+set(FTP_INCLUDES
+ ftp_data.h
+ ftpdata_splitter.h
+ ftp_module.h
+ ftpp_ui_config.h
+ kmap.h
+)
set (FILE_LIST
ft_main.cc
endif (STATIC_INSPECTORS)
+install(FILES ${FTP_INCLUDES}
+ DESTINATION "${INCLUDE_INSTALL_PATH}/service_inspectors/ftp_telnet"
+)
#include "utils/util.h"
#include "ft_main.h"
-#include "ftp_module.h"
#include "ftpp_si.h"
#include "ftpdata_splitter.h"
ftstats.total_sessions_mss_changed++;
}
-//-------------------------------------------------------------------------
-// class stuff
-//-------------------------------------------------------------------------
-
-class FtpData : public Inspector
-{
-public:
- FtpData() = default;
-
- void eval(Packet*) override;
- StreamSplitter* get_splitter(bool to_server) override;
-
- bool can_carve_files() const override
- { return true; }
-
- bool can_start_tls() const override
- { return true; }
-};
-
-class FtpDataModule : public Module
-{
-public:
- FtpDataModule() : Module(FTP_DATA_NAME, s_help) { }
-
- const PegInfo* get_pegs() const override;
- PegCount* get_counts() const override;
- ProfileStats* get_profile() const override;
-
- bool set(const char*, Value&, SnortConfig*) override
- { return false; }
-
- Usage get_usage() const override
- { return INSPECT; }
-
- bool is_bindable() const override
- { return true; }
-};
-
const PegInfo* FtpDataModule::get_pegs() const
{ return simple_pegs; }
#define FTP_DATA_H
#include "framework/inspector.h"
+#include "ftp_module.h"
extern const snort::InspectApi fd_api;
+#define FTP_DATA_NAME "ftp_data"
+#define s_help \
+ "FTP data channel handler"
+
+class SO_PUBLIC FtpData : public snort::Inspector
+{
+public:
+ FtpData() = default;
+
+ void eval(snort::Packet*) override;
+ snort::StreamSplitter* get_splitter(bool to_server) override;
+
+ bool can_carve_files() const override
+ { return true; }
+
+ bool can_start_tls() const override
+ { return true; }
+};
+
+class FtpDataModule : public snort::Module
+{
+public:
+ FtpDataModule() : snort::Module(FTP_DATA_NAME, s_help) { }
+
+ const PegInfo* get_pegs() const override;
+ PegCount* get_counts() const override;
+ snort::ProfileStats* get_profile() const override;
+
+ bool set(const char*, snort::Value&, snort::SnortConfig*) override
+ { return false; }
+
+ Usage get_usage() const override
+ { return INSPECT; }
+
+ bool is_bindable() const override
+ { return true; }
+};
#endif
}
StreamSplitter::Status FtpDataSplitter::scan(Packet* pkt, const uint8_t*, uint32_t len,
- uint32_t, uint32_t* fp)
+ uint32_t flags, uint32_t* fp)
{
Flow* flow = pkt->flow;
assert(flow);
fdfd->session.mss_changed = true;
expected_seg_size = len;
- if (pkt->ptrs.tcph and !pkt->ptrs.tcph->is_fin())
+ if (!flow->assistant_gadget && pkt->ptrs.tcph and !pkt->ptrs.tcph->is_fin())
{
// set flag for signature calculation in case this is the last packet
fdfd->session.packet_flags |= FTPDATA_FLG_FLUSH;
return SEARCH;
}
}
+
+ if (flow->assistant_gadget && (flags & FTPDATA_FLG_FLUSH))
+ {
+ fdfd = (FtpDataFlowData*)flow->get_flow_data(FtpDataFlowData::inspector_id);
+ if (!fdfd)
+ return SEARCH;
+
+ fdfd->session.packet_flags |= FTPDATA_FLG_FLUSH;
+ pkt->active->hold_packet(pkt);
+ return SEARCH;
+ }
}
if ((segs >= 2 and bytes >= min) or (pkt->ptrs.tcph and pkt->ptrs.tcph->is_fin()))
//---------------------------------------------------------------------------------
// FtpDataSplitter - flush when current seg size is different from previous segment
//---------------------------------------------------------------------------------
-class FtpDataSplitter : public snort::StreamSplitter
+class SO_PUBLIC FtpDataSplitter : public snort::StreamSplitter
{
public:
FtpDataSplitter(bool b, uint16_t sz = 0) : snort::StreamSplitter(b)
add_subdirectory(test)
set (STREAM_INCLUDES
+ flush_bucket.h
paf.h
pafng.h
stream.h
projects / thirdparty / snort3.git / commitdiff
