diff options
| author | Michele Campus <fci1908@gmail.com> | 2016-08-12 15:27:11 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-08-12 15:27:11 +0200 |
| commit | 7853c4a90ba102b451ec8cee3353a4836ff00176 (patch) | |
| tree | 239fe13d451ba3c203efaf3b821dba515f9bbf30 /src/lib/protocols/mail_imap.c | |
| parent | 92cac451c87c149f7883c79b5a7f890c7d2043f3 (diff) | |
| parent | e7613a385149e9f949960a8dd0884fef12b82282 (diff) | |
Merge pull request #244 from emanuele-f/starttls
Add STARTTLS detection
Diffstat (limited to 'src/lib/protocols/mail_imap.c')
| -rw-r--r-- | src/lib/protocols/mail_imap.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c index c62c1d366..9d045226a 100644 --- a/src/lib/protocols/mail_imap.c +++ b/src/lib/protocols/mail_imap.c @@ -42,6 +42,15 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, /* const u_int8_t *command = 0; */ NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, "search IMAP.\n"); + + if (flow->l4.tcp.mail_imap_starttls == 2) { +#ifdef NDPI_PROTOCOL_SSL + NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, "starttls detected\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_IMAP); + NDPI_DEL_PROTOCOL_FROM_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSL); + return; +#endif + } if (packet->payload_packet_len >= 4 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) { // the DONE command appears without a tag @@ -62,7 +71,7 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, } if (!((packet->payload[i] >= 'a' && packet->payload[i] <= 'z') || (packet->payload[i] >= 'A' && packet->payload[i] <= 'Z') || - (packet->payload[i] >= '0' && packet->payload[i] <= '9') || packet->payload[i] == '*')) { + (packet->payload[i] >= '0' && packet->payload[i] <= '9') || packet->payload[i] == '*' || packet->payload[i] == '.')) { goto imap_excluded; } i++; @@ -99,6 +108,8 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, && (packet->payload[command_start + 1] == 'K' || packet->payload[command_start + 1] == 'k') && packet->payload[command_start + 2] == ' ') { flow->l4.tcp.mail_imap_stage += 1; + if (flow->l4.tcp.mail_imap_starttls == 1) + flow->l4.tcp.mail_imap_starttls = 2; saw_command = 1; } else if ((packet->payload[command_start] == 'U' || packet->payload[command_start] == 'u') && (packet->payload[command_start + 1] == 'I' || packet->payload[command_start + 1] == 'i') @@ -131,8 +142,10 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, && (packet->payload[command_start + 5] == 'T' || packet->payload[command_start + 5] == 't') && (packet->payload[command_start + 6] == 'L' || packet->payload[command_start + 6] == 'l') && (packet->payload[command_start + 7] == 'S' || packet->payload[command_start + 7] == 's')) { - flow->l4.tcp.mail_imap_stage += 1; - saw_command = 1; + flow->l4.tcp.mail_imap_stage += 1; + flow->l4.tcp.mail_imap_starttls = 1; + flow->detected_protocol_stack[0] = NDPI_PROTOCOL_MAIL_IMAPS; + saw_command = 1; } } if ((command_start + 5) < packet->payload_packet_len) { |