aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichele Campus <fci1908@gmail.com>2015-11-12 14:57:02 +0100
committerMichele Campus <fci1908@gmail.com>2015-11-12 14:57:02 +0100
commitdd3a79dac2bd67ce4ef5bb8fde0fb5936d8d4d81 (patch)
treee61b9887adde422ff8b7f5fd37b01eb8993c618a
parent63cab68a9687f48a955f1edf35c7230b7a0c2d2d (diff)
parenta4f170604ce97b12718181fd43f506edbdb0b0d5 (diff)
Merge pull request #114 from kYroL01/dev
Refactoring nDPI
-rw-r--r--example/ndpiReader.c234
-rw-r--r--src/include/Makefile.am11
-rw-r--r--src/include/ndpi_api.h24
-rw-r--r--src/include/ndpi_define.h18
-rw-r--r--src/include/ndpi_main.h37
-rw-r--r--src/include/ndpi_typedefs.h303
-rw-r--r--src/lib/Makefile.am5
-rw-r--r--src/lib/ndpi_main.c238
-rw-r--r--src/lib/protocols/bittorrent.c7
-rw-r--r--src/lib/protocols/btlib.c7
-rw-r--r--src/lib/protocols/btlib.h2
-rw-r--r--src/lib/protocols/citrix.c9
-rw-r--r--src/lib/protocols/directdownloadlink.c21
-rw-r--r--src/lib/protocols/gtp.c8
-rw-r--r--src/lib/protocols/http.c8
-rw-r--r--src/lib/protocols/lotus_notes.c14
-rw-r--r--src/lib/protocols/mdns.c176
-rw-r--r--src/lib/protocols/netflow.c2
-rw-r--r--src/lib/protocols/radius.c8
-rw-r--r--src/lib/protocols/tcp_udp.c2
-rw-r--r--src/lib/protocols/tor.c2
-rw-r--r--src/lib/third_party/include/ndpi_patricia.h7
-rw-r--r--src/lib/third_party/src/ahocorasick.c4
-rw-r--r--src/lib/third_party/src/ndpi_patricia.c52
-rw-r--r--src/lib/third_party/src/node.c4
-rw-r--r--src/lib/third_party/src/sort.c38
26 files changed, 566 insertions, 675 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 1b9f070d4..88dba03e9 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -42,17 +42,15 @@
#include <pcap.h>
#include <signal.h>
#include <pthread.h>
+#include <sys/socket.h>
#include "../config.h"
+#include "ndpi_api.h"
#ifdef HAVE_JSON_C
#include <json.h>
#endif
-#include "ndpi_api.h"
-
-#include <sys/socket.h>
-
#define MAX_NUM_READER_THREADS 16
#define IDLE_SCAN_PERIOD 10 /* msec (use detection_tick_resolution = 1000) */
#define MAX_IDLE_TIME 30000
@@ -77,6 +75,7 @@
#define MPLS_UNI 0x8847
#define MPLS_MULTI 0x8848
#define PPPoE 0x8864
+#define SNAP 0xaa
/* mask for FCF */
#define WIFI_DATA 0x2 /* 0000 0010 */
@@ -654,16 +653,6 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept
struct ndpi_flow *flow = *(struct ndpi_flow **) node;
u_int16_t thread_id = *((u_int16_t *) user_data);
-#if 0
- printf("<%d>Walk on node %s (%p)\n",
- depth,
- which == preorder?"preorder":
- which == postorder?"postorder":
- which == endorder?"endorder":
- which == leaf?"leaf": "unknown",
- flow);
-#endif
-
if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */
if(enable_protocol_guess) {
if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) {
@@ -727,7 +716,7 @@ static struct ndpi_flow *get_ndpi_flow(u_int16_t thread_id,
const u_int8_t version,
u_int16_t vlan_id,
const struct ndpi_iphdr *iph,
- const struct ndpi_ip6_hdr *iph6,
+ const struct ndpi_ipv6hdr *iph6,
u_int16_t ip_offset,
u_int16_t ipsize,
u_int16_t l4_packet_len,
@@ -764,7 +753,7 @@ static struct ndpi_flow *get_ndpi_flow(u_int16_t thread_id,
l4_offset = iph->ihl * 4;
l3 = (u_int8_t*)iph;
} else {
- l4_offset = sizeof(struct ndpi_ip6_hdr);
+ l4_offset = sizeof(struct ndpi_ipv6hdr);
l3 = (u_int8_t*)iph6;
}
@@ -941,7 +930,7 @@ static struct ndpi_flow *get_ndpi_flow(u_int16_t thread_id,
static struct ndpi_flow *get_ndpi_flow6(u_int16_t thread_id,
u_int16_t vlan_id,
- const struct ndpi_ip6_hdr *iph6,
+ const struct ndpi_ipv6hdr *iph6,
u_int16_t ip_offset,
struct ndpi_tcphdr **tcph,
struct ndpi_udphdr **udph,
@@ -961,13 +950,13 @@ static struct ndpi_flow *get_ndpi_flow6(u_int16_t thread_id,
iph.protocol = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
if(iph.protocol == 0x3C /* IPv6 destination option */) {
- u_int8_t *options = (u_int8_t*)iph6 + sizeof(const struct ndpi_ip6_hdr);
+ u_int8_t *options = (u_int8_t*)iph6 + sizeof(const struct ndpi_ipv6hdr);
iph.protocol = options[0];
}
return(get_ndpi_flow(thread_id, 6, vlan_id, &iph, iph6, ip_offset,
- sizeof(struct ndpi_ip6_hdr),
+ sizeof(struct ndpi_ipv6hdr),
ntohs(iph6->ip6_ctlun.ip6_un1.ip6_un1_plen),
tcph, udph, sport, dport,
src, dst, proto, payload, payload_len, src_to_dst_direction));
@@ -995,8 +984,8 @@ static void setupDetection(u_int16_t thread_id) {
ndpi_set_protocol_detection_bitmask2(ndpi_thread_info[thread_id].ndpi_struct, &all);
// allocate memory for id and flow tracking
- size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct();
- size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct();
+ size_id_struct = sizeof(struct ndpi_id_struct);
+ size_flow_struct = sizeof(struct ndpi_flow_struct);
// clear memory for results
memset(ndpi_thread_info[thread_id].stats.protocol_counter, 0, sizeof(ndpi_thread_info[thread_id].stats.protocol_counter));
@@ -1027,7 +1016,7 @@ static unsigned int packet_processing(u_int16_t thread_id,
const u_int64_t time,
u_int16_t vlan_id,
const struct ndpi_iphdr *iph,
- struct ndpi_ip6_hdr *iph6,
+ struct ndpi_ipv6hdr *iph6,
u_int16_t ip_offset,
u_int16_t ipsize, u_int16_t rawsize) {
struct ndpi_id_struct *src, *dst;
@@ -1084,31 +1073,6 @@ static unsigned int packet_processing(u_int16_t thread_id,
snprintf(flow->ssl.server_certificate, sizeof(flow->ssl.server_certificate), "%s", flow->ndpi_flow->protos.ssl.server_certificate);
}
-#if 0
- if(verbose > 1) {
- if(ndpi_is_proto(flow->detected_protocol, NDPI_PROTOCOL_HTTP)) {
- char *method;
-
- printf("[URL] %s\n", ndpi_get_http_url(ndpi_thread_info[thread_id].ndpi_struct, ndpi_flow));
- printf("[Content-Type] %s\n", ndpi_get_http_content_type(ndpi_thread_info[thread_id].ndpi_struct, ndpi_flow));
-
- switch(ndpi_get_http_method(ndpi_thread_info[thread_id].ndpi_struct, ndpi_flow)) {
- case HTTP_METHOD_OPTIONS: method = "HTTP_METHOD_OPTIONS"; break;
- case HTTP_METHOD_GET: method = "HTTP_METHOD_GET"; break;
- case HTTP_METHOD_HEAD: method = "HTTP_METHOD_HEAD"; break;
- case HTTP_METHOD_POST: method = "HTTP_METHOD_POST"; break;
- case HTTP_METHOD_PUT: method = "HTTP_METHOD_PUT"; break;
- case HTTP_METHOD_DELETE: method = "HTTP_METHOD_DELETE"; break;
- case HTTP_METHOD_TRACE: method = "HTTP_METHOD_TRACE"; break;
- case HTTP_METHOD_CONNECT: method = "HTTP_METHOD_CONNECT"; break;
- default: method = "HTTP_METHOD_UNKNOWN"; break;
- }
-
- printf("[Method] %s\n", method);
- }
- }
-#endif
-
free_ndpi_flow(flow);
if(verbose > 1) {
@@ -1123,11 +1087,6 @@ static unsigned int packet_processing(u_int16_t thread_id,
}
}
-#if 0
- if(ndpi_flow->l4.tcp.host_server_name[0] != '\0')
- printf("%s\n", ndpi_flow->l4.tcp.host_server_name);
-#endif
-
if(live_capture) {
if(ndpi_thread_info[thread_id].last_idle_scan_time + IDLE_SCAN_PERIOD < ndpi_thread_info[thread_id].last_time) {
/* scan for idle flows */
@@ -1600,40 +1559,47 @@ static void pcap_packet_callback(u_char *args,
/*
* Declare pointers to packet headers
*/
- /** --- Ethernet header --- **/
+
+ /* --- Ethernet header --- */
const struct ndpi_ethhdr *ethernet;
- /** --- Cisco HDLC header --- **/
+ /* --- Ethernet II header --- */
+ const struct ndpi_ethhdr *ethernet_2;
+ /* --- LLC header --- */
+ const struct ndpi_llc_header *llc;
+
+ /* --- Cisco HDLC header --- */
const struct ndpi_chdlc *chdlc;
+ /* --- SLARP frame --- */
+ struct ndpi_slarp *slarp;
+ /* --- CDP --- */
+ struct ndpi_cdp *cdp;
- /** --- ieee802.11 --- **/
- /* Radio Tap header */
+ /* --- Radio Tap header --- */
const struct ndpi_radiotap_header *radiotap;
- /* LLC header */
- const struct ndpi_llc_header_proto *llc;
- /* Data frame */
- const struct ndpi_wifi_data_frame *wifi_data;
+ /* --- Wifi header --- */
+ const struct ndpi_wifi_header *wifi;
- /* SLARP frame */
- struct ndpi_slarp *slarp;
