1 files changed, 177 insertions, 0 deletions

diff --git a/decoders/ftp/ftp_decoder_inner.h b/decoders/ftp/ftp_decoder_inner.h
new file mode 100644
index 0000000..4ccaf46
--- /dev/null
+++ b/decoders/ftp/ftp_decoder_inner.h
@@ -0,0 +1,177 @@
+#pragma once
+#include <linux/limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <string.h>
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+#include "stellar/ftp.h"
+#include "stellar/log.h"
+#include "stellar/module.h"
+#include "stellar/mq.h"
+#include "stellar/session.h"
+#include "stellar/utils.h"
+
+#ifdef __cplusplus
+}
+#endif
+#include "ftp_decoder_stat.h"
+#include "ftp_decoder_hash.h"
+
+#define FTP_IDENTIRY_MIN_LEN 4
+#define FTP_IDENTIRY_MAX_LEN 32
+#define FTP_CMD_MAX_LENGTH 256
+#define FTP_URL_MAX_LEN 2048
+
+#define FTP_DECODER_FIELDSTAT_NAME "ftp_decoder"
+#define FTP_DECODER_DXDATA_NAME "ftp_decoder_exdata"
+
+#define FTP_DECODER_FIELDSTAT_OUTPUT_FILE "./log/ftp_decoder.fs4"
+#define FTP_DECODER_FIELDSTAT_OUTPUT_INTERVAL 1
+
+#ifndef UNUSED
+#define UNUSED __attribute__((unused))
+#endif
+
+#define IOVEC_PRINT(iov) (int)(iov).iov_len, (char *)(iov).iov_base
+#define IOVEC_PRINT_PTR(iov_p) (int)(iov_p->iov_len), (char *)(iov_p->iov_base)
+#ifndef fstring
+typedef struct iovec fstring;
+#endif
+enum ftp_link_type
+{
+    FTP_LINK_CTRL,
+    FTP_LINK_DATA,
+};
+
+enum ftp_data_link_type
+{
+    FTP_DATA_LINK_FILE,
+    FTP_DATA_LINK_INVENTORY,
+};
+
+struct ftp_interact_line
+{
+    fstring cmd_line;  // full line but no "\r\n", pointer to packet payload
+    fstring cmd_refer; // pointer to packet payload first word
+    fstring arg_refer; // pointer to packet payload after first word
+};
+
+struct ftp_login_internal
+{
+    fstring username; // iov_base is C string with '\0'
+    fstring password; // iov_base is C string with '\0'
+};
+
+struct ftp_decoder_ctrl_exdata
+{
+    char current_working_dir[PATH_MAX]; // default is "/"
+    enum ftp_command cmd_type;
+    enum ftp_reply_code reply_code;
+    struct ftp_interact_line cmd_line; // per tcp segment
+    ftp_hash_key_t last_data_link_key; // by cmd port or pasv
+    enum ftp_transfer_mode mode;
+    enum ftp_transfer_dir dir;
+};
+
+struct ftp_decoder_data_exdata
+{
+    const char *chunk; // refer to tcp payload
+    size_t chunk_size;
+    size_t offset;
+    int is_finished;
+};
+
+struct ftp_decoder_exdata // per session
+{
+    struct session *sess_ref;
+    struct ftp_decoder *ftp_env_ref;
+    enum ftp_link_type link_type;
+    int reference;
+    int ignore_session;
+    struct ftp_login_internal ftp_login_pri; // per session
+    struct ftp_dtp *dtp;                     // per transaction. data link dtp is deep copy from ctrl link, need be free when session close
+    struct ftp_decoder_ctrl_exdata ctrl_ext;
+    struct ftp_decoder_data_exdata data_ext;
+};
+
+struct ftp_interact_cmd_parser
+{
+    enum ftp_command cmd_type;
+    const char *cmd_name;
+    size_t cmd_len;
+    int (*cmd_handler)(struct session *sess, struct ftp_decoder_exdata *ftp_ext, struct ftp_decoder *ftp_env);
