From: Pranav Bhalerao (prbhaler) Date: Mon, 31 May 2021 12:46:22 +0000 (+0000) Subject: Merge pull request #2897 in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_CSCvy23818... X-Git-Tag: 3.1.6.0~38 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50e486c7695518635d1da6c95ac9195e4a83838e;p=thirdparty%2Fsnort3.git Merge pull request #2897 in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_CSCvy23818 to master Squashed commit of the following: commit b347ac156107b59a54a2779b4bbcf242eddda540 Author: Vigneshwari Viswanathan Date: Tue May 18 07:06:46 2021 -0400 ftp: creating additional expected session if negotiated ip is different from server IP on packet --- diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc index 68338bb6f..946213a0f 100644 --- a/src/service_inspectors/ftp_telnet/pp_ftp.cc +++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc @@ -1114,6 +1114,31 @@ static int do_stateful_checks(FTP_SESSION* session, Packet* p, delete fd; session->datassn = nullptr; } + + if (!session->serverIP.equals(*p->ptrs.ip_api.get_src())) + { + FtpDataFlowData* fd1 = new FtpDataFlowData(p); + FTP_DATA_SESSION* ftpdata1 = &fd1->session; + + ftpdata1->mode = FTPP_XFER_PASSIVE; + ftpdata1->data_chan = session->server_conf->data_chan; + + if (p->flow->flags.data_decrypted and + (session->flags & FTP_PROTP_CMD_ACCEPT)) + fd1->in_tls = true; + + result = Stream::set_snort_protocol_id_expected( + p, PktType::TCP, IpProtocol::TCP, + &session->clientIP, session->clientPort, + p->ptrs.ip_api.get_src(), session->serverPort, + ftp_data_snort_protocol_id, fd1); + + if (result < 0) + { + delete fd1; + session->datassn = nullptr; + } + } } else if (session->server_conf->data_chan) {