIG } {
- ft.trunc(sfcm, files, flags);
+ ft.trunc(sfcm);
}
}
-pub fn filetracker_close(ft: &mut FileTransferTracker, files: &mut FileContainer,
- flags: u16)
+pub fn filetracker_close(ft: &mut FileTransferTracker)
{
if let Some(sfcm) = unsafe { SURICATA_SMB_FILE_CONFIG } {
- ft.close(sfcm, files, flags);
+ ft.close(sfcm);
}
}
-fn filetracker_update(ft: &mut FileTransferTracker, files: &mut FileContainer,
- flags: u16, data: &[u8], gap_size: u32) -> u32
+fn filetracker_update(ft: &mut FileTransferTracker, data: &[u8], gap_size: u32) -> u32
{
if let Some(sfcm) = unsafe { SURICATA_SMB_FILE_CONFIG } {
- ft.update(sfcm, files, flags, data, gap_size)
+ ft.update(sfcm, data, gap_size)
} else {
0
}
let consumed = match self.get_file_tx_by_fuid(&file_handle, direction) {
Some(tx) => {
if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(direction);
if ssn_gap {
let queued_data = tdf.file_tracker.get_queued_size();
if queued_data > 2000000 { // TODO should probably be configurable
SCLogDebug!("QUEUED size {} while we've seen GAPs. Truncating file.", queued_data);
- filetracker_trunc(&mut tdf.file_tracker, files, flags);
+ filetracker_trunc(&mut tdf.file_tracker);
}
}
}
let file_data = &data[0..data_to_handle_len];
- filetracker_update(&mut tdf.file_tracker, files, flags, file_data, gap_size)
+ filetracker_update(&mut tdf.file_tracker, file_data, gap_size)
} else {
0
}
pub unsafe extern "C" fn rs_smb_gettxfiles(_state: *mut std::ffi::c_void, tx: *mut std::ffi::c_void, direction: u8) -> AppLayerGetFileState {
let tx = cast_pointer!(tx, SMBTransaction);
if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, _flags) = tdf.files.get(direction.into());
- if let Some(sfcm) = { SURICATA_SMB_FILE_CONFIG } {
- return AppLayerGetFileState { fc: files, cfg: sfcm.files_sbcfg }
+ let tx_dir : u8 = tdf.direction.into();
+ if direction & tx_dir != 0 {
+ if let Some(sfcm) = { SURICATA_SMB_FILE_CONFIG } {
+ return AppLayerGetFileState { fc: &mut tdf.file_tracker.file, cfg: sfcm.files_sbcfg }
+ }
}
}
AppLayerGetFileState::err()
fn drop(&mut self) {
if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = self.type_data {
if let Some(sfcm) = unsafe { SURICATA_SMB_FILE_CONFIG } {
- tdf.files.files_ts.free(sfcm);
- tdf.files.files_tc.free(sfcm);
+ tdf.file_tracker.file.free(sfcm);
}
}
self.free();
if self.ts > f.post_gap_ts {
tx.request_done = true;
tx.response_done = true;
- let (files, flags) = f.files.get(f.direction);
- filetracker_trunc(&mut f.file_tracker, files, flags);
+ filetracker_trunc(&mut f.file_tracker);
} else {
post_gap_txs = true;
}
if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
if !tx.request_done {
SCLogDebug!("closing file tx {} FID {:?}", tx.id, fid);
- let (files, flags) = tdf.files.get(direction);
- filetracker_close(&mut tdf.file_tracker, files, flags);
+ filetracker_close(&mut tdf.file_tracker);
tx.request_done = true;
tx.response_done = true;
SCLogDebug!("tx {} is done", tx.id);
if rd.offset < tdf.file_tracker.tracked {
set_event_fileoverlap = true;
}
- let (files, flags) = tdf.files.get(Direction::ToServer);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, rd.data, rd.offset,
rd.len, false, &file_id);
SCLogDebug!("FID {:?} found at tx {} => {:?}", file_fid, tx.id, tx);
if rd.offset < tdf.file_tracker.tracked {
set_event_fileoverlap = true;
}
- let (files, flags) = tdf.files.get(Direction::ToServer);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, rd.data, rd.offset,
rd.len, false, &file_id);
tdf.share_name = share_name;
- SCLogDebug!("files {:?}", files);
SCLogDebug!("tdf {:?}", tdf);
}
tx.vercmd.set_smb1_cmd(SMB1_COMMAND_WRITE_ANDX);
if offset < tdf.file_tracker.tracked {
set_event_fileoverlap = true;
}
- let (files, flags) = tdf.files.get(Direction::ToClient);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, rd.data, offset,
rd.len, false, &file_id);
}
if offset < tdf.file_tracker.tracked {
set_event_fileoverlap = true;
}
- let (files, flags) = tdf.files.get(Direction::ToClient);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, rd.data, offset,
rd.len, false, &file_id);
tdf.share_name = share_name;
state.set_event(SMBEvent::ReadQueueCntExceeded);
state.set_skip(Direction::ToClient, rd.len, rd.data.len() as u32);
} else {
- let (files, flags) = tdf.files.get(Direction::ToClient);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&tdf.file_name, rd.data, offset,
rd.len, false, &file_id);
}
state.set_event(SMBEvent::ReadQueueCntExceeded);
state.set_skip(Direction::ToClient, rd.len, rd.data.len() as u32);
} else {
- let (files, flags) = tdf.files.get(Direction::ToClient);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, rd.data, offset,
rd.len, false, &file_id);
}
state.set_event(SMBEvent::WriteQueueCntExceeded);
state.set_skip(Direction::ToServer, wr.wr_len, wr.data.len() as u32);
} else {
- let (files, flags) = tdf.files.get(Direction::ToServer);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, wr.data, wr.wr_offset,
wr.wr_len, false, &file_id);
}
state.set_event(SMBEvent::WriteQueueCntExceeded);
state.set_skip(Direction::ToServer, wr.wr_len, wr.data.len() as u32);
} else {
- let (files, flags) = tdf.files.get(Direction::ToServer);
- filetracker_newchunk(&mut tdf.file_tracker, files, flags,
+ filetracker_newchunk(&mut tdf.file_tracker,
&file_name, wr.data, wr.wr_offset,
wr.wr_len, false, &file_id);
}
Some(tx) => {
if !tx.request_done {
if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(Direction::ToServer);
- filetracker_close(&mut tdf.file_tracker, files, flags);
+ filetracker_close(&mut tdf.file_tracker);
}
}
tx.request_done = true;
Some(tx) => {
if !tx.request_done {
if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(Direction::ToClient);
- filetracker_close(&mut tdf.file_tracker, files, flags);
+ filetracker_close(&mut tdf.file_tracker);
}
}
tx.request_done = true;
Some(tx) => {
if !tx.request_done {
if let Some(SMBTransactionTypeData::FILE(ref mut tdf)) = tx.type_data {
- let (files, flags) = tdf.files.get(Direction::ToClient);
- filetracker_close(&mut tdf.file_tracker, files, flags);
+ filetracker_close(&mut tdf.file_tracker);
}
}
tx.set_status(r.nt_status, false);
projects / thirdparty / suricata.git / commitdiff
