Add Yandex services detection (#1882)

Add Yandex services detection Add VK and Yandex to the TLS certificate match list
author: 0xA50C1A1 <105977161+0xA50C1A1@users.noreply.github.com> 2023-02-09 22:02:43 +0300
committer: GitHub <noreply@github.com> 2023-02-09 20:02:43 +0100
commit: ba4e145aad4c7dbd1cbc6d2a6557f3686447d96a (patch)
tree: 0defe53aed3e20a16a326fb607d58de15cb74b2c
parent: b51a2ac72a3cbd1b470890d0151a46da28e6754e (diff)
8 files changed, 161 insertions, 41 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 926485c02..f0340f866 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -53,7 +53,7 @@ typedef enum {
   NDPI_PROTOCOL_VK                    = 22,
   NDPI_PROTOCOL_MAIL_POPS             = 23,
   NDPI_PROTOCOL_TAILSCALE             = 24,
-  NDPI_PROTOCOL_FREE_25               = 25, /* FREE */
+  NDPI_PROTOCOL_YANDEX                = 25,
   NDPI_PROTOCOL_NTOP                  = 26,
   NDPI_PROTOCOL_COAP                  = 27,
   NDPI_PROTOCOL_VMWARE                = 28,
@@ -61,8 +61,8 @@ typedef enum {
   NDPI_PROTOCOL_DTLS                  = 30,
   NDPI_PROTOCOL_UBNTAC2               = 31, /* Ubiquity UBNT AirControl = 2 */
   NDPI_PROTOCOL_KONTIKI               = 32,
-  NDPI_PROTOCOL_FREE_33               = 33, /* FREE */
-  NDPI_PROTOCOL_FREE_34               = 34, /* FREE */
+  NDPI_PROTOCOL_YANDEX_MAIL           = 33,
+  NDPI_PROTOCOL_YANDEX_MUSIC          = 34,
   NDPI_PROTOCOL_GNUTELLA              = 35,
   NDPI_PROTOCOL_EDONKEY               = 36,
   NDPI_PROTOCOL_BITTORRENT            = 37,
@@ -84,13 +84,13 @@ typedef enum {
   NDPI_PROTOCOL_CPHA                  = 53,
   NDPI_PROTOCOL_PPSTREAM              = 54,
   NDPI_PROTOCOL_ZATTOO                = 55,
-  NDPI_PROTOCOL_FREE_56               = 56, /* FREE */
-  NDPI_PROTOCOL_FREE_57               = 57, /* FREE */
+  NDPI_PROTOCOL_YANDEX_MARKET         = 56,
+  NDPI_PROTOCOL_YANDEX_DISK           = 57,
   NDPI_PROTOCOL_DISCORD               = 58,
   NDPI_PROTOCOL_TVUPLAYER             = 59,
   NDPI_PROTOCOL_MONGODB               = 60,
   NDPI_PROTOCOL_PLURALSIGHT           = 61,
-  NDPI_PROTOCOL_FREE_62               = 62, /* FREE */
+  NDPI_PROTOCOL_YANDEX_CLOUD          = 62,
   NDPI_PROTOCOL_OCSP                  = 63,
   NDPI_PROTOCOL_VXLAN                 = 64,
   NDPI_PROTOCOL_IRC                   = 65,
@@ -126,8 +126,8 @@ typedef enum {
   NDPI_PROTOCOL_IAX                   = 95,
   NDPI_PROTOCOL_TFTP                  = 96,
   NDPI_PROTOCOL_AFP                   = 97,
-  NDPI_PROTOCOL_FREE_98               = 98, /* FREE */
-  NDPI_PROTOCOL_FREE_99               = 99, /* FREE */
+  NDPI_PROTOCOL_YANDEX_METRIKA        = 98,
+  NDPI_PROTOCOL_YANDEX_DIRECT         = 99,
   NDPI_PROTOCOL_SIP                   = 100,
   NDPI_PROTOCOL_TRUPHONE              = 101,
   NDPI_PROTOCOL_IP_ICMPV6             = 102,
diff --git a/src/lib/inc_generated/ndpi_asn_yandex.c.inc b/src/lib/inc_generated/ndpi_asn_yandex.c.inc
new file mode 100644
index 000000000..64c8b76fb
--- /dev/null
+++ b/src/lib/inc_generated/ndpi_asn_yandex.c.inc
@@ -0,0 +1,45 @@
+/*
+ *
+ * This file is generated automatically and part of nDPI
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/* ****************************************************** */
+
+
+static ndpi_network ndpi_protocol_yandex_protocol_list[] = {
+ { 0x052DC000 /* 5.45.192.0/18 */, 18, NDPI_PROTOCOL_YANDEX },
+ { 0x05FFC000 /* 5.255.192.0/18 */, 18, NDPI_PROTOCOL_YANDEX },
+ { 0x25094000 /* 37.9.64.0/18 */, 18, NDPI_PROTOCOL_YANDEX },
+ { 0x258C8000 /* 37.140.128.0/18 */, 18, NDPI_PROTOCOL_YANDEX },
