1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
#pragma once
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <string.h>
#include "ftp_decoder.h"
#include <MESA/MESA_handle_logger.h>
#ifdef __cplusplus
extern "C"
{
#endif
#include <stellar/session.h>
#include <stellar/session_exdata.h>
#include <stellar/session_mq.h>
#include <stellar/stellar.h>
#ifdef __cplusplus
}
#endif
#include "ftp_decoder_stat.h"
#include "ftp_decoder_hash.h"
#define FTPD_IDENTIRY_MIN_LEN 4
#define FTPD_IDENTIRY_MAX_LEN 32
#define FTPD_CMD_MAX_LENGTH 128
#define FTP_DECODER_CFG_FILE "./conf/ftp_decoder/ftp.conf"
#define FTP_DECODER_FIELDSTAT_NAME "ftp_decoder_statistics"
#define FTP_DECODER_FIELDSTAT_OUTPUT_FILE "./metrics/ftp_decoder_fs4.json"
#define FTP_DECODER_FIELDSTAT_OUTPUT_INTERVAL 3
extern void *__ftp_decoder_logger_handle;
#define ftp_runtime_log(log_level, format, ...) \
do \
{ \
if (MESA_handle_runtime_log_level_enabled(__ftp_decoder_logger_handle, log_level)) \
{ \
MESA_handle_runtime_log(__ftp_decoder_logger_handle, log_level, "ftp_decoder", format, ##__VA_ARGS__); \
} \
} while (0)
#define IOVEC_PRINT(iov) (int)(iov).iov_len, (char *)(iov).iov_base
#define IOVEC_PRINT_PTR(iov_p) (int)(iov_p->iov_len), (char *)(iov_p->iov_base)
#ifndef fstring
typedef struct iovec fstring;
#endif
enum ftp_link_type
{
FTP_LINK_CTRL,
FTP_LINK_DATA,
};
enum ftp_data_link_type
{
FTP_DATA_LINK_FILE,
FTP_DATA_LINK_INVENTORY,
};
struct ftp_interact_line
{
fstring cmd_refer; // pointer to packet payload
fstring arg_refer; // pointer to packet payload
};
struct ftp_parse_result
{
/* all data is persistent, sync with data link, need be free when session close */
int cursor;
struct iovec result_array[FTP_MSG_MAX];
uint8_t push_result_flags[FTP_MSG_MAX];
};
struct ftp_context
{
enum ftp_link_type link_type;
enum ftp_msg_type data_link_presentation; // FTP_INVENTORY or FTP_FILE_CONTENT
struct ftp_interact_line cmd_result;
struct ftp_parse_result parse_result;
struct ftp_interact_line last_cmd;
struct ftp_link_key last_data_link_key;
};
struct ftp_interact_parser
{
enum ftp_msg_type cmd_msg_type;
const char *cmd_name;
int cmd_len;
int (*cmd_handler)(struct session *sess, struct ftp_context *fctx, struct ftp_decoder_env *fenv);
};
struct ftp_stat
{
struct fieldstat_easy *fs4_instance;
int fs4_counter_id[FTPD_STAT_MAX];
};
struct ftp_decoder_env
{
void *logger_handle;
int plugin_id;
int thread_count;
int tcp_sub_topic_id;
int ftp_pub_ctrl_topic_id;
int ftp_pub_data_topic_id;
void **data_link_table; // key is tuple3 for PASV, tuple4 for PORT
struct ftp_stat fstat;
};
struct ftp_message
{
struct ftp_context *fctx;
};
extern "C" void *FTP_ONLOAD(struct stellar *st);
extern "C" void FTP_UNLOAD(void *plugin_env);
int ftp_hash_table_create(struct ftp_decoder_env *fenv);
void ftp_hash_table_destroy(struct ftp_decoder_env *fenv);
int ftp_ctrl_identify_by_payload(const char *payload, size_t len, u_int8_t curdir);
int ftp_ctrl_identify_by_addr(struct session *sess);
int ftp_ctrl_identify(struct session *sess, const char *payload, size_t len, u_int8_t curdir);
struct ftp_context *ftp_data_identify(struct session *sess, struct ftp_decoder_env *fenv);
int ftp_cmd_readline(struct ftp_interact_line *line, const char *payload, size_t len);
int ftp_cmd_process(struct session *sess, struct ftp_context *fctx, struct ftp_decoder_env *fenv, int curdir);
int ftp_decoder_push_msg(struct session *sess, struct ftp_context *fctx, struct ftp_decoder_env *fenv);
int ftp_parse_ipv4_port_style(const fstring *cmd_str, unsigned int *ipv4_net, unsigned short *port_net);
int ftp_parse_ipv6_port_style(const fstring *cmd_str, unsigned short *port_net);
int ftp_parse_eprt_ipport_style(const fstring *arg_str, struct in6_addr *ipd_addr, unsigned short *port_net);
|
