diff options
author | Gilbert Ramirez <gram@alumni.rice.edu> | 2004-07-18 18:06:47 +0000 |
---|---|---|
committer | Gilbert Ramirez <gram@alumni.rice.edu> | 2004-07-18 18:06:47 +0000 |
commit | 669db206cb1f270046ad400fff7655e20c63e723 (patch) | |
tree | 4eff24a2e16c8963e497e1fc575f35e6af59bd26 /epan/dissectors/packet-smtp.c | |
parent | ae46c27a38700af669ef907491081f09df6f6b2c (diff) |
Move dissectors to epan/dissectors directory.
Also move ncp222.py, x11-fields, process-x11-fields.pl,
make-reg-dotc, and make-reg-dotc.py.
Adjust #include lines in files that include packet-*.h
files.
svn path=/trunk/; revision=11410
Diffstat (limited to 'epan/dissectors/packet-smtp.c')
-rw-r--r-- | epan/dissectors/packet-smtp.c | 597 |
1 files changed, 597 insertions, 0 deletions
diff --git a/epan/dissectors/packet-smtp.c b/epan/dissectors/packet-smtp.c new file mode 100644 index 0000000000..f95978411c --- /dev/null +++ b/epan/dissectors/packet-smtp.c @@ -0,0 +1,597 @@ +/* packet-smtp.c + * Routines for SMTP packet disassembly + * + * $Id$ + * + * Copyright (c) 2000 by Richard Sharpe <rsharpe@ns.aus.com> + * + * Ethereal - Network traffic analyzer + * By Gerald Combs <gerald@ethereal.com> + * Copyright 1999 Gerald Combs + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <ctype.h> +#include <time.h> +#include <glib.h> +#include <string.h> +#include <epan/packet.h> +#include <epan/conversation.h> +#include <epan/resolv.h> +#include "prefs.h" +#include <epan/strutil.h> + +#define TCP_PORT_SMTP 25 + +static int proto_smtp = -1; + +static int hf_smtp_req = -1; +static int hf_smtp_rsp = -1; +static int hf_smtp_req_command = -1; +static int hf_smtp_req_parameter = -1; +static int hf_smtp_rsp_code = -1; +static int hf_smtp_rsp_parameter = -1; + +static int ett_smtp = -1; +static int ett_smtp_cmdresp = -1; + +/* desegmentation of SMTP command and response lines */ +static gboolean smtp_desegment = TRUE; + +/* + * A CMD is an SMTP command, MESSAGE is the message portion, and EOM is the + * last part of a message + */ + +#define SMTP_PDU_CMD 0 +#define SMTP_PDU_MESSAGE 1 +#define SMTP_PDU_EOM 2 + +struct smtp_proto_data { + guint16 pdu_type; +}; + +static int smtp_packet_init_count = 100; + +/* + * State information stored with a conversation. + */ +struct smtp_request_val { + gboolean reading_data; /* Reading message data, not commands */ + guint16 crlf_seen; /* Have we seen a CRLF on the end of a packet */ +}; + +static GMemChunk *smtp_request_vals = NULL; +static GMemChunk *smtp_packet_infos = NULL; + +static void +smtp_init_protocol(void) +{ + if (smtp_request_vals) + g_mem_chunk_destroy(smtp_request_vals); + if (smtp_packet_infos) + g_mem_chunk_destroy(smtp_packet_infos); + + smtp_request_vals = g_mem_chunk_new("smtp_request_vals", + sizeof(struct smtp_request_val), + smtp_packet_init_count * sizeof(struct smtp_request_val), G_ALLOC_AND_FREE); + smtp_packet_infos = g_mem_chunk_new("smtp_packet_infos", + sizeof(struct smtp_proto_data), + smtp_packet_init_count * sizeof(struct smtp_proto_data), G_ALLOC_AND_FREE); + +} + +static void +dissect_smtp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + struct smtp_proto_data *frame_data; + proto_tree *smtp_tree; + proto_tree *cmdresp_tree; + proto_item *ti; + int offset = 0; + int request = 0; + conversation_t *conversation; + struct smtp_request_val *request_val; + const guchar *line; + guint32 code; + int linelen; + gint length_remaining; + gboolean eom_seen = FALSE; + gint next_offset; + gboolean is_continuation_line; + int cmdlen; + + /* As there is no guarantee that we will only see frames in the + * the SMTP conversation once, and that we will see them in + * order - in Ethereal, the user could randomly click on frames + * in the conversation in any order in which they choose - we + * have to store information with each frame indicating whether + * it contains commands or data or an EOM indication. + * + * XXX - what about frames that contain *both*? TCP is a + * byte-stream protocol, and there are no guarantees that + * TCP segment boundaries will correspond to SMTP commands + * or EOM indications. + * + * We only need that for the client->server stream; responses + * are easy to manage. + * + * If we have per frame data, use that, else, we must be on the first + * pass, so we figure it out on the first pass. + */ + + /* Find out what conversation this packet is part of ... but only + * if we have no information on this packet, so find the per-frame + * info first. + */ + + /* SMTP messages have a simple format ... */ + + request = pinfo -> destport == pinfo -> match_port; + + /* + * Get the first line from the buffer. + * + * Note that "tvb_find_line_end()" will, if it doesn't return + * -1, return a value that is not longer than what's in the buffer, + * and "tvb_find_line_end()" will always return a value that is not + * longer than what's in the buffer, so the "tvb_get_ptr()" call + * won't throw an exception. + */ + linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, + smtp_desegment && pinfo->can_desegment); + if (linelen == -1) { + /* + * We didn't find a line ending, and we're doing desegmentation; + * tell the TCP dissector where the data for this message starts + * in the data it handed us, and tell it we need one more byte + * (we may need more, but we'll try again if what we get next + * isn't enough), and return. + */ + pinfo->desegment_offset = offset; + pinfo->desegment_len = 1; + return; + } + line = tvb_get_ptr(tvb, offset, linelen); + + frame_data = p_get_proto_data(pinfo->fd, proto_smtp); + + if (!frame_data) { + + conversation = find_conversation(&pinfo->src, &pinfo->dst, pinfo->ptype, + pinfo->srcport, pinfo->destport, 0); + if (conversation == NULL) { /* No conversation, create one */ + conversation = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype, + pinfo->srcport, pinfo->destport, 0); + + } + + /* + * Is there a request structure attached to this conversation? + */ + request_val = conversation_get_proto_data(conversation, proto_smtp); + + if (!request_val) { + + /* + * No - create one and attach it. + */ + request_val = g_mem_chunk_alloc(smtp_request_vals); + request_val->reading_data = FALSE; + request_val->crlf_seen = 0; + + conversation_add_proto_data(conversation, proto_smtp, request_val); + + } + + /* + * Check whether or not this packet is an end of message packet + * We should look for CRLF.CRLF and they may be split. + * We have to keep in mind that we may see what we want on + * two passes through here ... + */ + + if (request_val->reading_data) { + + /* + * The order of these is important ... We want to avoid + * cases where there is a CRLF at the end of a packet and a + * .CRLF at the begining of the same packet. + */ + + if ((request_val->crlf_seen && tvb_strneql(tvb, offset, ".\r\n", 3) == 0) || + tvb_strneql(tvb, offset, "\r\n.\r\n", 5) == 0) { + + eom_seen = TRUE; + + } + + length_remaining = tvb_length_remaining(tvb, offset); + if (length_remaining == tvb_reported_length_remaining(tvb, offset) && + tvb_strneql(tvb, offset + length_remaining - 2, "\r\n", 2) == 0) { + + request_val->crlf_seen = 1; + + } + else { + + request_val->crlf_seen = 0; + + } + } + + /* + * OK, Check if we have seen a DATA request. We do it here for + * simplicity, but we have to be careful below. + */ + + if (request) { + + frame_data = g_mem_chunk_alloc(smtp_packet_infos); + + if (request_val->reading_data) { + /* + * This is message data. + */ + if (eom_seen) { /* Seen the EOM */ + /* + * EOM. + * Everything that comes after it is commands. + * + * XXX - what if the EOM isn't at the beginning of + * the TCP segment? It can occur anywhere.... + */ + frame_data->pdu_type = SMTP_PDU_EOM; + request_val->reading_data = FALSE; + } else { + /* + * Message data with no EOM. + */ + frame_data->pdu_type = SMTP_PDU_MESSAGE; + } + } else { + /* + * This is commands - unless the capture started in