FileAnalysis: change file handle -> file id mapping process.

They're now actually directly related via a hash function that will
produce the same results among different instances in a cluster.

scripts/base/init-bare.bro

@@ -3042,6 +3042,14 @@ export {
 	## buffered because no handle was available yet (e.g. when the necessary
 	## events to construct the handle may not have been flushed yet).
 	const pending_file_timeout = 10 sec &redef;
+
+	## The salt concatenated to unique file handle strings generated by
+	## :bro:see:`FileAnalysis::handle_callbacks` before hashing them
+	## in to a file id (the *file_id* field of :bro:see:`FileAnalysis::Info`).
+	## Provided to help mitigate the possiblility of manipulating parts of
+	## network connections that factor in to the file handle in order to
+	## generate two handles that would hash to the same file id.
+	const salt = "I recommend changing this." &redef;
 }
 module GLOBAL;
 

src/const.bif

@@ -26,3 +26,4 @@ const Threading::heartbeat_interval: interval;
 
 const FileAnalysis::pending_file_drain_interval: interval;
 const FileAnalysis::pending_file_timeout: interval;
+const FileAnalysis::salt: string;

src/file_analysis/Info.cc

@@ -1,4 +1,5 @@
 #include <string>
+#include <openssl/md5.h>
 
 #include "Info.h"
 #include "InfoTimer.h"
@@ -54,9 +55,12 @@ int Info::actions_idx = -1;
 magic_t Info::magic = 0;
 magic_t Info::magic_mime = 0;
 
-void Info::InitFieldIndices()
+string Info::salt;
+
+void Info::StaticInit()
 	{
 	if ( file_id_idx != -1 ) return;
+
 	file_id_idx = Idx("file_id");
 	parent_file_id_idx = Idx("parent_file_id");
 	source_idx = Idx("source");
@@ -72,6 +76,11 @@ void Info::InitFieldIndices()
 	file_type_idx = Idx("file_type");
 	mime_type_idx = Idx("mime_type");
 	actions_idx = Idx("actions");
+
+	bro_init_magic(&magic, MAGIC_NONE);
+	bro_init_magic(&magic_mime, MAGIC_MIME);
+
+	salt = BifConst::FileAnalysis::salt->CheckString();
 	}
 
 Info::Info(const string& unique, Connection* conn)
@@ -79,13 +88,14 @@ Info::Info(const string& unique, Connection* conn)
       postpone_timeout(false), need_reassembly(false), done(false),
       actions(this)
 	{
-	InitFieldIndices();
+	StaticInit();
-
-	bro_init_magic(&magic, MAGIC_NONE);
-	bro_init_magic(&magic_mime, MAGIC_MIME);
 
 	char id[20];
-	uitoa_n(calculate_unique_id(), id, sizeof(id), 62);
+	uint64 hash[2];
+	string msg(unique + salt);
+	MD5(reinterpret_cast<const u_char*>(msg.data()), msg.size(),
+	    reinterpret_cast<u_char*>(hash));
+	uitoa_n(hash[0], id, sizeof(id), 62);
 
 	DBG_LOG(DBG_FILE_ANALYSIS, "Creating new Info object %s", id);
 

src/file_analysis/Info.h

@@ -179,13 +179,15 @@ protected:
 	static int Idx(const string& field_name);
 
 	/**
-	 * Initializes the index offsets for fields in \c FileAnalysis::info record.
+	 * Initializes static member.
 	 */
-	static void InitFieldIndices();
+	static void StaticInit();
 
 	static magic_t magic;
 	static magic_t magic_mime;
 
+	static string salt;
+
 public:
 	static int file_id_idx;
 	static int parent_file_id_idx;