+ { 0x4D580000 /* 77.88.0.0/18 */, 18, NDPI_PROTOCOL_YANDEX },
+ { 0x54FCA000 /* 84.252.160.0/19 */, 19, NDPI_PROTOCOL_YANDEX },
+ { 0x57FAE000 /* 87.250.224.0/19 */, 19, NDPI_PROTOCOL_YANDEX },
+ { 0x5A9CB000 /* 90.156.176.0/22 */, 22, NDPI_PROTOCOL_YANDEX },
+ { 0x5A9CB400 /* 90.156.180.0/23 */, 23, NDPI_PROTOCOL_YANDEX },
+ { 0x5A9CB600 /* 90.156.182.0/24 */, 24, NDPI_PROTOCOL_YANDEX },
+ { 0x5D9E8000 /* 93.158.128.0/18 */, 18, NDPI_PROTOCOL_YANDEX },
+ { 0x5F6C8000 /* 95.108.128.0/17 */, 17, NDPI_PROTOCOL_YANDEX },
+ { 0x642B4000 /* 100.43.64.0/19 */, 19, NDPI_PROTOCOL_YANDEX },
+ { 0x8D088000 /* 141.8.128.0/18 */, 18, NDPI_PROTOCOL_YANDEX },
+ { 0xB29A8000 /* 178.154.128.0/18 */, 18, NDPI_PROTOCOL_YANDEX },
+ { 0xB920B800 /* 185.32.184.0/22 */, 22, NDPI_PROTOCOL_YANDEX },
+ { 0xC7156000 /* 199.21.96.0/22 */, 22, NDPI_PROTOCOL_YANDEX },
+ { 0xC724F000 /* 199.36.240.0/22 */, 22, NDPI_PROTOCOL_YANDEX },
+ { 0xD5B4C000 /* 213.180.192.0/19 */, 19, NDPI_PROTOCOL_YANDEX },
+ /* End */
+ { 0x0, 0, 0 }
+};
diff --git a/src/lib/inc_generated/ndpi_asn_yandex_cloud.c.inc b/src/lib/inc_generated/ndpi_asn_yandex_cloud.c.inc
new file mode 100644
index 000000000..2fbfce512
--- /dev/null
+++ b/src/lib/inc_generated/ndpi_asn_yandex_cloud.c.inc
@@ -0,0 +1,37 @@
+/*
+ *
+ * This file is generated automatically and part of nDPI
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/* ****************************************************** */
+
+
+static ndpi_network ndpi_protocol_yandex_cloud_protocol_list[] = {
+ { 0x33FA0000 /* 51.250.0.0/17 */, 17, NDPI_PROTOCOL_YANDEX_CLOUD },
+ { 0x3E547000 /* 62.84.112.0/20 */, 20, NDPI_PROTOCOL_YANDEX_CLOUD },
+ { 0x54C98000 /* 84.201.128.0/18 */, 18, NDPI_PROTOCOL_YANDEX_CLOUD },
+ { 0x54FC8000 /* 84.252.128.0/20 */, 20, NDPI_PROTOCOL_YANDEX_CLOUD },
+ { 0x59A98000 /* 89.169.128.0/18 */, 18, NDPI_PROTOCOL_YANDEX_CLOUD },
+ { 0x82C12000 /* 130.193.32.0/19 */, 19, NDPI_PROTOCOL_YANDEX_CLOUD },
+ { 0x9EA00000 /* 158.160.0.0/16 */, 16, NDPI_PROTOCOL_YANDEX_CLOUD },
+ { 0xB29AC000 /* 178.154.192.0/18 */, 18, NDPI_PROTOCOL_YANDEX_CLOUD },
+ { 0xB9CEA400 /* 185.206.164.0/22 */, 22, NDPI_PROTOCOL_YANDEX_CLOUD },
+ { 0xC120D800 /* 193.32.216.0/22 */, 22, NDPI_PROTOCOL_YANDEX_CLOUD },
+ { 0xD91CE000 /* 217.28.224.0/20 */, 20, NDPI_PROTOCOL_YANDEX_CLOUD },
+ /* End */
+ { 0x0, 0, 0 }
+};
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 618b7b162..e971c4e0b 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -1798,6 +1798,16 @@ static ndpi_protocol_match host_match[] =
    { "vkuseraudio.net",                  "VK", NDPI_PROTOCOL_VK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
    { "vkuservideo.net",                  "VK", NDPI_PROTOCOL_VK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
 
+   { "yandex.",                          "Yandex", NDPI_PROTOCOL_YANDEX, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   { "yastatic.net",                     "Yandex", NDPI_PROTOCOL_YANDEX, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   { "mail.yandex.",                     "YandexMail", NDPI_PROTOCOL_YANDEX_MAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   { "music.yandex.",                    "YandexMusic", NDPI_PROTOCOL_YANDEX_MUSIC, NDPI_PROTOCOL_CATEGORY_MUSIC, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   { "market.yandex.",                   "YandexMarket", NDPI_PROTOCOL_YANDEX_MARKET, NDPI_PROTOCOL_CATEGORY_SHOPPING, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   { "disk.yandex.",                     "YandexDisk", NDPI_PROTOCOL_YANDEX_DISK, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   { "cloud.yandex.",                    "YandexCloud", NDPI_PROTOCOL_YANDEX_CLOUD, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   { "metrika.yandex.",                  "YandexMetrika", NDPI_PROTOCOL_YANDEX_METRIKA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   { "direct.yandex.",                   "YandexDirect", NDPI_PROTOCOL_YANDEX_DIRECT, CUSTOM_CATEGORY_ADVERTISEMENT, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_DEFAULT_LEVEL },
+
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_content_match_host_match.c.inc"
 #endif
@@ -1820,6 +1830,8 @@ static ndpi_tls_cert_name_match tls_certificate_match [] = {
   { "CN=www.update.microsoft.com",     NDPI_PROTOCOL_WINDOWS_UPDATE },
   { "CN=*.tunnelbear.com",             NDPI_PROTOCOL_TUNNELBEAR },
   { "CN=cloudflareclient.com",         NDPI_PROTOCOL_CLOUDFLARE_WARP },
+  { "O=V Kontakte LLC",                NDPI_PROTOCOL_VK },
+  { "O=Yandex LLC",                    NDPI_PROTOCOL_YANDEX },
 
   { NULL, 0 }
 };
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 6d8da0b78..d3037bb76 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -101,7 +101,8 @@
 #include "inc_generated/ndpi_asn_discord.c.inc"
 #include "inc_generated/ndpi_asn_line.c.inc"
 #include "inc_generated/ndpi_asn_vk.c.inc"
-
+#include "inc_generated/ndpi_asn_yandex.c.inc"
+#include "inc_generated/ndpi_asn_yandex_cloud.c.inc"
 
 /* Third party libraries */
 #include "third_party/include/ndpi_patricia.h"
@@ -1154,10 +1155,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  "MySQL", NDPI_PROTOCOL_CATEGORY_DATABASE,
 			  ndpi_build_default_ports(ports_a, 3306, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FREE_25,
-			  "Free25", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
-			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
-			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NATS,
 			  "Nats", NDPI_PROTOCOL_CATEGORY_RPC,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
@@ -1178,14 +1175,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  "Kontiki", NDPI_PROTOCOL_CATEGORY_MEDIA,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FREE_33,
-			  "Free33", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
-			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
-			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FREE_34,
-			  "Free34", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
-			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
-			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA,
 			  "Gnutella", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
@@ -1298,14 +1287,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  "Zattoo", NDPI_PROTOCOL_CATEGORY_VIDEO,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_56,
-			  "Free56", NDPI_PROTOCOL_CATEGORY_MUSIC,
-			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
-			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_57,
-			  "Free57", NDPI_PROTOCOL_CATEGORY_VIDEO,
-			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
-			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DISCORD,
 			  "Discord", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
@@ -1318,10 +1299,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  "Pluralsight", NDPI_PROTOCOL_CATEGORY_VIDEO,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_62,
-			  "Free62", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
-			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
