From: Lokesh Bevinamarad (lbevinam) Date: Tue, 5 Oct 2021 06:12:33 +0000 (+0000) Subject: Merge pull request #3077 in SNORT/snort3 from ~ROOBS/snort3:packet_tracer_config... X-Git-Tag: 3.1.14.0~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09c189e5fc09c3a0b444c23d0825df2a0cee166b;p=thirdparty%2Fsnort3.git Merge pull request #3077 in SNORT/snort3 from ~ROOBS/snort3:packet_tracer_config to master Squashed commit of the following: commit 0a1add665730f5f1f5fcfb35e76fc20d539d1bc7 Author: roopa Date: Thu Sep 23 08:47:46 2021 -0400 file: Added file policy id and other config data as part of packet tracer command under File phase. --- diff --git a/src/file_api/file_flows.cc b/src/file_api/file_flows.cc index 9f1c24ff1..df7ad70ec 100644 --- a/src/file_api/file_flows.cc +++ b/src/file_api/file_flows.cc @@ -75,14 +75,18 @@ static void populate_trace_data(FileContext* context) context->print_file_name(ss); std::string file_name = ss.str(); - PacketTracer::daq_log("file+%" PRId64"++File Type[%s]/File ID[%lu] with name[%s] and size[%lu] detected." - "File SHA is [%s], with verdict[%s]$", + PacketTracer::daq_log("file+%" PRId64"+Matched policy id %u, identification %s, signature %s, capture %s+" + "File with ID %lu, name %s, type %s, size %lu, SHA %s detected. Verdict %s.$", TO_NSECS(pt_timer->get()), - file_type_name(context->get_file_type()).c_str(), + context->get_policy_id(), + ((context->is_file_type_enabled() || context->get_file_type() || context->get_file_sig_sha256()) ? "" : ""), + ((context->is_file_signature_enabled() || context->get_file_sig_sha256()) ? "" : ""), + (context->is_file_capture_enabled() ? "" : ""), context->get_file_id(), - file_name.c_str(), + (file_name.empty() ? "" : file_name.c_str()), + file_type_name(context->get_file_type()).c_str(), context->get_file_size(), - (context->get_file_sig_sha256() ? context->sha_to_string(context->get_file_sig_sha256()).c_str(): "null"), + (context->get_file_sig_sha256() ? context->sha_to_string(context->get_file_sig_sha256()).c_str(): ""), VerdictName[context->verdict].c_str()); } diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc index 9ea1d1e77..68395bb06 100644 --- a/src/file_api/file_lib.cc +++ b/src/file_api/file_lib.cc @@ -259,6 +259,16 @@ bool FileInfo::is_file_capture_enabled() return file_capture_enabled; } +void FileInfo::set_policy_id(uint32_t id) +{ + policy_id = id; +} + +uint32_t FileInfo::get_policy_id() +{ + return policy_id; +} + FileCaptureState FileInfo::reserve_file(FileCapture*& dest) { if (!file_capture) diff --git a/src/file_api/file_lib.h b/src/file_api/file_lib.h index d57824a93..c24b3ea46 100644 --- a/src/file_api/file_lib.h +++ b/src/file_api/file_lib.h @@ -77,6 +77,8 @@ public: bool is_file_signature_enabled(); void config_file_capture(bool enabled); bool is_file_capture_enabled(); + void set_policy_id(uint32_t id); + uint32_t get_policy_id(); // Preserve the file in memory until it is released // The file reserved will be returned and it will be detached from file context/session @@ -104,6 +106,7 @@ protected: bool file_signature_enabled = false; bool file_capture_enabled = false; FileState file_state = { FILE_CAPTURE_SUCCESS, FILE_SIG_PROCESSING }; + uint32_t policy_id = 0; private: void copy(const FileInfo& other); diff --git a/src/file_api/file_policy.cc b/src/file_api/file_policy.cc index 86d93957d..af81d0bba 100644 --- a/src/file_api/file_policy.cc +++ b/src/file_api/file_policy.cc @@ -172,6 +172,7 @@ void FilePolicy::policy_check(Flow*, FileInfo* file) file->config_file_type(type_enabled); file->config_file_signature(signature_enabled); file->config_file_capture(capture_enabled); + file->set_policy_id(0); } FileVerdict FilePolicy::type_lookup(Packet*, FileInfo* file)