- /* CDP */
- struct ndpi_cdp *cdp;
+ /* --- MPLS header --- */
+ struct ndpi_mpls_header *mpls;
/** --- IP header --- **/
struct ndpi_iphdr *iph;
/** --- IPv6 header --- **/
- struct ndpi_ip6_hdr *iph6;
+ struct ndpi_ipv6hdr *iph6;
/* lengths and offsets */
u_int16_t eth_offset = 0;
u_int16_t radio_len;
u_int16_t fc;
- int wifi_data_len;
- int llc_len;
- u_int16_t llc_ether_type;
+ u_int16_t type;
+ int wifi_len;
+ int llc_off;
+ int pyld_eth_len = 0;
+ int check;
u_int32_t fcs;
u_int64_t time;
- u_int16_t type, ip_offset, ip_len, ip6_offset;
+ u_int16_t ip_offset, ip_len, ip6_offset;
u_int16_t frag_off = 0, vlan_id = 0;
u_int8_t proto = 0;
u_int32_t label;
@@ -1676,6 +1642,7 @@ static void pcap_packet_callback(u_char *args,
datalink_check:
switch(datalink_type) {
+
case DLT_NULL :
if(ntohl(*((u_int32_t*)&packet[eth_offset])) == 2)
type = ETH_P_IP;
@@ -1684,7 +1651,7 @@ static void pcap_packet_callback(u_char *args,
ip_offset = 4 + eth_offset;
- /* Cisco PPP in HDLC-like framing - 50*/
+ /* Cisco PPP in HDLC-like framing - 50 */
case DLT_PPP_SERIAL:
chdlc = (struct ndpi_chdlc *) &packet[eth_offset];
ip_offset = sizeof(struct ndpi_chdlc); /* CHDLC_OFF = 4 */
@@ -1702,7 +1669,21 @@ static void pcap_packet_callback(u_char *args,
case DLT_EN10MB :
ethernet = (struct ndpi_ethhdr *) &packet[eth_offset];
ip_offset = sizeof(struct ndpi_ethhdr) + eth_offset;
- type = ntohs(ethernet->h_proto);
+ check = ntohs(ethernet->h_lt);
+
+ if(check <= 1500)
+ pyld_eth_len = check;
+ else if (check >= 1536)
+ type = check;
+
+ if(pyld_eth_len != 0) {
+ /* check for LLC layer with SNAP extension */
+ if(packet[ip_offset] == SNAP) {
+ llc = (struct ndpi_llc_header *)(&packet[ip_offset]);
+ type = llc->snap.proto_ID;
+ ip_offset += + 8;
+ }
+ }
break;
/* Linux Cooked Capture - 113 */
@@ -1726,73 +1707,67 @@ static void pcap_packet_callback(u_char *args,
fcs = header->len - 4;
/* Calculate 802.11 header length (variable) */
- wifi_data = (struct ndpi_wifi_data_frame*)( packet + eth_offset + radio_len);
- fc = wifi_data->fc;
+ wifi = (struct ndpi_wifi_header*)( packet + eth_offset + radio_len);
+ fc = wifi->fc;
/* check wifi data presence */
if(FCF_TYPE(fc) == WIFI_DATA) {
if((FCF_TO_DS(fc) && FCF_FROM_DS(fc) == 0x0) ||
(FCF_TO_DS(fc) == 0x0 && FCF_FROM_DS(fc)))
- wifi_data_len = 26; /* + 4 byte fcs */
-
- /* TODO: check QoS Control for aggregated MSDU */
+ wifi_len = 26; /* + 4 byte fcs */
} else /* no data frames */
break;
/* Check ether_type from LLC */
- llc = (struct ndpi_llc_header_proto*)(packet + eth_offset + wifi_data_len + radio_len);
- llc_ether_type = ntohs(llc->ether_IP_type);
+ llc = (struct ndpi_llc_header*)(packet + eth_offset + wifi_len + radio_len);
+ if(llc->dsap == SNAP)
+ type = ntohs(llc->snap.proto_ID);
/* Set IP header offset */
- ip_offset = wifi_data_len + radio_len + sizeof(struct ndpi_llc_header_proto) + eth_offset;
+ ip_offset = wifi_len + radio_len + sizeof(struct ndpi_llc_header) + eth_offset;
break;
default:
return;
}
- while(1) {
- if(type == VLAN) {
- vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF;
- type = (packet[ip_offset+2] << 8) + packet[ip_offset+3];
+ /* check ether type */
+ if(type == VLAN) {
+ vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF;
+ type = (packet[ip_offset+2] << 8) + packet[ip_offset+3];
+ ip_offset += 4;
+ vlan_packet = 1;
+ }
+ else if(type == MPLS_UNI || type == MPLS_MULTI) {
+
+ mpls = (struct ndpi_mpls_header *) &packet[ip_offset];
+ label = ntohl(mpls->label);
+ /* label = ntohl(*((u_int32_t*)&packet[ip_offset])); */
+ ndpi_thread_info[thread_id].stats.mpls_count++;
+ type = ETH_P_IP, ip_offset += 4;
+
+ while((label & 0x100) != 0x100) {
ip_offset += 4;
- vlan_packet = 1;
- break;
- }
- else if(type == MPLS_UNI || type == MPLS_MULTI) {
- label = ntohl(*((u_int32_t*)&packet[ip_offset]));
- ndpi_thread_info[thread_id].stats.mpls_count++;
- type = 0x800, ip_offset += 4;
-
- while((label & 0x100) != 0x100) {
- ip_offset += 4;
- label = ntohl(*((u_int32_t*)&packet[ip_offset]));
- }
- break;
- }
- else if(type == SLARP) {
- slarp = (struct ndpi_slarp *) &packet[ip_offset];
- if(slarp->slarp_type == 0x02 || slarp->slarp_type == 0x00 || slarp->slarp_type == 0x01) {
- /* TODO if info are needed */
- }
- slarp_pkts++;
- break;
+ label = ntohl(mpls->label);
}
- else if(type == CISCO_D_PROTO) {
- cdp = (struct ndpi_cdp *) &packet[ip_offset];
- cdp_pkts++;
- break;
- }
- else if(type == PPPoE) {
- ndpi_thread_info[thread_id].stats.pppoe_count++;
- type = 0x0800;
- ip_offset += 8;
- break;
+ }
+ else if(type == SLARP) {
+ slarp = (struct ndpi_slarp *) &packet[ip_offset];
+ if(slarp->slarp_type == 0x02 || slarp->slarp_type == 0x00 || slarp->slarp_type == 0x01) {
+ /* TODO if info are needed */
}
- else
- break;
- } /* while(1) */
-
+ slarp_pkts++;
+ }
+ else if(type == CISCO_D_PROTO) {
+ cdp = (struct ndpi_cdp *) &packet[ip_offset];
+ cdp_pkts++;
+ }
+ else if(type == PPPoE) {
+ ndpi_thread_info[thread_id].stats.pppoe_count++;
+ type = ETH_P_IP;
+ ip_offset += 8;
+ }
+
ndpi_thread_info[thread_id].stats.vlan_count += vlan_packet;
iph_check:
@@ -1836,9 +1811,9 @@ static void pcap_packet_callback(u_char *args,
return;
}
} else if(iph->version == 6) {
- iph6 = (struct ndpi_ip6_hdr *)&packet[ip_offset];
+ iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset];
proto = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
- ip_len = sizeof(struct ndpi_ip6_hdr);
+ ip_len = sizeof(struct ndpi_ipv6hdr);
if(proto == 0x3C /* IPv6 destination option */) {
@@ -1848,15 +1823,6 @@ static void pcap_packet_callback(u_char *args,
}
iph = NULL;
- /* tunnel 6in4 */
- /* ipv6in4: */
- /* ip6_offset = ip_len + ip_offset; */
- /* iph6 = (struct ndpi_ip6_hdr *)&packet[ip6_offset]; */
- /* proto = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt; */
- /* ip_len = sizeof(struct ndpi_ip6_hdr); */
- /* ip_offset = ip_len + ip6_offset; */
- /* iph = NULL; */
-
} else {
static u_int8_t ipv4_warning_used = 0;
@@ -2071,16 +2037,6 @@ struct timezone {
/* ***************************************************** */
-#if 0
-int gettimeofday(struct timeval *tv, void *notUsed) {
- tv->tv_sec = time(NULL);
- tv->tv_usec = 0;
- return(0);
-}
-#endif
-
-/* ***************************************************** */
-
int gettimeofday(struct timeval *tv, struct timezone *tz) {
FILETIME ft;
LARGE_INTEGER li;
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index 71a507ae2..05266a106 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -1,9 +1,8 @@
-
library_includedir=$(includedir)/libndpi-1.4/libndpi
library_include_HEADERS = ndpi_api.h \
- ndpi_debug_functions.h \
- ndpi_define.h \
- ndpi_macros.h \
- ndpi_protocols_osdpi.h \
- ndpi_public_functions.h
+ ndpi_define.h \
+ ndpi_typedefs.h \
+ ndpi_main.h \
+ ndpi_protocol_ids.h \
+ ndpi_protocols.h
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index 7b4550150..c1f7fac84 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -32,26 +32,14 @@
extern "C" {
#endif
- /**
- * This function returns the size of the flow struct
- * @return the size of the flow struct
- */
- u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void);
-
- /**
- * This function returns the size of the id struct
- * @return the size of the id struct
- */
- u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void);
-
-
/* Public malloc/free */
void* ndpi_malloc(unsigned long size);
void* ndpi_calloc(unsigned long count, unsigned long size);
void ndpi_free(void *ptr);
void *ndpi_realloc(void *ptr, size_t old_size, size_t new_size);
char *ndpi_strdup(const char *s);
- /*
+
+ /**
* Find the first occurrence of find in s, where the search is limited to the
* first slen characters of s.
