]>
Commit | Line | Data |
---|---|---|
576ec7da AS |
1 | /* Copyright (C) 2007-2010 Open Information Security Foundation |
2 | * | |
3 | * You can copy, redistribute or modify this Program under the terms of | |
4 | * the GNU General Public License version 2 as published by the Free | |
5 | * Software Foundation. | |
6 | * | |
7 | * This program is distributed in the hope that it will be useful, | |
8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | * GNU General Public License for more details. | |
11 | * | |
12 | * You should have received a copy of the GNU General Public License | |
13 | * version 2 along with this program; if not, write to the Free Software | |
14 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | |
15 | * 02110-1301, USA. | |
16 | */ | |
17 | ||
18 | /** | |
19 | * \file | |
20 | * | |
420befb1 | 21 | * \author Anoop Saldanha <anoopsaldanha@gmail.com> |
576ec7da AS |
22 | */ |
23 | ||
24 | #ifndef __APP_LAYER_SMTP_H__ | |
25 | #define __APP_LAYER_SMTP_H__ | |
26 | ||
5311cd48 | 27 | #include "decode-events.h" |
54df8665 | 28 | #include "util-decode-mime.h" |
56b74c8b | 29 | #include "queue.h" |
e43ce0a9 | 30 | #include "util-streaming-buffer.h" |
bc11a1c2 | 31 | #include "rust.h" |
5311cd48 AS |
32 | |
33 | enum { | |
34 | SMTP_DECODER_EVENT_INVALID_REPLY, | |
35 | SMTP_DECODER_EVENT_UNABLE_TO_MATCH_REPLY_WITH_REQUEST, | |
36 | SMTP_DECODER_EVENT_MAX_COMMAND_LINE_LEN_EXCEEDED, | |
37 | SMTP_DECODER_EVENT_MAX_REPLY_LINE_LEN_EXCEEDED, | |
38 | SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE, | |
39 | SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED, | |
40 | SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE, | |
41 | SMTP_DECODER_EVENT_TLS_REJECTED, | |
42 | SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED, | |
c2dc6867 DA |
43 | |
44 | /* MIME Events */ | |
45 | SMTP_DECODER_EVENT_MIME_PARSE_FAILED, | |
46 | SMTP_DECODER_EVENT_MIME_MALFORMED_MSG, | |
47 | SMTP_DECODER_EVENT_MIME_INVALID_BASE64, | |
48 | SMTP_DECODER_EVENT_MIME_INVALID_QP, | |
49 | SMTP_DECODER_EVENT_MIME_LONG_LINE, | |
50 | SMTP_DECODER_EVENT_MIME_LONG_ENC_LINE, | |
51 | SMTP_DECODER_EVENT_MIME_LONG_HEADER_NAME, | |
52 | SMTP_DECODER_EVENT_MIME_LONG_HEADER_VALUE, | |
6d170cad | 53 | SMTP_DECODER_EVENT_MIME_BOUNDARY_TOO_LONG, |
130b8d26 | 54 | SMTP_DECODER_EVENT_MIME_LONG_FILENAME, |
10e2e2a8 EL |
55 | |
56 | /* Invalid behavior or content */ | |
57 | SMTP_DECODER_EVENT_DUPLICATE_FIELDS, | |
5dbedbfa | 58 | SMTP_DECODER_EVENT_UNPARSABLE_CONTENT, |
5311cd48 AS |
59 | }; |
60 | ||
752fdba9 EL |
61 | typedef struct SMTPString_ { |
62 | uint8_t *str; | |
63 | uint16_t len; | |
64 | ||
65 | TAILQ_ENTRY(SMTPString_) next; | |
66 | } SMTPString; | |
67 | ||
56b74c8b VJ |
68 | typedef struct SMTPTransaction_ { |
69 | /** id of this tx, starting at 0 */ | |
70 | uint64_t tx_id; | |
73b59bda | 71 | |
bc11a1c2 | 72 | AppLayerTxData tx_data; |
73b59bda | 73 | |
d209699a | 74 | int done; |
56b74c8b VJ |
75 | /** the first message contained in the session */ |
76 | MimeDecEntity *msg_head; | |
77 | /** the last message contained in the session */ | |
78 | MimeDecEntity *msg_tail; | |
79 | /** the mime decoding parser state */ | |
80 | MimeDecParseState *mime_state; | |
81 | ||
7bca8268 EL |
82 | /* MAIL FROM parameters */ |
83 | uint8_t *mail_from; | |
84 | uint16_t mail_from_len; | |
85 | ||
752fdba9 EL |
86 | TAILQ_HEAD(, SMTPString_) rcpt_to_list; /**< rcpt to string list */ |
87 | ||
56b74c8b VJ |
88 | TAILQ_ENTRY(SMTPTransaction_) next; |
89 | } SMTPTransaction; | |
90 | ||
26ba647d GL |
91 | typedef struct SMTPConfig { |
92 | ||
93 | int decode_mime; | |
94 | MimeDecConfig mime_config; | |
95 | uint32_t content_limit; | |