the + * middle of a session, and we're in the middle of data. + * To quote RFC 821, "Command codes are four alphabetic + * characters"; if we don't see four alphabetic characters + * and, if there's anything else in the line, a space, we + * assume it's not a command. + * (We treat only A-Z and a-z as alphabetic.) + */ +#define ISALPHA(c) (((c) >= 'A' && (c) <= 'Z') || \ + ((c) >= 'a' && (c) <= 'z')) + if (linelen >= 4 && ISALPHA(line[0]) && ISALPHA(line[1]) && + ISALPHA(line[2]) && ISALPHA(line[3]) && + (linelen == 4 || line[4] == ' ')) { + if (strncasecmp(line, "DATA", 4) == 0) { + + /* + * DATA command. + * This is a command, but everything that comes after it, + * until an EOM, is data. + */ + frame_data->pdu_type = SMTP_PDU_CMD; + request_val->reading_data = TRUE; + + } else { + + /* + * Regular command. + */ + frame_data->pdu_type = SMTP_PDU_CMD; + + } + } else { + if ((linelen >= 7) && line[0] == 'X' && ( (strncasecmp(line, "X-EXPS ", 7) == 0) || + ((linelen >=13) && (strncasecmp(line, "X-LINK2STATE ", 13) == 0)) || + ((linelen >= 8) && (strncasecmp(line, "XEXCH50 ", 8) == 0)) )) + frame_data->pdu_type = SMTP_PDU_CMD; + else + /* + * Assume it's message data. + */ + + frame_data->pdu_type = SMTP_PDU_MESSAGE; + + } + + } + + p_add_proto_data(pinfo->fd, proto_smtp, frame_data); + + } + } + + /* + * From here, we simply add items to the tree and info to the info + * fields ... + */ + + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "SMTP"); + + if (check_col(pinfo->cinfo, COL_INFO)) { /* Add the appropriate type here */ + + /* + * If it is a request, we have to look things up, otherwise, just + * display the right things + */ + + if (request) { + + /* We must have frame_data here ... */ + + switch (frame_data->pdu_type) { + case SMTP_PDU_MESSAGE: + + col_set_str(pinfo->cinfo, COL_INFO, "Message Body"); + break; + + case SMTP_PDU_EOM: + + col_add_fstr(pinfo->cinfo, COL_INFO, "EOM: %s", + format_text(line, linelen)); + break; + + case SMTP_PDU_CMD: + + col_add_fstr(pinfo->cinfo, COL_INFO, "Command: %s", + format_text(line, linelen)); + break; + + } + + } + else { + + col_add_fstr(pinfo->cinfo, COL_INFO, "Response: %s", + format_text(line, linelen)); + + } + } + + if (tree) { /* Build the tree info ... */ + + ti = proto_tree_add_item(tree, proto_smtp, tvb, offset, -1, FALSE); + smtp_tree = proto_item_add_subtree(ti, ett_smtp); + if (request) { + + /* + * Check out whether or not we can see a command in there ... + * What we are looking for is not data_seen and the word DATA + * and not eom_seen. + * + * We will see DATA and request_val->data_seen when we process the + * tree view after we have seen a DATA packet when processing + * the packet list pane. + * + * On the first pass, we will not have any info on the packets + * On second and subsequent passes, we will. + */ + + switch (frame_data->pdu_type) { + + case SMTP_PDU_MESSAGE: + + /* + * Message body. + * Put its lines into the protocol tree, a line at a time. + */ + while (tvb_offset_exists(tvb, offset)) { + + /* + * Find the end of the line. + */ + tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); + + /* + * Put this line. + */ + proto_tree_add_text(smtp_tree, tvb, offset, next_offset - offset, + "Message: %s", + tvb_format_text(tvb, offset, next_offset - offset)); + + /* + * Step to the next line. + */ + offset = next_offset; + + } + + break; + + case SMTP_PDU_EOM: + + /* + * End-of-message-body indicator. + * + * XXX - what about stuff after the first line? + * Unlikely, as the client should wait for a response to the + * DATA command this terminates before sending another + * request, but we should probably handle it. + */ + proto_tree_add_text(smtp_tree, tvb, offset, linelen, + "EOM: %s", format_text(line, linelen)); + + break; + + case SMTP_PDU_CMD: + + /* + * Command. + * + * XXX - what about stuff after the first line? + * Unlikely, as the client should wait for a response to the + * previous command