Addes support for SMBv1 traffic that has been split from SMBv23

author: Luca Deri <deri@ntop.org> 2018-09-17 23:15:44 +0200
committer: Luca Deri <deri@ntop.org> 2018-09-17 23:15:44 +0200
commit: b0f9f76b798dad7f63999537df8918885fbd37ac (patch)
tree: aaf3b072043cf0251f6efc08804382d808472752
parent: 8689d3293ab7b09b84395d5351f7f3901db78653 (diff)
3 files changed, 16 insertions, 16 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index f3e100d64..7b4961a0e 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -50,7 +50,7 @@ typedef enum {
   NDPI_PROTOCOL_BGP                   = 13,
   NDPI_PROTOCOL_SNMP                  = 14,
   NDPI_PROTOCOL_XDMCP                 = 15,
-  NDPI_PROTOCOL_SMB                   = 16,
+  NDPI_PROTOCOL_SMBV1                 = 16, /* SMB version 1 */
   NDPI_PROTOCOL_SYSLOG                = 17,
   NDPI_PROTOCOL_DHCP                  = 18,
   NDPI_PROTOCOL_POSTGRES              = 19,
@@ -75,8 +75,8 @@ typedef enum {
   NDPI_PROTOCOL_SKYPE_CALL_OUT        = 38,
   NDPI_PROTOCOL_MUSICALLY             = 39,
   NDPI_PROTOCOL_MEMCACHED             = 40, /* Memcached - Darryl Sokoloski <darryl@egloo.ca> */
-
-  NDPI_PROTOCOL_FREE_41               = 41, /* Free */
+  NDPI_PROTOCOL_SMBV23                = 41, /* SMB version 2/3 */
+  
   NDPI_PROTOCOL_FREE_42               = 42, /* Free */
   NDPI_PROTOCOL_FREE_43               = 43, /* Free */
   NDPI_PROTOCOL_FREE_44               = 44, /* Free */
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index dcf146538..8fed1ebf1 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -43,9 +43,7 @@
 
 #include "ndpi_content_match.c.inc"
 #include "third_party/include/ndpi_patricia.h"
-/* #include "third_party/src/ndpi_patricia.c" */
 #include "third_party/include/hash.h"
-/* #include "third_party/src/hash.c" */
 
 #define NDPI_CONST_GENERIC_PROTOCOL_NAME  "GenericProtocol"
 
@@ -1104,10 +1102,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    no_master, "XDMCP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
 			    ndpi_build_default_ports(ports_a, 177, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMB,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMBV1,
 			    no_master,
-			    no_master, "SMB", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
-			    ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */,
+			    no_master, "SMBv1", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
+			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG,
 			    no_master,
@@ -1219,10 +1217,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    no_master, "Memcached", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 11211, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 11211, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_41,
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMBV23,
 			    no_master,
-			    no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */,
-			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+			    no_master, "SMBv23", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
+			    ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_42,
 			    no_master,
diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c
index fa684eb66..c6b0676b6 100644
--- a/src/lib/protocols/smb.c
+++ b/src/lib/protocols/smb.c
@@ -22,8 +22,6 @@
  */
 #include "ndpi_protocol_ids.h"
 
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SMB
-
 #include "ndpi_api.h"
 
 
@@ -43,19 +41,23 @@ void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
       
       NDPI_LOG_INFO(ndpi_struct, "found SMB\n");
 
-      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMB, NDPI_PROTOCOL_UNKNOWN);
+      if(packet->payload[8] == 0x72)
+	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV1, NDPI_PROTOCOL_UNKNOWN);
+      else
+	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV23, NDPI_PROTOCOL_UNKNOWN);
       return;
     }
   }
 
-  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+  ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV1, __FILE__, __FUNCTION__, __LINE__);
+  ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV23, __FILE__, __FUNCTION__, __LINE__);
 }
 
 
 void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
 {
   ndpi_set_bitmask_protocol_detection("SMB", ndpi_struct, detection_bitmask, *id,
-				      NDPI_PROTOCOL_SMB,
+				      NDPI_PROTOCOL_SMBV23,
 				      ndpi_search_smb_tcp,
 				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
author	Luca Deri <deri@ntop.org>	2018-09-17 23:15:44 +0200
committer	Luca Deri <deri@ntop.org>	2018-09-17 23:15:44 +0200
commit	b0f9f76b798dad7f63999537df8918885fbd37ac (patch)
tree	aaf3b072043cf0251f6efc08804382d808472752
parent	8689d3293ab7b09b84395d5351f7f3901db78653 (diff)