suricata
app-layer-smtp.h File Reference
#include "decode-events.h"
#include "util-decode-mime.h"
#include "queue.h"
#include "util-streaming-buffer.h"
Include dependency graph for app-layer-smtp.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  SMTPString_
 
struct  SMTPTransaction_
 
struct  SMTPConfig
 
struct  SMTPState_
 

Typedefs

typedef struct SMTPString_ SMTPString
 
typedef struct SMTPTransaction_ SMTPTransaction
 
typedef struct SMTPConfig SMTPConfig
 
typedef struct SMTPState_ SMTPState
 

Enumerations

enum  {
  SMTP_DECODER_EVENT_INVALID_REPLY, SMTP_DECODER_EVENT_UNABLE_TO_MATCH_REPLY_WITH_REQUEST, SMTP_DECODER_EVENT_MAX_COMMAND_LINE_LEN_EXCEEDED, SMTP_DECODER_EVENT_MAX_REPLY_LINE_LEN_EXCEEDED,
  SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE, SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED, SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE, SMTP_DECODER_EVENT_TLS_REJECTED,
  SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED, SMTP_DECODER_EVENT_MIME_PARSE_FAILED, SMTP_DECODER_EVENT_MIME_MALFORMED_MSG, SMTP_DECODER_EVENT_MIME_INVALID_BASE64,
  SMTP_DECODER_EVENT_MIME_INVALID_QP, SMTP_DECODER_EVENT_MIME_LONG_LINE, SMTP_DECODER_EVENT_MIME_LONG_ENC_LINE, SMTP_DECODER_EVENT_MIME_LONG_HEADER_NAME,
  SMTP_DECODER_EVENT_MIME_LONG_HEADER_VALUE, SMTP_DECODER_EVENT_MIME_BOUNDARY_TOO_LONG, SMTP_DECODER_EVENT_DUPLICATE_FIELDS, SMTP_DECODER_EVENT_UNPARSABLE_CONTENT
}
 

Functions

int SMTPProcessDataChunk (const uint8_t *chunk, uint32_t len, MimeDecParseState *state)
 
void * SMTPStateAlloc (void)
 
void RegisterSMTPParsers (void)
 Register the SMTP Protocol parser. More...
 
void SMTPParserCleanup (void)
 Free memory allocated for global SMTP parser state. More...
 
void SMTPParserRegisterTests (void)
 

Variables

SMTPConfig smtp_config
 

Detailed Description

Typedef Documentation

typedef struct SMTPConfig SMTPConfig
typedef struct SMTPState_ SMTPState
typedef struct SMTPString_ SMTPString

Enumeration Type Documentation

anonymous enum
Enumerator
SMTP_DECODER_EVENT_INVALID_REPLY 
SMTP_DECODER_EVENT_UNABLE_TO_MATCH_REPLY_WITH_REQUEST 
SMTP_DECODER_EVENT_MAX_COMMAND_LINE_LEN_EXCEEDED 
SMTP_DECODER_EVENT_MAX_REPLY_LINE_LEN_EXCEEDED 
SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE 
SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED 
SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE 
SMTP_DECODER_EVENT_TLS_REJECTED 
SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED 
SMTP_DECODER_EVENT_MIME_PARSE_FAILED 
SMTP_DECODER_EVENT_MIME_MALFORMED_MSG 
SMTP_DECODER_EVENT_MIME_INVALID_BASE64 
SMTP_DECODER_EVENT_MIME_INVALID_QP 
SMTP_DECODER_EVENT_MIME_LONG_LINE 
SMTP_DECODER_EVENT_MIME_LONG_ENC_LINE 
SMTP_DECODER_EVENT_MIME_LONG_HEADER_NAME 
SMTP_DECODER_EVENT_MIME_LONG_HEADER_VALUE 
SMTP_DECODER_EVENT_MIME_BOUNDARY_TOO_LONG 
SMTP_DECODER_EVENT_DUPLICATE_FIELDS 
SMTP_DECODER_EVENT_UNPARSABLE_CONTENT 

Definition at line 32 of file app-layer-smtp.h.

