|
suricata
|
|
suricata
|
#include "decode-events.h"#include "util-decode-mime.h"#include "queue.h"#include "util-streaming-buffer.h"
Go to the source code of this file.
Data Structures | |
| struct | SMTPString_ |
| struct | SMTPTransaction_ |
| struct | SMTPConfig |
| struct | SMTPState_ |
Typedefs | |
| typedef struct SMTPString_ | SMTPString |
| typedef struct SMTPTransaction_ | SMTPTransaction |
| typedef struct SMTPConfig | SMTPConfig |
| typedef struct SMTPState_ | SMTPState |
Functions | |
| int | SMTPProcessDataChunk (const uint8_t *chunk, uint32_t len, MimeDecParseState *state) |
| void * | SMTPStateAlloc (void) |
| void | RegisterSMTPParsers (void) |
| Register the SMTP Protocol parser. More... | |
| void | SMTPParserCleanup (void) |
| Free memory allocated for global SMTP parser state. More... | |
| void | SMTPParserRegisterTests (void) |
Variables | |
| SMTPConfig | smtp_config |
Definition in file app-layer-smtp.h.
| typedef struct SMTPConfig SMTPConfig |
| typedef struct SMTPState_ SMTPState |
| typedef struct SMTPString_ SMTPString |
| typedef struct SMTPTransaction_ SMTPTransaction |
| anonymous enum |
Definition at line 32 of file app-layer-smtp.h.
| void RegisterSMTPParsers | ( | void | ) |
Register the SMTP Protocol parser.
Definition at line 1803 of file app-layer-smtp.c.
References ALPROTO_SMTP, AppLayerParserConfParserEnabled(), AppLayerParserRegisterDetectFlagsFuncs(), AppLayerParserRegisterDetectStateFuncs(), AppLayerParserRegisterGetEventInfo(), AppLayerParserRegisterGetEventInfoById(), AppLayerParserRegisterGetEventsFunc(), AppLayerParserRegisterGetFilesFunc(), AppLayerParserRegisterGetStateProgressCompletionStatus(), AppLayerParserRegisterGetStateProgressFunc(), AppLayerParserRegisterGetTx(), AppLayerParserRegisterGetTxCnt(), AppLayerParserRegisterLocalStorageFunc(), AppLayerParserRegisterLoggerFuncs(), AppLayerParserRegisterParser(), AppLayerParserRegisterProtocolUnittests(), AppLayerParserRegisterStateFuncs(), AppLayerParserRegisterTruncateFunc(), AppLayerParserRegisterTxFreeFunc(), AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectRegisterProtocol(), SCLogInfo, SMTPParserRegisterTests(), SMTPStateAlloc(), STREAM_TOCLIENT, and STREAM_TOSERVER.
Referenced by AppLayerParserRegisterProtocolParsers(), and RegisterAllModules().
| void SMTPParserCleanup | ( | void | ) |
Free memory allocated for global SMTP parser state.
Definition at line 1865 of file app-layer-smtp.c.
References Flow_::alproto, ALPROTO_SMTP, Flow_::alstate, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), SMTPState_::bdat_chunk_idx, SMTPState_::bdat_chunk_len, MimeDecParseState::body_begin, MimeDecParseState::body_end, StreamingBufferConfig_::buf_size, SMTPState_::cmds, SMTPState_::cmds_cnt, SMTPState_::cmds_idx, SMTPConfig::content_inspect_min_size, SMTPConfig::content_inspect_window, SMTPConfig::content_limit, CTNT_IS_ATTACHMENT, SMTPState_::curr_tx, SMTPState_::current_line, SMTPState_::current_line_len, MimeDecStackNode::data, MimeDecParseState::data, DE_QUIET, MimeDecConfig::decode_base64, SMTPConfig::decode_mime, MimeDecConfig::decode_quoted_printable, DetectEngineAppendSig(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), FAIL_IF, Flow_::file_flags, FILEDATA_CONTENT_INSPECT_MIN_SIZE, FILEDATA_CONTENT_INSPECT_WINDOW, FILEDATA_CONTENT_LIMIT, FileDataSize(), SMTPState_::files_ts, FileTrackedSize(), TcpSession_::flags, Flow_::flags, Packet_::flags, DetectEngineCtx_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_NOPAYLOAD_INSPECTION, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOSERVER, FlowChangeProto(), FLOWFILE_NO_STORE_TS, Packet_::flowflags, FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, FileContainer_::head, SMTPState_::helo, SMTPState_::helo_len, SMTPState_::input_len, SMTPTransaction_::mail_from, SMTPTransaction_::mail_from_len, SMTPConfig::mime_config, MIME_DEC_OK, SMTPTransaction_::mime_state, MimeDecInitParser(), MimeDecSetConfig(), SMTPTransaction_::msg_head, File_::name, PacketAlertCheck(), SMTPState_::parser_state, PASS, PKT_HAS_FLOW, PKT_STREAM_EST, Flow_::proto, Flow_::protoctx, File_::sb, SMTPConfig::sbcfg, SigCleanSignatures(), SigGroupBuild(), SigGroupCleanup(), SigMatchSignatures(), SMTP_COMMAND_BDAT, SMTP_COMMAND_DATA, SMTP_COMMAND_DATA_MODE, SMTP_COMMAND_OTHER_CMD, SMTP_COMMAND_STARTTLS, SMTP_PARSER_STATE_COMMAND_DATA_MODE, SMTP_PARSER_STATE_FIRST_REPLY_SEEN, SMTP_PARSER_STATE_PIPELINING_SERVER, SMTPProcessDataChunk(), SMTPStateAlloc(), MimeDecParseState::stack, STREAM_START, STREAM_TOCLIENT, STREAM_TOSERVER, StreamingBufferCompareRawData(), STREAMTCP_FLAG_APP_LAYER_DISABLED, STREAMTCP_STREAM_FLAG_NOREASSEMBLY, StreamTcpFreeConfig(), StreamTcpInitConfig(), MimeDecStack::top, TRUE, SMTPState_::ts_current_line_db, SMTPState_::ts_db, SMTPState_::ts_db_len, UTHBuildPacket(), and UTHFreePackets().