before sending another request, but we + * should probably handle it. + */ + if (linelen >= 4) + cmdlen = 4; + else + cmdlen = linelen; + proto_tree_add_boolean_hidden(smtp_tree, hf_smtp_req, tvb, + 0, 0, TRUE); + /* + * Put the command line into the protocol tree. + */ + ti = proto_tree_add_text(smtp_tree, tvb, offset, next_offset - offset, + "Command: %s", + tvb_format_text(tvb, offset, next_offset - offset)); + cmdresp_tree = proto_item_add_subtree(ti, ett_smtp_cmdresp); + + proto_tree_add_item(cmdresp_tree, hf_smtp_req_command, tvb, + offset, cmdlen, FALSE); + if (linelen > 5) { + proto_tree_add_item(cmdresp_tree, hf_smtp_req_parameter, tvb, + offset + 5, linelen - 5, FALSE); + } + + } + + } + else { + + /* + * Process the response, a line at a time, until we hit a line + * that doesn't have a continuation indication on it. + */ + proto_tree_add_boolean_hidden(smtp_tree, hf_smtp_rsp, tvb, + 0, 0, TRUE); + + while (tvb_offset_exists(tvb, offset)) { + + /* + * Find the end of the line. + */ + linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); + + /* + * Put it into the protocol tree. + */ + ti = proto_tree_add_text(smtp_tree, tvb, offset, + next_offset - offset, "Response: %s", + tvb_format_text(tvb, offset, + next_offset - offset)); + cmdresp_tree = proto_item_add_subtree(ti, ett_smtp_cmdresp); + + /* + * Is it a continuation line? + */ + is_continuation_line = + (linelen >= 4 && tvb_get_guint8(tvb, offset + 3) == '-'); + + /* + * Put the response code and parameters into the protocol tree. + */ + line = tvb_get_ptr(tvb, offset, linelen); + if (linelen >= 3 && isdigit(line[0]) && isdigit(line[1]) + && isdigit(line[2])) { + /* + * We have a 3-digit response code. + */ + code = (line[0] - '0')*100 + (line[1] - '0')*10 + (line[2] - '0'); + proto_tree_add_uint(cmdresp_tree, hf_smtp_rsp_code, tvb, offset, 3, + code); + + if (linelen >= 4) { + proto_tree_add_item(cmdresp_tree, hf_smtp_rsp_parameter, tvb, + offset + 4, linelen - 4, FALSE); + } + } + + /* + * Step past this line. + */ + offset = next_offset; + + /* + * If it's not a continuation line, quit. + */ + if (!is_continuation_line) + break; + + } + + } + } +} + +/* Register all the bits needed by the filtering engine */ + +void +proto_register_smtp(void) +{ + static hf_register_info hf[] = { + { &hf_smtp_req, + { "Request", "smtp.req", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "", HFILL }}, + + { &hf_smtp_rsp, + { "Response", "smtp.rsp", FT_BOOLEAN, BASE_NONE, NULL, 0x0, "", HFILL }}, + + { &hf_smtp_req_command, + { "Command", "smtp.req.command", FT_STRING, BASE_NONE, NULL, 0x0, + "", HFILL }}, + + { &hf_smtp_req_parameter, + { "Request parameter", "smtp.req.parameter", FT_STRING, BASE_NONE, NULL, 0x0, + "", HFILL }}, + + { &hf_smtp_rsp_code, + { "Response code", "smtp.response.code", FT_UINT32, BASE_DEC, NULL, 0x0, + "", HFILL }}, + + { &hf_smtp_rsp_parameter, + { "Response parameter", "smtp.rsp.parameter", FT_STRING, BASE_NONE, NULL, 0x0, + "", HFILL }} + }; + static gint *ett[] = { + &ett_smtp, + &ett_smtp_cmdresp, + }; + module_t *smtp_module; + + /* No Configuration options to register? */ + + proto_smtp = proto_register_protocol("Simple Mail Transfer Protocol", + "SMTP", "smtp"); + + proto_register_field_array(proto_smtp, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + register_init_routine(&smtp_init_protocol); + + smtp_module = prefs_register_protocol(proto_smtp, NULL); + prefs_register_bool_preference(smtp_module, "desegment_lines", + "Desegment all SMTP command and response lines\nspanning multiple TCP segments", + "Whether the SMTP dissector should desegment all command and response lines spanning multiple TCP segments", + &smtp_desegment); +} + +/* The registration hand-off routine */ +void +proto_reg_handoff_smtp(void) +{ + dissector_handle_t smtp_handle; + + smtp_handle = create_dissector_handle(dissect_smtp, proto_smtp); + dissector_add("tcp.port", TCP_PORT_SMTP, smtp_handle); +} |