Function Documentation

void SMTPParserCleanup ( void  )

Free memory allocated for global SMTP parser state.

Definition at line 1792 of file app-layer-smtp.c.

References Flow_::alproto, ALPROTO_SMTP, Flow_::alstate, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), SMTPState_::bdat_chunk_idx, SMTPState_::bdat_chunk_len, MimeDecParseState::body_begin, MimeDecParseState::body_end, StreamingBufferConfig_::buf_size, SMTPState_::cmds, SMTPState_::cmds_cnt, SMTPState_::cmds_idx, SMTPConfig::content_inspect_min_size, SMTPConfig::content_inspect_window, SMTPConfig::content_limit, CTNT_IS_ATTACHMENT, SMTPState_::curr_tx, SMTPState_::current_line, SMTPState_::current_line_len, MimeDecStackNode::data, MimeDecParseState::data, DE_QUIET, MimeDecConfig::decode_base64, SMTPConfig::decode_mime, MimeDecConfig::decode_quoted_printable, DetectEngineAppendSig(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), FAIL_IF, Flow_::file_flags, FILEDATA_CONTENT_INSPECT_MIN_SIZE, FILEDATA_CONTENT_INSPECT_WINDOW, FILEDATA_CONTENT_LIMIT, FileDataSize(), SMTPState_::files_ts, FileTrackedSize(), TcpSession_::flags, Flow_::flags, Packet_::flags, DetectEngineCtx_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_NOPAYLOAD_INSPECTION, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOSERVER, FlowChangeProto(), FLOWFILE_NO_STORE_TS, Packet_::flowflags, FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, FileContainer_::head, SMTPState_::helo, SMTPState_::helo_len, SMTPState_::input_len, SMTPTransaction_::mail_from, SMTPTransaction_::mail_from_len, SMTPConfig::mime_config, MIME_DEC_OK, SMTPTransaction_::mime_state, MimeDecInitParser(), MimeDecSetConfig(), SMTPTransaction_::msg_head, File_::name, PacketAlertCheck(), SMTPState_::parser_state, PASS, PKT_HAS_FLOW, PKT_STREAM_EST, Flow_::proto, Flow_::protoctx, File_::sb, SMTPConfig::sbcfg, SigCleanSignatures(), SigGroupBuild(), SigGroupCleanup(), SigMatchSignatures(), SMTP_COMMAND_BDAT, SMTP_COMMAND_DATA, SMTP_COMMAND_DATA_MODE, SMTP_COMMAND_OTHER_CMD, SMTP_COMMAND_STARTTLS, SMTP_PARSER_STATE_COMMAND_DATA_MODE, SMTP_PARSER_STATE_FIRST_REPLY_SEEN, SMTP_PARSER_STATE_PIPELINING_SERVER, SMTPProcessDataChunk(), SMTPStateAlloc(), MimeDecParseState::stack, STREAM_START, STREAM_TOCLIENT, STREAM_TOSERVER, StreamingBufferCompareRawData(), STREAMTCP_FLAG_APP_LAYER_DISABLED, STREAMTCP_STREAM_FLAG_NOREASSEMBLY, StreamTcpFreeConfig(), StreamTcpInitConfig(), MimeDecStack::top, TRUE, SMTPState_::ts_current_line_db, SMTPState_::ts_db, SMTPState_::ts_db_len, UTHBuildPacket(), and UTHFreePackets().

Referenced by AppLayerParserDeSetup().

Here is the call graph for this function:

Here is the caller graph for this function:

void SMTPParserRegisterTests ( void  )

Definition at line 5248 of file app-layer-smtp.c.

References UtRegisterTest().

Referenced by RegisterSMTPParsers().