*/
@@ -150,14 +138,6 @@ extern "C" {
*/
u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_int8_t ** l4_return, u_int16_t * l4_len_return,
u_int8_t * l4_protocol_return, u_int32_t flags);
- /**
- * returns the real protocol for the flow of the last packet given to the detection.
- * if no real protocol could be found, the unknown protocol will be returned.
- *
- * @param ndpi_struct the detection module
- * @return the protocol id of the last real protocol found in the protocol history of the flow
- */
- /* u_int16_t ndpi_detection_get_real_protocol_of_flow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); */
/**
* returns true if the protocol history of the flow of the last packet given to the detection
diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h
index f938c8ffb..cfae5f305 100644
--- a/src/include/ndpi_define.h
+++ b/src/include/ndpi_define.h
@@ -42,12 +42,6 @@
#endif/* BYTE_ORDER */
#endif/* __OPENBSD__ */
-#if 0
-#ifndef NDPI_ENABLE_DEBUG_MESSAGES
-#define NDPI_ENABLE_DEBUG_MESSAGES
-#endif
-#endif
-
#ifdef WIN32
#define __LITTLE_ENDIAN__ 1
#endif
@@ -59,13 +53,6 @@
#define __BIG_ENDIAN__
#endif
-/* Kernel modules */
-#if defined(__LITTLE_ENDIAN)
-#define __LITTLE_ENDIAN__
-#endif
-#if defined(__BIG_ENDIAN)
-#define __BIG_ENDIAN__
-#endif
/* Everything else */
#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__))
#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
@@ -165,11 +152,6 @@
#define MAX_PACKET_COUNTER 65000
#define MAX_DEFAULT_PORTS 5
-/**********************
- * detection features *
- **********************/
-/* #define NDPI_SELECT_DETECTION_WITH_REAL_PROTOCOL ( 1 << 0 ) */
-
#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600
#define NDPI_IRC_CONNECTION_TIMEOUT 120
#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index cb6d9b629..c570a5833 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -34,6 +34,7 @@
#endif
#include <ctype.h>
#include <time.h>
+#include <arpa/inet.h>
#ifndef WIN32
@@ -50,12 +51,11 @@
#include <limits.h>
#endif
-#include "ndpi_win32.h"
-#include "ndpi_unix.h"
#include "ndpi_define.h"
#include "ndpi_protocol_ids.h"
#include "ndpi_typedefs.h"
#include "ndpi_protocols.h"
+#include "ndpi_api.h"
void *ndpi_tdelete(const void * __restrict, void ** __restrict,
@@ -90,43 +90,40 @@ void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct
u_int16_t upper_detected_protocol,
u_int16_t lower_detected_protocol);
-
-/* function to parse a packet which has line based information into a line based structure
- * this function will also set some well known line pointers like:
- * - host, user agent, empty line,....
- */
extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+
extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter);
-extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow,
+
+extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
u_int16_t upper_detected_protocol,
u_int16_t lower_detected_protocol);
-extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow,
+extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
u_int16_t upper_detected_protocol,
u_int16_t lower_detected_protocol);
-extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod,
- ndpi_protocol_breed_t protoBreed, u_int16_t protoId,
- u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2],
- char *protoName,
+extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t protoBreed, u_int16_t protoId,
+ u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], char *protoName,
ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts);
+
extern void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet);
extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow);
+
extern int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip);
extern int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip);
extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip);
extern void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip);
+
extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const ndpi_ip_addr_t * ip);
-extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct,
- const struct ndpi_packet_struct *packet);
+extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_packet_struct *packet);
extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id);
+
extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct,
u_int8_t proto, u_int16_t sport, u_int16_t dport);
+
extern u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto);
+
extern u_int16_t ndpi_get_lower_proto(ndpi_protocol p);
-extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct,
- u_int16_t protocol_id,
+extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id,
u_int16_t** tcp_master_proto,
u_int16_t** udp_master_proto);
@@ -135,6 +132,4 @@ void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *
const char **file, const char **func, u_int32_t * line);
#endif
-#include "ndpi_api.h"
-
#endif /* __NDPI_MAIN_INCLUDE_FILE__ */
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 63013230c..47df3f0b2 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -22,82 +22,247 @@
*
*/
-#ifndef __NDPI_TYPEDEFS_FILE__
-#define __NDPI_TYPEDEFS_FILE__
+#ifndef __NDPI_TYPEDEFS_H__
+#define __NDPI_TYPEDEFS_H__
-typedef enum {
+#include "ndpi_define.h"
+
+#define BT_ANNOUNCE
+#define _WS2TCPIP_H_ /* Avoid compilation problems */
+#define SNAP_EXT
+
+
+/* NDPI_LOG_LEVEL */
+typedef enum
+{
NDPI_LOG_ERROR,
NDPI_LOG_TRACE,
NDPI_LOG_DEBUG
} ndpi_log_level_t;
-typedef void (*ndpi_debug_function_ptr) (u_int32_t protocol,
- void *module_struct, ndpi_log_level_t log_level,
- const char *format, ...);
-#define BT_ANNOUNCE
-
-typedef enum {
+/* NDPI_VISIT */
+typedef enum
+{
ndpi_preorder,
ndpi_postorder,
ndpi_endorder,
ndpi_leaf
} ndpi_VISIT;
-typedef struct node_t {
+/* NDPI_NODE */
+typedef struct node_t
+{
char *key;
struct node_t *left, *right;
} ndpi_node;
+/* NDPI_MASK_SIZE */
typedef u_int32_t ndpi_ndpi_mask;
-typedef struct ndpi_protocol_bitmask_struct {
- ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS];
+/* NDPI_PROTO_BITMASK_STRUCT */
+typedef struct ndpi_protocol_bitmask_struct
+{
+ ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS];
} ndpi_protocol_bitmask_struct_t;
-#ifdef NDPI_DETECTION_SUPPORT_IPV6
-struct ndpi_ip6_addr {
- union {
- u_int8_t u6_addr8[16];
- u_int16_t u6_addr16[8];
- u_int32_t u6_addr32[4];
- u_int64_t u6_addr64[2];
- } ndpi_v6_u;
-
-#define ndpi_v6_addr ndpi_v6_u.u6_addr8
-#define ndpi_v6_addr16 ndpi_v6_u.u6_addr16
-#define ndpi_v6_addr32 ndpi_v6_u.u6_addr32
-#define ndpi_v6_addr64 ndpi_v6_u.u6_addr64
-};
+/* NDPI_DEBUG_FUNCTION_PTR (cast) */
+typedef void (*ndpi_debug_function_ptr) (u_int32_t protocol, void *module_struct,
+ ndpi_log_level_t log_level, const char *format, ...);
-struct ndpi_ipv6hdr {
- /* use userspace and kernelspace compatible compile parameters */
-#if defined(__LITTLE_ENDIAN__)
- u_int8_t priority:4, version:4;
+
+/* ************************************************************ */
+/* ******************* NDPI NETWORKS HEADERS ****************** */
+/* ************************************************************ */
+
+/* ++++++++++++++++++++++++ Cisco headers +++++++++++++++++++++ */
+
+/* Cisco HDLC */
+struct ndpi_chdlc
+{
+ u_int8_t addr; /* 0x0F (Unicast) - 0x8F (Broadcast) */
+ u_int8_t ctrl; /* always 0x00 */
+ u_int16_t proto_code; /* protocol type (e.g. 0x0800 IP) */
+} __attribute__((packed));
+
+/* SLARP - Serial Line ARP http://tinyurl.com/qa54e95 */
+struct ndpi_slarp
+{
+ /* address requests (0x00)
+ address replies (0x01)
+ keep-alive (0x02)
+ */
+ u_int32_t slarp_type;
+ u_int32_t addr_1;
+ u_int32_t addr_2;
+} __attribute__((packed));
+
+/* Cisco Discovery Protocol http://tinyurl.com/qa6yw9l */
+struct ndpi_cdp
+{
+ u_int8_t version;
+ u_int8_t ttl;
+ u_int16_t checksum;
+ u_int16_t type;
+ u_int16_t length;
+} __attribute__((packed));
+
+
+/* +++++++++++++++ Ethernet header (IEEE 802.3) +++++++++++++++ */
+struct ndpi_ethhdr
+{
+ u_char h_dest[6]; /* destination eth addr */
+ u_char h_source[6]; /* source ether addr */
+ u_int16_t h_lt; /* data length (<= 1500) or type ID proto (>=1536) */
+} __attribute__((packed));
+
+/* +++++++++++++++++++ LLC header (IEEE 802.2) ++++++++++++++++ */
+struct ndpi_snap_extension
+{
+ u_int16_t oui;
+ u_int8_t oui2;
+ u_int16_t proto_ID;
+} __attribute__((packed));
+
+struct ndpi_llc_header
+{
+ u_int8_t dsap;
+ u_int8_t ssap;
+ u_int8_t ctrl;
