diff options
| author | Luca Deri <deri@ntop.org> | 2019-09-29 21:46:41 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-09-29 21:46:41 +0200 |
| commit | f2a5bbef173ee7f5447871f26024b9639735c096 (patch) | |
| tree | 1607ba80cf3b27968e0f710a4552a3f959ea58b2 | |
| parent | 016d568c2b073339e97bdf44e00a702845fa935e (diff) | |
Reworked categories handling
Removed GenericProtocol and replaced with categories
Removed ndpi_pref_enable_category_substring_match option: substring matching is now default
| -rw-r--r-- | example/ndpiReader.c | 6 | ||||
| -rw-r--r-- | example/reader_util.c | 117 | ||||
| -rw-r--r-- | python/python_extensions_guide.pdf (renamed from python/python.pdf) | bin | 11854 -> 11854 bytes | |||
| -rw-r--r-- | src/include/ndpi_api.h | 27 | ||||
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 2 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 18 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 70 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 2176 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 4 | ||||
| -rw-r--r-- | tests/result/1kxun.pcap.out | 35 | ||||
| -rw-r--r-- | tests/result/malware.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/pps.pcap.out | 101 | ||||
| -rw-r--r-- | tests/result/quickplay.pcap.out | 24 | ||||
| -rw-r--r-- | tests/result/signal.pcap.out | 4 | ||||
| -rw-r--r-- | tests/result/viber.pcap.out | 5 |
15 files changed, 1289 insertions, 1302 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 7a13b90e2..1a54b59d4 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1851,9 +1851,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { ndpi_pref_http_dont_dissect_response, 0); ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct, ndpi_pref_dns_dont_dissect_response, 0); - ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct, - ndpi_pref_enable_category_substring_match, 1); - + ndpi_workflow_set_flow_detected_callback(ndpi_thread_info[thread_id].workflow, on_protocol_discovered, (void *)(uintptr_t)thread_id); @@ -1906,7 +1904,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { /* TODO free the strdup */ ndpi_load_hostname_category(ndpi_thread_info[thread_id].workflow->ndpi_struct, strdup(name), (ndpi_protocol_category_t)atoi(category)); - } + } } } } diff --git a/example/reader_util.c b/example/reader_util.c index 1a8fb2a1d..db25099a2 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -171,7 +171,7 @@ void ndpi_analyze_payload(struct ndpi_flow_info *flow, if((p = (struct packet_id_stats*)calloc(1, sizeof(struct packet_id_stats))) == NULL) return; /* OOM */ p->packet_id = packet_id; - + HASH_ADD_INT(ret->packets, packet_id, p); } } @@ -406,21 +406,27 @@ static int _debug_protocols_ok = 0; struct ndpi_workflow* ndpi_workflow_init(const struct ndpi_workflow_prefs * prefs, pcap_t * pcap_handle) { + struct ndpi_detection_module_struct * module; + struct ndpi_workflow * workflow; + set_ndpi_malloc(malloc_wrapper), set_ndpi_free(free_wrapper); set_ndpi_flow_malloc(NULL), set_ndpi_flow_free(NULL); + /* TODO: just needed here to init ndpi malloc wrapper */ - struct ndpi_detection_module_struct * module = ndpi_init_detection_module(); - if (module == NULL) { - NDPI_LOG(0, NULL, NDPI_LOG_ERROR, "global structure initialization failed\n"); - exit(-1); + module = ndpi_init_detection_module(); + + if(module == NULL) { + NDPI_LOG(0, NULL, NDPI_LOG_ERROR, "global structure initialization failed\n"); + exit(-1); } - struct ndpi_workflow * workflow = ndpi_calloc(1, sizeof(struct ndpi_workflow)); - if (workflow == NULL) { - NDPI_LOG(0, NULL, NDPI_LOG_ERROR, "global structure initialization failed\n"); - ndpi_free(module); - exit(-1); + workflow = ndpi_calloc(1, sizeof(struct ndpi_workflow)); + if(workflow == NULL) { + NDPI_LOG(0, NULL, NDPI_LOG_ERROR, "global structure initialization failed\n"); + ndpi_free(module); + exit(-1); } + workflow->pcap_handle = pcap_handle; workflow->prefs = *prefs; workflow->ndpi_struct = module; @@ -435,6 +441,7 @@ struct ndpi_workflow* ndpi_workflow_init(const struct ndpi_workflow_prefs * pref #ifdef NDPI_ENABLE_DEBUG_MESSAGES NDPI_BITMASK_RESET(module->debug_bitmask); + if(_debug_protocols_ok) module->debug_bitmask = debug_bitmask; #endif @@ -458,7 +465,7 @@ void ndpi_flow_info_freer(void *node) { if(flow->pktlen_s_to_c) ndpi_free_data_analysis(flow->pktlen_s_to_c); if(flow->iat_flow) ndpi_free_data_analysis(flow->iat_flow); - + ndpi_free(flow); } @@ -489,19 +496,19 @@ int ndpi_workflow_node_cmp(const void *a, const void *b) { if(fa->protocol < fb->protocol ) return(-1); else { if(fa->protocol > fb->protocol ) return(1); } if( - ( - (fa->src_ip == fb->src_ip ) - && (fa->src_port == fb->src_port) - && (fa->dst_ip == fb->dst_ip ) - && (fa->dst_port == fb->dst_port) - ) - || - ( - (fa->src_ip == fb->dst_ip ) - && (fa->src_port == fb->dst_port) - && (fa->dst_ip == fb->src_ip ) - && (fa->dst_port == fb->src_port) - ) + ( + (fa->src_ip == fb->src_ip ) + && (fa->src_port == fb->src_port) + && (fa->dst_ip == fb->dst_ip ) + && (fa->dst_port == fb->dst_port) + ) + || + ( + (fa->src_ip == fb->dst_ip ) + && (fa->src_port == fb->dst_port) + && (fa->dst_ip == fb->src_ip ) + && (fa->dst_port == fb->src_port) + ) ) return(0); @@ -537,21 +544,21 @@ ndpi_flow_update_byte_count(struct ndpi_flow_info *flow, const void *x, */ /* octet count was already incremented before processing this payload */ - if (src_to_dst_direction) { + if(src_to_dst_direction) { current_count = flow->src2dst_l4_bytes - len; } else { current_count = flow->dst2src_l4_bytes - len; } - if (current_count < ETTA_MIN_OCTETS) { - for (i=0; i<len; i++) { - if (src_to_dst_direction) { + if(current_count < ETTA_MIN_OCTETS) { + for(i=0; i<len; i++) { + if(src_to_dst_direction) { flow->src2dst_byte_count[data[i]]++; } else { flow->dst2src_byte_count[data[i]]++; } current_count++; - if (current_count >= ETTA_MIN_OCTETS) { + if(current_count >= ETTA_MIN_OCTETS) { break; } } @@ -574,8 +581,8 @@ ndpi_flow_update_byte_dist_mean_var(ndpi_flow_info_t *flow, const void *x, double delta; unsigned int i; - for (i=0; i<len; i++) { - if (src_to_dst_direction) { + for(i=0; i<len; i++) { + if(src_to_dst_direction) { flow->src2dst_num_bytes += 1; delta = ((double)data[i] - flow->src2dst_bd_mean); flow->src2dst_bd_mean += delta/((double)flow->src2dst_num_bytes); @@ -597,9 +604,9 @@ float ndpi_flow_get_byte_count_entropy(const uint32_t byte_count[256], int i; float tmp, sum = 0.0; - for (i=0; i<256; i++) { + for(i=0; i<256; i++) { tmp = (float) byte_count[i] / (float) num_bytes; - if (tmp > FLT_EPSILON) { + if(tmp > FLT_EPSILON) { sum -= tmp * logf(tmp); } } @@ -714,7 +721,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow *payload_len = (l4_packet_len > sizeof(struct ndpi_icmphdr)) ? l4_packet_len-sizeof(struct ndpi_icmphdr) : 0; l4_data_len = l4_packet_len - sizeof(struct ndpi_icmphdr); *sport = *dport = 0; - } else if (*proto == IPPROTO_ICMPV6) { + } else if(*proto == IPPROTO_ICMPV6) { *payload = (u_int8_t*)&l4[sizeof(struct ndpi_icmp6hdr)]; *payload_len = (l4_packet_len > sizeof(struct ndpi_icmp6hdr)) ? l4_packet_len-sizeof(struct ndpi_icmp6hdr) : 0; l4_data_len = l4_packet_len - sizeof(struct ndpi_icmp6hdr); @@ -734,7 +741,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow printf("hashval=%u [%u][%u][%u:%u][%u:%u]\n", hashval, flow.protocol, flow.vlan_id, flow.src_ip, flow.src_port, flow.dst_ip, flow.dst_port); #endif - + idx = hashval % workflow->prefs.num_roots; ret = ndpi_tfind(&flow, &workflow->ndpi_flows_root[idx], ndpi_workflow_node_cmp); @@ -821,11 +828,11 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow *src = newflow->src_id, *dst = newflow->dst_id; newflow->src2dst_pkt_len[newflow->src2dst_pkt_count] = l4_packet_len; newflow->src2dst_pkt_time[newflow->src2dst_pkt_count] = when; - if (newflow->src2dst_pkt_count == 0) { + if(newflow->src2dst_pkt_count == 0) { newflow->src2dst_start = when; } newflow->src2dst_pkt_count++; - if (l4_data_len != 0XFEEDFACE) { + if(l4_data_len != 0XFEEDFACE) { newflow->src2dst_opackets++; } return newflow; @@ -838,7 +845,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow && flow->dst_ip == iph->daddr && flow->src_port == htons(*sport) && flow->dst_port == htons(*dport) - ) + ) *src = flow->dst_id, *dst = flow->src_id, *src_to_dst_direction = 0, flow->bidirectional = 1; else *src = flow->src_id, *dst = flow->dst_id, *src_to_dst_direction = 1; @@ -848,30 +855,30 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow && flow->dst_ip == iph->daddr && flow->src_port == htons(*sport) && flow->dst_port == htons(*dport) - ) + ) *src = flow->src_id, *dst = flow->dst_id, *src_to_dst_direction = 1; else *src = flow->dst_id, *dst = flow->src_id, *src_to_dst_direction = 0, flow->bidirectional = 1; } - if (src_to_dst_direction) { - if (flow->src2dst_pkt_count < MAX_NUM_PKTS) { + if(src_to_dst_direction) { + if(flow->src2dst_pkt_count < MAX_NUM_PKTS) { flow->src2dst_pkt_len[flow->src2dst_pkt_count] = l4_packet_len; flow->src2dst_pkt_time[flow->src2dst_pkt_count] = when; flow->src2dst_pkt_count++; } - if (l4_data_len != 0XFEEDFACE) { + if(l4_data_len != 0XFEEDFACE) { flow->src2dst_opackets++; } } else { - if (flow->dst2src_pkt_count < MAX_NUM_PKTS) { + if(flow->dst2src_pkt_count < MAX_NUM_PKTS) { flow->dst2src_pkt_len[flow->dst2src_pkt_count] = l4_packet_len; flow->dst2src_pkt_time[flow->dst2src_pkt_count] = when; - if (flow->dst2src_pkt_count == 0) { + if(flow->dst2src_pkt_count == 0) { flow->dst2src_start = when; } flow->dst2src_pkt_count++; } - if (l4_data_len != 0XFEEDFACE) { + if(l4_data_len != 0XFEEDFACE) { flow->dst2src_opackets++; } } @@ -985,7 +992,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl else if((flow->detected_protocol.app_protocol == NDPI_PROTOCOL_TLS) || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_TLS) || (flow->ndpi_flow->protos.stun_ssl.ssl.ja3_client[0] != '\0') - ) { + ) { flow->ssh_tls.ssl_version = flow->ndpi_flow->protos.stun_ssl.ssl.ssl_version; snprintf(flow->ssh_tls.client_info, sizeof(flow->ssh_tls.client_info), "%s", flow->ndpi_flow->protos.stun_ssl.ssl.client_certificate); @@ -1073,7 +1080,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if((tcph != NULL) && (tcph->fin || tcph->rst || tcph->syn)) begin_or_end_tcp = 1; - + if(flow->flow_last_pkt_time.tv_sec) { ndpi_timer_sub(&when, &flow->flow_last_pkt_time, &tdiff); @@ -1121,8 +1128,8 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if(enable_payload_analyzer && (payload_len > 0)) ndpi_payload_analyzer(flow, src_to_dst_direction, payload, payload_len, - workflow->stats.ip_packet_count); - + workflow->stats.ip_packet_count); + if(enable_joy_stats) { /* Update BD, distribution and mean. */ ndpi_flow_update_byte_count(flow, payload, payload_len, src_to_dst_direction); @@ -1131,7 +1138,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, if(flow->first_seen == 0) flow->first_seen = time; - + flow->last_seen = time; if(!flow->has_human_readeable_strings) { @@ -1280,7 +1287,7 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, datalink_type = (int)pcap_datalink(workflow->pcap_handle); #endif -datalink_check: + datalink_check: switch(datalink_type) { case DLT_NULL: if(ntohl(*((u_int32_t*)&packet[eth_offset])) == 2) @@ -1416,7 +1423,7 @@ datalink_check: workflow->stats.vlan_count += vlan_packet; -iph_check: + iph_check: /* Check and set IP header size and total packet length */ iph = (struct ndpi_iphdr *) &packet[ip_offset]; @@ -1610,7 +1617,7 @@ u_int32_t ethernet_crc32(const void* data, size_t n_bytes) { #ifdef USE_DPDK static const struct rte_eth_conf port_conf_default = { - .rxmode = { .max_rx_pkt_len = ETHER_MAX_LEN } + .rxmode = { .max_rx_pkt_len = ETHER_MAX_LEN } }; /* ************************************ */ @@ -1627,13 +1634,13 @@ int dpdk_port_init(int port, struct rte_mempool *mbuf_pool) { if(retval != 0) return retval; - for (q = 0; q < rx_rings; q++) { + for(q = 0; q < rx_rings; q++) { retval = rte_eth_rx_queue_setup(port, q, RX_RING_SIZE, rte_eth_dev_socket_id(port), NULL, mbuf_pool); if(retval < 0) return retval; } - for (q = 0; q < tx_rings; q++) { + for(q = 0; q < tx_rings; q++) { retval = rte_eth_tx_queue_setup(port, q, TX_RING_SIZE, rte_eth_dev_socket_id(port), NULL); if(retval < 0) return retval; diff --git a/python/python.pdf b/python/python_extensions_guide.pdf Binary files differindex 10c4f08b6..10c4f08b6 100644 --- a/python/python.pdf +++ b/python/python_extensions_guide.pdf diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 34b1fed67..194afa7d6 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -383,13 +383,12 @@ extern "C" { * @return the ID of the matched subprotocol * */ - int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - char *string_to_match, - u_int string_to_match_len, - ndpi_protocol_match_result *ret_match, - u_int16_t master_protocol_id); - + u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + char *string_to_match, + u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, + u_int16_t master_protocol_id); /** * Check if the string content passed match with a protocol @@ -403,12 +402,12 @@ extern "C" { * @return the ID of the matched subprotocol * */ - int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - char *string_to_match, - u_int string_to_match_len, - ndpi_protocol_match_result *ret_match, - u_int16_t master_protocol_id); + u_int16_t ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + char *string_to_match, + u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, + u_int16_t master_protocol_id); /** * Exclude protocol from search * @@ -755,7 +754,7 @@ extern "C" { u_int32_t daddr, ndpi_protocol *ret); int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_struct, - char *name, unsigned long *id); + char *name, unsigned long *id); void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, ndpi_protocol *ret); diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 812360e20..874c50e14 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -171,7 +171,7 @@ typedef enum { NDPI_PROTOCOL_LASTFM = 134, NDPI_PROTOCOL_WAZE = 135, NDPI_PROTOCOL_YOUTUBE_UPLOAD = 136, /* Upload files to youtube */ - NDPI_PROTOCOL_GENERIC = 137, /* Generic protocol used for category matching */ + NDPI_PROTOCOL_FREE_137 = 137, /* Free */ NDPI_PROTOCOL_CHECKMK = 138, NDPI_PROTOCOL_AJP = 139, /* Leonn Paiva <leonn.paiva@gmail.com> */ NDPI_PROTOCOL_APPLE = 140, diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index ccc4faec7..3e71c2ab2 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -919,11 +919,10 @@ typedef enum { } ndpi_protocol_category_t; typedef enum { - ndpi_pref_http_dont_dissect_response = 0, - ndpi_pref_dns_dont_dissect_response, - ndpi_pref_direction_detect_disable, - ndpi_pref_disable_metadata_export, - ndpi_pref_enable_category_substring_match + ndpi_pref_http_dont_dissect_response = 0, + ndpi_pref_dns_dont_dissect_response, + ndpi_pref_direction_detect_disable, + ndpi_pref_disable_metadata_export, } ndpi_detection_preference; /* ntop extensions */ @@ -1048,7 +1047,6 @@ struct ndpi_detection_module_struct { #else ndpi_automa hostnames, hostnames_shadow; #endif - void *hostnames_hash; void *ipAddresses, *ipAddresses_shadow; /* Patricia */ u_int8_t categories_loaded; } custom_categories; @@ -1102,8 +1100,7 @@ struct ndpi_detection_module_struct { u_int8_t http_dont_dissect_response:1, dns_dont_dissect_response:1, direction_detect_disable:1, /* disable internal detection of packet direction */ - disable_metadata_export:1, /* No metadata is exported */ - enable_category_substring_match:1 /* Default is perfect match */ + disable_metadata_export:1 /* No metadata is exported */ ; void *hyperscan; /* Intel Hyperscan */ @@ -1338,6 +1335,11 @@ typedef struct { } ndpi_protocol_match; typedef struct { + char *string_to_match, *hyperscan_string_to_match; + ndpi_protocol_category_t protocol_category; +} ndpi_category_match; + +typedef struct { u_int32_t network; u_int8_t cidr; u_int8_t value; diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index c6e753de6..db1dedbdc 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1,7 +1,7 @@ /* * ndpi_content_match.c * - * Copyright (C) 2011-18 - ntop.org + * Copyright (C) 2011-19 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -8382,7 +8382,7 @@ https://www.regular-expressions.info/email.html /* ****************************************************** */ -ndpi_protocol_match host_match[] = { +static ndpi_protocol_match host_match[] = { { "s3.ll.dash.row.aiv-cdn.net", NULL, "s3\\.ll\\.dash\\.row\\.aiv-cdn\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN }, { "s3-dub.cf.dash.row.aiv-cdn.net", NULL, "s3-dub\\.cf\\.dash\\.row\\.aiv-cdn\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN }, { "dmqdd6hw24ucf.cloudfront.net", NULL, "dmqdd6hw24ucf\\.cloudfront\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN }, @@ -8425,16 +8425,9 @@ ndpi_protocol_match host_match[] = { { ".xboxlive.com", NULL, "xboxlive" TLD, "Xbox", NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".xboxlive.com.akadns.net", NULL, "xboxlive" TLD, "Xbox", NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".xboxlive.com.c.footprint.net", NULL, "xboxlive" TLD, "Xbox", NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".edgecastcdn.net", NULL, "egdecastcdn" TLD, "Unknown", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_SAFE }, - { ".hwcdn.net", NULL, "hwcdn" TLD, "Unknown", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_SAFE }, - { ".llnwd.net", NULL, "llnwd" TLD, "Unknown", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_SAFE }, - { ".llns.net", NULL, "llns" TLD, "Unknown", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_SAFE }, - { ".fastly.net", NULL, "fastly" TLD, "Unknown", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_SAFE }, - { ".akamaiedge.net", NULL, "akamaiedge" TLD, "Unknown", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_SAFE }, { "e13555.b.akamaiedge.net", NULL, "e13555\\.b\\.akamaiedge" TLD, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "e1800.d.akamaiedge.net", NULL, "e1800\\.d\\.akamaiedge" TLD, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "e1879.e7.akamaiedge.net", NULL, "e1879\\.e7\\.akamaiedge" TLD, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".vultr.com", NULL, "vultr" TLD, "Unknown", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { ".cnn.c", NULL, "\\.cnn" TLD, "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".cnn.net", NULL, NULL, "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8779,39 +8772,10 @@ ndpi_protocol_match host_match[] = { /* VidTO streaming service - NOTE: this is a possible candidate for NDPI_PROTOCOL_GENERIC */ { ".vidto.me", NULL, "\\.vidto" TLD, "VidTO", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".vidto.se", NULL, NULL, "VidTO", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - /* - Not so popular services without a protocl dissector (and thus not worth a protocolId) that are handled/detected by categpory rather - than by protocol id. They are bound to a generic protocol (NDPI_PROTOCOL_GENERIC) and placed onto the right category - */ - { "quickplay.com", NULL, "quickplay" TLD, "QuickPlay", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - - { ".iqiyi.com", NULL, "\\.iqiyi" TLD, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", NULL, "\\.qiyi" TLD, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".71.am", NULL, "\\.71" TLD, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", NULL, "\\.qiyipic" TLD, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - - { ".1kxun.", NULL, "\\.1kxun\\.", "1kxun", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", NULL, "tcad\\.wedolook" TLD, "1kxun", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - - { "baidu.com", NULL, "baidu" TLD, "baidu", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - - { "icq.", NULL, "icq" TLD, "ICQ", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - - - /* RapidVideo streaming */ - { ".rapidvideo.com", NULL, "\\.rapidvideo" TLD, "RapidVideo", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".playercdn.net", NULL, "\\.playercdn" TLD, "RapidVideo", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - - /* showmax.com video streaming */ - { "showmax.com", NULL, "showmax" TLD, "Showmax", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN }, - { "showmax.akamaized.net", NULL, "showmax\\.akamaized" TLD, "Showmax", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN }, - { "snapcraft.io", NULL, "snapcraft\\.io" TLD, "UbuntuONE", NDPI_PROTOCOL_UBUNTUONE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "ubuntu.com", NULL, "ubuntu\\.com" TLD, "UbuntuONE", NDPI_PROTOCOL_UBUNTUONE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8822,6 +8786,33 @@ ndpi_protocol_match host_match[] = { { NULL, NULL, NULL, 0 } }; + +/* ******************************************************************** */ + +static ndpi_category_match category_match[] = { + { ".edgecastcdn.net", "egdecastcdn" TLD, NDPI_PROTOCOL_CATEGORY_MEDIA }, + { ".hwcdn.net", "hwcdn" TLD, NDPI_PROTOCOL_CATEGORY_MEDIA }, + { ".llnwd.net", "llnwd" TLD, NDPI_PROTOCOL_CATEGORY_MEDIA }, + { ".llns.net", "llns" TLD, NDPI_PROTOCOL_CATEGORY_MEDIA }, + { ".fastly.net", "fastly" TLD, NDPI_PROTOCOL_CATEGORY_MEDIA }, + { ".akamaiedge.net", "akamaiedge" TLD, NDPI_PROTOCOL_CATEGORY_MEDIA }, + { ".vultr.com", "vultr" TLD, NDPI_PROTOCOL_CATEGORY_CLOUD }, + { "baidu.com", "baidu" TLD, NDPI_PROTOCOL_CATEGORY_WEB }, + { "icq.com", "icq" TLD, NDPI_PROTOCOL_CATEGORY_CHAT }, + { "quickplay.com", "quickplay" TLD, NDPI_PROTOCOL_CATEGORY_STREAMING }, + { ".iqiyi.com", "\\.iqiyi" TLD, NDPI_PROTOCOL_CATEGORY_STREAMING }, + { ".qiyi.com", "\\.qiyi" TLD, NDPI_PROTOCOL_CATEGORY_STREAMING }, + { ".71.am", "\\.71" TLD, NDPI_PROTOCOL_CATEGORY_STREAMING }, + { ".qiyipic.com", "\\.qiyipic" TLD, NDPI_PROTOCOL_CATEGORY_STREAMING }, + { ".1kxun.", "\\.1kxun\\.", NDPI_PROTOCOL_CATEGORY_STREAMING }, + { "tcad.wedolook.com", "tcad\\.wedolook" TLD, NDPI_PROTOCOL_CATEGORY_STREAMING }, + { ".rapidvideo.com", "\\.rapidvideo" TLD, NDPI_PROTOCOL_CATEGORY_STREAMING }, + { ".playercdn.net", "\\.playercdn" TLD, NDPI_PROTOCOL_CATEGORY_STREAMING }, + { "showmax.com", "showmax" TLD, NDPI_PROTOCOL_CATEGORY_STREAMING }, + { "showmax.akamaized.net", "showmax\\.akamaized" TLD, NDPI_PROTOCOL_CATEGORY_STREAMING }, + { NULL, NULL, 0 } +}; + /* ******************************************************************** */ /* @@ -8882,7 +8873,8 @@ static const char *ndpi_en_bigrams[] = { "mw", "nw", "ow", "pw", "rw", "sw", "tw", "uw", "ww", "xw", "yw", "zw", "ax", "ex", "ix", "nx", "ox", "rx", "ux", "xx", "yx", "ay", "by", "cy", "dy", "ey", "fy", "gy", "hy", "ky", "ly", "my", "ny", "oy", "py", "ry", "sy", "ty", "uy", "vy", "wy", "xy", "yy", "zy", "az", "bz", "cz", "dz", "ez", "gz", "iz", - "lz", "nz", "oz", "pz", "rz", "tz", "uz", "zz", NULL }; + "lz", "nz", "oz", "pz", "rz", "tz", "uz", "zz", + NULL }; /* ******************************************************************** */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b3271f8ca..c17b971a1 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -49,8 +49,6 @@ #include "third_party/include/ndpi_patricia.h" #include "third_party/include/ht_hash.h" -#define NDPI_CONST_GENERIC_PROTOCOL_NAME "GenericProtocol" - /* stun.c */ extern u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow); @@ -69,7 +67,7 @@ static void (*_ndpi_free)(void *ptr); /* ****************************************** */ /* Forward */ -static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_mod, +static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_str, ndpi_port_range *range, ndpi_proto_defaults_t *def, u_int8_t customUserProto, @@ -82,8 +80,8 @@ static int removeDefaultPort(ndpi_port_range *range, /* ****************************************** */ -void * ndpi_malloc(size_t size) { return(_ndpi_malloc ? _ndpi_malloc(size) : malloc(size)); } -void * ndpi_flow_malloc(size_t size) { return(_ndpi_flow_malloc ? _ndpi_flow_malloc(size) : ndpi_malloc(size)); } +void* ndpi_malloc(size_t size) { return(_ndpi_malloc ? _ndpi_malloc(size) : malloc(size)); } +void* ndpi_flow_malloc(size_t size) { return(_ndpi_flow_malloc ? _ndpi_flow_malloc(size) : ndpi_malloc(size)); } /* ****************************************** */ @@ -147,25 +145,25 @@ char * ndpi_strdup(const char *s) /* *********************************************************************************** */ -u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void) { return sizeof(struct ndpi_flow_struct); } +u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void) { return(sizeof(struct ndpi_flow_struct)); } /* *********************************************************************************** */ -u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void) { return sizeof(struct ndpi_id_struct); } +u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void) { return(sizeof(struct ndpi_id_struct)); } /* *********************************************************************************** */ -char * ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id) { - return((id >= ndpi_mod->ndpi_num_supported_protocols) ? NULL : ndpi_mod->proto_defaults[id].protoName); +char * ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_str, u_int id) { + return((id >= ndpi_str->ndpi_num_supported_protocols) ? NULL : ndpi_str->proto_defaults[id].protoName); } /* *********************************************************************************** */ -u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) { - u_int16_t i, num = ndpi_get_num_supported_protocols(ndpi_mod); +u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_str, const char *name) { + u_int16_t i, num = ndpi_get_num_supported_protocols(ndpi_str); for(i = 0; i < num; i++) - if(strcasecmp(ndpi_get_proto_by_id(ndpi_mod, i), name) == 0) + if(strcasecmp(ndpi_get_proto_by_id(ndpi_str, i), name) == 0) return(i); return(NDPI_PROTOCOL_UNKNOWN); @@ -213,22 +211,22 @@ ndpi_port_range * ndpi_build_default_ports(ndpi_port_range *ports, /* ********************************************************************************** */ -void ndpi_set_proto_breed(struct ndpi_detection_module_struct *ndpi_mod, +void ndpi_set_proto_breed(struct ndpi_detection_module_struct *ndpi_str, u_int16_t protoId, ndpi_protocol_breed_t breed) { if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) return; else - ndpi_mod->proto_defaults[protoId].protoBreed = breed; + ndpi_str->proto_defaults[protoId].protoBreed = breed; } /* ********************************************************************************** */ -void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod, +void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_str, u_int16_t protoId, ndpi_protocol_category_t protoCategory) { if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) return; else - ndpi_mod->proto_defaults[protoId].protoCategory = protoCategory; + ndpi_str->proto_defaults[protoId].protoCategory = protoCategory; } /* ********************************************************************************** */ @@ -244,7 +242,7 @@ void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod, - HTTP/SSL are NOT informative as SSL.Facebook (likely) means that this is SSL (HTTPS) traffic containg Facebook traffic. */ -u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod, +u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_str, u_int16_t protoId) { if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) return(0); @@ -260,19 +258,18 @@ u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *nd } /* ********************************************************************************** */ -void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int16_t protocol_id, const char *_file, const char *_func,int _line) { - if(protocol_id < NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) { #ifdef NDPI_ENABLE_DEBUG_MESSAGES - if( ndpi_struct && - ndpi_struct->ndpi_log_level >= NDPI_LOG_DEBUG && - ndpi_struct->ndpi_debug_printf != NULL) { + if( ndpi_str && + ndpi_str->ndpi_log_level >= NDPI_LOG_DEBUG && + ndpi_str->ndpi_debug_printf != NULL) { - (*(ndpi_struct->ndpi_debug_printf))(protocol_id, ndpi_struct, NDPI_LOG_DEBUG, - _file, _func, _line, "exclude %s\n",ndpi_get_proto_name(ndpi_struct, protocol_id)); + (*(ndpi_str->ndpi_debug_printf))(protocol_id, ndpi_str, NDPI_LOG_DEBUG, + _file, _func, _line, "exclude %s\n",ndpi_get_proto_name(ndpi_str, protocol_id)); } #endif NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, protocol_id); @@ -281,7 +278,7 @@ void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************** */ -void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, +void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol_breed_t breed, u_int16_t protoId, u_int8_t can_have_a_subprotocol, u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2], @@ -292,37 +289,37 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) { #ifdef DEBUG - NDPI_LOG_ERR(ndpi_mod, "[NDPI] %s/protoId=%d: INTERNAL ERROR\n", protoName, protoId); + NDPI_LOG_ERR(ndpi_str, "[NDPI] %s/protoId=%d: INTERNAL ERROR\n", protoName, protoId); #endif return; } - if(ndpi_mod->proto_defaults[protoId].protoName != NULL) { + if(ndpi_str->proto_defaults[protoId].protoName != NULL) { #ifdef DEBUG - NDPI_LOG_ERR(ndpi_mod, "[NDPI] %s/protoId=%d: already initialized. Ignoring it\n", protoName, protoId); + NDPI_LOG_ERR(ndpi_str, "[NDPI] %s/protoId=%d: already initialized. Ignoring it\n", protoName, protoId); #endif return; } name = ndpi_strdup(protoName); - ndpi_mod->proto_defaults[protoId].protoName = name, - ndpi_mod->proto_defaults[protoId].protoCategory = protoCategory, - ndpi_mod->proto_defaults[protoId].protoId = protoId, - ndpi_mod->proto_defaults[protoId].protoBreed = breed; - ndpi_mod->proto_defaults[protoId].can_have_a_subprotocol = can_have_a_subprotocol; + ndpi_str->proto_defaults[protoId].protoName = name, + ndpi_str->proto_defaults[protoId].protoCategory = protoCategory, + ndpi_str->proto_defaults[protoId].protoId = protoId, + ndpi_str->proto_defaults[protoId].protoBreed = breed; + ndpi_str->proto_defaults[protoId].can_have_a_subprotocol = can_have_a_subprotocol; - memcpy(&ndpi_mod->proto_defaults[protoId].master_tcp_protoId, tcp_master_protoId, 2*sizeof(u_int16_t)); - memcpy(&ndpi_mod->proto_defaults[protoId].master_udp_protoId, udp_master_protoId, 2*sizeof(u_int16_t)); + memcpy(&ndpi_str->proto_defaults[protoId].master_tcp_protoId, tcp_master_protoId, 2*sizeof(u_int16_t)); + memcpy(&ndpi_str->proto_defaults[protoId].master_udp_protoId, udp_master_protoId, 2*sizeof(u_int16_t)); for(j=0; j<MAX_DEFAULT_PORTS; j++) { if(udpDefPorts[j].port_low != 0) - addDefaultPort(ndpi_mod, &udpDefPorts[j], - &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->udpRoot, __FUNCTION__,__LINE__); + addDefaultPort(ndpi_str, &udpDefPorts[j], + &ndpi_str->proto_defaults[protoId], 0, &ndpi_str->udpRoot, __FUNCTION__,__LINE__); if(tcpDefPorts[j].port_low != 0) - addDefaultPort(ndpi_mod, &tcpDefPorts[j], - &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->tcpRoot, __FUNCTION__,__LINE__); + addDefaultPort(ndpi_str, &tcpDefPorts[j], + &ndpi_str->proto_defaults[protoId], 0, &ndpi_str->tcpRoot, __FUNCTION__,__LINE__); } } @@ -355,7 +352,7 @@ void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT wh /* ******************************************************************** */ -static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_mod, +static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_str, ndpi_port_range *range, ndpi_proto_defaults_t *def, u_int8_t customUserProto, @@ -368,7 +365,7 @@ static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_mod, ndpi_default_ports_tree_node_t *node = (ndpi_default_ports_tree_node_t*)ndpi_malloc(sizeof(ndpi_default_ports_tree_node_t)); if(!node) { - NDPI_LOG_ERR(ndpi_mod, "%s:%d not enough memory\n", _func, _line); + NDPI_LOG_ERR(ndpi_str, "%s:%d not enough memory\n", _func, _line); break; } @@ -376,7 +373,7 @@ static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_mod, ret = (ndpi_default_ports_tree_node_t*)ndpi_tsearch(node, (void*)root, ndpi_default_ports_tree_node_t_cmp); /* Add it to the tree */ if(ret != node) { - NDPI_LOG_DBG(ndpi_mod, "[NDPI] %s:%d found duplicate for port %u: overwriting it with new value\n", + NDPI_LOG_DBG(ndpi_str, "[NDPI] %s:%d found duplicate for port %u: overwriting it with new value\n", _func, _line, port); ret->proto = def; @@ -417,7 +414,7 @@ static int removeDefaultPort(ndpi_port_range *range, /* ****************************************************** */ -static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struct, +static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_str, ndpi_automa *automa, char *value, u_int16_t protocol_id, ndpi_protocol_category_t category, @@ -425,7 +422,7 @@ static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struc AC_PATTERN_t ac_pattern; if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) { - NDPI_LOG_ERR(ndpi_struct, "[NDPI] protoId=%d: INTERNAL ERROR\n", protocol_id); + NDPI_LOG_ERR(ndpi_str, "[NDPI] protoId=%d: INTERNAL ERROR\n", protocol_id); return(-1); } @@ -457,27 +454,27 @@ static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struc This function should free the memory during program termination */ -static void ndpi_free_memory_at_termination(struct ndpi_detection_module_struct *ndpi_struct, char *buf) { +static void ndpi_free_memory_at_termination(struct ndpi_detection_module_struct *ndpi_str, char *buf) { } /* ****************************************************** */ -static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, +static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_str, char *_value, int protocol_id, ndpi_protocol_category_t category, ndpi_protocol_breed_t breed) { char *value = ndpi_strdup(_value); - if(!value) return(-1); else ndpi_free_memory_at_termination(ndpi_struct, value); + if(!value) return(-1); else ndpi_free_memory_at_termination(ndpi_str, value); #ifdef DEBUG - NDPI_LOG_DEBUG2(ndpi_struct, "[NDPI] Adding [%s][%d]\n", value, protocol_id); + NDPI_LOG_DEBUG2(ndpi_str, "[NDPI] Adding [%s][%d]\n", value, protocol_id); #endif - return(ndpi_string_to_automa(ndpi_struct, - &ndpi_struct->host_automa, + return(ndpi_string_to_automa(ndpi_str, + &ndpi_str->host_automa, value, protocol_id, category, breed)); @@ -486,11 +483,11 @@ static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *nd /* ****************************************************** */ #ifdef CODE_UNUSED -int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, +int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_str, char *value, int protocol_id, ndpi_protocol_category_t category, ndpi_protocol_breed_t breed) { - return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->content_automa, + return(ndpi_string_to_automa(ndpi_str, &ndpi_str->content_automa, value, protocol_id, category, breed)); } #endif @@ -503,42 +500,39 @@ int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struc This function must be called with a semaphore set, this in order to avoid changing the datastructures while using them */ -static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, +static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_str, char *value, int protocol_id) { - NDPI_LOG_ERR(ndpi_struct, "[NDPI] Missing implementation for proto %s/%d\n",value,protocol_id); + NDPI_LOG_ERR(ndpi_str, "[NDPI] Missing implementation for proto %s/%d\n",value,protocol_id); return(-1); } /* ******************************************************************** */ -void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, +void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol_match *match) { u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; - if(ndpi_mod->proto_defaults[match->protocol_id].protoName == NULL) { - if(match->protocol_id == NDPI_PROTOCOL_GENERIC) - ndpi_mod->proto_defaults[match->protocol_id].protoName = ndpi_strdup(NDPI_CONST_GENERIC_PROTOCOL_NAME); - else - ndpi_mod->proto_defaults[match->protocol_id].protoName = ndpi_strdup(match->proto_name); + if(ndpi_str->proto_defaults[match->protocol_id].protoName == NULL) { + ndpi_str->proto_defaults[match->protocol_id].protoName = ndpi_strdup(match->proto_name); - ndpi_mod->proto_defaults[match->protocol_id].protoId = match->protocol_id; - ndpi_mod->proto_defaults[match->protocol_id].protoCategory = match->protocol_category; - ndpi_mod->proto_defaults[match->protocol_id].protoBreed = match->protocol_breed; + ndpi_str->proto_defaults[match->protocol_id].protoId = match->protocol_id; + ndpi_str->proto_defaults[match->protocol_id].protoCategory = match->protocol_category; + ndpi_str->proto_defaults[match->protocol_id].protoBreed = match->protocol_breed; - ndpi_set_proto_defaults(ndpi_mod, - ndpi_mod->proto_defaults[match->protocol_id].protoBreed, - ndpi_mod->proto_defaults[match->protocol_id].protoId, + ndpi_set_proto_defaults(ndpi_str, + ndpi_str->proto_defaults[match->protocol_id].protoBreed, + ndpi_str->proto_defaults[match->protocol_id].protoId, 0 /* can_have_a_subprotocol */, no_master, no_master, - ndpi_mod->proto_defaults[match->protocol_id].protoName, - ndpi_mod->proto_defaults[match->protocol_id].protoCategory, + ndpi_str->proto_defaults[match->protocol_id].protoName, + ndpi_str->proto_defaults[match->protocol_id].protoCategory, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); } - ndpi_add_host_url_subprotocol(ndpi_mod, + ndpi_add_host_url_subprotocol(ndpi_str, match->string_to_match, match->protocol_id, match->protocol_category, @@ -556,19 +550,19 @@ static int hyperscan_load_patterns(struct hs *hs, u_int num_patterns, if(hs_compile_multi(expressions, NULL, ids, num_patterns, HS_MODE_BLOCK, NULL, &hs->database, &compile_err) != HS_SUCCESS) { - NDPI_LOG_ERR(ndpi_mod, "Unable to initialize hyperscan database\n"); + NDPI_LOG_ERR(ndpi_str, "Unable to initialize hyperscan database\n"); hs_free_compile_error(compile_err); - return -1; + return(-1); } hs->scratch = NULL; if(hs_alloc_scratch(hs->database, &hs->scratch) != HS_SUCCESS) { - NDPI_LOG_ERR(ndpi_mod, "Unable to allocate hyperscan scratch space\n"); + NDPI_LOG_ERR(ndpi_str, "Unable to allocate hyperscan scratch space\n"); hs_free_database(hs->database); - return -1; + return(-1); } - return 0; + return(0); } /* ******************************************************************** */ @@ -578,7 +572,7 @@ static char* string2hex(const char *pat) { char *hexbuf, *buf; patlen = strlen(pat); - hexbuf = (char*)calloc(sizeof(char), patlen * 4 + 1); + hexbuf = (char*)ndpi_calloc(sizeof(char), patlen * 4 + 1); if(!hexbuf) return(NULL); for (i = 0, buf = hexbuf; i < patlen; i++, buf += 4) { @@ -586,10 +580,10 @@ static char* string2hex(const char *pat) { } *buf = '\0'; - return hexbuf; + return(hexbuf); } -static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { +static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_str) { u_int num_patterns = 0, i, j; char **expressions; unsigned int *ids; @@ -597,27 +591,27 @@ static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { struct hs *hs; int rc; - ndpi_mod->hyperscan = (void*)malloc(sizeof(struct hs)); - if(!ndpi_mod->hyperscan) return(-1); - hs = (struct hs*)ndpi_mod->hyperscan; + ndpi_str->hyperscan = (void*)ndpi_malloc(sizeof(struct hs)); + if(!ndpi_str->hyperscan) return(-1); + hs = (struct hs*)ndpi_str->hyperscan; - for(i = 0; host_match[i].string_to_match != NULL || host_match[i].pattern_to_match != NULL; i++) { + for(i = 0; (host_match[i].string_to_match != NULL) + || (host_match[i].pattern_to_match != NULL); i++) num_patterns++; - } - expressions = (char**)calloc(sizeof(char*), num_patterns + 1); + expressions = (char**)ndpi_calloc(sizeof(char*), num_patterns + 1); if(!expressions) return(-1); - ids = (unsigned int*)calloc(sizeof(unsigned int), num_patterns + 1); + ids = (unsigned int*)ndpi_calloc(sizeof(unsigned int), num_patterns + 1); if(!ids) { - free(expressions); + ndpi_free(expressions); return(-1); } - need_to_be_free = (unsigned char*)calloc(sizeof(unsigned char), num_patterns + 1); + need_to_be_free = (unsigned char*)ndpi_calloc(sizeof(unsigned char), num_patterns + 1); if(!need_to_be_free) { - free(expressions); - free(ids); + ndpi_free(expressions); + ndpi_free(ids); return(-1); } @@ -646,10 +640,12 @@ static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { for(i = 0; i < j; ++i) if(need_to_be_free[i]) - free(expressions[i]); - free(expressions), free(ids); + ndpi_free(expressions[i]); + + ndpi_free(expressions), ndpi_free(ids); + + ndpi_free(need_to_be_free); - free(need_to_be_free); return(rc); } @@ -659,71 +655,69 @@ static void free_hyperscan_memory(struct hs *h) { if(h) { hs_free_scratch(h->scratch); hs_free_database(h->database); - free(h); + ndpi_free(h); } } /* ******************************************************************** */ -static void destroy_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { - if(ndpi_mod->hyperscan) - free_hyperscan_memory((struct hs*)ndpi_mod->hyperscan); +static void destroy_hyperscan(struct ndpi_detection_module_struct *ndpi_str) { + if(ndpi_str->hyperscan) + free_hyperscan_memory((struct hs*)ndpi_str->hyperscan); } #endif /* ******************************************************************** */ -static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_mod) { +static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_str) { int i; #ifdef HAVE_HYPERSCAN // TODO check return value - init_hyperscan(ndpi_mod); + init_hyperscan(ndpi_str); #endif for(i=0; host_match[i].string_to_match != NULL; i++) - ndpi_init_protocol_match(ndpi_mod, &host_match[i]); + ndpi_init_protocol_match(ndpi_str, &host_match[i]); + + ndpi_enable_loaded_categories(ndpi_str); #ifdef MATCH_DEBUG - // ac_automata_display(ndpi_mod->host_automa.ac_automa, 'n'); + // ac_automata_display(ndpi_str->host_automa.ac_automa, 'n'); #endif for(i=0; ndpi_en_bigrams[i] != NULL; i++) - ndpi_string_to_automa(ndpi_mod, &ndpi_mod->bigrams_automa, + ndpi_string_to_automa(ndpi_str, &ndpi_str->bigrams_automa, (char*)ndpi_en_bigrams[i], 1, 1, 1); for(i=0; ndpi_en_impossible_bigrams[i] != NULL; i++) - ndpi_string_to_automa(ndpi_mod, &ndpi_mod->impossible_bigrams_automa, + ndpi_string_to_automa(ndpi_str, &ndpi_str->impossible_bigrams_automa, (char*)ndpi_en_impossible_bigrams[i], 1, 1, 1); } /* ******************************************************************** */ -int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_mod, +int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_str, ndpi_detection_preference pref, int value) { switch(pref) { case ndpi_pref_http_dont_dissect_response: - ndpi_mod->http_dont_dissect_response = (u_int8_t)value; + ndpi_str->http_dont_dissect_response = (u_int8_t)value; break; case ndpi_pref_dns_dont_dissect_response: - ndpi_mod->dns_dont_dissect_response = (u_int8_t)value; + ndpi_str->dns_dont_dissect_response = (u_int8_t)value; break; case ndpi_pref_direction_detect_disable: - ndpi_mod->direction_detect_disable = (u_int8_t)value; + ndpi_str->direction_detect_disable = (u_int8_t)value; break; case ndpi_pref_disable_metadata_export: - ndpi_mod->disable_metadata_export = (u_int8_t)value; - break; - - case ndpi_pref_enable_category_substring_match: - ndpi_mod->enable_category_substring_match = (u_int8_t)value; + ndpi_str->disable_metadata_export = (u_int8_t)value; break; default: @@ -735,17 +729,17 @@ int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_mod /* ******************************************************************** */ -static void ndpi_validate_protocol_initialization(struct ndpi_detection_module_struct *ndpi_mod) { +static void ndpi_validate_protocol_initialization(struct ndpi_detection_module_struct *ndpi_str) { int i; - for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { - if(ndpi_mod->proto_defaults[i].protoName == NULL) { - NDPI_LOG_ERR(ndpi_mod, "[NDPI] INTERNAL ERROR missing protoName initialization for [protoId=%d]: recovering\n", i); + for(i=0; i<(int)ndpi_str->ndpi_num_supported_protocols; i++) { + if(ndpi_str->proto_defaults[i].protoName == NULL) { + NDPI_LOG_ERR(ndpi_str, "[NDPI] INTERNAL ERROR missing protoName initialization for [protoId=%d]: recovering\n", i); } else { if((i != NDPI_PROTOCOL_UNKNOWN) - && (ndpi_mod->proto_defaults[i].protoCategory == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) { - NDPI_LOG_ERR(ndpi_mod, "[NDPI] INTERNAL ERROR missing category [protoId=%d/%s] initialization: recovering\n", - i, ndpi_mod->proto_defaults[i].protoName ? ndpi_mod->proto_defaults[i].protoName : "???"); + && (ndpi_str->proto_defaults[i].protoCategory == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) { + NDPI_LOG_ERR(ndpi_str, "[NDPI] INTERNAL ERROR missing category [protoId=%d/%s] initialization: recovering\n", + i, ndpi_str->proto_defaults[i].protoName ? ndpi_str->proto_defaults[i].protoName : "???"); } } } @@ -758,1014 +752,1015 @@ static void ndpi_validate_protocol_initialization(struct ndpi_detection_module_s Do NOT add web services (NDPI_SERVICE_xxx) here. */ -static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_mod) { +static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_str) { ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }, custom_master[2]; /* Reset all settings */ - memset(ndpi_mod->proto_defaults, 0, sizeof(ndpi_mod->proto_defaults)); + memset(ndpi_str->proto_defaults, 0, sizeof(ndpi_str->proto_defaults)); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_UNKNOWN, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_UNKNOWN, 0 /* can_have_a_subprotocol */, no_master, no_master, "Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, 0 /* can_have_a_subprotocol */, no_master, no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_DATA, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_DATA, 0 /* can_have_a_subprotocol */, no_master, no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, 0 /* can_have_a_subprotocol */, no_master, no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_POPS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_POPS, 0 /* can_have_a_subprotocol */, no_master, no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_SMTP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_SMTP, 0 /* can_have_a_subprotocol */, no_master, no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 25, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_SMTPS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_SMTPS, 0 /* can_have_a_subprotocol */, no_master, no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 465, 587, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, 0 /* can_have_a_subprotocol */, no_master, no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_IMAPS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_IMAPS, 0 /* can_have_a_subprotocol */, no_master, no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 993, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS, 1 /* can_have_a_subprotocol */, no_master, no_master, "DNS", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 53, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 53, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IPP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IPP, 0 /* can_have_a_subprotocol */, no_master, no_master, "IPP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IMO, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IMO, 0 /* can_have_a_subprotocol */, no_master, no_master, "IMO", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP, 1 /* can_have_a_subprotocol */, no_master, no_master, "HTTP", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 80, 0 /* ntop */, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MDNS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MDNS, 1 /* can_have_a_subprotocol */, no_master, no_master, "MDNS", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5353, 5354, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NTP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NTP, 0 /* can_have_a_subprotocol */, no_master, no_master, "NTP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 123, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETBIOS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETBIOS, 0 /* can_have_a_subprotocol */, no_master, no_master, "NetBIOS", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 139, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 137, 138, 139, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NFS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NFS, 0 /* can_have_a_subprotocol */, no_master, no_master, "NFS", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 2049, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 2049, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSDP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSDP, 0 /* can_have_a_subprotocol */, no_master, no_master, "SSDP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP, 0 /* can_have_a_subprotocol */, no_master, no_master, "BGP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 179, 2605, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, 0 /* can_have_a_subprotocol */, no_master, no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 161, 162, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XDMCP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XDMCP, 0 /* can_have_a_subprotocol */, no_master, no_master, "XDMCP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 177, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_DANGEROUS, NDPI_PROTOCOL_SMBV1, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_DANGEROUS, NDPI_PROTOCOL_SMBV1, 0 /* can_have_a_subprotocol */, no_master, no_master, "SMBv1", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG, 0 /* can_have_a_subprotocol */, no_master, no_master, "Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 514, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 514, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP, 0 /* can_have_a_subprotocol */, no_master, no_master, "DHCP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 67, 68, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_POSTGRES, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_POSTGRES, 0 /* can_have_a_subprotocol */, no_master, no_master, "PostgreSQL", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 5432, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MYSQL, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MYSQL, 0 /* can_have_a_subprotocol */, no_master, no_master, "MySQL", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 3306, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, 0 /* can_have_a_subprotocol */, no_master, no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE, 0 /* can_have_a_subprotocol */, no_master, no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT, 0 /* can_have_a_subprotocol */, no_master, no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_NTOP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_NTOP, 0 /* can_have_a_subprotocol */, no_master, no_master, "ntop", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VMWARE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VMWARE, 0 /* can_have_a_subprotocol */, no_master, no_master, "VMware", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 903, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FBZERO, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FBZERO, 0 /* can_have_a_subprotocol */, no_master, no_master, "FacebookZero", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, ndpi_build_default_ports(ports_a, 443, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_KONTIKI, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_KONTIKI, 0 /* can_have_a_subprotocol */, no_master, no_master, "Kontiki", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT, 0 /* can_have_a_subprotocol */, no_master, no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK, 0 /* can_have_a_subprotocol */, no_master, no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA, 0 /* can_have_a_subprotocol */, no_master, no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_EDONKEY, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_EDONKEY, 0 /* can_have_a_subprotocol */, no_master, no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_BITTORRENT, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_BITTORRENT, 0 /* can_have_a_subprotocol */, no_master, no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE, 0 /* can_have_a_subprotocol */, no_master, no_master, "Skype", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE_CALL, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE_CALL, 0 /* can_have_a_subprotocol */, no_master, no_master, "SkypeCall", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TIKTOK, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TIKTOK, 0 /* can_have_a_subprotocol */, no_master, no_master, "TikTok", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO, 0 /* can_have_a_subprotocol */, no_master, no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 3544, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WECHAT, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WECHAT, 0 /* can_have_a_subprotocol */, no_master, /* wechat.com */ no_master, "WeChat", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEMCACHED, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEMCACHED, 0 /* can_have_a_subprotocol */, no_master, no_master, "Memcached", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 11211, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 11211, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMBV23, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMBV23, 0 /* can_have_a_subprotocol */, no_master, no_master, "SMBv23", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MINING, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MINING, 0 /* can_have_a_subprotocol */, no_master, no_master, "Mining", CUSTOM_CATEGORY_MINING, ndpi_build_default_ports(ports_a, 8333, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NEST_LOG_SINK, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NEST_LOG_SINK, 0 /* can_have_a_subprotocol */, no_master, no_master, "NestLogSink", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 11095, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MODBUS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MODBUS, 1 /* no subprotocol */, no_master, no_master, "Modbus", NDPI_PROTOCOL_CATEGORY_NETWORK, /* Perhaps IoT in the future */ ndpi_build_default_ports(ports_a, 502, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_CALL, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_CALL, 0 /* can_have_a_subprotocol */, no_master, no_master, "WhatsAppCall", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DATASAVER, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DATASAVER, 0 /* can_have_a_subprotocol */, no_master, no_master, "DataSaver", NDPI_PROTOCOL_CATEGORY_WEB /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SIGNAL, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SIGNAL, 0 /* can_have_a_subprotocol */, no_master, /* https://signal.org */ no_master, "Signal", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DNS_OVER_HTTPS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DNS_OVER_HTTPS, 0 /* can_have_a_subprotocol */, no_master, no_master, "DNSoverHTTPS", NDPI_PROTOCOL_CATEGORY_NETWORK /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_LINE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_LINE, 0 /* can_have_a_subprotocol */, no_master, no_master, "Line", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WIREGUARD, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WIREGUARD, 0 /* can_have_a_subprotocol */, no_master, no_master, "WireGuard", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 51820, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPSTREAM, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPSTREAM, 0 /* can_have_a_subprotocol */, no_master, no_master, "PPStream", NDPI_PROTOCOL_CATEGORY_VIDEO, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_XBOX, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_XBOX, 0 /* can_have_a_subprotocol */, no_master, no_master, "Xbox", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 3074, 3076, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 3074, 3076, 500, 3544, 4500) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PLAYSTATION, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PLAYSTATION, 0 /* can_have_a_subprotocol */, no_master, no_master, "Playstation", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 1935, 3478, 3479, 3480, 0) /* TCP */, ndpi_build_default_ports(ports_b, 3478, 3479, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQ, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQ, 0 /* can_have_a_subprotocol */, no_master, no_master, "QQ", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_RTSP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_RTSP, 0 /* can_have_a_subprotocol */, no_master, no_master, "RTSP", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 554, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 554, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ICECAST, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ICECAST, 0 /* can_have_a_subprotocol */, no_master, no_master, "IceCast", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPLIVE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPLIVE, 0 /* can_have_a_subprotocol */, no_master, no_master, "PPLive", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPSTREAM, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPSTREAM, 0 /* can_have_a_subprotocol */, no_master, no_master, "PPStream", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ZATTOO, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ZATTOO, 0 /* can_have_a_subprotocol */, no_master, no_master, "Zattoo", NDPI_PROTOCOL_CATEGORY_VIDEO, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SHOUTCAST, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SHOUTCAST, 0 /* can_have_a_subprotocol */, no_master, no_master, "ShoutCast", NDPI_PROTOCOL_CATEGORY_MUSIC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOPCAST, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOPCAST, 0 /* can_have_a_subprotocol */, no_master, no_master, "Sopcast", NDPI_PROTOCOL_CATEGORY_VIDEO, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVANTS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVANTS, 0 /* can_have_a_subprotocol */, no_master, no_master, "Tvants", NDPI_PROTOCOL_CATEGORY_VIDEO, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVUPLAYER, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVUPLAYER, 0 /* can_have_a_subprotocol */, no_master, no_master, "TVUplayer", NDPI_PROTOCOL_CATEGORY_VIDEO, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_DOWNLOAD, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_DOWNLOAD, 1 /* can_have_a_subprotocol */, no_master, no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, 0 /* can_have_a_subprotocol */, no_master, no_master, "QQLive", NDPI_PROTOCOL_CATEGORY_VIDEO, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER, 0 /* can_have_a_subprotocol */, no_master, no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOULSEEK, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOULSEEK, 0 /* can_have_a_subprotocol */, no_master, no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PS_VUE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PS_VUE, 0 /* can_have_a_subprotocol */, no_master, no_master, "PS_VUE", NDPI_PROTOCOL_CATEGORY_VIDEO, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_IRC, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_IRC, 0 /* can_have_a_subprotocol */, no_master, no_master, "IRC", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 194, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 194, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AYIYA, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AYIYA, 0 /* can_have_a_subprotocol */, no_master, no_master, "Ayiya", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5072, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPTED_JABBER, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPTED_JABBER, 0 /* can_have_a_subprotocol */, no_master, no_master, "Unencrypted_Jabber", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OSCAR, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OSCAR, 0 /* can_have_a_subprotocol */, no_master, no_master, "Oscar", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_BATTLEFIELD, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_BATTLEFIELD, 0 /* can_have_a_subprotocol */, no_master, no_master, "BattleField", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_VRRP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_VRRP, 0 /* can_have_a_subprotocol */, no_master, no_master, "VRRP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STEAM, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STEAM, 0 /* can_have_a_subprotocol */, no_master, no_master, "Steam", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HALFLIFE2, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HALFLIFE2, 0 /* can_have_a_subprotocol */, no_master, no_master, "HalfLife2", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLDOFWARCRAFT, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLDOFWARCRAFT, 0 /* can_have_a_subprotocol */, no_master, no_master, "WorldOfWarcraft", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_HOTSPOT_SHIELD, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_HOTSPOT_SHIELD, 0 /* can_have_a_subprotocol */, no_master, no_master, "HotspotShield", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_TELNET, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_TELNET, 0 /* can_have_a_subprotocol */, no_master, no_master, "Telnet", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 23, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323; - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN, 0 /* can_have_a_subprotocol */, no_master, custom_master, "STUN", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 3478, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_IP_IPSEC, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_IP_IPSEC, 0 /* can_have_a_subprotocol */, no_master, no_master, "IPsec", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 500, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 500, 4500, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_GRE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_GRE, 0 /* can_have_a_subprotocol */, no_master, no_master, "GRE", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMP, 0 /* can_have_a_subprotocol */, no_master, no_master, "ICMP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IGMP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IGMP, 0 /* can_have_a_subprotocol */, no_master, no_master, "IGMP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_EGP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_EGP, 0 /* can_have_a_subprotocol */, no_master, no_master, "EGP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_SCTP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_SCTP, 0 /* can_have_a_subprotocol */, no_master, no_master, "SCTP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_OSPF, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_OSPF, 0 /* can_have_a_subprotocol */, no_master, no_master, "OSPF", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 2604, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IP_IN_IP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IP_IN_IP, 0 /* can_have_a_subprotocol */, no_master, no_master, "IP_in_IP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTP, 0 /* can_have_a_subprotocol */, no_master, no_master, "RTP", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RDP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RDP, 0 /* can_have_a_subprotocol */, no_master, no_master, "RDP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 3389, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VNC, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VNC, 0 /* can_have_a_subprotocol */, no_master, no_master, "VNC", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 5900, 5901, 5800, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PCANYWHERE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PCANYWHERE, 0 /* can_have_a_subprotocol */, no_master, no_master, "PcAnywhere", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZOOM, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZOOM, 0 /* can_have_a_subprotocol */, no_master, no_master, "Zoom", NDPI_PROTOCOL_CATEGORY_VIDEO, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_FILES, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_FILES, 0 /* can_have_a_subprotocol */, no_master, no_master, "WhatsAppFiles", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP, 0 /* can_have_a_subprotocol */, no_master, no_master, "WhatsApp", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_TLS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_TLS, 1 /* can_have_a_subprotocol */, no_master, no_master, "TLS", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 443, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSH, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSH, 0 /* can_have_a_subprotocol */, no_master, no_master, "SSH", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 22, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_USENET, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_USENET, 0 /* can_have_a_subprotocol */, no_master, no_master, "Usenet", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MGCP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MGCP, 0 /* can_have_a_subprotocol */, no_master, no_master, "MGCP", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IAX, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IAX, 0 /* can_have_a_subprotocol */, no_master, no_master, "IAX", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 4569, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP, 0 /* can_have_a_subprotocol */, no_master, no_master, "AFP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CATEGORY_CUSTOM_1, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FREE_137, 0 /* can_have_a_subprotocol */, no_master, - no_master, NDPI_CONST_GENERIC_PROTOCOL_NAME, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + no_master, "Free137", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CHECKMK, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CHECKMK, 0 /* can_have_a_subprotocol */, no_master, no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 6556, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, 0 /* can_have_a_subprotocol */, no_master, no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI, 0 /* can_have_a_subprotocol */, no_master, no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP, 0 /* can_have_a_subprotocol */, no_master, no_master, "SIP", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 5060, 5061, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5060, 5061, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE, 0 /* can_have_a_subprotocol */, no_master, no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMPV6, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMPV6, 0 /* can_have_a_subprotocol */, no_master, no_master, "ICMPV6", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCPV6, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCPV6, 0 /* can_have_a_subprotocol */, no_master, no_master, "DHCPV6", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ARMAGETRON, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ARMAGETRON, 0 /* can_have_a_subprotocol */, no_master, no_master, "Armagetron", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CROSSFIRE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CROSSFIRE, 0 /* can_have_a_subprotocol */, no_master, no_master, "Crossfire", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOFUS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOFUS, 0 /* can_have_a_subprotocol */, no_master, no_master, "Dofus", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FIESTA, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FIESTA, 0 /* can_have_a_subprotocol */, no_master, no_master, "Fiesta", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FLORENSIA, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FLORENSIA, 0 /* can_have_a_subprotocol */, no_master, no_master, "Florensia", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS, 0 /* can_have_a_subprotocol */, no_master, no_master, "Guildwars", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_ACTIVESYNC, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_ACTIVESYNC, 1 /* can_have_a_subprotocol */, no_master, no_master, "HTTP_ActiveSync", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KERBEROS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KERBEROS, 0 /* can_have_a_subprotocol */, no_master, no_master, "Kerberos", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 88, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 88, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LDAP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LDAP, 0 /* can_have_a_subprotocol */, no_master, no_master, "LDAP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 389, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 389, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MAPLESTORY, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MAPLESTORY, 0 /* can_have_a_subprotocol */, no_master, no_master, "MapleStory", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MSSQL_TDS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MSSQL_TDS, 0 /* can_have_a_subprotocol */, no_master, no_master, "MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, 0 /* can_have_a_subprotocol */, no_master, no_master, "PPTP", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WARCRAFT3, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WARCRAFT3, 0 /* can_have_a_subprotocol */, no_master, no_master, "Warcraft3", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLD_OF_KUNG_FU, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLD_OF_KUNG_FU, 0 /* can_have_a_subprotocol */, no_master, no_master, "WorldOfKungFu", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DCERPC, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DCERPC, 0 /* can_have_a_subprotocol */, no_master, no_master, "DCE_RPC", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 135, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW, 0 /* can_have_a_subprotocol */, no_master, no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 2055, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SFLOW, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SFLOW, 0 /* can_have_a_subprotocol */, no_master, no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6343, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_CONNECT, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_CONNECT, 1 /* can_have_a_subprotocol */, no_master, no_master, "HTTP_Connect", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_PROXY, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_PROXY, 1 /* can_have_a_subprotocol */, no_master, no_master, "HTTP_Proxy", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 8080, 3128, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX, 0 /* can_have_a_subprotocol */, no_master, no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WEBEX, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WEBEX, 0 /* can_have_a_subprotocol */, no_master, no_master, "Webex", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS, 0 /* can_have_a_subprotocol */, no_master, no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1812, 1813, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1812, 1813, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER, 0 /* can_have_a_subprotocol */, no_master, no_master, "TeamViewer", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 5938, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5938, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LOTUS_NOTES, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LOTUS_NOTES, 0 /* can_have_a_subprotocol */, no_master, no_master, "LotusNotes", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, ndpi_build_default_ports(ports_a, 1352, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SAP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SAP, 0 /* can_have_a_subprotocol */, no_master, no_master, "SAP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 3201, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP, 0 /* can_have_a_subprotocol */, no_master, no_master, "GTP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 2152, 2123, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UPNP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UPNP, 0 /* can_have_a_subprotocol */, no_master, no_master, "UPnP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1780, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1900, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TELEGRAM, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TELEGRAM, 0 /* can_have_a_subprotocol */, no_master, no_master, "Telegram", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_QUIC, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_QUIC, 1 /* can_have_a_subprotocol */, no_master, no_master, "QUIC", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DIAMETER, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DIAMETER, 0 /* can_have_a_subprotocol */, no_master, no_master, "Diameter", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 3868, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_APPLE_PUSH, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_APPLE_PUSH, 0 /* can_have_a_subprotocol */, no_master, no_master, "ApplePush", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 1, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX, 0 /* can_have_a_subprotocol */, no_master, no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SPOTIFY, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SPOTIFY, 0 /* can_have_a_subprotocol */, no_master, no_master, "Spotify", NDPI_PROTOCOL_CATEGORY_MUSIC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MESSENGER, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MESSENGER, 0 /* can_have_a_subprotocol */, no_master, no_master, "Messenger", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LISP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LISP, 0 /* can_have_a_subprotocol */, no_master, no_master, "LISP", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 4342, 4341, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ, 0 /* can_have_a_subprotocol */, no_master, no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6000, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KAKAOTALK_VOICE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KAKAOTALK_VOICE, 0 /* can_have_a_subprotocol */, no_master, no_master, "KakaoTalk_Voice", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MPEGTS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MPEGTS, 0 /* can_have_a_subprotocol */, no_master, no_master, "MPEG_TS", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LLMNR, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LLMNR, 0 /* can_have_a_subprotocol */, no_master, no_master, "LLMNR", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 5355, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5355, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_REMOTE_SCAN, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_REMOTE_SCAN, 0 /* can_have_a_subprotocol */, no_master, no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 6077, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6078, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_H323, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_H323, 0 /* can_have_a_subprotocol */, no_master, no_master,"H323", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 1719, 1720, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1719, 1720, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OPENVPN, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OPENVPN, 0 /* can_have_a_subprotocol */, no_master, no_master, "OpenVPN", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 1194, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1194, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NOE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NOE, 0 /* can_have_a_subprotocol */, no_master, no_master, "NOE", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CISCOVPN, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CISCOVPN, 0 /* can_have_a_subprotocol */, no_master, no_master, "CiscoVPN", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 10000, 8008, 8009, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMSPEAK, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMSPEAK, 0 /* can_have_a_subprotocol */, no_master, no_master, "TeamSpeak", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKINNY, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKINNY, 0 /* can_have_a_subprotocol */, no_master, no_master, "CiscoSkinny", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 2000, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTCP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTCP, 0 /* can_have_a_subprotocol */, no_master, no_master, "RTCP", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RSYNC, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RSYNC, 0 /* can_have_a_subprotocol */, no_master, no_master, "RSYNC", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 873, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ORACLE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ORACLE, 0 /* can_have_a_subprotocol */, no_master, no_master, "Oracle", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 1521, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CORBA, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CORBA, 0 /* can_have_a_subprotocol */, no_master, no_master, "Corba", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UBUNTUONE, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UBUNTUONE, 0 /* can_have_a_subprotocol */, no_master, no_master, "UbuntuONE", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHOIS_DAS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHOIS_DAS, 0 /* can_have_a_subprotocol */, no_master, no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 43, 4343, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD, 0 /* can_have_a_subprotocol */, no_master, no_master, "Collectd", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS, 0 /* can_have_a_subprotocol */, no_master, no_master, "SOCKS", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 1080, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 1080, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP, 0 /* can_have_a_subprotocol */, no_master, no_master, "TFTP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 69, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP, 0 /* can_have_a_subprotocol */, no_master, no_master, "RTMP", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 1935, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PANDO, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PANDO, 0 /* can_have_a_subprotocol */, no_master, no_master, "Pando_Media_Booster", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEGACO, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEGACO, 0 /* can_have_a_subprotocol */, no_master, no_master, "Megaco", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 2944 , 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_REDIS, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_REDIS, 0 /* can_have_a_subprotocol */, no_master, no_master, "Redis", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 6379, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZMQ, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZMQ, 0 /* can_have_a_subprotocol */, no_master, no_master, "ZeroMQ", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0) ); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VHUA, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VHUA, 0 /* can_have_a_subprotocol */, no_master, no_master, "VHUA", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 58267, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STARCRAFT, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STARCRAFT, 0 /* can_have_a_subprotocol */, no_master, no_master, "Starcraft", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 1119, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2, 0 /* can_have_a_subprotocol */, no_master, no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER, 0 /* can_have_a_subprotocol */, no_master, no_master, "Viber", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 7985, 5242, 5243, 4244, 0), /* TCP */ ndpi_build_default_ports(ports_b, 7985, 7987, 5242, 5243, 4244)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_COAP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_COAP, 0 /* can_have_a_subprotocol */, no_master, no_master, "COAP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 5683, 5684, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MQTT, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MQTT, 0 /* can_have_a_subprotocol */, no_master, no_master, "MQTT", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP, 0 /* can_have_a_subprotocol */, no_master, no_master, "SOMEIP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 30491, 30501, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 30491, 30501, 30490, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, 0 /* can_have_a_subprotocol */, no_master, no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_GIT, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_GIT, 0 /* can_have_a_subprotocol */, no_master, no_master, "Git", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, ndpi_build_default_ports(ports_a, 9418, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DRDA, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DRDA, 0 /* can_have_a_subprotocol */, no_master, no_master, "DRDA", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT_DUO, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT_DUO, 0 /* can_have_a_subprotocol */, no_master, no_master, "GoogleHangoutDuo", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP, 0 /* can_have_a_subprotocol */, no_master, no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, 0 /* can_have_a_subprotocol */, no_master, no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA, 0 /* can_have_a_subprotocol */, no_master, no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMQP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMQP, 0 /* can_have_a_subprotocol */, no_master, no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DNSCRYPT, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DNSCRYPT, 0 /* can_have_a_subprotocol */, no_master, no_master, "DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TINC, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TINC, 0 /* can_have_a_subprotocol */, no_master, no_master, "TINC", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FIX, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FIX, 0 /* can_have_a_subprotocol */, no_master, no_master, "FIX", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_NINTENDO, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_NINTENDO, 0 /* can_have_a_subprotocol */, no_master, no_master, "Nintendo", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CSGO, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CSGO, 0 /* can_have_a_subprotocol */, no_master, no_master, "CSGO", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AJP, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AJP, 0 /* can_have_a_subprotocol */, no_master, no_master, "AJP", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 8009, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TARGUS_GETDATA, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TARGUS_GETDATA, 0 /* can_have_a_subprotocol */, no_master, no_master, "Targus Dataspeed", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 5001, 5201, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5001, 5201, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMAZON_VIDEO, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMAZON_VIDEO, 0 /* can_have_a_subprotocol */, no_master, no_master, "AmazonVideo", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNP3, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNP3, 1 /* no subprotocol */, no_master, - no_master, "DNP3", NDPI_PROTOCOL_CATEGORY_NETWORK, + no_master, "DNP3", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 20000, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_104, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_104, 1 /* no subprotocol */, no_master, no_master, "104", NDPI_PROTOCOL_CATEGORY_NETWORK, /* Perhaps IoT in the future */ ndpi_build_default_ports(ports_a, 2404, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + /* calling function for host and content matched protocols */ - init_string_based_protocols(ndpi_mod); + init_string_based_protocols(ndpi_str); - ndpi_validate_protocol_initialization(ndpi_mod); + ndpi_validate_protocol_initialization(ndpi_str); } /* ****************************************************** */ @@ -1834,7 +1829,7 @@ static int ac_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, AC_REP_t *match) { #ifdef MATCH_DEBUG printf("NO match found: continue\n"); #endif - return 0; /* 0 to continue searching, !0 to stop */ + return(0); /* 0 to continue searching, !0 to stop */ } } @@ -1850,21 +1845,21 @@ static int fill_prefix_v4(prefix_t *p, struct in_addr *a, int b, int mb) { p->family = AF_INET; p->bitlen = b; p->ref_count = 0; - } while (0); + } while(0); return(0); } /* ******************************************* */ -u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, +u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_str, struct in_addr *pin /* network byte order */) { prefix_t prefix; patricia_node_t *node; /* Make sure all in network byte order otherwise compares wont work */ - fill_prefix_v4(&prefix, pin, 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits); - node = ndpi_patricia_search_best(ndpi_struct->protocols_ptree, &prefix); + fill_prefix_v4(&prefix, pin, 32, ((patricia_tree_t*)ndpi_str->protocols_ptree)->maxbits); + node = ndpi_patricia_search_best(ndpi_str->protocols_ptree, &prefix); return(node ? node->value.user_value : NDPI_PROTOCOL_UNKNOWN); } @@ -1872,14 +1867,14 @@ u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_str /* ******************************************* */ #if 0 -static u_int8_t tor_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin) { - return((ndpi_network_ptree_match(ndpi_struct, pin) == NDPI_PROTOCOL_TOR) ? 1 : 0); +static u_int8_t tor_ptree_match(struct ndpi_detection_module_struct *ndpi_str, struct in_addr *pin) { + return((ndpi_network_ptree_match(ndpi_str, pin) == NDPI_PROTOCOL_TOR) ? 1 : 0); } #endif /* ******************************************* */ -u_int8_t ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_struct, +u_int8_t ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -1926,7 +1921,7 @@ static void ndpi_init_ptree_ipv4(struct ndpi_detection_module_struct *ndpi_str, /* ******************************************* */ -static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, +static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndpi_str, char *value, int protocol_id) { patricia_node_t *node; @@ -1943,10 +1938,10 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp inet_pton(AF_INET, value, &pin); - if((node = add_to_ptree(ndpi_struct->protocols_ptree, AF_INET, &pin, bits)) != NULL) + if((node = add_to_ptree(ndpi_str->protocols_ptree, AF_INET, &pin, bits)) != NULL) node->value.user_value = protocol_id; - return 0; + return(0); } void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)) { _ndpi_malloc = __ndpi_malloc; } @@ -2107,8 +2102,9 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { #ifdef NDPI_ENABLE_DEBUG_MESSAGES NDPI_LOG_ERR(ndpi_str, "ndpi_init_detection_module initial malloc failed for ndpi_str\n"); #endif /* NDPI_ENABLE_DEBUG_MESSAGES */ - return NULL; + return(NULL); } + memset(ndpi_str, 0, sizeof(struct ndpi_detection_module_struct)); #ifdef NDPI_ENABLE_DEBUG_MESSAGES @@ -2166,8 +2162,6 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { ndpi_str->custom_categories.hostnames_shadow.ac_automa = ac_automata_init(ac_match_handler); #endif - ndpi_str->custom_categories.hostnames_hash = NULL; - ndpi_str->custom_categories.ipAddresses = ndpi_New_Patricia(32 /* IPv4 */); ndpi_str->custom_categories.ipAddresses_shadow = ndpi_New_Patricia(32 /* IPv4 */); @@ -2181,7 +2175,7 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { snprintf(ndpi_str->custom_category_labels[i], CUSTOM_CATEGORY_LABEL_LEN, "User custom category %u", (unsigned int)(i+1)); - return ndpi_str; + return(ndpi_str); } /* *********************************************** */ @@ -2234,7 +2228,7 @@ int ndpi_match_string(void *_automa, char *string_to_match) { and in this case return it */ if((rc == 0) && (match.number != 0)) rc = 1; - + return(rc ? match.number : 0); } @@ -2262,7 +2256,7 @@ int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id and in this case return it */ if((rc == 0) && (match.number != 0)) rc = 1; - + *id = rc ? match.number : NDPI_PROTOCOL_UNKNOWN; return(*id != NDPI_PROTOCOL_UNKNOWN ? 0 : -1); @@ -2282,38 +2276,25 @@ static int hyperscanCustomEventHandler(unsigned int id, printf("[HS] Found category %u\n", id); #endif - return HS_SCAN_TERMINATED; + return(HS_SCAN_TERMINATED); } #endif /* *********************************************** */ -int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_struct, +int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_str, char *name, unsigned long *id) { -#ifdef DEBUG - printf("[NDPI] %s(%s) [enable_category_substring_match: %u]\n", - __FUNCTION__, name, ndpi_struct->enable_category_substring_match); -#endif - - if(ndpi_struct->enable_category_substring_match == 0) { - if(ndpi_struct->custom_categories.hostnames_hash == NULL) - return(-1); - else { - *id = (unsigned long)ht_get((hashtable_t*)ndpi_struct->custom_categories.hostnames_hash, name); - return(0); - } - } else { #ifdef HAVE_HYPERSCAN - if(ndpi_struct->custom_categories.hostnames == NULL) + if(ndpi_str->custom_categories.hostnames == NULL) return(-1); else { hs_error_t rc; *id = (unsigned long)-1; - rc = hs_scan(ndpi_struct->custom_categories.hostnames->database, + rc = hs_scan(ndpi_str->custom_categories.hostnames->database, name, strlen(name), 0, - ndpi_struct->custom_categories.hostnames->scratch, + ndpi_str->custom_categories.hostnames->scratch, hyperscanCustomEventHandler, id); if(rc == HS_SCAN_TERMINATED) { @@ -2325,20 +2306,19 @@ int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_struct, return(-1); } #else - return(ndpi_match_string_id(ndpi_struct->custom_categories.hostnames.ac_automa, name, id)); + return(ndpi_match_string_id(ndpi_str->custom_categories.hostnames.ac_automa, name, id)); #endif - } } /* *********************************************** */ -int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_struct, +int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_str, char *name_or_ip, unsigned long *id) { char ipbuf[64], *ptr; struct in_addr pin; - if(!ndpi_struct->custom_categories.categories_loaded) - return -1; + if(!ndpi_str->custom_categories.categories_loaded) + return(-1); snprintf(ipbuf, sizeof(ipbuf)-1, "%s", name_or_ip); ptr = strrchr(ipbuf, '/'); @@ -2352,18 +2332,18 @@ int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_str patricia_node_t *node; /* Make sure all in network byte order otherwise compares wont work */ - fill_prefix_v4(&prefix, &pin, 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits); - node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix); + fill_prefix_v4(&prefix, &pin, 32, ((patricia_tree_t*)ndpi_str->protocols_ptree)->maxbits); + node = ndpi_patricia_search_best(ndpi_str->custom_categories.ipAddresses, &prefix); if(node) { *id = node->value.user_value; - return 0; + return(0); } return(-1); } else /* Search Host */ - return ndpi_match_custom_category(ndpi_struct, name_or_ip, id); + return(ndpi_match_custom_category(ndpi_str, name_or_ip, id)); } /* *********************************************** */ @@ -2372,99 +2352,96 @@ static void free_ptree_data(void *data) { ; } /* ****************************************************** */ -void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct) { - if(ndpi_struct != NULL) { +void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) { + if(ndpi_str != NULL) { int i; - for(i=0; i<(int)ndpi_struct->ndpi_num_supported_protocols; i++) { - if(ndpi_struct->proto_defaults[i].protoName) - ndpi_free(ndpi_struct->proto_defaults[i].protoName); + for(i=0; i<(int)ndpi_str->ndpi_num_supported_protocols; i++) { + if(ndpi_str->proto_defaults[i].protoName) + ndpi_free(ndpi_str->proto_defaults[i].protoName); } /* NDPI_PROTOCOL_TINC */ - if(ndpi_struct->tinc_cache) - cache_free((cache_t)(ndpi_struct->tinc_cache)); + if(ndpi_str->tinc_cache) + cache_free((cache_t)(ndpi_str->tinc_cache)); - if(ndpi_struct->ookla_cache) - ndpi_lru_free_cache(ndpi_struct->ookla_cache); + if(ndpi_str->ookla_cache) + ndpi_lru_free_cache(ndpi_str->ookla_cache); - if(ndpi_struct->stun_cache) - ndpi_lru_free_cache(ndpi_struct->stun_cache); + if(ndpi_str->stun_cache) + ndpi_lru_free_cache(ndpi_str->stun_cache); - if(ndpi_struct->protocols_ptree) - ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, free_ptree_data); + if(ndpi_str->protocols_ptree) + ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_str->protocols_ptree, free_ptree_data); - if(ndpi_struct->udpRoot != NULL) - ndpi_tdestroy(ndpi_struct->udpRoot, ndpi_free); - if(ndpi_struct->tcpRoot != NULL) - ndpi_tdestroy(ndpi_struct->tcpRoot, ndpi_free); + if(ndpi_str->udpRoot != NULL) + ndpi_tdestroy(ndpi_str->udpRoot, ndpi_free); + if(ndpi_str->tcpRoot != NULL) + ndpi_tdestroy(ndpi_str->tcpRoot, ndpi_free); - if(ndpi_struct->host_automa.ac_automa != NULL) - ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->host_automa.ac_automa); + if(ndpi_str->host_automa.ac_automa != NULL) + ac_automata_release((AC_AUTOMATA_t*)ndpi_str->host_automa.ac_automa); - if(ndpi_struct->content_automa.ac_automa != NULL) - ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->content_automa.ac_automa); + if(ndpi_str->content_automa.ac_automa != NULL) + ac_automata_release((AC_AUTOMATA_t*)ndpi_str->content_automa.ac_automa); - if(ndpi_struct->bigrams_automa.ac_automa != NULL) - ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->bigrams_automa.ac_automa); + if(ndpi_str->bigrams_automa.ac_automa != NULL) + ac_automata_release((AC_AUTOMATA_t*)ndpi_str->bigrams_automa.ac_automa); - if(ndpi_struct->impossible_bigrams_automa.ac_automa != NULL) - ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->impossible_bigrams_automa.ac_automa); + if(ndpi_str->impossible_bigrams_automa.ac_automa != NULL) + ac_automata_release((AC_AUTOMATA_t*)ndpi_str->impossible_bigrams_automa.ac_automa); #ifdef HAVE_HYPERSCAN - destroy_hyperscan(ndpi_struct); + destroy_hyperscan(ndpi_str); - while(ndpi_struct->custom_categories.to_load != NULL) { - struct hs_list *next = ndpi_struct->custom_categories.to_load->next; + while(ndpi_str->custom_categories.to_load != NULL) { + struct hs_list *next = ndpi_str->custom_categories.to_load->next; - free(ndpi_struct->custom_categories.to_load->expression); - free(ndpi_struct->custom_categories.to_load); - ndpi_struct->custom_categories.to_load = next; + ndpi_free(ndpi_str->custom_categories.to_load->expression); + ndpi_free(ndpi_str->custom_categories.to_load); + ndpi_str->custom_categories.to_load = next; } - free_hyperscan_memory(ndpi_struct->custom_categories.hostnames); + free_hyperscan_memory(ndpi_str->custom_categories.hostnames); #else - if(ndpi_struct->custom_categories.hostnames.ac_automa != NULL) - ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->custom_categories.hostnames.ac_automa); + if(ndpi_str->custom_categories.hostnames.ac_automa != NULL) + ac_automata_release((AC_AUTOMATA_t*)ndpi_str->custom_categories.hostnames.ac_automa); - if(ndpi_struct->custom_categories.hostnames_shadow.ac_automa != NULL) - ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->custom_categories.hostnames_shadow.ac_automa); + if(ndpi_str->custom_categories.hostnames_shadow.ac_automa != NULL) + ac_automata_release((AC_AUTOMATA_t*)ndpi_str->custom_categories.hostnames_shadow.ac_automa); #endif - if(ndpi_struct->custom_categories.ipAddresses != NULL) - ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->custom_categories.ipAddresses, free_ptree_data); - - if(ndpi_struct->custom_categories.ipAddresses_shadow != NULL) - ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->custom_categories.ipAddresses_shadow, free_ptree_data); + if(ndpi_str->custom_categories.ipAddresses != NULL) + ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_str->custom_categories.ipAddresses, free_ptree_data); - if(ndpi_struct->custom_categories.hostnames_hash) - ht_free((hashtable_t*)ndpi_struct->custom_categories.hostnames_hash); + if(ndpi_str->custom_categories.ipAddresses_shadow != NULL) + ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_str->custom_categories.ipAddresses_shadow, free_ptree_data); - ndpi_free(ndpi_struct); + ndpi_free(ndpi_str); } } /* ****************************************************** */ -int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, +int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_str, u_int16_t protocol_id, u_int16_t** tcp_master_proto, u_int16_t** udp_master_proto) { if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) { - *tcp_master_proto = ndpi_struct->proto_defaults[NDPI_PROTOCOL_UNKNOWN].master_tcp_protoId, - *udp_master_proto = ndpi_struct->proto_defaults[NDPI_PROTOCOL_UNKNOWN].master_udp_protoId; + *tcp_master_proto = ndpi_str->proto_defaults[NDPI_PROTOCOL_UNKNOWN].master_tcp_protoId, + *udp_master_proto = ndpi_str->proto_defaults[NDPI_PROTOCOL_UNKNOWN].master_udp_protoId; return(-1); } - *tcp_master_proto = ndpi_struct->proto_defaults[protocol_id].master_tcp_protoId, - *udp_master_proto = ndpi_struct->proto_defaults[protocol_id].master_udp_protoId; + *tcp_master_proto = ndpi_str->proto_defaults[protocol_id].master_tcp_protoId, + *udp_master_proto = ndpi_str->proto_defaults[protocol_id].master_udp_protoId; return(0); } /* ****************************************************** */ -static ndpi_default_ports_tree_node_t* ndpi_get_guessed_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, +static ndpi_default_ports_tree_node_t* ndpi_get_guessed_protocol_id(struct ndpi_detection_module_struct *ndpi_str, u_int8_t proto, u_int16_t sport, u_int16_t dport) { const void *ret; ndpi_default_ports_tree_node_t node; @@ -2475,13 +2452,13 @@ static ndpi_default_ports_tree_node_t* ndpi_get_guessed_protocol_id(struct ndpi_ node.default_port = low; /* Check server port first */ ret = ndpi_tfind(&node, - (proto == IPPROTO_TCP) ? (void*)&ndpi_struct->tcpRoot : (void*)&ndpi_struct->udpRoot, + (proto == IPPROTO_TCP) ? (void*)&ndpi_str->tcpRoot : (void*)&ndpi_str->udpRoot, ndpi_default_ports_tree_node_t_cmp); if(ret == NULL) { node.default_port = high; ret = ndpi_tfind(&node, - (proto == IPPROTO_TCP) ? (void*)&ndpi_struct->tcpRoot : (void*)&ndpi_struct->udpRoot, + (proto == IPPROTO_TCP) ? (void*)&ndpi_str->tcpRoot : (void*)&ndpi_str->udpRoot, ndpi_default_ports_tree_node_t_cmp); } @@ -2512,14 +2489,14 @@ u_int8_t is_udp_guessable_protocol(u_int16_t l7_guessed_proto) { /* ****************************************************** */ -u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, +u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto) { *user_defined_proto = 0; /* Default */ if(sport && dport) { - ndpi_default_ports_tree_node_t *found = ndpi_get_guessed_protocol_id(ndpi_struct, proto, sport, dport); + ndpi_default_ports_tree_node_t *found = ndpi_get_guessed_protocol_id(ndpi_str, proto, sport, dport); if(found != NULL) { u_int16_t guessed_proto = found->proto->protoId; @@ -2579,8 +2556,8 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struc /* ******************************************************************** */ -u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_mod) { - return(ndpi_mod->ndpi_num_supported_protocols); +u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_str) { + return(ndpi_str->ndpi_num_supported_protocols); } /* ******************************************************************** */ @@ -2600,7 +2577,7 @@ char * strsep(char **sp, char *sep) /* ******************************************************************** */ -int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, +int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_str, char* rule, u_int8_t do_add) { char *at, *proto, *elem; ndpi_proto_defaults_t *def; @@ -2608,7 +2585,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, at = strrchr(rule, '@'); if(at == NULL) { - NDPI_LOG_ERR(ndpi_mod, "Invalid rule '%s'\n", rule); + NDPI_LOG_ERR(ndpi_str, "Invalid rule '%s'\n", rule); return(-1); } else at[0] = 0, proto = &at[1]; @@ -2628,9 +2605,9 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, } } - for(i=0, def = NULL; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { - if(ndpi_mod->proto_defaults[i].protoName && strcasecmp(ndpi_mod->proto_defaults[i].protoName, proto) == 0) { - def = &ndpi_mod->proto_defaults[i]; + for(i=0, def = NULL; i<(int)ndpi_str->ndpi_num_supported_protocols; i++) { + if(ndpi_str->proto_defaults[i].protoName && strcasecmp(ndpi_str->proto_defaults[i].protoName, proto) == 0) { + def = &ndpi_str->proto_defaults[i]; subprotocol_id = i; break; } @@ -2639,29 +2616,29 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, if(def == NULL) { if(!do_add) { /* We need to remove a rule */ - NDPI_LOG_ERR(ndpi_mod, "Unable to find protocol '%s': skipping rule '%s'\n", proto, rule); + NDPI_LOG_ERR(ndpi_str, "Unable to find protocol '%s': skipping rule '%s'\n", proto, rule); return(-3); } else { ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; - if(ndpi_mod->ndpi_num_custom_protocols >= (NDPI_MAX_NUM_CUSTOM_PROTOCOLS-1)) { - NDPI_LOG_ERR(ndpi_mod, "Too many protocols defined (%u): skipping protocol %s\n", - ndpi_mod->ndpi_num_custom_protocols, proto); + if(ndpi_str->ndpi_num_custom_protocols >= (NDPI_MAX_NUM_CUSTOM_PROTOCOLS-1)) { + NDPI_LOG_ERR(ndpi_str, "Too many protocols defined (%u): skipping protocol %s\n", + ndpi_str->ndpi_num_custom_protocols, proto); return(-2); } - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, - ndpi_mod->ndpi_num_supported_protocols, + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, + ndpi_str->ndpi_num_supported_protocols, 0 /* can_have_a_subprotocol */, no_master, no_master, proto, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, /* TODO add protocol category support in rules */ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - def = &ndpi_mod->proto_defaults[ndpi_mod->ndpi_num_supported_protocols]; - subprotocol_id = ndpi_mod->ndpi_num_supported_protocols; - ndpi_mod->ndpi_num_supported_protocols++, ndpi_mod->ndpi_num_custom_protocols++; + def = &ndpi_str->proto_defaults[ndpi_str->ndpi_num_supported_protocols]; + subprotocol_id = ndpi_str->ndpi_num_supported_protocols; + ndpi_str->ndpi_num_supported_protocols++, ndpi_str->ndpi_num_custom_protocols++; } } @@ -2692,20 +2669,20 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, range.port_low = range.port_high = atoi(&elem[4]); if(do_add) - addDefaultPort(ndpi_mod, &range, def, 1 /* Custom user proto */, - is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot, __FUNCTION__,__LINE__); + addDefaultPort(ndpi_str, &range, def, 1 /* Custom user proto */, + is_tcp ? &ndpi_str->tcpRoot : &ndpi_str->udpRoot, __FUNCTION__,__LINE__); else - removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); + removeDefaultPort(&range, def, is_tcp ? &ndpi_str->tcpRoot : &ndpi_str->udpRoot); } else if(is_ip) { /* NDPI_PROTOCOL_TOR */ - ndpi_add_host_ip_subprotocol(ndpi_mod, value, subprotocol_id); + ndpi_add_host_ip_subprotocol(ndpi_str, value, subprotocol_id); } else { if(do_add) - ndpi_add_host_url_subprotocol(ndpi_mod, value, subprotocol_id, + ndpi_add_host_url_subprotocol(ndpi_str, value, subprotocol_id, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_ACCEPTABLE); else - ndpi_remove_host_url_subprotocol(ndpi_mod, value, subprotocol_id); + ndpi_remove_host_url_subprotocol(ndpi_str, value, subprotocol_id); } } @@ -2729,7 +2706,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, udp:139@NETBIOS */ -int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, const char* path) { +int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_str, const char* path) { FILE *fd; char *buffer, *old_buffer; int chunk_len = 512, buffer_len = chunk_len, old_buffer_len; @@ -2738,14 +2715,14 @@ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, cons fd = fopen(path, "r"); if(fd == NULL) { - NDPI_LOG_ERR(ndpi_mod, "Unable to open file %s [%s]\n", path, strerror(errno)); + NDPI_LOG_ERR(ndpi_str, "Unable to open file %s [%s]\n", path, strerror(errno)); goto error; } buffer = ndpi_malloc(buffer_len); if(buffer == NULL) { - NDPI_LOG_ERR(ndpi_mod, "Memory allocation failure\n"); + NDPI_LOG_ERR(ndpi_str, "Memory allocation failure\n"); goto close_fd; } @@ -2762,8 +2739,8 @@ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, cons buffer = ndpi_realloc(old_buffer, old_buffer_len, buffer_len); if(buffer == NULL) { - NDPI_LOG_ERR(ndpi_mod, "Memory allocation failure\n"); - free(old_buffer); + NDPI_LOG_ERR(ndpi_str, "Memory allocation failure\n"); + ndpi_free(old_buffer); goto close_fd; } @@ -2780,12 +2757,12 @@ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, cons else buffer[i-1] = '\0'; - ndpi_handle_rule(ndpi_mod, buffer, 1); + ndpi_handle_rule(ndpi_str, buffer, 1); } rc = 0; - free(buffer); + ndpi_free(buffer); close_fd: fclose(fd); @@ -2798,7 +2775,7 @@ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, cons /* ntop */ void ndpi_set_bitmask_protocol_detection(char * label, - struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_detection_module_struct *ndpi_str, const NDPI_PROTOCOL_BITMASK * detection_bitmask, const u_int32_t idx, u_int16_t ndpi_protocol_id, @@ -2811,17 +2788,17 @@ void ndpi_set_bitmask_protocol_detection(char * label, */ if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, ndpi_protocol_id) != 0) { #ifdef DEBUG - NDPI_LOG_DBG2(ndpi_struct + NDPI_LOG_DBG2(ndpi_str "[NDPI] ndpi_set_bitmask_protocol_detection: %s : [callback_buffer] idx= %u, [proto_defaults] protocol_id=%u\n", label, idx, ndpi_protocol_id); #endif - if(ndpi_struct->proto_defaults[ndpi_protocol_id].protoIdx != 0) { - NDPI_LOG_DBG2(ndpi_struct, + if(ndpi_str->proto_defaults[ndpi_protocol_id].protoIdx != 0) { + NDPI_LOG_DBG2(ndpi_str, "[NDPI] Internal error: protocol %s/%u has been already registered\n", label, ndpi_protocol_id); #ifdef DEBUG } else { - NDPI_LOG_DBG2(ndpi_struct, + NDPI_LOG_DBG2(ndpi_str, "[NDPI] Adding %s with protocol id %d\n", label, ndpi_protocol_id); #endif } @@ -2830,577 +2807,577 @@ void ndpi_set_bitmask_protocol_detection(char * label, Set function and index protocol within proto_default structure for port protocol detection and callback_buffer function for DPI protocol detection */ - ndpi_struct->proto_defaults[ndpi_protocol_id].protoIdx = idx; - ndpi_struct->proto_defaults[ndpi_protocol_id].func = ndpi_struct->callback_buffer[idx].func = func; + ndpi_str->proto_defaults[ndpi_protocol_id].protoIdx = idx; + ndpi_str->proto_defaults[ndpi_protocol_id].func = ndpi_str->callback_buffer[idx].func = func; /* Set ndpi_selection_bitmask for protocol */ - ndpi_struct->callback_buffer[idx].ndpi_selection_bitmask = ndpi_selection_bitmask; + ndpi_str->callback_buffer[idx].ndpi_selection_bitmask = ndpi_selection_bitmask; /* Reset protocol detection bitmask via NDPI_PROTOCOL_UNKNOWN and than add specify protocol bitmast to callback buffer. */ - if(b_save_bitmask_unknow) NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[idx].detection_bitmask, NDPI_PROTOCOL_UNKNOWN); - if(b_add_detection_bitmask) NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[idx].detection_bitmask, ndpi_protocol_id); + if(b_save_bitmask_unknow) NDPI_SAVE_AS_BITMASK(ndpi_str->callback_buffer[idx].detection_bitmask, NDPI_PROTOCOL_UNKNOWN); + if(b_add_detection_bitmask) NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_str->callback_buffer[idx].detection_bitmask, ndpi_protocol_id); - NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[idx].excluded_protocol_bitmask, ndpi_protocol_id); + NDPI_SAVE_AS_BITMASK(ndpi_str->callback_buffer[idx].excluded_protocol_bitmask, ndpi_protocol_id); } } /* ******************************************************************** */ -void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *ndpi_str, const NDPI_PROTOCOL_BITMASK * dbm) { NDPI_PROTOCOL_BITMASK detection_bitmask_local; NDPI_PROTOCOL_BITMASK *detection_bitmask = &detection_bitmask_local; u_int32_t a = 0; NDPI_BITMASK_SET(detection_bitmask_local, *dbm); - NDPI_BITMASK_SET(ndpi_struct->detection_bitmask, *dbm); + NDPI_BITMASK_SET(ndpi_str->detection_bitmask, *dbm); /* set this here to zero to be interrupt safe */ - ndpi_struct->callback_buffer_size = 0; + ndpi_str->callback_buffer_size = 0; /* HTTP */ - init_http_dissector(ndpi_struct, &a, detection_bitmask); + init_http_dissector(ndpi_str, &a, detection_bitmask); /* STARCRAFT */ - init_starcraft_dissector(ndpi_struct, &a, detection_bitmask); + init_starcraft_dissector(ndpi_str, &a, detection_bitmask); /* TLS */ - init_tls_dissector(ndpi_struct, &a, detection_bitmask); + init_tls_dissector(ndpi_str, &a, detection_bitmask); /* STUN */ - init_stun_dissector(ndpi_struct, &a, detection_bitmask); + init_stun_dissector(ndpi_str, &a, detection_bitmask); /* RTP */ - init_rtp_dissector(ndpi_struct, &a, detection_bitmask); + init_rtp_dissector(ndpi_str, &a, detection_bitmask); /* RTSP */ - init_rtsp_dissector(ndpi_struct, &a, detection_bitmask); + init_rtsp_dissector(ndpi_str, &a, detection_bitmask); /* RDP */ - init_rdp_dissector(ndpi_struct, &a, detection_bitmask); + init_rdp_dissector(ndpi_str, &a, detection_bitmask); /* SIP */ - init_sip_dissector(ndpi_struct, &a, detection_bitmask); + init_sip_dissector(ndpi_str, &a, detection_bitmask); /* IMO */ - init_imo_dissector(ndpi_struct, &a, detection_bitmask); + init_imo_dissector(ndpi_str, &a, detection_bitmask); /* Teredo */ - init_teredo_dissector(ndpi_struct, &a, detection_bitmask); + init_teredo_dissector(ndpi_str, &a, detection_bitmask); /* EDONKEY */ - init_edonkey_dissector(ndpi_struct, &a, detection_bitmask); + init_edonkey_dissector(ndpi_str, &a, detection_bitmask); /* FASTTRACK */ - init_fasttrack_dissector(ndpi_struct, &a, detection_bitmask); + init_fasttrack_dissector(ndpi_str, &a, detection_bitmask); /* GNUTELLA */ - init_gnutella_dissector(ndpi_struct, &a, detection_bitmask); + init_gnutella_dissector(ndpi_str, &a, detection_bitmask); /* DIRECTCONNECT */ - init_directconnect_dissector(ndpi_struct, &a, detection_bitmask); + init_directconnect_dissector(ndpi_str, &a, detection_bitmask); /* MSN */ - init_msn_dissector(ndpi_struct, &a, detection_bitmask); + init_msn_dissector(ndpi_str, &a, detection_bitmask); /* YAHOO */ - init_yahoo_dissector(ndpi_struct, &a, detection_bitmask); + init_yahoo_dissector(ndpi_str, &a, detection_bitmask); /* OSCAR */ - init_oscar_dissector(ndpi_struct, &a, detection_bitmask); + init_oscar_dissector(ndpi_str, &a, detection_bitmask); /* APPLEJUICE */ - init_applejuice_dissector(ndpi_struct, &a, detection_bitmask); + init_applejuice_dissector(ndpi_str, &a, detection_bitmask); /* SOULSEEK */ - init_soulseek_dissector(ndpi_struct, &a, detection_bitmask); + init_soulseek_dissector(ndpi_str, &a, detection_bitmask); /* SOCKS */ - init_socks_dissector(ndpi_struct, &a, detection_bitmask); + init_socks_dissector(ndpi_str, &a, detection_bitmask); /* IRC */ - init_irc_dissector(ndpi_struct, &a, detection_bitmask); + init_irc_dissector(ndpi_str, &a, detection_bitmask); /* JABBER */ - init_jabber_dissector(ndpi_struct, &a, detection_bitmask); + init_jabber_dissector(ndpi_str, &a, detection_bitmask); /* MAIL_POP */ - init_mail_pop_dissector(ndpi_struct, &a, detection_bitmask); + init_mail_pop_dissector(ndpi_str, &a, detection_bitmask); /* MAIL_IMAP */ - init_mail_imap_dissector(ndpi_struct, &a, detection_bitmask); + init_mail_imap_dissector(ndpi_str, &a, detection_bitmask); /* MAIL_SMTP */ - init_mail_smtp_dissector(ndpi_struct, &a, detection_bitmask); + init_mail_smtp_dissector(ndpi_str, &a, detection_bitmask); /* USENET */ - init_usenet_dissector(ndpi_struct, &a, detection_bitmask); + init_usenet_dissector(ndpi_str, &a, detection_bitmask); /* DNS */ - init_dns_dissector(ndpi_struct, &a, detection_bitmask); + init_dns_dissector(ndpi_str, &a, detection_bitmask); /* FILETOPIA */ - init_fbzero_dissector(ndpi_struct, &a, detection_bitmask); + init_fbzero_dissector(ndpi_str, &a, detection_bitmask); /* VMWARE */ - init_vmware_dissector(ndpi_struct, &a, detection_bitmask); + init_vmware_dissector(ndpi_str, &a, detection_bitmask); /* NON_TCP_UDP */ - init_non_tcp_udp_dissector(ndpi_struct, &a, detection_bitmask); + init_non_tcp_udp_dissector(ndpi_str, &a, detection_bitmask); /* TVANTS */ - init_tvants_dissector(ndpi_struct, &a, detection_bitmask); + init_tvants_dissector(ndpi_str, &a, detection_bitmask); /* SOPCAST */ - init_sopcast_dissector(ndpi_struct, &a, detection_bitmask); + init_sopcast_dissector(ndpi_str, &a, detection_bitmask); /* TVUPLAYER */ - init_tvuplayer_dissector(ndpi_struct, &a, detection_bitmask); + init_tvuplayer_dissector(ndpi_str, &a, detection_bitmask); /* PPSTREAM */ - init_ppstream_dissector(ndpi_struct, &a, detection_bitmask); + init_ppstream_dissector(ndpi_str, &a, detection_bitmask); /* PPLIVE */ - init_pplive_dissector(ndpi_struct, &a, detection_bitmask); + init_pplive_dissector(ndpi_str, &a, detection_bitmask); /* IAX */ - init_iax_dissector(ndpi_struct, &a, detection_bitmask); + init_iax_dissector(ndpi_str, &a, detection_bitmask); /* MGPC */ - init_mgpc_dissector(ndpi_struct, &a, detection_bitmask); + init_mgpc_dissector(ndpi_str, &a, detection_bitmask); /* ZATTOO */ - init_zattoo_dissector(ndpi_struct, &a, detection_bitmask); + init_zattoo_dissector(ndpi_str, &a, detection_bitmask); /* QQ */ - init_qq_dissector(ndpi_struct, &a, detection_bitmask); + init_qq_dissector(ndpi_str, &a, detection_bitmask); /* SSH */ - init_ssh_dissector(ndpi_struct, &a, detection_bitmask); + init_ssh_dissector(ndpi_str, &a, detection_bitmask); /* AYIYA */ - init_ayiya_dissector(ndpi_struct, &a, detection_bitmask); + init_ayiya_dissector(ndpi_str, &a, detection_bitmask); /* THUNDER */ - init_thunder_dissector(ndpi_struct, &a, detection_bitmask); + init_thunder_dissector(ndpi_str, &a, detection_bitmask); /* VNC */ - init_vnc_dissector(ndpi_struct, &a, detection_bitmask); + init_vnc_dissector(ndpi_str, &a, detection_bitmask); /* LINE */ - init_line_dissector(ndpi_struct, &a, detection_bitmask); + init_line_dissector(ndpi_str, &a, detection_bitmask); /* TEAMVIEWER */ - init_teamviewer_dissector(ndpi_struct, &a, detection_bitmask); + init_teamviewer_dissector(ndpi_str, &a, detection_bitmask); /* DHCP */ - init_dhcp_dissector(ndpi_struct, &a, detection_bitmask); + init_dhcp_dissector(ndpi_str, &a, detection_bitmask); /* STEAM */ - init_steam_dissector(ndpi_struct, &a, detection_bitmask); + init_steam_dissector(ndpi_str, &a, detection_bitmask); /* HALFLIFE2 */ - init_halflife2_dissector(ndpi_struct, &a, detection_bitmask); + init_halflife2_dissector(ndpi_str, &a, detection_bitmask); /* XBOX */ - init_xbox_dissector(ndpi_struct, &a, detection_bitmask); + init_xbox_dissector(ndpi_str, &a, detection_bitmask); /* HTTP_APPLICATION_ACTIVESYNC */ - init_http_activesync_dissector(ndpi_struct, &a, detection_bitmask); + init_http_activesync_dissector(ndpi_str, &a, detection_bitmask); /* SMB */ - init_smb_dissector(ndpi_struct, &a, detection_bitmask); + init_smb_dissector(ndpi_str, &a, detection_bitmask); /* MINING */ - init_mining_dissector(ndpi_struct, &a, detection_bitmask); + init_mining_dissector(ndpi_str, &a, detection_bitmask); /* TELNET */ - init_telnet_dissector(ndpi_struct, &a, detection_bitmask); + init_telnet_dissector(ndpi_str, &a, detection_bitmask); /* NTP */ - init_ntp_dissector(ndpi_struct, &a, detection_bitmask); + init_ntp_dissector(ndpi_str, &a, detection_bitmask); /* NFS */ - init_nfs_dissector(ndpi_struct, &a, detection_bitmask); + init_nfs_dissector(ndpi_str, &a, detection_bitmask); /* SSDP */ - init_ssdp_dissector(ndpi_struct, &a, detection_bitmask); + init_ssdp_dissector(ndpi_str, &a, detection_bitmask); /* WORLD_OF_WARCRAFT */ - init_world_of_warcraft_dissector(ndpi_struct, &a, detection_bitmask); + init_world_of_warcraft_dissector(ndpi_str, &a, detection_bitmask); /* POSTGRES */ - init_postgres_dissector(ndpi_struct, &a, detection_bitmask); + init_postgres_dissector(ndpi_str, &a, detection_bitmask); /* MYSQL */ - init_mysql_dissector(ndpi_struct, &a, detection_bitmask); + init_mysql_dissector(ndpi_str, &a, detection_bitmask); /* BGP */ - init_bgp_dissector(ndpi_struct, &a, detection_bitmask); + init_bgp_dissector(ndpi_str, &a, detection_bitmask); /* BATTLEFIELD */ - init_battlefield_dissector(ndpi_struct, &a, detection_bitmask); + init_battlefield_dissector(ndpi_str, &a, detection_bitmask); /* PCANYWHERE */ - init_pcanywhere_dissector(ndpi_struct, &a, detection_bitmask); + init_pcanywhere_dissector(ndpi_str, &a, detection_bitmask); /* SNMP */ - init_snmp_dissector(ndpi_struct, &a, detection_bitmask); + init_snmp_dissector(ndpi_str, &a, detection_bitmask); /* KONTIKI */ - init_kontiki_dissector(ndpi_struct, &a, detection_bitmask); + init_kontiki_dissector(ndpi_str, &a, detection_bitmask); /* ICECAST */ - init_icecast_dissector(ndpi_struct, &a, detection_bitmask); + init_icecast_dissector(ndpi_str, &a, detection_bitmask); /* SHOUTCAST */ - init_shoutcast_dissector(ndpi_struct, &a, detection_bitmask); + init_shoutcast_dissector(ndpi_str, &a, detection_bitmask); /* KERBEROS */ - init_kerberos_dissector(ndpi_struct, &a, detection_bitmask); + init_kerberos_dissector(ndpi_str, &a, detection_bitmask); /* OPENFT */ - init_openft_dissector(ndpi_struct, &a, detection_bitmask); + init_openft_dissector(ndpi_str, &a, detection_bitmask); /* SYSLOG */ - init_syslog_dissector(ndpi_struct, &a, detection_bitmask); + init_syslog_dissector(ndpi_str, &a, detection_bitmask); /* DIRECT_DOWNLOAD_LINK */ - init_directdownloadlink_dissector(ndpi_struct, &a, detection_bitmask); + init_directdownloadlink_dissector(ndpi_str, &a, detection_bitmask); /* NETBIOS */ - init_netbios_dissector(ndpi_struct, &a, detection_bitmask); + init_netbios_dissector(ndpi_str, &a, detection_bitmask); /* MDNS */ - init_mdns_dissector(ndpi_struct, &a, detection_bitmask); + init_mdns_dissector(ndpi_str, &a, detection_bitmask); /* IPP */ - init_ipp_dissector(ndpi_struct, &a, detection_bitmask); + init_ipp_dissector(ndpi_str, &a, detection_bitmask); /* LDAP */ - init_ldap_dissector(ndpi_struct, &a, detection_bitmask); + init_ldap_dissector(ndpi_str, &a, detection_bitmask); /* WARCRAFT3 */ - init_warcraft3_dissector(ndpi_struct, &a, detection_bitmask); + init_warcraft3_dissector(ndpi_str, &a, detection_bitmask); /* XDMCP */ - init_xdmcp_dissector(ndpi_struct, &a, detection_bitmask); + init_xdmcp_dissector(ndpi_str, &a, detection_bitmask); /* TFTP */ - init_tftp_dissector(ndpi_struct, &a, detection_bitmask); + init_tftp_dissector(ndpi_str, &a, detection_bitmask); /* MSSQL_TDS */ - init_mssql_tds_dissector(ndpi_struct, &a, detection_bitmask); + init_mssql_tds_dissector(ndpi_str, &a, detection_bitmask); /* PPTP */ - init_pptp_dissector(ndpi_struct, &a, detection_bitmask); + init_pptp_dissector(ndpi_str, &a, detection_bitmask); /* STEALTHNET */ - init_stealthnet_dissector(ndpi_struct, &a, detection_bitmask); + init_stealthnet_dissector(ndpi_str, &a, detection_bitmask); /* DHCPV6 */ - init_dhcpv6_dissector(ndpi_struct, &a, detection_bitmask); + init_dhcpv6_dissector(ndpi_str, &a, detection_bitmask); /* AFP */ - init_afp_dissector(ndpi_struct, &a, detection_bitmask); + init_afp_dissector(ndpi_str, &a, detection_bitmask); /* check_mk */ - init_checkmk_dissector(ndpi_struct, &a, detection_bitmask); + init_checkmk_dissector(ndpi_str, &a, detection_bitmask); /* AIMINI */ - init_aimini_dissector(ndpi_struct, &a, detection_bitmask); + init_aimini_dissector(ndpi_str, &a, detection_bitmask); /* FLORENSIA */ - init_florensia_dissector(ndpi_struct, &a, detection_bitmask); + init_florensia_dissector(ndpi_str, &a, detection_bitmask); /* MAPLESTORY */ - init_maplestory_dissector(ndpi_struct, &a, detection_bitmask); + init_maplestory_dissector(ndpi_str, &a, detection_bitmask); /* DOFUS */ - init_dofus_dissector(ndpi_struct, &a, detection_bitmask); + init_dofus_dissector(ndpi_str, &a, detection_bitmask); /* WORLD_OF_KUNG_FU */ - init_world_of_kung_fu_dissector(ndpi_struct, &a, detection_bitmask); + init_world_of_kung_fu_dissector(ndpi_str, &a, detection_bitmask); /* FIESTA */ - init_fiesta_dissector(ndpi_struct, &a, detection_bitmask); + init_fiesta_dissector(ndpi_str, &a, detection_bitmask); /* CROSSIFIRE */ - init_crossfire_dissector(ndpi_struct, &a, detection_bitmask); + init_crossfire_dissector(ndpi_str, &a, detection_bitmask); /* GUILDWARS */ - init_guildwars_dissector(ndpi_struct, &a, detection_bitmask); + init_guildwars_dissector(ndpi_str, &a, detection_bitmask); /* ARMAGETRON */ - init_armagetron_dissector(ndpi_struct, &a, detection_bitmask); + init_armagetron_dissector(ndpi_str, &a, detection_bitmask); /* DROPBOX */ - init_dropbox_dissector(ndpi_struct, &a, detection_bitmask); + init_dropbox_dissector(ndpi_str, &a, detection_bitmask); /* SPOTIFY */ - init_spotify_dissector(ndpi_struct, &a, detection_bitmask); + init_spotify_dissector(ndpi_str, &a, detection_bitmask); /* RADIUS */ - init_radius_dissector(ndpi_struct, &a, detection_bitmask); + init_radius_dissector(ndpi_str, &a, detection_bitmask); /* CITRIX */ - init_citrix_dissector(ndpi_struct, &a, detection_bitmask); + init_citrix_dissector(ndpi_str, &a, detection_bitmask); /* LOTUS_NOTES */ - init_lotus_notes_dissector(ndpi_struct, &a, detection_bitmask); + init_lotus_notes_dissector(ndpi_str, &a, detection_bitmask); /* GTP */ - init_gtp_dissector(ndpi_struct, &a, detection_bitmask); + init_gtp_dissector(ndpi_str, &a, detection_bitmask); /* DCERPC */ - init_dcerpc_dissector(ndpi_struct, &a, detection_bitmask); + init_dcerpc_dissector(ndpi_str, &a, detection_bitmask); /* NETFLOW */ - init_netflow_dissector(ndpi_struct, &a, detection_bitmask); + init_netflow_dissector(ndpi_str, &a, detection_bitmask); /* SFLOW */ - init_sflow_dissector(ndpi_struct, &a, detection_bitmask); + init_sflow_dissector(ndpi_str, &a, detection_bitmask); /* H323 */ - init_h323_dissector(ndpi_struct, &a, detection_bitmask); + init_h323_dissector(ndpi_str, &a, detection_bitmask); /* OPENVPN */ - init_openvpn_dissector(ndpi_struct, &a, detection_bitmask); + init_openvpn_dissector(ndpi_str, &a, detection_bitmask); /* NOE */ - init_noe_dissector(ndpi_struct, &a, detection_bitmask); + init_noe_dissector(ndpi_str, &a, detection_bitmask); /* CISCOVPN */ - init_ciscovpn_dissector(ndpi_struct, &a, detection_bitmask); + init_ciscovpn_dissector(ndpi_str, &a, detection_bitmask); /* TEAMSPEAK */ - init_teamspeak_dissector(ndpi_struct, &a, detection_bitmask); + init_teamspeak_dissector(ndpi_str, &a, detection_bitmask); /* VIBER */ - init_viber_dissector(ndpi_struct, &a, detection_bitmask); + init_viber_dissector(ndpi_str, &a, detection_bitmask); /* TOR */ - init_tor_dissector(ndpi_struct, &a, detection_bitmask); + init_tor_dissector(ndpi_str, &a, detection_bitmask); /* SKINNY */ - init_skinny_dissector(ndpi_struct, &a, detection_bitmask); + init_skinny_dissector(ndpi_str, &a, detection_bitmask); /* RTCP */ - init_rtcp_dissector(ndpi_struct, &a, detection_bitmask); + init_rtcp_dissector(ndpi_str, &a, detection_bitmask); /* RSYNC */ - init_rsync_dissector(ndpi_struct, &a, detection_bitmask); + init_rsync_dissector(ndpi_str, &a, detection_bitmask); /* WHOIS_DAS */ - init_whois_das_dissector(ndpi_struct, &a, detection_bitmask); + init_whois_das_dissector(ndpi_str, &a, detection_bitmask); /* ORACLE */ - init_oracle_dissector(ndpi_struct, &a, detection_bitmask); + init_oracle_dissector(ndpi_str, &a, detection_bitmask); /* CORBA */ - init_corba_dissector(ndpi_struct, &a, detection_bitmask); + init_corba_dissector(ndpi_str, &a, detection_bitmask); /* RTMP */ - init_rtmp_dissector(ndpi_struct, &a, detection_bitmask); + init_rtmp_dissector(ndpi_str, &a, detection_bitmask); /* FTP_CONTROL */ - init_ftp_control_dissector(ndpi_struct, &a, detection_bitmask); + init_ftp_control_dissector(ndpi_str, &a, detection_bitmask); /* FTP_DATA */ - init_ftp_data_dissector(ndpi_struct, &a, detection_bitmask); + init_ftp_data_dissector(ndpi_str, &a, detection_bitmask); /* PANDO */ - init_pando_dissector(ndpi_struct, &a, detection_bitmask); + init_pando_dissector(ndpi_str, &a, detection_bitmask); /* MEGACO */ - init_megaco_dissector(ndpi_struct, &a, detection_bitmask); + init_megaco_dissector(ndpi_str, &a, detection_bitmask); /* REDIS */ - init_redis_dissector(ndpi_struct, &a, detection_bitmask); + init_redis_dissector(ndpi_str, &a, detection_bitmask); /* UPnP */ - init_upnp_dissector(ndpi_struct, &a, detection_bitmask); + init_upnp_dissector(ndpi_str, &a, detection_bitmask); /* VHUA */ - init_vhua_dissector(ndpi_struct, &a, detection_bitmask); + init_vhua_dissector(ndpi_str, &a, detection_bitmask); /* ZMQ */ - init_zmq_dissector(ndpi_struct, &a, detection_bitmask); + init_zmq_dissector(ndpi_str, &a, detection_bitmask); /* TELEGRAM */ - init_telegram_dissector(ndpi_struct, &a, detection_bitmask); + init_telegram_dissector(ndpi_str, &a, detection_bitmask); /* QUIC */ - init_quic_dissector(ndpi_struct, &a, detection_bitmask); + init_quic_dissector(ndpi_str, &a, detection_bitmask); /* DIAMETER */ - init_diameter_dissector(ndpi_struct, &a, detection_bitmask); + init_diameter_dissector(ndpi_str, &a, detection_bitmask); /* APPLE_PUSH */ - init_apple_push_dissector(ndpi_struct, &a, detection_bitmask); + init_apple_push_dissector(ndpi_str, &a, detection_bitmask); /* EAQ */ - init_eaq_dissector(ndpi_struct, &a, detection_bitmask); + init_eaq_dissector(ndpi_str, &a, detection_bitmask); /* KAKAOTALK_VOICE */ - init_kakaotalk_voice_dissector(ndpi_struct, &a, detection_bitmask); + init_kakaotalk_voice_dissector(ndpi_str, &a, detection_bitmask); /* MPEGTS */ - init_mpegts_dissector(ndpi_struct, &a, detection_bitmask); + init_mpegts_dissector(ndpi_str, &a, detection_bitmask); /* UBNTAC2 */ - init_ubntac2_dissector(ndpi_struct, &a, detection_bitmask); + init_ubntac2_dissector(ndpi_str, &a, detection_bitmask); /* COAP */ - init_coap_dissector(ndpi_struct, &a, detection_bitmask); + init_coap_dissector(ndpi_str, &a, detection_bitmask); /* MQTT */ - init_mqtt_dissector(ndpi_struct, &a, detection_bitmask); + init_mqtt_dissector(ndpi_str, &a, detection_bitmask); /* SOME/IP */ - init_someip_dissector(ndpi_struct, &a, detection_bitmask); + init_someip_dissector(ndpi_str, &a, detection_bitmask); /* RX */ - init_rx_dissector(ndpi_struct, &a, detection_bitmask); + init_rx_dissector(ndpi_str, &a, detection_bitmask); /* GIT */ - init_git_dissector(ndpi_struct, &a, detection_bitmask); + init_git_dissector(ndpi_str, &a, detection_bitmask); /* HANGOUT */ - init_hangout_dissector(ndpi_struct, &a, detection_bitmask); + init_hangout_dissector(ndpi_str, &a, detection_bitmask); /* DRDA */ - init_drda_dissector(ndpi_struct, &a, detection_bitmask); + init_drda_dissector(ndpi_str, &a, detection_bitmask); /* BJNP */ - init_bjnp_dissector(ndpi_struct, &a, detection_bitmask); + init_bjnp_dissector(ndpi_str, &a, detection_bitmask); /* SMPP */ - init_smpp_dissector(ndpi_struct, &a, detection_bitmask); + init_smpp_dissector(ndpi_str, &a, detection_bitmask); /* TINC */ - init_tinc_dissector(ndpi_struct, &a, detection_bitmask); + init_tinc_dissector(ndpi_str, &a, detection_bitmask); /* FIX */ - init_fix_dissector(ndpi_struct, &a, detection_bitmask); + init_fix_dissector(ndpi_str, &a, detection_bitmask); /* NINTENDO */ - init_nintendo_dissector(ndpi_struct, &a, detection_bitmask); + init_nintendo_dissector(ndpi_str, &a, detection_bitmask); /* MODBUS */ - init_modbus_dissector(ndpi_struct, &a, detection_bitmask); + init_modbus_dissector(ndpi_str, &a, detection_bitmask); /*** Put false-positive sensitive protocols at the end ***/ /* SKYPE */ - init_skype_dissector(ndpi_struct, &a, detection_bitmask); + init_skype_dissector(ndpi_str, &a, detection_bitmask); /* BITTORRENT */ - init_bittorrent_dissector(ndpi_struct, &a, detection_bitmask); + init_bittorrent_dissector(ndpi_str, &a, detection_bitmask); /* WHATSAPP */ - init_whatsapp_dissector(ndpi_struct, &a, detection_bitmask); + init_whatsapp_dissector(ndpi_str, &a, detection_bitmask); /* OOKLA */ - init_ookla_dissector(ndpi_struct, &a, detection_bitmask); + init_ookla_dissector(ndpi_str, &a, detection_bitmask); /* AMQP */ - init_amqp_dissector(ndpi_struct, &a, detection_bitmask); + init_amqp_dissector(ndpi_str, &a, detection_bitmask); /* CSGO */ - init_csgo_dissector(ndpi_struct, &a, detection_bitmask); + init_csgo_dissector(ndpi_str, &a, detection_bitmask); /* LISP */ - init_lisp_dissector(ndpi_struct, &a, detection_bitmask); + init_lisp_dissector(ndpi_str, &a, detection_bitmask); /* AJP */ - init_ajp_dissector(ndpi_struct, &a, detection_bitmask); + init_ajp_dissector(ndpi_str, &a, detection_bitmask); /* Memcached */ - init_memcached_dissector(ndpi_struct, &a, detection_bitmask); + init_memcached_dissector(ndpi_str, &a, detection_bitmask); /* Nest Log Sink */ - init_nest_log_sink_dissector(ndpi_struct, &a, detection_bitmask); + init_nest_log_sink_dissector(ndpi_str, &a, detection_bitmask); /* WireGuard VPN */ - init_wireguard_dissector(ndpi_struct, &a, detection_bitmask); + init_wireguard_dissector(ndpi_str, &a, detection_bitmask); /* AMAZON_VIDEO */ - init_amazon_video_dissector(ndpi_struct, &a, detection_bitmask); + init_amazon_video_dissector(ndpi_str, &a, detection_bitmask); /* Targus Getdata */ - init_targus_getdata_dissector(ndpi_struct, &a, detection_bitmask); + init_targus_getdata_dissector(ndpi_str, &a, detection_bitmask); /* ----------------------------------------------------------------- */ - ndpi_struct->callback_buffer_size = a; + ndpi_str->callback_buffer_size = a; - NDPI_LOG_DBG2(ndpi_struct, - "callback_buffer_size is %u\n", ndpi_struct->callback_buffer_size); + NDPI_LOG_DBG2(ndpi_str, + "callback_buffer_size is %u\n", ndpi_str->callback_buffer_size); /* now build the specific buffer for tcp, udp and non_tcp_udp */ - ndpi_struct->callback_buffer_size_tcp_payload = 0; - ndpi_struct->callback_buffer_size_tcp_no_payload = 0; - for(a = 0; a < ndpi_struct->callback_buffer_size; a++) { - if((ndpi_struct->callback_buffer[a].ndpi_selection_bitmask + ndpi_str->callback_buffer_size_tcp_payload = 0; + ndpi_str->callback_buffer_size_tcp_no_payload = 0; + for(a = 0; a < ndpi_str->callback_buffer_size; a++) { + if((ndpi_str->callback_buffer[a].ndpi_selection_bitmask & (NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC)) != 0) { - if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_str, "callback_buffer_tcp_payload, adding buffer %u as entry %u\n", a, - ndpi_struct->callback_buffer_size_tcp_payload); + ndpi_str->callback_buffer_size_tcp_payload); - memcpy(&ndpi_struct->callback_buffer_tcp_payload[ndpi_struct->callback_buffer_size_tcp_payload], - &ndpi_struct->callback_buffer[a], sizeof(struct ndpi_call_function_struct)); - ndpi_struct->callback_buffer_size_tcp_payload++; + memcpy(&ndpi_str->callback_buffer_tcp_payload[ndpi_str->callback_buffer_size_tcp_payload], + &ndpi_str->callback_buffer[a], sizeof(struct ndpi_call_function_struct)); + ndpi_str->callback_buffer_size_tcp_payload++; - if((ndpi_struct-> + if((ndpi_str-> callback_buffer[a].ndpi_selection_bitmask & NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) == 0) { - if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_str, "\tcallback_buffer_tcp_no_payload, additional adding buffer %u to no_payload process\n", a); - memcpy(&ndpi_struct->callback_buffer_tcp_no_payload - [ndpi_struct->callback_buffer_size_tcp_no_payload], &ndpi_struct->callback_buffer[a], + memcpy(&ndpi_str->callback_buffer_tcp_no_payload + [ndpi_str->callback_buffer_size_tcp_no_payload], &ndpi_str->callback_buffer[a], sizeof(struct ndpi_call_function_struct)); - ndpi_struct->callback_buffer_size_tcp_no_payload++; + ndpi_str->callback_buffer_size_tcp_no_payload++; } } } - ndpi_struct->callback_buffer_size_udp = 0; - for(a = 0; a < ndpi_struct->callback_buffer_size; a++) { - if((ndpi_struct->callback_buffer[a].ndpi_selection_bitmask & (NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP | + ndpi_str->callback_buffer_size_udp = 0; + for(a = 0; a < ndpi_str->callback_buffer_size; a++) { + if((ndpi_str->callback_buffer[a].ndpi_selection_bitmask & (NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC)) != 0) { - if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, - "callback_buffer_size_udp: adding buffer : %u as entry %u\n", a, ndpi_struct->callback_buffer_size_udp); + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_str, + "callback_buffer_size_udp: adding buffer : %u as entry %u\n", a, ndpi_str->callback_buffer_size_udp); - memcpy(&ndpi_struct->callback_buffer_udp[ndpi_struct->callback_buffer_size_udp], - &ndpi_struct->callback_buffer[a], sizeof(struct ndpi_call_function_struct)); - ndpi_struct->callback_buffer_size_udp++; + memcpy(&ndpi_str->callback_buffer_udp[ndpi_str->callback_buffer_size_udp], + &ndpi_str->callback_buffer[a], sizeof(struct ndpi_call_function_struct)); + ndpi_str->callback_buffer_size_udp++; } } - ndpi_struct->callback_buffer_size_non_tcp_udp = 0; - for(a = 0; a < ndpi_struct->callback_buffer_size; a++) { - if((ndpi_struct->callback_buffer[a].ndpi_selection_bitmask & (NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP | + ndpi_str->callback_buffer_size_non_tcp_udp = 0; + for(a = 0; a < ndpi_str->callback_buffer_size; a++) { + if((ndpi_str->callback_buffer[a].ndpi_selection_bitmask & (NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP)) == 0 - || (ndpi_struct-> + || (ndpi_str-> callback_buffer[a].ndpi_selection_bitmask & NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC) != 0) { - if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, - "callback_buffer_non_tcp_udp: adding buffer : %u as entry %u\n", a, ndpi_struct->callback_buffer_size_non_tcp_udp); + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_str, + "callback_buffer_non_tcp_udp: adding buffer : %u as entry %u\n", a, ndpi_str->callback_buffer_size_non_tcp_udp); - memcpy(&ndpi_struct->callback_buffer_non_tcp_udp[ndpi_struct->callback_buffer_size_non_tcp_udp], - &ndpi_struct->callback_buffer[a], sizeof(struct ndpi_call_function_struct)); - ndpi_struct->callback_buffer_size_non_tcp_udp++; + memcpy(&ndpi_str->callback_buffer_non_tcp_udp[ndpi_str->callback_buffer_size_non_tcp_udp], + &ndpi_str->callback_buffer[a], sizeof(struct ndpi_call_function_struct)); + ndpi_str->callback_buffer_size_non_tcp_udp++; } } } @@ -3417,19 +3394,19 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n * nxt_hdr: protocol of the actual payload * returns 0 upon success and 1 upon failure */ -static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_struct, const u_int8_t ** l4ptr, u_int16_t * l4len, u_int8_t * nxt_hdr) +static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_str, const u_int8_t ** l4ptr, u_int16_t * l4len, u_int8_t * nxt_hdr) { - while ((*nxt_hdr == 0 || *nxt_hdr == 43 || *nxt_hdr == 44 || *nxt_hdr == 60 || *nxt_hdr == 135 || *nxt_hdr == 59)) { + while((*nxt_hdr == 0 || *nxt_hdr == 43 || *nxt_hdr == 44 || *nxt_hdr == 60 || *nxt_hdr == 135 || *nxt_hdr == 59)) { u_int16_t ehdr_len; // no next header if(*nxt_hdr == 59) { - return 1; + return(1); } // fragment extension header has fixed size of 8 bytes and the first byte is the next header type if(*nxt_hdr == 44) { if(*l4len < 8) { - return 1; + return(1); } *nxt_hdr = (*l4ptr)[0]; *l4len -= 8; @@ -3443,13 +3420,13 @@ static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struc ehdr_len += 8; if(*l4len < ehdr_len) { - return 1; + return(1); } *nxt_hdr = (*l4ptr)[0]; *l4len -= ehdr_len; (*l4ptr) += ehdr_len; } - return 0; + return(0); } #endif /* NDPI_DETECTION_SUPPORT_IPV6 */ @@ -3459,14 +3436,14 @@ static u_int8_t ndpi_iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *ip //#ifdef REQUIRE_FULL_PACKETS if(ipsize < iph->ihl * 4 || ipsize < ntohs(iph->tot_len) || ntohs(iph->tot_len) < iph->ihl * 4 || (iph->frag_off & htons(0x1FFF)) != 0) { - return 0; + return(0); } //#endif - return 1; + return(1); } -static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_struct *ndpi_struct, +static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_struct *ndpi_str, const u_int8_t * l3, u_int16_t l3_len, const u_int8_t ** l4_return, u_int16_t * l4_len_return, u_int8_t * l4_protocol_return, u_int32_t flags) @@ -3480,32 +3457,32 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru u_int8_t l4protocol = 0; if(l3 == NULL || l3_len < sizeof(struct ndpi_iphdr)) - return 1; + return(1); iph = (const struct ndpi_iphdr *) l3; if(iph->version == IPVERSION && iph->ihl >= 5) { - NDPI_LOG_DBG2(ndpi_struct, "ipv4 header\n"); + NDPI_LOG_DBG2(ndpi_str, "ipv4 header\n"); } #ifdef NDPI_DETECTION_SUPPORT_IPV6 else if(iph->version == 6 && l3_len >= sizeof(struct ndpi_ipv6hdr)) { - NDPI_LOG_DBG2(ndpi_struct, "ipv6 header\n"); + NDPI_LOG_DBG2(ndpi_str, "ipv6 header\n"); iph_v6 = (const struct ndpi_ipv6hdr *) l3; iph = NULL; } #endif else { - return 1; + return(1); } if((flags & NDPI_DETECTION_ONLY_IPV6) && iph != NULL) { - NDPI_LOG_DBG2(ndpi_struct, "ipv4 header found but excluded by flag\n"); - return 1; + NDPI_LOG_DBG2(ndpi_str, "ipv4 header found but excluded by flag\n"); + return(1); } #ifdef NDPI_DETECTION_SUPPORT_IPV6 else if((flags & NDPI_DETECTION_ONLY_IPV4) && iph_v6 != NULL) { - NDPI_LOG_DBG2(ndpi_struct, "ipv6 header found but excluded by flag\n"); - return 1; + NDPI_LOG_DBG2(ndpi_str, "ipv6 header found but excluded by flag\n"); + return(1); } #endif @@ -3527,14 +3504,14 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru l4protocol = iph_v6->ip6_hdr.ip6_un1_nxt; // we need to handle IPv6 extension headers if present - if(ndpi_handle_ipv6_extension_headers(ndpi_struct, &l4ptr, &l4len, &l4protocol) != 0) { - return 1; + if(ndpi_handle_ipv6_extension_headers(ndpi_str, &l4ptr, &l4len, &l4protocol) != 0) { + return(1); } } #endif else { - return 1; + return(1); } if(l4_return != NULL) { @@ -3549,7 +3526,7 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru *l4_protocol_return = l4protocol; } - return 0; + return(0); } void ndpi_apply_flow_protocol_to_packet(struct ndpi_flow_struct *flow, @@ -3559,7 +3536,7 @@ void ndpi_apply_flow_protocol_to_packet(struct ndpi_flow_struct *flow, memcpy(&packet->protocol_stack_info, &flow->protocol_stack_info, sizeof(packet->protocol_stack_info)); } -static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_struct, +static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, unsigned short packetlen) { const struct ndpi_iphdr *decaps_iph = NULL; @@ -3570,7 +3547,7 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str u_int8_t l4_result; if (!flow) - return 1; + return(1); /* reset payload_packet_len, will be set if ipv4 tcp or udp */ flow->packet.payload_packet_len = 0; @@ -3598,19 +3575,19 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str #endif /* NDPI_DETECTION_SUPPORT_IPV6 */ if(decaps_iph && decaps_iph->version == IPVERSION && decaps_iph->ihl >= 5) { - NDPI_LOG_DBG2(ndpi_struct, "ipv4 header\n"); + NDPI_LOG_DBG2(ndpi_str, "ipv4 header\n"); } #ifdef NDPI_DETECTION_SUPPORT_IPV6 else if(decaps_iph && decaps_iph->version == 6 && l3len >= sizeof(struct ndpi_ipv6hdr) && - (ndpi_struct->ip_version_limit & NDPI_DETECTION_ONLY_IPV4) == 0) { - NDPI_LOG_DBG2(ndpi_struct, "ipv6 header\n"); + (ndpi_str->ip_version_limit & NDPI_DETECTION_ONLY_IPV4) == 0) { + NDPI_LOG_DBG2(ndpi_str, "ipv6 header\n"); flow->packet.iphv6 = (struct ndpi_ipv6hdr *)flow->packet.iph; flow->packet.iph = NULL; } #endif else { flow->packet.iph = NULL; - return 1; + return(1); } /* needed: @@ -3624,10 +3601,10 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str l4protocol = 0; l4_result = - ndpi_detection_get_l4_internal(ndpi_struct, (const u_int8_t *) decaps_iph, l3len, &l4ptr, &l4len, &l4protocol, 0); + ndpi_detection_get_l4_internal(ndpi_str, (const u_int8_t *) decaps_iph, l3len, &l4ptr, &l4len, &l4protocol, 0); if(l4_result != 0) { - return 1; + return(1); } flow->packet.l4_protocol = l4protocol; @@ -3665,7 +3642,7 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str flow->guessed_protocol_id = backup1; flow->guessed_host_protocol_id = backup2; - NDPI_LOG_DBG(ndpi_struct, + NDPI_LOG_DBG(ndpi_str, "tcp syn packet for unknown protocol, reset detection state\n"); } } else { @@ -3680,10 +3657,10 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str flow->packet.generic_l4_ptr = l4ptr; } - return 0; + return(0); } -void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { if(!flow) { return; @@ -3699,7 +3676,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, packet->tcp_retransmission = 0, packet->packet_direction = 0; - if(ndpi_struct->direction_detect_disable) { + if(ndpi_str->direction_detect_disable) { packet->packet_direction = flow->packet_direction; } else { if(iph != NULL && ntohl(iph->saddr) < ntohl(iph->daddr)) @@ -3723,7 +3700,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, /* reset retried bytes here before setting it */ packet->num_retried_bytes = 0; - if(!ndpi_struct->direction_detect_disable) + if(!ndpi_str->direction_detect_disable) packet->packet_direction = (ntohs(tcph->source) < ntohs(tcph->dest)) ? 1 : 0; if(tcph->syn != 0 && tcph->ack == 0 && flow->l4.tcp.seen_syn == 0 && flow->l4.tcp.seen_syn_ack == 0 @@ -3757,7 +3734,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, } else if(packet->payload_packet_len > 0) { /* check tcp sequence counters */ if(((u_int32_t)(ntohl(tcph->seq) - flow->next_tcp_seq_nr[packet->packet_direction])) > - ndpi_struct->tcp_max_retransmission_window_size) { + ndpi_str->tcp_max_retransmission_window_size) { packet->tcp_retransmission = 1; @@ -3786,7 +3763,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, flow->next_tcp_seq_nr[1] = 0; } } else if(udph != NULL) { - if(!ndpi_struct->direction_detect_disable) + if(!ndpi_str->direction_detect_disable) packet->packet_direction = (htons(udph->source) < htons(udph->dest)) ? 1 : 0; } @@ -3805,7 +3782,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, } } -void check_ndpi_other_flow_func(struct ndpi_detection_module_struct *ndpi_struct, +void check_ndpi_other_flow_func(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, NDPI_SELECTION_BITMASK_PROTOCOL_SIZE *ndpi_selection_packet) { @@ -3815,37 +3792,37 @@ void check_ndpi_other_flow_func(struct ndpi_detection_module_struct *ndpi_struct void *func = NULL; u_int32_t a; - u_int16_t proto_index = ndpi_struct->proto_defaults[flow->guessed_protocol_id].protoIdx; - int16_t proto_id = ndpi_struct->proto_defaults[flow->guessed_protocol_id].protoId; + u_int16_t proto_index = ndpi_str->proto_defaults[flow->guessed_protocol_id].protoIdx; + int16_t proto_id = ndpi_str->proto_defaults[flow->guessed_protocol_id].protoId; NDPI_PROTOCOL_BITMASK detection_bitmask; NDPI_SAVE_AS_BITMASK(detection_bitmask, flow->packet.detected_protocol_stack[0]); if((proto_id != NDPI_PROTOCOL_UNKNOWN) && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_struct->callback_buffer[proto_index].excluded_protocol_bitmask) == 0 - && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer[proto_index].detection_bitmask, + ndpi_str->callback_buffer[proto_index].excluded_protocol_bitmask) == 0 + && NDPI_BITMASK_COMPARE(ndpi_str->callback_buffer[proto_index].detection_bitmask, detection_bitmask) != 0 - && (ndpi_struct->callback_buffer[proto_index].ndpi_selection_bitmask - & *ndpi_selection_packet) == ndpi_struct->callback_buffer[proto_index].ndpi_selection_bitmask) { + && (ndpi_str->callback_buffer[proto_index].ndpi_selection_bitmask + & *ndpi_selection_packet) == ndpi_str->callback_buffer[proto_index].ndpi_selection_bitmask) { if((flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (ndpi_struct->proto_defaults[flow->guessed_protocol_id].func != NULL)) - ndpi_struct->proto_defaults[flow->guessed_protocol_id].func(ndpi_struct, flow), - func = ndpi_struct->proto_defaults[flow->guessed_protocol_id].func; + && (ndpi_str->proto_defaults[flow->guessed_protocol_id].func != NULL)) + ndpi_str->proto_defaults[flow->guessed_protocol_id].func(ndpi_str, flow), + func = ndpi_str->proto_defaults[flow->guessed_protocol_id].func; } - for(a = 0; a < ndpi_struct->callback_buffer_size_non_tcp_udp; a++) { - if((func != ndpi_struct->callback_buffer_non_tcp_udp[a].func) - && (ndpi_struct->callback_buffer_non_tcp_udp[a].ndpi_selection_bitmask & *ndpi_selection_packet) == - ndpi_struct->callback_buffer_non_tcp_udp[a].ndpi_selection_bitmask + for(a = 0; a < ndpi_str->callback_buffer_size_non_tcp_udp; a++) { + if((func != ndpi_str->callback_buffer_non_tcp_udp[a].func) + && (ndpi_str->callback_buffer_non_tcp_udp[a].ndpi_selection_bitmask & *ndpi_selection_packet) == + ndpi_str->callback_buffer_non_tcp_udp[a].ndpi_selection_bitmask && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_struct->callback_buffer_non_tcp_udp[a].excluded_protocol_bitmask) == 0 - && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_non_tcp_udp[a].detection_bitmask, + ndpi_str->callback_buffer_non_tcp_udp[a].excluded_protocol_bitmask) == 0 + && NDPI_BITMASK_COMPARE(ndpi_str->callback_buffer_non_tcp_udp[a].detection_bitmask, detection_bitmask) != 0) { - if(ndpi_struct->callback_buffer_non_tcp_udp[a].func != NULL) - ndpi_struct->callback_buffer_non_tcp_udp[a].func(ndpi_struct, flow); + if(ndpi_str->callback_buffer_non_tcp_udp[a].func != NULL) + ndpi_str->callback_buffer_non_tcp_udp[a].func(ndpi_str, flow); if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) break; /* Stop after detecting the first protocol */ @@ -3854,57 +3831,57 @@ void check_ndpi_other_flow_func(struct ndpi_detection_module_struct *ndpi_struct } -void check_ndpi_udp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, +void check_ndpi_udp_flow_func(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, NDPI_SELECTION_BITMASK_PROTOCOL_SIZE *ndpi_selection_packet) { void *func = NULL; u_int32_t a; - u_int16_t proto_index = ndpi_struct->proto_defaults[flow->guessed_protocol_id].protoIdx; - int16_t proto_id = ndpi_struct->proto_defaults[flow->guessed_protocol_id].protoId; + u_int16_t proto_index = ndpi_str->proto_defaults[flow->guessed_protocol_id].protoIdx; + int16_t proto_id = ndpi_str->proto_defaults[flow->guessed_protocol_id].protoId; NDPI_PROTOCOL_BITMASK detection_bitmask; NDPI_SAVE_AS_BITMASK(detection_bitmask, flow->packet.detected_protocol_stack[0]); if((proto_id != NDPI_PROTOCOL_UNKNOWN) && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_struct->callback_buffer[proto_index].excluded_protocol_bitmask) == 0 - && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer[proto_index].detection_bitmask, + ndpi_str->callback_buffer[proto_index].excluded_protocol_bitmask) == 0 + && NDPI_BITMASK_COMPARE(ndpi_str->callback_buffer[proto_index].detection_bitmask, detection_bitmask) != 0 - && (ndpi_struct->callback_buffer[proto_index].ndpi_selection_bitmask - & *ndpi_selection_packet) == ndpi_struct->callback_buffer[proto_index].ndpi_selection_bitmask) { + && (ndpi_str->callback_buffer[proto_index].ndpi_selection_bitmask + & *ndpi_selection_packet) == ndpi_str->callback_buffer[proto_index].ndpi_selection_bitmask) { if((flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (ndpi_struct->proto_defaults[flow->guessed_protocol_id].func != NULL)) - ndpi_struct->proto_defaults[flow->guessed_protocol_id].func(ndpi_struct, flow), - func = ndpi_struct->proto_defaults[flow->guessed_protocol_id].func; + && (ndpi_str->proto_defaults[flow->guessed_protocol_id].func != NULL)) + ndpi_str->proto_defaults[flow->guessed_protocol_id].func(ndpi_str, flow), + func = ndpi_str->proto_defaults[flow->guessed_protocol_id].func; } - for(a = 0; a < ndpi_struct->callback_buffer_size_udp; a++) { - if((func != ndpi_struct->callback_buffer_udp[a].func) - && (ndpi_struct->callback_buffer_udp[a].ndpi_selection_bitmask & *ndpi_selection_packet) == - ndpi_struct->callback_buffer_udp[a].ndpi_selection_bitmask + for(a = 0; a < ndpi_str->callback_buffer_size_udp; a++) { + if((func != ndpi_str->callback_buffer_udp[a].func) + && (ndpi_str->callback_buffer_udp[a].ndpi_selection_bitmask & *ndpi_selection_packet) == + ndpi_str->callback_buffer_udp[a].ndpi_selection_bitmask && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_struct->callback_buffer_udp[a].excluded_protocol_bitmask) == 0 - && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_udp[a].detection_bitmask, + ndpi_str->callback_buffer_udp[a].excluded_protocol_bitmask) == 0 + && NDPI_BITMASK_COMPARE(ndpi_str->callback_buffer_udp[a].detection_bitmask, detection_bitmask) != 0) { - ndpi_struct->callback_buffer_udp[a].func(ndpi_struct, flow); + ndpi_str->callback_buffer_udp[a].func(ndpi_str, flow); - // NDPI_LOG_DBG(ndpi_struct, "[UDP,CALL] dissector of protocol as callback_buffer idx = %d\n",a); + // NDPI_LOG_DBG(ndpi_str, "[UDP,CALL] dissector of protocol as callback_buffer idx = %d\n",a); if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) break; /* Stop after detecting the first protocol */ } else - if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_str, "[UDP,SKIP] dissector of protocol as callback_buffer idx = %d\n",a); } } -void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, +void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, NDPI_SELECTION_BITMASK_PROTOCOL_SIZE *ndpi_selection_packet) { void *func = NULL; u_int32_t a; - u_int16_t proto_index = ndpi_struct->proto_defaults[flow->guessed_protocol_id].protoIdx; - int16_t proto_id = ndpi_struct->proto_defaults[flow->guessed_protocol_id].protoId; + u_int16_t proto_index = ndpi_str->proto_defaults[flow->guessed_protocol_id].protoIdx; + int16_t proto_id = ndpi_str->proto_defaults[flow->guessed_protocol_id].protoId; NDPI_PROTOCOL_BITMASK detection_bitmask; NDPI_SAVE_AS_BITMASK(detection_bitmask, flow->packet.detected_protocol_stack[0]); @@ -3912,24 +3889,24 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, if(flow->packet.payload_packet_len != 0) { if((proto_id != NDPI_PROTOCOL_UNKNOWN) && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_struct->callback_buffer[proto_index].excluded_protocol_bitmask) == 0 - && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer[proto_index].detection_bitmask, detection_bitmask) != 0 - && (ndpi_struct->callback_buffer[proto_index].ndpi_selection_bitmask & *ndpi_selection_packet) == ndpi_struct->callback_buffer[proto_index].ndpi_selection_bitmask) { + ndpi_str->callback_buffer[proto_index].excluded_protocol_bitmask) == 0 + && NDPI_BITMASK_COMPARE(ndpi_str->callback_buffer[proto_index].detection_bitmask, detection_bitmask) != 0 + && (ndpi_str->callback_buffer[proto_index].ndpi_selection_bitmask & *ndpi_selection_packet) == ndpi_str->callback_buffer[proto_index].ndpi_selection_bitmask) { if((flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (ndpi_struct->proto_defaults[flow->guessed_protocol_id].func != NULL)) - ndpi_struct->proto_defaults[flow->guessed_protocol_id].func(ndpi_struct, flow), - func = ndpi_struct->proto_defaults[flow->guessed_protocol_id].func; + && (ndpi_str->proto_defaults[flow->guessed_protocol_id].func != NULL)) + ndpi_str->proto_defaults[flow->guessed_protocol_id].func(ndpi_str, flow), + func = ndpi_str->proto_defaults[flow->guessed_protocol_id].func; } if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { - for(a = 0; a < ndpi_struct->callback_buffer_size_tcp_payload; a++) { - if((func != ndpi_struct->callback_buffer_tcp_payload[a].func) - && (ndpi_struct->callback_buffer_tcp_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) == ndpi_struct->callback_buffer_tcp_payload[a].ndpi_selection_bitmask + for(a = 0; a < ndpi_str->callback_buffer_size_tcp_payload; a++) { + if((func != ndpi_str->callback_buffer_tcp_payload[a].func) + && (ndpi_str->callback_buffer_tcp_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) == ndpi_str->callback_buffer_tcp_payload[a].ndpi_selection_bitmask && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_struct->callback_buffer_tcp_payload[a].excluded_protocol_bitmask) == 0 - && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_tcp_payload[a].detection_bitmask, + ndpi_str->callback_buffer_tcp_payload[a].excluded_protocol_bitmask) == 0 + && NDPI_BITMASK_COMPARE(ndpi_str->callback_buffer_tcp_payload[a].detection_bitmask, detection_bitmask) != 0) { - ndpi_struct->callback_buffer_tcp_payload[a].func(ndpi_struct, flow); + ndpi_str->callback_buffer_tcp_payload[a].func(ndpi_str, flow); if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) break; /* Stop after detecting the first protocol */ @@ -3940,27 +3917,27 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, /* no payload */ if((proto_id != NDPI_PROTOCOL_UNKNOWN) && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_struct->callback_buffer[proto_index].excluded_protocol_bitmask) == 0 - && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer[proto_index].detection_bitmask, + ndpi_str->callback_buffer[proto_index].excluded_protocol_bitmask) == 0 + && NDPI_BITMASK_COMPARE(ndpi_str->callback_buffer[proto_index].detection_bitmask, detection_bitmask) != 0 - && (ndpi_struct->callback_buffer[proto_index].ndpi_selection_bitmask - & *ndpi_selection_packet) == ndpi_struct->callback_buffer[proto_index].ndpi_selection_bitmask) { + && (ndpi_str->callback_buffer[proto_index].ndpi_selection_bitmask + & *ndpi_selection_packet) == ndpi_str->callback_buffer[proto_index].ndpi_selection_bitmask) { if((flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (ndpi_struct->proto_defaults[flow->guessed_protocol_id].func != NULL) - && ((ndpi_struct->callback_buffer[flow->guessed_protocol_id].ndpi_selection_bitmask & NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) == 0)) - ndpi_struct->proto_defaults[flow->guessed_protocol_id].func(ndpi_struct, flow), - func = ndpi_struct->proto_defaults[flow->guessed_protocol_id].func; + && (ndpi_str->proto_defaults[flow->guessed_protocol_id].func != NULL) + && ((ndpi_str->callback_buffer[flow->guessed_protocol_id].ndpi_selection_bitmask & NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) == 0)) + ndpi_str->proto_defaults[flow->guessed_protocol_id].func(ndpi_str, flow), + func = ndpi_str->proto_defaults[flow->guessed_protocol_id].func; } - for(a = 0; a < ndpi_struct->callback_buffer_size_tcp_no_payload; a++) { - if((func != ndpi_struct->callback_buffer_tcp_payload[a].func) - && (ndpi_struct->callback_buffer_tcp_no_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) == - ndpi_struct->callback_buffer_tcp_no_payload[a].ndpi_selection_bitmask + for(a = 0; a < ndpi_str->callback_buffer_size_tcp_no_payload; a++) { + if((func != ndpi_str->callback_buffer_tcp_payload[a].func) + && (ndpi_str->callback_buffer_tcp_no_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) == + ndpi_str->callback_buffer_tcp_no_payload[a].ndpi_selection_bitmask && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_struct->callback_buffer_tcp_no_payload[a].excluded_protocol_bitmask) == 0 - && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_tcp_no_payload[a].detection_bitmask, + ndpi_str->callback_buffer_tcp_no_payload[a].excluded_protocol_bitmask) == 0 + && NDPI_BITMASK_COMPARE(ndpi_str->callback_buffer_tcp_no_payload[a].detection_bitmask, detection_bitmask) != 0) { - ndpi_struct->callback_buffer_tcp_no_payload[a].func(ndpi_struct, flow); + ndpi_str->callback_buffer_tcp_no_payload[a].func(ndpi_str, flow); if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) break; /* Stop after detecting the first protocol */ @@ -3971,20 +3948,20 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************* */ -void ndpi_check_flow_func(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_check_flow_func(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, NDPI_SELECTION_BITMASK_PROTOCOL_SIZE *ndpi_selection_packet) { if(flow->packet.tcp != NULL) - check_ndpi_tcp_flow_func(ndpi_struct, flow, ndpi_selection_packet); + check_ndpi_tcp_flow_func(ndpi_str, flow, ndpi_selection_packet); else if(flow->packet.udp != NULL) - check_ndpi_udp_flow_func(ndpi_struct, flow, ndpi_selection_packet); + check_ndpi_udp_flow_func(ndpi_str, flow, ndpi_selection_packet); else - check_ndpi_other_flow_func(ndpi_struct, flow, ndpi_selection_packet); + check_ndpi_other_flow_func(ndpi_str, flow, ndpi_selection_packet); } /* ********************************************************************************* */ -u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, +u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { u_int16_t ret = NDPI_PROTOCOL_UNKNOWN; @@ -3994,11 +3971,11 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_ addr.s_addr = flow->packet.iph->saddr; /* guess host protocol */ - ret = ndpi_network_ptree_match(ndpi_struct, &addr); + ret = ndpi_network_ptree_match(ndpi_str, &addr); if(ret == NDPI_PROTOCOL_UNKNOWN) { addr.s_addr = flow->packet.iph->daddr; - ret = ndpi_network_ptree_match(ndpi_struct, &addr); + ret = ndpi_network_ptree_match(ndpi_str, &addr); } } @@ -4007,13 +3984,13 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_ /* ********************************************************************************* */ -static ndpi_protocol ndpi_process_partial_detection(struct ndpi_detection_module_struct *ndpi_struct, +static ndpi_protocol ndpi_process_partial_detection(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { ndpi_protocol ret; ndpi_protocol_match_result