Merge branch 'dev' into dev

author: Vitaly Lavrov <vel21ripn@gmail.com> 2017-11-02 10:59:21 +0300
committer: GitHub <noreply@github.com> 2017-11-02 10:59:21 +0300
commit: 50645e11d8c65ce0a5030e8ab65db95637bd5839 (patch)
tree: d78bde51475e6f6f3d678068921fc82316eef2ac
parent: 2787c2390cdd7129c2dcf50b0d4990d3f7d1bccc (diff)
parent: 3e535779368407096f89f68fd5f138ac8a9dcc95 (diff)
8 files changed, 37 insertions, 16 deletions
diff --git a/README.md b/README.md
index d9802fc2d..5aff79ae9 100644
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ The entire procedure of adding new protocols in detail:
 
 1. Add new protocol together with its unique ID to: src/include/ndpi_protocol_ids.h
 2. Create a new protocol in: src/lib/protocols/
-3. Variables to be kept for the duration of the entire flow (as state variables) needs to be placed in: /include/ndpi_structs.h in ndpi_flow_tcp_struct (for TCP only), ndpi_flow_udp_struct (for UDP only), or ndpi_flow_struct (for both).
+3. Variables to be kept for the duration of the entire flow (as state variables) need to be placed in: src/include/ndpi_typedefs.h in ndpi_flow_tcp_struct (for TCP only), ndpi_flow_udp_struct (for UDP only), or ndpi_flow_struct (for both).
 4. Add a new entry for the search function for the new protocol in: src/include/ndpi_protocols.h
 5. Choose (do not change anything) a selection bitmask from: src/include/ndpi_define.h
 6. Add a new entry in ndpi_set_protocol_detection_bitmask2 in: src/lib/ndpi_main.c
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 7a60fddb7..e3e21f8e3 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -98,6 +98,7 @@ static struct timeval pcap_start, pcap_end;
 static time_t capture_for = 0;
 static time_t capture_until = 0;
 static u_int32_t num_flows;
+static struct ndpi_detection_module_struct *ndpi_info_mod = NULL;
 
 struct flow_info {
 	struct ndpi_flow_info *flow;
@@ -278,8 +279,7 @@ static void help(u_int long_help) {
   if(long_help) {
     printf("\n\nSupported protocols:\n");
     num_threads = 1;
-    setupDetection(0, NULL);
-    ndpi_dump_protocols(ndpi_thread_info[0].workflow->ndpi_struct);
+    ndpi_dump_protocols(ndpi_info_mod);
   }
   exit(!long_help);
 }
@@ -372,34 +372,30 @@ int cmpFlows(const void *_a, const void *_b) {
 
 void extcap_config() {
   int i, argidx = 0;
-  struct ndpi_detection_module_struct *ndpi_mod;
   struct ndpi_proto_sorter *protos;
 
   /* -i <interface> */
-  printf("arg {number=%d}{call=-i}{display=Capture Interface or Pcap File Path}{type=string}"
+  printf("arg {number=%d}{call=-i}{display=Capture Interface}{type=string}"
 	 "{tooltip=The interface name}\n", argidx++);
   printf("arg {number=%d}{call=-i}{display=Pcap File to Analyze}{type=fileselect}"
 	 "{tooltip=The pcap file to analyze (if the interface is unspecified)}\n", argidx++);
 
-  setupDetection(0, NULL);
-  ndpi_mod = ndpi_thread_info[0].workflow->ndpi_struct;
-
-  protos = (struct ndpi_proto_sorter*)malloc(sizeof(struct ndpi_proto_sorter)*ndpi_mod->ndpi_num_supported_protocols);
+  protos = (struct ndpi_proto_sorter*)malloc(sizeof(struct ndpi_proto_sorter) * ndpi_info_mod->ndpi_num_supported_protocols);
   if(!protos) exit(0);
 
-  for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) {
+  for(i=0; i<(int) ndpi_info_mod->ndpi_num_supported_protocols; i++) {
     protos[i].id = i;
-    snprintf(protos[i].name, sizeof(protos[i].name), "%s", ndpi_mod->proto_defaults[i].protoName);
+    snprintf(protos[i].name, sizeof(protos[i].name), "%s", ndpi_info_mod->proto_defaults[i].protoName);
   }
 
-  qsort(protos, ndpi_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto);
+  qsort(protos, ndpi_info_mod->ndpi_num_supported_protocols, sizeof(struct ndpi_proto_sorter), cmpProto);
 
   printf("arg {number=%d}{call=-9}{display=nDPI Protocol Filter}{type=selector}"
 	 "{tooltip=nDPI Protocol to be filtered}\n", argidx);
 
   printf("value {arg=%d}{value=%d}{display=%s}\n", argidx, -1, "All Protocols (no nDPI filtering)");
 
-  for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++)
+  for(i=0; i<(int)ndpi_info_mod->ndpi_num_supported_protocols; i++)
     printf("value {arg=%d}{value=%d}{display=%s (%d)}\n", argidx, protos[i].id,
 	   protos[i].name, protos[i].id);
 
