Improved GenshinImpact protocol dissector. (#1604)

Signed-off-by: lns <matzeton@googlemail.com>
author: Toni <matzeton@googlemail.com> 2022-06-18 15:11:59 +0200
committer: GitHub <noreply@github.com> 2022-06-18 15:11:59 +0200
commit: 6cd8f8cc6dded6e872f8befaf63c18266d5bcabc (patch)
tree: eb1a400e18f874dbefd8b5d7fae89b33e6ce2450
parent: 432de5eb57ace31dfca130300ebdfca9abd363f2 (diff)
3 files changed, 27 insertions, 9 deletions
diff --git a/src/lib/protocols/genshin_impact.c b/src/lib/protocols/genshin_impact.c
index 4333345a8..0485b935c 100644
--- a/src/lib/protocols/genshin_impact.c
+++ b/src/lib/protocols/genshin_impact.c
@@ -39,14 +39,28 @@ static void ndpi_search_genshin_impact(struct ndpi_detection_module_struct *ndpi
 
   NDPI_LOG_DBG(ndpi_struct, "search genshin-impact\n");
 
-  if (packet->udp != NULL)
+  if (packet->tcp != NULL && packet->payload_packet_len >= 18)
+  {
+    u_int32_t pdu_len = ntohl(get_u_int32_t(packet->payload, 1));
+
+    if (packet->payload[0] == 0x01 && pdu_len == packet->payload_packet_len &&
+        (packet->payload[5] == 0x01 || packet->payload[5] == 0x07) &&
+        ntohs(get_u_int16_t(packet->payload, 16)) == 0x4da6)
+    {
+      NDPI_LOG_INFO(ndpi_struct, "found genshin-impact (TCP)\n");
+      ndpi_int_genshin_impact_add_connection(ndpi_struct, flow);
+      return;
+    }
+  }
+  else if (packet->udp != NULL)
   {
     if (flow->packet_counter == 1 && packet->payload_packet_len >= 20 &&
-        ntohl(*(u_int32_t*)&packet->payload[0]) == 0x000000FF &&
-        ntohl(*(u_int32_t*)&packet->payload[4]) == 0x00000000 &&
-        ntohl(*(u_int32_t*)&packet->payload[12]) == 0x499602D2 &&
-        ntohl(*(u_int32_t*)&packet->payload[16]) == 0xFFFFFFFF)
+        ntohl(get_u_int32_t(packet->payload, 0)) == 0x000000FF &&
+        ntohl(get_u_int32_t(packet->payload, 4)) == 0x00000000 &&
+        ntohl(get_u_int32_t(packet->payload, 12)) == 0x499602D2 &&
+        ntohl(get_u_int32_t(packet->payload, 16)) == 0xFFFFFFFF)
     {
+      NDPI_LOG_INFO(ndpi_struct, "found genshin-impact (UDP)\n");
       ndpi_int_genshin_impact_add_connection(ndpi_struct, flow);
       return;
     }
@@ -65,7 +79,7 @@ void init_genshin_impact_dissector(struct ndpi_detection_module_struct *ndpi_str
                                       ndpi_struct, detection_bitmask, *id,
                                       NDPI_PROTOCOL_GENSHIN_IMPACT,
                                       ndpi_search_genshin_impact,
-                                      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+                                      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
                                       SAVE_DETECTION_BITMASK_AS_UNKNOWN,
                                       ADD_TO_DETECTION_BITMASK);
 
diff --git a/tests/pcap/genshin-impact.pcap b/tests/pcap/genshin-impact.pcap
index 927189ea4..8a9053eac 100644
--- a/tests/pcap/genshin-impact.pcap
+++ b/tests/pcap/genshin-impact.pcap
diff --git a/tests/result/genshin-impact.pcap.out b/tests/result/genshin-impact.pcap.out
index 63cc5b6b8..1af638ef1 100644
--- a/tests/result/genshin-impact.pcap.out
+++ b/tests/result/genshin-impact.pcap.out
@@ -1,10 +1,14 @@
 Guessed flow protos:	0
 
