int
set_sock_addr(char *host,union sock_addr *s, char **name)
{
struct addrinfo *addrResult;
struct addrinfo hints;
int err;
memset(&hints, 0, sizeof(hints));
hints.ai_family = s->sa.sa_family;
hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
err = getaddrinfo(strip_address(host), NULL, &hints, &addrResult);
if (err)
return err;
if (addrResult == NULL)
return EAI_NONAME;
memcpy(s, addrResult->ai_addr, addrResult->ai_addrlen);
if (name) {
if (addrResult->ai_canonname)
*name = xstrdup(addrResult->ai_canonname);
else
*name = xstrdup(host);
}
freeaddrinfo(addrResult);
return 0;
}
void score(redisContext *context)
{
int i, score;
redisReply *suspects;
redisCommand(context, "DEL offenders");
suspects = redisCommand(context, "KEYS *:detected");
if (suspects && suspects->type == REDIS_REPLY_ARRAY) {
for (i = 0; i < suspects->elements; i++) {
if (no_action_required(context, strip_address(suspects->element[i]->str))) {
continue;
}
score = total_offenses(context, strip_address(suspects->element[i]->str));
redisCommand(context, "ZINCRBY offenders %d %s", score, strip_address(suspects->element[i]->str));
}
freeReplyObject(suspects);
}
}
void process_simple_smtp_request(struct TCPRECORD *sess, struct TCP_STREAM *to_server, struct NetFrame *frame, const unsigned char *px, unsigned length)
{
struct FerretEngine *eng = sess->eng;
struct Ferret *ferret = eng->ferret;
char command[16];
const char *parm;
unsigned parm_length;
unsigned i;
unsigned x;
/* IF CLOSING CONNECTION */
if (px == NULL) {
return;
}
frame->layer7_protocol = LAYER7_SMTP;
if (to_server->app.smtpreq.is_data) {
process_simple_smtp_data(sess, to_server, frame, px, length);
return;
}
/* Remove leading whitespace */
for (i=0; i<length && isspace(px[i]); i++)
;
/* Grab command. This means parsing up to the first space
* character, or the first ':' character in the case of
* mailfrom: or rcptto: */
x=0;
again:
while (i<length && !isspace(px[i]) && px[i] != ':') {
if (x < sizeof(command) -1) {
command[x++] = (char)toupper(px[i]);
command[x] = '\0';
}
i++;
}
if (i<length && px[i] == ':')
i++;
/* skip space after command */
while (i<length && isspace(px[i]))
i++;
if (stricmp(command, "mail")==0 || stricmp(command, "rcpt")==0) {
if (i >= length)
return;
goto again;
}
SAMPLE(ferret,"SMTP", JOT_SZ("command", command));
/* Grab parm */
parm = (const char*)px+i;
x=i;
while (i<length && px[i] != '\n')
i++;
parm_length = i-x;
if (parm_length && parm[parm_length-1] == '\n')
parm_length--;
if (parm_length && parm[parm_length-1] == '\r')
parm_length--;
JOTDOWN(ferret,
JOT_SZ("proto", "SMTP"),
JOT_SZ("op", command),
JOT_PRINT("parm", parm, parm_length),
JOT_SRC("client", frame),
JOT_DST("server", frame),
0);
/* test parms */
if (stricmp(command, "MAILFROM")==0) {
strip_address(&parm, &parm_length);
if (sess)
smtp_copy(to_server->app.smtpreq.from, parm, parm_length);
JOTDOWN(ferret,
JOT_SRC("IP", frame),
JOT_PRINT("e-mail", parm, parm_length),
0);
}
if (stricmp(command, "RCPTTO")==0) {
strip_address(&parm, &parm_length);
if (sess)
smtp_copy(to_server->app.smtpreq.to, parm, parm_length);
JOTDOWN(ferret,
JOT_SRC("IP", frame),
JOT_PRINT("friend", parm, parm_length),
0);
}
if (stricmp(command, "DATA")==0 && sess) {
to_server->app.smtpreq.is_data = 1;
}
if (stricmp(command, "RSET")==0 && sess) {
to_server->app.smtpreq.is_data = 0;
}
}
