aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2913a4a860'
${ noResults }
suricata/src/app-layer-smtp.c

3569 lines
115 KiB
C
Raw Normal View History Unescape Escape

Rename app_layer_events to app-layer-events. Misc fixes/changes.
14 years ago
/* Copyright (C) 2007-2012 Open Information Security Foundation
smtp parser support
14 years ago
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
Changed my email address to anoopsaldanha at gmail dot com from my current one
14 years ago
* \author Anoop Saldanha <anoopsaldanha@gmail.com>
smtp parser support
14 years ago
*/
#include "suricata.h"
#include "suricata-common.h"
#include "debug.h"
#include "decode.h"
#include "threads.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp.h"
#include "stream.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-smtp.h"
Code cleanup. Use the MpmAddPattern[CS|CI] wrapper to add patterns to the mpm context. Also use MpmInitCtx() to init the mpm context.
12 years ago
#include "util-mpm.h"
smtp parser support
14 years ago
#include "util-debug.h"
#include "util-byte.h"
#include "util-unittest.h"
#include "util-byte.h"
#include "util-unittest-helper.h"
#include "util-memcmp.h"
#include "flow-util.h"
#include "detect-engine.h"
#include "detect-engine-state.h"
#include "detect-parse.h"
Support for smtp decoder events
14 years ago
#include "decode-events.h"
Add and use EventGetInfo for getting info on an event. Also update existing parsers and app-layer-event Setup to use this.
12 years ago
#include "conf.h"
smtp parser support
14 years ago
#define SMTP_MAX_REQUEST_AND_REPLY_LINE_LENGTH 510
#define SMTP_COMMAND_BUFFER_STEPS 5
/* we are in process of parsing a fresh command. Just a placeholder. If we
* are not in STATE_COMMAND_DATA_MODE, we have to be in this mode */
#define SMTP_PARSER_STATE_COMMAND_MODE 0x00
/* we are in mode of parsing a command's data. Used when we are parsing tls
* or accepting the rfc 2822 mail after DATA command */
#define SMTP_PARSER_STATE_COMMAND_DATA_MODE 0x01
/* Used when we are still in the process of parsing a server command. Used
* with multi-line replies and the stream is fragmented before all the lines
* for a response is seen */
#define SMTP_PARSER_STATE_PARSING_SERVER_RESPONSE 0x02
/* Used to indicate that the parser has seen the first reply */
#define SMTP_PARSER_STATE_FIRST_REPLY_SEEN 0x04
/* Used to indicate that the parser is parsing a multiline reply */
#define SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY 0x08
/* Various SMTP commands
* We currently have var-ified just STARTTLS and DATA, since we need to them
* for state transitions. The rest are just indicate as OTHER_CMD. Other
* commands would be introduced as and when needed */
#define SMTP_COMMAND_STARTTLS 1
#define SMTP_COMMAND_DATA 2
support bdat smtp keyword - bug #347
14 years ago
#define SMTP_COMMAND_BDAT 3
smtp parser support
14 years ago
/* not an actual command per se, but the mode where we accept the mail after
* DATA has it's own reply code for completion, from the server. We give this
* stage a pseudo command of it's own, so that we can add this to the command
* buffer to match with the reply */
support bdat smtp keyword - bug #347
14 years ago
#define SMTP_COMMAND_DATA_MODE 4
smtp parser support
14 years ago
/* All other commands are represented by this var */
support bdat smtp keyword - bug #347
14 years ago
#define SMTP_COMMAND_OTHER_CMD 5
smtp parser support
14 years ago
/* Different EHLO extensions. Not used now. */
#define SMTP_EHLO_EXTENSION_PIPELINING
#define SMTP_EHLO_EXTENSION_SIZE
#define SMTP_EHLO_EXTENSION_DSN
#define SMTP_EHLO_EXTENSION_STARTTLS
#define SMTP_EHLO_EXTENSION_8BITMIME
Support for smtp decoder events
14 years ago
SCEnumCharMap smtp_decoder_event_table[ ] = {
{ "INVALID_REPLY", SMTP_DECODER_EVENT_INVALID_REPLY },
{ "UNABLE_TO_MATCH_REPLY_WITH_REQUEST",
SMTP_DECODER_EVENT_UNABLE_TO_MATCH_REPLY_WITH_REQUEST },
{ "MAX_COMMAND_LINE_LEN_EXCEEDED",
SMTP_DECODER_EVENT_MAX_COMMAND_LINE_LEN_EXCEEDED },
{ "MAX_REPLY_LINE_LEN_EXCEEDED",
SMTP_DECODER_EVENT_MAX_REPLY_LINE_LEN_EXCEEDED },
{ "INVALID_PIPELINED_SEQUENCE",
SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE },
{ "BDAT_CHUNK_LEN_EXCEEDED",
SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED },
{ "NO_SERVER_WELCOME_MESSAGE",
SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE },
{ "TLS_REJECTED",
SMTP_DECODER_EVENT_TLS_REJECTED },
{ "DATA_COMMAND_REJECTED",
SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED },
{ NULL, -1 },
};
smtp reply code mpm phase support added
14 years ago
New Multi-pattern matcher, ac-tile, optimized for Tile architecture. Aho-Corasick mpm optimized for Tilera Tile-Gx architecture. Based on the util-mpm-ac.c code base. The primary optimizations are: 1) Matching function used Tilera specific instructions. 2) Alphabet compression to reduce delta table size to increase cache utilization and performance. The basic observation is that not all 256 ASCII characters are used by the set of multiple patterns in a group for which a DFA is created. The first reason is that Suricata's pattern matching is case-insensitive, so all uppercase characters are converted to lowercase, leaving a hole of 26 characters in the alphabet. Previously, this hole was simply left in the middle of the alphabet and thus in the generated Next State (delta) tables. A new, smaller, alphabet is created using a translation table of 256 bytes per mpm group. Previously, there was one global translation table for converting upper case to lowercase. Additional, unused characters are found by creating a histogram of all the characters in all the patterns. Then all the characters with zero counts are mapped to one character (0) in the new alphabet. Since These characters appear in no pattern, they can all be mapped to a single character and still result in the same matches being found. Zero was chosen for the value in the new alphabet since this "character" is more likely to appear in the input. The unused character always results in the next state being state zero, but that fact is not currently used by the code, since special casing takes additional instructions. The characters that do appear in some pattern are mapped to consecutive characters in the new alphabet, starting at 1. This results in a dense packing of next state values in the delta tables and additionally can allow for a smaller number of columns in that table, thus using less memory and better packing into the cache. The size of the new alphabet is the number of used characters plus 1 for the unused catch-all character. The alphabet size is rounded up to the next larger power-of-2 so that multiplication by the alphabet size can be done with a shift. It might be possible to use a multiply instruction, so that the exact alphabet size could be used, which would further reduce the size of the delta tables, increase cache density and not require the specialized search functions. The multiply would likely add 1 cycle to the inner search loop. Since the multiply by alphabet-size is cleverly merged with a mask instruction (in the SINDEX macro), specialized versions of the SCACSearch function are generated for alphabet sizes 256, 128, 64, 32 and 16. This is done by including the file util-mpm-ac-small.c multiple times with a redefined SINDEX macro. A function pointer is then stored in the mpm context for the search function. For alpha bit sizes of 8 or smaller, the number of states usually small, so the DFA is already very small, so there is little difference using the 16 state search function. The SCACSearch function is also specialized by the size of the value stored in the next state (delta) tables, either 16-bits or 32-bits. This removes a conditional inside the Search function. That conditional is only called once, but doesn't hurt to remove it. 16-bits are used for up to 32K states, with the sign bit set for states with matches. Future optimization: The state-has-match values is only needed per state, not per next state, so checking the next-state sign bit could be replaced with reading a different value, at the cost of an additional load, but increasing the 16-bit next state span to 64K. Since the order of the characters in the new alphabet doesn't matter, the new alphabet could be sorted by the frequency of the characters in the expected input stream for that multi-pattern matcher. This would group more frequent characters into the same cache lines, thus increasing the probability of reusing a cache-line. All the next state values for each state live in their own set of cache-lines. With power-of-two sizes alphabets, these don't overlap. So either 32 or 16 character's next states are loaded in each cache line load. If the alphabet size is not an exact power-of-2, then the last cache-line is not completely full and up to 31*2 bytes of that line could be wasted per state. The next state table could be transposed, so that all the next states for a specific character are stored sequentially, this could be better if some characters, for example the unused character, are much more frequent.
12 years ago
#define SMTP_MPM DEFAULT_MPM
smtp reply code mpm phase support added
14 years ago
static MpmCtx *smtp_mpm_ctx = NULL;
MpmThreadCtx *smtp_mpm_thread_ctx;
/* smtp reply codes. If an entry is made here, please make a simultaneous
* entry in smtp_reply_map */
enum {
SMTP_REPLY_211,
SMTP_REPLY_214,
SMTP_REPLY_220,
SMTP_REPLY_221,
SMTP_REPLY_250,
SMTP_REPLY_251,
SMTP_REPLY_252,
SMTP_REPLY_354,
SMTP_REPLY_421,
SMTP_REPLY_450,
SMTP_REPLY_451,
SMTP_REPLY_452,
SMTP_REPLY_455,
SMTP_REPLY_500,
SMTP_REPLY_501,
SMTP_REPLY_502,
SMTP_REPLY_503,
SMTP_REPLY_504,
SMTP_REPLY_550,
SMTP_REPLY_551,
SMTP_REPLY_552,
SMTP_REPLY_553,
SMTP_REPLY_554,
SMTP_REPLY_555,
};
SCEnumCharMap smtp_reply_map[ ] = {
{ "211", SMTP_REPLY_211 },
{ "214", SMTP_REPLY_214 },
{ "220", SMTP_REPLY_220 },
{ "221", SMTP_REPLY_221 },
{ "250", SMTP_REPLY_250 },
{ "251", SMTP_REPLY_251 },
{ "252", SMTP_REPLY_252 },
{ "354", SMTP_REPLY_354 },
{ "421", SMTP_REPLY_421 },
{ "450", SMTP_REPLY_450 },
{ "451", SMTP_REPLY_451 },
{ "452", SMTP_REPLY_452 },
{ "455", SMTP_REPLY_455 },
{ "500", SMTP_REPLY_500 },
{ "501", SMTP_REPLY_501 },
{ "502", SMTP_REPLY_502 },
{ "503", SMTP_REPLY_503 },
{ "504", SMTP_REPLY_504 },
{ "550", SMTP_REPLY_550 },
{ "551", SMTP_REPLY_551 },
{ "552", SMTP_REPLY_552 },
{ "553", SMTP_REPLY_553 },
{ "554", SMTP_REPLY_554 },
{ "555", SMTP_REPLY_555 },
{ NULL, -1 },
};
smtp parser support
14 years ago
//static void SMTPParserReset(void)
//{
// return;
//}
/**
* \internal
* \brief Get the next line from input. It doesn't do any length validation.
*
* \param state The smtp state.
*
* \retval 0 On suceess.
* \retval -1 Either when we don't have any new lines to supply anymore or
* on failure.
*/
static int SMTPGetLine(SMTPState *state)
{
Add some debug statements for debugging a smtp issue.
