diff options
| author | Luca Deri <deri@ntop.org> | 2022-07-05 17:00:21 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2022-07-05 17:00:21 +0200 |
| commit | 52d987b603f49d996b4060f43265d1cf43c3c482 (patch) | |
| tree | 4abbf53d86796fbfc92badb798bc51ef050951fb /src | |
| parent | f4a1739f9c950963f94915916d0a9f088a803abc (diff) | |
SMTP with STARTTLS is now identified as SMTPS
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/mail_smtp.c | 16 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 23 |
2 files changed, 16 insertions, 23 deletions
diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 3d2e8d043..fddd42b97 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -30,22 +30,6 @@ #include "ndpi_api.h" -#define SMTP_BIT_220 0x01 -#define SMTP_BIT_250 0x02 -#define SMTP_BIT_235 0x04 -#define SMTP_BIT_334 0x08 -#define SMTP_BIT_354 0x10 -#define SMTP_BIT_HELO_EHLO 0x20 -#define SMTP_BIT_MAIL 0x40 -#define SMTP_BIT_RCPT 0x80 -#define SMTP_BIT_AUTH_LOGIN 0x100 -#define SMTP_BIT_STARTTLS 0x200 -#define SMTP_BIT_DATA 0x400 -#define SMTP_BIT_NOOP 0x800 -#define SMTP_BIT_RSET 0x1000 -#define SMTP_BIT_TlRM 0x2000 -#define SMTP_BIT_AUTH_PLAIN 0x4000 - /* #define SMTP_DEBUG 1 */ extern int processTLSBlock(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 69bec44f5..5cd74c0df 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -855,7 +855,10 @@ int processTLSBlock(struct ndpi_detection_module_struct *ndpi_struct, case 0x02: /* Server Hello */ processClientServerHello(ndpi_struct, flow, 0); flow->protos.tls_quic.hello_processed = 1; - ndpi_int_tls_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TLS); + + ndpi_int_tls_add_connection(ndpi_struct, flow, + /* Check if this is a SMTP connection with STARTTLS or TLS */ + (flow->l4.tcp.smtp_command_bitmask & SMTP_BIT_STARTTLS) ? NDPI_PROTOCOL_MAIL_SMTPS : NDPI_PROTOCOL_TLS); #ifdef DEBUG_TLS printf("*** TLS [version: %02X][%s Hello]\n", @@ -1243,7 +1246,8 @@ static void tlsCheckUncommonALPN(struct ndpi_detection_module_struct *ndpi_struc static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int32_t protocol) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; - + u_int16_t upper_detected_protocol; + #if DEBUG_TLS printf("[TLS] %s()\n", __FUNCTION__); #endif @@ -1258,12 +1262,17 @@ static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndp return; } - if(protocol != NDPI_PROTOCOL_TLS) - ; - else + if(protocol != NDPI_PROTOCOL_TLS) { + if(flow->l4.tcp.smtp_command_bitmask & SMTP_BIT_STARTTLS) + upper_detected_protocol = flow->detected_protocol_stack[0]; + else + upper_detected_protocol = protocol; + } else { protocol = ndpi_tls_refine_master_protocol(ndpi_struct, flow, protocol); - - ndpi_set_detected_protocol(ndpi_struct, flow, protocol, protocol, NDPI_CONFIDENCE_DPI); + upper_detected_protocol = protocol; + } + + ndpi_set_detected_protocol(ndpi_struct, flow, upper_detected_protocol, protocol, NDPI_CONFIDENCE_DPI); tlsInitExtraPacketProcessing(ndpi_struct, flow); } |