diff options
| author | Toni <matzeton@googlemail.com> | 2022-07-06 12:40:25 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-06 12:40:25 +0200 |
| commit | 175f863665ce9850398a415fc35ec4ee848b096f (patch) | |
| tree | 49b5c7b3b737f3a0edd378e6e9a14a36199c74bb /src/lib/ndpi_main.c | |
| parent | c019946f601bf3b55f64f78841a0d696e6c0bfc5 (diff) | |
Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho. (#1639)
* Label SMTP w/ STARTTLS as SMTPS *and* dissect TLS clho.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Revert "SMTP with STARTTLS is now identified as SMTPS"
This reverts commit 52d987b603f49d996b4060f43265d1cf43c3c482.
* Revert "Compilation fix"
This reverts commit c019946f601bf3b55f64f78841a0d696e6c0bfc5.
* Sync unit tests.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/lib/ndpi_main.c')
| -rw-r--r-- | src/lib/ndpi_main.c | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index d071d6d9f..3c6d6ba84 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -5339,13 +5339,6 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s // printf("====>> %u.%u [%u]\n", ret->master_protocol, ret->app_protocol, flow->detected_protocol_stack[0]); switch(ret->app_protocol) { - case NDPI_PROTOCOL_MAIL_IMAPS: - case NDPI_PROTOCOL_MAIL_SMTPS: - case NDPI_PROTOCOL_MAIL_POPS: - /* ALPN not necessary for secure email */ - NDPI_CLR_BIT(flow->risk, NDPI_TLS_NOT_CARRYING_HTTPS); - break; - /* Skype for a host doing MS Teams means MS Teams (MS Teams uses Skype as transport protocol for voice/video) @@ -8042,9 +8035,7 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp switch(proto) { case NDPI_PROTOCOL_TLS: case NDPI_PROTOCOL_DTLS: - if(flow->l4.tcp.tls.certificate_processed || - (flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 1 && - flow->l4.tcp.ftp_imap_pop_smtp.auth_done == 1)) return(0); + if(flow->l4.tcp.tls.certificate_processed) return(0); if(flow->l4.tcp.tls.num_tls_blocks <= ndpi_str->num_tls_blocks_to_follow) { // printf("*** %u/%u\n", flow->l4.tcp.tls.num_tls_blocks, ndpi_str->num_tls_blocks_to_follow); @@ -8064,6 +8055,11 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp break; case NDPI_PROTOCOL_FTP_CONTROL: + if(flow->l4.tcp.ftp_imap_pop_smtp.password[0] == '\0' && + flow->l4.tcp.ftp_imap_pop_smtp.auth_tls == 0 && + flow->l4.tcp.ftp_imap_pop_smtp.auth_done == 0) + return(1); + break; case NDPI_PROTOCOL_MAIL_POP: case NDPI_PROTOCOL_MAIL_IMAP: case NDPI_PROTOCOL_MAIL_SMTP: |