aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Flow files

Browse Source
remotes/origin/master-1.2.x
System Administrator 15 years ago committed by Victor Julien
parent 6d60b3a747
commit 222bc6e935
2 changed files with 226 additions and 0 deletions
Show Stats Download Patch File Download Diff File

136
src/flow-file.c
Unescape Escape View File

@ -0,0 +1,136 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
*
*/
#include "suricata-common.h"
#include "suricata.h"
#include "debug.h"
#include "flow.h"
#include "flow-file.h"
#include "util-hash.h"
#include "util-debug.h"
FlowFileContainer *FlowFileContainerAlloc() {
FlowFileContainer *new = SCMalloc(sizeof(FlowFileContainer));
if (new == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating mem");
return NULL;
}
memset(new, 0, sizeof(new));
new->start = new->end = NULL;
new->cnt = 0;
return new;
}
void FlowFileContainerRecycle(FlowFileContainer *ffc) {
FlowFile *ptr = ffc->start;
FlowFile *next = NULL;
for (;ptr != NULL && ffc->cnt > 0; ptr = next) {
next = ptr->next;
FlowFileFree(ptr);
ffc->cnt--;
}
ffc->start = ffc->end = NULL;
ffc->cnt = 0;
}
void FlowFileContainerFree(FlowFileContainer *ffc) {
if (ffc == NULL)
return;
FlowFile *ptr = ffc->start;
FlowFile *next = NULL;
for (;ptr != NULL && ffc->cnt > 0; ptr = next) {
next = ptr->next;
FlowFileFree(ptr);
ffc->cnt--;
}
ffc->start = ffc->end = NULL;
ffc->cnt = 0;
SCFree(ffc);
}
FlowFileChunk *FlowFileChunkAlloc() {
FlowFileChunk *new = SCMalloc(sizeof(FlowFileChunk));
if (new == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating mem");
return NULL;
}
memset(new, 0, sizeof(new));
return new;
}
void FlowFileChunkFree(FlowFileChunk *ffc) {
//TODO: To implement
SCFree(ffc);
}
FlowFile *FlowFileAlloc() {
FlowFile *new = SCMalloc(sizeof(FlowFile));
if (new == NULL) {
SCLogError(SC_ERR_MEM_ALLOC, "Error allocating mem");
return NULL;
}
memset(new, 0, sizeof(new));
new->state = FLOWFILE_STATE_EMPTY;
new->name = NULL;
new->ext = NULL;
new->next = NULL;
return new;
}
void FlowFileFree(FlowFile *ff) {
if (ff->name != NULL)
SCFree(ff->name);
if (ff->ext != NULL)
SCFree(ff->ext);
SCFree(ff);
}
void FlowFileContainerAdd(FlowFileContainer *ffc, FlowFile *ff) {
if (ffc->start == NULL) {
ffc->start = ffc->end = ff;
} else {
ffc->end->next = ff;
ffc->end = ff;
}
ffc->cnt += 1;
}
FlowFile *FlowFileContainerRetrieve(FlowFileContainer *ffc, uint8_t *name, uint16_t alproto, uint8_t *proto_type) {
FlowFile *ptr = ffc->start;
if (ffc->cnt > 0) {
while (ptr != NULL) {
if ( (strcmp((char *)ptr->name, (char *)name) == 0) && ptr->alproto == alproto && (!proto_type || strcmp((char *)ptr->proto_type, (char *)proto_type) == 0)) {
return ptr;
}
ptr = ptr->next;
}
}
return NULL;
}
FlowFile *FlowFileAppendChunk(FlowFile *ff, FlowFileChunk *ffc) {
//TODO: To implement
return NULL;
}

90
src/flow-file.h
Unescape Escape View File

@ -0,0 +1,90 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Pablo Rincon <pablo.rincon.crespo@gmail.com>
*
*/
#ifndef __FLOW_FILE_H__
#define __FLOW_FILE_H__
#include "flow.h"
#include "util-hash.h"
typedef enum _FlowFileState {
FLOWFILE_STATE_EMPTY,
FLOWFILE_STATE_DATA,
FLOWFILE_STATE_COMPLETED,
FLOWFILE_STATE_STORING,
FLOWFILE_STATE_MAX
} FlowFileState;
typedef uint8_t FlowFileHash;
typedef struct _FlowFileChunk {
uint8_t *buf;
uint32_t *len;
struct _FlowFileChunk *next;
} FlowFileChunk;
typedef struct _FlowFile {
uint8_t *name;
uint16_t name_len;
uint8_t *ext;
uint16_t ext_len;
uint8_t *real_type;
uint16_t real_type_len;
uint8_t *proto_type; /* The content type set at Content-Type in the MIME header (of http or smtp..) */
uint16_t proto_type_len;
uint16_t alproto;
uint32_t size;
uint8_t flags;
FlowFileState state;
FlowFileChunk *chunks_start;
FlowFileChunk *chunks_end;
uint32_t chunk_cnt;
struct _FlowFile *next;
} FlowFile;
typedef struct _FlowFileContainer {
FlowFile *start;
FlowFile *end;
uint32_t cnt;
} FlowFileContainer;
FlowFileContainer *FlowFileContainerAlloc();
void FlowFileContainerFree(FlowFileContainer *);
void FlowFileContainerRecycle(FlowFileContainer *);
FlowFileChunk *FlowFileChunkAlloc();
void FlowFileChunkFree(FlowFileChunk *);
FlowFile *FlowFileAlloc();
void FlowFileFree(FlowFile *);
void FlowFileContainerAdd(FlowFileContainer *, FlowFile *);
FlowFile *FlowFileContainerRetrieve(FlowFileContainer *, uint8_t *, uint16_t, uint8_t *);
FlowFile *FlowFileAppendChunk(FlowFile *, FlowFileChunk *);
#endif /* __FLOW_FILE_H__ */
Write Preview
Loading…
Cancel
Save