added fix protocol https://github.com/ntop/nDPI/issues/372

8 files changed, 106 insertions, 7 deletions

diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h
index b632712a1..4878ff748 100644
--- a/src/include/ndpi_define.h
+++ b/src/include/ndpi_define.h
@@ -1,6 +1,6 @@
 /*
  *
- * Copyright (C) 2011-16 - ntop.org
+ * Copyright (C) 2011-17 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -180,15 +180,15 @@
 #define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT               600
 
 #ifdef NDPI_ENABLE_DEBUG_MESSAGES
-#define NDPI_LOG(proto, m, log_level, args...)		                                     \
-  {								                                                         \
+#define NDPI_LOG(proto, m, log_level, args...)		                                 \
+  {								                         \
     struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \
-    if(mod != NULL) {						                                             \
+    if(mod != NULL) {						                         \
       mod->ndpi_debug_print_file=__FILE__;                                               \
       mod->ndpi_debug_print_function=__FUNCTION__;                                       \
       mod->ndpi_debug_print_line=__LINE__;                                               \
       (*(mod->ndpi_debug_printf))(proto, mod, log_level, args);                          \
-    }								                                                     \
+    }								                         \
   }
 #else							/* NDPI_ENABLE_DEBUG_MESSAGES */
 #ifdef WIN32
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 1e088ceaa..4c5d6539c 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -267,12 +267,13 @@
 #define NDPI_PROTOCOL_GIT 	         226
 #define NDPI_PROTOCOL_DRDA 	         227
 #define NDPI_PROTOCOL_PLAYSTORE          228 /* Google Play Store */
-
 #define NDPI_PROTOCOL_SOMEIP		 229
+#define NDPI_PROTOCOL_FIX		 230
+
 
 
 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
-#define NDPI_LAST_IMPLEMENTED_PROTOCOL		        NDPI_PROTOCOL_SOMEIP
+#define NDPI_LAST_IMPLEMENTED_PROTOCOL		        NDPI_PROTOCOL_FIX
 
 #define NDPI_MAX_SUPPORTED_PROTOCOLS                    (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
 #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS                   (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index 2ac9485ab..65a2bb116 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -197,6 +197,7 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct n
 void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_smpp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 /* --- INIT FUNCTIONS --- */
 void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
@@ -341,4 +342,5 @@ void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 #endif /* __NDPI_PROTOCOLS_H__ */
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 3af5881b7..14288d3a3 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -45,6 +45,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \
 		     protocols/edonkey.c \
 		     protocols/fasttrack.c \
 		     protocols/fiesta.c \
+		     protocols/fix.c \
 		     protocols/filetopia.c \
 		     protocols/florensia.c \
 		     protocols/ftp_control.c \
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 8ff3855af..18d96394f 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1626,6 +1626,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    no_master, "TINC", NDPI_PROTOCOL_CATEGORY_VPN,
 			    ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */);
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FIX,
+			    no_master,
+			    no_master, "FIX", NDPI_PROTOCOL_CATEGORY_RPC,
+			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     
     /* calling function for host and content matched protocols */
     init_string_based_protocols(ndpi_mod);
@@ -2720,6 +2725,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
   /* TINC */
   init_tinc_dissector(ndpi_struct, &a, detection_bitmask);
 
+  /* FIX */
+  init_fix_dissector(ndpi_struct, &a, detection_bitmask);
+
   /*** Put false-positive sensitive protocols at the end ***/
 