+};
+
+struct ftp_interact_reply_parser
+{
+    enum ftp_reply_code reply_code_type;
+    const char *reply_code;
+    size_t reply_len;
+    int (*reply_handler)(struct session *sess, struct ftp_decoder_exdata *ftp_ext, struct ftp_decoder *ftp_env);
+};
+
+enum ftp_topic_type
+{
+    FTP_TOPIC_CTRL_REQ_LINE = 0,
+    FTP_TOPIC_CTRL_RES_LINE,
+    FTP_TOPIC_CTRL_DTP,
+    FTP_TOPIC_DATA_DTP,
+    FTP_TOPIC_MAX,
+};
+
+struct ftp_topic_compose
+{
+    enum ftp_topic_type topic_type;
+    int topic_id;
+    const char *topic_name;
+};
+
+struct ftp_topic_manager
+{
+    struct ftp_topic_compose topic_compose[FTP_TOPIC_MAX];
+};
+
+struct ftp_decoder
+{
+    struct module_manager *mod_mgr_ref;
+    struct logger *logger_ref;
+    struct ftp_topic_manager *ftp_topic_mgr;
+    int exdata_id;
+    struct ftp_decoder_stat stat;
+};
+
+struct ftp_message
+{
+    struct session *sess_ref;
+    enum ftp_topic_type topic_type;
+    struct ftp_decoder_exdata *ftp_ext_ref;
+    struct ftp_decoder *ftp_env_ref;
+    struct ftp_dtp *dtp_ref;
+};
+
+void ftp_msg_free_cb(void *msg, void *msg_free_arg);
+void ftp_decoder_exdata_free_cb(int idx, void *ex_ptr, void *arg);
+void ftp_decoder_do_exdata_free(struct ftp_decoder_exdata *ftp_ext, struct ftp_decoder *ftp_env);
+void ftp_on_tcp_stream_cb(struct session *sess, enum session_state state, const char *tcp_payload, uint32_t tcp_payload_len, void *args);
+int ftp_command_process(struct session *sess, struct ftp_decoder_exdata *ftp_ext, struct ftp_decoder *ftp_env);
+int ftp_reply_process(struct session *sess, struct ftp_decoder_exdata *ftp_ext, struct ftp_decoder *ftp_env);
+
+void ftp_exdata_dtp_free(struct ftp_dtp *dtp);
+void ftp_login_info_free(struct ftp_login_internal *login_info);
+int ftp_hash_table_create(struct ftp_decoder *fenv);
+void ftp_hash_table_destroy(struct ftp_decoder *fenv);
+int ftp_ctrl_identify_by_payload(const char *payload, size_t len, enum flow_type curdir);
+int ftp_ctrl_identify_by_addr(struct session *sess);
+int ftp_ctrl_identify(struct session *sess, const char *payload, size_t len, enum flow_type curdir);
+struct ftp_decoder_exdata *ftp_data_identify(struct session *sess, struct ftp_decoder *fenv);
+int ftp_cmd_readline(struct ftp_interact_line *line, const char *payload, size_t len);
+void ftp_ctrl_entry(struct session *sess, struct ftp_decoder_exdata *ftp_ext, struct ftp_decoder *fenv);
+void ftp_data_entry(struct session *sess, struct ftp_decoder_exdata *ftp_ext, struct ftp_decoder *fenv);
+int ftp_decoder_push_msg(enum ftp_topic_type topic_type, struct session *sess, struct ftp_decoder_exdata *ftp_ext, struct ftp_decoder *fenv);
+int ftp_parse_ipv4_port_style(const fstring *cmd_str, unsigned int *ipv4_net, unsigned short *port_net);
+int ftp_parse_ipv6_port_style(const fstring *cmd_str, unsigned short *port_net);
+int ftp_parse_eprt_ipport_style(const fstring *arg_str, struct in6_addr *ipd_addr, unsigned short *port_net, struct ftp_decoder *ftp_env);
\ No newline at end of file