14 years ago
SCEnter();
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
/* we have run out of input */
if (state->input_len <= 0)
smtp parser support
14 years ago
return -1;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
/* toserver */
if (state->direction == 0) {
if (state->ts_current_line_lf_seen == 1) {
/* we have seen the lf for the previous line. Clear the parser
* details to parse new line */
state->ts_current_line_lf_seen = 0;
if (state->ts_current_line_db == 1) {
state->ts_current_line_db = 0;
SCFree(state->ts_db);
state->ts_db = NULL;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->ts_db_len = 0;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
state->current_line = NULL;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->current_line_len = 0;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
}
smtp parser support
14 years ago
}
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
uint8_t *lf_idx = memchr(state->input, 0x0a, state->input_len);
smtp parser support
14 years ago
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
if (lf_idx == NULL) {
Support for smtp decoder events
14 years ago
/* fragmented lines. Decoder event for special cases. Not all
* fragmented lines should be treated as a possible evasion
* attempt. With multi payload smtp chunks we can have valid
* cases of fragmentation. But within the same segment chunk
* if we see fragmentation then it's definitely something you
* should alert about */
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
if (state->ts_current_line_db == 0) {
state->ts_db = SCMalloc(state->input_len);
if (state->ts_db == NULL) {
return -1;
}
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->ts_current_line_db = 1;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
memcpy(state->ts_db, state->input, state->input_len);
state->ts_db_len = state->input_len;
} else {
state->ts_db = SCRealloc(state->ts_db, (state->ts_db_len +
state->input_len));
if (state->ts_db == NULL) {
return -1;
}
memcpy(state->ts_db + state->ts_db_len,
state->input, state->input_len);
state->ts_db_len += state->input_len;
} /* else */
state->input += state->input_len;
state->input_len = 0;
return -1;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
smtp parser support
14 years ago
} else {
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
state->ts_current_line_lf_seen = 1;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (state->ts_current_line_db == 1) {
state->ts_db = SCRealloc(state->ts_db,
(state->ts_db_len +
(lf_idx + 1 - state->input)));
if (state->ts_db == NULL) {
return -1;
}
memcpy(state->ts_db + state->ts_db_len,
state->input, (lf_idx + 1 - state->input));
state->ts_db_len += (lf_idx + 1 - state->input);
if (state->ts_db_len > 1 &&
state->ts_db[state->ts_db_len - 2] == 0x0D) {
state->ts_db_len -= 2;
state->current_line_delimiter_len = 2;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
} else {
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->ts_db_len -= 1;
state->current_line_delimiter_len = 1;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
}
smtp parser support
14 years ago
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->current_line = state->ts_db;
state->current_line_len = state->ts_db_len;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
} else {
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->current_line = state->input;
state->current_line_len = lf_idx - state->input;
if (state->input != lf_idx &&
*(lf_idx - 1) == 0x0D) {
state->current_line_len--;
state->current_line_delimiter_len = 2;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
} else {
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->current_line_delimiter_len = 1;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
}
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
}
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
state->input_len -= (lf_idx - state->input) + 1;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->input = (lf_idx + 1);
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
return 0;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
}
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
/* toclient */
smtp parser support
14 years ago
} else {
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
if (state->tc_current_line_lf_seen == 1) {
/* we have seen the lf for the previous line. Clear the parser
* details to parse new line */
state->tc_current_line_lf_seen = 0;
if (state->tc_current_line_db == 1) {
state->tc_current_line_db = 0;
SCFree(state->tc_db);
state->tc_db = NULL;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->tc_db_len = 0;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
state->current_line = NULL;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->current_line_len = 0;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
}
}
uint8_t *lf_idx = memchr(state->input, 0x0a, state->input_len);
if (lf_idx == NULL) {
Support for smtp decoder events
14 years ago
/* fragmented lines. Decoder event for special cases. Not all
* fragmented lines should be treated as a possible evasion
* attempt. With multi payload smtp chunks we can have valid
* cases of fragmentation. But within the same segment chunk
* if we see fragmentation then it's definitely something you
* should alert about */
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
if (state->tc_current_line_db == 0) {
state->tc_db = SCMalloc(state->input_len);
if (state->tc_db == NULL) {
smtp parser support
14 years ago
return -1;
}
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->tc_current_line_db = 1;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
memcpy(state->tc_db, state->input, state->input_len);
state->tc_db_len = state->input_len;
smtp parser support
14 years ago
} else {
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
state->tc_db = SCRealloc(state->tc_db, (state->tc_db_len +
state->input_len));
if (state->tc_db == NULL) {
return -1;
}
memcpy(state->tc_db + state->tc_db_len,
state->input, state->input_len);
state->tc_db_len += state->input_len;
} /* else */
state->input += state->input_len;
state->input_len = 0;
smtp parser support
14 years ago
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
return -1;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
smtp parser support
14 years ago
} else {
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
state->tc_current_line_lf_seen = 1;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (state->tc_current_line_db == 1) {
state->tc_db = SCRealloc(state->tc_db,
(state->tc_db_len +
(lf_idx + 1 - state->input)));
if (state->tc_db == NULL) {
return -1;
}
memcpy(state->tc_db + state->tc_db_len,
state->input, (lf_idx + 1 - state->input));
state->tc_db_len += (lf_idx + 1 - state->input);
if (state->tc_db_len > 1 &&
state->tc_db[state->tc_db_len - 2] == 0x0D) {
state->tc_db_len -= 2;
state->current_line_delimiter_len = 2;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
} else {
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->tc_db_len -= 1;
state->current_line_delimiter_len = 1;
smtp parser support
14 years ago
}
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->current_line = state->tc_db;
state->current_line_len = state->tc_db_len;
smtp parser support
14 years ago
} else {
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->current_line = state->input;
state->current_line_len = lf_idx - state->input;
if (state->input != lf_idx &&
*(lf_idx - 1) == 0x0D) {
state->current_line_len--;
state->current_line_delimiter_len = 2;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
} else {
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->current_line_delimiter_len = 1;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
}
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
}
smtp parser support
14 years ago
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
state->input_len -= (lf_idx - state->input) + 1;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
state->input = (lf_idx + 1);
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
return 0;
} /* else - if (lf_idx == NULL) */
}
smtp parser support
14 years ago
}
Support for smtp decoder events
14 years ago
static int SMTPInsertCommandIntoCommandBuffer(uint8_t command, SMTPState *state, Flow *f)
smtp parser support
14 years ago
{
Add some debug statements for debugging a smtp issue.
14 years ago
SCEnter();
smtp parser support
14 years ago
if (state->cmds_cnt >= state->cmds_buffer_len) {
Fix too many SMTP commands causing an integer overflow in the cmds_cnt variable, in turn causing an out of bounds memory write.
14 years ago
int increment = SMTP_COMMAND_BUFFER_STEPS;
if ((int)(state->cmds_buffer_len + SMTP_COMMAND_BUFFER_STEPS) > (int)USHRT_MAX) {
increment = USHRT_MAX - state->cmds_buffer_len;
}
smtp parser support
14 years ago
state->cmds = SCRealloc(state->cmds,
sizeof(uint8_t) *
(state->cmds_buffer_len +
Fix too many SMTP commands causing an integer overflow in the cmds_cnt variable, in turn causing an out of bounds memory write.
14 years ago
increment));
smtp parser support
14 years ago
if (state->cmds == NULL) {
Add some debug statements for debugging a smtp issue.
14 years ago
SCLogDebug("SCRalloc failure");
smtp parser support
14 years ago
return -1;
}
Fix too many SMTP commands causing an integer overflow in the cmds_cnt variable, in turn causing an out of bounds memory write.
14 years ago
state->cmds_buffer_len += increment;
smtp parser support
14 years ago
}
if (state->cmds_cnt >= 1 &&
((state->cmds[state->cmds_cnt - 1] == SMTP_COMMAND_STARTTLS) ||
(state->cmds[state->cmds_cnt - 1] == SMTP_COMMAND_DATA))) {
/* decoder event */
Support for smtp decoder events
14 years ago
AppLayerDecoderEventsSetEvent(f,
SMTP_DECODER_EVENT_INVALID_PIPELINED_SEQUENCE);
smtp parser support
14 years ago
/* we have to have EHLO, DATA, VRFY, EXPN, TURN, QUIT, NOOP,
* STARTTLS as the last command in pipelined mode */
}
Fix too many SMTP commands causing an integer overflow in the cmds_cnt variable, in turn causing an out of bounds memory write.
14 years ago
/** \todo decoder event */
Add some debug statements for debugging a smtp issue.
14 years ago
if ((int)(state->cmds_cnt + 1) > (int)USHRT_MAX) {
SCLogDebug("command buffer overflow");
Fix too many SMTP commands causing an integer overflow in the cmds_cnt variable, in turn causing an out of bounds memory write.
14 years ago
return -1;
Add some debug statements for debugging a smtp issue.
14 years ago
}
Fix too many SMTP commands causing an integer overflow in the cmds_cnt variable, in turn causing an out of bounds memory write.
14 years ago
smtp parser support
14 years ago
state->cmds[state->cmds_cnt] = command;
state->cmds_cnt++;
return 0;
}
support bdat smtp keyword - bug #347
14 years ago
static int SMTPProcessCommandBDAT(SMTPState *state, Flow *f,
AppLayerParserState *pstate)
{
Add some debug statements for debugging a smtp issue.
14 years ago
SCEnter();
support bdat smtp keyword - bug #347
14 years ago
state->bdat_chunk_idx += (state->current_line_len +
state->current_line_delimiter_len);
if (state->bdat_chunk_idx > state->bdat_chunk_len) {
state->parser_state &= ~SMTP_PARSER_STATE_COMMAND_DATA_MODE;
/* decoder event */
Support for smtp decoder events
14 years ago
AppLayerDecoderEventsSetEvent(f,
SMTP_DECODER_EVENT_BDAT_CHUNK_LEN_EXCEEDED);
Add some debug statements for debugging a smtp issue.
14 years ago
SCReturnInt(-1);
support bdat smtp keyword - bug #347
14 years ago
} else if (state->bdat_chunk_idx == state->bdat_chunk_len) {
state->parser_state &= ~SMTP_PARSER_STATE_COMMAND_DATA_MODE;
}
Add some debug statements for debugging a smtp issue.
14 years ago
SCReturnInt(0);
support bdat smtp keyword - bug #347
14 years ago
}
smtp parser support
14 years ago
static int SMTPProcessCommandDATA(SMTPState *state, Flow *f,
Support for smtp decoder events
14 years ago
AppLayerParserState *pstate)
smtp parser support
14 years ago
{
Add some debug statements for debugging a smtp issue.
14 years ago
SCEnter();
smtp parser support
14 years ago
if (!(state->parser_state & SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
/* looks like are still waiting for a confirmination from the server */
return 0;
}
if (state->current_line_len == 1 && state->current_line[0] == '.') {
state->parser_state &= ~SMTP_PARSER_STATE_COMMAND_DATA_MODE;
/* kinda like a hack. The mail sent in DATA mode, would be
* acknowledged with a reply. We insert a dummy command to
* the command buffer to be used by the reply handler to match
* the reply received */
Support for smtp decoder events
14 years ago
SMTPInsertCommandIntoCommandBuffer(SMTP_COMMAND_DATA_MODE, state, f);
smtp parser support
14 years ago
}
return 0;
}
static int SMTPProcessCommandSTARTTLS(SMTPState *state, Flow *f,
AppLayerParserState *pstate)
{
return 0;
}
static int SMTPProcessReply(SMTPState *state, Flow *f,
AppLayerParserState *pstate)
{
Add some debug statements for debugging a smtp issue.
14 years ago
SCEnter();
smtp parser support
14 years ago
uint64_t reply_code = 0;
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
PatternMatcherQueue *pmq = state->thread_local_data;
smtp parser support
14 years ago
/* the reply code has to contain at least 3 bytes, to hold the 3 digit
* reply code */
if (state->current_line_len < 3) {
/* decoder event */
Support for smtp decoder events
14 years ago
AppLayerDecoderEventsSetEvent(f,
SMTP_DECODER_EVENT_INVALID_REPLY);
smtp parser support
14 years ago
return -1;
}
if (state->current_line_len >= 4) {
if (state->parser_state & SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY) {
if (state->current_line[3] != '-') {
state->parser_state &= ~SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY;
}
} else {
if (state->current_line[3] == '-') {
state->parser_state |= SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY;
}
}
} else {
if (state->parser_state & SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY) {
state->parser_state &= ~SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY;
}
}
smtp reply code mpm phase support added
14 years ago
/* I don't like this pmq reset here. We'll devise a method later, that
* should make the use of the mpm very efficient */
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
PmqReset(pmq);
smtp reply code mpm phase support added
14 years ago
int mpm_cnt = mpm_table[SMTP_MPM].Search(smtp_mpm_ctx, smtp_mpm_thread_ctx,
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
pmq, state->current_line,
smtp reply code mpm phase support added
14 years ago
3);
if (mpm_cnt == 0) {
/* set decoder event - reply code invalid */
Support for smtp decoder events
14 years ago
AppLayerDecoderEventsSetEvent(f,
SMTP_DECODER_EVENT_INVALID_REPLY);
Add some debug statements for debugging a smtp issue.
