forked from mushorg/go-dpi
/
smtp.go
36 lines (32 loc) · 1.04 KB
/
smtp.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package classifiers
import (
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/annp1987/go-dpi/types"
"strings"
)
// SMTPClassifier struct
type SMTPClassifier struct{}
// HeuristicClassify for SMTPClassifier
func (classifier SMTPClassifier) HeuristicClassify(flow *types.Flow) bool {
return checkFirstPayload(flow.GetPackets(), layers.LayerTypeTCP,
func(payload []byte, packetsRest []gopacket.Packet) bool {
payloadStr := string(payload)
for _, line := range strings.Split(payloadStr, "\n") {
if len(line) > 0 && !strings.HasPrefix(line, "220") {
return false
}
}
return checkFirstPayload(packetsRest, layers.LayerTypeTCP,
func(payload []byte, _ []gopacket.Packet) bool {
payloadStr := string(payload)
return (strings.HasPrefix(payloadStr, "EHLO ") ||
strings.HasPrefix(payloadStr, "HELO ")) &&
strings.HasSuffix(payloadStr, "\n")
})
})
}
// GetProtocol returns the corresponding protocol
func (classifier SMTPClassifier) GetProtocol() types.Protocol {
return types.SMTP
}