   /* SKYPE */
diff --git a/src/lib/protocols/fix.c b/src/lib/protocols/fix.c
new file mode 100644
index 000000000..b96454c3f
--- /dev/null
+++ b/src/lib/protocols/fix.c
@@ -0,0 +1,73 @@
+/*
+ * fix.c
+ *
+ * Copyright (C) 2017 - ntop.org
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_FIX
+
+void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+  struct ndpi_packet_struct *packet = &flow->packet;
+
+  if(packet->tcp) {
+    // 8=
+    if(packet->payload[0] == 0x38 && packet->payload[1] == 0x3d) {
+      // FIX.
+      if(packet->payload[2] == 0x46 &&
+	 packet->payload[3] == 0x49 &&
+	 packet->payload[4] == 0x58 &&
+	 packet->payload[5] == 0x2e) {
+	
+	NDPI_LOG(NDPI_PROTOCOL_FIX, ndpi_struct, NDPI_LOG_DEBUG, "FIX detected.\n");
+	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN);
+	return;
+      }
+      // 0. 9=
+      if(packet->payload[2] == 0x4f &&
+	 packet->payload[3] == 0x01 &&
+	 packet->payload[4] == 0x39 &&
+	 packet->payload[5] == 0x3d) {
+
+	NDPI_LOG(NDPI_PROTOCOL_FIX, ndpi_struct, NDPI_LOG_DEBUG, "FIX detected.\n");
+	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN);
+	return;
+      }
+    }
+  }
+  /* exclude FIX */
+  NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FIX);
+}
+
+
+void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+  ndpi_set_bitmask_protocol_detection("FIX", ndpi_struct, detection_bitmask, *id,
+				      NDPI_PROTOCOL_FIX,
+				      ndpi_search_fix,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+				      ADD_TO_DETECTION_BITMASK);
+  *id += 1;
+}
+
+
+#endif
diff --git a/tests/pcap/fix.pcap b/tests/pcap/fix.pcap
new file mode 100644
index 000000000..0b6b37b55
--- /dev/null
+++ b/tests/pcap/fix.pcap
diff --git a/tests/result/fix.pcap.out b/tests/result/fix.pcap.out
new file mode 100644
index 000000000..66707122e
--- /dev/null
+++ b/tests/result/fix.pcap.out
@@ -0,0 +1,14 @@
+FIX	1261	115514	12
+
+	1	TCP 8.17.22.31:4000 <-> 192.168.0.20:40918 [proto: 230/FIX][18 pkts/1938 bytes <-> 18 pkts/1358 bytes]
+	2	TCP 8.17.22.31:4000 <-> 192.168.0.20:40928 [proto: 230/FIX][4 pkts/342 bytes <-> 2 pkts/303 bytes]
+	3	TCP 217.192.86.32:4000 <-> 192.168.0.20:53330 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes]
+	4	TCP 8.17.22.31:4000 <-> 192.168.0.20:43594 [proto: 230/FIX][111 pkts/16881 bytes <-> 111 pkts/7680 bytes]
+	5	TCP 8.17.22.31:4000 <-> 192.168.0.20:47968 [proto: 230/FIX][201 pkts/21246 bytes <-> 200 pkts/13460 bytes]
+	6	TCP 8.17.22.31:4000 <-> 192.168.0.20:47952 [proto: 230/FIX][5 pkts/577 bytes <-> 5 pkts/484 bytes]
+	7	TCP 8.17.22.31:4000 <-> 192.168.0.20:47962 [proto: 230/FIX][6 pkts/513 bytes <-> 4 pkts/522 bytes]
+	8	TCP 208.245.107.3:4000 <-> 192.168.0.20:38652 [proto: 230/FIX][9 pkts/961 bytes <-> 9 pkts/700 bytes]
+	9	TCP 208.245.107.3:4000 <-> 192.168.0.20:38646 [proto: 230/FIX][6 pkts/441 bytes <-> 4 pkts/477 bytes]
+	10	TCP 208.245.107.3:4000 <-> 192.168.0.20:39094 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes]
+	11	TCP 208.245.107.3:4000 <-> 192.168.0.20:45578 [proto: 230/FIX][228 pkts/26333 bytes <-> 228 pkts/13920 bytes]
+	12	TCP 208.245.107.3:4000 <-> 192.168.0.20:45584 [proto: 230/FIX][35 pkts/3022 bytes <-> 35 pkts/2342 bytes]