diff --git a/packet-smtp.c b/packet-smtp.c index f36785f4f8..07538033f4 100644 --- a/packet-smtp.c +++ b/packet-smtp.c @@ -1,7 +1,7 @@ /* packet-smtp.c * Routines for SMTP packet disassembly * - * $Id: packet-smtp.c,v 1.3 2000/08/20 15:25:17 deniel Exp $ + * $Id: packet-smtp.c,v 1.4 2000/08/24 11:32:09 sharpe Exp $ * * Copyright (c) 2000 by Richard Sharpe * @@ -42,6 +42,7 @@ #include #include #include "packet.h" +#include "conversation.h" #include "resolv.h" #include "prefs.h" @@ -58,6 +59,101 @@ static int ett_smtp = -1; static int global_smtp_tcp_port = TCP_PORT_SMTP; +/* + * A CMD is an SMTP command, MESSAGE is the message portion, and EOM is the + * last part of a message + */ + +#define SMTP_PDU_CMD 0 +#define SMTP_PDU_MESSAGE 1 +#define SMTP_PDU_EOM 2 + +struct smtp_proto_data { + guint16 pdu_type; +}; + +static int smtp_packet_init_count = 100; + +struct smtp_request_key { + guint32 conversation; +}; + +struct smtp_request_val { + guint16 processed; /* Have we processed this conversation? */ + guint16 data_seen; /* Have we seen the data packet */ + guint16 eom_seen; /* Have we seen the end of message */ + guint16 crlf_seen; /* Have we seen a CRLF on the end of a packet */ +}; + +GHashTable *smtp_request_hash = NULL; +GMemChunk *smtp_request_keys = NULL; +GMemChunk *smtp_request_vals = NULL; +GMemChunk *smtp_packet_infos = NULL; + +/* Hash Functions */ +gint +smtp_equal(gconstpointer v, gconstpointer w) +{ + struct smtp_request_key *v1 = (struct smtp_request_key *)v; + struct smtp_request_key *v2 = (struct smtp_request_key *)w; + +#if defined(DEBUG_SMTP_HASH) + printf("Comparing %08X\n and %08X\n", + v1->conversation, v2->conversation); +#endif + + if (v1->conversation == v2->conversation) + return 1; + + return 0; + +} + +static guint +smtp_hash(gconstpointer v) +{ + struct smtp_request_key *key = (struct smtp_request_key *)v; + guint val; + + val = key->conversation; + +#if defined(DEBUG_SMTP_HASH) + printf("SMTP Hash calculated as %u\n", val); +#endif + + return val; + +} + +static void +smtp_init_protocol(void) +{ +#if defined(DEBUG_SMTP_HASH) + printf("Initializing SMB hashtable area\n"); +#endif + + if (smtp_request_hash) + g_hash_table_destroy(smtp_request_hash); + if (smtp_request_keys) + g_mem_chunk_destroy(smtp_request_keys); + if (smtp_request_vals) + g_mem_chunk_destroy(smtp_request_vals); + if (smtp_packet_infos) + g_mem_chunk_destroy(smtp_packet_infos); + + smtp_request_hash = g_hash_table_new(smtp_hash, smtp_equal); + smtp_request_keys = g_mem_chunk_new("smtp_request_keys", + sizeof(struct smtp_request_key), + smtp_packet_init_count * sizeof(struct smtp_request_key), G_ALLOC_AND_FREE); + smtp_request_vals = g_mem_chunk_new("smtp_request_vals", + sizeof(struct smtp_request_val), + smtp_packet_init_count * sizeof(struct smtp_request_val), G_ALLOC_AND_FREE); + smtp_packet_infos = g_mem_chunk_new("smtp_packet_infos", + sizeof(struct smtp_proto_data), + smtp_packet_init_count * sizeof(struct smtp_proto_data), G_ALLOC_AND_FREE); + +} + static int find_smtp_resp_end(const u_char *pd, int offset) { @@ -95,10 +191,13 @@ dissect_smtp(const u_char *pd, int offset, frame_data *fd, /* tvbuff_t *tvb = tvb_create_from_top(offset);*/ packet_info *pinfo = π #endif - void *frame_data; - proto_tree *smtp_tree, *ti; - int request = 0; - const u_char *cmd = NULL, *data = NULL; + struct smtp_proto_data *frame_data; + proto_tree *smtp_tree, *ti; + int request = 0; + const u_char *cmd = NULL; + conversation_t *conversation; + struct smtp_request_key request_key, *new_request_key; + struct smtp_request_val *request_val; #if 0 CHECK_DISPLAY_AS_DATA(proto_smtp, tvb, pinfo, tree); @@ -106,32 +205,182 @@ dissect_smtp(const