file logging: fix bad end of file check

File storage could end file storing when the logger was invoked
while no new data chunks were available.

diff --git a/src/output-filedata.c b/src/output-filedata.c
index 9818339dfc3768d6937792c5aeb645727e2374b5..1e19cc9f7ef706a6a674ce71ef7454a6f4cbc85e 100644 (file)
--- a/src/output-filedata.c
+++ b/src/output-filedata.c
@@ -191,7 +191,7 @@ static TmEcode OutputFiledataLog(ThreadVars *tv, Packet *p, void *thread_data, P
                  * case we already logged the current ffd, which
                  * is the last in our list. */
                 if (ffd->stored == 1) {
-                    if (!(file_close == 1 || ffd->next == NULL)) {
+                    if (!(file_close == 1 && ffd->next == NULL)) {
                         continue;
                     }
 
@@ -199,6 +199,7 @@ static TmEcode OutputFiledataLog(ThreadVars *tv, Packet *p, void *thread_data, P
                     // so really a 'close' msg
                     write_ffd = NULL;
                     flags |= OUTPUT_FILEDATA_FLAG_CLOSE;
+                    SCLogDebug("OUTPUT_FILEDATA_FLAG_CLOSE set");
                 }
 
                 /* store */
@@ -216,13 +217,17 @@ static TmEcode OutputFiledataLog(ThreadVars *tv, Packet *p, void *thread_data, P
                  * loggers */
                 if ((file_close || file_trunc) && ff->state < FILE_STATE_CLOSED) {
                     ff->state = FILE_STATE_TRUNCATED;
+                    SCLogDebug("ff->state = FILE_STATE_TRUNCATED set");
                 }
 
                 /* for the last data chunk we have, also tell the logger
                  * we're closing up */
-                if (ffd->next == NULL && ff->state >= FILE_STATE_CLOSED)
+                if (ffd->next == NULL && ff->state >= FILE_STATE_CLOSED) {
                     flags |= OUTPUT_FILEDATA_FLAG_CLOSE;
+                    SCLogDebug("OUTPUT_FILEDATA_FLAG_CLOSE set");
+                }
 
+                SCLogDebug("ff %p ffd %p flags %02x", ff, write_ffd, flags);
                 /* do the actual logging */
                 file_logged = CallLoggers(tv, store, p, ff, write_ffd, flags);