1 /* Copyright (C) 2007-2010 Open Information Security Foundation
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21 * \author Anoop Saldanha <anoopsaldanha@gmail.com>
24 #ifndef __APP_LAYER_SMTP_H__
25 #define __APP_LAYER_SMTP_H__
27 #include "decode-events.h"
28 #include "util-decode-mime.h"
30 #include "util-streaming-buffer.h"
34 SMTP_DECODER_EVENT_INVALID_REPLY
,
35 SMTP_DECODER_EVENT_UNABLE_TO_MATCH_REPLY_WITH_REQUEST
,
36 SMTP_DECODER_EVENT_MAX_COMMAND_LINE_LEN_EXCEEDED
,
37 SMTP_DECODER_EVENT_MAX_REPLY_LINE_LEN_EXCEEDED
,
38 SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE
,
39 SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED
,
40 SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE
,
41 SMTP_DECODER_EVENT_TLS_REJECTED
,
42 SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED
,
45 SMTP_DECODER_EVENT_MIME_PARSE_FAILED
,
46 SMTP_DECODER_EVENT_MIME_MALFORMED_MSG
,
47 SMTP_DECODER_EVENT_MIME_INVALID_BASE64
,
48 SMTP_DECODER_EVENT_MIME_INVALID_QP
,
49 SMTP_DECODER_EVENT_MIME_LONG_LINE
,
50 SMTP_DECODER_EVENT_MIME_LONG_ENC_LINE
,
51 SMTP_DECODER_EVENT_MIME_LONG_HEADER_NAME
,
52 SMTP_DECODER_EVENT_MIME_LONG_HEADER_VALUE
,
53 SMTP_DECODER_EVENT_MIME_BOUNDARY_TOO_LONG
,
54 SMTP_DECODER_EVENT_MIME_LONG_FILENAME
,
56 /* Invalid behavior or content */
57 SMTP_DECODER_EVENT_DUPLICATE_FIELDS
,
58 SMTP_DECODER_EVENT_UNPARSABLE_CONTENT
,
61 typedef struct SMTPString_
{
65 TAILQ_ENTRY(SMTPString_
) next
;
68 typedef struct SMTPTransaction_
{
69 /** id of this tx, starting at 0 */
72 AppLayerTxData tx_data
;
75 /** the first message contained in the session */
76 MimeDecEntity
*msg_head
;
77 /** the last message contained in the session */
78 MimeDecEntity
*msg_tail
;
79 /** the mime decoding parser state */
80 MimeDecParseState
*mime_state
;
82 AppLayerDecoderEvents
*decoder_events
; /**< per tx events */
84 /* MAIL FROM parameters */
86 uint16_t mail_from_len
;
88 TAILQ_HEAD(, SMTPString_
) rcpt_to_list
; /**< rcpt to string list */
90 TAILQ_ENTRY(SMTPTransaction_
) next
;
93 typedef struct SMTPConfig
{
96 MimeDecConfig mime_config
;
97 uint32_t content_limit
;
98 uint32_t content_inspect_min_size
;
99 uint32_t content_inspect_window
;
103 StreamingBufferConfig sbcfg
;
106 typedef struct SMTPState_
{
107 SMTPTransaction
*curr_tx
;
108 TAILQ_HEAD(, SMTPTransaction_
) tx_list
; /**< transaction list */
110 uint64_t toserver_data_count
;
111 uint64_t toserver_last_data_stamp
;
113 /* current input that is being parsed */
114 const uint8_t *input
;
118 /* --parser details-- */
119 /** current line extracted by the parser from the call to SMTPGetline() */
120 const uint8_t *current_line
;
121 /** length of the line in current_line. Doesn't include the delimiter */
122 int32_t current_line_len
;
123 uint8_t current_line_delimiter_len
;
125 /** used to indicate if the current_line buffer is a malloced buffer. We
126 * use a malloced buffer, if a line is fragmented */
129 uint8_t tc_current_line_db
;
130 /** we have see LF for the currently parsed line */
131 uint8_t tc_current_line_lf_seen
;
133 /** used to indicate if the current_line buffer is a malloced buffer. We
134 * use a malloced buffer, if a line is fragmented */
137 uint8_t ts_current_line_db
;
138 /** we have see LF for the currently parsed line */
139 uint8_t ts_current_line_lf_seen
;
141 /** var to indicate parser state */
142 uint8_t parser_state
;
143 /** current command in progress */
144 uint8_t current_command
;
145 /** bdat chunk len */
146 uint32_t bdat_chunk_len
;
147 /** bdat chunk idx */
148 uint32_t bdat_chunk_idx
;
150 /* the request commands are store here and the reply handler uses these
151 * stored command in the buffer to match the reply(ies) with the command */
152 /** the command buffer */
154 /** the buffer length */
155 uint16_t cmds_buffer_len
;
156 /** no of commands stored in the above buffer */
158 /** index of the command in the buffer, currently in inspection by reply
162 /* HELO of HELO message content */
166 /* SMTP Mime decoding and file extraction */
167 /** the list of files sent to the server */
168 FileContainer
*files_ts
;
169 uint32_t file_track_id
;
172 /* Create SMTP config structure */
173 extern SMTPConfig smtp_config
;
175 int SMTPProcessDataChunk(const uint8_t *chunk
, uint32_t len
, MimeDecParseState
*state
);
176 void *SMTPStateAlloc(void *orig_state
, AppProto proto_orig
);
177 void RegisterSMTPParsers(void);
178 void SMTPParserCleanup(void);
179 void SMTPParserRegisterTests(void);
181 #endif /* __APP_LAYER_SMTP_H__ */