@@ -591,7 +587,8 @@ static void parseOptions(int argc, char **argv) {
       break;
 
     case '9':
-      extcap_packet_filter = atoi(optarg);
+      extcap_packet_filter = ndpi_get_proto_by_name(ndpi_info_mod, optarg);
+      if (extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg);
       break;
     
     case 257:
@@ -1133,7 +1130,9 @@ static struct receiver *cutBackTo(struct receiver **receivers, u_int32_t size, u
     HASH_DEL(*receivers, r);
     free(r);
   }
-  return NULL;
+
+  return(NULL);
+
 }
 
 /* *********************************************** */
@@ -3140,6 +3139,9 @@ int main(int argc, char **argv) {
 
   automataUnitTest();
 
+  ndpi_info_mod = ndpi_init_detection_module();
+  if (ndpi_info_mod == NULL) return -1;
+
   memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info));
 
   parseOptions(argc, argv);
@@ -3170,6 +3172,7 @@ int main(int argc, char **argv) {
   if(results_path)  free(results_path);
   if(results_file)  fclose(results_file);
   if(extcap_dumper) pcap_dump_close(extcap_dumper);
+  if(ndpi_info_mod) ndpi_exit_detection_module(ndpi_info_mod);
 
   return 0;
 }
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 92b6a1a7a..a55696e13 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1034,6 +1034,7 @@ struct ndpi_flow_struct {
 
     struct {
       char fingerprint[48];
+      char class_ident[48];
     } dhcp;
   } protos;
 
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index ba14f50f1..4a9ec63cf 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -8031,6 +8031,7 @@ ndpi_protocol_match host_match[] = {
   { ".cloudfront.net",          "Amazon",           NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
 
   { ".apple.com",               "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
+  { ".apple-dns.net",           "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
   { ".mzstatic.com",            "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
   { ".aaplimg.com",             "Apple",            NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
   { ".icloud.com",              "AppleiCloud",      NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE },
@@ -8048,6 +8049,7 @@ ndpi_protocol_match host_match[] = {
   { ".cnn.net",                 "CNN",              NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE },
 
   { ".dropbox.com",             "DropBox",          NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
+  { ".dropbox-dns.com",         "DropBox",          NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
   { "log.getdropbox.com",       "DropBox",          NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE },
 
   { ".ebay.",                   "eBay",             NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */
diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c
index 004d42379..673b85b85 100644
--- a/src/lib/protocols/dhcp.c
+++ b/src/lib/protocols/dhcp.c
@@ -105,6 +105,13 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru
 		       "%02X",  dhcp->options[i+2+idx] & 0xFF);
 	      offset += 2;
 	    }
+	  } else if(id == 60 /* Class Identifier */) {
+	    char *name = (char*)&dhcp->options[i+2];
+	    int j = 0;
+
+	    j = ndpi_min(len, sizeof(flow->protos.dhcp.class_ident)-1);
+	    strncpy((char*)flow->protos.dhcp.class_ident, name, j);
+	    flow->protos.dhcp.class_ident[j] = '\0';
 	  } else if(id == 12 /* Host Name */) {
 	    char *name = (char*)&dhcp->options[i+2];
 	    int j = 0;
diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c
index 44d2a12fe..4b3790208 100644
--- a/src/lib/protocols/sip.c
+++ b/src/lib/protocols/sip.c
@@ -121,7 +121,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct
 	}
 
         if ((memcmp(packet_payload, "CANCEL ", 7) == 0 || memcmp(packet_payload, "cancel ", 7) == 0)
-	    && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) {
+	    && (memcmp(&packet_payload[7], "SIP:", 4) == 0 || memcmp(&packet_payload[7], "sip:", 4) == 0)) {
 	  NDPI_LOG_INFO(ndpi_struct, "found sip CANCEL\n");
 	  ndpi_int_sip_add_connection(ndpi_struct, flow, 0);
 	  return;
diff --git a/tests/pcap/sip.pcap b/tests/pcap/sip.pcap
new file mode 100644
index 000000000..8cd7f4761
--- /dev/null
+++ b/tests/pcap/sip.pcap
diff --git a/tests/result/sip.pcap.out b/tests/result/sip.pcap.out
new file mode 100644
index 000000000..8f1dfb3d2
--- /dev/null
+++ b/tests/result/sip.pcap.out
@@ -0,0 +1,8 @@
+RTP	9	1926	1
+SIP	102	47087	2
+RTCP	1	146	1
+
+	1	UDP 192.168.1.2:5060 <-> 212.242.33.35:5060 [proto: 100/SIP][53 pkts/21940 bytes <-> 31 pkts/15635 bytes]
+	2	UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][15 pkts/7568 bytes <-> 3 pkts/1944 bytes]
+	3	UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][9 pkts/1926 bytes -> 0 pkts/0 bytes]
+	4	UDP 192.168.1.2:30001 -> 212.242.33.36:40393 [proto: 165/RTCP][1 pkts/146 bytes -> 0 pkts/0 bytes]
author	Vitaly Lavrov <vel21ripn@gmail.com>	2017-11-02 10:59:21 +0300
committer	GitHub <noreply@github.com>	2017-11-02 10:59:21 +0300
commit	50645e11d8c65ce0a5030e8ab65db95637bd5839 (patch)
tree	d78bde51475e6f6f3d678068921fc82316eef2ac
parent	2787c2390cdd7129c2dcf50b0d4990d3f7d1bccc (diff)
parent	3e535779368407096f89f68fd5f138ac8a9dcc95 (diff)