]> git.ipfire.org Git - thirdparty/snort3.git/commitdiff
Merge pull request #2096 in SNORT/snort3 from ~APOORAJ/snort3:verdict_reason_support...
authorGeorge Koikara (gkoikara) <gkoikara@cisco.com>
Wed, 15 Apr 2020 03:53:19 +0000 (03:53 +0000)
committerGeorge Koikara (gkoikara) <gkoikara@cisco.com>
Wed, 15 Apr 2020 03:53:19 +0000 (03:53 +0000)
Squashed commit of the following:

commit 673f015c0db9553d35377c8dc4792d34218c5b43
Author: Apoorv Raj <apooraj@cisco.com>
Date:   Mon Mar 23 01:59:10 2020 -0400

    ftp: whitelisting reason support

src/file_api/file_lib.cc
src/service_inspectors/ftp_telnet/ftp_data.cc

index 3eab1daacd57ac4fa1aa849376ab810725100cef..20911bc8aa6ca9ad93e42ca5d89454bbeac36be8 100644 (file)
@@ -38,6 +38,7 @@
 #include "framework/data_bus.h"
 #include "main/snort_config.h"
 #include "managers/inspector_manager.h"
+#include "packet_tracer/packet_tracer.h"
 #include "protocols/packet.h"
 #include "utils/util.h"
 #include "utils/util_utf.h"
@@ -404,6 +405,8 @@ bool FileContext::process(Packet* p, const uint8_t* file_data, int data_size,
     if ((!is_file_type_enabled()) and (!is_file_signature_enabled()))
     {
         update_file_size(data_size, position);
+        if (PacketTracer::is_active())
+            PacketTracer::log("File: Type and Sig not enabled\n");
         return false;
     }
 
@@ -427,11 +430,16 @@ bool FileContext::process(Packet* p, const uint8_t* file_data, int data_size,
             update_file_size(data_size, position);
             processing_complete = true;
             stop_file_capture();
+            if (PacketTracer::is_active())
+                PacketTracer::log("File: Type unknown\n");
             return false;
         }
 
         if (get_file_type() != SNORT_FILE_TYPE_CONTINUE)
         {
+            if (PacketTracer::is_active())
+                PacketTracer::log("File: Type-%s found\n",
+                    file_type_name(get_file_type()).c_str());
             config_file_type(false);
             file_stats->files_processed[get_file_type()][get_file_direction()]++;
             //Check file type based on file policy
@@ -482,6 +490,8 @@ bool FileContext::process(Packet* p, const uint8_t* file_data, int data_size,
             }
             else
             {
+                if (PacketTracer::is_active())
+                    PacketTracer::log("File: Sig depth exceeded\n");
                 return false;
             }
         }
index 5b0848605d06d502ea7cd29dfec9307f15b03c62..a5f05d04470a7a8bb118c3ad8a6e3bd66dc78a99 100644 (file)
@@ -107,7 +107,7 @@ static void FTPDataProcess(
         if ( !get_rule_count() || (empty_policy->policy_id == p->flow->ips_policy_id) )
         {
             if ( PacketTracer::is_active() )
-                PacketTracer::log("Whitelisting Flow: FTP sig depth exceeded\n");
+                PacketTracer::log("Whitelisting Flow: FTP data\n");
             p->flow->set_ignore_direction(SSN_DIR_BOTH);
         }
     }