From c81aaeda7bbfa92cef5ad7a6f577ba607b528a1e Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 5 Oct 2016 09:16:25 +0200 Subject: [PATCH] flow: move file flags into their own variable Move FLOW_FILE_* flags into Flow::file_flags. Rename them to FLOWFILE_* so non updated code will break. --- src/app-layer-htp-file.c | 4 ++-- src/app-layer-smtp.c | 2 +- src/flow-util.h | 2 ++ src/flow.h | 38 ++++++++++++++++++++-------------- src/util-file.c | 44 ++++++++++++++++++++-------------------- 5 files changed, 50 insertions(+), 40 deletions(-) diff --git a/src/app-layer-htp-file.c b/src/app-layer-htp-file.c index ab0121d69b..199290610a 100644 --- a/src/app-layer-htp-file.c +++ b/src/app-layer-htp-file.c @@ -109,7 +109,7 @@ int HTPFileOpen(HtpState *s, const uint8_t *filename, uint16_t filename_len, ((s->flags & HTP_FLAG_STORE_FILES_TX_TS) && txid == s->store_tx_id)) { flags |= FILE_STORE; flags &= ~FILE_NOSTORE; - } else if (!(flags & FILE_STORE) && (s->f->flags & FLOW_FILE_NO_STORE_TC)) { + } else if (!(flags & FILE_STORE) && (s->f->file_flags & FLOWFILE_NO_STORE_TC)) { flags |= FILE_NOSTORE; } @@ -132,7 +132,7 @@ int HTPFileOpen(HtpState *s, const uint8_t *filename, uint16_t filename_len, ((s->flags & HTP_FLAG_STORE_FILES_TX_TC) && txid == s->store_tx_id)) { flags |= FILE_STORE; flags &= ~FILE_NOSTORE; - } else if (!(flags & FILE_STORE) && (s->f->flags & FLOW_FILE_NO_STORE_TS)) { + } else if (!(flags & FILE_STORE) && (s->f->file_flags & FLOWFILE_NO_STORE_TS)) { flags |= FILE_NOSTORE; } diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index 8462cc366d..1eb0aa29d0 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -4938,7 +4938,7 @@ end: static int SMTPProcessDataChunkTest01(void){ Flow f; FLOW_INITIALIZE(&f); - f.flags = FLOW_FILE_NO_STORE_TS; + f.file_flags = FLOWFILE_NO_STORE_TS; MimeDecParseState *state = MimeDecInitParser(&f, NULL); int ret; ret = SMTPProcessDataChunk(NULL, 0, state); diff --git a/src/flow-util.h b/src/flow-util.h index 7ab08f6c4f..3874050b4a 100644 --- a/src/flow-util.h +++ b/src/flow-util.h @@ -46,6 +46,7 @@ (f)->probing_parser_toserver_alproto_masks = 0; \ (f)->probing_parser_toclient_alproto_masks = 0; \ (f)->flags = 0; \ + (f)->file_flags = 0; \ (f)->lastts.tv_sec = 0; \ (f)->lastts.tv_usec = 0; \ FLOWLOCK_INIT((f)); \ @@ -89,6 +90,7 @@ (f)->probing_parser_toserver_alproto_masks = 0; \ (f)->probing_parser_toclient_alproto_masks = 0; \ (f)->flags = 0; \ + (f)->file_flags = 0; \ (f)->lastts.tv_sec = 0; \ (f)->lastts.tv_usec = 0; \ (f)->protoctx = NULL; \ diff --git a/src/flow.h b/src/flow.h index 52dec76df1..21dc0acfa6 100644 --- a/src/flow.h +++ b/src/flow.h @@ -48,9 +48,6 @@ typedef struct AppLayerParserState_ AppLayerParserState; #define FLOW_TO_DST_SEEN 0x00000002 /** Don't return this from the flow hash. It has been replaced. */ #define FLOW_TCP_REUSED 0x00000004 -/** no magic on files in this flow */ -#define FLOW_FILE_NO_MAGIC_TS 