aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2017-02-13 01:29:25 +0100
committerLuca Deri <deri@ntop.org>2017-02-13 01:29:25 +0100
commite2cfc96577be5fe97cd5ce63ac30b23cbfadce84 (patch)
treeb5a0dda703c5e6b5407d81e542b2d46b179578f7
parentb16769ddbe0f20000b52fa86b7a1d6a966705c28 (diff)
Improvements for exporting info in MDNS and UBNTAC2 protocols
Added test pcap file for UBNTAC2
Diffstat
9 files changed, 72 insertions, 13 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 4bf786aa8..72b495912 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -387,7 +387,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) {
flow->packets, (long long unsigned int) flow->bytes);
if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name);
-
+ if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info);
if(flow->ssh_ssl.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_ssl.client_info);
if(flow->ssh_ssl.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_ssl.server_info);
diff --git a/example/ndpi_util.c b/example/ndpi_util.c
index d5cb27d5a..3397d8a92 100644
--- a/example/ndpi_util.c
+++ b/example/ndpi_util.c
@@ -516,8 +516,12 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow,
}
if(n == 0) flow->bittorent_hash[0] = '\0';
+ } else if(flow->detected_protocol.protocol == NDPI_PROTOCOL_MDNS) {
+ snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.mdns.answer);
+ } else if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UBNTAC2) {
+ snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.ubntac2.version);
}
-
+
if((proto == IPPROTO_TCP) && (flow->detected_protocol.protocol != NDPI_PROTOCOL_DNS)) {
if(flow->detected_protocol.protocol == NDPI_PROTOCOL_SSH) {
snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s",
diff --git a/example/ndpi_util.h b/example/ndpi_util.h
index 171ab8e95..6ff17bac2 100644
--- a/example/ndpi_util.h
+++ b/example/ndpi_util.h
@@ -58,6 +58,7 @@ typedef struct ndpi_flow_info {
// result only, not used for flow identification
ndpi_protocol detected_protocol;
+ char info[96];
char host_server_name[192];
char bittorent_hash[41];
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 801f1e768..68e332c23 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -960,6 +960,14 @@ struct ndpi_flow_struct {
struct {
char client_signature[48], server_signature[48];
} ssh;
+
+ struct {
+ char answer[96];
+ } mdns;
+
+ struct {
+ char version[96];
+ } ubntac2;
} protos;
/*** ALL protocol specific 64 bit variables here ***/
diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c
index b3184c26f..0692b3252 100644
--- a/src/lib/protocols/mdns.c
+++ b/src/lib/protocols/mdns.c
@@ -63,13 +63,26 @@ static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct
ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS) {
NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n");
- return 1;
-
+ return 1;
}
else if((packet->payload[2] & 0x80) != 0 &&
ntohs(get_u_int16_t(packet->payload, 4)) == 0 &&
ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS &&
ntohs(get_u_int16_t(packet->payload, 6)) != 0) {
+ char answer[256];
+ int i, j, len;
+
+ for(i=13, j=0; (packet->payload[i] != 0) && (i < packet->payload_packet_len) && (i < (sizeof(answer)-1)); i++)
+ answer[j++] = (packet->payload[i] < 13) ? '.' : packet->payload[i];
+
+ answer[j] = '\0';
+
+ /* printf("==> [%d] %s\n", j, answer); */
+
+ len = ndpi_min(sizeof(flow->protos.mdns.answer)-1, j);
+ strncpy(flow->protos.mdns.answer, (const char *)answer, len);
+ flow->protos.mdns.answer[len] = '\0';
+
NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with answer query.\n");
return 1;
}
@@ -87,14 +100,12 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n
*/
/* check if UDP packet */
- if(packet->udp != NULL) {
-
+ if(packet->udp != NULL) {
/* read destination port */
dport = ntohs(packet->udp->dest);
/* check standard MDNS ON port 5353 */
if(dport == 5353 && packet->payload_packet_len >= 12) {
-
/* mdns protocol must have destination address 224.0.0.251 */
if(packet->iph != NULL && ntohl(packet->iph->daddr) == 0xe00000fb) {
diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c
index b465e0a30..7196ee884 100644
--- a/src/lib/protocols/ubntac2.c
+++ b/src/lib/protocols/ubntac2.c
@@ -37,12 +37,37 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc
if(packet->udp) {
if(packet->payload_packet_len >= 135 &&
- (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001)) &&
- memcmp(&(packet->payload[36]), "UBNT", 4) == 0) {
+ (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001))) {
+ int found = 0;
- NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n");
-
- ndpi_int_ubntac2_add_connection(ndpi_struct, flow);
+ if(memcmp(&(packet->payload[36]), "UBNT", 4) == 0) {
+ found = 36+5;
+ } else if(memcmp(&(packet->payload[49]), "ubnt", 4) == 0) {
+ found = 49+5;
+ }
+
+ if(found) {
+ char version[256];
+ int i, j, len;
+
+ found += packet->payload[found+1] + 4; /* Skip model name */
+ found++; /* Skip len*/
+
+ if(found < packet->payload_packet_len) {
+ for(i=found, j=0; (packet->payload[i] != 0) && (i < packet->payload_packet_len) && (i < (sizeof(version)-1)); i++)
+ version[j++] = packet->payload[i];
+
+ version[j] = '\0';
+
+ len = ndpi_min(sizeof(flow->protos.ubntac2.version)-1, j);
+ strncpy(flow->protos.ubntac2.version, (const char *)version, len);
+ flow->protos.ubntac2.version[len] = '\0';
+ }
+
+ NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n");
+
+ ndpi_int_ubntac2_add_connection(ndpi_struct, flow);
+ }
return;
}
}
diff --git a/tests/pcap/ubntac2.pcap b/tests/pcap/ubntac2.pcap
new file mode 100644
index 000000000..254700b61
--- /dev/null
+++ b/tests/pcap/ubntac2.pcap
Binary files differ
diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out
index 49579d00a..d8b67aab0 100644
--- a/tests/result/skype_no_unknown.pcap.out
+++ b/tests/result/skype_no_unknown.pcap.out
@@ -239,7 +239,7 @@ MS_OneDrive 348 181687 1
226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes]
227 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes]
228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes]
- 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes]
+ 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local]
230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes]
231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes]
232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes]
diff --git a/tests/result/ubntac2.pcap.out b/tests/result/ubntac2.pcap.out
new file mode 100644
index 000000000..02e7d8e59
--- /dev/null
+++ b/tests/result/ubntac2.pcap.out
@@ -0,0 +1,10 @@
+UBNTAC2 8 1736 8
+
+ 1 UDP 192.168.1.1:42838 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+ 2 UDP 192.168.1.1:47746 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+ 3 UDP 192.168.1.1:52220 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+ 4 UDP 192.168.1.1:59772 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+ 5 UDP 192.168.1.1:34085 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+ 6 UDP 192.168.1.1:44641 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+ 7 UDP 192.168.1.1:47871 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
+ 8 UDP 192.168.1.1:55321 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031]
Powered by cgit, Themed by Ted Yin.