+#ifdef SNAP_EXT
+ struct ndpi_snap_extension snap;
+#endif
+} __attribute__((packed));
+
+
+/* ++++++++++ RADIO TAP header (for IEEE 802.11) +++++++++++++ */
+struct ndpi_radiotap_header
+{
+ u_int8_t version; /* set to 0 */
+ u_int8_t pad;
+ u_int16_t len;
+ u_int32_t present;
+ u_int64_t MAC_timestamp;
+ u_int8_t flags;
+
+} __attribute__((packed));
+
+/* ++++++++++++ Wireless header (IEEE 802.11) ++++++++++++++++ */
+struct ndpi_wifi_header
+{
+ u_int16_t fc;
+ u_int16_t duration;
+ u_char rcvr[6];
+ u_char trsm[6];
+ u_char dest[6];
+ u_int16_t seq_ctrl;
+ /* u_int64_t ccmp - for data encription only - check fc.flag */
+} __attribute__((packed));
+
+
+
+/* +++++++++++++++++++++++ MPLS header +++++++++++++++++++++++ */
+struct ndpi_mpls_header
+{
+ u_int32_t label:20, exp:3, s:1, ttl:8;
+} __attribute__((packed));
+
+
+
+/* ++++++++++++++++++++++++ IP header ++++++++++++++++++++++++ */
+struct ndpi_iphdr {
+#if defined(__LITTLE_ENDIAN__)
+ u_int8_t ihl:4, version:4;
#elif defined(__BIG_ENDIAN__)
- u_int8_t version:4, priority:4;
+ u_int8_t version:4, ihl:4;
#else
# error "Byte order must be defined"
#endif
+ u_int8_t tos;
+ u_int16_t tot_len;
+ u_int16_t id;
+ u_int16_t frag_off;
+ u_int8_t ttl;
+ u_int8_t protocol;
+ u_int16_t check;
+ u_int32_t saddr;
+ u_int32_t daddr;
+} __attribute__((packed));
+
+
+/* +++++++++++++++++++++++ IPv6 header +++++++++++++++++++++++ */
+/* rfc3542 */
+
+struct ndpi_in6_addr
+{
+ union
+ {
+ u_int8_t u6_addr8[16];
+ u_int16_t u6_addr16[8];
+ u_int32_t u6_addr32[4];
+ } u6_addr; /* 128-bit IP6 address */
+};
- u_int8_t flow_lbl[3];
+struct ndpi_ipv6hdr
+{
+ union
+ {
+ struct ndpi_ip6_hdrctl
+ {
+ u_int32_t ip6_un1_flow;
+ u_int16_t ip6_un1_plen;
+ u_int8_t ip6_un1_nxt;
+ u_int8_t ip6_un1_hlim;
+ } ip6_un1;
+ u_int8_t ip6_un2_vfc;
+ } ip6_ctlun;
+ struct ndpi_in6_addr ip6_src;
+ struct ndpi_in6_addr ip6_dst;
+} __attribute__((packed));
+
+
+
+/* +++++++++++++++++++++++ TCP header +++++++++++++++++++++++ */
+struct ndpi_tcphdr
+{
+ u_int16_t source;
+ u_int16_t dest;
+ u_int32_t seq;
+ u_int32_t ack_seq;
+#if defined(__LITTLE_ENDIAN__)
+ u_int16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1;
+#elif defined(__BIG_ENDIAN__)
+ u_int16_t doff:4, res1:4, cwr:1, ece:1, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1;
+#else
+# error "Byte order must be defined"
+#endif
+ u_int16_t window;
+ u_int16_t check;
+ u_int16_t urg_ptr;
+} __attribute__((packed));
+
+/* +++++++++++++++++++++++ UDP header +++++++++++++++++++++++ */
+struct ndpi_udphdr
+{
+ u_int16_t source;
+ u_int16_t dest;
+ u_int16_t len;
+ u_int16_t check;
+} __attribute__((packed));
- u_int16_t payload_len;
- u_int8_t nexthdr;
- u_int8_t hop_limit;
- struct ndpi_ip6_addr saddr;
- struct ndpi_ip6_addr daddr;
-};
-#endif
-typedef union {
+typedef union
+{
u_int32_t ipv4;
u_int8_t ipv4_u_int8_t[4];
#ifdef NDPI_DETECTION_SUPPORT_IPV6
- struct ndpi_ip6_addr ipv6;
+ struct ndpi_in6_addr ipv6;
#endif
} ndpi_ip_addr_t;
+/* ************************************************************ */
+/* ******************* ********************* ****************** */
+/* ************************************************************ */
#ifdef NDPI_PROTOCOL_BITTORRENT
typedef struct spinlock {
@@ -152,16 +317,13 @@ typedef enum {
} ndpi_http_method;
typedef struct ndpi_id_struct {
- /* detected_protocol_bitmask:
- * access this bitmask to find out whether an id has used skype or not
- * if a flag is set here, it will not be resetted
- * to compare this, use:
- * if (NDPI_BITMASK_COMPARE(id->detected_protocol_bitmask,
- * NDPI_PROTOCOL_BITMASK_XXX) != 0)
- * {
- * // protocol XXX detected on this id
- * }
- */
+
+ /**
+ detected_protocol_bitmask:
+ access this bitmask to find out whether an id has used skype or not
+ if a flag is set here, it will not be resetted
+ to compare this, use:
+ **/
NDPI_PROTOCOL_BITMASK detected_protocol_bitmask;
#ifdef NDPI_PROTOCOL_RTSP
ndpi_ip_addr_t rtsp_ip_address;
@@ -672,26 +834,34 @@ typedef struct ndpi_flow_struct {
u_int16_t guessed_protocol_id, guessed_host_proto_id;
u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1;
- /* if ndpi_struct->direction_detect_disable == 1 */
- /* tcp sequence number connection tracking */
+
+ /*
+ if ndpi_struct->direction_detect_disable == 1
+ tcp sequence number connection tracking
+ */
u_int32_t next_tcp_seq_nr[2];
- /* the tcp / udp / other l4 value union
- * this is used to reduce the number of bytes for tcp or udp protocol states
- * */
+ /*
+ the tcp / udp / other l4 value union
+ used to reduce the number of bytes for tcp or udp protocol states
+ */
union {
struct ndpi_flow_tcp_struct tcp;
struct ndpi_flow_udp_struct udp;
} l4;
- struct ndpi_id_struct *server_id; /*
- Pointer to src or dst
- that identifies the
- server of this connection
- */
- u_char host_server_name[256]; /* HTTP host or DNS query */
- u_char detected_os[32]; /* Via HTTP User-Agent */
- u_char nat_ip[24]; /* Via HTTP X-Forwarded-For */
+ /*
+ Pointer to src or dst
+ that identifies the
+ server of this connection
+ */
+ struct ndpi_id_struct *server_id;
+ /* HTTP host or DNS query */
+ u_char host_server_name[256];
+ /* Via HTTP User-Agent */
+ u_char detected_os[32];
+ /* Via HTTP X-Forwarded-For */
+ u_char nat_ip[24];
/*
This structure below will not not stay inside the protos
@@ -721,7 +891,8 @@ typedef struct ndpi_flow_struct {
char client_certificate[48], server_certificate[48];
} ssl;
} protos;
- /* ALL protocol specific 64 bit variables here */
+
+ /*** ALL protocol specific 64 bit variables here ***/
/* protocols which have marked a connection as this connection cannot be protocol XXX, multiple u_int64_t */
NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask;
@@ -811,4 +982,4 @@ typedef struct ndpi_flow_struct {
struct ndpi_id_struct *dst;
} ndpi_flow_struct_t;
-#endif/* __NDPI_TYPEDEFS_FILE__ */
+#endif/* __NDPI_TYPEDEFS_H__ */
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index ee395f5cd..be9a50526 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -7,14 +7,11 @@ libndpi_la_LDFLAGS = -version-info 1:0:0 -export-symbols $(top_srcdir)/libndpi.s
libndpi_la_includedir = $(includedir)/libndpi-@VERSION@/libndpi
libndpi_la_include_HEADERS = ../include/ndpi_api.h \
- ../include/linux_compat.h \
../include/ndpi_define.h \
../include/ndpi_main.h \
../include/ndpi_protocol_ids.h \
../include/ndpi_protocols.h \
- ../include/ndpi_typedefs.h \
- ../include/ndpi_unix.h \
- ../include/ndpi_win32.h
+ ../include/ndpi_typedefs.h
libndpi_la_SOURCES = ndpi_content_match.c.inc \
ndpi_main.c \
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 16a956d4f..23977334e 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -29,8 +29,6 @@
#include "ndpi_api.h"
#include "../../config.h"
-// #define DEBUG
-
#include <time.h>
#ifndef WIN32
#include <unistd.h>
@@ -40,13 +38,6 @@
#include "third_party/include/ndpi_patricia.h"
#include "third_party/src/ndpi_patricia.c"
-#ifdef WIN32
-/* http://social.msdn.microsoft.com/Forums/uk/vcgeneral/thread/963aac07-da1a-4612-be4a-faac3f1d65ca */
-#ifndef strtok_r
-#define strtok_r(a,b,c) strtok(a,b)
-#endif
-#endif
-
/* ftp://ftp.cc.uoc.gr/mirrors/OpenBSD/src/lib/libc/stdlib/tsearch.c */
/* find or insert datum into search tree */
void *
@@ -344,19 +335,6 @@ char *ndpi_strdup(const char *s) {
return(m);
}
-/* ****************************************** */
-
-u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void)
-{
- return sizeof(struct ndpi_flow_struct);
-}
-
-/* ****************************************** */
-
-u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void)
-{
- return sizeof(struct ndpi_id_struct);
-}
/* ******************************************************************** */
@@ -439,15 +417,6 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod,
if(udpDefPorts[j].port_low != 0) addDefaultPort(&udpDefPorts[j], &ndpi_mod->proto_defaults[protoId], &ndpi_mod->udpRoot);
if(tcpDefPorts[j].port_low != 0) addDefaultPort(&tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], &ndpi_mod->tcpRoot);
}
-
-#if 0
- printf("%s(%d, %s, %p) [%s]\n",
- __FUNCTION__,
- protoId,
- ndpi_mod->proto_defaults[protoId].protoName,
- ndpi_mod,
- ndpi_mod->proto_defaults[1].protoName);
-#endif
}
/* ******************************************************************** */
@@ -2547,8 +2516,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
* nxt_hdr: protocol of the actual payload