ret_match; ret.master_protocol = flow->guessed_protocol_id; - ret.app_protocol = ndpi_match_host_subprotocol(ndpi_struct, flow, + ret.app_protocol = ndpi_match_host_subprotocol(ndpi_str, flow, (char *)flow->host_server_name, strlen((const char*)flow->host_server_name), &ret_match, @@ -4027,9 +4004,9 @@ static ndpi_protocol ndpi_process_partial_detection(struct ndpi_detection_module if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) ret.app_protocol = ret.master_protocol; - ndpi_fill_protocol_category(ndpi_struct, flow, &ret); + ndpi_fill_protocol_category(ndpi_str, flow, &ret); - ndpi_int_change_protocol(ndpi_struct, flow, ret.app_protocol, ret.master_protocol); + ndpi_int_change_protocol(ndpi_str, flow, ret.app_protocol, ret.master_protocol); return(ret); } @@ -4040,18 +4017,18 @@ static ndpi_protocol ndpi_process_partial_detection(struct ndpi_detection_module You can call this function at any time in case of unknown match to see if there is a partial match that has been prevented by the current nDPI preferences configuration */ -ndpi_protocol ndpi_get_partial_detection(struct ndpi_detection_module_struct *ndpi_struct, +ndpi_protocol ndpi_get_partial_detection(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { if((flow->guessed_protocol_id == NDPI_PROTOCOL_HTTP) - && (ndpi_struct->http_dont_dissect_response == 0) + && (ndpi_str->http_dont_dissect_response == 0) && (flow->host_server_name[0] != '\0') && (!NDPI_ISSET(&flow->excluded_protocol_bitmask, flow->guessed_host_protocol_id))) - return(ndpi_process_partial_detection(ndpi_struct, flow)); + return(ndpi_process_partial_detection(ndpi_str, flow)); else if((flow->guessed_protocol_id == NDPI_PROTOCOL_DNS) - && (ndpi_struct->dns_dont_dissect_response == 0) + && (ndpi_str->dns_dont_dissect_response == 0) && (flow->host_server_name[0] != '\0') && (!NDPI_ISSET(&flow->excluded_protocol_bitmask, flow->guessed_host_protocol_id))) - return(ndpi_process_partial_detection(ndpi_struct, flow)); + return(ndpi_process_partial_detection(ndpi_str, flow)); else { ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, @@ -4065,7 +4042,7 @@ ndpi_protocol ndpi_get_partial_detection(struct ndpi_detection_module_struct *nd /* ********************************************************************************* */ -ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, +ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int8_t enable_guess) { ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED }; @@ -4089,12 +4066,12 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st else if((flow->guessed_protocol_id == NDPI_PROTOCOL_HANGOUT_DUO) || (flow->guessed_protocol_id == NDPI_PROTOCOL_MESSENGER) || (flow->guessed_protocol_id == NDPI_PROTOCOL_WHATSAPP_CALL)) - ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_protocol_id, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_str, flow, flow->guessed_protocol_id, NDPI_PROTOCOL_UNKNOWN); else if((flow->l4.tcp.tls_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TLS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_str, flow, NDPI_PROTOCOL_TLS, NDPI_PROTOCOL_UNKNOWN); } else { - ndpi_protocol ret_g = ndpi_get_partial_detection(ndpi_struct, flow); + ndpi_protocol ret_g = ndpi_get_partial_detection(ndpi_str, flow); if(ret_g.master_protocol != NDPI_PROTOCOL_UNKNOWN) return(ret_g); @@ -4136,7 +4113,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if(flow->host_server_name[0] != '\0') { ndpi_protocol_match_result ret_match; - ndpi_match_host_subprotocol(ndpi_struct, flow, + ndpi_match_host_subprotocol(ndpi_str, flow, (char *)flow->host_server_name, strlen((const char*)flow->host_server_name), &ret_match, @@ -4146,7 +4123,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st guessed_host_protocol_id = ret_match.protocol_id; } - ndpi_int_change_protocol(ndpi_struct, flow, + ndpi_int_change_protocol(ndpi_str, flow, guessed_host_protocol_id, guessed_protocol_id); } @@ -4164,7 +4141,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st check_stun_export: if(flow->protos.stun_ssl.stun.num_processed_pkts || flow->protos.stun_ssl.stun.num_udp_pkts) { // if(/* (flow->protos.stun_ssl.stun.num_processed_pkts >= NDPI_MIN_NUM_STUN_DETECTION) */ - ndpi_set_detected_protocol(ndpi_struct, flow, + ndpi_set_detected_protocol(ndpi_str, flow, flow->guessed_host_protocol_id, NDPI_PROTOCOL_STUN); } @@ -4190,7 +4167,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st && flow->packet.iph /* Guess only IPv4 */ && (flow->packet.tcp || flow->packet.udp) ) - ret = ndpi_guess_undetected_protocol(ndpi_struct, + ret = ndpi_guess_undetected_protocol(ndpi_str, flow, flow->packet.l4_protocol, ntohl(flow->packet.iph->saddr), @@ -4199,14 +4176,14 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st ntohs(flow->packet.udp ? flow->packet.udp->dest : flow->packet.tcp->dest) ); - ndpi_fill_protocol_category(ndpi_struct, flow, &ret); + ndpi_fill_protocol_category(ndpi_str, flow, &ret); return(ret); } /* ********************************************************************************* */ -void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, const unsigned char *packet, const unsigned short packetlen, @@ -4224,23 +4201,23 @@ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, } flow->packet.tick_timestamp_l = current_tick_l; - flow->packet.tick_timestamp = (u_int32_t)(current_tick_l/ndpi_struct->ticks_per_second); + flow->packet.tick_timestamp = (u_int32_t)(current_tick_l/ndpi_str->ticks_per_second); /* parse packet */ flow->packet.iph = (struct ndpi_iphdr *)packet; /* we are interested in ipv4 packet */ /* set up the packet headers for the extra packet function to use if it wants */ - if(ndpi_init_packet_header(ndpi_struct, flow, packetlen) != 0) + if(ndpi_init_packet_header(ndpi_str, flow, packetlen) != 0) return; /* detect traffic for tcp or udp only */ flow->src = src, flow->dst = dst; - ndpi_connection_tracking(ndpi_struct, flow); + ndpi_connection_tracking(ndpi_str, flow); /* call the extra packet function (which may add more data/info to flow) */ if(flow->extra_packets_func) { - if((flow->extra_packets_func(ndpi_struct, flow)) == 0) + if((flow->extra_packets_func(ndpi_str, flow)) == 0) flow->check_extra_packets = 0; } @@ -4249,7 +4226,7 @@ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************* */ -void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_str, char *ip_address_and_mask, ndpi_protocol_category_t category) { patricia_node_t *node; struct in_addr pin; @@ -4265,7 +4242,7 @@ void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_struct, inet_pton(AF_INET, ip_address_and_mask, &pin); - if((node = add_to_ptree(ndpi_struct->custom_categories.ipAddresses_shadow, + if((node = add_to_ptree(ndpi_str->custom_categories.ipAddresses_shadow, AF_INET, &pin, bits)) != NULL) node->value.user_value = (int)category; } @@ -4280,54 +4257,45 @@ void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_struct, * cannot be recycled across multiple ndpi_load_hostname_category() calls * */ -int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct, +int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_str, char *name, ndpi_protocol_category_t category) { + AC_PATTERN_t ac_pattern; + if(name == NULL) return(-1); - if(!ndpi_struct->enable_category_substring_match) { - if(ndpi_struct->custom_categories.hostnames_hash == NULL) - ndpi_struct->custom_categories.hostnames_hash = (void*)ht_create(65536); - - if(ndpi_struct->custom_categories.hostnames_hash) - ht_set((hashtable_t*)ndpi_struct->custom_categories.hostnames_hash, name, (u_int16_t)category); - - return(0); - } else { - AC_PATTERN_t ac_pattern; - - /* printf("===> Loading %s as %u\n", name, category); */ +#if 0 + printf("===> %s() Loading %s as %u\n", __FUNCTION__, name, category); +#endif memset(&ac_pattern, 0, sizeof(ac_pattern)); #ifdef HAVE_HYPERSCAN { - struct hs_list *h = (struct hs_list*)malloc(sizeof(struct hs_list)); + struct hs_list *h = (struct hs_list*)ndpi_malloc(sizeof(struct hs_list)); if(h) { - h->expression = ndpi_strdup(name), h->id = (unsigned int)category; if(h->expression == NULL) { - free(h); + ndpi_free(h); return(-2); } - h->next = ndpi_struct->custom_categories.to_load; - ndpi_struct->custom_categories.to_load = h; - ndpi_struct->custom_categories.num_to_load++; + h->next = ndpi_str->custom_categories.to_load; + ndpi_str->custom_categories.to_load = h; + ndpi_str->custom_categories.num_to_load++; } else return(-1); } #else - if(ndpi_struct->custom_categories.hostnames_shadow.ac_automa == NULL) + if(ndpi_str->custom_categories.hostnames_shadow.ac_automa == NULL) return(-1); ac_pattern.astring = name, ac_pattern.length = strlen(ac_pattern.astring); ac_pattern.rep.number = (int)category; - ac_automata_add(ndpi_struct->custom_categories.hostnames_shadow.ac_automa, &ac_pattern); + ac_automata_add(ndpi_str->custom_categories.hostnames_shadow.ac_automa, &ac_pattern); #endif - } return(0); } @@ -4335,80 +4303,84 @@ int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct /* ********************************************************************************* */ int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str) { - if(!ndpi_str->enable_category_substring_match) { - ; /* Nothing to do */ - } else { + int i; + + /* First add the nDPI known categories matches */ + for(i=0; category_match[i].string_to_match != NULL; i++) + ndpi_load_hostname_category(ndpi_str, + category_match[i].string_to_match, + category_match[i].protocol_category); + #ifdef HAVE_HYPERSCAN - if(ndpi_str->custom_categories.num_to_load > 0) { - const char **expressions; - unsigned int *ids, i; - int rc; - struct hs_list *head = ndpi_str->custom_categories.to_load; - - expressions = (const char**)calloc(sizeof(char*), - ndpi_str->custom_categories.num_to_load+1); - if(!expressions) return(-1); - - ids = (unsigned int*)calloc(sizeof(unsigned int), - ndpi_str->custom_categories.num_to_load+1); - if(!ids) { - free(expressions); - return(-1); - } + if(ndpi_str->custom_categories.num_to_load > 0) { + const char **expressions; + unsigned int *ids, i; + int rc; + struct hs_list *head = ndpi_str->custom_categories.to_load; + + expressions = (const char**)ndpi_calloc(sizeof(char*), + ndpi_str->custom_categories.num_to_load+1); + if(!expressions) return(-1); + + ids = (unsigned int*)ndpi_calloc(sizeof(unsigned int), + ndpi_str->custom_categories.num_to_load+1); + if(!ids) { + ndpi_free(expressions); + return(-1); + } - for(i=0; head != NULL; i++) { + for(i=0; head != NULL; i++) { #ifdef DEBUG - printf("[HS] Loading category %u for %s\n", head->id, head->expression); + printf("[HS] Loading category %u for %s\n", head->id, head->expression); #endif - expressions[i] = head->expression, ids[i] = head->id; - head = head->next; - } + expressions[i] = head->expression, ids[i] = head->id; + head = head->next; + } - free_hyperscan_memory(ndpi_str->custom_categories.hostnames); - ndpi_str->custom_categories.hostnames = (struct hs*)malloc(sizeof(struct hs)); + free_hyperscan_memory(ndpi_str->custom_categories.hostnames); + ndpi_str->custom_categories.hostnames = (struct hs*)ndpi_malloc(sizeof(struct hs)); - if(ndpi_str->custom_categories.hostnames == NULL) { - free(expressions); - free(ids); - return(-1); /* Failed */ - } + if(ndpi_str->custom_categories.hostnames == NULL) { + ndpi_free(expressions); + ndpi_free(ids); + return(-1); /* Failed */ + } - rc = hyperscan_load_patterns(ndpi_str->custom_categories.hostnames, - ndpi_str->custom_categories.num_to_load, - expressions, ids); - free(expressions), free(ids); + rc = hyperscan_load_patterns(ndpi_str->custom_categories.hostnames, + ndpi_str->custom_categories.num_to_load, + expressions, ids); + ndpi_free(expressions), ndpi_free(ids); - head = ndpi_str->custom_categories.to_load; - while(head != NULL) { - struct hs_list *next = head->next; + head = ndpi_str->custom_categories.to_load; + while(head != NULL) { + struct hs_list *next = head->next; - free(head->expression); - free(head); + ndpi_free(head->expression); + ndpi_free(head); - head = next; - } + head = next; + } - ndpi_str->custom_categories.to_load = NULL; + ndpi_str->custom_categories.to_load = NULL; - if(rc < 0) { - free(ndpi_str->custom_categories.hostnames); - ndpi_str->custom_categories.hostnames = NULL; - } + if(rc < 0) { + ndpi_free(ndpi_str->custom_categories.hostnames); + ndpi_str->custom_categories.hostnames = NULL; } + } #else - /* Free */ - ac_automata_release((AC_AUTOMATA_t*)ndpi_str->custom_categories.hostnames.ac_automa); + /* Free */ + ac_automata_release((AC_AUTOMATA_t*)ndpi_str->custom_categories.hostnames.ac_automa); - /* Finalize */ - ac_automata_finalize((AC_AUTOMATA_t*)ndpi_str->custom_categories.hostnames_shadow.ac_automa); + /* Finalize */ + ac_automata_finalize((AC_AUTOMATA_t*)ndpi_str->custom_categories.hostnames_shadow.ac_automa); - /* Swap */ - ndpi_str->custom_categories.hostnames.ac_automa = ndpi_str->custom_categories.hostnames_shadow.ac_automa; + /* Swap */ + ndpi_str->custom_categories.hostnames.ac_automa = ndpi_str->custom_categories.hostnames_shadow.ac_automa; - /* Realloc */ - ndpi_str->custom_categories.hostnames_shadow.ac_automa = ac_automata_init(ac_match_handler); + /* Realloc */ + ndpi_str->custom_categories.hostnames_shadow.ac_automa = ac_automata_init(ac_match_handler); #endif - } if(ndpi_str->custom_categories.ipAddresses != NULL) ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_str->custom_categories.ipAddresses, @@ -4424,42 +4396,42 @@ int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str) /* ********************************************************************************* */ -int ndpi_fill_ip_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, +int ndpi_fill_ip_protocol_category(struct ndpi_detection_module_struct *ndpi_str, u_int32_t saddr, u_int32_t daddr, ndpi_protocol *ret) { - if(ndpi_struct->custom_categories.categories_loaded) { + if(ndpi_str->custom_categories.categories_loaded) { prefix_t prefix; patricia_node_t *node; /* Make sure all in network byte order otherwise compares wont work */ fill_prefix_v4(&prefix, (struct in_addr *)&saddr, - 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits); - node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix); + 32, ((patricia_tree_t*)ndpi_str->protocols_ptree)->maxbits); + node = ndpi_patricia_search_best(ndpi_str->custom_categories.ipAddresses, &prefix); if(!node) { fill_prefix_v4(&prefix, (struct in_addr *)&daddr, - 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits); - node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix); + 32, ((patricia_tree_t*)ndpi_str->protocols_ptree)->maxbits); + node = ndpi_patricia_search_best(ndpi_str->custom_categories.ipAddresses, &prefix); } if(node) { ret->category = (ndpi_protocol_category_t)node->value.user_value; - return 1; + return(1); } } - ret->category = ndpi_get_proto_category(ndpi_struct, *ret); + ret->category = ndpi_get_proto_category(ndpi_str, *ret); - return 0; + return(0); } /* ********************************************************************************* */ -void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_protocol *ret) { - if(ndpi_struct->custom_categories.categories_loaded) { + if(ndpi_str->custom_categories.categories_loaded) { if(flow->guessed_header_category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) { flow->category = ret->category = flow->guessed_header_category; return; @@ -4467,7 +4439,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc if(flow->host_server_name[0] != '\0') { unsigned long id; - int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->host_server_name, &id); + int rc = ndpi_match_custom_category(ndpi_str, (char *)flow->host_server_name, &id); if(rc == 0) { flow->category = ret->category = (ndpi_protocol_category_t)id; @@ -4477,7 +4449,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc if((flow->l4.tcp.tls_seen_client_cert == 1) && (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0')) { unsigned long id; - int rc = ndpi_match_custom_category(ndpi_struct, + int rc = ndpi_match_custom_category(ndpi_str, (char *)flow->protos.stun_ssl.ssl.client_certificate, &id); @@ -4488,7 +4460,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc } } - flow->category = ret->category = ndpi_get_proto_category(ndpi_struct, *ret); + flow->category = ret->category = ndpi_get_proto_category(ndpi_str, *ret); } /* ********************************************************************************* */ @@ -4531,7 +4503,7 @@ static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet) { /* ********************************************************************************* */ -ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct, +ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, const unsigned char *packet, const unsigned short packetlen, @@ -4542,9 +4514,9 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct u_int32_t a; ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED }; - if(ndpi_struct->ndpi_log_level >= NDPI_LOG_TRACE) + if(ndpi_str->ndpi_log_level >= NDPI_LOG_TRACE) NDPI_LOG(flow ? flow->detected_protocol_stack[0]:NDPI_PROTOCOL_UNKNOWN, - ndpi_struct, NDPI_LOG_TRACE, "START packet processing\n"); + ndpi_str, NDPI_LOG_TRACE, "START packet processing\n"); if(flow == NULL) return(ret); @@ -4567,7 +4539,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct && (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_TLS) */ ) { - ndpi_process_extra_packet(ndpi_struct, flow, packet, packetlen, current_tick_l, src, dst); + ndpi_process_extra_packet(ndpi_str, flow, packet, packetlen, current_tick_l, src, dst); return(ret); } else @@ -4582,19 +4554,19 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct } flow->packet.tick_timestamp_l = current_tick_l; - flow->packet.tick_timestamp = (u_int32_t)(current_tick_l/ndpi_struct->ticks_per_second); + flow->packet.tick_timestamp = (u_int32_t)(current_tick_l/ndpi_str->ticks_per_second); /* parse packet */ flow->packet.iph = (struct ndpi_iphdr *)packet; /* we are interested in ipv4 packet */ - if(ndpi_init_packet_header(ndpi_struct, flow, packetlen) != 0) + if(ndpi_init_packet_header(ndpi_str, flow, packetlen) != 0) goto invalidate_ptr; /* detect traffic for tcp or udp only */ flow->src = src, flow->dst = dst; - ndpi_connection_tracking(ndpi_struct, flow); + ndpi_connection_tracking(ndpi_str, flow); /* build ndpi_selection packet bitmask */ ndpi_selection_packet = NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC; @@ -4646,11 +4618,11 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct else sport = dport = 0; /* guess protocol */ - flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, flow, protocol, sport, dport, &user_defined_proto); - flow->guessed_host_protocol_id = ndpi_guess_host_protocol_id(ndpi_struct, flow); + flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_str, flow, protocol, sport, dport, &user_defined_proto); + flow->guessed_host_protocol_id = ndpi_guess_host_protocol_id(ndpi_str, flow); - if(ndpi_struct->custom_categories.categories_loaded && flow->packet.iph) { - ndpi_fill_ip_protocol_category(ndpi_struct, flow->packet.iph->saddr, flow->packet.iph->daddr, &ret); + if(ndpi_str->custom_categories.categories_loaded && flow->packet.iph) { + ndpi_fill_ip_protocol_category(ndpi_str, flow->packet.iph->saddr, flow->packet.iph->daddr, &ret); flow->guessed_header_category = ret.category; } else flow->guessed_header_category = NDPI_PROTOCOL_CATEGORY_UNSPECIFIED; @@ -4659,7 +4631,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct /* This is a custom protocol and it has priority over everything else */ ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_protocol_id ? flow->guessed_protocol_id : flow->guessed_host_protocol_id; - ndpi_fill_protocol_category(ndpi_struct, flow, &ret); + ndpi_fill_protocol_category(ndpi_str, flow, &ret); goto invalidate_ptr; } @@ -4667,10 +4639,10 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->packet.iph) { if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) { /* ret.master_protocol = flow->guessed_protocol_id , ret.app_protocol = flow->guessed_host_protocol_id; /\* ****** *\/ */ - ret = ndpi_detection_giveup(ndpi_struct, flow, 0); + ret = ndpi_detection_giveup(ndpi_str, flow, 0); } - ndpi_fill_protocol_category(ndpi_struct, flow, &ret); + ndpi_fill_protocol_category(ndpi_str, flow, &ret); goto invalidate_ptr; } } else { @@ -4679,11 +4651,11 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct struct in_addr addr; addr.s_addr = flow->packet.iph->saddr; - flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, &addr); + flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_str, &addr); if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) { addr.s_addr = flow->packet.iph->daddr; - flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, &addr); + flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_str, &addr); } } } @@ -4714,15 +4686,15 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct } } - ndpi_check_flow_func(ndpi_struct, flow, &ndpi_selection_packet); - ndpi_fill_protocol_category(ndpi_struct, flow, &ret); + ndpi_check_flow_func(ndpi_str, flow, &ndpi_selection_packet); + ndpi_fill_protocol_category(ndpi_str, flow, &ret); goto invalidate_ptr; } - ndpi_check_flow_func(ndpi_struct, flow, &ndpi_selection_packet); + ndpi_check_flow_func(ndpi_str, flow, &ndpi_selection_packet); a = flow->packet.detected_protocol_stack[0]; - if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, a) == 0) + if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_str->detection_bitmask, a) == 0) a = NDPI_PROTOCOL_UNKNOWN; if(a != NDPI_PROTOCOL_UNKNOWN) { @@ -4749,10 +4721,10 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct /* Don;t overwrite the category if already set */ if(flow->category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) - ndpi_fill_protocol_category(ndpi_struct, flow, &ret); + ndpi_fill_protocol_category(ndpi_str, flow, &ret); else ret.category = flow->category; - + if((flow->num_processed_pkts == 1) && (ret.master_protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) @@ -4768,7 +4740,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct We don't see how future packets can match anything hence we giveup here */ - ret = ndpi_detection_giveup(ndpi_struct, flow, 0); + ret = ndpi_detection_giveup(ndpi_str, flow, 0); } invalidate_ptr: @@ -4788,15 +4760,17 @@ u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to { u_int32_t val; val = 0; + // cancel if eof, ' ' or line end chars are reached - while (*str >= '0' && *str <= '9' && max_chars_to_read > 0) { + while(*str >= '0' && *str <= '9' && max_chars_to_read > 0) { val *= 10; val += *str - '0'; str++; max_chars_to_read = max_chars_to_read - 1; *bytes_read = *bytes_read + 1; } - return (val); + + return(val); } /* ********************************************************************************* */ @@ -4807,14 +4781,14 @@ u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t m u_int32_t val; val = 0; if(max_chars_to_read <= 2 || str[0] != '0' || str[1] != 'x') { - return ndpi_bytestream_to_number(str, max_chars_to_read, bytes_read); + return(ndpi_bytestream_to_number(str, max_chars_to_read, bytes_read)); } else { /*use base 16 system */ str += 2; max_chars_to_read -= 2; *bytes_read = *bytes_read + 2; - while (max_chars_to_read > 0) { + while(max_chars_to_read > 0) { if(*str >= '0' && *str <= '9') { val *= 16; val += *str - '0'; @@ -4832,7 +4806,8 @@ u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t m *bytes_read = *bytes_read + 1; } } - return (val); + + return(val); } #endif @@ -4844,14 +4819,14 @@ u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_ u_int64_t val; val = 0; // cancel if eof, ' ' or line end chars are reached - while (max_chars_to_read > 0 && *str >= '0' && *str <= '9') { + while(max_chars_to_read > 0 && *str >= '0' && *str <= '9') { val *= 10; val += *str - '0'; str++; max_chars_to_read = max_chars_to_read - 1; *bytes_read = *bytes_read + 1; } - return (val); + return(val); } /* ********************************************************************************* */ @@ -4861,13 +4836,13 @@ u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t u_int64_t val; val = 0; if(max_chars_to_read <= 2 || str[0] != '0' || str[1] != 'x') { - return ndpi_bytestream_to_number64(str, max_chars_to_read, bytes_read); + return(ndpi_bytestream_to_number64(str, max_chars_to_read, bytes_read)); } else { /*use base 16 system */ str += 2; max_chars_to_read -= 2; *bytes_read = *bytes_read + 2; - while (max_chars_to_read > 0) { + while(max_chars_to_read > 0) { if(*str >= '0' && *str <= '9') { val *= 16; @@ -4886,7 +4861,7 @@ u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t *bytes_read = *bytes_read + 1; } } - return (val); + return(val); } /* ********************************************************************************* */ @@ -4901,36 +4876,36 @@ u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_r oldread = read; c = ndpi_bytestream_to_number(str, max_chars_to_read, &read); if(c > 255 || oldread == read || max_chars_to_read == read || str[read] != '.') - return 0; + return(0); read++; val = c << 24; oldread = read; c = ndpi_bytestream_to_number(&str[read], max_chars_to_read - read, &read); if(c > 255 || oldread == read || max_chars_to_read == read || str[read] != '.') - return 0; + return(0); read++; val = val + (c << 16); oldread = read; c = ndpi_bytestream_to_number(&str[read], max_chars_to_read - read, &read); if(c > 255 || oldread == read || max_chars_to_read == read || str[read] != '.') - return 0; + return(0); read++; val = val + (c << 8); oldread = read; c = ndpi_bytestream_to_number(&str[read], max_chars_to_read - read, &read); if(c > 255 || oldread == read || max_chars_to_read == read) - return 0; + return(0); val = val + c; *bytes_read = *bytes_read + read; - return htonl(val); + return(htonl(val)); } /* ********************************************************************************* */ /* internal function for every detection to parse one packet and to increase the info buffer */ -void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { u_int32_t a; @@ -5153,7 +5128,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc /* ********************************************************************************* */ -void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -5198,102 +5173,102 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s /* ********************************************************************************* */ -u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, +u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int16_t counter) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG_DBG2(ndpi_struct, "called ndpi_check_for_email_address\n"); + NDPI_LOG_DBG2(ndpi_str, "called ndpi_check_for_email_address\n"); if(packet->payload_packet_len > counter && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') || (packet->payload[counter] >= 'A' && packet->payload[counter] <= 'Z') || (packet->payload[counter] >= '0' && packet->payload[counter] <= '9') || packet->payload[counter] == '-' || packet->payload[counter] == '_')) { - NDPI_LOG_DBG2(ndpi_struct, "first letter\n"); + NDPI_LOG_DBG2(ndpi_str, "first letter\n"); counter++; - while (packet->payload_packet_len > counter + while(packet->payload_packet_len > counter && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') || (packet->payload[counter] >= 'A' && packet->payload[counter] <= 'Z') || (packet->payload[counter] >= '0' && packet->payload[counter] <= '9') || packet->payload[counter] == '-' || packet->payload[counter] == '_' || packet->payload[counter] == '.')) { - NDPI_LOG_DBG2(ndpi_struct, "further letter\n"); + NDPI_LOG_DBG2(ndpi_str, "further letter\n"); counter++; if(packet->payload_packet_len > counter && packet->payload[counter] == '@') { - NDPI_LOG_DBG2(ndpi_struct, "@\n"); + NDPI_LOG_DBG2(ndpi_str, "@\n"); counter++; - while (packet->payload_packet_len > counter + while(packet->payload_packet_len > counter && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') || (packet->payload[counter] >= 'A' && packet->payload[counter] <= 'Z') || (packet->payload[counter] >= '0' && packet->payload[counter] <= '9') || packet->payload[counter] == '-' || packet->payload[counter] == '_')) { - NDPI_LOG_DBG2(ndpi_struct, "letter\n"); + NDPI_LOG_DBG2(ndpi_str, "letter\n"); counter++; if(packet->payload_packet_len > counter && packet->payload[counter] == '.') { - NDPI_LOG_DBG2(ndpi_struct, ".\n"); + NDPI_LOG_DBG2(ndpi_str, ".