suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	c19412243a	file logging: fix bad end of file check File storage could end file storing when the logger was invoked while no new data chunks were available.	9 years ago
Eric Leblond	2866f87c6d	output-filedata: fix memleak This fixes: Direct leak of 31792 byte(s) in 3974 object(s) allocated from: #0 0x4c396b in malloc (/opt/suricata-asan/bin/suricata+0x4c396b) #1 0xd86ce2 in OutputFiledataLogThreadInit /home/pmanev/sandnet-qa/stage/oisf/src/output-filedata.c:308:34 #2 0x106c255 in TmThreadsSlotPktAcqLoop /home/pmanev/sandnet-qa/stage/oisf/src/tm-threads.c:295:17 #3 0x7fbc9fcb3181 in start_thread /build/eglibc-3GlaMS/eglibc-2.19/nptl/pthread_create.c:312	9 years ago
Victor Julien	d67289b60e	output-filedata: close files even w/o data If there is no data chunk but the file is closed/truncated anyway, logging is still required.	11 years ago
Ken Steele	8f1d75039a	Enforce function coding standard Functions should be defined as: int foo(void) { } Rather than: int food(void) { } All functions where changed by a script to match this standard.	11 years ago
Victor Julien	c27304451e	output api: complete shutdown functions Add missing function for Filedata API. Clean up list in all functions.	11 years ago
Victor Julien	b166e2f0e7	profiling: support log api The log API calls thread modules directly, so the TMM profiling logic can be applied to it. This patch does so. The "Thread Module" out now again lists the individual loggers. As the module are normally called much less frequently the numbers are hard to compare to pre-log-api numbers.	12 years ago
Victor Julien	52c3d3ad7c	log api: convert all names to const Instead of strdupping all names w/o a need, use const ptrs.	12 years ago
Victor Julien	9ff6608668	Introduce Filedata Logger API A new logger API for registering file storage handlers. Where the FileLog handler is called once per file, this handler will be called for each data chunk so that storing the entire file is possible. The logger call in the API is as follows: typedef int (FiledataLogger)(ThreadVars , void thread_data, const Packet , const File , const FileData , uint8_t flags); All data is const, thus should be read only. The final flags field is used to indicate to the caller that the file is new, or if it's being closed. Files use an internal unique id 'file_id' which can be used by the loggers to create unique file names. This id can use the 'waldo' feature of the log-filestore module. This patch moves that waldo loading and storing logic to this API's implementation. A new configuration directive 'file-store-waldo: <filename>' is added, but the existing waldo settings will also continue to work.	12 years ago

8 Commits (e836a750c8d333c5d14b70e9621c8b69b39ad32c)