* returns 0 upon success and 1 upon failure
*/
-static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_struct,
- const u_int8_t ** l4ptr, u_int16_t * l4len, u_int8_t * nxt_hdr)
+static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_struct, const u_int8_t ** l4ptr, u_int16_t * l4len, u_int8_t * nxt_hdr)
{
while ((*nxt_hdr == 0 || *nxt_hdr == 43 || *nxt_hdr == 44 || *nxt_hdr == 60 || *nxt_hdr == 135 || *nxt_hdr == 59)) {
u_int16_t ehdr_len;
@@ -2652,10 +2620,10 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru
l4protocol = iph->protocol;
}
#ifdef NDPI_DETECTION_SUPPORT_IPV6
- else if(iph_v6 != NULL && (l3_len - sizeof(struct ndpi_ipv6hdr)) >= ntohs(iph_v6->payload_len)) {
+ else if(iph_v6 != NULL && (l3_len - sizeof(struct ndpi_ipv6hdr)) >= ntohs(iph_v6->ip6_ctlun.ip6_un1.ip6_un1_plen)) {
l4ptr = (((const u_int8_t *) iph_v6) + sizeof(struct ndpi_ipv6hdr));
- l4len = ntohs(iph_v6->payload_len);
- l4protocol = iph_v6->nexthdr;
+ l4len = ntohs(iph_v6->ip6_ctlun.ip6_un1.ip6_un1_plen);
+ l4protocol = iph_v6->ip6_ctlun.ip6_un1.ip6_un1_nxt;
// we need to handle IPv6 extension headers if present
if(ndpi_handle_ipv6_extension_headers(ndpi_struct, &l4ptr, &l4len, &l4protocol) != 0) {
@@ -2683,11 +2651,6 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru
return 0;
}
-#if !defined(WIN32)
-#define ATTRIBUTE_ALWAYS_INLINE static inline
-#else
-__forceinline static
-#endif
void ndpi_apply_flow_protocol_to_packet(struct ndpi_flow_struct *flow,
struct ndpi_packet_struct *packet)
{
@@ -2813,12 +2776,6 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str
return 0;
}
-
-#if !defined(WIN32)
-static inline
-#else
-__forceinline static
-#endif
void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
@@ -2831,9 +2788,6 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct,
const struct ndpi_tcphdr *tcph = packet->tcp;
const struct ndpi_udphdr *udph = flow->packet.udp;
- //struct ndpi_unique_flow_struct unique_flow;
- //uint8_t new_connection;
-
u_int8_t proxy_enabled = 0;
packet->tcp_retransmission = 0, packet->packet_direction = 0;
@@ -2845,7 +2799,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct,
packet->packet_direction = 1;
#ifdef NDPI_DETECTION_SUPPORT_IPV6
- if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->saddr, &iphv6->daddr) != 0)
+ if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->ip6_src, &iphv6->ip6_dst) != 0)
packet->packet_direction = 1;
#endif
}
@@ -3196,7 +3150,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
#ifdef NDPI_DETECTION_SUPPORT_IPV6
if(flow->packet.iphv6 != NULL) {
- protocol = flow->packet.iphv6->nexthdr, saddr = 0, daddr = 0;
+ protocol = flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt, saddr = 0, daddr = 0;
} else
#endif
{
@@ -3217,16 +3171,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
goto ret_protocols;
}
}
-
-#if 0
- a = flow->detected_protocol_stack[0];
- if(a != NDPI_PROTOCOL_UNKNOWN) {
- NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_TRACE, "PROCESS KNOWN PROTOCOL\n");
- ndpi_struct->proto_defaults[a].func(ndpi_struct, flow);
- return a;
- }
-#endif
-
+
check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet);
a = flow->packet.detected_protocol_stack[0];
@@ -3262,18 +3207,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
flow->host_already_guessed = 1;
}
-#if 0
- /* Swap protocols in case of success */
- if(ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) {
- u_int16_t t = ret.master_protocol;
-
- ret.master_protocol = ret.protocol;
- ret.protocol = t;
- }
-#endif
-
- if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN))
- ret.protocol = flow->guessed_host_proto_id;
+ if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN))
+ ret.protocol = flow->guessed_host_proto_id;
return(ret);
}
@@ -3885,39 +3820,50 @@ int NDPI_PROTOCOL_IP_is_set(const ndpi_ip_addr_t * ip)
/* NTOP */
int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip)
{
+
#ifdef NDPI_DETECTION_SUPPORT_IPV6
- if(packet->iphv6 != NULL) {
- if(packet->iphv6->saddr.ndpi_v6_u.u6_addr64[0] == ip->ipv6.ndpi_v6_u.u6_addr64[0] &&
- packet->iphv6->saddr.ndpi_v6_u.u6_addr64[1] == ip->ipv6.ndpi_v6_u.u6_addr64[1]) {
+ /* IPv6 */
+ if(packet->iphv6 != NULL) {
+
+ if(packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ip->ipv6.u6_addr.u6_addr32[0] &&
+ packet->iphv6->ip6_src.u6_addr.u6_addr32[1] == ip->ipv6.u6_addr.u6_addr32[1] &&
+ packet->iphv6->ip6_src.u6_addr.u6_addr32[2] == ip->ipv6.u6_addr.u6_addr32[2] &&
+ packet->iphv6->ip6_src.u6_addr.u6_addr32[3] == ip->ipv6.u6_addr.u6_addr32[3])
return 1;
- } else {
- return 0;
- }
+ //else
+ return 0;
}
#endif
- if(packet->iph->saddr == ip->ipv4) {
+
+ /* IPv4 */
+ if(packet->iph->saddr == ip->ipv4)
return 1;
- }
return 0;
}
/* check if the destination ip address in packet and ip are equal */
int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip)
{
+
#ifdef NDPI_DETECTION_SUPPORT_IPV6
+
+ /* IPv6 */
if(packet->iphv6 != NULL) {
- if(packet->iphv6->daddr.ndpi_v6_u.u6_addr64[0] == ip->ipv6.ndpi_v6_u.u6_addr64[0] &&
- packet->iphv6->daddr.ndpi_v6_u.u6_addr64[1] == ip->ipv6.ndpi_v6_u.u6_addr64[1]) {
+
+ if(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ip->ipv6.u6_addr.u6_addr32[0] &&
+ packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] == ip->ipv6.u6_addr.u6_addr32[1] &&
+ packet->iphv6->ip6_dst.u6_addr.u6_addr32[2] == ip->ipv6.u6_addr.u6_addr32[2] &&
+ packet->iphv6->ip6_dst.u6_addr.u6_addr32[3] == ip->ipv6.u6_addr.u6_addr32[3])
return 1;
- } else {
- return 0;
- }
+ //else
+ return 0;
}
#endif
- if(packet->iph->daddr == ip->ipv4) {
+
+ /* IPv4 */
+ if(packet->iph->saddr == ip->ipv4)
return 1;
- }
return 0;
}
@@ -3926,12 +3872,21 @@ int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_i
void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip)
{
NDPI_PROTOCOL_IP_clear(ip);
+
#ifdef NDPI_DETECTION_SUPPORT_IPV6
+
+ /* IPv6 */
if(packet->iphv6 != NULL) {
- ip->ipv6.ndpi_v6_u.u6_addr64[0] = packet->iphv6->saddr.ndpi_v6_u.u6_addr64[0];
- ip->ipv6.ndpi_v6_u.u6_addr64[1] = packet->iphv6->saddr.ndpi_v6_u.u6_addr64[1];
+
+ ip->ipv6.u6_addr.u6_addr32[0] = packet->iphv6->ip6_src.u6_addr.u6_addr32[0];
+ ip->ipv6.u6_addr.u6_addr32[1] = packet->iphv6->ip6_src.u6_addr.u6_addr32[1];
+ ip->ipv6.u6_addr.u6_addr32[2] = packet->iphv6->ip6_src.u6_addr.u6_addr32[2];
+ ip->ipv6.u6_addr.u6_addr32[3] = packet->iphv6->ip6_src.u6_addr.u6_addr32[3];
+
} else
#endif
+
+ /* IPv4 */
ip->ipv4 = packet->iph->saddr;
}
@@ -3940,12 +3895,20 @@ void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_add
void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip)
{
NDPI_PROTOCOL_IP_clear(ip);
+
#ifdef NDPI_DETECTION_SUPPORT_IPV6
+
if(packet->iphv6 != NULL) {
- ip->ipv6.ndpi_v6_u.u6_addr64[0] = packet->iphv6->daddr.ndpi_v6_u.u6_addr64[0];
- ip->ipv6.ndpi_v6_u.u6_addr64[1] = packet->iphv6->daddr.ndpi_v6_u.u6_addr64[1];
+
+ ip->ipv6.u6_addr.u6_addr32[0] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[0];
+ ip->ipv6.u6_addr.u6_addr32[1] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[1];
+ ip->ipv6.u6_addr.u6_addr32[2] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[2];
+ ip->ipv6.u6_addr.u6_addr32[3] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[3];
+
} else
+
#endif
+
ip->ipv4 = packet->iph->daddr;
}
@@ -3959,15 +3922,22 @@ char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct,
const u_int8_t *a = (const u_int8_t *) &ip->ipv4;
#ifdef NDPI_DETECTION_SUPPORT_IPV6
- if(ip->ipv6.ndpi_v6_u.u6_addr32[1] != 0 || ip->ipv6.ndpi_v6_u.u6_addr64[1] != 0) {
- const u_int16_t *b = ip->ipv6.ndpi_v6_u.u6_addr16;
+ if(ip->ipv6.u6_addr.u6_addr32[0] != 0 ||
+ ip->ipv6.u6_addr.u6_addr32[1] != 0 ||
+ ip->ipv6.u6_addr.u6_addr32[1] != 0 ||
+ ip->ipv6.u6_addr.u6_addr32[1] != 0) {
+
+ const u_int16_t *b = ip->ipv6.u6_addr.u6_addr16;
snprintf(ndpi_struct->ip_string, 32, "%x:%x:%x:%x:%x:%x:%x:%x",
ntohs(b[0]), ntohs(b[1]), ntohs(b[2]), ntohs(b[3]),
ntohs(b[4]), ntohs(b[5]), ntohs(b[6]), ntohs(b[7]));
+
return ndpi_struct->ip_string;
}
#endif
+
snprintf(ndpi_struct->ip_string, 32, "%u.%u.%u.%u", a[0], a[1], a[2], a[3]);
+
return ndpi_struct->ip_string;
}
@@ -4383,44 +4353,44 @@ void NDPI_DUMP_BITMASK(NDPI_PROTOCOL_BITMASK a) {
}
-#ifdef WIN32
-/* http://www.opensource.apple.com/source/xnu/xnu-1456.1.26/bsd/libkern/strsep.c */
-
-/*
- * Get next token from string *stringp, where tokens are possibly-empty
- * strings separated by characters from delim.
