app-layer-smtp: move old smtp-mime section in suricata.yaml into

app-layer-protocols.smtp.mine section and update code to accomodate.
12 years ago · e5c36952d6
parent 3e10ee4608
commit e5c36952d6
2 changed files with 22 additions and 20 deletions
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@ -218,7 +218,7 @@ typedef struct SMTPConfig {
 static SMTPConfig smtp_config = { 0, { 0, 0, 0, 0 } };

 /**
- * \brief Configure SMTP Mime Decoder by parsing out 'smtp-mime' section of YAML
+ * \brief Configure SMTP Mime Decoder by parsing out mime section of YAML
 * config file
 *
 * \return none
@ -229,7 +229,7 @@ static void SMTPConfigure(void) {
    int ret = 0, val;
    intmax_t imval;

-    ConfNode *config = ConfGetNode("smtp-mime");
+    ConfNode *config = ConfGetNode("app-layer.protocols.smtp.mime");
    if (config != NULL) {

        ret = ConfGetChildValueBool(config, "decode-mime", &val);
@ -1171,7 +1171,7 @@ static int SMTPRegisterPatternsForProtocolDetection(void)
 }

 /**
- * \brief Register the SMPT Protocol parser.
+ * \brief Register the SMTP Protocol parser.
 */
 void RegisterSMTPParsers(void)
 {
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@ -1159,6 +1159,25 @@ app-layer:
      enabled: yes
    smtp:
      enabled: yes
+      # Configure SMTP-MIME Decoder
+      mime:
+        # Decode MIME messages from SMTP transactions
+        # (may be resource intensive)
+        # This field supercedes all others because it turns the entire
+        # process on or off
+        decode-mime: yes
+
+        # Decode MIME entity bodies (ie. base64, quoted-printable, etc.)
+        decode-base64: yes
+        decode-quoted-printable: yes
+
+        # Maximum bytes per header data value stored in the data structure
+        # (default is 2000)
+        header-value-depth: 2000
+
+        # Extract URLs and save in state data structure
+        extract-urls: yes
+
    imap:
      enabled: detection-only
    msn:
@ -1295,23 +1314,6 @@ app-layer:
           #    double-decode-path: no
           #    double-decode-query: no

-# Configure SMTP-MIME Decoder enhancements
-smtp-mime:
-
-  # Decode MIME messages from SMTP transactions (may be resource intensive)
-  # This field supercedes all others because it turns the entire process on or off
-  decode-mime: yes
-
-  # Decode MIME entity bodies (ie. base64, quoted-printable, etc.)
-  decode-base64: yes
-  decode-quoted-printable: yes
-
-  # Maximum bytes per header data value stored in the data structure (default is 2000)
-  header-value-depth: 2000
-
-  # Extract URLs and save in state data structure
-  extract-urls: yes
-
 # Profiling settings. Only effective if Suricata has been built with the
 # the --enable-profiling configure flag.
 #