Here is the call graph for this function:

Here is the caller graph for this function:

int SMTPProcessDataChunk ( const uint8_t *  chunk,
uint32_t  len,
MimeDecParseState state 
)

Definition at line 418 of file app-layer-smtp.c.

References Flow_::alstate, ANOM_INVALID_BASE64, ANOM_INVALID_QP, ANOM_LONG_BOUNDARY, ANOM_LONG_ENC_LINE, ANOM_LONG_HEADER_NAME, ANOM_LONG_HEADER_VALUE, ANOM_LONG_LINE, ANOM_MALFORMED_MSG, MimeDecEntity::anomaly_flags, APP_LAYER_PARSER_EOF, AppLayerParserStateIssetFlag(), AppLayerRequestProtocolTLSUpgrade(), SMTPState_::bdat_chunk_idx, SMTPState_::bdat_chunk_len, MimeDecParseState::body_begin, MimeDecParseState::body_end, SMTPState_::cmds, SMTPState_::cmds_buffer_len, SMTPState_::cmds_cnt, SMTPState_::cmds_idx, MimeDecEntity::ctnt_flags, CTNT_IS_ATTACHMENT, SMTPState_::curr_tx, SMTPState_::current_command, SMTPState_::current_line, SMTPState_::current_line_delimiter_len, SMTPState_::current_line_len, MimeDecStackNode::data, MimeDecParseState::data, SMTPConfig::decode_mime, SMTPState_::direction, SMTPTransaction_::done, SCEnumCharMap_::enum_value, FILE_NOMAGIC, FILE_NOMD5, FILE_STATE_OPENED, FILE_STORE, FILE_TRUNCATED, FILE_USE_DETECT, FileAppendData(), FileCloseFile(), FileContainerAlloc(), FileFlowToFlags(), MimeDecEntity::filename, MimeDecEntity::filename_len, FileOpenFile(), FilePrune(), SMTPState_::files_ts, flags, File_::flags, FileContainer_::head, SMTPState_::helo, SMTPState_::helo_len, SMTPState_::input, SMTPState_::input_len, SMTPString_::len, SMTPTransaction_::mail_from, SMTPTransaction_::mail_from_len, MIME_DEC_ERR_DATA, MIME_DEC_ERR_MEM, MIME_DEC_ERR_STATE, MIME_DEC_OK, SMTPTransaction_::mime_state, MimeDecInitParser(), MimeDecParseComplete(), MimeDecParseLine(), mpm_table, MimeDecParseState::msg, msg, SMTPTransaction_::msg_head, SMTPTransaction_::msg_tail, MimeDecEntity::next, next, PARSE_ERROR, SMTPState_::parser_state, SMTPThreadCtx_::pmq, PmqReset(), SMTPConfig::raw_extraction, PrefilterRuleStore_::rule_id_array, SMTPConfig::sbcfg, SC_ERR_MEM_ALLOC, SCEnter, SCFree, SCLogDebug, SCLogDebugEnabled(), SCLogError, SCMalloc, SCRealloc, SCReturnInt, MpmTableElmt_::Search, SMTP_COMMAND_BDAT, SMTP_COMMAND_BUFFER_STEPS, SMTP_COMMAND_DATA, SMTP_COMMAND_DATA_MODE, SMTP_COMMAND_OTHER_CMD, SMTP_COMMAND_STARTTLS, SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED, SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED, SMTP_DECODER_EVENT_DUPLICATE_FIELDS, SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE, SMTP_DECODER_EVENT_INVALID_REPLY, SMTP_DECODER_EVENT_MIME_BOUNDARY_TOO_LONG, SMTP_DECODER_EVENT_MIME_INVALID_BASE64, SMTP_DECODER_EVENT_MIME_INVALID_QP, SMTP_DECODER_EVENT_MIME_LONG_ENC_LINE, SMTP_DECODER_EVENT_MIME_LONG_HEADER_NAME, SMTP_DECODER_EVENT_MIME_LONG_HEADER_VALUE, SMTP_DECODER_EVENT_MIME_LONG_LINE, SMTP_DECODER_EVENT_MIME_MALFORMED_MSG, SMTP_DECODER_EVENT_MIME_PARSE_FAILED, SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE, SMTP_DECODER_EVENT_TLS_REJECTED, SMTP_DECODER_EVENT_UNPARSABLE_CONTENT, SMTP_MPM, SMTPThreadCtx_::smtp_mpm_thread_ctx, SMTP_PARSER_STATE_COMMAND_DATA_MODE, SMTP_PARSER_STATE_FIRST_REPLY_SEEN, SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY, SMTP_PARSER_STATE_PIPELINING_SERVER, SMTP_REPLY_220, SMTP_REPLY_250, SMTP_REPLY_354, SMTPProcessDataChunk(), MimeDecParseState::stack, File_::state, MimeDecParseState::state_flag, SMTPString_::str, STREAM_TOSERVER, FileContainer_::tail, TAILQ_INSERT_TAIL, SMTPState_::tc_current_line_db, SMTPState_::tc_current_line_lf_seen, SMTPState_::tc_db, SMTPState_::tc_db_len, MimeDecStack::top, SMTPState_::ts_current_line_db, SMTPState_::ts_current_line_lf_seen, SMTPState_::ts_db, SMTPState_::ts_db_len, SMTPState_::tx_cnt, and SMTPTransaction_::tx_id.

