git.ipfire.org Git - thirdparty/snort3.git/commit

Pull request #4505: extractor: add ftp logging

Merge in SNORT/snort3 from ~ANOROKH/snort3:extractor_ftp to master

Squashed commit of the following:

commit 56210e0e89a4ab1cafb2fa6f03f5ec8d5a4105c9
Author: anorokh <anorokh@cisco.com>
Date:   Thu Oct 31 12:27:46 2024 -0400

    extractor: address review comments

commit 11c34c621d2d08318c663dd049c3e6823fb47db6
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Thu Oct 31 14:08:31 2024 +0200

    extractor: move internal stuff out of snort namespace

commit 6b9bc7780c3badafb317158e1f0f27cbff1a3da5
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Thu Oct 31 12:00:58 2024 +0200

    extractor: fix memory management

    The inspector owns service/event extractor instances.
    Data handlers are split from instances and managed by data bus only.
    Flow data bumps the inspector's reference count.

commit ae80500b23ba88b835e0560c1ccbf8e99c7c041f
Author: anorokh <anorokh@cisco.com>
Date:   Tue Oct 29 08:13:53 2024 -0400

    ftp: reset cmd_size when reset cmd_str

commit 9ceac98772e6bb86404976162f3ca8ea6dcdf67e
Author: anorokh <anorokh@cisco.com>
Date:   Mon Oct 28 11:58:00 2024 -0400

    extractor: log on last response

commit 4b21cebdd076b810b4c11f1606cf47fd163f045c
Author: anorokh <anorokh@cisco.com>
Date:   Thu Oct 24 05:14:09 2024 -0400

    extractor: refactor code

    * rename field types
    * keep flow data intact to log multiple responses
    * reorder list of commands for more effective search

commit b279b45af550dcf7f671fdc88817f5476376afc5
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Oct 21 17:43:52 2024 +0300

    extractor: enable logging for FTP aggregated event

commit e025bf510a92e4eca3da7cdd69cb520373a6c43d
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Oct 21 17:19:48 2024 +0300

    extractor: delete unused headers

commit 5578678ba65ddadb06ef8ec2229318635fbdee2a
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Oct 21 14:07:34 2024 +0300

    extractor: event handlers subscribe by themselves

    Flow data augmented with a callback to dump data whenever the flow gets deleted.

commit a67039d4d80d81e60f9d3c3e50b68756e9f83e61
Author: anorokh <anorokh@cisco.com>
Date:   Tue Oct 15 06:07:49 2024 -0400

    extractor: add user field

commit ade23b33e79dc1489b3e1c66c328b895584ef3cf
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Oct 14 15:00:59 2024 +0300

    extractor: add imaginary transaction event to FTP

commit ea5869b7ff24e5426b7a0e0b97fc52f8e489fba0
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Oct 14 10:49:02 2024 -0400

    extractor: update dev_notes.txt

commit c342f3d43fec88f1969128f52468664ba5707da9
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Wed Oct 23 18:00:50 2024 +0300

    doc: add a page about data logging feature

commit 349a85e29ed832050aa4e7661e66929e06f07fc5
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Mon Oct 14 11:14:22 2024 +0300

    extractor: rearrange source files

commit b17b1e5720e4843b2b4137a529dc1291f8282dbd
Author: Oleksii Shumeiko <oshumeik@cisco.com>
Date:   Fri Oct 11 12:30:28 2024 +0300

    extractor: introduce flow data

    Move enums to common place.

commit 7892d2a5c53166e29fbf4f373855085d8cdbf43f
Author: anorokh <anorokh@cisco.com>
Date:   Wed Oct 9 14:29:00 2024 -0400

    extractor: add ftp service implementation

author	Anna Norokh -X (anorokh - SOFTSERVE INC at Cisco) <anorokh@cisco.com>
	Thu, 7 Nov 2024 16:09:17 +0000 (16:09 +0000)
committer	Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
	Thu, 7 Nov 2024 16:09:17 +0000 (16:09 +0000)
commit	9b6511093048f1a3a9486efa4f5dd7161c727380
tree	924cd0fcb07e821ccaddf795ed47f7ba5a00510a	tree \| snapshot
parent	c411e66f569db4b166c58ceea5247675b080ed19	commit \| diff

doc/user/CMakeLists.txt		diff \| blob \| blame \| history
doc/user/extractor.txt	[new file with mode: 0644]	blob
doc/user/features.txt		diff \| blob \| blame \| history
src/network_inspectors/extractor/CMakeLists.txt		diff \| blob \| blame \| history
src/network_inspectors/extractor/dev_notes.txt		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor.cc		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor.h		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor_csv_logger.cc		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor_csv_logger.h		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor_enums.h	[new file with mode: 0644]	blob
src/network_inspectors/extractor/extractor_event_handlers.h	[deleted file]	blob \| blame \| history
src/network_inspectors/extractor/extractor_flow_data.cc	[moved from src/network_inspectors/extractor/extractor_event.cc with 68% similarity]	diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor_flow_data.h	[new file with mode: 0644]	blob
src/network_inspectors/extractor/extractor_ftp.cc	[new file with mode: 0644]	blob
src/network_inspectors/extractor/extractor_ftp.h	[new file with mode: 0644]	blob
src/network_inspectors/extractor/extractor_http.cc	[moved from src/network_inspectors/extractor/extractor_http_event_handler.cc with 69% similarity]	diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor_http.h	[new file with mode: 0644]	blob
src/network_inspectors/extractor/extractor_json_logger.cc		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor_json_logger.h		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor_logger.cc		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor_logger.h		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor_service.cc		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor_service.h		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor_writer.cc		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractor_writer.h		diff \| blob \| blame \| history
src/network_inspectors/extractor/extractors.cc	[new file with mode: 0644]	blob
src/network_inspectors/extractor/extractors.h	[new file with mode: 0644]	blob
src/pub_sub/ftp_events.h		diff \| blob \| blame \| history
src/service_inspectors/ftp_telnet/ftpp_si.cc		diff \| blob \| blame \| history
src/service_inspectors/ftp_telnet/ftpp_si.h		diff \| blob \| blame \| history
src/service_inspectors/ftp_telnet/pp_ftp.cc		diff \| blob \| blame \| history