+DPI Packets (TCP):	12	(4.00 pkts/flow)
 DPI Packets (UDP):	3	(1.00 pkts/flow)
-Confidence DPI              : 3 (flows)
+Confidence DPI              : 6 (flows)
 
-GenshinImpact	45	10832	3
+GenshinImpact	90	18405	6
 
 	1	UDP 192.168.2.100:58766 <-> 47.245.143.85:22101 [proto: 257/GenshinImpact][ClearText][Confidence: DPI][cat: Game/8][7 pkts/1369 bytes <-> 8 pkts/3568 bytes][Goodput ratio: 78/91][1.63 sec][bytes ratio: -0.445 (Download)][IAT c2s/s2c min/avg/max/stddev: 9/0 312/266 818/750 343/309][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 196/446 648/1223 192/449][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 20,13,0,6,13,20,0,0,0,6,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0]
 	2	UDP 192.168.2.100:52575 <-> 8.209.69.191:22101 [proto: 257/GenshinImpact][ClearText][Confidence: DPI][cat: Game/8][7 pkts/1975 bytes <-> 8 pkts/1300 bytes][Goodput ratio: 85/74][2.27 sec][bytes ratio: 0.206 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10 409/181 1044/710 455/239][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 282/162 648/396 240/102][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 20,26,0,6,0,20,6,0,0,0,0,6,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	UDP 192.168.2.100:59145 <-> 47.254.169.109:22102 [proto: 257/GenshinImpact][ClearText][Confidence: DPI][cat: Game/8][8 pkts/1383 bytes <-> 7 pkts/1237 bytes][Goodput ratio: 76/76][1.75 sec][bytes ratio: 0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/30 285/342 829/800 363/311][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 173/177 650/340 185/88][Plen Bins: 34,13,0,13,13,13,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 192.168.2.100:39686 <-> 49.51.181.168:80 [proto: 257/GenshinImpact][ClearText][Confidence: DPI][cat: Game/8][9 pkts/2327 bytes <-> 6 pkts/535 bytes][Goodput ratio: 78/35][0.71 sec][bytes ratio: 0.626 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 76/88 176/176 86/87][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 259/89 1468/138 434/29][PLAIN TEXT (194946781)][Plen Bins: 0,50,25,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
+	4	TCP 192.168.2.100:39822 <-> 49.51.190.178:80 [proto: 257/GenshinImpact][ClearText][Confidence: DPI][cat: Game/8][9 pkts/2294 bytes <-> 6 pkts/535 bytes][Goodput ratio: 78/35][0.69 sec][bytes ratio: 0.622 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 74/85 171/170 84/84][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 255/89 1468/138 435/29][PLAIN TEXT (194946781)][Plen Bins: 12,51,12,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]
+	5	UDP 192.168.2.100:59145 <-> 47.254.169.109:22102 [proto: 257/GenshinImpact][ClearText][Confidence: DPI][cat: Game/8][8 pkts/1383 bytes <-> 7 pkts/1237 bytes][Goodput ratio: 76/76][1.75 sec][bytes ratio: 0.056 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 10/30 285/342 829/800 363/311][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 173/177 650/340 185/88][Plen Bins: 34,13,0,13,13,13,0,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	6	TCP 192.168.2.100:45246 <-> 49.51.181.168:10012 [proto: 257/GenshinImpact][ClearText][Confidence: DPI][cat: Game/8][8 pkts/1287 bytes <-> 7 pkts/595 bytes][Goodput ratio: 65/31][0.92 sec][bytes ratio: 0.368 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 96/106 221/176 96/85][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 161/85 546/138 165/29][PLAIN TEXT (194946781)][Plen Bins: 0,57,14,0,0,0,0,14,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
author	Toni <matzeton@googlemail.com>	2022-06-18 15:11:59 +0200
committer	GitHub <noreply@github.com>	2022-06-18 15:11:59 +0200
commit	6cd8f8cc6dded6e872f8befaf63c18266d5bcabc (patch)
tree	eb1a400e18f874dbefd8b5d7fae89b33e6ce2450
parent	432de5eb57ace31dfca130300ebdfca9abd363f2 (diff)