From: Jason Ish Date: Mon, 25 Nov 2019 22:56:50 +0000 (-0600) Subject: ftpdata: add tx detect flags X-Git-Tag: suricata-5.0.1~74 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1beb76fd7c6fac527c723139088f4a97a9f5d50;p=thirdparty%2Fsuricata.git ftpdata: add tx detect flags --- diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c index 9d168cd751..9574cf98f9 100644 --- a/src/app-layer-ftp.c +++ b/src/app-layer-ftp.c @@ -1211,6 +1211,26 @@ static DetectEngineState *FTPDataGetTxDetectState(void *vtx) return ftp_state->de_state; } +static void FTPDataSetTxDetectFlags(void *vtx, uint8_t dir, uint64_t flags) +{ + FtpDataState *ftp_state = (FtpDataState *)vtx; + if (dir & STREAM_TOSERVER) { + ftp_state->detect_flags_ts = flags; + } else { + ftp_state->detect_flags_tc = flags; + } +} + +static uint64_t FTPDataGetTxDetectFlags(void *vtx, uint8_t dir) +{ + FtpDataState *ftp_state = (FtpDataState *)vtx; + if (dir & STREAM_TOSERVER) { + return ftp_state->detect_flags_ts; + } else { + return ftp_state->detect_flags_tc; + } +} + static void FTPDataStateTransactionFree(void *state, uint64_t tx_id) { /* do nothing */ @@ -1337,6 +1357,8 @@ void RegisterFTPParsers(void) AppLayerParserRegisterTxFreeFunc(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataStateTransactionFree); AppLayerParserRegisterDetectStateFuncs(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataGetTxDetectState, FTPDataSetTxDetectState); + AppLayerParserRegisterDetectFlagsFuncs(IPPROTO_TCP, ALPROTO_FTPDATA, + FTPDataGetTxDetectFlags, FTPDataSetTxDetectFlags); AppLayerParserRegisterGetFilesFunc(IPPROTO_TCP, ALPROTO_FTPDATA, FTPDataStateGetFiles); diff --git a/src/app-layer-ftp.h b/src/app-layer-ftp.h index 11c5f84e8c..7c8bab2d0b 100644 --- a/src/app-layer-ftp.h +++ b/src/app-layer-ftp.h @@ -209,6 +209,8 @@ typedef struct FtpDataState_ { FtpRequestCommand command; uint8_t state; uint8_t direction; + uint64_t detect_flags_ts; + uint64_t detect_flags_tc; } FtpDataState; void RegisterFTPParsers(void);