|
|
|
|
@ -951,6 +951,15 @@ static int FTPGetAlstateProgress(void *vtx, uint8_t direction)
|
|
|
|
|
return FTP_STATE_FINISHED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static AppProto FTPUserProbingParser(
|
|
|
|
|
Flow *f, uint8_t direction, const uint8_t *input, uint32_t len, uint8_t *rdir)
|
|
|
|
|
{
|
|
|
|
|
if (f->alproto_tc == ALPROTO_POP3) {
|
|
|
|
|
// POP traffic begins by same "USER" pattern as FTP
|
|
|
|
|
return ALPROTO_FAILED;
|
|
|
|
|
}
|
|
|
|
|
return ALPROTO_FTP;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int FTPRegisterPatternsForProtocolDetection(void)
|
|
|
|
|
{
|
|
|
|
|
@ -962,8 +971,8 @@ static int FTPRegisterPatternsForProtocolDetection(void)
|
|
|
|
|
IPPROTO_TCP, ALPROTO_FTP, "FEAT", 4, 0, STREAM_TOSERVER) < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (AppLayerProtoDetectPMRegisterPatternCI(
|
|
|
|
|
IPPROTO_TCP, ALPROTO_FTP, "USER ", 5, 0, STREAM_TOSERVER) < 0) {
|
|
|
|
|
if (AppLayerProtoDetectPMRegisterPatternCSwPP(IPPROTO_TCP, ALPROTO_FTP, "USER ", 5, 0,
|
|
|
|
|
STREAM_TOSERVER, FTPUserProbingParser, 5, 5) < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
if (AppLayerProtoDetectPMRegisterPatternCI(
|
|
|
|
|
|
Philippe Antoine
3 years ago
committed by
Victor Julien