14 years ago
SCLogDebug("invalid reply code %02x %02x %02x",
state->current_line[0], state->current_line[1], state->current_line[2]);
SCReturnInt(-1);
smtp reply code mpm phase support added
14 years ago
}
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
reply_code = smtp_reply_map[pmq->pattern_id_array[0]].enum_value;
smtp reply code mpm phase support added
14 years ago
if (state->cmds_idx == state->cmds_cnt) {
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
if (!(state->parser_state & SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
state->parser_state |= SMTP_PARSER_STATE_FIRST_REPLY_SEEN;
if (reply_code == SMTP_REPLY_220)
SCReturnInt(0);
else
AppLayerDecoderEventsSetEvent(f, SMTP_DECODER_EVENT_INVALID_REPLY);
smtp reply code mpm phase support added
14 years ago
} else {
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
/* decoder event - unable to match reply with request */
SCLogDebug("unable to match reply with request");
SCReturnInt(-1);
smtp parser support
14 years ago
}
}
if (state->cmds[state->cmds_idx] == SMTP_COMMAND_STARTTLS) {
smtp reply code mpm phase support added
14 years ago
if (reply_code == SMTP_REPLY_220) {
smtp parser support
14 years ago
/* we are entering STARRTTLS data mode */
state->parser_state |= SMTP_PARSER_STATE_COMMAND_DATA_MODE;
pstate->flags |= APP_LAYER_PARSER_DONE;
pstate->flags |= APP_LAYER_PARSER_NO_INSPECTION;
pstate->flags |= APP_LAYER_PARSER_NO_REASSEMBLY;
} else {
/* decoder event */
Support for smtp decoder events
14 years ago
AppLayerDecoderEventsSetEvent(f,
SMTP_DECODER_EVENT_TLS_REJECTED);
smtp parser support
14 years ago
}
} else if (state->cmds[state->cmds_idx] == SMTP_COMMAND_DATA) {
smtp reply code mpm phase support added
14 years ago
if (reply_code == SMTP_REPLY_354) {
smtp parser support
14 years ago
/* Next comes the mail for the DATA command in toserver direction */
state->parser_state |= SMTP_PARSER_STATE_COMMAND_DATA_MODE;
} else {
/* decoder event */
Support for smtp decoder events
14 years ago
AppLayerDecoderEventsSetEvent(f,
SMTP_DECODER_EVENT_DATA_COMMAND_REJECTED);
smtp parser support
14 years ago
}
} else {
smtp reply code mpm phase support added
14 years ago
/* we don't care for any other command for now */
/* check if reply falls in the valid list of replies for SMTP. If not
* decoder event */
smtp parser support
14 years ago
}
smtp reply code mpm phase support added
14 years ago
/* if it is a multi-line reply, we need to move the index only once for all
smtp parser support
14 years ago
* the line of the reply. We unset the multiline flag on the last
* line of the multiline reply, following which we increment the index */
if (!(state->parser_state & SMTP_PARSER_STATE_PARSING_MULTILINE_REPLY)) {
state->cmds_idx++;
}
/* if we have matched all the buffered commands, reset the cnt and index */
if (state->cmds_idx == state->cmds_cnt) {
state->cmds_cnt = 0;
state->cmds_idx = 0;
}
return 0;
}
support bdat smtp keyword - bug #347
14 years ago
static int SMTPParseCommandBDAT(SMTPState *state)
{
Add some debug statements for debugging a smtp issue.
14 years ago
SCEnter();
support bdat smtp keyword - bug #347
14 years ago
int i = 4;
while (i < state->current_line_len) {
if (state->current_line[i] != ' ') {
break;
}
i++;
}
if (i == 4) {
/* decoder event */
return -1;
}
if (i == state->current_line_len) {
/* decoder event */
return -1;
}
uint8_t *endptr = NULL;
state->bdat_chunk_len = strtoul((const char *)state->current_line + i,
(char **)&endptr, 10);
if (endptr == state->current_line + i) {
/* decoder event */
return -1;
}
return 0;
}
smtp parser support
14 years ago
static int SMTPProcessRequest(SMTPState *state, Flow *f,
AppLayerParserState *pstate)
{
Add some debug statements for debugging a smtp issue.
14 years ago
SCEnter();
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
if (!(state->parser_state & SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
AppLayerDecoderEventsSetEvent(f, SMTP_DECODER_EVENT_NO_SERVER_WELCOME_MESSAGE);
}
smtp parser support
14 years ago
/* there are 2 commands that can push it into this COMMAND_DATA mode -
* STARTTLS and DATA */
if (!(state->parser_state & SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
support bdat smtp keyword - bug #347
14 years ago
int r = 0;
smtp parser support
14 years ago
if (state->current_line_len >= 8 &&
SCMemcmpLowercase("starttls", state->current_line, 8) == 0) {
state->current_command = SMTP_COMMAND_STARTTLS;
} else if (state->current_line_len >= 4 &&
SCMemcmpLowercase("data", state->current_line, 4) == 0) {
state->current_command = SMTP_COMMAND_DATA;
support bdat smtp keyword - bug #347
14 years ago
} else if (state->current_line_len >= 4 &&
SCMemcmpLowercase("bdat", state->current_line, 4) == 0) {
r = SMTPParseCommandBDAT(state);
Add some debug statements for debugging a smtp issue.
14 years ago
if (r == -1) {
SCReturnInt(-1);
}
support bdat smtp keyword - bug #347
14 years ago
state->current_command = SMTP_COMMAND_BDAT;
state->parser_state |= SMTP_PARSER_STATE_COMMAND_DATA_MODE;
smtp parser support
14 years ago
} else {
state->current_command = SMTP_COMMAND_OTHER_CMD;
}
/* Every command is inserted into a command buffer, to be matched
* against reply(ies) sent by the server */
if (SMTPInsertCommandIntoCommandBuffer(state->current_command,
Support for smtp decoder events
14 years ago
state, f) == -1) {
Add some debug statements for debugging a smtp issue.
14 years ago
SCReturnInt(-1);
smtp parser support
14 years ago
}
support bdat smtp keyword - bug #347
14 years ago
Add some debug statements for debugging a smtp issue.
14 years ago
SCReturnInt(r);
smtp parser support
14 years ago
}
switch (state->current_command) {
case SMTP_COMMAND_STARTTLS:
return SMTPProcessCommandSTARTTLS(state, f, pstate);
case SMTP_COMMAND_DATA:
return SMTPProcessCommandDATA(state, f, pstate);
support bdat smtp keyword - bug #347
14 years ago
case SMTP_COMMAND_BDAT:
return SMTPProcessCommandBDAT(state, f, pstate);
smtp parser support
14 years ago
default:
/* we have nothing to do with any other command at this instant.
* Just let it go through */
Add some debug statements for debugging a smtp issue.
14 years ago
SCReturnInt(0);
smtp parser support
14 years ago
}
}
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
static int SMTPParse(int direction, Flow *f, SMTPState *state,
AppLayerParserState *pstate, uint8_t *input,
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
uint32_t input_len,
PatternMatcherQueue *local_data, AppLayerParserResult *output)
smtp parser support
14 years ago
{
Add some debug statements for debugging a smtp issue.
14 years ago
SCEnter();
smtp parser support
14 years ago
state->input = input;
state->input_len = input_len;
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
state->direction = direction;
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
state->thread_local_data = local_data;
smtp parser support
14 years ago
minor changes in smtp parser decoder wrt direction check loop + add missing ifdef unittests
14 years ago
/* toserver */
if (direction == 0) {
while (SMTPGetLine(state) >= 0) {
support bdat smtp keyword - bug #347
14 years ago
if (SMTPProcessRequest(state, f, pstate) == -1)
Add some debug statements for debugging a smtp issue.
14 years ago
SCReturnInt(-1);
minor changes in smtp parser decoder wrt direction check loop + add missing ifdef unittests
14 years ago
}
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
minor changes in smtp parser decoder wrt direction check loop + add missing ifdef unittests
14 years ago
/* toclient */
} else {
while (SMTPGetLine(state) >= 0) {
support bdat smtp keyword - bug #347
14 years ago
if (SMTPProcessReply(state, f, pstate) == -1)
Add some debug statements for debugging a smtp issue.
14 years ago
SCReturnInt(-1);
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
}
smtp parser support
14 years ago
}
Add some debug statements for debugging a smtp issue.
14 years ago
SCReturnInt(0);
smtp parser support
14 years ago
}
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
static int SMTPParseClientRecord(Flow *f, void *alstate,
smtp parser support
14 years ago
AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len,
modify all relevant app layer API calls to accomodate passing parser local storage argument
14 years ago
void *local_data, AppLayerParserResult *output)
smtp parser support
14 years ago
{
Add some debug statements for debugging a smtp issue.
14 years ago
SCEnter();
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
/* first arg 0 is toserver */
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
return SMTPParse(0, f, alstate, pstate, input, input_len, local_data,
output);
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
}
smtp parser support
14 years ago
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
static int SMTPParseServerRecord(Flow *f, void *alstate,
AppLayerParserState *pstate,
uint8_t *input, uint32_t input_len,
modify all relevant app layer API calls to accomodate passing parser local storage argument
14 years ago
void *local_data, AppLayerParserResult *output)
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
{
Add some debug statements for debugging a smtp issue.
14 years ago
SCEnter();
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
/* first arg 1 is toclient */
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
return SMTPParse(1, f, alstate, pstate, input, input_len, local_data,
output);
smtp parser support
14 years ago
return 0;
}
/**
* \internal
* \brief Function to allocate SMTP state memory.
*/
static void *SMTPStateAlloc(void)
{
SMTPState *smtp_state = SCMalloc(sizeof(SMTPState));
Use unlikely for error treatment. When handling error case on SCMallog, SCCalloc or SCStrdup we are in an unlikely case. This patch adds the unlikely() expression to indicate this to gcc. This patch has been obtained via coccinelle. The transformation is the following: @istested@ identifier x; statement S1; identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)"; @@ x = func(...) ... when != x - if (x == NULL) S1 + if (unlikely(x == NULL)) S1
13 years ago
if (unlikely(smtp_state == NULL))
smtp parser support
14 years ago
return NULL;
memset(smtp_state, 0, sizeof(SMTPState));
smtp_state->cmds = SCMalloc(sizeof(uint8_t) *
SMTP_COMMAND_BUFFER_STEPS);
if (smtp_state->cmds == NULL) {
SCFree(smtp_state);
return NULL;
}
smtp_state->cmds_buffer_len = SMTP_COMMAND_BUFFER_STEPS;
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
return smtp_state;
}
static void *SMTPLocalStorageAlloc(void)
{
/* needed by the mpm */
PatternMatcherQueue *pmq = SCMalloc(sizeof(PatternMatcherQueue));
Use unlikely for error treatment. When handling error case on SCMallog, SCCalloc or SCStrdup we are in an unlikely case. This patch adds the unlikely() expression to indicate this to gcc. This patch has been obtained via coccinelle. The transformation is the following: @istested@ identifier x; statement S1; identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)"; @@ x = func(...) ... when != x - if (x == NULL) S1 + if (unlikely(x == NULL)) S1
13 years ago
if (unlikely(pmq == NULL)) {
smtp reply code mpm phase support added
14 years ago
exit(EXIT_FAILURE);
}
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
PmqSetup(pmq, 0,
smtp reply code mpm phase support added
14 years ago
sizeof(smtp_reply_map)/sizeof(SCEnumCharMap) - 2);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
return pmq;
}
static void SMTPLocalStorageFree(void *pmq)
{
if (pmq != NULL) {
PmqFree(pmq);
SCFree(pmq);
}
return;
smtp parser support
14 years ago
}
/**
* \internal
* \brief Function to free SMTP state memory.
*/
static void SMTPStateFree(void *p)
{
SMTPState *smtp_state = (SMTPState *)p;
if (smtp_state->cmds != NULL) {
SCFree(smtp_state->cmds);
}
Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines
14 years ago
if (smtp_state->ts_current_line_db) {
SCFree(smtp_state->ts_db);
}
if (smtp_state->tc_current_line_db) {
SCFree(smtp_state->tc_db);
}
smtp parser support
14 years ago
SCFree(smtp_state);
return;
}
smtp reply code mpm phase support added
14 years ago
static void SMTPSetMpmState(void)
{
smtp_mpm_ctx = SCMalloc(sizeof(MpmCtx));
Use unlikely for error treatment. When handling error case on SCMallog, SCCalloc or SCStrdup we are in an unlikely case. This patch adds the unlikely() expression to indicate this to gcc. This patch has been obtained via coccinelle. The transformation is the following: @istested@ identifier x; statement S1; identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)"; @@ x = func(...) ... when != x - if (x == NULL) S1 + if (unlikely(x == NULL)) S1
13 years ago
if (unlikely(smtp_mpm_ctx == NULL)) {
smtp reply code mpm phase support added
14 years ago
exit(EXIT_FAILURE);
}
memset(smtp_mpm_ctx, 0, sizeof(MpmCtx));
Code cleanup. Use the MpmAddPattern[CS|CI] wrapper to add patterns to the mpm context. Also use MpmInitCtx() to init the mpm context.
12 years ago
MpmInitCtx(smtp_mpm_ctx, SMTP_MPM);
smtp reply code mpm phase support added
14 years ago
smtp_mpm_thread_ctx = SCMalloc(sizeof(MpmThreadCtx));
Use unlikely for error treatment. When handling error case on SCMallog, SCCalloc or SCStrdup we are in an unlikely case. This patch adds the unlikely() expression to indicate this to gcc. This patch has been obtained via coccinelle. The transformation is the following: @istested@ identifier x; statement S1; identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)"; @@ x = func(...) ... when != x - if (x == NULL) S1 + if (unlikely(x == NULL)) S1
13 years ago
if (unlikely(smtp_mpm_thread_ctx == NULL)) {
smtp reply code mpm phase support added
14 years ago
exit(EXIT_FAILURE);
}
memset(smtp_mpm_thread_ctx, 0, sizeof(MpmThreadCtx));
Code cleanup. Use the MpmAddPattern[CS|CI] wrapper to add patterns to the mpm context. Also use MpmInitCtx() to init the mpm context.
12 years ago
MpmInitThreadCtx(smtp_mpm_thread_ctx, SMTP_MPM, 0);
smtp reply code mpm phase support added
14 years ago
uint32_t i = 0;
for (i = 0; i < sizeof(smtp_reply_map)/sizeof(SCEnumCharMap) - 1; i++) {
SCEnumCharMap *map = &smtp_reply_map[i];
Code cleanup. Use the MpmAddPattern[CS|CI] wrapper to add patterns to the mpm context. Also use MpmInitCtx() to init the mpm context.
