From: Mike Stepanek (mstepane) <mstepane@cisco.com>
Date: Tue, 13 Aug 2019 13:26:21 +0000 (-0400)
Subject: Merge pull request #1708 in SNORT/snort3 from ~KATHARVE/snort3:file_event to master
X-Git-Tag: 3.0.0-259~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9731e4dab923835b4b7d6e9f1fb8ff6dba700d95;p=thirdparty%2Fsnort3.git

Merge pull request #1708 in SNORT/snort3 from ~KATHARVE/snort3:file_event to master

Squashed commit of the following:

commit ae5ed70fc70d303bea716effcd6d4a66fb6d05a8
Author: Katura Harvey <katharve@cisco.com>
Date:   Fri Aug 2 13:46:19 2019 -0400

    file_api: generate events each time file is seen, not just first time
---

diff --git a/src/file_api/file_cache.cc b/src/file_api/file_cache.cc
index 3d7a01845..ea25c488f 100644
--- a/src/file_api/file_cache.cc
+++ b/src/file_api/file_cache.cc
@@ -350,7 +350,10 @@ bool FileCache::apply_verdict(Packet* p, FileContext* file_ctx, FileVerdict verd
     }
 
     if (resume)
+    {
+        file_ctx->log_file_event(flow, policy);
         policy->log_file_action(flow, file_ctx, FILE_RESUME_BLOCK);
+    }
     else
         store_verdict(flow, file_ctx, block_timeout);
 
@@ -375,6 +378,8 @@ FileVerdict FileCache::cached_verdict_lookup(Packet* p, FileInfo* file,
         /*Query the file policy in case verdict has been changed*/
         verdict = check_verdict(p, file_found, policy);
         apply_verdict(p, file_found, verdict, true, policy);
+        // Update the current file context from cached context
+        *file = *(FileInfo*)file_found;
     }
 
     return verdict;