1 files changed, 15 insertions, 12 deletions

diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c
index a6809b454..2ae04f24b 100644
--- a/src/lib/protocols/mail_imap.c
+++ b/src/lib/protocols/mail_imap.c
@@ -30,6 +30,9 @@
 
 /* #define IMAP_DEBUG 1*/
 
+extern void switch_extra_dissection_to_tls(struct ndpi_detection_module_struct *ndpi_struct,
+					   struct ndpi_flow_struct *flow);
+
 static void ndpi_int_mail_imap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
 					      u_int16_t protocol) {
   flow->guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; /* Avoid IMAPS to be used s sub-protocol */
@@ -51,13 +54,6 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct,
   printf("%s() [%.*s]\n", __FUNCTION__, packet->payload_packet_len, packet->payload);
 #endif
 
-  if(flow->l4.tcp.mail_imap_starttls == 2) {
-    NDPI_LOG_DBG2(ndpi_struct, "starttls detected\n");
-    NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_IMAP);
-    NDPI_DEL_PROTOCOL_FROM_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TLS);
-    return;
-  }
-
   if(packet->payload_packet_len >= 4 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) {
     // the DONE command appears without a tag
     if(packet->payload_packet_len == 6 && ((packet->payload[0] == 'D' || packet->payload[0] == 'd')
@@ -113,8 +109,17 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 	    && (packet->payload[command_start + 1] == 'K' || packet->payload[command_start + 1] == 'k')
 	    && packet->payload[command_start + 2] == ' ') {
 	  flow->l4.tcp.mail_imap_stage += 1;
-	  if(flow->l4.tcp.mail_imap_starttls == 1)
-	    flow->l4.tcp.mail_imap_starttls = 2;
+	  if(flow->l4.tcp.mail_imap_starttls == 1) {
+	    NDPI_LOG_DBG2(ndpi_struct, "starttls detected\n");
+	    ndpi_int_mail_imap_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_IMAPS);
+	    if(ndpi_struct->opportunistic_tls_imap_enabled) {
+	      NDPI_LOG_DBG(ndpi_struct, "Switching to [%d/%d]\n",
+			   flow->detected_protocol_stack[0], flow->detected_protocol_stack[1]);
+	      /* We are done (in IMAP dissector): delegating TLS... */
+	      switch_extra_dissection_to_tls(ndpi_struct, flow);
+	      return;
+	    }
+	  }
 	  saw_command = 1;
 	} else if((packet->payload[command_start] == 'U' || packet->payload[command_start] == 'u')
 		   && (packet->payload[command_start + 1] == 'I' || packet->payload[command_start + 1] == 'i')
@@ -126,7 +131,7 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 	    && packet->payload[command_start + 2] == ' ') {
 	  flow->l4.tcp.mail_imap_stage += 1;
 	  if(flow->l4.tcp.mail_imap_starttls == 1)
-	    flow->l4.tcp.mail_imap_starttls = 2;
+	    flow->l4.tcp.mail_imap_starttls = 0;
 	  saw_command = 1;
 	}
       }
@@ -156,7 +161,6 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 	    && (packet->payload[command_start + 7] == 'S' || packet->payload[command_start + 7] == 's')) {
         flow->l4.tcp.mail_imap_stage += 1;
         flow->l4.tcp.mail_imap_starttls = 1;
-        ndpi_int_mail_imap_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_IMAPS);
         saw_command = 1;
 	}
       }
@@ -242,7 +246,6 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 	  flow->l4.tcp.mail_imap_stage += 1;
 	  /* Authenticate phase may have multiple messages. Ignore them since they are
 	     somehow encrypted anyway. */
-	  flow->l4.tcp.mail_imap_starttls = 2;
           ndpi_int_mail_imap_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_IMAPS);
 	  saw_command = 1;
 	}