u_char *pd, int offset, frame_data *fd, OLD_CHECK_DISPLAY_AS_DATA(proto_smtp, pd, offset, fd, tree); #endif - /* Let's figure out this packet ... First check if we have done it - all before ... */ + /* If we have per frame data, use that, else, we must be on the first + * pass, so we figure it out on the first pass. + * + * Since we can't stash info away in a conversation (as they are + * removed during a filter operation, and we can't rely on the visited + * flag, as that is set to 0 during a filter, we must save per-frame + * data for each frame. However, we only need it for requests. Responses + * are easy to manage. + */ - frame_data = p_get_proto_data(pinfo->fd, proto_smtp); + /* Find out what conversation this packet is part of ... but only + * if we have no information on this packet, so find the per-frame + * info first. + */ /* SMTP messages have a simple format ... */ - if (!frame_data) { /* We parse the frame and create the data */ + request = pinfo -> destport == TCP_PORT_SMTP; + cmd = pd + offset; /* FIXME: What about tvb */ - request = pinfo -> destport == TCP_PORT_SMTP; - cmd = pd + offset; /* FIXME: What about tvb */ - data = strchr(cmd, ' '); /* Find the space */ - if (data) data++; /* Skip the space if there */ + frame_data = p_get_proto_data(pinfo->fd, proto_smtp); + if (!frame_data) { + + conversation = find_conversation(&pinfo->src, &pinfo->dst, pi.ptype, + pinfo->srcport, pinfo->destport); + if (conversation == NULL) { /* No conversation, create one */ + conversation = conversation_new(&pinfo->src, &pinfo->dst, pinfo->ptype, + pinfo->srcport, pinfo->destport, NULL); + + } + + /* + * Check for and insert an entry in the request table if does not exist + */ + request_key.conversation = conversation->index; + + request_val = (struct smtp_request_val *)g_hash_table_lookup(smtp_request_hash, &request_key); + + if (!request_val) { /* Create one */ + + new_request_key = g_mem_chunk_alloc(smtp_request_keys); + new_request_key->conversation = conversation->index; + + request_val = g_mem_chunk_alloc(smtp_request_vals); + request_val->processed = 0; + request_val->data_seen = 0; + request_val->eom_seen = 0; + request_val->crlf_seen = 0; + + g_hash_table_insert(smtp_request_hash, new_request_key, request_val); + + } + + /* + * Check whether or not this packet is an end of message packet + * We should look for CRLF.CRLF and they may be split. + * We have to keep in mind that we may see what we want on + * two passes through here ... + */ + + if (request_val->data_seen && !request_val->processed) { + + /* + * The order of these is important ... We want to avoid + * cases where there is a CRLF at the end of a packet and a + * .CRLF at the begining of the same packet. + */ + + if ((request_val->crlf_seen && strncmp(pd + offset, ".\r\n", 3) == 0) || + (strncmp(pd + offset, "\r\n.\r\n", 5) == 0)) { + + request_val->eom_seen = 1; + + } + + if (strncmp(pd + offset + END_OF_FRAME - 2, "\r\n", 2) == 0) { + + request_val->crlf_seen = 1; + + } + else { + + request_val->crlf_seen = 0; + + } + } + + /* + * OK, Check if we have seen a DATA request. We do it here for + * simplicity, but we have to be careful below. + */ + + if (request) { + + frame_data = g_mem_chunk_alloc(smtp_packet_infos); + + if (!request_val->processed) { + if (strncmp(pd + offset, "DATA", 4)==0) { + + request_val->data_seen = 1; + frame_data->pdu_type = SMTP_PDU_CMD; + p_add_proto_data(pinfo->fd, proto_smtp, frame_data); + + } else if ((!request_val->eom_seen) && + (request_val->data_seen)) { + + /* Now, create the frame data for this frame ... */ + + frame_data->pdu_type = SMTP_PDU_MESSAGE; + p_add_proto_data(pinfo->fd, proto_smtp, frame_data); + + } else