\n"); counter++; if(packet->payload_packet_len > counter + 1 && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') && (packet->payload[counter + 1] >= 'a' && packet->payload[counter + 1] <= 'z'))) { - NDPI_LOG_DBG2(ndpi_struct, "two letters\n"); + NDPI_LOG_DBG2(ndpi_str, "two letters\n"); counter += 2; if(packet->payload_packet_len > counter && (packet->payload[counter] == ' ' || packet->payload[counter] == ';')) { - NDPI_LOG_DBG2(ndpi_struct, "whitespace1\n"); - return counter; + NDPI_LOG_DBG2(ndpi_str, "whitespace1\n"); + return(counter); } else if(packet->payload_packet_len > counter && packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') { - NDPI_LOG_DBG2(ndpi_struct, "one letter\n"); + NDPI_LOG_DBG2(ndpi_str, "one letter\n"); counter++; if(packet->payload_packet_len > counter && (packet->payload[counter] == ' ' || packet->payload[counter] == ';')) { - NDPI_LOG_DBG2(ndpi_struct, "whitespace2\n"); - return counter; + NDPI_LOG_DBG2(ndpi_str, "whitespace2\n"); + return(counter); } else if(packet->payload_packet_len > counter && packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') { counter++; if(packet->payload_packet_len > counter && (packet->payload[counter] == ' ' || packet->payload[counter] == ';')) { - NDPI_LOG_DBG2(ndpi_struct, "whitespace3\n"); - return counter; + NDPI_LOG_DBG2(ndpi_str, "whitespace3\n"); + return(counter); } else { - return 0; + return(0); } } else { - return 0; + return(0); } } else { - return 0; + return(0); } } else { - return 0; + return(0); } } } - return 0; + return(0); } } } - return 0; + return(0); } #ifdef NDPI_ENABLE_DEBUG_MESSAGES /* ********************************************************************************* */ void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct - *ndpi_struct, const char **file, const char **func, u_int32_t * line) + *ndpi_str, const char **file, const char **func, u_int32_t * line) { *file = ""; *func = ""; - if(ndpi_struct->ndpi_debug_print_file != NULL) - *file = ndpi_struct->ndpi_debug_print_file; + if(ndpi_str->ndpi_debug_print_file != NULL) + *file = ndpi_str->ndpi_debug_print_file; - if(ndpi_struct->ndpi_debug_print_function != NULL) - *func = ndpi_struct->ndpi_debug_print_function; + if(ndpi_str->ndpi_debug_print_function != NULL) + *func = ndpi_str->ndpi_debug_print_function; - *line = ndpi_struct->ndpi_debug_print_line; + *line = ndpi_str->ndpi_debug_print_line; } #endif @@ -5302,20 +5277,20 @@ void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_int8_t ** l4_return, u_int16_t * l4_len_return, u_int8_t * l4_protocol_return, u_int32_t flags) { - return ndpi_detection_get_l4_internal(NULL, l3, l3_len, - l4_return, l4_len_return, l4_protocol_return, flags); + return(ndpi_detection_get_l4_internal(NULL, l3, l3_len, + l4_return, l4_len_return, l4_protocol_return, flags)); } /* ********************************************************************************* */ -void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol) { struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; - ndpi_int_change_protocol(ndpi_struct, flow, upper_detected_protocol, lower_detected_protocol); + ndpi_int_change_protocol(ndpi_str, flow, upper_detected_protocol, lower_detected_protocol); if(src != NULL) { NDPI_ADD_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, upper_detected_protocol); @@ -5334,14 +5309,14 @@ void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct /* ********************************************************************************* */ -u_int16_t ndpi_get_flow_masterprotocol(struct ndpi_detection_module_struct *ndpi_struct, +u_int16_t ndpi_get_flow_masterprotocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { return(flow->detected_protocol_stack[1]); } /* ********************************************************************************* */ -void ndpi_int_change_flow_protocol(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_int_change_flow_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol) { @@ -5353,7 +5328,7 @@ void ndpi_int_change_flow_protocol(struct ndpi_detection_module_struct *ndpi_str /* ********************************************************************************* */ -void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol) { @@ -5378,7 +5353,7 @@ void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_s * 1.update the flow protocol stack with the new protocol * 2.update the packet protocol stack with the new protocol */ -void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol) { @@ -5393,22 +5368,22 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, && (lower_detected_protocol == NDPI_PROTOCOL_UNKNOWN)) { if((flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) && (upper_detected_protocol != flow->guessed_host_protocol_id)) { - if(ndpi_struct->proto_defaults[upper_detected_protocol].can_have_a_subprotocol) { + if(ndpi_str->proto_defaults[upper_detected_protocol].can_have_a_subprotocol) { lower_detected_protocol = upper_detected_protocol; upper_detected_protocol = flow->guessed_host_protocol_id; } } } - ndpi_int_change_flow_protocol(ndpi_struct, flow, + ndpi_int_change_flow_protocol(ndpi_str, flow, upper_detected_protocol, lower_detected_protocol); - ndpi_int_change_packet_protocol(ndpi_struct, flow, + ndpi_int_change_packet_protocol(ndpi_str, flow, upper_detected_protocol, lower_detected_protocol); } /* ********************************************************************************* */ -void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct, +void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_protocol_category_t protocol_category) { flow->category = protocol_category; @@ -5447,7 +5422,7 @@ void NDPI_PROTOCOL_IP_clear(ndpi_ip_addr_t * ip) { /* NTOP */ int NDPI_PROTOCOL_IP_is_set(const ndpi_ip_addr_t * ip) { - return memcmp(ip, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", sizeof(ndpi_ip_addr_t)) != 0; + return(memcmp(ip, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", sizeof(ndpi_ip_addr_t)) != 0); } #endif @@ -5467,16 +5442,16 @@ int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_i packet->iphv6->ip6_src.u6_addr.u6_addr32[1] == ip->ipv6.u6_addr.u6_addr32[1] && packet->iphv6->ip6_src.u6_addr.u6_addr32[2] == ip->ipv6.u6_addr.u6_addr32[2] && packet->iphv6->ip6_src.u6_addr.u6_addr32[3] == ip->ipv6.u6_addr.u6_addr32[3]) - return 1; + return(1); //else - return 0; + return(0); } #endif /* IPv4 */ if(packet->iph->saddr == ip->ipv4) - return 1; - return 0; + return(1); + return(0); } /* ********************************************************************************* */ @@ -5494,16 +5469,17 @@ int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_i packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] == ip->ipv6.u6_addr.u6_addr32[1] && packet->iphv6->ip6_dst.u6_addr.u6_addr32[2] == ip->ipv6.u6_addr.u6_addr32[2] && packet->iphv6->ip6_dst.u6_addr.u6_addr32[3] == ip->ipv6.u6_addr.u6_addr32[3]) - return 1; + return(1); //else - return 0; + return(0); } #endif /* IPv4 */ if(packet->iph->saddr == ip->ipv4) - return 1; - return 0; + return(1); + + return(0); } /* ********************************************************************************* */ @@ -5568,13 +5544,13 @@ char *ndpi_get_ip_string(const ndpi_ip_addr_t * ip, char *buf, u_int buf_len) { if(inet_ntop(AF_INET6, &ip->ipv6.u6_addr, buf, buf_len) == NULL) buf[0] = '\0'; - return buf; + return(buf); } #endif snprintf(buf, buf_len, "%u.%u.%u.%u", a[0], a[1], a[2], a[3]); - return buf; + return(buf); } @@ -5604,7 +5580,7 @@ u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read) { u_int16_t val = ndpi_bytestream_to_number(str, max_chars_to_read, bytes_read); - return ntohs(val); + return(ntohs(val)); } /* ****************************************************** */ @@ -5621,7 +5597,7 @@ u_int16_t ndpi_get_lower_proto(ndpi_protocol proto) { /* ****************************************************** */ -ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, +ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int8_t proto, u_int32_t shost /* host byte order */, u_int16_t sport, @@ -5632,7 +5608,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct u_int8_t user_defined_proto; if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) { - rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, flow, proto, shost, dhost, sport, dport); + rc = ndpi_search_tcp_or_udp_raw(ndpi_str, flow, proto, shost, dhost, sport, dport); if(rc != NDPI_PROTOCOL_UNKNOWN) { if(flow && (proto == IPPROTO_UDP) @@ -5641,18 +5617,18 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct ; else { ret.app_protocol = rc, - ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, flow, proto, sport, + ret.master_protocol = ndpi_guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); if(ret.app_protocol == ret.master_protocol) ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; - ret.category = ndpi_get_proto_category(ndpi_struct, ret); + ret.category = ndpi_get_proto_category(ndpi_str, ret); return(ret); } } - rc = ndpi_guess_protocol_id(ndpi_struct, flow, proto, sport, dport, &user_defined_proto); + rc = ndpi_guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); if(rc != NDPI_PROTOCOL_UNKNOWN) { if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc) @@ -5664,7 +5640,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct if(rc == NDPI_PROTOCOL_TLS) goto check_guessed_skype; else { - ret.category = ndpi_get_proto_category(ndpi_struct, ret); + ret.category = ndpi_get_proto_category(ndpi_str, ret); return(ret); } } @@ -5672,24 +5648,24 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct check_guessed_skype: addr.s_addr = htonl(shost); - if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE) { + if(ndpi_network_ptree_match(ndpi_str, &addr) == NDPI_PROTOCOL_SKYPE) { ret.app_protocol = NDPI_PROTOCOL_SKYPE; } else { addr.s_addr = htonl(dhost); - if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE) + if(ndpi_network_ptree_match(ndpi_str, &addr) == NDPI_PROTOCOL_SKYPE) ret.app_protocol = NDPI_PROTOCOL_SKYPE; } } else - ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, flow, proto, sport, + ret.app_protocol = ndpi_guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); - ret.category = ndpi_get_proto_category(ndpi_struct, ret); + ret.category = ndpi_get_proto_category(ndpi_str, ret); return(ret); } /* ****************************************************** */ -char* ndpi_protocol2id(struct ndpi_detection_module_struct *ndpi_mod, +char* ndpi_protocol2id(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol proto, char *buf, u_int buf_len) { if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) && (proto.master_protocol != proto.app_protocol)) { @@ -5706,20 +5682,20 @@ char* ndpi_protocol2id(struct ndpi_detection_module_struct *ndpi_mod, /* ****************************************************** */ -char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, +char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol proto, char *buf, u_int buf_len) { if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) && (proto.master_protocol != proto.app_protocol)) { if(proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) snprintf(buf, buf_len, "%s.%s", - ndpi_get_proto_name(ndpi_mod, proto.master_protocol), - ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); + ndpi_get_proto_name(ndpi_str, proto.master_protocol), + ndpi_get_proto_name(ndpi_str, proto.app_protocol)); else snprintf(buf, buf_len, "%s", - ndpi_get_proto_name(ndpi_mod, proto.master_protocol)); + ndpi_get_proto_name(ndpi_str, proto.master_protocol)); } else snprintf(buf, buf_len, "%s", - ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); + ndpi_get_proto_name(ndpi_str, proto.app_protocol)); return(buf); } @@ -5744,30 +5720,30 @@ int ndpi_is_custom_category(ndpi_protocol_category_t category) { /* ****************************************************** */ -void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_mod, +void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol_category_t category, char *name) { if(!name) return; switch(category) { case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: - snprintf(ndpi_mod->custom_category_labels[0], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + snprintf(ndpi_str->custom_category_labels[0], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: - snprintf(ndpi_mod->custom_category_labels[1], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + snprintf(ndpi_str->custom_category_labels[1], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: - snprintf(ndpi_mod->custom_category_labels[2], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + snprintf(ndpi_str->custom_category_labels[2], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: - snprintf(ndpi_mod->custom_category_labels[3], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + snprintf(ndpi_str->custom_category_labels[3], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: - snprintf(ndpi_mod->custom_category_labels[4], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + snprintf(ndpi_str->custom_category_labels[4], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); break; default: @@ -5777,12 +5753,12 @@ void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_mod, /* ****************************************************** */ -const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod, +const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol_category_t category) { - if((!ndpi_mod) || (category >= NDPI_PROTOCOL_NUM_CATEGORIES)) { + if((!ndpi_str) || (category >= NDPI_PROTOCOL_NUM_CATEGORIES)) { static char b[24]; - if(!ndpi_mod) + if(!ndpi_str) snprintf(b, sizeof(b), "NULL nDPI"); else snprintf(b, sizeof(b), "Invalid category %d", (int)category); @@ -5792,15 +5768,15 @@ const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod if((category >= NDPI_PROTOCOL_CATEGORY_CUSTOM_1) && (category <= NDPI_PROTOCOL_CATEGORY_CUSTOM_5)) { switch(category) { case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: - return(ndpi_mod->custom_category_labels[0]); + return(ndpi_str->custom_category_labels[0]); case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: - return(ndpi_mod->custom_category_labels[1]); + return(ndpi_str->custom_category_labels[1]); case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: - return(ndpi_mod->custom_category_labels[2]); + return(ndpi_str->custom_category_labels[2]); case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: - return(ndpi_mod->custom_category_labels[3]); + return(ndpi_str->custom_category_labels[3]); case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: - return(ndpi_mod->custom_category_labels[4]); + return(ndpi_str->custom_category_labels[4]); case NDPI_PROTOCOL_NUM_CATEGORIES: return("Code should not use this internal constant"); default: @@ -5812,44 +5788,45 @@ const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod /* ****************************************************** */ -ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_struct *ndpi_mod, +ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol proto) { if(proto.category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) - return proto.category; + return(proto.category); + /* simple rule: sub protocol first, master after */ else if((proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) || - (ndpi_mod->proto_defaults[proto.app_protocol].protoCategory != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) - return ndpi_mod->proto_defaults[proto.app_protocol].protoCategory; + (ndpi_str->proto_defaults[proto.app_protocol].protoCategory != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) + return(ndpi_str->proto_defaults[proto.app_protocol].protoCategory); else - return ndpi_mod->proto_defaults[proto.master_protocol].protoCategory; + return(ndpi_str->proto_defaults[proto.master_protocol].protoCategory); } /* ****************************************************** */ -char* ndpi_get_proto_name(struct ndpi_detection_module_struct *ndpi_mod, u_int16_t proto_id) { - if((proto_id >= ndpi_mod->ndpi_num_supported_protocols) +char* ndpi_get_proto_name(struct ndpi_detection_module_struct *ndpi_str, u_int16_t proto_id) { + if((proto_id >= ndpi_str->ndpi_num_supported_protocols) || (proto_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) - || (ndpi_mod->proto_defaults[proto_id].protoName == NULL)) + || (ndpi_str->proto_defaults[proto_id].protoName == NULL)) proto_id = NDPI_PROTOCOL_UNKNOWN; - return(ndpi_mod->proto_defaults[proto_id].protoName); + return(ndpi_str->proto_defaults[proto_id].protoName); } /* ****************************************************** */ -ndpi_protocol_breed_t ndpi_get_proto_breed(struct ndpi_detection_module_struct *ndpi_mod, +ndpi_protocol_breed_t ndpi_get_proto_breed(struct ndpi_detection_module_struct *ndpi_str, u_int16_t proto_id) { - if((proto_id >= ndpi_mod->ndpi_num_supported_protocols) + if((proto_id >= ndpi_str->ndpi_num_supported_protocols) || (proto_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) - || (ndpi_mod->proto_defaults[proto_id].protoName == NULL)) + || (ndpi_str->proto_defaults[proto_id].protoName == NULL)) proto_id = NDPI_PROTOCOL_UNKNOWN; - return(ndpi_mod->proto_defaults[proto_id].protoBreed); + return(ndpi_str->proto_defaults[proto_id].protoBreed); } /* ****************************************************** */ -char* ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_mod, +char* ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol_breed_t breed_id) { switch(breed_id) { case NDPI_PROTOCOL_SAFE: @@ -5877,11 +5854,11 @@ char* ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_mod, /* ****************************************************** */ -int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *proto) { +int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_str, char *proto) { int i; - for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) - if(strcasecmp(proto, ndpi_mod->proto_defaults[i].protoName) == 0) + for(i=0; i<(int)ndpi_str->ndpi_num_supported_protocols; i++) + if(strcasecmp(proto, ndpi_str->proto_defaults[i].protoName) == 0) return(i); return(-1); @@ -5889,12 +5866,12 @@ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *pr /* ****************************************************** */ -int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_mod, char *cat) { +int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_str, char *cat) { int i; const char *name; for(i = 0; i < NDPI_PROTOCOL_NUM_CATEGORIES; i++) { - name = ndpi_category_get_name(ndpi_mod, i); + name = ndpi_category_get_name(ndpi_str, i); if(strcasecmp(cat, name) == 0) return(i); } @@ -5904,14 +5881,14 @@ int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_mod, char *ca /* ****************************************************** */ -void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_mod) { +void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_str) { int i; - for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) + for(i=0; i<(int)ndpi_str->ndpi_num_supported_protocols; i++) printf("%3d %-22s %-12s %s\n", i, - ndpi_mod->proto_defaults[i].protoName, - ndpi_get_proto_breed_name(ndpi_mod, ndpi_mod->proto_defaults[i].protoBreed), - ndpi_category_get_name(ndpi_mod, ndpi_mod->proto_defaults[i].protoCategory) + ndpi_str->proto_defaults[i].protoName, + ndpi_get_proto_breed_name(ndpi_str, ndpi_str->proto_defaults[i].protoBreed), + ndpi_category_get_name(ndpi_str, ndpi_str->proto_defaults[i].protoCategory) ); } @@ -5930,10 +5907,10 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) { do { do { if(slen-- < 1 || (sc = *s++) == '\0') - return (NULL); - } while (sc != c); + return(NULL); + } while(sc != c); if(len > slen) - return (NULL); + return(NULL); } while(strncmp(s, find, len) != 0); s--; } @@ -5955,14 +5932,16 @@ char* ndpi_strncasestr(const char *s, const char *find, size_t slen) { do { do { if(slen-- < 1 || (sc = *s++) == '\0') - return (NULL); - } while (sc != c); + return(NULL); + } while(sc != c); + if(len > slen) - return (NULL); - } while (strncasecmp(s, find, len) != 0); + return(NULL); + } while(strncasecmp(s, find, len) != 0); + s--; } - return ((char *)s); + return((char *)s); } /* ****************************************************** */ @@ -5971,17 +5950,17 @@ int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, const char *str, size_t str_len) { int rc = str_len <= payload_len ? memcmp(payload, str, str_len) == 0 : 0; - return rc; + return(rc); } /* ****************************************************** */ -int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, +int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_str, char *string_to_match, u_int string_to_match_len, ndpi_protocol_match_result *ret_match, u_int8_t is_host_match) { AC_TEXT_t ac_input_text; - ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa; + ndpi_automa *automa = is_host_match ? &ndpi_str->host_automa : &ndpi_str->content_automa; AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; if((automa->ac_automa == NULL) || (string_to_match_len == 0)) @@ -6012,31 +5991,31 @@ static int hyperscanEventHandler(unsigned int id, unsigned long long from, unsigned long long to, unsigned int flags, void *ctx) { *((int *)ctx) = (int)id; - NDPI_LOG_DBG2(ndpi_struct, "[NDPI] Match with: %d [from: %llu][to: %llu]\n", id, from, to); + NDPI_LOG_DBG2(ndpi_str, "[NDPI] Match with: %d [from: %llu][to: %llu]\n", id, from, to); /* return HS_SCAN_TERMINATED; */ - return 0; /* keep searching */ + return(0); /* keep searching */ } #endif /* ****************************************************** */ -static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - char *string_to_match, u_int string_to_match_len, - u_int16_t master_protocol_id, - ndpi_protocol_match_result *ret_match, - u_int8_t is_host_match) { +static u_int16_t ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_str, + struct ndpi_flow_struct *flow, + char *string_to_match, u_int string_to_match_len, + u_int16_t master_protocol_id, + ndpi_protocol_match_result *ret_match, + u_int8_t is_host_match) { int matching_protocol_id; struct ndpi_packet_struct *packet = &flow->packet; #ifndef HAVE_HYPERSCAN - matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match, + matching_protocol_id = ndpi_match_string_subprotocol(ndpi_str, string_to_match, string_to_match_len, ret_match, is_host_match); #else - struct hs *hs = (struct hs*)ndpi_struct->hyperscan; + struct hs *hs = (struct hs*)ndpi_str->hyperscan; hs_error_t status; matching_protocol_id = NDPI_PROTOCOL_UNKNOWN; @@ -6049,18 +6028,18 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str hyperscanEventHandler, &matching_protocol_id); if(status == HS_SUCCESS) { - NDPI_LOG_DBG2(ndpi_struct, "[NDPI] Hyperscan engine completed normally. Result: %s [%d][%s]\n", - ndpi_get_proto_name(ndpi_struct, matching_protocol_id), matching_protocol_id, string_to_match); + NDPI_LOG_DBG2(ndpi_str, "[NDPI] Hyperscan engine completed normally. Result: %s [%d][%s]\n", + ndpi_get_proto_name(ndpi_str, matching_protocol_id), matching_protocol_id, string_to_match); } else if(status == HS_SCAN_TERMINATED) { - NDPI_LOG_DBG2(ndpi_struct, "[NDPI] Hyperscan engine was terminated by callback. Result: %s [%d][%s]\n", - ndpi_get_proto_name(ndpi_struct, matching_protocol_id), matching_protocol_id, string_to_match); + NDPI_LOG_DBG2(ndpi_str, "[NDPI] Hyperscan engine was terminated by callback. Result: %s [%d][%s]\n", + ndpi_get_proto_name(ndpi_str, matching_protocol_id), matching_protocol_id, string_to_match); } else { - NDPI_LOG_DBG2(ndpi_struct, "[NDPI] Hyperscan returned with error.\n"); + NDPI_LOG_DBG2(ndpi_str, "[NDPI] Hyperscan returned with error.\n"); } ret_match->protocol_id = matching_protocol_id, - ret_match->protocol_category = ndpi_struct->proto_defaults[matching_protocol_id].protoCategory, - ret_match->protocol_breed = ndpi_struct->proto_defaults[matching_protocol_id].protoBreed; + ret_match->protocol_category = ndpi_str->proto_defaults[matching_protocol_id].protoCategory, + ret_match->protocol_breed = ndpi_str->proto_defaults[matching_protocol_id].protoBreed; #endif #ifdef DEBUG @@ -6071,8 +6050,8 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str strncpy(m, string_to_match, len); m[len] = '\0'; - NDPI_LOG_DBG2(ndpi_struct, "[NDPI] ndpi_match_host_subprotocol(%s): %s\n", - m, ndpi_struct->proto_defaults[matching_protocol_id].protoName); + NDPI_LOG_DBG2(ndpi_str, "[NDPI] ndpi_match_host_subprotocol(%s): %s\n", + m, ndpi_str->proto_defaults[matching_protocol_id].protoName); } #endif @@ -6092,7 +6071,7 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str #ifdef DEBUG string_to_match[string_to_match_len] = '\0'; - NDPI_LOG_DBG2(ndpi_struct, "[NTOP] Unable to find a match for '%s'\n", string_to_match); + NDPI_LOG_DBG2(ndpi_str, "[NTOP] Unable to find a match for '%s'\n", string_to_match); #endif ret_match->protocol_id = NDPI_PROTOCOL_UNKNOWN, @@ -6104,31 +6083,45 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str /* ****************************************************** */ -int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - char *string_to_match, u_int string_to_match_len, - ndpi_protocol_match_result *ret_match, - u_int16_t master_protocol_id) { - return(ndpi_automa_match_string_subprotocol(ndpi_struct, - flow, string_to_match, string_to_match_len, - master_protocol_id, ret_match, 1)); +u_int16_t ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_str, + struct ndpi_flow_struct *flow, + char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, + u_int16_t master_protocol_id) { + u_int16_t rc = ndpi_automa_match_string_subprotocol(ndpi_str, + flow, string_to_match, string_to_match_len, + master_protocol_id, ret_match, 1); + + if((flow->category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) + && (ret_match->protocol_category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) { + unsigned long id = ret_match->protocol_category; + + if(ndpi_get_custom_category_match(ndpi_str, string_to_match, &id) != -1) { + if(id != -1) { + flow->category = ret_match->protocol_category = id; + rc = master_protocol_id; + } + } + } + + return(rc); } /* ****************************************************** */ -int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - char *string_to_match, u_int string_to_match_len, - ndpi_protocol_match_result *ret_match, - u_int16_t master_protocol_id) { - return(ndpi_automa_match_string_subprotocol(ndpi_struct, flow, +u_int16_t ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_str, + struct ndpi_flow_struct *flow, + char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, + u_int16_t master_protocol_id) { + return(ndpi_automa_match_string_subprotocol(ndpi_str, flow, string_to_match, string_to_match_len, master_protocol_id, ret_match, 0)); } /* ****************************************************** */ -int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, +int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_str, ndpi_automa *automa, char *bigram_to_match) { AC_TEXT_t ac_input_text; AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; @@ -6152,7 +6145,7 @@ int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, and in this case return it */ if((rc == 0) && (match.number != 0)) rc = 1; - + return(rc ? match.number : 0); } @@ -6198,7 +6191,7 @@ int gettimeofday(struct timeval * tp, struct timezone * tzp) { tp->tv_sec = (long) ((time - EPOCH) / 10000000L); tp->tv_usec = (long) (system_time.wMilliseconds * 1000); - return 0; + return(0); } #endif @@ -6237,40 +6230,39 @@ u_int8_t ndpi_get_api_version() { return(NDPI_API_VERSION); } -ndpi_proto_defaults_t* ndpi_get_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod) { - return(ndpi_mod->proto_defaults); +ndpi_proto_defaults_t* ndpi_get_proto_defaults(struct ndpi_detection_module_struct *ndpi_str) { + return(ndpi_str->proto_defaults); } -u_int ndpi_get_ndpi_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_mod) { - return(ndpi_mod->ndpi_num_supported_protocols); +u_int ndpi_get_ndpi_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_str) { + return(ndpi_str->ndpi_num_supported_protocols); } -u_int ndpi_get_ndpi_num_custom_protocols(struct ndpi_detection_module_struct *ndpi_mod) { - return(ndpi_mod->ndpi_num_custom_protocols); +u_int ndpi_get_ndpi_num_custom_protocols(struct ndpi_detection_module_struct *ndpi_str) { + return(ndpi_str->ndpi_num_custom_protocols); } u_int ndpi_get_ndpi_detection_module_size() { return(sizeof(struct ndpi_detection_module_struct)); } -void ndpi_set_log_level(struct ndpi_detection_module_struct *ndpi_mod, u_int l) { - ndpi_mod->ndpi_log_level = l; +void ndpi_set_log_level(struct ndpi_detection_module_struct *ndpi_str, u_int l) { + ndpi_str->ndpi_log_level = l; } /* ******************************************************************** */ /* LRU cache */ - struct ndpi_lru_cache* ndpi_lru_cache_init(u_int32_t num_entries) { - struct ndpi_lru_cache *c = (struct ndpi_lru_cache*)malloc(sizeof(struct ndpi_lru_cache)); + struct ndpi_lru_cache *c = (struct ndpi_lru_cache*)ndpi_malloc(sizeof(struct ndpi_lru_cache)); if(!c) return(NULL); - c->entries = (struct ndpi_lru_cache_entry*)calloc(num_entries, - sizeof(struct ndpi_lru_cache_entry)); + c->entries = (struct ndpi_lru_cache_entry*)ndpi_calloc(num_entries, + sizeof(struct ndpi_lru_cache_entry)); if(!c->entries) { - free(c); + ndpi_free(c); return(NULL); } else c->num_entries = num_entries; @@ -6279,8 +6271,8 @@ struct ndpi_lru_cache* ndpi_lru_cache_init(u_int32_t num_entries) { } void ndpi_lru_free_cache(struct ndpi_lru_cache *c) { - free(c->entries); - free(c); + ndpi_free(c->entries); + ndpi_free(c); } u_int8_t ndpi_lru_find_cache(struct ndpi_lru_cache *c, u_int32_t key, u_int16_t *value, u_int8_t clean_key_when_found) { @@ -6333,7 +6325,7 @@ int ndpi_flowv6_flow_hash(u_int8_t l4_proto, struct ndpi_in6_addr *src_ip, struc 0 - All possible dissection has been completed 1 - Additional dissection is possible */ -u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndpi_struct, +u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { #if 0 @@ -6356,7 +6348,7 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp break; case NDPI_PROTOCOL_DNS: - if((ndpi_struct->dns_dont_dissect_response == 0) + if((ndpi_str->dns_dont_dissect_response == 0) && (flow->host_server_name[0] == '\0')) return(1); break; diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index f63da2067..f621c2be3 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1101,7 +1101,7 @@ int tlsDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s NDPI_LOG_DBG2(ndpi_struct, "***** [SSL] %s\n", certificate); #endif ndpi_protocol_match_result ret_match; - u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, + u_int16_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, strlen(certificate), &ret_match, NDPI_PROTOCOL_TLS); @@ -1117,7 +1117,7 @@ int tlsDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s ndpi_set_detected_protocol(ndpi_struct, flow, subproto, ndpi_tls_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TLS)); - return(rc); /* Fix courtesy of Gianluca Costa <g.costa@xplico.org> */ + return(rc); } if(ndpi_is_tls_tor(ndpi_struct, flow, certificate) != 0) diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 2f73a60bd..3c693cea3 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -1,6 +1,6 @@ Unknown 22 6088 12 -DNS 2 378 1 -HTTP 524 220123 9 +DNS 5 638 2 +HTTP 945 530967 19 MDNS 1 82 1 NTP 1 90 1 NetBIOS 31 3589 8 @@ -12,8 +12,7 @@ RTP 2 132 1 TLS 105 21914 7 DHCPV6 10 980 3 Facebook 19 6840 2 -Google 3 176 1 -GenericProtocol 433 311919 14 +Google 12 991 4 LLMNR 89 6799 47 JA3 Host Stats: @@ -22,13 +21,13 @@ JA3 Host Stats: 1 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7/HTTP][cat: Web/5][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144][bytes ratio: -0.836 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 199.8/326.5 862/665 238.4/185.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 58.0/1060.5 557/1078 44.0/127.3][PLAIN TEXT (GET /vlive.qq)] - 2 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2831.7/906.2 44994/45054 10886.3/6306.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 95.7/1209.9 416/1314 113.3/325.4][PLAIN TEXT (GET /video)] - 3 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2827.9/1077.1 44999/45048 10888.5/6867.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 135.6/1145.0 415/1314 149.1/400.0][PLAIN TEXT (GET /video)] - 4 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2057.6/1131.6 44748/44803 9315.9/6993.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.1/1126.9 415/1314 133.3/398.1][PLAIN TEXT (GET /video)] - 5 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com][bytes ratio: -0.887 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2514.1/1223.2 44996/45052 10303.4/7304.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 128.2/1131.9 423/1314 145.2/402.7][PLAIN TEXT (GET /video)] - 6 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.892 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20.8/6.8 194/109 51.5/22.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 87.5/1207.9 411/1314 102.3/329.2][PLAIN TEXT (GET /api/movies/mp4)] - 7 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3227.7/1737.7 44998/45046 11585.0/8661.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 100.8/1095.5 415/1314 118.8/461.2][PLAIN TEXT (GET /video)] - 8 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4519.0/2151.6 45001/45050 13494.0/9592.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.3/1099.3 415/1314 133.6/455.3][PLAIN TEXT (GET /video)] + 2 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com][bytes ratio: -0.946 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2831.7/906.2 44994/45054 10886.3/6306.9][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 95.7/1209.9 416/1314 113.3/325.4][PLAIN TEXT (GET /video)] + 3 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com][bytes ratio: -0.906 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2827.9/1077.1 44999/45048 10888.5/6867.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 135.6/1145.0 415/1314 149.1/400.0][PLAIN TEXT (GET /video)] + 4 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com][bytes ratio: -0.886 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2057.6/1131.6 44748/44803 9315.9/6993.1][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.1/1126.9 415/1314 133.3/398.1][PLAIN TEXT (GET /video)] + 5 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com][bytes ratio: -0.887 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2514.1/1223.2 44996/45052 10303.4/7304.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 128.2/1131.9 423/1314 145.2/402.7][PLAIN TEXT (GET /video)] + 6 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7/HTTP][cat: Streaming/17][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.892 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20.8/6.8 194/109 51.5/22.