ftp: Reset fuid after logging

A user reported being confused about the fuid association of subsequent FTP commands when a data transfer has completed. It seems reasonable to unset fuid upon logging a FTP command which had a fuid. The current behavior results in the PORT or PASV commands after a RETR or STOR to have the fuid of the prior file transfer. Similarly, any CWD or DEL commands following a file transfer will unnecessarily be logged with the fuid of the prior file transfer. This tickles the baselines for the private testing PCAP a lot, primarily because there data connections in that pcap are never established properly. E.g, the fuids FzDzid1Dxm9srVKHXf and FEfYX73q5C6GEQZXX9 have been re-used for multiple commands. This may look like we're losing information, but the fuids vanishing in the normal btests belong to a LIST command that isn't logged by default into ftp.log. If it was, the fuid would be attached to it.
2025-10-09 01:58:20 +00:00 · 2024-02-20 20:16:03 +01:00 · 2024-02-20 20:16:03 +01:00 · 31b548babc
commit 31b548babc
parent 6de51f0d7a
8 changed files with 21 additions and 22 deletions
--- a/scripts/base/protocols/ftp/files.zeek
+++ b/scripts/base/protocols/ftp/files.zeek
@ -7,11 +7,6 @@
 module FTP;

 export {
-	redef record Info += {
-		## File unique ID.
-		fuid: string &optional &log;
-	};
-
 	## Default file handle provider for FTP.
 	global get_file_handle: function(c: connection, is_orig: bool): string;