-			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OCSP,
 			  "OCSP", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
@@ -1480,14 +1457,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  "CHECKMK", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
 			  ndpi_build_default_ports(ports_a, 6556, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FREE_98,
-			  "Free98", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
-			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
-			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_99,
-			  "Free99", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
-			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
-			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP,
 			  "SIP", NDPI_PROTOCOL_CATEGORY_VOIP,
 			  ndpi_build_default_ports(ports_a, 5060, 5061, 0, 0, 0) /* TCP */,
@@ -2788,6 +2757,8 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
       ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_discord_protocol_list);
       ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_line_protocol_list);
       ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_vk_protocol_list);
+      ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_yandex_protocol_list);
+      ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_yandex_cloud_protocol_list);
     }
 
     if(prefs & ndpi_track_flow_payload)
diff --git a/tests/pcap/yandex.pcapng b/tests/pcap/yandex.pcapng
new file mode 100644
index 000000000..72ccc74ff
--- /dev/null
+++ b/tests/pcap/yandex.pcapng
diff --git a/tests/result/yandex.pcapng.out b/tests/result/yandex.pcapng.out
new file mode 100644
index 000000000..3e3ed6c13
--- /dev/null
+++ b/tests/result/yandex.pcapng.out
@@ -0,0 +1,45 @@
+Guessed flow protos:	4
+
+DPI Packets (TCP):	78	(8.67 pkts/flow)
+Confidence DPI              : 9 (flows)
+Num dissector calls: 9 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          9/9 (search/found)
+Automa domain:        9/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     1/0 (search/found)
+Automa common alpns:  18/18 (search/found)
+Patricia risk mask:   18/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia protocols:   9/9 (search/found)
+
+Yandex	20	3709	2
+YandexMail	11	3137	1
+YandexMusic	18	8243	1
+YandexMarket	11	3888	1
+YandexDisk	18	9337	1
+YandexCloud	18	11310	1
+YandexMetrika	16	9241	1
+YandexDirect	18	8718	1
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 192.168.1.249            	 1      
+
+
+	1	TCP 192.168.1.249:57322 <-> 87.250.250.108:443 [proto: 91.62/TLS.YandexCloud][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Cloud/13][9 pkts/2271 bytes <-> 9 pkts/9039 bytes][Goodput ratio: 73/93][0.21 sec][Hostname/SNI: cloud.yandex.ru][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.598 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/21 86/121 32/41][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 252/1004 1138/2862 351/1122][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,25,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,37]
