#include "conf.h"
#include "util-mem.h"
+#include "util-misc.h"
+
+/* content-limit default value */
+#define FILEDATA_CONTENT_LIMIT 1000
+/* content-inspect-min-size default value */
+#define FILEDATA_CONTENT_INSPECT_MIN_SIZE 1000
+/* content-inspect-window default value */
+#define FILEDATA_CONTENT_INSPECT_WINDOW 1000
#define SMTP_MAX_REQUEST_AND_REPLY_LINE_LENGTH 510
{ NULL, -1 },
};
-typedef struct SMTPConfig {
-
- int decode_mime;
- MimeDecConfig mime_config;
-
-} SMTPConfig;
-
/* Create SMTP config structure */
-static SMTPConfig smtp_config = { 0, { 0, 0, 0, 0 } };
+SMTPConfig smtp_config = { 0, { 0, 0, 0, 0 }, 0, 0, 0};
/**
* \brief Configure SMTP Mime Decoder by parsing out mime section of YAML
SCEnter();
int ret = 0, val;
intmax_t imval;
+ uint32_t content_limit = 0;
+ uint32_t content_inspect_min_size = 0;
+ uint32_t content_inspect_window = 0;
ConfNode *config = ConfGetNode("app-layer.protocols.smtp.mime");
if (config != NULL) {
/* Pass mime config data to MimeDec API */
MimeDecSetConfig(&smtp_config.mime_config);
+ ConfNode *t = ConfGetNode("app-layer.protocols.smtp.inspected-tracker");
+ ConfNode *p = NULL;
+
+ if (t == NULL)
+ return;
+
+ TAILQ_FOREACH(p, &t->head, next) {
+ if (strcasecmp("content-limit", p->name) == 0) {
+ if (ParseSizeStringU32(p->val, &content_limit) < 0) {
+ SCLogWarning(SC_ERR_SIZE_PARSE, "Error parsing content-limit "
+ "from conf file - %s. Killing engine", p->val);
+ content_limit = FILEDATA_CONTENT_LIMIT;
+ }
+ }
+
+ if (strcasecmp("content-inspect-min-size", p->name) == 0) {
+ if (ParseSizeStringU32(p->val, &content_inspect_min_size) < 0) {
+ SCLogWarning(SC_ERR_SIZE_PARSE, "Error parsing content-inspect-min-size-limit "
+ "from conf file - %s. Killing engine", p->val);
+ content_inspect_min_size = FILEDATA_CONTENT_INSPECT_MIN_SIZE;
+ }
+ }
+
+ if (strcasecmp("content-inspect-window", p->name) == 0) {
+ if (ParseSizeStringU32(p->val, &content_inspect_window) < 0) {
+ SCLogWarning(SC_ERR_SIZE_PARSE, "Error parsing content-inspect-window "
+ "from conf file - %s. Killing engine", p->val);
+ content_inspect_window = FILEDATA_CONTENT_INSPECT_WINDOW;
+ }
+ }
+ }
+
SCReturn;
}
TAILQ_ENTRY(SMTPTransaction_) next;
} SMTPTransaction;
+typedef struct SMTPConfig {
+
+ int decode_mime;
+ MimeDecConfig mime_config;
+ uint32_t content_limit;
+ uint32_t content_inspect_min_size;
+ uint32_t content_inspect_window;
+} SMTPConfig;
+
typedef struct SMTPState_ {
SMTPTransaction *curr_tx;
TAILQ_HEAD(, SMTPTransaction_) tx_list; /**< transaction list */
#include "conf-yaml-loader.h"
#define BUFFER_STEP 50
-#define FILECONTENT_CONTENT_LIMIT 1000
-#define FILECONTENT_INSPECT_MIN_SIZE 1000
-#define FILECONTENT_INSPECT_WINDOW 1000
static inline int SMTPCreateSpace(DetectEngineThreadCtx *det_ctx, uint16_t size)
{
goto end;
}
- if ((FILECONTENT_CONTENT_LIMIT == 0 ||
- curr_file->content_len_so_far < FILECONTENT_CONTENT_LIMIT) &&
- curr_file->content_len_so_far < FILECONTENT_INSPECT_MIN_SIZE &&
+ if ((smtp_config.content_limit == 0 ||
+ curr_file->content_len_so_far < smtp_config.content_limit) &&
+ curr_file->content_len_so_far < smtp_config.content_inspect_min_size &&
!(flags & STREAM_EOF)) {
SCLogDebug("we still haven't seen the entire content. "
"Let's defer content inspection till we see the "
/* see if we can filter out chunks */
if (curr_file->content_inspected > 0) {
if (curr_chunk->stream_offset < curr_file->content_inspected) {
- if ((curr_file->content_inspected - curr_chunk->stream_offset) > FILECONTENT_INSPECT_WINDOW) {
+ if ((curr_file->content_inspected - curr_chunk->stream_offset) > smtp_config.content_inspect_window) {
curr_chunk = curr_chunk->next;
continue;
} else {
projects / thirdparty / suricata.git / commitdiff
