"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "scripts/base/protocols/smtp/main.zeek" between
zeek-3.2.2.tar.gz and zeek-3.2.4.tar.gz

About: Zeek (formerly Bro) is a flexible network analysis framework focusing on network security monitoring. Feature release.

main.zeek  (zeek-3.2.2):main.zeek  (zeek-3.2.4)
skipping to change at line 62 skipping to change at line 62
## Value of the User-Agent header from the client. ## Value of the User-Agent header from the client.
user_agent: string &log &optional; user_agent: string &log &optional;
## Indicates that the connection has switched to using TLS. ## Indicates that the connection has switched to using TLS.
tls: bool &log &default=F; tls: bool &log &default=F;
## Indicates if the "Received: from" headers should still be ## Indicates if the "Received: from" headers should still be
## processed. ## processed.
process_received_from: bool &default=T; process_received_from: bool &default=T;
## Indicates if client activity has been seen, but not yet logged . ## Indicates if client activity has been seen, but not yet logged .
has_client_activity: bool &default=F; has_client_activity: bool &default=F;
## Indicates if the SMTP headers should still be processed.
process_smtp_headers: bool &default=T;
entity_count: count &default=0;
}; };
type State: record { type State: record {
helo: string &optional; helo: string &optional;
## Count the number of individual messages transmitted during ## Count the number of individual messages transmitted during
## this SMTP session. Note, this is not the number of ## this SMTP session. Note, this is not the number of
## recipients, but the number of message bodies transferred. ## recipients, but the number of message bodies transferred.
messages_transferred: count &default=0; messages_transferred: count &default=0;
pending_messages: set[Info] &optional; pending_messages: set[Info] &optional;
skipping to change at line 215 skipping to change at line 218
{ {
# Track the number of messages seen in this session. # Track the number of messages seen in this session.
++c$smtp_state$messages_transferred; ++c$smtp_state$messages_transferred;
smtp_message(c); smtp_message(c);
c$smtp = new_smtp_log(c); c$smtp = new_smtp_log(c);
} }
} }
event mime_one_header(c: connection, h: mime_header_rec) &priority=5 event mime_one_header(c: connection, h: mime_header_rec) &priority=5
{ {
if ( ! c?$smtp ) return; if ( ! c?$smtp || ! c$smtp$process_smtp_headers ) return;
if ( h$name == "MESSAGE-ID" ) if ( h$name == "MESSAGE-ID" )
c$smtp$msg_id = h$value; c$smtp$msg_id = h$value;
else if ( h$name == "RECEIVED" ) else if ( h$name == "RECEIVED" )
{ {
if ( c$smtp?$first_received ) if ( c$smtp?$first_received )
c$smtp$second_received = c$smtp$first_received; c$smtp$second_received = c$smtp$first_received;
c$smtp$first_received = h$value; c$smtp$first_received = h$value;
} }
skipping to change at line 284 skipping to change at line 287
c$smtp$user_agent = h$value; c$smtp$user_agent = h$value;
} }
# This event handler builds the "Received From" path by reading the # This event handler builds the "Received From" path by reading the
# headers in the mail # headers in the mail
event mime_one_header(c: connection, h: mime_header_rec) &priority=3 event mime_one_header(c: connection, h: mime_header_rec) &priority=3
{ {
# If we've decided that we're done watching the received headers for # If we've decided that we're done watching the received headers for
# whatever reason, we're done. Could be due to only watching until # whatever reason, we're done. Could be due to only watching until
# local addresses are seen in the received from headers. # local addresses are seen in the received from headers.
if ( ! c?$smtp || h$name != "RECEIVED" || ! c$smtp$process_received_from if ( ! c?$smtp || h$name != "RECEIVED" || ! c$smtp$process_received_from
) ||
! c$smtp$process_smtp_headers )
return; return;
local text_ip = find_address_in_smtp_header(h$value); local text_ip = find_address_in_smtp_header(h$value);
if ( text_ip == "" ) if ( text_ip == "" )
return; return;
local ip = to_addr(text_ip); local ip = to_addr(text_ip);
if ( ! addr_matches_host(ip, mail_path_capture) && if ( ! addr_matches_host(ip, mail_path_capture) &&
! Site::is_private_addr(ip) ) ! Site::is_private_addr(ip) )
{ {
c$smtp$process_received_from = F; c$smtp$process_received_from = F;
} }
if ( c$smtp$path[|c$smtp$path|-1] != ip ) if ( c$smtp$path[|c$smtp$path|-1] != ip )
c$smtp$path += ip; c$smtp$path += ip;
} }
# This event handler sets the flag to stop processing SMTP headers if
# any sub-entity is found.
event mime_begin_entity(c: connection) &priority=5
{
if ( c?$smtp )
{
++c$smtp$entity_count;
if ( c$smtp$entity_count > 1 )
c$smtp$process_smtp_headers = F;
}
}
event successful_connection_remove(c: connection) &priority=-5 event successful_connection_remove(c: connection) &priority=-5
{ {
if ( c?$smtp ) if ( c?$smtp )
smtp_message(c); smtp_message(c);
} }
event smtp_starttls(c: connection) &priority=5 event smtp_starttls(c: connection) &priority=5
{ {
if ( c?$smtp ) if ( c?$smtp )
{ {
 End of changes. 4 change blocks. 
3 lines changed or deleted 20 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)