diff options
| author | Nardi Ivan <nardi.ivan@gmail.com> | 2021-09-21 17:56:31 +0200 |
|---|---|---|
| committer | Nardi Ivan <nardi.ivan@gmail.com> | 2021-09-21 20:53:04 +0200 |
| commit | 017c1a42394501914f850fd54411884545105879 (patch) | |
| tree | ff6f3b34143dd7031950d53734a06032b4091a04 /src/lib/protocols/ftp_control.c | |
| parent | bb52f1362ca80f58eb2bb4a76bb4840fa30afab3 (diff) | |
FTP: fix support for START-TLS sessions
When TLS-over-FTP is used, the credentials are encrypted. So we must not
wait for the username and the password commands, otherwise we elaborate a
lot of packets for nothing.
Diffstat (limited to 'src/lib/protocols/ftp_control.c')
| -rw-r--r-- | src/lib/protocols/ftp_control.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index 55ea192b0..3635d1118 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -64,6 +64,11 @@ static int ndpi_ftp_control_check_request(struct ndpi_detection_module_struct *n return 1; } + if(ndpi_match_strprefix(payload, payload_len, "AUTH") || + ndpi_match_strprefix(payload, payload_len, "auth")) { + flow->protos.ftp_imap_pop_smtp.auth_found = 1; + return 1; + } /* ***************************************************** */ if(ndpi_match_strprefix(payload, payload_len, "ABOR")) { @@ -86,9 +91,6 @@ static int ndpi_ftp_control_check_request(struct ndpi_detection_module_struct *n return 1; } - if(ndpi_match_strprefix(payload, payload_len, "AUTH")) { - return 1; - } if(ndpi_match_strprefix(payload, payload_len, "CCC")) { return 1; } @@ -321,10 +323,6 @@ static int ndpi_ftp_control_check_request(struct ndpi_detection_module_struct *n return 1; } - if(ndpi_match_strprefix(payload, payload_len, "auth")) { - return 1; - } - if(ndpi_match_strprefix(payload, payload_len, "ccc")) { return 1; } @@ -564,6 +562,8 @@ static int ndpi_ftp_control_check_response(struct ndpi_flow_struct *flow, case '2': case '3': case '6': + if(flow->protos.ftp_imap_pop_smtp.auth_found == 1) + flow->protos.ftp_imap_pop_smtp.auth_tls = 1; return(1); break; @@ -635,7 +635,8 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str flow->protos.ftp_imap_pop_smtp.username, flow->protos.ftp_imap_pop_smtp.password); #endif - if(flow->protos.ftp_imap_pop_smtp.password[0] == '\0') + if(flow->protos.ftp_imap_pop_smtp.password[0] == '\0' && + flow->protos.ftp_imap_pop_smtp.auth_tls == 0) /* TODO: any values on dissecting TLS handshake? */ flow->ftp_control_stage = 0; else ndpi_int_ftp_control_add_connection(ndpi_struct, flow); |