Merge remote-tracking branch 'origin/topic/seth/bittorrent-fix-and-dpd-sig-breakout' into topic/seth/faf-updates

Conflicts: magic scripts/base/protocols/http/__load__.bro scripts/base/protocols/irc/__load__.bro scripts/base/protocols/smtp/__load__.bro
2025-10-09 18:18:19 +00:00 · 2013-07-10 16:28:38 -04:00 · 2013-07-10 16:28:38 -04:00 · 2e0912b543
commit 2e0912b543
parent 99d604c9b5 8322bbfd62
54 changed files with 880 additions and 381 deletions
--- a/scripts/base/protocols/smtp/load.bro
+++ b/scripts/base/protocols/smtp/load.bro
@ -1,3 +1,5 @@
@load ./main
@load ./entities
-@load ./files
+@load ./files
+
+@load-sigs ./dpd.sig
--- a/scripts/base/protocols/smtp/dpd.sig
+++ b/scripts/base/protocols/smtp/dpd.sig
@ -0,0 +1,13 @@
+signature dpd_smtp_client {
+  ip-proto == tcp
+  payload /(|.*[\n\r])[[:space:]]*([hH][eE][lL][oO]|[eE][hH][lL][oO])/
+  requires-reverse-signature dpd_smtp_server
+  enable "smtp"
+  tcp-state originator
+}
+
+signature dpd_smtp_server {
+  ip-proto == tcp
+  payload /^[[:space:]]*220[[:space:]-]/
+  tcp-state responder
+}
--- a/scripts/base/protocols/smtp/main.bro
+++ b/scripts/base/protocols/smtp/main.bro
@ -81,9 +81,6 @@ redef record connection += {
 	smtp_state: State &optional;
 };

-# Configure DPD
-redef capture_filters += { ["smtp"] = "tcp port 25 or tcp port 587" };
-
 const ports = { 25/tcp, 587/tcp };
 redef likely_server_ports += { ports };