+	2	TCP 192.168.1.249:42954 <-> 77.88.21.127:443 [proto: 91.57/TLS.YandexDisk][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Cloud/13][11 pkts/3088 bytes <-> 7 pkts/6249 bytes][Goodput ratio: 76/92][< 1 sec][Hostname/SNI: 1.downloader.disk.yandex.kz][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/3 13/13 5/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 281/893 1464/4162 402/1405][Risk: ** TLS Cert About To Expire **][Risk Score: 50][Risk Info: 16/Aug/2022 14:06:19 - 13/Feb/2023 20:59:59][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.downloader.disk.yandex.uz,downloader.disk.yandex.ru,*.disk.yandex.net,*.downloader.disk.yandex.az,*.downloader.disk.yandex.by,*.downloader.disk.yandex.co.il,*.downloader.disk.yandex.com,*.downloader.disk.yandex.com.am,*.downloader.disk.yandex.com.ge,*.downloader.disk.yandex.com.tr,*.downloader.disk.yandex.ee,*.downloader.disk.yandex.fr,*.downloader.disk.yandex.kg,*.downloader.disk.yandex.kz,*.downloader.disk.yandex.lt,*.downloader.disk.yandex.lv,*.downloader.disk.yandex.md,*.downloader.disk.yandex.net,*.downloader.disk.yandex.ru,*.downloader.disk.yandex.tj,*.downloader.disk.yandex.tm,downloader.disk.yandex.az,downloader.disk.yandex.by,downloader.disk.yandex.co.il,downloader.disk.yandex.com,downloader.disk.yandex.com.am,downloader.disk.yandex.com.ge,downloader.disk.yandex.com.tr,downloader.disk.yandex.ee,downloader.disk.yandex.fr,downloader.disk.yandex.kg,downloader.disk.yandex.kz,downloader.disk.yandex.lt,downloader.disk.yandex.lv,downloader.disk.yandex.md,downloader.disk.yandex.net,downloader.disk.yandex.tj,downloader.disk.yandex.tm,downloader.disk.yandex.uz][JA3S: 00447ab319e9d94ba2b4c1248e155917][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.downloader.disk.yandex.uz][Certificate SHA-1: 5F:90:0E:31:DE:D3:1E:B0:D7:D0:03:03:C0:2E:6B:5D:53:A4:D3:77][Chrome][Validity: 2022-08-16 14:06:19 - 2023-02-13 20:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,10,20,10,0,0,10,0,0,10,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,10]
+	3	TCP 192.168.1.249:51462 <-> 87.250.251.77:443 [proto: 91.98/TLS.YandexMetrika][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Web/5][10 pkts/3371 bytes <-> 6 pkts/5870 bytes][Goodput ratio: 80/93][< 1 sec][Hostname/SNI: metrika.yandex.kz][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.270 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 162/3 1262/10 416/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 337/978 1464/2862 433/1129][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,12,12,0,0,0,0,0,0,0,0,0,0,0,0,25,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,25]
+	4	TCP 192.168.1.249:58832 <-> 87.250.250.134:443 [proto: 91.99/TLS.YandexDirect][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Advertisement/101][9 pkts/2679 bytes <-> 9 pkts/6039 bytes][Goodput ratio: 77/90][0.03 sec][Hostname/SNI: direct.yandex.kz][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.385 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/1 7/4 3/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 298/671 1454/2862 438/893][TLSv1.3][JA3C: cd08e31494f9531f560d64c695473da9][JA3S: 15af977ce25de452b96affa2addb1036][Chrome][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,11]
+	5	TCP 192.168.1.249:40218 <-> 213.180.204.186:443 [proto: 91.34/TLS.YandexMusic][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Music/25][10 pkts/3025 bytes <-> 8 pkts/5218 bytes][Goodput ratio: 78/90][0.59 sec][Hostname/SNI: music.yandex.kz][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.266 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 70/92 465/521 150/192][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 302/652 1464/1710 423/700][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][ServerNames: *.music.yandex.ru,music-partner.yandex.ru,music.yandex,music.yandex.by,music.yandex.uz,music.ya.ru,music.yandex.kz,music.yandex.com,music.yandex.ru][JA3S: 4ef1b297bb817d8212165a86308bac5f][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.music.yandex.ru][Certificate SHA-1: 84:6E:A1:68:E5:3B:10:C1:87:75:43:D8:F2:39:C3:4D:E9:9F:DC:88][Chrome][Validity: 2023-01-10 21:05:02 - 2023-07-11 20:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,12,0,0,0,0,12,0,0,12,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,38,0,0,0,12]
