diff options
Diffstat (limited to 'src/lib/protocols/mail_smtp.c')
| -rw-r--r-- | src/lib/protocols/mail_smtp.c | 54 |
1 files changed, 48 insertions, 6 deletions
diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 5899027b9..fcb390229 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -49,10 +49,20 @@ static void ndpi_int_mail_smtp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { +#ifdef SMTP_DEBUG + printf("**** %s()\n", __FUNCTION__); +#endif + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_SMTP, NDPI_PROTOCOL_UNKNOWN); } +/* **************************************** */ + +static void smtpInitExtraPacketProcessing(struct ndpi_flow_struct *flow); + +/* **************************************** */ + void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -66,7 +76,7 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t a; u_int8_t bit_count = 0; - NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow,packet); + NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet); for(a = 0; a < packet->parsed_lines; a++) { // expected server responses @@ -225,12 +235,12 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_INFO(ndpi_struct, "mail smtp identified\n"); #ifdef SMTP_DEBUG - printf("%s() [bit_count: %u][%s]\n", __FUNCTION__, bit_count, flow->protos.ftp_imap_pop_smtp.password); + printf("%s() [bit_count: %u][%s]\n", __FUNCTION__, + bit_count, flow->protos.ftp_imap_pop_smtp.password); #endif - if(flow->protos.ftp_imap_pop_smtp.password[0] != '\0') - ndpi_int_mail_smtp_add_connection(ndpi_struct, flow); - + ndpi_int_mail_smtp_add_connection(ndpi_struct, flow); + smtpInitExtraPacketProcessing(flow); return; } @@ -248,10 +258,42 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, return; } - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + if(!flow->check_extra_packets) + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + +/* **************************************** */ + +int ndpi_extra_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + int rc; + + ndpi_search_mail_smtp_tcp(ndpi_struct, flow); + rc = (flow->protos.ftp_imap_pop_smtp.password[0] == '\0') ? 1 : 0; + +#ifdef SMTP_DEBUG + printf("**** %s() [rc: %d]\n", __FUNCTION__, rc); +#endif + + return(rc); +} + +/* **************************************** */ + +static void smtpInitExtraPacketProcessing(struct ndpi_flow_struct *flow) { +#ifdef SMTP_DEBUG + printf("**** %s()\n", __FUNCTION__); +#endif + + flow->check_extra_packets = 1; + /* At most 7 packets should almost always be enough */ + flow->max_extra_packets_to_check = 7; + flow->extra_packets_func = ndpi_extra_search_mail_smtp_tcp; } +/* **************************************** */ + void init_mail_smtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("MAIL_SMTP", ndpi_struct, detection_bitmask, *id, |