aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNardi Ivan <nardi.ivan@gmail.com>2021-09-21 17:56:31 +0200
committerNardi Ivan <nardi.ivan@gmail.com>2021-09-21 20:53:04 +0200
commit017c1a42394501914f850fd54411884545105879 (patch)
treeff6f3b34143dd7031950d53734a06032b4091a04 /src
parentbb52f1362ca80f58eb2bb4a76bb4840fa30afab3 (diff)
FTP: fix support for START-TLS sessions
When TLS-over-FTP is used, the credentials are encrypted. So we must not wait for the username and the password commands, otherwise we elaborate a lot of packets for nothing.
Diffstat (limited to 'src')
3 files changed, 12 insertions, 10 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 2347d0429..6181c21e8 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1350,7 +1350,7 @@ struct ndpi_flow_struct {
} http;
struct {
- u_int8_t auth_found:1, auth_failed:1, _pad:5;
+ u_int8_t auth_found:1, auth_failed:1, auth_tls:1, _pad:5;
char username[16], password[16];
} ftp_imap_pop_smtp;
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 4776095ef..cc1db9ccb 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -7242,7 +7242,8 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp
case NDPI_PROTOCOL_MAIL_POP:
case NDPI_PROTOCOL_MAIL_IMAP:
case NDPI_PROTOCOL_MAIL_SMTP:
- if(flow->protos.ftp_imap_pop_smtp.password[0] == '\0')
+ if(flow->protos.ftp_imap_pop_smtp.password[0] == '\0' &&
+ flow->protos.ftp_imap_pop_smtp.auth_tls == 0)
return(1);
break;
diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c
index 55ea192b0..3635d1118 100644
--- a/src/lib/protocols/ftp_control.c
+++ b/src/lib/protocols/ftp_control.c
@@ -64,6 +64,11 @@ static int ndpi_ftp_control_check_request(struct ndpi_detection_module_struct *n
return 1;
}
+ if(ndpi_match_strprefix(payload, payload_len, "AUTH") ||
+ ndpi_match_strprefix(payload, payload_len, "auth")) {
+ flow->protos.ftp_imap_pop_smtp.auth_found = 1;
+ return 1;
+ }
/* ***************************************************** */
if(ndpi_match_strprefix(payload, payload_len, "ABOR")) {
@@ -86,9 +91,6 @@ static int ndpi_ftp_control_check_request(struct ndpi_detection_module_struct *n
return 1;
}
- if(ndpi_match_strprefix(payload, payload_len, "AUTH")) {
- return 1;
- }
if(ndpi_match_strprefix(payload, payload_len, "CCC")) {
return 1;
}
@@ -321,10 +323,6 @@ static int ndpi_ftp_control_check_request(struct ndpi_detection_module_struct *n
return 1;
}
- if(ndpi_match_strprefix(payload, payload_len, "auth")) {
- return 1;
- }
-
if(ndpi_match_strprefix(payload, payload_len, "ccc")) {
return 1;
}
@@ -564,6 +562,8 @@ static int ndpi_ftp_control_check_response(struct ndpi_flow_struct *flow,
case '2':
case '3':
case '6':
+ if(flow->protos.ftp_imap_pop_smtp.auth_found == 1)
+ flow->protos.ftp_imap_pop_smtp.auth_tls = 1;
return(1);
break;
@@ -635,7 +635,8 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str
flow->protos.ftp_imap_pop_smtp.username, flow->protos.ftp_imap_pop_smtp.password);
#endif
- if(flow->protos.ftp_imap_pop_smtp.password[0] == '\0')
+ if(flow->protos.ftp_imap_pop_smtp.password[0] == '\0' &&
+ flow->protos.ftp_imap_pop_smtp.auth_tls == 0) /* TODO: any values on dissecting TLS handshake? */
flow->ftp_control_stage = 0;
else
ndpi_int_ftp_control_add_connection(ndpi_struct, flow);
Powered by cgit, Themed by Ted Yin.