- *
- * Writes NULs into the string at *stringp to end tokens.
- * delim need not remain constant from call to call.
- * On return, *stringp points past the last NUL written (if there might
- * be further tokens), or is NULL (if there are definitely no more tokens).
- *
- * If *stringp is NULL, strsep returns NULL.
- */
-char* strsep(char **stringp, const char *delim) {
- char *s;
- const char *spanp;
- int c, sc;
- char *tok;
-
- if((s = *stringp) == NULL)
- return (NULL);
- for(tok = s;;) {
- c = *s++;
- spanp = delim;
- do {
- if((sc = *spanp++) == c) {
- if(c == 0)
- s = NULL;
- else
- s[-1] = 0;
- *stringp = s;
- return (tok);
- }
- } while (sc != 0);
- }
- /* NOTREACHED */
-}
-#endif
+/* #ifdef WIN32 */
+/* /\* http://www.opensource.apple.com/source/xnu/xnu-1456.1.26/bsd/libkern/strsep.c *\/ */
+
+/* /\* */
+/* * Get next token from string *stringp, where tokens are possibly-empty */
+/* * strings separated by characters from delim. */
+/* * */
+/* * Writes NULs into the string at *stringp to end tokens. */
+/* * delim need not remain constant from call to call. */
+/* * On return, *stringp points past the last NUL written (if there might */
+/* * be further tokens), or is NULL (if there are definitely no more tokens). */
+/* * */
+/* * If *stringp is NULL, strsep returns NULL. */
+/* *\/ */
+/* char* strsep(char **stringp, const char *delim) { */
+/* char *s; */
+/* const char *spanp; */
+/* int c, sc; */
+/* char *tok; */
+
+/* if((s = *stringp) == NULL) */
+/* return (NULL); */
+/* for(tok = s;;) { */
+/* c = *s++; */
+/* spanp = delim; */
+/* do { */
+/* if((sc = *spanp++) == c) { */
+/* if(c == 0) */
+/* s = NULL; */
+/* else */
+/* s[-1] = 0; */
+/* *stringp = s; */
+/* return (tok); */
+/* } */
+/* } while (sc != 0); */
+/* } */
+/* /\* NOTREACHED *\/ */
+/* } */
+/* #endif */
diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c
index e7f55a78d..99420b85e 100644
--- a/src/lib/protocols/bittorrent.c
+++ b/src/lib/protocols/bittorrent.c
@@ -432,14 +432,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st
u_int32_t ts = ntohl(*((u_int32_t*)&(packet->payload[4])));
u_int32_t now;
-#ifndef __KERNEL__
now = (u_int32_t)time(NULL);
-#else
- struct timespec t;
-
- getnstimeofday(&t);
- now = t.tv_sec;
-#endif
if((ts < (now+86400)) && (ts > (now-86400))) {
goto bittorrent_found;
diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c
index 6442c7db7..beea43d0d 100644
--- a/src/lib/protocols/btlib.c
+++ b/src/lib/protocols/btlib.c
@@ -42,8 +42,6 @@ typedef signed long long int i_int64_t;
#include "btlib.h"
-#ifndef __KERNEL__
-
int bt_parse_debug = 0;
static char *printXb(char *s,const u_int8_t *b,int l) {
@@ -183,11 +181,8 @@ static void _print_safe_str(char *msg,char *k,const u_int8_t *s,size_t l) {
static void print_safe_str(char *msg,bt_parse_data_cb_t *cbd) {
_print_safe_str(msg,cbd->buf,cbd->v.s.s,cbd->v.s.l);
}
-#define DEBUG_TRACE(cmd) { if(bt_parse_debug) cmd; }
-#else
-#define DEBUG_TRACE(cmd,args...)
-#endif /* __KERNEL */
+#define DEBUG_TRACE(cmd) { if(bt_parse_debug) cmd; }
#define STREQ(a,b) !strcmp(a,b)
diff --git a/src/lib/protocols/btlib.h b/src/lib/protocols/btlib.h
index cc2928155..db68370c9 100644
--- a/src/lib/protocols/btlib.h
+++ b/src/lib/protocols/btlib.h
@@ -139,9 +139,7 @@ typedef struct bt_parse_data_cb {
} v;
} bt_parse_data_cb_t;
-#ifndef __KERNEL__
extern int bt_parse_debug;
void dump_bt_proto_struct(struct bt_parse_protocol *p);
-#endif
const u_int8_t *bt_decode(const u_int8_t *b, size_t *l, int *ret, bt_parse_data_cb_t *cbd);
diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c
index d03c0cbe6..92607579c 100644
--- a/src/lib/protocols/citrix.c
+++ b/src/lib/protocols/citrix.c
@@ -33,14 +33,6 @@ static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_packet_struct *packet = &flow->packet;
u_int32_t payload_len = packet->payload_packet_len;
-#if 0
- printf("[len=%u][%02X %02X %02X %02X]\n", payload_len,
- packet->payload[0] & 0xFF,
- packet->payload[1] & 0xFF,
- packet->payload[2] & 0xFF,
- packet->payload[3] & 0xFF);
-#endif
-
if(packet->tcp != NULL) {
flow->l4.tcp.citrix_packet_id++;
@@ -70,7 +62,6 @@ static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct,
return;
}
-
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX);
} else if(flow->l4.tcp.citrix_packet_id > 3)
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX);
diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c
index 846c60170..24375c90f 100644
--- a/src/lib/protocols/directdownloadlink.c
+++ b/src/lib/protocols/directdownloadlink.c
@@ -709,23 +709,10 @@ void ndpi_search_direct_download_link_tcp(struct ndpi_detection_module_struct *n
{
struct ndpi_packet_struct *packet = &flow->packet;
- // struct ndpi_id_struct *src=ndpi_struct->src;
- // struct ndpi_id_struct *dst=ndpi_struct->dst;
-#if 0
- if (ndpi_struct->direct_download_link_counter_callback != NULL) {
- if (packet->detected_protocol == NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) {
- /* skip packets not requests from the client to the server */
- if (packet->packet_direction == flow->l4.tcp.ddlink_server_direction) {
- search_ddl_domains(ndpi_struct, flow); // do the detection again in order to get the URL in keep alive streams
- } else {
- // just count the packet
- ndpi_struct->direct_download_link_counter_callback(flow->hash_id_number, packet->l3_packet_len);
- }
- }
- return;
- }
-#endif
- // do not detect again if it is already ddl
+ /* struct ndpi_id_struct *src=ndpi_struct->src; */
+ /* struct ndpi_id_struct *dst=ndpi_struct->dst; */
+
+ /* do not detect again if it is already ddl */
if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) {
if (search_ddl_domains(ndpi_struct, flow) != 0) {
return;
diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c
index ec2c1099e..97044f94e 100644
--- a/src/lib/protocols/gtp.c
+++ b/src/lib/protocols/gtp.c
@@ -35,14 +35,6 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str
// const u_int8_t *packet_payload = packet->payload;
u_int32_t payload_len = packet->payload_packet_len;
-#if 0
- printf("[len=%u][%02X %02X %02X %02X]\n", payload_len,
- packet->payload[0] & 0xFF,
- packet->payload[1] & 0xFF,
- packet->payload[2] & 0xFF,
- packet->payload[3] & 0xFF);
-#endif
-
if((packet->udp != NULL) && (payload_len > sizeof(struct gtp_header_generic))) {
u_int32_t gtp_u = ntohs(2152);
u_int32_t gtp_c = ntohs(2123);
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 9314dba65..ced34c099 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -349,14 +349,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type Line found %.*s\n",
packet->user_agent_line.len, packet->user_agent_line.ptr);
-
-#if 0
- if((ndpi_struct->http_dont_dissect_response) || flow->http_detected)
- ndpi_match_content_subprotocol(ndpi_struct, flow,
- (char*)packet->user_agent_line.ptr,
- packet->user_agent_line.len,
- NDPI_PROTOCOL_HTTP);
-#endif
}
/* check for host line */
diff --git a/src/lib/protocols/lotus_notes.c b/src/lib/protocols/lotus_notes.c
index d0b3aa50f..37c4cf896 100644
--- a/src/lib/protocols/lotus_notes.c
+++ b/src/lib/protocols/lotus_notes.c
@@ -35,20 +35,6 @@ static void ndpi_check_lotus_notes(struct ndpi_detection_module_struct *ndpi_str
if(packet->tcp != NULL) {
flow->l4.tcp.lotus_notes_packet_id++;
-#if 0
- printf("[lotus_notes_packet_id: %u][len=%u][%02X %02X %02X %02X %02X %02X %02X %02X]\n",
- flow->l4.tcp.lotus_notes_packet_id, payload_len,
- packet->payload[6] & 0xFF,
- packet->payload[7] & 0xFF,
- packet->payload[8] & 0xFF,
- packet->payload[9] & 0xFF,
- packet->payload[10] & 0xFF,
- packet->payload[11] & 0xFF,
- packet->payload[12] & 0xFF,
- packet->payload[13] & 0xFF
- );
-#endif
-
if((flow->l4.tcp.lotus_notes_packet_id == 1)
/* We have seen the 3-way handshake */
&& flow->l4.tcp.seen_syn
diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c
index 8226ab93c..d4426e7f3 100644
--- a/src/lib/protocols/mdns.c
+++ b/src/lib/protocols/mdns.c