if (request_val->eom_seen) { /* Seen the EOM */ + + /* Now, we clear the eom_seen and data_seen bits */ + + request_val->eom_seen = request_val->data_seen = 0; + request_val->processed = 1; /* We have seen all the packets */ + + /* And add the packet data */ + + frame_data->pdu_type = SMTP_PDU_EOM; + p_add_proto_data(pinfo->fd, proto_smtp, frame_data); + + } else { + + frame_data->pdu_type = SMTP_PDU_CMD; + p_add_proto_data(pinfo->fd, proto_smtp, frame_data); + + } + } + } } - else { - } + /* + * From here, we simply add items to the tree and info to the info + * fields ... + */ if (check_col(fd, COL_PROTOCOL)) col_add_str(fd, COL_PROTOCOL, "SMTP"); if (check_col(fd, COL_INFO)) { /* Add the appropriate type here */ - col_add_fstr(fd, COL_INFO, "%s", format_text(cmd, END_OF_FRAME)); + /* + * If it is a request, we have to look things up, otherwise, just + * display the right things + */ + if (request) { + + /* We must have frame_data here ... */ + + switch (frame_data->pdu_type) { + case SMTP_PDU_MESSAGE: + + col_add_fstr(pinfo->fd, COL_INFO, "Message: %s", format_text(cmd, END_OF_FRAME)); + break; + + case SMTP_PDU_EOM: + + col_add_fstr(pinfo->fd, COL_INFO, "EOM: %s", format_text(cmd, END_OF_FRAME)); + break; + + case SMTP_PDU_CMD: + + col_add_fstr(pinfo->fd, COL_INFO, "%s", format_text(cmd, END_OF_FRAME)); + + } + + } + else { + + col_add_fstr(pinfo->fd, COL_INFO, "%s", format_text(cmd, END_OF_FRAME)); + + } } if (tree) { /* Build the tree info ... */ @@ -140,10 +389,40 @@ dissect_smtp(const u_char *pd, int offset, frame_data *fd, smtp_tree = proto_item_add_subtree(ti, ett_smtp); proto_tree_add_boolean_hidden(smtp_tree, (request ? hf_smtp_req : hf_smtp_rsp), NullTVB, offset, 4, TRUE); - if (request) { - proto_tree_add_protocol_format(smtp_tree, proto_smtp, NullTVB, offset, 4, "Command: %s", format_text(cmd, 4)); - proto_tree_add_protocol_format(smtp_tree, proto_smtp, NullTVB, offset + 5, END_OF_FRAME, "Parameter: %s", format_text(cmd + 5, END_OF_FRAME - 5)); + + /* + * Check out whether or not we can see a command in there ... + * What we are looking for is not data_seen and the word DATA + * and not eom_seen. + * + * We will see DATA and request_val->data_seen when we process the + * tree view after we have seen a DATA packet when processing + * the packet list pane. + * + * On the first pass, we will not have any info on the packets + * On second and subsequent passes, we will. + */ + + switch (frame_data->pdu_type) { + + case SMTP_PDU_MESSAGE: + + proto_tree_add_protocol_format(smtp_tree, proto_smtp, NullTVB, offset, END_OF_FRAME, "Message: %s", format_text(cmd, END_OF_FRAME)); + + break; + + case SMTP_PDU_EOM: + + proto_tree_add_protocol_format(smtp_tree, proto_smtp, NullTVB, offset, END_OF_FRAME, "EOM: %s", format_text(cmd, END_OF_FRAME)); + + break; + + case SMTP_PDU_CMD: + proto_tree_add_protocol_format(smtp_tree, proto_smtp, NullTVB, offset, 4, "Command: %s", format_text(cmd, 4)); + proto_tree_add_protocol_format(smtp_tree, proto_smtp, NullTVB, offset + 5, END_OF_FRAME, "Parameter: %s", format_text(cmd + 5, END_OF_FRAME - 5)); + + } } else { @@ -161,7 +440,7 @@ dissect_smtp(const u_char *pd, int offset, frame_data *fd, proto_tree_add_protocol_format(smtp_tree, proto_smtp, NullTVB, offset, 3, "Response: %s", format_text(pd + offset, 3)); proto_tree_add_protocol_format(smtp_tree, proto_smtp, NullTVB, offset + 4, END_OF_FRAME, "Parameter: %s", format_text(pd + offset + 4, END_OF_FRAME - 4)); - + } } } @@ -189,6 +468,7 @@ proto_register_smtp(void) proto_register_field_array(proto_smtp, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); + register_init_routine(&smtp_init_protocol); }