12 years ago
/* The third argument is 3, because reply code is always 3 bytes. */
MpmAddPatternCI(smtp_mpm_ctx, (uint8_t *)map->enum_name, 3,
0 /* defunct */, 0 /* defunct */,
i /* pattern id */, 0, 0 /* no flags */);
smtp reply code mpm phase support added
14 years ago
}
mpm_table[SMTP_MPM].Prepare(smtp_mpm_ctx);
}
Add and use EventGetInfo for getting info on an event. Also update existing parsers and app-layer-event Setup to use this.
12 years ago
int SMTPStateGetEventInfo(const char *event_name,
int *event_id, AppLayerEventType *event_type)
{
*event_id = SCMapEnumNameToValue(event_name, smtp_decoder_event_table);
if (*event_id == -1) {
SCLogError(SC_ERR_INVALID_ENUM_MAP, "event \"%s\" not present in "
"smtp's enum map table.", event_name);
/* yes this is fatal */
return -1;
}
*event_type = APP_LAYER_EVENT_TYPE_GENERAL;
return 0;
}
smtp parser support
14 years ago
/**
* \brief Register the SMPT Protocol parser.
*/
void RegisterSMTPParsers(void)
{
Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs
14 years ago
char *proto_name = "smtp";
Introduce new options into the conf file to enable/disable - 1. Proto detection 2. Parsers For app layer protocols. libhtp has now been moved to the section under app-layer.protocols.http, but we still provide backward compatibility with older conf files.
12 years ago
if (AppLayerProtoDetectionEnabled(proto_name)) {
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMTP, "EHLO", 4, 0,
STREAM_TOSERVER);
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMTP, "HELO", 4, 0,
STREAM_TOSERVER);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
AlpProtoAdd(&alp_proto_ctx, proto_name, IPPROTO_TCP, ALPROTO_SMTP, "QUIT", 4, 0,
STREAM_TOSERVER);
Introduce new options into the conf file to enable/disable - 1. Proto detection 2. Parsers For app layer protocols. libhtp has now been moved to the section under app-layer.protocols.http, but we still provide backward compatibility with older conf files.
12 years ago
} else {
SCLogInfo("Protocol detection and parser disabled for %s protocol.",
proto_name);
return;
}
smtp parser support
14 years ago
Introduce new options into the conf file to enable/disable - 1. Proto detection 2. Parsers For app layer protocols. libhtp has now been moved to the section under app-layer.protocols.http, but we still provide backward compatibility with older conf files.
12 years ago
if (AppLayerParserEnabled(proto_name)) {
AppLayerRegisterStateFuncs(ALPROTO_SMTP, SMTPStateAlloc, SMTPStateFree);
smtp parser support
14 years ago
Introduce new options into the conf file to enable/disable - 1. Proto detection 2. Parsers For app layer protocols. libhtp has now been moved to the section under app-layer.protocols.http, but we still provide backward compatibility with older conf files.
12 years ago
AppLayerRegisterProto(proto_name, ALPROTO_SMTP, STREAM_TOSERVER,
SMTPParseClientRecord);
AppLayerRegisterProto(proto_name, ALPROTO_SMTP, STREAM_TOCLIENT,
SMTPParseServerRecord);
Move app event module registration as a part of app layer proto table.
12 years ago
Add and use EventGetInfo for getting info on an event. Also update existing parsers and app-layer-event Setup to use this.
12 years ago
AppLayerRegisterGetEventInfo(ALPROTO_SMTP, SMTPStateGetEventInfo);
smtp parser support
14 years ago
Introduce new options into the conf file to enable/disable - 1. Proto detection 2. Parsers For app layer protocols. libhtp has now been moved to the section under app-layer.protocols.http, but we still provide backward compatibility with older conf files.
12 years ago
AppLayerRegisterLocalStorageFunc(ALPROTO_SMTP, SMTPLocalStorageAlloc,
SMTPLocalStorageFree);
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
"still on.", proto_name);
}
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
smtp reply code mpm phase support added
14 years ago
SMTPSetMpmState();
Add --unittests-coverage option to list how many code modules have tests
12 years ago
#ifdef UNITTESTS
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
AppLayerParserRegisterUnittests(ALPROTO_SMTP, SMTPParserRegisterTests);
Add --unittests-coverage option to list how many code modules have tests
12 years ago
#endif
smtp parser support
14 years ago
return;
}
/***************************************Unittests******************************/
minor changes in smtp parser decoder wrt direction check loop + add missing ifdef unittests
14 years ago
#ifdef UNITTESTS
smtp parser support
14 years ago
/*
* \test Test STARTTLS.
*/
int SMTPParserTest01(void)
{
int result = 0;
Flow f;
int r = 0;
/* 220 mx.google.com ESMTP d15sm986283wfl.6<CR><LF> */
uint8_t welcome_reply[] = {
0x32, 0x32, 0x30, 0x20, 0x6d, 0x78, 0x2e, 0x67,
0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
0x6d, 0x20, 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20,
0x64, 0x31, 0x35, 0x73, 0x6d, 0x39, 0x38, 0x36,
0x32, 0x38, 0x33, 0x77, 0x66, 0x6c, 0x2e, 0x36,
0x0d, 0x0a
};
uint32_t welcome_reply_len = sizeof(welcome_reply);
/* EHLO [192.168.0.158]<CR><LF> */
uint8_t request1[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x5b, 0x31, 0x39,
0x32, 0x2e, 0x31, 0x36, 0x38, 0x2e, 0x30, 0x2e,
0x31, 0x35, 0x38, 0x5d, 0x0d, 0x0a
};
uint32_t request1_len = sizeof(request1);
/* 250-mx.google.com at your service, [117.198.115.50]<CR><LF>
* 250-SIZE 35882577<CR><LF>
* 250-8BITMIME<CR><LF>
* 250-STARTTLS<CR><LF>
* 250 ENHANCEDSTATUSCODES<CR><LF>
*/
uint8_t reply1[] = {
0x32, 0x35, 0x30, 0x2d, 0x6d, 0x78, 0x2e, 0x67,
0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
0x6d, 0x20, 0x61, 0x74, 0x20, 0x79, 0x6f, 0x75,
0x72, 0x20, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
0x65, 0x2c, 0x20, 0x5b, 0x31, 0x31, 0x37, 0x2e,
0x31, 0x39, 0x38, 0x2e, 0x31, 0x31, 0x35, 0x2e,
0x35, 0x30, 0x5d, 0x0d, 0x0a, 0x32, 0x35, 0x30,
0x2d, 0x53, 0x49, 0x5a, 0x45, 0x20, 0x33, 0x35,
0x38, 0x38, 0x32, 0x35, 0x37, 0x37, 0x0d, 0x0a,
0x32, 0x35, 0x30, 0x2d, 0x38, 0x42, 0x49, 0x54,
0x4d, 0x49, 0x4d, 0x45, 0x0d, 0x0a, 0x32, 0x35,
0x30, 0x2d, 0x53, 0x54, 0x41, 0x52, 0x54, 0x54,
0x4c, 0x53, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x20,
0x45, 0x4e, 0x48, 0x41, 0x4e, 0x43, 0x45, 0x44,
0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x43, 0x4f,
0x44, 0x45, 0x53, 0x0d, 0x0a
};
uint32_t reply1_len = sizeof(reply1);
/* STARTTLS<CR><LF> */
uint8_t request2[] = {
0x53, 0x54, 0x41, 0x52, 0x54, 0x54, 0x4c, 0x53,
0x0d, 0x0a
};
uint32_t request2_len = sizeof(request2);
/* 220 2.0.0 Ready to start TLS<CR><LF> */
uint8_t reply2[] = {
0x32, 0x32, 0x30, 0x20, 0x32, 0x2e, 0x30, 0x2e,
0x30, 0x20, 0x52, 0x65, 0x61, 0x64, 0x79, 0x20,
0x74, 0x6f, 0x20, 0x73, 0x74, 0x61, 0x72, 0x74,
0x20, 0x54, 0x4c, 0x53, 0x0d, 0x0a
};
uint32_t reply2_len = sizeof(reply2);
TcpSession ssn;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
void *thread_local_data = SMTPLocalStorageAlloc();
smtp parser support
14 years ago
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
welcome_reply, welcome_reply_len);
smtp parser support
14 years ago
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
App Layer cleanup Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate. Various cleanups and dead code removal from the app layer API. Should safe 100+ bytes memory per flow on 64 bit. Updated lots of unittests to reflect these changes.
14 years ago
SMTPState *smtp_state = f.alstate;
smtp parser support
14 years ago
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
if (smtp_state->input_len != 0 ||
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
smtp_state->cmds_cnt != 0 ||
smtp parser support
14 years ago
smtp_state->cmds_idx != 0 ||
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
smtp parser support
14 years ago
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
request1, request1_len);
smtp parser support
14 years ago
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply1, reply1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_STARTTLS ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply2, reply2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
if (!(f.flags & FLOW_NOPAYLOAD_INSPECTION) ||
!(f.flags & FLOW_NO_APPLAYER_INSPECTION) ||
!(((TcpSession *)f.protoctx)->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) ||
!(((TcpSession *)f.protoctx)->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) {
goto end;
}
result = 1;
end:
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
SMTPLocalStorageFree(thread_local_data);
smtp parser support
14 years ago
return result;
}
/**
* \test Test multiple DATA commands(full mail transactions).