Referenced by SMTPParserCleanup(), and SMTPProcessDataChunk().

Here is the call graph for this function:

Here is the caller graph for this function:

void* SMTPStateAlloc ( void  )

Definition at line 1370 of file app-layer-smtp.c.

References ALPROTO_SMTP, APP_LAYER_EVENT_TYPE_TRANSACTION, AppLayerDecoderEventsFreeEvents(), AppLayerProtoDetectPMRegisterPatternCI(), SMTPState_::cmds, SMTPState_::cmds_buffer_len, AppLayerDecoderEvents_::cnt, SMTPState_::curr_tx, SMTPTransaction_::de_state, SMTPTransaction_::decoder_events, MpmTableElmt_::DestroyCtx, MpmTableElmt_::DestroyThreadCtx, SMTPTransaction_::detect_flags_tc, SMTPTransaction_::detect_flags_ts, DetectEngineStateFree(), SMTPTransaction_::done, SCEnumCharMap_::enum_name, event_type, FileContainerFree(), SMTPState_::files_ts, FileTruncateAllOpenFiles(), flags, SMTPState_::helo, SMTPTransaction_::logged, logged, SMTPTransaction_::mail_from, SMTPTransaction_::mime_state, MimeDecDeInitParser(), MimeDecFreeEntity(), mpm_table, MpmAddPatternCI(), MpmInitCtx(), MpmInitThreadCtx(), SMTPTransaction_::msg_head, next, SMTPThreadCtx_::pmq, PmqFree(), PmqSetup(), MpmTableElmt_::Prepare, SC_ERR_INVALID_ENUM_MAP, SCCalloc, SCFree, SCLogDebug, SCLogError, SCMalloc, SCMapEnumNameToValue(), SCReturnPtr, SMTP_COMMAND_BUFFER_STEPS, SMTP_MPM, SMTPThreadCtx_::smtp_mpm_thread_ctx, smtp_reply_map, SMTPString_::str, str, STREAM_TOCLIENT, STREAM_TOSERVER, TAILQ_FIRST, TAILQ_FOREACH, TAILQ_INIT, TAILQ_REMOVE, SMTPState_::tc_current_line_db, SMTPState_::tc_db, SMTPState_::ts_current_line_db, SMTPState_::ts_db, SMTPState_::tx_cnt, tx_id, SMTPTransaction_::tx_id, and unlikely.

Referenced by RegisterSMTPParsers(), and SMTPParserCleanup().

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

SMTPConfig smtp_config

Definition at line 236 of file app-layer-smtp.c.