diff options
| author | Luca Deri <deri@ntop.org> | 2021-08-11 11:52:24 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2021-08-11 11:52:24 +0200 |
| commit | 5c33fbf19b5bab76aca04432fc7fa6f956ff785f (patch) | |
| tree | 2a85731111b0ab18a188d82aeeb4cdab816e867e /src/lib | |
| parent | 846b546dbc9540d08824cd5fa69e2b683cabfad1 (diff) | |
Added extraction of hostname in SMTP
Fixed mail incalid subprotocol calculation
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_main.c | 1 | ||||
| -rw-r--r-- | src/lib/protocols/mail_imap.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/mail_pop.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/mail_smtp.c | 22 |
4 files changed, 26 insertions, 3 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 464b2b326..493c71aea 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4406,7 +4406,6 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str */ if(flow->packet.tcp->syn != 0 && flow->packet.tcp->ack == 0 && flow->init_finished != 0 && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { - u_int16_t guessed_protocol_id, guessed_host_protocol_id; u_int16_t packet_direction_counter[2]; u_int8_t num_processed_pkts; diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c index e9a068db3..7fc50c4b7 100644 --- a/src/lib/protocols/mail_imap.c +++ b/src/lib/protocols/mail_imap.c @@ -30,8 +30,8 @@ /* #define IMAP_DEBUG 1*/ -static void ndpi_int_mail_imap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ +static void ndpi_int_mail_imap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + flow->guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; /* Avoid IMAPS to be used s sub-protocol */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_IMAP, NDPI_PROTOCOL_UNKNOWN); } diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c index 9a893bd0d..feb2757a2 100644 --- a/src/lib/protocols/mail_pop.c +++ b/src/lib/protocols/mail_pop.c @@ -45,6 +45,8 @@ static void ndpi_int_mail_pop_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + + flow->guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; /* Avoid POP3S to be used s sub-protocol */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_POP, NDPI_PROTOCOL_UNKNOWN); } diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 72926402a..359ccbfb5 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -52,6 +52,8 @@ static void ndpi_int_mail_smtp_add_connection(struct ndpi_detection_module_struc #ifdef SMTP_DEBUG printf("**** %s()\n", __FUNCTION__); #endif + + flow->guessed_protocol_id = NDPI_PROTOCOL_MAIL_SMTP; /* Avoid SMTPS to be used s sub-protocol */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_SMTP, NDPI_PROTOCOL_UNKNOWN); @@ -83,6 +85,26 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(packet->line[a].len >= 3) { if(memcmp(packet->line[a].ptr, "220", 3) == 0) { flow->l4.tcp.smtp_command_bitmask |= SMTP_BIT_220; + + if(flow->host_server_name[0] == '\0') { + if(packet->line[a].len > 4) { + int i, len; + + for(i=5; (i<packet->line[a].len-1) && (packet->line[a].ptr[i] != ' '); i++) + ; + + len = i-4; + /* Copy result for nDPI apps */ + len = ndpi_min(len, sizeof(flow->host_server_name)-1); + strncpy((char*)flow->host_server_name, (char*)&packet->line[a].ptr[4], len); + flow->host_server_name[len] = '\0'; + + ndpi_match_hostname_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_SMTP, + (char *)flow->host_server_name, + strlen((const char *)flow->host_server_name)); + + } + } } else if(memcmp(packet->line[a].ptr, "250", 3) == 0) { flow->l4.tcp.smtp_command_bitmask |= SMTP_BIT_250; } else if(memcmp(packet->line[a].ptr, "235", 3) == 0) { |