*/
int SMTPParserTest02(void)
{
int result = 0;
Flow f;
int r = 0;
/* 220 mx.google.com ESMTP d15sm986283wfl.6<CR><LF> */
uint8_t welcome_reply[] = {
0x32, 0x32, 0x30, 0x20, 0x6d, 0x78, 0x2e, 0x67,
0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
0x6d, 0x20, 0x45, 0x53, 0x4d, 0x54, 0x50, 0x20,
0x64, 0x31, 0x35, 0x73, 0x6d, 0x39, 0x38, 0x36,
0x32, 0x38, 0x33, 0x77, 0x66, 0x6c, 0x2e, 0x36,
0x0d, 0x0a
};
uint32_t welcome_reply_len = sizeof(welcome_reply);
/* EHLO boo.com<CR><LF> */
uint8_t request1[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a
};
uint32_t request1_len = sizeof(request1);
/* 250-mx.google.com at your service, [117.198.115.50]<CR><LF>
* 250-SIZE 35882577<CR><LF>
* 250-8BITMIME<CR><LF>
* 250-STARTTLS<CR><LF>
* 250 ENHANCEDSTATUSCODES<CR><LF>
*/
uint8_t reply1[] = {
0x32, 0x35, 0x30, 0x2d, 0x70, 0x6f, 0x6f, 0x6e,
0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f,
0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61,
0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x0d,
0x0a, 0x32, 0x35, 0x30, 0x2d, 0x50, 0x49, 0x50,
0x45, 0x4c, 0x49, 0x4e, 0x49, 0x4e, 0x47, 0x0d,
0x0a, 0x32, 0x35, 0x30, 0x2d, 0x53, 0x49, 0x5a,
0x45, 0x20, 0x31, 0x30, 0x32, 0x34, 0x30, 0x30,
0x30, 0x30, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d,
0x56, 0x52, 0x46, 0x59, 0x0d, 0x0a, 0x32, 0x35,
0x30, 0x2d, 0x45, 0x54, 0x52, 0x4e, 0x0d, 0x0a,
0x32, 0x35, 0x30, 0x2d, 0x45, 0x4e, 0x48, 0x41,
0x4e, 0x43, 0x45, 0x44, 0x53, 0x54, 0x41, 0x54,
0x55, 0x53, 0x43, 0x4f, 0x44, 0x45, 0x53, 0x0d,
0x0a, 0x32, 0x35, 0x30, 0x2d, 0x38, 0x42, 0x49,
0x54, 0x4d, 0x49, 0x4d, 0x45, 0x0d, 0x0a, 0x32,
0x35, 0x30, 0x20, 0x44, 0x53, 0x4e, 0x0d, 0x0a
};
uint32_t reply1_len = sizeof(reply1);
/* MAIL FROM:asdff@asdf.com<CR><LF> */
uint8_t request2[] = {
0x4d, 0x41, 0x49, 0x4c, 0x20, 0x46, 0x52, 0x4f,
0x4d, 0x3a, 0x61, 0x73, 0x64, 0x66, 0x66, 0x40,
0x61, 0x73, 0x64, 0x66, 0x2e, 0x63, 0x6f, 0x6d,
0x0d, 0x0a
};
uint32_t request2_len = sizeof(request2);
/* 250 2.1.0 Ok<CR><LF> */
uint8_t reply2[] = {
0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e,
0x30, 0x20, 0x4f, 0x6b, 0x0d, 0x0a
};
uint32_t reply2_len = sizeof(reply2);
/* RCPT TO:bimbs@gmail.com<CR><LF> */
uint8_t request3[] = {
0x52, 0x43, 0x50, 0x54, 0x20, 0x54, 0x4f, 0x3a,
0x62, 0x69, 0x6d, 0x62, 0x73, 0x40, 0x67, 0x6d,
0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x0d,
0x0a
};
uint32_t request3_len = sizeof(request3);
/* 250 2.1.5 Ok<CR><LF> */
uint8_t reply3[] = {
0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e,
0x35, 0x20, 0x4f, 0x6b, 0x0d, 0x0a
};
uint32_t reply3_len = sizeof(reply3);
/* DATA<CR><LF> */
uint8_t request4[] = {
0x44, 0x41, 0x54, 0x41, 0x0d, 0x0a
};
uint32_t request4_len = sizeof(request4);
/* 354 End data with <CR><LF>.<CR><LF>|<CR><LF>| */
uint8_t reply4[] = {
0x33, 0x35, 0x34, 0x20, 0x45, 0x6e, 0x64, 0x20,
0x64, 0x61, 0x74, 0x61, 0x20, 0x77, 0x69, 0x74,
0x68, 0x20, 0x3c, 0x43, 0x52, 0x3e, 0x3c, 0x4c,
0x46, 0x3e, 0x2e, 0x3c, 0x43, 0x52, 0x3e, 0x3c,
0x4c, 0x46, 0x3e, 0x0d, 0x0a
};
uint32_t reply4_len = sizeof(reply4);
/* FROM:asdff@asdf.com<CR><LF> */
uint8_t request5_1[] = {
0x46, 0x52, 0x4f, 0x4d, 0x3a, 0x61, 0x73, 0x64,
0x66, 0x66, 0x40, 0x61, 0x73, 0x64, 0x66, 0x2e,
0x63, 0x6f, 0x6d, 0x0d, 0x0a
};
uint32_t request5_1_len = sizeof(request5_1);
/* TO:bimbs@gmail.com<CR><LF> */
uint8_t request5_2[] = {
0x54, 0x4f, 0x3a, 0x62, 0x69, 0x6d, 0x62, 0x73,
0x40, 0x67, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63,
0x6f, 0x6d, 0x0d, 0x0a
};
uint32_t request5_2_len = sizeof(request5_2);
/* <CR><LF> */
uint8_t request5_3[] = {
0x0d, 0x0a
};
uint32_t request5_3_len = sizeof(request5_3);
/* this is test mail1<CR><LF> */
uint8_t request5_4[] = {
0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x61, 0x69,
0x6c, 0x31, 0x0d, 0x0a
};
uint32_t request5_4_len = sizeof(request5_4);
/* .<CR><LF> */
uint8_t request5_5[] = {
0x2e, 0x0d, 0x0a
};
uint32_t request5_5_len = sizeof(request5_5);
/* 250 2.0.0 Ok: queued as 6A1AF20BF2<CR><LF> */
uint8_t reply5[] = {
0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x30, 0x2e,
0x30, 0x20, 0x4f, 0x6b, 0x3a, 0x20, 0x71, 0x75,
0x65, 0x75, 0x65, 0x64, 0x20, 0x61, 0x73, 0x20,
0x36, 0x41, 0x31, 0x41, 0x46, 0x32, 0x30, 0x42,
0x46, 0x32, 0x0d, 0x0a
};
uint32_t reply5_len = sizeof(reply5);
/* MAIL FROM:asdfg@asdf.com<CR><LF> */
uint8_t request6[] = {
0x4d, 0x41, 0x49, 0x4c, 0x20, 0x46, 0x52, 0x4f,
0x4d, 0x3a, 0x61, 0x73, 0x64, 0x66, 0x67, 0x40,
0x61, 0x73, 0x64, 0x66, 0x2e, 0x63, 0x6f, 0x6d,
0x0d, 0x0a
};
uint32_t request6_len = sizeof(request6);
/* 250 2.1.0 Ok<CR><LF> */
uint8_t reply6[] = {
0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e,
0x30, 0x20, 0x4f, 0x6b, 0x0d, 0x0a
};
uint32_t reply6_len = sizeof(reply6);
/* RCPT TO:bimbs@gmail.com<CR><LF> */
uint8_t request7[] = {
0x52, 0x43, 0x50, 0x54, 0x20, 0x54, 0x4f, 0x3a,
0x62, 0x69, 0x6d, 0x62, 0x73, 0x40, 0x67, 0x6d,
0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x0d,
0x0a
};
uint32_t request7_len = sizeof(request7);
/* 250 2.1.5 Ok<CR><LF> */
uint8_t reply7[] = {
0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e,
0x35, 0x20, 0x4f, 0x6b, 0x0d, 0x0a
};
uint32_t reply7_len = sizeof(reply7);
/* DATA<CR><LF> */
uint8_t request8[] = {
0x44, 0x41, 0x54, 0x41, 0x0d, 0x0a
};
uint32_t request8_len = sizeof(request8);
/* 354 End data with <CR><LF>.<CR><LF>|<CR><LF>| */
uint8_t reply8[] = {
0x33, 0x35, 0x34, 0x20, 0x45, 0x6e, 0x64, 0x20,
0x64, 0x61, 0x74, 0x61, 0x20, 0x77, 0x69, 0x74,
0x68, 0x20, 0x3c, 0x43, 0x52, 0x3e, 0x3c, 0x4c,
0x46, 0x3e, 0x2e, 0x3c, 0x43, 0x52, 0x3e, 0x3c,
0x4c, 0x46, 0x3e, 0x0d, 0x0a
};
uint32_t reply8_len = sizeof(reply8);
/* FROM:asdfg@gmail.com<CR><LF> */
uint8_t request9_1[] = {
0x46, 0x52, 0x4f, 0x4d, 0x3a, 0x61, 0x73, 0x64,
0x66, 0x67, 0x40, 0x67, 0x6d, 0x61, 0x69, 0x6c,
0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a
};
uint32_t request9_1_len = sizeof(request9_1);
/* TO:bimbs@gmail.com<CR><LF> */
uint8_t request9_2[] = {
0x54, 0x4f, 0x3a, 0x62, 0x69, 0x6d, 0x62, 0x73,
0x40, 0x67, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63,
0x6f, 0x6d, 0x0d, 0x0a
};
uint32_t request9_2_len = sizeof(request9_2);
/* <CR><LF> */
uint8_t request9_3[] = {
0x0d, 0x0a
};
uint32_t request9_3_len = sizeof(request9_3);
/* this is test mail2<CR><LF> */
uint8_t request9_4[] = {
0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
0x74, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x61, 0x69,
0x6c, 0x32, 0x0d, 0x0a
};
uint32_t request9_4_len = sizeof(request9_4);
/* .<CR><LF> */
uint8_t request9_5[] = {
0x2e, 0x0d, 0x0a
};
uint32_t request9_5_len = sizeof(request9_5);
/* 250 2.0.0 Ok: queued as 28CFF20BF2<CR><LF> */
uint8_t reply9[] = {
0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x30, 0x2e,
0x30, 0x20, 0x4f, 0x6b, 0x3a, 0x20, 0x71, 0x75,
0x65, 0x75, 0x65, 0x64, 0x20, 0x61, 0x73, 0x20,
0x32, 0x38, 0x43, 0x46, 0x46, 0x32, 0x30, 0x42,
0x46, 0x32, 0x0d, 0x0a
};
uint32_t reply9_len = sizeof(reply9);
/* QUIT<CR><LF> */
uint8_t request10[] = {
0x51, 0x55, 0x49, 0x54, 0x0d, 0x0a
};
uint32_t request10_len = sizeof(request10);
/* 221 2.0.0 Bye<CR><LF> */
uint8_t reply10[] = {
0x32, 0x32, 0x31, 0x20, 0x32, 0x2e, 0x30, 0x2e,
0x30, 0x20, 0x42, 0x79, 0x65, 0x0d, 0x0a
};
uint32_t reply10_len = sizeof(reply10);
TcpSession ssn;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
void *thread_local_data = SMTPLocalStorageAlloc();
smtp parser support
14 years ago
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
welcome_reply, welcome_reply_len);
smtp parser support
14 years ago
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
App Layer cleanup Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate. Various cleanups and dead code removal from the app layer API. Should safe 100+ bytes memory per flow on 64 bit. Updated lots of unittests to reflect these changes.
14 years ago
SMTPState *smtp_state = f.alstate;
smtp parser support
14 years ago
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
if (smtp_state->input_len != 0 ||
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
smtp_state->cmds_cnt != 0 ||
smtp parser support
14 years ago
smtp_state->cmds_idx != 0 ||
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
smtp parser support
14 years ago
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
request1, request1_len);
smtp parser support
14 years ago
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply1, reply1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply2, reply2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request3, request3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply3, reply3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request4, request4_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_DATA ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply4, reply4_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request5_1, request5_1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request5_2, request5_2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request5_3, request5_3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request5_4, request5_4_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request5_5, request5_5_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_DATA_MODE ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply5, reply5_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request6, request6_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply6, reply6_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request7, request7_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply7, reply7_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request8, request8_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_DATA ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply8, reply8_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request9_1, request9_1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request9_2, request9_2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request9_3, request9_3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request9_4, request9_4_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request9_5, request9_5_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_DATA_MODE ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply9, reply9_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request10, request10_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply10, reply10_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
result = 1;
end:
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
SMTPLocalStorageFree(thread_local_data);
smtp parser support
14 years ago
return result;
}
/**
* \test Testing parsing pipelined commands.
*/
int SMTPParserTest03(void)
{
int result = 0;
Flow f;
int r = 0;
/* 220 poona_slack_vm1.localdomain ESMTP Postfix<CR><LF> */
uint8_t welcome_reply[] = {
0x32, 0x32, 0x30, 0x20, 0x70, 0x6f, 0x6f, 0x6e,
0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f,
0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61,
0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20,
0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, 0x50, 0x6f,
0x73, 0x74, 0x66, 0x69, 0x78, 0x0d, 0x0a
};
uint32_t welcome_reply_len = sizeof(welcome_reply);
/* EHLO boo.com<CR><LF> */
uint8_t request1[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e, 0x63, 0x6f, 0x6d, 0x0a
};
uint32_t request1_len = sizeof(request1);
/* 250-poona_slack_vm1.localdomain<CR><LF>
* 250-PIPELINING<CR><LF>
* 250-SIZE 10240000<CR><LF>
* 250-VRFY<CR><LF>
* 250-ETRN<CR><LF>
* 250-ENHANCEDSTATUSCODES<CR><LF>
* 250-8BITMIME<CR><LF>
* 250 DSN<CR><LF>
*/
uint8_t reply1[] = {
0x32, 0x35, 0x30, 0x2d, 0x70, 0x6f, 0x6f, 0x6e,
0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f,
0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61,
0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x0d,
0x0a, 0x32, 0x35, 0x30, 0x2d, 0x50, 0x49, 0x50,
0x45, 0x4c, 0x49, 0x4e, 0x49, 0x4e, 0x47, 0x0d,
0x0a, 0x32, 0x35, 0x30, 0x2d, 0x53, 0x49, 0x5a,
0x45, 0x20, 0x31, 0x30, 0x32, 0x34, 0x30, 0x30,
0x30, 0x30, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d,
0x56, 0x52, 0x46, 0x59, 0x0d, 0x0a, 0x32, 0x35,
0x30, 0x2d, 0x45, 0x54, 0x52, 0x4e, 0x0d, 0x0a,
0x32, 0x35, 0x30, 0x2d, 0x45, 0x4e, 0x48, 0x41,
0x4e, 0x43, 0x45, 0x44, 0x53, 0x54, 0x41, 0x54,
0x55, 0x53, 0x43, 0x4f, 0x44, 0x45, 0x53, 0x0d,
0x0a, 0x32, 0x35, 0x30, 0x2d, 0x38, 0x42, 0x49,
0x54, 0x4d, 0x49, 0x4d, 0x45, 0x0d, 0x0a, 0x32,
0x35, 0x30, 0x20, 0x44, 0x53, 0x4e, 0x0d, 0x0a
};
uint32_t reply1_len = sizeof(reply1);
/* MAIL FROM:pbsf@asdfs.com<CR><LF>
* RCPT TO:pbsf@asdfs.com<CR><LF>
* DATA<CR><LF>
*/
uint8_t request2[] = {
0x4d, 0x41, 0x49, 0x4c, 0x20, 0x46, 0x52, 0x4f,
0x4d, 0x3a, 0x70, 0x62, 0x73, 0x66, 0x40, 0x61,
0x73, 0x64, 0x66, 0x73, 0x2e, 0x63, 0x6f, 0x6d,
0x0d, 0x0a, 0x52, 0x43, 0x50, 0x54, 0x20, 0x54,
0x4f, 0x3a, 0x70, 0x62, 0x73, 0x66, 0x40, 0x61,
0x73, 0x64, 0x66, 0x73, 0x2e, 0x63, 0x6f, 0x6d,
0x0d, 0x0a, 0x44, 0x41, 0x54, 0x41, 0x0d, 0x0a
};
uint32_t request2_len = sizeof(request2);
/* 250 2.1.0 Ok<CR><LF>
* 250 2.1.5 Ok<CR><LF>
* 354 End data with <CR><LF>.<CR><LF>|<CR><LF>|
*/
uint8_t reply2[] = {
0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e,
0x30, 0x20, 0x4f, 0x6b, 0x0d, 0x0a, 0x32, 0x35,
0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e, 0x35, 0x20,
0x4f, 0x6b, 0x0d, 0x0a, 0x33, 0x35, 0x34, 0x20,
0x45, 0x6e, 0x64, 0x20, 0x64, 0x61, 0x74, 0x61,
0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x3c, 0x43,
0x52, 0x3e, 0x3c, 0x4c, 0x46, 0x3e, 0x2e, 0x3c,
0x43, 0x52, 0x3e, 0x3c, 0x4c, 0x46, 0x3e, 0x0d,
0x0a
};
uint32_t reply2_len = sizeof(reply2);
TcpSession ssn;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
void *thread_local_data = SMTPLocalStorageAlloc();
smtp parser support
14 years ago
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
welcome_reply, welcome_reply_len);
smtp parser support
14 years ago
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
App Layer cleanup Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate. Various cleanups and dead code removal from the app layer API. Should safe 100+ bytes memory per flow on 64 bit. Updated lots of unittests to reflect these changes.
