Pull request #4859: file_api: copy cacheable property to new context from cached...

author Veera Reddy Evuri (vevuri) <vevuri@cisco.com>

Wed, 12 Nov 2025 16:57:03 +0000 (16:57 +0000)

committer Steve Chew (stechew) <stechew@cisco.com>

Wed, 12 Nov 2025 16:57:03 +0000 (16:57 +0000)
author Veera Reddy Evuri (vevuri) <vevuri@cisco.com>
Wed, 12 Nov 2025 16:57:03 +0000 (16:57 +0000)
committer Steve Chew (stechew) <stechew@cisco.com>
Wed, 12 Nov 2025 16:57:03 +0000 (16:57 +0000)
diff --git a/src/file_api/file_cache.cc b/src/file_api/file_cache.cc

index b39b80c8ade4ed7ac578203148115e45cf499c32..2f70c0b4c05563f38bd27e3b2fe61569882109a8 100644 (file)
--- a/src/file_api/file_cache.cc
+++ b/src/file_api/file_cache.cc
@@ -351,7 +351,7 @@ void FileCache::publish_file_cache_event(Flow* flow, FileInfo* file, int64_t tim
      }
  }
  
-int FileCache::store_verdict(Flow* flow, FileInfo* file, int64_t timeout, bool &cache_full)
+int FileCache::store_verdict(Flow* flow, FileInfo* file, int64_t timeout, bool &cache_full, bool is_cacheable)
  {
      assert(file);
      uint64_t file_id = file->get_file_id();
@@ -370,6 +370,9 @@ int FileCache::store_verdict(Flow* flow, FileInfo* file, int64_t timeout, bool &
          publish_file_cache_event(flow, file, cache_expire);
          *((FileInfo*)(file_got)) = *file;
  
+        if (file != file_got and not is_cacheable)
+            file_got->set_not_cacheable();
+
          if (FILE_VERDICT_PENDING == file->verdict and file != file_got)
          {
              if (file->get_file_data() and !file_got->get_file_data())
@@ -512,7 +515,7 @@ bool FileCache::apply_verdict(Packet* p, FileContext* file_ctx, FileVerdict verd
  
              if (resume)
                  policy->log_file_action(flow, file_ctx, FILE_RESUME_BLOCK);
-            else if (store_verdict(flow, file_ctx, lookup_timeout, cache_full) != 0)
+            else if (store_verdict(flow, file_ctx, lookup_timeout, cache_full, file_ctx->is_cacheable()) != 0)
              {
                  if (cache_full)
                  {
@@ -547,9 +550,9 @@ bool FileCache::apply_verdict(Packet* p, FileContext* file_ctx, FileVerdict verd
          file_ctx->log_file_event(flow, policy);
          policy->log_file_action(flow, file_ctx, FILE_RESUME_BLOCK);
      }
-    else if (file_ctx->is_cacheable())
+    else if (bool is_cacheable = file_ctx->is_cacheable())
      {
-        if (store_verdict(flow, file_ctx, block_timeout, cache_full) != 0)
+        if (store_verdict(flow, file_ctx, block_timeout, cache_full, is_cacheable) != 0)
          {
              if (PacketTracer::is_active())
              {
diff --git a/src/file_api/file_cache.h b/src/file_api/file_cache.h

index 8c7ed5db17dacf8fee423caff374975bf87c2ab2..1903332ba8708ced678ed636cf3e23952cc1f77c 100644 (file)
--- a/src/file_api/file_cache.h
+++ b/src/file_api/file_cache.h
@@ -72,7 +72,7 @@ private:
      snort::FileContext* get_file(snort::Flow*, uint64_t file_id, bool to_create,
          int64_t timeout, bool using_cache_entry, bool &cache_full, int64_t& cache_expire);
      FileVerdict check_verdict(snort::Packet*, snort::FileInfo*, snort::FilePolicyBase*,const uint8_t* current_data, uint32_t current_data_len);
-    int store_verdict(snort::Flow*, snort::FileInfo*, int64_t timeout, bool &cache_full);
+    int store_verdict(snort::Flow*, snort::FileInfo*, int64_t timeout, bool &cache_full, bool is_cacheable);
      void publish_file_cache_event(snort::Flow* flow, snort::FileInfo* file, int64_t timeout);
  
      /* The hash table of expected files */
diff --git a/src/file_api/file_flows.cc b/src/file_api/file_flows.cc

index de855e5bb53d035ae78a0e5dacebaaef0a7930f4..b1950de7c93bd6fb2ec6ebc734e3f033b2506ff6 100644 (file)
--- a/src/file_api/file_flows.cc
+++ b/src/file_api/file_flows.cc
@@ -459,6 +459,13 @@ bool FileFlows::file_process(Packet* p, const uint8_t* file_data, int data_size,
          PacketTracer::restart_timer();
  
      context = find_main_file_context(position, direction, file_index);
+    FileCache* file_cache = FileService::get_file_cache();
+    if (file_cache)
+    {
+        FileContext *cached_context = file_cache->get_file(flow, file_index, false, false);
+        if (cached_context and not cached_context->is_cacheable())
+            context->set_not_cacheable();
+    }
  
      set_current_file_context(context);
      context->set_weak_file_name((const char*)fname, name_size);
diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc

index 438c99736a8946d5524e4f45f1ecc6c1c015697a..1a1cbee556030e7b5795b068303b7eda90ac534c 100644 (file)
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -122,7 +122,8 @@ void FileInfo::copy(const FileInfo& other, bool clear_data)
  
      if (other.sha256)
      {
-        sha256 = new uint8_t[SHA256_HASH_SIZE];
+        if (!sha256)
+            sha256 = new uint8_t[SHA256_HASH_SIZE];
          memcpy( (char*)sha256, (const char*)other.sha256, SHA256_HASH_SIZE);
      }
author	Veera Reddy Evuri (vevuri) <vevuri@cisco.com>
	Wed, 12 Nov 2025 16:57:03 +0000 (16:57 +0000)
committer	Steve Chew (stechew) <stechew@cisco.com>
	Wed, 12 Nov 2025 16:57:03 +0000 (16:57 +0000)
src/file_api/file_cache.cc		patch \| blob \| blame \| history
src/file_api/file_cache.h		patch \| blob \| blame \| history
src/file_api/file_flows.cc		patch \| blob \| blame \| history
src/file_api/file_lib.cc		patch \| blob \| blame \| history