]>
Commit | Line | Data |
---|---|---|
576ec7da AS |
1 | /* Copyright (C) 2007-2010 Open Information Security Foundation |
2 | * | |
3 | * You can copy, redistribute or modify this Program under the terms of | |
4 | * the GNU General Public License version 2 as published by the Free | |
5 | * Software Foundation. | |
6 | * | |
7 | * This program is distributed in the hope that it will be useful, | |
8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | * GNU General Public License for more details. | |
11 | * | |
12 | * You should have received a copy of the GNU General Public License | |
13 | * version 2 along with this program; if not, write to the Free Software | |
14 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
15 | * 02110-1301, USA. | |
16 | */ | |
17 | ||
18 | /** | |
19 | * \file | |
20 | * | |
420befb1 | 21 | * \author Anoop Saldanha <anoopsaldanha@gmail.com> |
576ec7da AS |
22 | */ |
23 | ||
24 | #ifndef __APP_LAYER_SMTP_H__ | |
25 | #define __APP_LAYER_SMTP_H__ | |
26 | ||
5311cd48 | 27 | #include "decode-events.h" |
54df8665 | 28 | #include "util-decode-mime.h" |
56b74c8b | 29 | #include "queue.h" |
e43ce0a9 | 30 | #include "util-streaming-buffer.h" |
5311cd48 AS |
31 | |
32 | enum { | |
33 | SMTP_DECODER_EVENT_INVALID_REPLY, | |
34 | SMTP_DECODER_EVENT_UNABLE_TO_MATCH_REPLY_WITH_REQUEST, | |
35 | SMTP_DECODER_EVENT_MAX_COMMAND_LINE_LEN_EXCEEDED, | |
36 | SMTP_DECODER_EVENT_MAX_REPLY_LINE_LEN_EXCEEDED, | |
37 | SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE, | |
38 | SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED, | |
39 | SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE, | |
40 | SMTP_DECODER_EVENT_TLS_REJECTED, | |
41 | SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED, | |
c2dc6867 DA |
42 | |
43 | /* MIME Events */ | |
44 | SMTP_DECODER_EVENT_MIME_PARSE_FAILED, | |
45 | SMTP_DECODER_EVENT_MIME_MALFORMED_MSG, | |
46 | SMTP_DECODER_EVENT_MIME_INVALID_BASE64, | |
47 | SMTP_DECODER_EVENT_MIME_INVALID_QP, | |
48 | SMTP_DECODER_EVENT_MIME_LONG_LINE, | |
49 | SMTP_DECODER_EVENT_MIME_LONG_ENC_LINE, | |
50 | SMTP_DECODER_EVENT_MIME_LONG_HEADER_NAME, | |
51 | SMTP_DECODER_EVENT_MIME_LONG_HEADER_VALUE, | |
6d170cad | 52 | SMTP_DECODER_EVENT_MIME_BOUNDARY_TOO_LONG, |
10e2e2a8 EL |
53 | |
54 | /* Invalid behavior or content */ | |
55 | SMTP_DECODER_EVENT_DUPLICATE_FIELDS, | |
5dbedbfa | 56 | SMTP_DECODER_EVENT_UNPARSABLE_CONTENT, |
5311cd48 AS |
57 | }; |
58 | ||
752fdba9 EL |
59 | typedef struct SMTPString_ { |
60 | uint8_t *str; | |
61 | uint16_t len; | |
62 | ||
63 | TAILQ_ENTRY(SMTPString_) next; | |
64 | } SMTPString; | |
65 | ||
56b74c8b VJ |
66 | typedef struct SMTPTransaction_ { |
67 | /** id of this tx, starting at 0 */ | |
68 | uint64_t tx_id; | |
73b59bda VJ |
69 | |
70 | uint64_t detect_flags_ts; | |
71 | uint64_t detect_flags_tc; | |
72 | ||
d209699a | 73 | int done; |
d484812d MK |
74 | /** indicates loggers done logging */ |
75 | uint32_t logged; | |
56b74c8b VJ |
76 | /** the first message contained in the session */ |
77 | MimeDecEntity *msg_head; | |
78 | /** the last message contained in the session */ | |
79 | MimeDecEntity *msg_tail; | |
80 | /** the mime decoding parser state */ | |
81 | MimeDecParseState *mime_state; | |
82 | ||
d209699a | 83 | AppLayerDecoderEvents *decoder_events; /**< per tx events */ |
e984a572 | 84 | DetectEngineState *de_state; |
d209699a | 85 | |
7bca8268 EL |
86 | /* MAIL FROM parameters */ |
87 | uint8_t *mail_from; | |
88 | uint16_t mail_from_len; | |
89 | ||
752fdba9 EL |
90 | TAILQ_HEAD(, SMTPString_) rcpt_to_list; /**< rcpt to string list */ |
91 | ||
56b74c8b VJ |
92 | TAILQ_ENTRY(SMTPTransaction_) next; |