14 years ago
SMTPState *smtp_state = f.alstate;
smtp parser support
14 years ago
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
if (smtp_state->input_len != 0 ||
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
smtp_state->cmds_cnt != 0 ||
smtp parser support
14 years ago
smtp_state->cmds_idx != 0 ||
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
smtp parser support
14 years ago
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
request1, request1_len);
smtp parser support
14 years ago
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply1, reply1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 3 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->cmds[1] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->cmds[2] != SMTP_COMMAND_DATA ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply2, reply2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
result = 1;
end:
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
SMTPLocalStorageFree(thread_local_data);
smtp parser support
14 years ago
return result;
}
/*
* \test Test smtp with just <LF> delimter instead of <CR><LF>.
*/
int SMTPParserTest04(void)
{
int result = 0;
Flow f;
int r = 0;
/* 220 poona_slack_vm1.localdomain ESMTP Postfix<CR><LF> */
uint8_t welcome_reply[] = {
0x32, 0x32, 0x30, 0x20, 0x70, 0x6f, 0x6f, 0x6e,
0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f,
0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61,
0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20,
0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, 0x50, 0x6f,
0x73, 0x74, 0x66, 0x69, 0x78, 0x0d, 0x0a
};
uint32_t welcome_reply_len = sizeof(welcome_reply);
/* EHLO boo.com<CR><LF> */
uint8_t request1[] = {
0x32, 0x32, 0x30, 0x20, 0x70, 0x6f, 0x6f, 0x6e,
0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f,
0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61,
0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20,
0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, 0x50, 0x6f,
0x73, 0x74, 0x66, 0x69, 0x78, 0x0d, 0x0a
};
uint32_t request1_len = sizeof(request1);
TcpSession ssn;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
void *thread_local_data = SMTPLocalStorageAlloc();
smtp parser support
14 years ago
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
welcome_reply, welcome_reply_len);
smtp parser support
14 years ago
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
App Layer cleanup Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate. Various cleanups and dead code removal from the app layer API. Should safe 100+ bytes memory per flow on 64 bit. Updated lots of unittests to reflect these changes.
14 years ago
SMTPState *smtp_state = f.alstate;
smtp parser support
14 years ago
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
if (smtp_state->input_len != 0 ||
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
smtp_state->cmds_cnt != 0 ||
smtp parser support
14 years ago
smtp_state->cmds_idx != 0 ||
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
smtp parser support
14 years ago
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
request1, request1_len);
smtp parser support
14 years ago
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
result = 1;
end:
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
SMTPLocalStorageFree(thread_local_data);
smtp parser support
14 years ago
return result;
}
/*
* \test Test STARTTLS fail.
*/
int SMTPParserTest05(void)
{
int result = 0;
Flow f;
int r = 0;
/* 220 poona_slack_vm1.localdomain ESMTP Postfix<CR><LF> */
uint8_t welcome_reply[] = {
0x32, 0x32, 0x30, 0x20, 0x70, 0x6f, 0x6f, 0x6e,
0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f,
0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61,
0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x20,
0x45, 0x53, 0x4d, 0x54, 0x50, 0x20, 0x50, 0x6f,
0x73, 0x74, 0x66, 0x69, 0x78, 0x0d, 0x0a
};
uint32_t welcome_reply_len = sizeof(welcome_reply);
/* EHLO boo.com<CR><LF> */
uint8_t request1[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a
};
uint32_t request1_len = sizeof(request1);
/* 250-poona_slack_vm1.localdomain<CR><LF>
* 250-PIPELINING<CR><LF>
* 250-SIZE 10240000<CR><LF>
* 250-VRFY<CR><LF>
* 250-ETRN<CR><LF>
* 250-ENHANCEDSTATUSCODES<CR><LF>
* 250-8BITMIME<CR><LF>
* 250 DSN<CR><LF>
*/
uint8_t reply1[] = {
0x32, 0x35, 0x30, 0x2d, 0x70, 0x6f, 0x6f, 0x6e,
0x61, 0x5f, 0x73, 0x6c, 0x61, 0x63, 0x6b, 0x5f,
0x76, 0x6d, 0x31, 0x2e, 0x6c, 0x6f, 0x63, 0x61,
0x6c, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x0d,
0x0a, 0x32, 0x35, 0x30, 0x2d, 0x50, 0x49, 0x50,
0x45, 0x4c, 0x49, 0x4e, 0x49, 0x4e, 0x47, 0x0d,
0x0a, 0x32, 0x35, 0x30, 0x2d, 0x53, 0x49, 0x5a,
0x45, 0x20, 0x31, 0x30, 0x32, 0x34, 0x30, 0x30,
0x30, 0x30, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d,
0x56, 0x52, 0x46, 0x59, 0x0d, 0x0a, 0x32, 0x35,
0x30, 0x2d, 0x45, 0x54, 0x52, 0x4e, 0x0d, 0x0a,
0x32, 0x35, 0x30, 0x2d, 0x45, 0x4e, 0x48, 0x41,
0x4e, 0x43, 0x45, 0x44, 0x53, 0x54, 0x41, 0x54,
0x55, 0x53, 0x43, 0x4f, 0x44, 0x45, 0x53, 0x0d,
0x0a, 0x32, 0x35, 0x30, 0x2d, 0x38, 0x42, 0x49,
0x54, 0x4d, 0x49, 0x4d, 0x45, 0x0d, 0x0a, 0x32,
0x35, 0x30, 0x20, 0x44, 0x53, 0x4e, 0x0d, 0x0a
};
uint32_t reply1_len = sizeof(reply1);
/* STARTTLS<CR><LF> */
uint8_t request2[] = {
0x53, 0x54, 0x41, 0x52, 0x54, 0x54, 0x4c, 0x53,
0x0d, 0x0a
};
uint32_t request2_len = sizeof(request2);
/* 502 5.5.2 Error: command not recognized<CR><LF> */
uint8_t reply2[] = {
0x35, 0x30, 0x32, 0x20, 0x35, 0x2e, 0x35, 0x2e,
0x32, 0x20, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x3a,
0x20, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64,
0x20, 0x6e, 0x6f, 0x74, 0x20, 0x72, 0x65, 0x63,
0x6f, 0x67, 0x6e, 0x69, 0x7a, 0x65, 0x64, 0x0d,
0x0a
};
uint32_t reply2_len = sizeof(reply2);
/* QUIT<CR><LF> */
uint8_t request3[] = {
0x51, 0x55, 0x49, 0x54, 0x0d, 0x0a
};
uint32_t request3_len = sizeof(request3);
/* 221 2.0.0 Bye<CR><LF> */
uint8_t reply3[] = {
0x32, 0x32, 0x31, 0x20, 0x32, 0x2e, 0x30, 0x2e,
0x30, 0x20, 0x42, 0x79, 0x65, 0x0d, 0x0a
};
uint32_t reply3_len = sizeof(reply3);
TcpSession ssn;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
void *thread_local_data = SMTPLocalStorageAlloc();
smtp parser support
14 years ago
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
welcome_reply, welcome_reply_len);
smtp parser support
14 years ago
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
App Layer cleanup Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate. Various cleanups and dead code removal from the app layer API. Should safe 100+ bytes memory per flow on 64 bit. Updated lots of unittests to reflect these changes.
14 years ago
SMTPState *smtp_state = f.alstate;
smtp parser support
14 years ago
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
if (smtp_state->input_len != 0 ||
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
smtp_state->cmds_cnt != 0 ||
smtp parser support
14 years ago
smtp_state->cmds_idx != 0 ||
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
smtp parser support
14 years ago
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
request1, request1_len);
smtp parser support
14 years ago
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply1, reply1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_STARTTLS ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply2, reply2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
if ((f.flags & FLOW_NOPAYLOAD_INSPECTION) ||
(f.flags & FLOW_NO_APPLAYER_INSPECTION) ||
(((TcpSession *)f.protoctx)->server.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) ||
(((TcpSession *)f.protoctx)->client.flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY)) {
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
smtp parser support
14 years ago
request3, request3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
smtp parser support
14 years ago
reply3, reply3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
smtp parser support
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
result = 1;
end:
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
SMTPLocalStorageFree(thread_local_data);
smtp parser support
14 years ago
return result;
}
support bdat smtp keyword - bug #347
14 years ago
/**
* \test Test multiple DATA commands(full mail transactions).
