aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

eve/files: log in packet direction only

Browse Source 
Bug: #3703.

Don't log files too soon.
pull/6324/head
Victor Julien 5 years ago
parent e89e563eb4
commit 45dc4cdeec
1 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File

31
src/output-file.c
Unescape Escape View File

@ -168,18 +168,25 @@ static TmEcode OutputFileLog(ThreadVars *tv, Packet *p, void *thread_data)
SCReturnInt(TM_ECODE_OK);
}
const bool file_close_ts = ((p->flags & PKT_PSEUDO_STREAM_END) &&
(p->flowflags & FLOW_PKT_TOSERVER));
const bool file_close_tc = ((p->flags & PKT_PSEUDO_STREAM_END) &&
(p->flowflags & FLOW_PKT_TOCLIENT));
const bool file_trunc = StreamTcpReassembleDepthReached(p);
FileContainer *ffc_ts = AppLayerParserGetFiles(f, STREAM_TOSERVER);
FileContainer *ffc_tc = AppLayerParserGetFiles(f, STREAM_TOCLIENT);
OutputFileLogFfc(tv, op_thread_data, p, ffc_ts, file_close_ts, file_trunc, STREAM_TOSERVER);
OutputFileLogFfc(tv, op_thread_data, p, ffc_tc, file_close_tc, file_trunc, STREAM_TOCLIENT);
if (p->proto == IPPROTO_TCP) {
const bool file_trunc = StreamTcpReassembleDepthReached(p);
if (p->flowflags & FLOW_PKT_TOSERVER) {
const bool file_close_ts = ((p->flags & PKT_PSEUDO_STREAM_END));
FileContainer *ffc_ts = AppLayerParserGetFiles(f, STREAM_TOSERVER);
OutputFileLogFfc(
tv, op_thread_data, p, ffc_ts, file_close_ts, file_trunc, STREAM_TOSERVER);
} else {
const bool file_close_tc = ((p->flags & PKT_PSEUDO_STREAM_END));
FileContainer *ffc_tc = AppLayerParserGetFiles(f, STREAM_TOCLIENT);
OutputFileLogFfc(
tv, op_thread_data, p, ffc_tc, file_close_tc, file_trunc, STREAM_TOCLIENT);
}
} else if (p->proto == IPPROTO_UDP) {
FileContainer *ffc_ts = AppLayerParserGetFiles(f, STREAM_TOSERVER);
OutputFileLogFfc(tv, op_thread_data, p, ffc_ts, false, false, STREAM_TOSERVER);
FileContainer *ffc_tc = AppLayerParserGetFiles(f, STREAM_TOCLIENT);
OutputFileLogFfc(tv, op_thread_data, p, ffc_tc, false, false, STREAM_TOCLIENT);
}
return TM_ECODE_OK;
}

Write Preview
Loading…
Cancel
Save