93 | } SMTPTransaction; | |
94 | ||
26ba647d GL |
95 | typedef struct SMTPConfig { |
96 | ||
97 | int decode_mime; | |
98 | MimeDecConfig mime_config; | |
99 | uint32_t content_limit; | |
100 | uint32_t content_inspect_min_size; | |
101 | uint32_t content_inspect_window; | |
e43ce0a9 VJ |
102 | |
103 | StreamingBufferConfig sbcfg; | |
26ba647d GL |
104 | } SMTPConfig; |
105 | ||
576ec7da | 106 | typedef struct SMTPState_ { |
56b74c8b VJ |
107 | SMTPTransaction *curr_tx; |
108 | TAILQ_HEAD(, SMTPTransaction_) tx_list; /**< transaction list */ | |
109 | uint64_t tx_cnt; | |
110 | ||
576ec7da AS |
111 | /* current input that is being parsed */ |
112 | uint8_t *input; | |
88115902 AS |
113 | int32_t input_len; |
114 | uint8_t direction; | |
576ec7da AS |
115 | |
116 | /* --parser details-- */ | |
0468dbd5 | 117 | /** current line extracted by the parser from the call to SMTPGetline() */ |
576ec7da | 118 | uint8_t *current_line; |
0468dbd5 | 119 | /** length of the line in current_line. Doesn't include the delimiter */ |
88115902 | 120 | int32_t current_line_len; |
d3ca65de | 121 | uint8_t current_line_delimiter_len; |
88115902 | 122 | |
0468dbd5 | 123 | /** used to indicate if the current_line buffer is a malloced buffer. We |
88115902 AS |
124 | * use a malloced buffer, if a line is fragmented */ |
125 | uint8_t *tc_db; | |
126 | int32_t tc_db_len; | |
127 | uint8_t tc_current_line_db; | |
0468dbd5 | 128 | /** we have see LF for the currently parsed line */ |
88115902 AS |
129 | uint8_t tc_current_line_lf_seen; |
130 | ||
0468dbd5 | 131 | /** used to indicate if the current_line buffer is a malloced buffer. We |
576ec7da | 132 | * use a malloced buffer, if a line is fragmented */ |
88115902 AS |
133 | uint8_t *ts_db; |
134 | int32_t ts_db_len; | |
135 | uint8_t ts_current_line_db; | |
0468dbd5 | 136 | /** we have see LF for the currently parsed line */ |
88115902 AS |
137 | uint8_t ts_current_line_lf_seen; |
138 | ||
0468dbd5 | 139 | /** var to indicate parser state */ |
576ec7da | 140 | uint8_t parser_state; |
0468dbd5 | 141 | /** current command in progress */ |
576ec7da | 142 | uint8_t current_command; |
d3ca65de AS |
143 | /** bdat chunk len */ |
144 | uint32_t bdat_chunk_len; | |
145 | /** bdat chunk idx */ | |
146 | uint32_t bdat_chunk_idx; | |
576ec7da AS |
147 | |
148 | /* the request commands are store here and the reply handler uses these | |
149 | * stored command in the buffer to match the reply(ies) with the command */ | |
bc5c9f4a | 150 | /** the command buffer */ |
576ec7da | 151 | uint8_t *cmds; |
bc5c9f4a VJ |
152 | /** the buffer length */ |
153 | uint16_t cmds_buffer_len; | |
154 | /** no of commands stored in the above buffer */ | |
155 | uint16_t cmds_cnt; | |
156 | /** index of the command in the buffer, currently in inspection by reply | |
157 | * handler */ | |
158 | uint16_t cmds_idx; | |
4d38a571 | 159 | |
c2dc6867 DA |
160 | /* SMTP Mime decoding and file extraction */ |
161 | /** the list of files sent to the server */ | |
162 | FileContainer *files_ts; | |
c2dc6867 | 163 | |
7bca8268 EL |
164 | /* HELO of HELO message content */ |
165 | uint8_t *helo; | |
166 | uint16_t helo_len; | |
576ec7da AS |
167 | } SMTPState; |
168 | ||
d2657bec GL |
169 | /* Create SMTP config structure */ |
170 | extern SMTPConfig smtp_config; | |
171 | ||
172 | int SMTPProcessDataChunk(const uint8_t *chunk, uint32_t len, MimeDecParseState *state); | |
173 | void *SMTPStateAlloc(void); | |
576ec7da | 174 | void RegisterSMTPParsers(void); |
7a0dbc6f | 175 | void SMTPParserCleanup(void); |
576ec7da AS |
176 | void SMTPParserRegisterTests(void); |
177 | ||
178 | #endif /* __APP_LAYER_SMTP_H__ */ |