Project

General

Profile

Feature #531

API for file inspecting keywords

Added by Victor Julien almost 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Currently the file inspecting keywords (like filename, fileext, filemagic, etc) use the AppLayerMatch keyword API. Since locking is done on a different level and the "state" ptr is abused to pass the "file" ptr, a new API call is needed.

History

#1

Updated by Victor Julien almost 7 years ago

  • Tracker changed from Bug to Feature
#2

Updated by Victor Julien almost 7 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Added in current master.

SigTableElmt now has a FileMatch function pointer that takes a "File " instead of the generic "void *state". Also added comments to indicate this function pointer expects a *LOCKED flow.

Also available in: Atom PDF