+	6	TCP 192.168.1.249:40870 -> 87.250.251.22:443 [proto: 91.56/TLS.YandexMarket][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Shopping/27][11 pkts/3888 bytes -> 0 pkts/0 bytes][Goodput ratio: 81/0][0.05 sec][Hostname/SNI: fenek.market.yandex.ru][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 23/0 8/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 353/0 1464/0 473/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][Chrome][Plen Bins: 0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,20,0,0,0,0]
+	7	TCP 192.168.1.249:45224 -> 77.88.21.37:443 [proto: 91.33/TLS.YandexMail][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Email/3][11 pkts/3137 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][< 1 sec][Hostname/SNI: mail.yandex.kz][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/0 51/0 16/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 285/0 1464/0 412/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][Chrome][Plen Bins: 0,0,25,0,0,0,0,0,0,0,0,0,25,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0]
+	8	TCP 192.168.1.249:42102 -> 178.154.131.216:443 [proto: 91.25/TLS.Yandex][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Web/5][11 pkts/1890 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][0.09 sec][Hostname/SNI: yastatic.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/0 31/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 172/0 583/0 178/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][Chrome][Plen Bins: 20,0,40,0,0,0,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	9	TCP 192.168.1.249:57126 -> 178.154.131.216:443 [proto: 91.25/TLS.Yandex][IP: 25/Yandex][Encrypted][Confidence: DPI][cat: Web/5][9 pkts/1819 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][3.52 sec][Hostname/SNI: yastatic.net][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 440/0 3495/0 1155/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 202/0 594/0 209/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: cd08e31494f9531f560d64c695473da9][Chrome][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/utils/asn_update.sh b/utils/asn_update.sh
index 5e976e625..281f27480 100755
--- a/utils/asn_update.sh
+++ b/utils/asn_update.sh
@@ -164,6 +164,16 @@ DEST=../src/lib/inc_generated/ndpi_asn_vk.c.inc
 create_list NDPI_PROTOCOL_VK $DEST "AS47541"
 echo "(3) VK IPs are available in $DEST"
 
+echo "(1) Downloading Yandex..."
+DEST=../src/lib/inc_generated/ndpi_asn_yandex.c.inc
+create_list NDPI_PROTOCOL_YANDEX $DEST "AS44534" "AS207207" "AS202611" "AS13238"
+echo "(3) Yandex IPs are available in $DEST"
+
+echo "(1) Downloading Yandex Cloud..."
+DEST=../src/lib/inc_generated/ndpi_asn_yandex_cloud.c.inc
+create_list NDPI_PROTOCOL_YANDEX_CLOUD $DEST "AS210656" "AS200350"
+echo "(3) Yandex Cloud IPs are available in $DEST"
+
 if [ ${TOTAL_ASN} -eq ${FAILED_ASN} ]; then
 	printf '%s: %s\n' "${0}" "All download(s) failed, ./get_routes_by_asn.sh broken?"
 	exit 1
author	0xA50C1A1 <105977161+0xA50C1A1@users.noreply.github.com>	2023-02-09 22:02:43 +0300
committer	GitHub <noreply@github.com>	2023-02-09 20:02:43 +0100
commit	ba4e145aad4c7dbd1cbc6d2a6557f3686447d96a (patch)
tree	0defe53aed3e20a16a326fb607d58de15cb74b2c
parent	b51a2ac72a3cbd1b470890d0151a46da28e6754e (diff)