*/
int SMTPParserTest06(void)
{
int result = 0;
Flow f;
int r = 0;
uint8_t welcome_reply[] = {
0x32, 0x32, 0x30, 0x20, 0x62, 0x61, 0x79, 0x30,
0x2d, 0x6d, 0x63, 0x36, 0x2d, 0x66, 0x31, 0x30,
0x2e, 0x62, 0x61, 0x79, 0x30, 0x2e, 0x68, 0x6f,
0x74, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f,
0x6d, 0x20, 0x53, 0x65, 0x6e, 0x64, 0x69, 0x6e,
0x67, 0x20, 0x75, 0x6e, 0x73, 0x6f, 0x6c, 0x69,
0x63, 0x69, 0x74, 0x65, 0x64, 0x20, 0x63, 0x6f,
0x6d, 0x6d, 0x65, 0x72, 0x63, 0x69, 0x61, 0x6c,
0x20, 0x6f, 0x72, 0x20, 0x62, 0x75, 0x6c, 0x6b,
0x20, 0x65, 0x2d, 0x6d, 0x61, 0x69, 0x6c, 0x20,
0x74, 0x6f, 0x20, 0x4d, 0x69, 0x63, 0x72, 0x6f,
0x73, 0x6f, 0x66, 0x74, 0x27, 0x73, 0x20, 0x63,
0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x72, 0x20,
0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x20,
0x69, 0x73, 0x20, 0x70, 0x72, 0x6f, 0x68, 0x69,
0x62, 0x69, 0x74, 0x65, 0x64, 0x2e, 0x20, 0x4f,
0x74, 0x68, 0x65, 0x72, 0x20, 0x72, 0x65, 0x73,
0x74, 0x72, 0x69, 0x63, 0x74, 0x69, 0x6f, 0x6e,
0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x66, 0x6f,
0x75, 0x6e, 0x64, 0x20, 0x61, 0x74, 0x20, 0x68,
0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x70, 0x72,
0x69, 0x76, 0x61, 0x63, 0x79, 0x2e, 0x6d, 0x73,
0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x6e,
0x74, 0x69, 0x2d, 0x73, 0x70, 0x61, 0x6d, 0x2f,
0x2e, 0x20, 0x56, 0x69, 0x6f, 0x6c, 0x61, 0x74,
0x69, 0x6f, 0x6e, 0x73, 0x20, 0x77, 0x69, 0x6c,
0x6c, 0x20, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74,
0x20, 0x69, 0x6e, 0x20, 0x75, 0x73, 0x65, 0x20,
0x6f, 0x66, 0x20, 0x65, 0x71, 0x75, 0x69, 0x70,
0x6d, 0x65, 0x6e, 0x74, 0x20, 0x6c, 0x6f, 0x63,
0x61, 0x74, 0x65, 0x64, 0x20, 0x69, 0x6e, 0x20,
0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e,
0x69, 0x61, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x6f,
0x74, 0x68, 0x65, 0x72, 0x20, 0x73, 0x74, 0x61,
0x74, 0x65, 0x73, 0x2e, 0x20, 0x46, 0x72, 0x69,
0x2c, 0x20, 0x31, 0x36, 0x20, 0x46, 0x65, 0x62,
0x20, 0x32, 0x30, 0x30, 0x37, 0x20, 0x30, 0x35,
0x3a, 0x30, 0x33, 0x3a, 0x32, 0x33, 0x20, 0x2d,
0x30, 0x38, 0x30, 0x30, 0x20, 0x0d, 0x0a
};
uint32_t welcome_reply_len = sizeof(welcome_reply);
uint8_t request1[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x45, 0x58, 0x43,
0x48, 0x41, 0x4e, 0x47, 0x45, 0x32, 0x2e, 0x63,
0x67, 0x63, 0x65, 0x6e, 0x74, 0x2e, 0x6d, 0x69,
0x61, 0x6d, 0x69, 0x2e, 0x65, 0x64, 0x75, 0x0d,
0x0a
};
uint32_t request1_len = sizeof(request1);
uint8_t reply1[] = {
0x32, 0x35, 0x30, 0x2d, 0x62, 0x61, 0x79, 0x30,
0x2d, 0x6d, 0x63, 0x36, 0x2d, 0x66, 0x31, 0x30,
0x2e, 0x62, 0x61, 0x79, 0x30, 0x2e, 0x68, 0x6f,
0x74, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f,
0x6d, 0x20, 0x28, 0x33, 0x2e, 0x33, 0x2e, 0x31,
0x2e, 0x34, 0x29, 0x20, 0x48, 0x65, 0x6c, 0x6c,
0x6f, 0x20, 0x5b, 0x31, 0x32, 0x39, 0x2e, 0x31,
0x37, 0x31, 0x2e, 0x33, 0x32, 0x2e, 0x35, 0x39,
0x5d, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x53,
0x49, 0x5a, 0x45, 0x20, 0x32, 0x39, 0x36, 0x39,
0x36, 0x30, 0x30, 0x30, 0x0d, 0x0a, 0x32, 0x35,
0x30, 0x2d, 0x50, 0x49, 0x50, 0x45, 0x4c, 0x49,
0x4e, 0x49, 0x4e, 0x47, 0x0d, 0x0a, 0x32, 0x35,
0x30, 0x2d, 0x38, 0x62, 0x69, 0x74, 0x6d, 0x69,
0x6d, 0x65, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d,
0x42, 0x49, 0x4e, 0x41, 0x52, 0x59, 0x4d, 0x49,
0x4d, 0x45, 0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d,
0x43, 0x48, 0x55, 0x4e, 0x4b, 0x49, 0x4e, 0x47,
0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x41, 0x55,
0x54, 0x48, 0x20, 0x4c, 0x4f, 0x47, 0x49, 0x4e,
0x0d, 0x0a, 0x32, 0x35, 0x30, 0x2d, 0x41, 0x55,
0x54, 0x48, 0x3d, 0x4c, 0x4f, 0x47, 0x49, 0x4e,
0x0d, 0x0a, 0x32, 0x35, 0x30, 0x20, 0x4f, 0x4b,
0x0d, 0x0a
};
uint32_t reply1_len = sizeof(reply1);
/* MAIL FROM:asdff@asdf.com<CR><LF> */
uint8_t request2[] = {
0x4d, 0x41, 0x49, 0x4c, 0x20, 0x46, 0x52, 0x4f,
0x4d, 0x3a, 0x61, 0x73, 0x64, 0x66, 0x66, 0x40,
0x61, 0x73, 0x64, 0x66, 0x2e, 0x63, 0x6f, 0x6d,
0x0d, 0x0a
};
uint32_t request2_len = sizeof(request2);
/* 250 2.1.0 Ok<CR><LF> */
uint8_t reply2[] = {
0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e,
0x30, 0x20, 0x4f, 0x6b, 0x0d, 0x0a
};
uint32_t reply2_len = sizeof(reply2);
/* RCPT TO:bimbs@gmail.com<CR><LF> */
uint8_t request3[] = {
0x52, 0x43, 0x50, 0x54, 0x20, 0x54, 0x4f, 0x3a,
0x62, 0x69, 0x6d, 0x62, 0x73, 0x40, 0x67, 0x6d,
0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x0d,
0x0a
};
uint32_t request3_len = sizeof(request3);
/* 250 2.1.5 Ok<CR><LF> */
uint8_t reply3[] = {
0x32, 0x35, 0x30, 0x20, 0x32, 0x2e, 0x31, 0x2e,
0x35, 0x20, 0x4f, 0x6b, 0x0d, 0x0a
};
uint32_t reply3_len = sizeof(reply3);
/* BDAT 51<CR><LF> */
uint8_t request4[] = {
0x42, 0x44, 0x41, 0x54, 0x20, 0x35, 0x31, 0x0d,
0x0a,
};
uint32_t request4_len = sizeof(request4);
uint8_t request5[] = {
0x46, 0x52, 0x4f, 0x4d, 0x3a, 0x61, 0x73, 0x64,
0x66, 0x66, 0x40, 0x61, 0x73, 0x64, 0x66, 0x2e,
0x66, 0x66, 0x40, 0x61, 0x73, 0x64, 0x66, 0x2e,
0x66, 0x66, 0x40, 0x61, 0x73, 0x64, 0x0d, 0x0a,
};
uint32_t request5_len = sizeof(request5);
uint8_t request6[] = {
0x46, 0x52, 0x4f, 0x4d, 0x3a, 0x61, 0x73, 0x64,
0x66, 0x66, 0x40, 0x61, 0x73, 0x64, 0x66, 0x2e,
0x66, 0x0d, 0x0a,
};
Fix SMTP unittest.
14 years ago
uint32_t request6_len = sizeof(request6);
support bdat smtp keyword - bug #347
14 years ago
TcpSession ssn;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
void *thread_local_data = SMTPLocalStorageAlloc();
support bdat smtp keyword - bug #347
14 years ago
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
welcome_reply, welcome_reply_len);
support bdat smtp keyword - bug #347
14 years ago
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
App Layer cleanup Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate. Various cleanups and dead code removal from the app layer API. Should safe 100+ bytes memory per flow on 64 bit. Updated lots of unittests to reflect these changes.
14 years ago
SMTPState *smtp_state = f.alstate;
support bdat smtp keyword - bug #347
14 years ago
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
if (smtp_state->input_len != 0 ||
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
smtp_state->cmds_cnt != 0 ||
support bdat smtp keyword - bug #347
14 years ago
smtp_state->cmds_idx != 0 ||
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
support bdat smtp keyword - bug #347
14 years ago
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.
12 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
request1, request1_len);
support bdat smtp keyword - bug #347
14 years ago
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
support bdat smtp keyword - bug #347
14 years ago
reply1, reply1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
support bdat smtp keyword - bug #347
14 years ago
request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
support bdat smtp keyword - bug #347
14 years ago
reply2, reply2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
support bdat smtp keyword - bug #347
14 years ago
request3, request3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_OTHER_CMD ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
support bdat smtp keyword - bug #347
14 years ago
reply3, reply3_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 0 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN)) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
support bdat smtp keyword - bug #347
14 years ago
request4, request4_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->cmds[0] != SMTP_COMMAND_BDAT ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE) ||
smtp_state->bdat_chunk_len != 51 ||
smtp_state->bdat_chunk_idx != 0) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
support bdat smtp keyword - bug #347
14 years ago
request5, request5_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != (SMTP_PARSER_STATE_FIRST_REPLY_SEEN |
SMTP_PARSER_STATE_COMMAND_DATA_MODE) ||
smtp_state->bdat_chunk_len != 51 ||
smtp_state->bdat_chunk_idx != 32) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
support bdat smtp keyword - bug #347
14 years ago
request6, request6_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
support bdat smtp keyword - bug #347
14 years ago
if (smtp_state->input_len != 0 ||
smtp_state->cmds_cnt != 1 ||
smtp_state->cmds_idx != 0 ||
smtp_state->parser_state != SMTP_PARSER_STATE_FIRST_REPLY_SEEN ||
smtp_state->bdat_chunk_len != 51 ||
smtp_state->bdat_chunk_idx != 51) {
printf("smtp parser in inconsistent state\n");
goto end;
}
result = 1;
end:
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
SMTPLocalStorageFree(thread_local_data);
support bdat smtp keyword - bug #347
14 years ago
return result;
}
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
/*
* \test Test retrieving lines when frag'ed.
*/
int SMTPParserTest07(void)
{
int result = 0;
Flow f;
int r = 0;
const char *request1_str = "EHLO boo.com";
/* EHLO boo.com<CR> */
uint8_t request1_1[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e, 0x63, 0x6f, 0x6d, 0x0d,
};
int32_t request1_1_len = sizeof(request1_1);
/* <LF> */
uint8_t request1_2[] = {
0x0a
};
int32_t request1_2_len = sizeof(request1_2);
/* EHLO boo.com<CR><LF> */
uint8_t request2[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a,
};
int32_t request2_len = sizeof(request2);
TcpSession ssn;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
void *thread_local_data = SMTPLocalStorageAlloc();
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request1_1, request1_1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
changes to accomodate master rebase
14 years ago
SMTPState *smtp_state = f.alstate;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
if (smtp_state->current_line != NULL ||
smtp_state->current_line_len != 0 ||
smtp_state->ts_current_line_db != 1 ||
smtp_state->ts_db == NULL ||
smtp_state->ts_db_len != request1_1_len ||
memcmp(smtp_state->ts_db, request1_1, request1_1_len) != 0) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request1_2, request1_2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state->ts_current_line_db != 1 ||
smtp_state->ts_db == NULL ||
smtp_state->ts_db_len != (int32_t)strlen(request1_str) ||
memcmp(smtp_state->ts_db, request1_str, strlen(request1_str)) != 0 ||
smtp_state->current_line != smtp_state->ts_db ||
smtp_state->current_line_len != smtp_state->ts_db_len) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state->ts_current_line_db != 0 ||
smtp_state->ts_db != NULL ||
smtp_state->ts_db_len != 0 ||
smtp_state->current_line == NULL ||
smtp_state->current_line_len != (int32_t)strlen(request1_str) ||
memcmp(smtp_state->current_line, request1_str, strlen(request1_str)) != 0) {
printf("smtp parser in inconsistent state\n");
goto end;
}
result = 1;
end:
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
SMTPLocalStorageFree(thread_local_data);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
return result;
}
/*
* \test Test retrieving lines when frag'ed.
*/
int SMTPParserTest08(void)
{
int result = 0;
Flow f;
int r = 0;
const char *request1_str = "EHLO boo.com";
/* EHLO boo.com */
uint8_t request1_1[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e, 0x63, 0x6f, 0x6d,
};
int32_t request1_1_len = sizeof(request1_1);
/* <CR><LF> */
uint8_t request1_2[] = {
0x0d, 0x0a
};
int32_t request1_2_len = sizeof(request1_2);
/* EHLO boo.com<CR><LF> */
uint8_t request2[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a,
};
int32_t request2_len = sizeof(request2);
TcpSession ssn;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
void *thread_local_data = SMTPLocalStorageAlloc();
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request1_1, request1_1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
changes to accomodate master rebase
14 years ago
SMTPState *smtp_state = f.alstate;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
if (smtp_state->current_line != NULL ||
smtp_state->current_line_len != 0 ||
smtp_state->ts_current_line_db != 1 ||
smtp_state->ts_db == NULL ||
smtp_state->ts_db_len != request1_1_len ||
memcmp(smtp_state->ts_db, request1_1, request1_1_len) != 0) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request1_2, request1_2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state->ts_current_line_db != 1 ||
smtp_state->ts_db == NULL ||
smtp_state->ts_db_len != (int32_t)strlen(request1_str) ||
memcmp(smtp_state->ts_db, request1_str, strlen(request1_str)) != 0 ||
smtp_state->current_line != smtp_state->ts_db ||
smtp_state->current_line_len != smtp_state->ts_db_len) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state->ts_current_line_db != 0 ||
smtp_state->ts_db != NULL ||
smtp_state->ts_db_len != 0 ||
smtp_state->current_line == NULL ||
smtp_state->current_line_len != (int32_t)strlen(request1_str) ||
memcmp(smtp_state->current_line, request1_str, strlen(request1_str)) != 0) {
printf("smtp parser in inconsistent state\n");
goto end;
}
result = 1;
end:
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
SMTPLocalStorageFree(thread_local_data);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
return result;
}
/*
* \test Test retrieving lines when frag'ed.