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 87.5/1207.9 411/1314 102.3/329.2][PLAIN TEXT (GET /api/movies/mp4)] + 7 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com][bytes ratio: -0.897 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3227.7/1737.7 44998/45046 11585.0/8661.7][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 100.8/1095.5 415/1314 118.8/461.2][PLAIN TEXT (GET /video)] + 8 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7/HTTP][cat: Streaming/17][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com][bytes ratio: -0.891 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 4519.0/2151.6 45001/45050 13494.0/9592.4][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.3/1099.3 415/1314 133.6/455.3][PLAIN TEXT (GET /video)] 9 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 66.1/75.8 349/398 102.8/110.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 235.8/538.8 499/1314 192.8/555.7][PLAIN TEXT (POST /api/proxy)] 10 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3.0/1.7 10/8 3.6/2.8][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.7/1102.8 334/1514 99.1/610.2][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)] 11 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7/HTTP][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2.6/1.4 10/6 3.9/2.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 112.7/1060.2 334/1514 99.1/619.9][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)] @@ -41,12 +40,12 @@ JA3 Host Stats: 18 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][bytes ratio: 0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 632.9/3491.7 5622/15254 1764.0/5644.3][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 178.1/210.4 1067/1055 287.5/323.1][TLSv1.2][Client: 1][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 19 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][bytes ratio: 0.075 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 674.2/1125.8 5987/5987 1878.4/2187.8][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 177.7/210.4 1067/1055 287.4/323.1][TLSv1.2][Client: 1][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] 20 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][bytes ratio: 0.077 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 674.8/1214.2 5998/5998 1882.1/2392.0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 189.5/231.9 1067/1055 298.9/340.1][TLSv1.2][Client: 1][JA3C: 618ee2509ef52bf0b8216e1564eea909][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] - 21 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14.0/12.0 47/43 19.7/18.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141.0/456.4 390/1314 143.8/511.5][PLAIN TEXT (GET /api/videos/10410.j)] + 21 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7/HTTP][cat: Streaming/17][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.338 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 14.0/12.0 47/43 19.7/18.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 141.0/456.4 390/1314 143.8/511.5][PLAIN TEXT (GET /api/videos/10410.j)] 22 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/TLS][cat: Web/5][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][bytes ratio: 0.211 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/1 675.7/1481.5 6000/6000 1882.5/2263.4][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 176.6/158.4 1051/639 283.0/188.4][TLSv1.2][Client: 1][JA3C: 799135475da362592a4be9199d258726][JA3S: 573a9f3f80037fb40d481e2054def5bb (WEAK)][Cipher: TLS_RSA_WITH_AES_128_CBC_SHA] - 23 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5638.9/15033.7 44799/45044 14801.4/21220.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139.4/366.0 468/1272 164.4/523.1][PLAIN TEXT (GET /api/videos/10410.j)] + 23 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7/HTTP][cat: Streaming/17][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi][bytes ratio: -0.024 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/4 5638.9/15033.7 44799/45044 14801.4/21220.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 139.4/366.0 468/1272 164.4/523.1][PLAIN TEXT (GET /api/videos/10410.j)] 24 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/TLS.Facebook][cat: SocialNetwork/6][5 pkts/1006 bytes <-> 5 pkts/1487 bytes][bytes ratio: -0.193 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 63.5/63.5 205/212 84.1/87.4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 201.2/297.4 471/1223 139.5/462.8] 25 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][14 pkts/2450 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2968/0 4379.2/0.0 17921/0 3992.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )] - 26 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5642.8/15047.7 44798/45064 14799.6/21224.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 140.6/245.0 474/788 166.8/313.5][PLAIN TEXT (GET /api/videos/alsolikes/10410)] + 26 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7/HTTP][cat: Streaming/17][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com][bytes ratio: 0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/9 5642.8/15047.7 44798/45064 14799.6/21224.8][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 140.6/245.0 474/788 166.8/313.5][PLAIN TEXT (GET /api/videos/alsolikes/10410)] 27 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7/HTTP][cat: Web/5][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145][bytes ratio: 0.244 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25.7/41.5 73/83 33.0/41.5][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 142.8/216.8 486/687 171.7/271.5][PLAIN TEXT (GET /vlive.qq)] 28 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][13 pkts/2275 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4931.8/0.0 15056/0 4302.8/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )] 29 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][12 pkts/2100 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2967/0 4095.6/0.0 14952/0 3433.4/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )] @@ -72,12 +71,12 @@ JA3 Host Stats: 49 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/TLS][cat: Web/5][4 pkts/220 bytes <-> 2 pkts/132 bytes][bytes ratio: 0.250 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/45002 14998.7/45002.0 44996/45002 21211.3/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 55/66 55.0/66.0 55/66 0.0/0.0] 50 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: joanna-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][PLAIN TEXT (Joanna)] 51 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: kevin-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][PLAIN TEXT (MSFT 5.07)] - 52 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] + 52 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Streaming/17][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] 53 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][cat: System/18][3 pkts/276 bytes -> 0 pkts/0 bytes][PLAIN TEXT ( FDEDCOEBFC)] - 54 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi][PLAIN TEXT (kankan)] + 54 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Streaming/17][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi][PLAIN TEXT (kankan)] 55 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][cat: Chat/9][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com] - 56 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com][PLAIN TEXT (kankan)] - 57 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.137/DNS.GenericProtocol][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com][PLAIN TEXT (kankan)] + 56 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com][PLAIN TEXT (kankan)] + 57 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5/DNS][cat: Streaming/17][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com][PLAIN TEXT (kankan)] 58 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][cat: Network/14][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad] 59 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][3 pkts/198 bytes -> 0 pkts/0 bytes] 60 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][cat: Network/14][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad][PLAIN TEXT (caesar)] diff --git a/tests/result/malware.pcap.out b/tests/result/malware.pcap.out index 6ce62b33d..6be260fc6 100644 --- a/tests/result/malware.pcap.out +++ b/tests/result/malware.pcap.out @@ -8,7 +8,7 @@ JA3 Host Stats: 1 192.168.7.7 1 - 1 TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91.225/TLS.OpenDNS][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57.1/64.1 199/249 87.3/99.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.4/651.1 571/1514 148.2/644.4][TLSv1.2][Client: www.internetbadguys.com][JA3C: f6ce47303dce394049af395fc6d0bc20][Server: api.opendns.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 1 TCP 192.168.7.7:35236 <-> 67.215.92.210:443 [proto: 91.225/TLS.OpenDNS][cat: Malware/100][11 pkts/1280 bytes <-> 9 pkts/5860 bytes][bytes ratio: -0.641 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 57.1/64.1 199/249 87.3/99.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 116.4/651.1 571/1514 148.2/644.4][TLSv1.2][Client: www.internetbadguys.com][JA3C: f6ce47303dce394049af395fc6d0bc20][Server: api.opendns.com][JA3S: 0c0aff9ccea5e7e1de5c3a0069d103f3][Organization: OpenDNS, Inc.][Certificate SHA-1: 21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C][Validity: 2018-04-26 00:00:00 - 2020-07-29 00:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 2 TCP 192.168.7.7:48394 <-> 67.215.92.210:80 [proto: 7.7/HTTP][cat: Malware/100][1 pkts/383 bytes <-> 1 pkts/98 bytes][Host: www.internetbadguys.com][PLAIN TEXT (GET / HTTP/1.1)] 3 UDP 192.168.7.7:42370 <-> 1.1.1.1:53 [proto: 5/DNS][cat: Malware/100][1 pkts/106 bytes <-> 1 pkts/110 bytes][Host: www.internetbadguys.com][PLAIN TEXT (internetbadguys)] 4 ICMP 192.168.7.7:0 -> 144.139.247.220:0 [proto: 81/ICMP][cat: Malware/100][1 pkts/98 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index b56d70282..544abe1c3 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -1,77 +1,76 @@ Unknown 990 378832 34 -HTTP 73 69236 13 +HTTP 1502 1849543 62 SSDP 63 17143 10 Google 2 1093 1 -GenericProtocol 1429 1780307 49 - 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/1.6 0/77 0.0/7.7][Pkt Len c2s/s2c min/avg/max/stddev: 303/522 303.0/1312.5 303/1314 0.0/34.0][PLAIN TEXT (GET /preimage/20160506/f0/1)] - 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/1.3 0/51 0.0/6.3][Pkt Len c2s/s2c min/avg/max/stddev: 303/180 303.0/1311.9 303/1314 0.0/49.3][PLAIN TEXT (GET /preimage/20160506/f0/1)] - 3 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com][bytes ratio: -0.998 (Download)][IAT c2s/s2c min/avg/max/stddev: 35/0 35.0/0.4 35/35 0.0/2.4][Pkt Len c2s/s2c min/avg/max/stddev: 198/566 200.0/1310.0 202/1314 2.0/50.0][PLAIN TEXT (GET /ext/common/qisu2/downloade)] + 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/1.6 0/77 0.0/7.7][Pkt Len c2s/s2c min/avg/max/stddev: 303/522 303.0/1312.5 303/1314 0.0/34.0][PLAIN TEXT (GET /preimage/20160506/f0/1)] + 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com][bytes ratio: -0.999 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/1.3 0/51 0.0/6.3][Pkt Len c2s/s2c min/avg/max/stddev: 303/180 303.0/1311.9 303/1314 0.0/49.3][PLAIN TEXT (GET /preimage/20160506/f0/1)] + 3 TCP 192.168.115.8:50505 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/400 bytes <-> 244 pkts/319633 bytes][Host: static.qiyi.com][bytes ratio: -0.998 (Download)][IAT c2s/s2c min/avg/max/stddev: 35/0 35.0/0.4 35/35 0.0/2.4][Pkt Len c2s/s2c min/avg/max/stddev: 198/566 200.0/1310.0 202/1314 2.0/50.0][PLAIN TEXT (GET /ext/common/qisu2/downloade)] 4 TCP 192.168.115.8:50491 <-> 223.26.106.66:80 [proto: 7.7/HTTP][cat: Web/5][1 pkts/426 bytes <-> 26 pkts/33872 bytes][Host: 223.26.106.66][bytes ratio: -0.975 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.4 0/3 0.0/1.0][Pkt Len c2s/s2c min/avg/max/stddev: 426/1022 426.0/1302.8 426/1314 0.0/56.2][PLAIN TEXT (GET /videos/v)] 5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7/HTTP][cat: Web/5][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com][bytes ratio: -0.149 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1273.3/1097.5 12120/12073 3617.6/3470.7][Pkt Len c2s/s2c min/avg/max/stddev: 231/536 1002.1/1239.1 1314/1314 433.8/214.6][PLAIN TEXT (POST /bc2 HTTP/1.1)] 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 46/0 373.6/0.0 2654/0 832.6/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 473/0 518.2/0.0 553/0 30.0/0.0][PLAIN TEXT (NOTIFY )] - 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com][PLAIN TEXT (GET /vi/500494600/562)] - 8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am][bytes ratio: 0.653 (Upload)][IAT c2s/s2c min/avg/max/stddev: 117/118 216.0/217.0 315/316 99.0/99.0][Pkt Len c2s/s2c min/avg/max/stddev: 946/199 948.0/199.0 952/199 2.8/0.0][PLAIN TEXT (GET /cp)] + 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com][PLAIN TEXT (GET /vi/500494600/562)] + 8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am][bytes ratio: 0.653 (Upload)][IAT c2s/s2c min/avg/max/stddev: 117/118 216.0/217.0 315/316 99.0/99.0][Pkt Len c2s/s2c min/avg/max/stddev: 946/199 948.0/199.0 952/199 2.8/0.0][PLAIN TEXT (GET /cp)] 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes][PLAIN TEXT (HTTP/1.1 200 OK)] - 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 19/19 26.7/27.0 34/35 6.1/6.5][Pkt Len c2s/s2c min/avg/max/stddev: 198/526 200.0/528.0 202/530 1.6/1.6][PLAIN TEXT (GET /ext/common/qisu2/masauto.i)] - 11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com][PLAIN TEXT (GET /20160625/a)] - 12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] - 13 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] - 14 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /track2)] - 15 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /track2)] - 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] + 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com][bytes ratio: -0.451 (Download)][IAT c2s/s2c min/avg/max/stddev: 19/19 26.7/27.0 34/35 6.1/6.5][Pkt Len c2s/s2c min/avg/max/stddev: 198/526 200.0/528.0 202/530 1.6/1.6][PLAIN TEXT (GET /ext/common/qisu2/masauto.i)] + 11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com][PLAIN TEXT (GET /20160625/a)] + 12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] + 13 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] + 14 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /track2)] + 15 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /track2)] + 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3002.0/0.0 3008/0 3.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )] 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 30/0 752.8/0.0 2839/0 1188.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 165/0 171.0/0.0 175/0 4.5/0.0][PLAIN TEXT (SEARCH )] - 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com][PLAIN TEXT (GET /clk)] - 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /2efc)] - 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] + 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7/HTTP][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com][PLAIN TEXT (GET /clk)] + 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /2efc)] + 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7/HTTP][cat: Web/5][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66][PLAIN TEXT (GET /videos/v)] - 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com][PLAIN TEXT (GET /mkt.gif)] - 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] - 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] - 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/downloadh)] - 27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] - 28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] - 29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] - 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] - 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 32 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] + 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7/HTTP][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com][PLAIN TEXT (GET /mkt.gif)] + 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] + 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] + 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/downloadh)] + 27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] + 28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] + 29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] + 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] + 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 32 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com][PLAIN TEXT (GET /pca3)] - 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com][PLAIN TEXT (GET /ocsp/MEkwRzBFMEMwQ)] 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3001.0/0.0 3005/0 2.1/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 179/0 179.0/0.0 179/0 0.0/0.0][PLAIN TEXT (SEARCH )] 37 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 3000/0 3003.8/0.0 3014/0 5.5/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )] 38 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2999/0 3007.6/0.0 3038/0 15.2/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 175/0 175.0/0.0 175/0 0.0/0.0][PLAIN TEXT (SEARCH )] - 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] - 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /ccs HTTP/1.1)] - 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][PLAIN TEXT (GET /tmpstats.gif)] - 42 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am][PLAIN TEXT (GET /cp)] + 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com][PLAIN TEXT (GET /ccs HTTP/1.1)] + 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][PLAIN TEXT (GET /tmpstats.gif)] + 42 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] 43 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )] - 44 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /2efc)] - 45 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 46 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 48 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 49 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 44 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /2efc)] + 45 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 46 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 48 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 49 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] 50 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com][PLAIN TEXT (GET /andc)] - 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)] + 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/masblog.i)] 52 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com][PLAIN TEXT (GET /comMagicanApi/composite/ap)] - 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com][PLAIN TEXT (GET /cityjson HTTP/1.1)] + 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com][PLAIN TEXT (GET /cityjson HTTP/1.1)] 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com][PLAIN TEXT (GET /comMagicanApi/index.php/To)] - 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)] - 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /k HTTP/1.1)] - 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][PLAIN TEXT (GET /apis/urc/setrc)] - 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][PLAIN TEXT (GET /apis/urc/setrc)] - 60 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] - 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/Q)] - 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] - 63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] - 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][PLAIN TEXT (GET /tmpstats.gif)] + 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/masflag.i)] + 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com][PLAIN TEXT (GET /k HTTP/1.1)] + 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][PLAIN TEXT (GET /apis/urc/setrc)] + 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com][PLAIN TEXT (GET /apis/urc/setrc)] + 60 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] + 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com][PLAIN TEXT (GET /ext/common/qisu2/Q)] + 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am][PLAIN TEXT (GET /core)] + 63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com][PLAIN TEXT (GET /b)] + 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7/HTTP][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com][PLAIN TEXT (GET /tmpstats.gif)] 65 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 200 OK)] 66 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )] 67 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 302 Found)] - 68 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com][PLAIN TEXT (GET /preimage/20160506/f0/1)] + 68 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com][PLAIN TEXT (GET /preimage/20160506/f0/1)] 69 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes][PLAIN TEXT (HTTP/1.1 200 OK)] 70 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )] 71 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes][PLAIN TEXT (SEARCH )] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index dea5081be..a22b89a70 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -1,19 +1,19 @@ +HTTP 133 96179 11 QQ 12 4781 5 Facebook 6 1740 3 Google 2 378 1 -GenericProtocol 133 96179 11 Amazon 2 1469 1 - 1 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.220 (Download)][IAT c2s/s2c min/avg/max/stddev: 182/645 2984.8/2693.8 23289/5776 3679.9/941.1][Pkt Len c2s/s2c min/avg/max/stddev: 500/76 511.5/933.3 587/1456 26.6/493.8][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 2 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 1066/2163 9041.5/8621.5 23311/23043 9741.8/9388.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/652 502.0/1143.5 502/1456 0.0/288.0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 3 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2521/3055 13434.2/13893.5 23447/24732 10021.5/10838.5][Pkt Len c2s/s2c min/avg/max/stddev: 502/822 502.0/1174.0 502/1456 0.0/263.5][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 4 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.204 (Download)][IAT c2s/s2c min/avg/max/stddev: 2241/2426 9534.0/3315.0 23958/4204 10199.5/889.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/128 502.0/1013.3 502/1456 0.0/626.0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 5 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3284/3295 3390.3/3322.0 3535/3349 106.0/27.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/188 502.0/758.7 502/1456 0.0/525.4][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 6 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] - 7 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] - 8 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 9 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] - 10 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com][PLAIN TEXT (GET /vstb/playlist)] + 1 TCP 10.54.169.250:52009 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][35 pkts/17902 bytes <-> 30 pkts/28000 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.220 (Download)][IAT c2s/s2c min/avg/max/stddev: 182/645 2984.8/2693.8 23289/5776 3679.9/941.1][Pkt Len c2s/s2c min/avg/max/stddev: 500/76 511.5/933.3 587/1456 26.6/493.8][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 2 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.283 (Download)][IAT c2s/s2c min/avg/max/stddev: 1066/2163 9041.5/8621.5 23311/23043 9741.8/9388.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/652 502.0/1143.5 502/1456 0.0/288.0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 3 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.168 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 2521/3055 13434.2/13893.5 23447/24732 10021.5/10838.5][Pkt Len c2s/s2c min/avg/max/stddev: 502/822 502.0/1174.0 502/1456 0.0/263.5][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 4 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.204 (Download)][IAT c2s/s2c min/avg/max/stddev: 2241/2426 9534.0/3315.0 23958/4204 10199.5/889.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/128 502.0/1013.3 502/1456 0.0/626.0][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 5 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 3284/3295 3390.3/3322.0 3535/3349 106.0/27.0][Pkt Len c2s/s2c min/avg/max/stddev: 502/188 502.0/758.7 502/1456 0.0/525.4][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 6 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] + 7 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7/HTTP][cat: Streaming/17][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] + 8 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 9 TCP 10.54.169.250:52007 <-> 120.28.35.40:80 [proto: 7.7/HTTP][cat: Streaming/17][3 pkts/1583 bytes <-> 1 pkts/1152 bytes][Host: vod-singtelhawk.quickplay.com][PLAIN TEXT (GET /seg/vol1/s/Warner/qpmezz)] + 10 TCP 10.54.169.250:44256 <-> 120.28.5.41:80 [proto: 7.7/HTTP][cat: Streaming/17][2 pkts/1086 bytes <-> 1 pkts/1225 bytes][Host: play-singtelhawk.quickplay.com][PLAIN TEXT (GET /vstb/playlist)] 11 TCP 10.54.169.250:56381 <-> 54.179.140.65:80 [proto: 7.178/HTTP.Amazon][cat: Web/5][1 pkts/638 bytes <-> 1 pkts/831 bytes][Host: api.account.xiaomi.com][PLAIN TEXT (GET /pass/v)] 12 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com][PLAIN TEXT (POST http)] 13 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][cat: Chat/9][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com][PLAIN TEXT (POST http)] @@ -23,5 +23,5 @@ Amazon 2 1469 1 17 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] 18 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] 19 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][cat: SocialNetwork/6][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com][PLAIN TEXT (GET /mobile/status.php HTTP/1.1)] - 20 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] + 20 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.7/HTTP][cat: Streaming/17][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com][PLAIN TEXT (GET /solr/RestApiSingTel)] 21 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com][PLAIN TEXT (GET /generate)] diff --git a/tests/result/signal.pcap.out b/tests/result/signal.pcap.out index df74b8844..7a41f213f 100644 --- a/tests/result/signal.pcap.out +++ b/tests/result/signal.pcap.out @@ -1,8 +1,8 @@ +DNS 2 186 1 DHCP 4 1368 1 Signal 512 282327 11 ICMP 1 70 1 TLS 20 1417 2 -GenericProtocol 2 186 1 Apple 8 605 1 AppleiTunes 90 29795 2 @@ -28,5 +28,5 @@ JA3 Host Stats: 15 TCP 192.168.2.17:56996 <-> 17.248.146.144:443 [proto: 91.140/TLS.Apple][cat: Web/5][4 pkts/341 bytes <-> 4 pkts/264 bytes][bytes ratio: 0.127 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.0 0/0 0.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 85.2/66.0 112/66 20.0/0.0] 16 TCP 192.168.2.17:57017 <-> 2.18.232.118:443 [proto: 91/TLS][cat: Web/5][5 pkts/317 bytes <-> 3 pkts/221 bytes][bytes ratio: 0.178 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0.0/0.0 0/0 0.0/0.0][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 63.4/73.7 89/89 13.6/10.8] 17 UDP 192.168.2.17:56263 <-> 192.168.2.1:53 [proto: 5.39/DNS.Signal][cat: Chat/9][1 pkts/97 bytes <-> 1 pkts/193 bytes][Host: textsecure-service.whispersystems.org][PLAIN TEXT (textsecure)] - 18 UDP 192.168.2.17:60793 <-> 192.168.2.1:53 [proto: 5.137/DNS.GenericProtocol][cat: Media/1][1 pkts/85 bytes <-> 1 pkts/101 bytes][Host: e673.dsce9.akamaiedge.net][PLAIN TEXT (akamaiedge)] + 18 UDP 192.168.2.17:60793 <-> 192.168.2.1:53 [proto: 5/DNS][cat: Media/1][1 pkts/85 bytes <-> 1 pkts/101 bytes][Host: e673.dsce9.akamaiedge.net][PLAIN TEXT (akamaiedge)] 19 ICMP 192.168.2.17:0 -> 192.168.2.1:0 [proto: 81/ICMP][cat: Network/14][1 pkts/70 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 3910496cb..66e8fc5c9 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -1,11 +1,10 @@ DNS 8 1267 4 MDNS 4 412 1 ICMP 2 3028 1 -TLS 12 824 2 +TLS 31 8597 3 ICMPV6 2 140 1 Facebook 2 281 1 Google 32 9133 3 -GenericProtocol 19 7773 1 Viber 268 99524 9 Amazon 71 24849 3 @@ -20,7 +19,7 @@ JA3 Host Stats: 4 TCP 192.168.0.17:33208 <-> 52.0.253.101:4244 [proto: 144/Viber][cat: VoIP/10][32 pkts/6563 bytes <-> 26 pkts/2782 bytes][bytes ratio: 0.405 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1508.3/1866.6 10563/10701 2617.1/2836.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 205.1/107.0 657/176 184.2/42.7] 5 TCP 192.168.0.17:43702 <-> 172.217.23.78:443 [proto: 91.126/TLS.Google][cat: Web/5][15 pkts/5339 bytes <-> 12 pkts/3436 bytes][bytes ratio: 0.217 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2423.6/3084.5 23555/23575 6404.8/7092.0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 355.9/286.3 1038/884 369.7/257.9][TLSv1.2][Client: app-measurement.com][JA3C: 3967ff2d2c9c4d144e7e30f24f4e9761][JA3S: 67619a80665d7ab92d1041b1d11f9164][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][bytes ratio: -0.634 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 92.8/81.8 273/298 101.7/110.9][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 130.6/582.9 432/1514 111.7/601.3][TLSv1.2][Client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Certificate SHA-1: BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] - 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91.137/TLS.GenericProtocol][cat: Media/1][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25.8/22.0 152/60 45.6/24.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153.4/693.2 631/1514 169.0/615.5][TLSv1.2][Client: venetia.iad.appboy.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: y.ssl.fastly.net][JA3S: 860fcf58fd757e26aa8911e5eaff6b53][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] + 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/TLS][cat: Media/1][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][bytes ratio: -0.605 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 25.8/22.0 152/60 45.6/24.3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 153.4/693.2 631/1514 169.0/615.5][TLSv1.2][Client: venetia.iad.appboy.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: y.ssl.fastly.net][JA3S: 860fcf58fd757e26aa8911e5eaff6b53][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91.178/TLS.Amazon][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][bytes ratio: -0.617 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 82.7/70.2 185/191 87.4/90.5][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 132.9/560.3 433/1514 110.8/605.1][TLSv1.2][Client: mapi.apptimize.com][JA3C: d8c87b9bfde38897979e41242626c2f3][Server: *.apptimize.com][JA3S: 8d2a028aa94425f76ced7826b1f39039][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][cat: VoIP/10][24 pkts/5035 bytes <-> 22 pkts/2302 bytes][bytes ratio: 0.372 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/15 313.5/341.8 529/529 202.0/188.2][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 209.8/104.6 299/118 115.2/19.6][PLAIN TEXT (Android)] 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][cat: VoIP/10][25 pkts/4344 bytes <-> 18 pkts/1872 bytes][bytes ratio: 0.398 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 236.1/328.9 531/531 238.8/225.3][Pkt Len c2s/s2c min/avg/max/stddev: 54/76 173.8/104.0 299/118 120.4/19.8][PLAIN TEXT (Android)] |