Referenced by AppLayerParserDeSetup().
| void SMTPParserRegisterTests | ( | void | ) |
Definition at line 5333 of file app-layer-smtp.c.
References UtRegisterTest().
Referenced by RegisterSMTPParsers().
| int SMTPProcessDataChunk | ( | const uint8_t * | chunk, |
| uint32_t | len, | ||
| MimeDecParseState * | state | ||
| ) |
Definition at line 418 of file app-layer-smtp.c.
References Flow_::alstate, ANOM_INVALID_BASE64, ANOM_INVALID_QP, ANOM_LONG_BOUNDARY, ANOM_LONG_ENC_LINE, ANOM_LONG_HEADER_NAME, ANOM_LONG_HEADER_VALUE, ANOM_LONG_LINE, ANOM_MALFORMED_MSG, MimeDecEntity::anomaly_flags, APP_LAYER_PARSER_EOF, AppLayerParserStateIssetFlag(), AppLayerParserTriggerRawStreamReassembly(), AppLayerRequestProtocolTLSUpgrade(), SMTPState_::bdat_chunk_idx, SMTPState_::bdat_chunk_len, MimeDecParseState::body_begin, MimeDecParseState::body_end, SMTPState_::cmds, SMTPState_::cmds_buffer_len, SMTPState_::cmds_cnt, SMTPState_::cmds_idx, SMTPConfig::content_inspect_min_size, File_::content_inspected, MimeDecEntity::ctnt_flags, CTNT_IS_ATTACHMENT, SMTPState_::curr_tx, SMTPState_::current_command, SMTPState_::current_line, SMTPState_::current_line_delimiter_len, SMTPState_::current_line_len, MimeDecStackNode::data, MimeDecParseState::data, SMTPConfig::decode_mime, SMTPState_::direction, SMTPTransaction_::done, SCEnumCharMap_::enum_value, FILE_NOMAGIC, FILE_NOMD5, FILE_STATE_OPENED, FILE_STORE, SMTPState_::file_track_id, FILE_TRUNCATED, FILE_USE_DETECT, FileAppendData(), FileCloseFile(), FileContainerAlloc(), FileFlowToFlags(), MimeDecEntity::filename, MimeDecEntity::filename_len, FileOpenFileWithId(), SMTPState_::files_ts, File_::flags, flags, FileContainer_::head, SMTPState_::helo, SMTPState_::helo_len, SMTPState_::input, SMTPState_::input_len, SMTPString_::len, SMTPTransaction_::mail_from, SMTPTransaction_::mail_from_len, MIME_DEC_ERR_DATA, MIME_DEC_ERR_MEM, MIME_DEC_ERR_STATE, MIME_DEC_OK, SMTPTransaction_::mime_state, MimeDecInitParser(), MimeDecParseComplete(), MimeDecParseLine(), mpm_table, MimeDecParseState::msg, msg, SMTPTransaction_::msg_head, SMTPTransaction_::msg_tail, MimeDecEntity::next, next, PARSE_ERROR, SMTPState_::parser_state, SMTPThreadCtx_::pmq, PmqReset(), Flow_::protoctx, SMTPConfig::raw_extraction, PrefilterRuleStore_::rule_id_array, SMTPConfig::sbcfg, SC_ERR_MEM_ALLOC, SCEnter, SCFree, SCLogDebug, SCLogDebugEnabled(), SCLogError, SCMalloc, SCRealloc, SCReturnInt, MpmTableElmt_::Search, File_::size, SMTP_COMMAND_BDAT, SMTP_COMMAND_BUFFER_STEPS, SMTP_COMMAND_DATA, SMTP_COMMAND_DATA_MODE, SMTP_COMMAND_OTHER_CMD, SMTP_COMMAND_STARTTLS, SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED, SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED, SMTP_DECODER_EVENT_DUPLICATE_FIELDS, SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE, SMTP_DECODER_EVENT_INVALID_REPLY, SMTP_DECODER_EVENT_MIME_BOUNDARY_TOO_LONG, SMTP_DECODER_EVENT_MIME_INVALID_BASE64, SMTP_DECODER_EVENT_MIME_INVALID_QP, SMTP_DECODER_EVENT_MIME_LONG_ENC_LINE, SMTP_DECODER_EVENT_MIME_LONG_HEADER_NAME, SMTP_DECODER_EVENT_MIME_LONG_HEADER_VALUE, SMTP_DECODER_EVENT_MIME_LONG_LINE, SMTP_DECODER_EVENT_MIME_MALFORMED_MSG, SMTP_DECODER_EVENT_MIME_PARSE_FAILED, SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE, SMTP_DECODER_EVENT_TLS_REJECTED, SMTP_DECODER_EVENT_UNPARSABLE_CONTENT, SMTP_MPM, SMTPThreadCtx_::smtp_mpm_thread_ctx, SMTP_PARSER_STATE_COMMAND_DATA_MODE, SMTP_PARSER_STATE_FIRST_REPLY_SEEN, SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY, SMTP_PARSER_STATE_PIPELINING_SERVER, SMTP_REPLY_220, SMTP_REPLY_250, SMTP_REPLY_354, SMTPProcessDataChunk(), MimeDecParseState::stack, File_::state, MimeDecParseState::state_flag, SMTPString_::str, STREAM_TOSERVER, StreamTcpReassemblySetMinInspectDepth(), FileContainer_::tail, TAILQ_INSERT_TAIL, SMTPState_::tc_current_line_db, SMTPState_::tc_current_line_lf_seen, SMTPState_::tc_db, SMTPState_::tc_db_len, MimeDecStack::top, SMTPState_::toserver_data_count, SMTPState_::toserver_last_data_stamp, SMTPState_::ts_current_line_db, SMTPState_::ts_current_line_lf_seen, SMTPState_::ts_db, SMTPState_::ts_db_len, SMTPState_::tx_cnt, and SMTPTransaction_::tx_id.
Referenced by SMTPParserCleanup(), and SMTPProcessDataChunk().
| void* SMTPStateAlloc | ( | void | ) |
Definition at line 1430 of file app-layer-smtp.c.
References ALPROTO_SMTP, APP_LAYER_EVENT_TYPE_TRANSACTION, AppLayerDecoderEventsFreeEvents(), AppLayerProtoDetectPMRegisterPatternCI(), SMTPState_::cmds, SMTPState_::cmds_buffer_len, AppLayerDecoderEvents_::cnt, SMTPState_::curr_tx, SMTPTransaction_::de_state, SMTPTransaction_::decoder_events, MpmTableElmt_::DestroyCtx, MpmTableElmt_::DestroyThreadCtx, SMTPTransaction_::detect_flags_tc, SMTPTransaction_::detect_flags_ts, DetectEngineStateFree(), SMTPTransaction_::done, SCEnumCharMap_::enum_name, event_type, FileContainerFree(), SMTPState_::files_ts, FileTruncateAllOpenFiles(), flags, SMTPState_::helo, SMTPTransaction_::logged, logged, SMTPTransaction_::mail_from, SMTPTransaction_::mime_state, MimeDecDeInitParser(), MimeDecFreeEntity(), mpm_table, MpmAddPatternCI(), MpmInitCtx(), MpmInitThreadCtx(), SMTPTransaction_::msg_head, next, SMTPThreadCtx_::pmq, PmqFree(), PmqSetup(), MpmTableElmt_::Prepare, SC_ERR_INVALID_ENUM_MAP, SCCalloc, SCFree, SCLogDebug, SCLogError, SCMalloc, SCMapEnumNameToValue(), SCMapEnumValueToName(), SCReturnPtr, SMTP_COMMAND_BUFFER_STEPS, SMTP_MPM, SMTPThreadCtx_::smtp_mpm_thread_ctx, smtp_reply_map, SMTPString_::str, str, STREAM_TOCLIENT, STREAM_TOSERVER, TAILQ_FIRST, TAILQ_FOREACH, TAILQ_INIT, TAILQ_REMOVE, SMTPState_::tc_current_line_db, SMTPState_::tc_db, SMTPState_::ts_current_line_db, SMTPState_::ts_db, SMTPState_::tx_cnt, SMTPTransaction_::tx_id, tx_id, and unlikely.
Referenced by RegisterSMTPParsers(), and SMTPParserCleanup().
| SMTPConfig smtp_config |
Definition at line 236 of file app-layer-smtp.c.
1.8.11