From: George Koikara (gkoikara) <gkoikara@cisco.com>
Date: Wed, 15 Apr 2020 03:53:19 +0000 (+0000)
Subject: Merge pull request #2096 in SNORT/snort3 from ~APOORAJ/snort3:verdict_reason_support... 
X-Git-Tag: 3.0.1-2~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18707e627cf634b754bca798a9fae3e2fa0fe8eb;p=thirdparty%2Fsnort3.git

Merge pull request #2096 in SNORT/snort3 from ~APOORAJ/snort3:verdict_reason_support to master

Squashed commit of the following:

commit 673f015c0db9553d35377c8dc4792d34218c5b43
Author: Apoorv Raj <apooraj@cisco.com>
Date:   Mon Mar 23 01:59:10 2020 -0400

    ftp: whitelisting reason support
---

diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 3eab1daac..20911bc8a 100644
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -38,6 +38,7 @@
 #include "framework/data_bus.h"
 #include "main/snort_config.h"
 #include "managers/inspector_manager.h"
+#include "packet_tracer/packet_tracer.h"
 #include "protocols/packet.h"
 #include "utils/util.h"
 #include "utils/util_utf.h"
@@ -404,6 +405,8 @@ bool FileContext::process(Packet* p, const uint8_t* file_data, int data_size,
     if ((!is_file_type_enabled()) and (!is_file_signature_enabled()))
     {
         update_file_size(data_size, position);
+        if (PacketTracer::is_active())
+            PacketTracer::log("File: Type and Sig not enabled\n");
         return false;
     }
 
@@ -427,11 +430,16 @@ bool FileContext::process(Packet* p, const uint8_t* file_data, int data_size,
             update_file_size(data_size, position);
             processing_complete = true;
             stop_file_capture();
+            if (PacketTracer::is_active())
+                PacketTracer::log("File: Type unknown\n");
             return false;
         }
 
         if (get_file_type() != SNORT_FILE_TYPE_CONTINUE)
         {
+            if (PacketTracer::is_active())
+                PacketTracer::log("File: Type-%s found\n",
+                    file_type_name(get_file_type()).c_str());
             config_file_type(false);
             file_stats->files_processed[get_file_type()][get_file_direction()]++;
             //Check file type based on file policy
@@ -482,6 +490,8 @@ bool FileContext::process(Packet* p, const uint8_t* file_data, int data_size,
             }
             else
             {
+                if (PacketTracer::is_active())
+                    PacketTracer::log("File: Sig depth exceeded\n");
                 return false;
             }
         }
diff --git a/src/service_inspectors/ftp_telnet/ftp_data.cc b/src/service_inspectors/ftp_telnet/ftp_data.cc
index 5b0848605..a5f05d044 100644
--- a/src/service_inspectors/ftp_telnet/ftp_data.cc
+++ b/src/service_inspectors/ftp_telnet/ftp_data.cc
@@ -107,7 +107,7 @@ static void FTPDataProcess(
         if ( !get_rule_count() || (empty_policy->policy_id == p->flow->ips_policy_id) )
         {
             if ( PacketTracer::is_active() )
-                PacketTracer::log("Whitelisting Flow: FTP sig depth exceeded\n");
+                PacketTracer::log("Whitelisting Flow: FTP data\n");
             p->flow->set_ignore_direction(SSN_DIR_BOTH);
         }
     }