@@ -37,108 +37,108 @@ static void ndpi_int_mdns_add_connection(struct ndpi_detection_module_struct
}
static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
+ *ndpi_struct, struct ndpi_flow_struct *flow)
{
- struct ndpi_packet_struct *packet = &flow->packet;
+ struct ndpi_packet_struct *packet = &flow->packet;
- if ((packet->payload[2] & 0x80) == 0 &&
- ntohs(get_u_int16_t(packet->payload, 4)) <= NDPI_MAX_MDNS_REQUESTS &&
- ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS) {
+ if ((packet->payload[2] & 0x80) == 0 &&
+ ntohs(get_u_int16_t(packet->payload, 4)) <= NDPI_MAX_MDNS_REQUESTS &&
+ ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS) {
- NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n");
+ NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n");
- return 1;
- } else if ((packet->payload[2] & 0x80) != 0 &&
- ntohs(get_u_int16_t(packet->payload, 4)) == 0 &&
- ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS &&
- ntohs(get_u_int16_t(packet->payload, 6)) != 0) {
- NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with answer query.\n");
+ return 1;
+ } else if ((packet->payload[2] & 0x80) != 0 &&
+ ntohs(get_u_int16_t(packet->payload, 4)) == 0 &&
+ ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS &&
+ ntohs(get_u_int16_t(packet->payload, 6)) != 0) {
+ NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with answer query.\n");
- return 1;
- }
+ return 1;
+ }
- return 0;
+ return 0;
}
void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
- struct ndpi_packet_struct *packet = &flow->packet;
+ struct ndpi_packet_struct *packet = &flow->packet;
-// struct ndpi_id_struct *src=ndpi_struct->src;
-// struct ndpi_id_struct *dst=ndpi_struct->dst;
-
- u_int16_t dport;
-// const u_int16_t sport=ntohs(packet->udp->source);
-
- /* check if UDP and */
- if (packet->udp != NULL) {
- /*read destination port */
- dport = ntohs(packet->udp->dest);
-
- NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "MDNS udp start \n");
-
-
-
- /*check standard MDNS to port 5353 */
- /*took this information from http://www.it-administrator.de/lexikon/multicast-dns.html */
-
- if (dport == 5353 && packet->payload_packet_len >= 12) {
-
- NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with destination port 5353\n");
-
- /* MDNS header is similar to dns header */
- /* dns header
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
- | ID |
- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
- |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
- | QDCOUNT |
- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
- | ANCOUNT |
- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
- | NSCOUNT |
- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
- | ARCOUNT |
- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
- *
- * dns query check: query: QR set, ancount = 0, nscount = 0, QDCOUNT < MAX_MDNS, ARCOUNT < MAX_MDNS
- *
- */
-
- /* mdns protocol must have destination address 224.0.0.251 */
- /* took this information from http://www.it-administrator.de/lexikon/multicast-dns.html */
-
- if (packet->iph != NULL && ntohl(packet->iph->daddr) == 0xe00000fb) {
-
- NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct,
- NDPI_LOG_DEBUG, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n");
-
- if (ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) {
- ndpi_int_mdns_add_connection(ndpi_struct, flow);
- return;
- }
- }
+ // struct ndpi_id_struct *src=ndpi_struct->src;
+ // struct ndpi_id_struct *dst=ndpi_struct->dst;
+
+ u_int16_t dport;
+ // const u_int16_t sport=ntohs(packet->udp->source);
+
+ /* check if UDP and */
+ if (packet->udp != NULL) {
+ /*read destination port */
+ dport = ntohs(packet->udp->dest);
+
+ NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "MDNS udp start \n");
+
+
+
+ /*check standard MDNS to port 5353 */
+ /*took this information from http://www.it-administrator.de/lexikon/multicast-dns.html */
+
+ if (dport == 5353 && packet->payload_packet_len >= 12) {
+
+ NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with destination port 5353\n");
+
+ /* MDNS header is similar to dns header */
+ /* dns header
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ID |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QDCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ANCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | NSCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ARCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *
+ * dns query check: query: QR set, ancount = 0, nscount = 0, QDCOUNT < MAX_MDNS, ARCOUNT < MAX_MDNS
+ *
+ */
+
+ /* mdns protocol must have destination address 224.0.0.251 */
+ /* took this information from http://www.it-administrator.de/lexikon/multicast-dns.html */
+
+ if (packet->iph != NULL && ntohl(packet->iph->daddr) == 0xe00000fb) {
+
+ NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct,
+ NDPI_LOG_DEBUG, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n");
+
+ if (ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) {
+ ndpi_int_mdns_add_connection(ndpi_struct, flow);
+ return;
+ }
+ }
#ifdef NDPI_DETECTION_SUPPORT_IPV6
- if (packet->iphv6 != NULL) {
- const u_int32_t *daddr = packet->iphv6->daddr.ndpi_v6_u.u6_addr32;
- if (daddr[0] == htonl(0xff020000) && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb)) {
-
- NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct,
- NDPI_LOG_DEBUG, "found MDNS with destination address ff02::fb\n");
-
- if (ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) {
- ndpi_int_mdns_add_connection(ndpi_struct, flow);
- return;
- }
- }
- }
-#endif
+ if (packet->iphv6 != NULL) {
+ const u_int32_t *daddr = packet->iphv6->ip6_dst.u6_addr.u6_addr32;
+ if (daddr[0] == htonl(0xff020000) && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb)) {
+
+ NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct,
+ NDPI_LOG_DEBUG, "found MDNS with destination address ff02::fb\n");
- }
+ if (ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) {
+ ndpi_int_mdns_add_connection(ndpi_struct, flow);
+ return;
+ }
}
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MDNS);
+ }
+#endif
+
+ }
+ }
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MDNS);
}
diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c
index 30bb898f2..54c634263 100644
--- a/src/lib/protocols/netflow.c
+++ b/src/lib/protocols/netflow.c
@@ -23,12 +23,10 @@
#ifdef NDPI_PROTOCOL_NETFLOW
-#ifndef __KERNEL__
#ifdef WIN32
extern int gettimeofday(struct timeval * tp, struct timezone * tzp);
#endif
#define do_gettimeofday(a) gettimeofday(a, NULL)
-#endif
struct flow_ver1_rec {
u_int32_t srcaddr; /* Source IP Address */
diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c
index 09f26793b..625dc4108 100644
--- a/src/lib/protocols/radius.c
+++ b/src/lib/protocols/radius.c
@@ -35,14 +35,6 @@ static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct,
// const u_int8_t *packet_payload = packet->payload;
u_int32_t payload_len = packet->payload_packet_len;
-#if 0
- printf("[len=%u][%02X %02X %02X %02X]\n", payload_len,
- packet->payload[0] & 0xFF,
- packet->payload[1] & 0xFF,
- packet->payload[2] & 0xFF,
- packet->payload[3] & 0xFF);
-#endif
-
if(packet->udp != NULL) {
struct radius_header *h = (struct radius_header*)packet->payload;
u_int len = ntohs(h->len);
diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c
index de9700e4a..9f9febfeb 100644
--- a/src/lib/protocols/tcp_udp.c
+++ b/src/lib/protocols/tcp_udp.c
@@ -64,7 +64,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st
proto = ndpi_search_tcp_or_udp_raw(ndpi_struct,
flow->packet.iph ? flow->packet.iph->protocol :
#ifdef NDPI_DETECTION_SUPPORT_IPV6
- flow->packet.iphv6->nexthdr,
+ flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt,
#else
0,
#endif
diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c
index 036162b1f..f2c2eae4c 100644
--- a/src/lib/protocols/tor.c
+++ b/src/lib/protocols/tor.c
@@ -66,14 +66,12 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_int_tor_add_connection(ndpi_struct, flow);