0x00000008 -#define FLOW_FILE_NO_MAGIC_TC 0x00000010 /** Flow was inspected against IP-Only sigs in the toserver direction */ #define FLOW_TOSERVER_IPONLY_SET 0x00000020 @@ -88,30 +85,38 @@ typedef struct AppLayerParserState_ AppLayerParserState; /** Probing parser alproto detection done */ #define FLOW_TC_PP_ALPROTO_DETECT_DONE 0x00040000 #define FLOW_TIMEOUT_REASSEMBLY_DONE 0x00080000 -/** even if the flow has files, don't store 'm */ -#define FLOW_FILE_NO_STORE_TS 0x00100000 -#define FLOW_FILE_NO_STORE_TC 0x00200000 /** flow is ipv4 */ #define FLOW_IPV4 0x00400000 /** flow is ipv6 */ #define FLOW_IPV6 0x00800000 + +/* File flags */ + +/** no magic on files in this flow */ +#define FLOWFILE_NO_MAGIC_TS BIT_U16(0) +#define FLOWFILE_NO_MAGIC_TC BIT_U16(1) + +/** even if the flow has files, don't store 'm */ +#define FLOWFILE_NO_STORE_TS BIT_U16(2) +#define FLOWFILE_NO_STORE_TC BIT_U16(3) /** no md5 on files in this flow */ -#define FLOW_FILE_NO_MD5_TS 0x01000000 -#define FLOW_FILE_NO_MD5_TC 0x02000000 +#define FLOWFILE_NO_MD5_TS BIT_U16(4) +#define FLOWFILE_NO_MD5_TC BIT_U16(5) /** no sha1 on files in this flow */ -#define FLOW_FILE_NO_SHA1_TS 0x04000000 -#define FLOW_FILE_NO_SHA1_TC 0x08000000 +#define FLOWFILE_NO_SHA1_TS BIT_U16(6) +#define FLOWFILE_NO_SHA1_TC BIT_U16(7) /** no sha256 on files in this flow */ -#define FLOW_FILE_NO_SHA256_TS 0x10000000 -#define FLOW_FILE_NO_SHA256_TC 0x20000000 +#define FLOWFILE_NO_SHA256_TS BIT_U16(8) +#define FLOWFILE_NO_SHA256_TC BIT_U16(9) /** no size tracking of files in this flow */ -#define FLOW_FILE_NO_SIZE_TS 0x40000000 -#define FLOW_FILE_NO_SIZE_TC 0x80000000 +#define FLOWFILE_NO_SIZE_TS BIT_U16(10) +#define FLOWFILE_NO_SIZE_TC BIT_U16(11) + #define FLOW_IS_IPV4(f) \ (((f)->flags & FLOW_IPV4) == FLOW_IPV4) @@ -350,7 +355,10 @@ typedef struct Flow_ uint32_t probing_parser_toserver_alproto_masks; uint32_t probing_parser_toclient_alproto_masks; - uint32_t flags; + uint32_t flags; /**< generic flags */ + + uint16_t file_flags; /**< file tracking/extraction flags */ + /* coccinelle: Flow:file_flags:FLOWFILE_ */ #ifdef FLOWLOCK_RWLOCK SCRWLock r; diff --git a/src/util-file.c b/src/util-file.c index cc48b946c9..c8ef9b3916 100644 --- a/src/util-file.c +++ b/src/util-file.c @@ -217,43 +217,43 @@ uint16_t FileFlowToFlags(const Flow *flow, uint8_t direction) uint16_t flags = 0; if (direction == STREAM_TOSERVER) { - if (flow->flags & FLOW_FILE_NO_STORE_TS) { + if (flow->file_flags & FLOWFILE_NO_STORE_TS) { flags |= FILE_NOSTORE; } - if (flow->flags & FLOW_FILE_NO_MAGIC_TS) { + if (flow->file_flags & FLOWFILE_NO_MAGIC_TS) { flags |= FILE_NOMAGIC; } - if (flow->flags & FLOW_FILE_NO_MD5_TS) { + if (flow->file_flags & FLOWFILE_NO_MD5_TS) { flags |= FILE_NOMD5; } - if (flow->flags & FLOW_FILE_NO_SHA1_TS) { + if (flow->file_flags & FLOWFILE_NO_SHA1_TS) { flags |= FILE_NOSHA1; } - if (flow->flags & FLOW_FILE_NO_SHA256_TS) { + if (flow->file_flags & FLOWFILE_NO_SHA256_TS) { flags |= FILE_NOSHA256; } } else { - if (flow->flags & FLOW_FILE_NO_STORE_TC) { + if (flow->file_flags & FLOWFILE_NO_STORE_TC) { flags |= FILE_NOSTORE; } - if (flow->flags & FLOW_FILE_NO_MAGIC_TC) { + if (flow->file_flags & FLOWFILE_NO_MAGIC_TC) { flags |= FILE_NOMAGIC; } - if (flow->flags & FLOW_FILE_NO_MD5_TC) { + if (flow->file_flags & FLOWFILE_NO_MD5_TC) { flags |= FILE_NOMD5; } - if (flow->flags & FLOW_FILE_NO_SHA1_TC) { + if (flow->file_flags & FLOWFILE_NO_SHA1_TC) { flags |= FILE_NOSHA1; } - if (flow->flags & FLOW_FILE_NO_SHA256_TC) { + if (flow->file_flags & FLOWFILE_NO_SHA256_TC) { flags |= FILE_NOSHA256; } } @@ -813,9 +813,9 @@ void FileDisableStoring(Flow *f, uint8_t direction) DEBUG_ASSERT_FLOW_LOCKED(f); if (direction == STREAM_TOSERVER) - f->flags |= FLOW_FILE_NO_STORE_TS; + f->file_flags |= FLOWFILE_NO_STORE_TS; else - f->flags |= FLOW_FILE_NO_STORE_TC; + f->file_flags |= FLOWFILE_NO_STORE_TC; FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction); if (ffc != NULL) { @@ -845,9 +845,9 @@ void FileDisableMagic(Flow *f, uint8_t direction) DEBUG_ASSERT_FLOW_LOCKED(f); if (direction == STREAM_TOSERVER) - f->flags |= FLOW_FILE_NO_MAGIC_TS; + f->file_flags |= FLOWFILE_NO_MAGIC_TS; else - f->flags |= FLOW_FILE_NO_MAGIC_TC; + f->file_flags |= FLOWFILE_NO_MAGIC_TC; FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction); if (ffc != NULL) { @@ -876,9 +876,9 @@ void FileDisableMd5(Flow *f, uint8_t direction) DEBUG_ASSERT_FLOW_LOCKED(f); if (direction == STREAM_TOSERVER) - f->flags |= FLOW_FILE_NO_MD5_TS; + f->file_flags |= FLOWFILE_NO_MD5_TS; else - f->flags |= FLOW_FILE_NO_MD5_TC; + f->file_flags |= FLOWFILE_NO_MD5_TC; FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction); if (ffc != NULL) { @@ -915,9 +915,9 @@ void FileDisableSha1(Flow *f, uint8_t direction) DEBUG_ASSERT_FLOW_LOCKED(f); if (direction == STREAM_TOSERVER) - f->flags |= FLOW_FILE_NO_SHA1_TS; + f->file_flags |= FLOWFILE_NO_SHA1_TS; else - f->flags |= FLOW_FILE_NO_SHA1_TC; + f->file_flags |= FLOWFILE_NO_SHA1_TC; FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction); if (ffc != NULL) { @@ -954,9 +954,9 @@ void FileDisableSha256(Flow *f, uint8_t direction) DEBUG_ASSERT_FLOW_LOCKED(f); if (direction == STREAM_TOSERVER) - f->flags |= FLOW_FILE_NO_SHA256_TS; + f->file_flags |= FLOWFILE_NO_SHA256_TS; else - f->flags |= FLOW_FILE_NO_SHA256_TC; + f->file_flags |= FLOWFILE_NO_SHA256_TC; FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction); if (ffc != NULL) { @@ -993,9 +993,9 @@ void FileDisableFilesize(Flow *f, uint8_t direction) DEBUG_ASSERT_FLOW_LOCKED(f); if (direction == STREAM_TOSERVER) - f->flags |= FLOW_FILE_NO_SIZE_TS; + f->file_flags |= FLOWFILE_NO_SIZE_TS; else - f->flags |= FLOW_FILE_NO_SIZE_TC; + f->file_flags |= FLOWFILE_NO_SIZE_TC; FileContainer *ffc = AppLayerParserGetFiles(f->proto, f->alproto, f->alstate, direction); if (ffc != NULL) {