*/
int SMTPParserTest09(void)
{
int result = 0;
Flow f;
int r = 0;
const char *request1_str = "EHLO boo.com";
/* EHLO boo. */
uint8_t request1_1[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e,
};
int32_t request1_1_len = sizeof(request1_1);
/* com<CR><LF> */
uint8_t request1_2[] = {
0x63, 0x6f, 0x6d, 0x0d, 0x0a
};
int32_t request1_2_len = sizeof(request1_2);
/* EHLO boo.com<CR><LF> */
uint8_t request2[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a,
};
int32_t request2_len = sizeof(request2);
TcpSession ssn;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
void *thread_local_data = SMTPLocalStorageAlloc();
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request1_1, request1_1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
changes to accomodate master rebase
14 years ago
SMTPState *smtp_state = f.alstate;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
if (smtp_state->current_line != NULL ||
smtp_state->current_line_len != 0 ||
smtp_state->ts_current_line_db != 1 ||
smtp_state->ts_db == NULL ||
smtp_state->ts_db_len != request1_1_len ||
memcmp(smtp_state->ts_db, request1_1, request1_1_len) != 0) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request1_2, request1_2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state->ts_current_line_db != 1 ||
smtp_state->ts_db == NULL ||
smtp_state->ts_db_len != (int32_t)strlen(request1_str) ||
memcmp(smtp_state->ts_db, request1_str, strlen(request1_str)) != 0 ||
smtp_state->current_line != smtp_state->ts_db ||
smtp_state->current_line_len != smtp_state->ts_db_len) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state->ts_current_line_db != 0 ||
smtp_state->ts_db != NULL ||
smtp_state->ts_db_len != 0 ||
smtp_state->current_line == NULL ||
smtp_state->current_line_len != (int32_t)strlen(request1_str) ||
memcmp(smtp_state->current_line, request1_str, strlen(request1_str)) != 0) {
printf("smtp parser in inconsistent state\n");
goto end;
}
result = 1;
end:
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
SMTPLocalStorageFree(thread_local_data);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
return result;
}
/*
* \test Test retrieving lines when frag'ed.
*/
int SMTPParserTest10(void)
{
int result = 0;
Flow f;
int r = 0;
const char *request1_str = "";
/* EHLO boo. */
uint8_t request1_1[] = {
0x0d,
};
int32_t request1_1_len = sizeof(request1_1);
/* com<CR><LF> */
uint8_t request1_2[] = {
0x0a,
};
int32_t request1_2_len = sizeof(request1_2);
const char *request2_str = "EHLO boo.com";
/* EHLO boo.com<CR><LF> */
uint8_t request2[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a,
};
int32_t request2_len = sizeof(request2);
TcpSession ssn;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
void *thread_local_data = SMTPLocalStorageAlloc();
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request1_1, request1_1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
changes to accomodate master rebase
14 years ago
SMTPState *smtp_state = f.alstate;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
if (smtp_state->current_line != NULL ||
smtp_state->current_line_len != 0 ||
smtp_state->ts_current_line_db != 1 ||
smtp_state->ts_db == NULL ||
smtp_state->ts_db_len != request1_1_len ||
memcmp(smtp_state->ts_db, request1_1, request1_1_len) != 0) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request1_2, request1_2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state->ts_current_line_db != 1 ||
smtp_state->ts_db == NULL ||
smtp_state->ts_db_len != (int32_t)strlen(request1_str) ||
memcmp(smtp_state->ts_db, request1_str, strlen(request1_str)) != 0 ||
smtp_state->current_line != smtp_state->ts_db ||
smtp_state->current_line_len != smtp_state->ts_db_len) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state->ts_current_line_db != 0 ||
smtp_state->ts_db != NULL ||
smtp_state->ts_db_len != 0 ||
smtp_state->current_line == NULL ||
smtp_state->current_line_len != (int32_t)strlen(request2_str) ||
memcmp(smtp_state->current_line, request2_str, strlen(request2_str)) != 0) {
printf("smtp parser in inconsistent state\n");
goto end;
}
result = 1;
end:
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
SMTPLocalStorageFree(thread_local_data);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
return result;
}
/*
* \test Test retrieving lines when frag'ed.
*/
int SMTPParserTest11(void)
{
int result = 0;
Flow f;
int r = 0;
const char *request1_str = "";
/* EHLO boo. */
uint8_t request1[] = {
0x0a,
};
int32_t request1_len = sizeof(request1);
const char *request2_str = "EHLO boo.com";
/* EHLO boo.com<CR><LF> */
uint8_t request2[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a,
};
int32_t request2_len = sizeof(request2);
TcpSession ssn;
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
StreamTcpInitConfig(TRUE);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
void *thread_local_data = SMTPLocalStorageAlloc();
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request1, request1_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
changes to accomodate master rebase
14 years ago
SMTPState *smtp_state = f.alstate;
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
if (smtp_state->current_line == NULL ||
smtp_state->current_line_len != 0 ||
smtp_state->ts_current_line_db == 1 ||
smtp_state->ts_db != NULL ||
smtp_state->ts_db_len != 0 ||
memcmp(smtp_state->current_line, request1_str, strlen(request1_str)) != 0) {
printf("smtp parser in inconsistent state\n");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
request2, request2_len);
if (r != 0) {
printf("smtp check returned %" PRId32 ", expected 0: ", r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
if (smtp_state->ts_current_line_db != 0 ||
smtp_state->ts_db != NULL ||
smtp_state->ts_db_len != 0 ||
smtp_state->current_line == NULL ||
smtp_state->current_line_len != (int32_t)strlen(request2_str) ||
memcmp(smtp_state->current_line, request2_str, strlen(request2_str)) != 0) {
printf("smtp parser in inconsistent state\n");
goto end;
}
result = 1;
end:
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
add thread local storage support for smtp + remove pmq that was init/freed as part of smtp_state alloc to use the thread local data passed by the app layer engine
14 years ago
SMTPLocalStorageFree(thread_local_data);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
return result;
}
Support for smtp decoder events
14 years ago
int SMTPParserTest12(void)
{
int result = 0;
Signature *s = NULL;
ThreadVars th_v;
Packet *p = NULL;
Flow f;
TcpSession ssn;
DetectEngineThreadCtx *det_ctx = NULL;
DetectEngineCtx *de_ctx = NULL;
SMTPState *smtp_state = NULL;
int r = 0;
/* EHLO boo.com<CR><LF> */
uint8_t request1[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a,
};
int32_t request1_len = sizeof(request1);
/* 388<CR><LF>
*/
uint8_t reply1[] = {
0x31, 0x38, 0x38, 0x0d, 0x0a,
};
uint32_t reply1_len = sizeof(reply1);
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
f.alproto = ALPROTO_SMTP;
StreamTcpInitConfig(TRUE);
void *thread_local_data = SMTPLocalStorageAlloc();
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
s = DetectEngineAppendSig(de_ctx,"alert tcp any any -> any any "
"(msg:\"SMTP event handling\"; "
Rename app_layer_events to app-layer-events. Misc fixes/changes.
14 years ago
"app-layer-event: smtp.invalid_reply; "
Support for smtp decoder events
14 years ago
"sid:1;)");
if (s == NULL)
goto end;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
Support for smtp decoder events
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER | STREAM_START,
request1, request1_len);
if (r != 0) {
printf("AppLayerParse for smtp failed. Returned %" PRId32, r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
Support for smtp decoder events
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
Support for smtp decoder events
14 years ago
smtp_state = f.alstate;
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (PacketAlertCheck(p, 1)) {
printf("sid 1 matched. It shouldn't match: ");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
Support for smtp decoder events
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT | STREAM_TOCLIENT,
reply1, reply1_len);
if (r == 0) {
printf("AppLayerParse for smtp failed. Returned %" PRId32, r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
Support for smtp decoder events
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
Support for smtp decoder events
14 years ago
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (!PacketAlertCheck(p, 1)) {
printf("sid 1 didn't match. Should have matched: ");
goto end;
}
result = 1;
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamTcpFreeConfig(TRUE);
SMTPLocalStorageFree(thread_local_data);
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
return result;
}
int SMTPParserTest13(void)
{
int result = 0;
Signature *s = NULL;
ThreadVars th_v;
Packet *p = NULL;
Flow f;
TcpSession ssn;
DetectEngineThreadCtx *det_ctx = NULL;
DetectEngineCtx *de_ctx = NULL;
SMTPState *smtp_state = NULL;
int r = 0;
/* EHLO boo.com<CR><LF> */
uint8_t request1[] = {
0x45, 0x48, 0x4c, 0x4f, 0x20, 0x62, 0x6f, 0x6f,
0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a,
};
int32_t request1_len = sizeof(request1);
/* 250<CR><LF>
*/
uint8_t reply1[] = {
0x32, 0x35, 0x30, 0x0d, 0x0a,
};
uint32_t reply1_len = sizeof(reply1);
/* MAIL FROM:pbsf@asdfs.com<CR><LF>
* RCPT TO:pbsf@asdfs.com<CR><LF>
* DATA<CR><LF>
* STARTTLS<CR><LF>
*/
uint8_t request2[] = {
0x4d, 0x41, 0x49, 0x4c, 0x20, 0x46, 0x52, 0x4f,
0x4d, 0x3a, 0x70, 0x62, 0x73, 0x66, 0x40, 0x61,
0x73, 0x64, 0x66, 0x73, 0x2e, 0x63, 0x6f, 0x6d,
0x0d, 0x0a, 0x52, 0x43, 0x50, 0x54, 0x20, 0x54,
0x4f, 0x3a, 0x70, 0x62, 0x73, 0x66, 0x40, 0x61,
0x73, 0x64, 0x66, 0x73, 0x2e, 0x63, 0x6f, 0x6d,
0x0d, 0x0a, 0x44, 0x41, 0x54, 0x41, 0x0d, 0x0a,
0x53, 0x54, 0x41, 0x52, 0x54, 0x54, 0x4c, 0x53,
0x0d, 0x0a
};
uint32_t request2_len = sizeof(request2);
memset(&th_v, 0, sizeof(th_v));
memset(&f, 0, sizeof(f));
memset(&ssn, 0, sizeof(ssn));
p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
f.alproto = ALPROTO_SMTP;
StreamTcpInitConfig(TRUE);
void *thread_local_data = SMTPLocalStorageAlloc();
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
"(msg:\"SMTP event handling\"; "
Rename app_layer_events to app-layer-events. Misc fixes/changes.
14 years ago
"app-layer-event: "
Support for smtp decoder events
14 years ago
"smtp.invalid_pipelined_sequence; "
"sid:1;)");
if (s == NULL)
goto end;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
Support for smtp decoder events
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER | STREAM_START,
request1, request1_len);
if (r != 0) {
printf("AppLayerParse for smtp failed. Returned %" PRId32, r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
Support for smtp decoder events
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
Support for smtp decoder events
14 years ago
smtp_state = f.alstate;
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (PacketAlertCheck(p, 1)) {
printf("sid 1 matched. It shouldn't match: ");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
Support for smtp decoder events
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOCLIENT,
reply1, reply1_len);
if (r != 0) {
printf("AppLayerParse for smtp failed. Returned %" PRId32, r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
Support for smtp decoder events
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
Support for smtp decoder events
14 years ago
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (PacketAlertCheck(p, 1)) {
printf("sid 1 matched. It shouldn't match: ");
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexLock(&f.m);
Support for smtp decoder events
14 years ago
r = AppLayerParse(thread_local_data, &f, ALPROTO_SMTP, STREAM_TOSERVER,
request2, request2_len);
if (r != 0) {
printf("AppLayerParse for smtp failed. Returned %" PRId32, r);
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
Support for smtp decoder events
14 years ago
goto end;
}
unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.
12 years ago
SCMutexUnlock(&f.m);
Support for smtp decoder events
14 years ago
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (!PacketAlertCheck(p, 1)) {
printf("sid 1 didn't match. Should have matched: ");
goto end;
}
result = 1;
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamTcpFreeConfig(TRUE);
SMTPLocalStorageFree(thread_local_data);
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
return result;
}
minor changes in smtp parser decoder wrt direction check loop + add missing ifdef unittests
14 years ago
#endif /* UNITTESTS */
smtp parser support
14 years ago
void SMTPParserRegisterTests(void)
{
minor changes in smtp parser decoder wrt direction check loop + add missing ifdef unittests
14 years ago
#ifdef UNITTESTS
smtp parser support
14 years ago
UtRegisterTest("SMTPParserTest01", SMTPParserTest01, 1);
UtRegisterTest("SMTPParserTest02", SMTPParserTest02, 1);
UtRegisterTest("SMTPParserTest03", SMTPParserTest03, 1);
UtRegisterTest("SMTPParserTest04", SMTPParserTest04, 1);
UtRegisterTest("SMTPParserTest05", SMTPParserTest05, 1);
support bdat smtp keyword - bug #347
14 years ago
UtRegisterTest("SMTPParserTest06", SMTPParserTest06, 1);
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
UtRegisterTest("SMTPParserTest07", SMTPParserTest07, 1);
UtRegisterTest("SMTPParserTest08", SMTPParserTest08, 1);
UtRegisterTest("SMTPParserTest09", SMTPParserTest09, 1);
UtRegisterTest("SMTPParserTest10", SMTPParserTest10, 1);
UtRegisterTest("SMTPParserTest11", SMTPParserTest11, 1);
Support for smtp decoder events
14 years ago
UtRegisterTest("SMTPParserTest12", SMTPParserTest12, 1);
UtRegisterTest("SMTPParserTest13", SMTPParserTest13, 1);
minor changes in smtp parser decoder wrt direction check loop + add missing ifdef unittests
14 years ago
#endif /* UNITTESTS */
fix smtp parser handling fragmented lines + add new unittests to check the same
14 years ago
smtp parser support
14 years ago
return;
}