return(1);
} else {
-#ifndef __KERNEL__
#ifdef PENDANTIC_TOR_CHECK
if(gethostbyname(certificate) == NULL) {
ndpi_int_tor_add_connection(ndpi_struct, flow);
return(1);
}
#endif
-#endif
}
return(0);
diff --git a/src/lib/third_party/include/ndpi_patricia.h b/src/lib/third_party/include/ndpi_patricia.h
index 651e52fc9..3053cf9e1 100644
--- a/src/lib/third_party/include/ndpi_patricia.h
+++ b/src/lib/third_party/include/ndpi_patricia.h
@@ -51,18 +51,13 @@
/* { from defs.h */
#define prefix_touchar(prefix) ((u_char *)&(prefix)->add.sin)
-#ifdef __KERNEL__
-#define MAXLINE 512
-#else
#define MAXLINE 1024
-#endif
#define BIT_TEST(f, b) ((f) & (b))
/* } */
#define addroute make_and_lookup
-#ifndef __KERNEL__
#include <sys/types.h> /* for u_* definitions (on FreeBSD 5) */
#include <errno.h> /* for EAFNOSUPPORT */
@@ -81,8 +76,6 @@
#include <ws2tcpip.h> /* IPv6 */
#endif
-#endif /* __KERNEL__ */
-
/* { from mrt.h */
typedef struct the_prefix4_t {
diff --git a/src/lib/third_party/src/ahocorasick.c b/src/lib/third_party/src/ahocorasick.c
index 54a97e776..ce064033f 100644
--- a/src/lib/third_party/src/ahocorasick.c
+++ b/src/lib/third_party/src/ahocorasick.c
@@ -18,12 +18,10 @@
along with multifast. If not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef __KERNEL__
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
-#endif
#include "ndpi_api.h"
#include "ahocorasick.h"
@@ -245,7 +243,6 @@ void ac_automata_release (AC_AUTOMATA_t * thiz)
ndpi_free(thiz);
}
-#ifndef __KERNEL__
/******************************************************************************
* FUNCTION: ac_automata_display
* Prints the automata to output in human readable form. it is useful for
@@ -299,7 +296,6 @@ void ac_automata_display (AC_AUTOMATA_t * thiz, char repcast)
printf("---------------------------------\n");
}
}
-#endif /* __KERNEL__ */
/******************************************************************************
* FUNCTION: ac_automata_register_nodeptr
diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c
index 59d17e556..0a8fa857d 100644
--- a/src/lib/third_party/src/ndpi_patricia.c
+++ b/src/lib/third_party/src/ndpi_patricia.c
@@ -39,7 +39,6 @@
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ifndef __KERNEL__
#include <assert.h> /* assert */
#include <ctype.h> /* isdigit */
#include <errno.h> /* errno */
@@ -54,26 +53,8 @@
#include <netinet/in.h> /* BSD, Linux: for inet_addr */
#include <arpa/inet.h> /* BSD, Linux, Solaris: for inet_addr */
#endif
-#else
-#define assert(a) ;
-#endif /* __KERNEL__ */
-
#include "ndpi_patricia.h"
-
-#ifdef __KERNEL__
-
-long atol(const char *nptr) {
- long l;
- char *endp;
-
- l = simple_strtol(nptr, &endp, 10);
- return(l);
-}
-#endif
-
-// #define PATRICIA_DEBUG
-
void ndpi_DeleteEntry(void *a) {
ndpi_free(a);
}
@@ -126,7 +107,7 @@ inet_pton (int af, const char *src, void *dst)
}
}
#ifdef NT
-#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__))
+#if defined(PATRICIA_IPV6)
else if(af == AF_INET6) {
struct in6_addr Address;
return (inet6_addr(src, &Address));
@@ -175,15 +156,13 @@ ndpi_my_inet_pton (int af, const char *src, void *dst)
}
memcpy (dst, xp, sizeof(struct in_addr));
return (1);
-#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__))
+#if defined(PATRICIA_IPV6)
} else if(af == AF_INET6) {
- return (inet_pton (af, src, dst));
+ return (inet_pton (af, src, dst));
#endif /* PATRICIA_IPV6 */
- } else {
+ } else {
#ifndef NT
-#ifndef __KERNEL__
- errno = EAFNOSUPPORT;
-#endif
+ errno = EAFNOSUPPORT;
#endif /* NT */
return -1;
}
@@ -236,7 +215,7 @@ ndpi_prefix_toa2x (prefix_t *prefix, char *buff, int with_len)
}
return (buff);
}
-#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__))
+#if defined(PATRICIA_IPV6)
else if(prefix->family == AF_INET6) {
char *r;
r = (char *) inet_ntop (AF_INET6, &prefix->add.sin6, buff, 48 /* a guess value */ );
@@ -274,7 +253,7 @@ ndpi_New_Prefix2 (int family, void *dest, int bitlen, prefix_t *prefix)
int dynamic_allocated = 0;
int default_bitlen = sizeof(struct in_addr) * 8;
-#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__))
+#if defined(PATRICIA_IPV6)
if(family == AF_INET6) {
default_bitlen = sizeof(struct in6_addr) * 8;
if(prefix == NULL) {
@@ -319,8 +298,7 @@ ndpi_New_Prefix (int family, void *dest, int bitlen)
return (ndpi_New_Prefix2 (family, dest, bitlen, NULL));
}
-/* ndpi_ascii2prefix
- */
+/* ndpi_ascii2prefix */
prefix_t *
ndpi_ascii2prefix (int family, char *string)
{
@@ -328,7 +306,7 @@ ndpi_ascii2prefix (int family, char *string)
long maxbitlen = 0;
char *cp;
struct in_addr sin;
-#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__))
+#if defined(PATRICIA_IPV6)
struct in6_addr sin6;
#endif /* PATRICIA_IPV6 */
char save[MAXLINE];
@@ -339,7 +317,7 @@ ndpi_ascii2prefix (int family, char *string)
/* easy way to handle both families */
if(family == 0) {
family = AF_INET;
-#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__))
+#if defined(PATRICIA_IPV6)
if(strchr (string, ':')) family = AF_INET6;
#endif /* PATRICIA_IPV6 */
}
@@ -347,7 +325,7 @@ ndpi_ascii2prefix (int family, char *string)
if(family == AF_INET) {
maxbitlen = sizeof(struct in_addr) * 8;
}
-#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__))
+#if defined(PATRICIA_IPV6)
else if(family == AF_INET6) {
maxbitlen = sizeof(struct in6_addr) * 8;
}
@@ -373,7 +351,7 @@ ndpi_ascii2prefix (int family, char *string)
return (ndpi_New_Prefix (AF_INET, &sin, bitlen));
}
-#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__))
+#if defined(PATRICIA_IPV6)
else if(family == AF_INET6) {
// Get rid of this with next IPv6 upgrade
#if defined(NT) && !defined(HAVE_INET_NTOP)
@@ -420,8 +398,6 @@ ndpi_Deref_Prefix (prefix_t * prefix)
}
}
-/* } */
-
/* #define PATRICIA_DEBUG 1 */
static int num_active_patricia = 0;
@@ -446,7 +422,6 @@ ndpi_New_Patricia (int maxbits)
* if func is supplied, it will be called as func(node->data)
* before deleting the node
*/
-
void
ndpi_Clear_Patricia (patricia_tree_t *patricia, void_fn_t func)
{
@@ -503,7 +478,6 @@ ndpi_Destroy_Patricia (patricia_tree_t *patricia, void_fn_t func)
/*
* if func is supplied, it will be called as func(node->prefix, node->data)
*/
-
void
ndpi_patricia_process (patricia_tree_t *patricia, void_fn2_t func)
{
@@ -1073,5 +1047,3 @@ ndpi_lookup_then_remove (patricia_tree_t *tree, char *string)
patricia_remove (tree, node);
}
#endif
-
-/* } */
diff --git a/src/lib/third_party/src/node.c b/src/lib/third_party/src/node.c
index 404fb24d4..a43cc59a6 100644
--- a/src/lib/third_party/src/node.c
+++ b/src/lib/third_party/src/node.c
@@ -18,14 +18,10 @@
along with multifast. If not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef __KERNEL__
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
-#endif
-
#include "ndpi_api.h"
-
#include "../include/node.h"
#include "sort.h"
diff --git a/src/lib/third_party/src/sort.c b/src/lib/third_party/src/sort.c
index d6545e85a..35c8e9fdf 100644
--- a/src/lib/third_party/src/sort.c
+++ b/src/lib/third_party/src/sort.c
@@ -4,9 +4,6 @@
* Jan 23 2005 Matt Mackall <mpm@selenic.com>
*/
-#ifdef __KERNEL__
-#include <linux/types.h>
-#else
#ifdef WIN32
#include <stdint.h>
typedef uint32_t u_int32_t;
@@ -15,7 +12,6 @@ typedef uint32_t u_int32_t;
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
-#endif
/* This is a function ported from the Linux kernel lib/sort.c */
@@ -94,37 +90,3 @@ void sort(void *_base, size_t num, size_t size,
}
}
}
-
-
-#if 0
-/* a simple boot-time regression test */
-
-int cmpint(const void *a, const void *b)
-{
- return *(int *)a - *(int *)b;
-}
-
-int main(int argc, char *argv[]) {
- int *a, i, r = 1;
-
- a = ndpi_malloc(1000 * sizeof(int));
-
- printf("testing sort()\n");
-
- for (i = 0; i < 1000; i++) {
- r = (r * 725861) % 6599;
- a[i] = r;
- }
-
- sort(a, 1000, sizeof(int), cmpint, NULL);
-
- for (i = 0; i < 999; i++)
- if (a[i] > a[i+1]) {
- printf("sort() failed!\n");
- break;
- }
-
- return 0;
-}
-
-#endif