96 | uint32_t content_inspect_min_size; | |
97 | uint32_t content_inspect_window; | |
e43ce0a9 | 98 | |
46973511 MA |
99 | int raw_extraction; |
100 | ||
e43ce0a9 | 101 | StreamingBufferConfig sbcfg; |
26ba647d GL |
102 | } SMTPConfig; |
103 | ||
576ec7da | 104 | typedef struct SMTPState_ { |
56b74c8b VJ |
105 | SMTPTransaction *curr_tx; |
106 | TAILQ_HEAD(, SMTPTransaction_) tx_list; /**< transaction list */ | |
107 | uint64_t tx_cnt; | |
5f15e7c6 VJ |
108 | uint64_t toserver_data_count; |
109 | uint64_t toserver_last_data_stamp; | |
56b74c8b | 110 | |
576ec7da | 111 | /* current input that is being parsed */ |
579cc9f0 | 112 | const uint8_t *input; |
88115902 AS |
113 | int32_t input_len; |
114 | uint8_t direction; | |
576ec7da AS |
115 | |
116 | /* --parser details-- */ | |
0468dbd5 | 117 | /** current line extracted by the parser from the call to SMTPGetline() */ |
579cc9f0 | 118 | const uint8_t *current_line; |
0468dbd5 | 119 | /** length of the line in current_line. Doesn't include the delimiter */ |
88115902 | 120 | int32_t current_line_len; |
d3ca65de | 121 | uint8_t current_line_delimiter_len; |
88115902 | 122 | |
0468dbd5 | 123 | /** used to indicate if the current_line buffer is a malloced buffer. We |
88115902 AS |
124 | * use a malloced buffer, if a line is fragmented */ |
125 | uint8_t *tc_db; | |
126 | int32_t tc_db_len; | |
127 | uint8_t tc_current_line_db; | |
0468dbd5 | 128 | /** we have see LF for the currently parsed line */ |
88115902 AS |
129 | uint8_t tc_current_line_lf_seen; |
130 | ||
0468dbd5 | 131 | /** used to indicate if the current_line buffer is a malloced buffer. We |
576ec7da | 132 | * use a malloced buffer, if a line is fragmented */ |
88115902 AS |
133 | uint8_t *ts_db; |
134 | int32_t ts_db_len; | |
135 | uint8_t ts_current_line_db; | |
0468dbd5 | 136 | /** we have see LF for the currently parsed line */ |
88115902 AS |
137 | uint8_t ts_current_line_lf_seen; |
138 | ||
0468dbd5 | 139 | /** var to indicate parser state */ |
576ec7da | 140 | uint8_t parser_state; |
0468dbd5 | 141 | /** current command in progress */ |
576ec7da | 142 | uint8_t current_command; |
d3ca65de AS |
143 | /** bdat chunk len */ |
144 | uint32_t bdat_chunk_len; | |
145 | /** bdat chunk idx */ | |
146 | uint32_t bdat_chunk_idx; | |
576ec7da AS |
147 | |
148 | /* the request commands are store here and the reply handler uses these | |
149 | * stored command in the buffer to match the reply(ies) with the command */ | |
bc5c9f4a | 150 | /** the command buffer */ |
576ec7da | 151 | uint8_t *cmds; |
bc5c9f4a VJ |
152 | /** the buffer length */ |
153 | uint16_t cmds_buffer_len; | |
154 | /** no of commands stored in the above buffer */ | |
155 | uint16_t cmds_cnt; | |
156 | /** index of the command in the buffer, currently in inspection by reply | |
157 | * handler */ | |
158 | uint16_t cmds_idx; | |
4d38a571 | 159 | |
9132e403 VJ |
160 | /* HELO of HELO message content */ |
161 | uint16_t helo_len; | |
162 | uint8_t *helo; | |
163 | ||
c2dc6867 DA |
164 | /* SMTP Mime decoding and file extraction */ |
165 | /** the list of files sent to the server */ | |
166 | FileContainer *files_ts; | |
9132e403 | 167 | uint32_t file_track_id; |
576ec7da AS |
168 | } SMTPState; |
169 | ||
d2657bec GL |
170 | /* Create SMTP config structure */ |
171 | extern SMTPConfig smtp_config; | |
172 | ||
173 | int SMTPProcessDataChunk(const uint8_t *chunk, uint32_t len, MimeDecParseState *state); | |
547d6c2d | 174 | void *SMTPStateAlloc(void *orig_state, AppProto proto_orig); |
576ec7da | 175 | void RegisterSMTPParsers(void); |
7a0dbc6f | 176 | void SMTPParserCleanup(void); |
576ec7da AS |
177 | void SMTPParserRegisterTests(void); |
178 | ||
179 | #endif /* __APP_LAYER_SMTP_H__ */ |