diff options
author | Michele Campus <fci1908@gmail.com> | 2015-11-12 14:57:02 +0100 |
---|---|---|
committer | Michele Campus <fci1908@gmail.com> | 2015-11-12 14:57:02 +0100 |
commit | dd3a79dac2bd67ce4ef5bb8fde0fb5936d8d4d81 (patch) | |
tree | e61b9887adde422ff8b7f5fd37b01eb8993c618a | |
parent | 63cab68a9687f48a955f1edf35c7230b7a0c2d2d (diff) | |
parent | a4f170604ce97b12718181fd43f506edbdb0b0d5 (diff) |
Merge pull request #114 from kYroL01/dev
Refactoring nDPI
26 files changed, 566 insertions, 675 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 1b9f070d4..88dba03e9 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -42,17 +42,15 @@ #include <pcap.h> #include <signal.h> #include <pthread.h> +#include <sys/socket.h> #include "../config.h" +#include "ndpi_api.h" #ifdef HAVE_JSON_C #include <json.h> #endif -#include "ndpi_api.h" - -#include <sys/socket.h> - #define MAX_NUM_READER_THREADS 16 #define IDLE_SCAN_PERIOD 10 /* msec (use detection_tick_resolution = 1000) */ #define MAX_IDLE_TIME 30000 @@ -77,6 +75,7 @@ #define MPLS_UNI 0x8847 #define MPLS_MULTI 0x8848 #define PPPoE 0x8864 +#define SNAP 0xaa /* mask for FCF */ #define WIFI_DATA 0x2 /* 0000 0010 */ @@ -654,16 +653,6 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept struct ndpi_flow *flow = *(struct ndpi_flow **) node; u_int16_t thread_id = *((u_int16_t *) user_data); -#if 0 - printf("<%d>Walk on node %s (%p)\n", - depth, - which == preorder?"preorder": - which == postorder?"postorder": - which == endorder?"endorder": - which == leaf?"leaf": "unknown", - flow); -#endif - if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ if(enable_protocol_guess) { if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { @@ -727,7 +716,7 @@ static struct ndpi_flow *get_ndpi_flow(u_int16_t thread_id, const u_int8_t version, u_int16_t vlan_id, const struct ndpi_iphdr *iph, - const struct ndpi_ip6_hdr *iph6, + const struct ndpi_ipv6hdr *iph6, u_int16_t ip_offset, u_int16_t ipsize, u_int16_t l4_packet_len, @@ -764,7 +753,7 @@ static struct ndpi_flow *get_ndpi_flow(u_int16_t thread_id, l4_offset = iph->ihl * 4; l3 = (u_int8_t*)iph; } else { - l4_offset = sizeof(struct ndpi_ip6_hdr); + l4_offset = sizeof(struct ndpi_ipv6hdr); l3 = (u_int8_t*)iph6; } @@ -941,7 +930,7 @@ static struct ndpi_flow *get_ndpi_flow(u_int16_t thread_id, static struct ndpi_flow *get_ndpi_flow6(u_int16_t thread_id, u_int16_t vlan_id, - const struct ndpi_ip6_hdr *iph6, + const struct ndpi_ipv6hdr *iph6, u_int16_t ip_offset, struct ndpi_tcphdr **tcph, struct ndpi_udphdr **udph, @@ -961,13 +950,13 @@ static struct ndpi_flow *get_ndpi_flow6(u_int16_t thread_id, iph.protocol = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt; if(iph.protocol == 0x3C /* IPv6 destination option */) { - u_int8_t *options = (u_int8_t*)iph6 + sizeof(const struct ndpi_ip6_hdr); + u_int8_t *options = (u_int8_t*)iph6 + sizeof(const struct ndpi_ipv6hdr); iph.protocol = options[0]; } return(get_ndpi_flow(thread_id, 6, vlan_id, &iph, iph6, ip_offset, - sizeof(struct ndpi_ip6_hdr), + sizeof(struct ndpi_ipv6hdr), ntohs(iph6->ip6_ctlun.ip6_un1.ip6_un1_plen), tcph, udph, sport, dport, src, dst, proto, payload, payload_len, src_to_dst_direction)); @@ -995,8 +984,8 @@ static void setupDetection(u_int16_t thread_id) { ndpi_set_protocol_detection_bitmask2(ndpi_thread_info[thread_id].ndpi_struct, &all); // allocate memory for id and flow tracking - size_id_struct = ndpi_detection_get_sizeof_ndpi_id_struct(); - size_flow_struct = ndpi_detection_get_sizeof_ndpi_flow_struct(); + size_id_struct = sizeof(struct ndpi_id_struct); + size_flow_struct = sizeof(struct ndpi_flow_struct); // clear memory for results memset(ndpi_thread_info[thread_id].stats.protocol_counter, 0, sizeof(ndpi_thread_info[thread_id].stats.protocol_counter)); @@ -1027,7 +1016,7 @@ static unsigned int packet_processing(u_int16_t thread_id, const u_int64_t time, u_int16_t vlan_id, const struct ndpi_iphdr *iph, - struct ndpi_ip6_hdr *iph6, + struct ndpi_ipv6hdr *iph6, u_int16_t ip_offset, u_int16_t ipsize, u_int16_t rawsize) { struct ndpi_id_struct *src, *dst; @@ -1084,31 +1073,6 @@ static unsigned int packet_processing(u_int16_t thread_id, snprintf(flow->ssl.server_certificate, sizeof(flow->ssl.server_certificate), "%s", flow->ndpi_flow->protos.ssl.server_certificate); } -#if 0 - if(verbose > 1) { - if(ndpi_is_proto(flow->detected_protocol, NDPI_PROTOCOL_HTTP)) { - char *method; - - printf("[URL] %s\n", ndpi_get_http_url(ndpi_thread_info[thread_id].ndpi_struct, ndpi_flow)); - printf("[Content-Type] %s\n", ndpi_get_http_content_type(ndpi_thread_info[thread_id].ndpi_struct, ndpi_flow)); - - switch(ndpi_get_http_method(ndpi_thread_info[thread_id].ndpi_struct, ndpi_flow)) { - case HTTP_METHOD_OPTIONS: method = "HTTP_METHOD_OPTIONS"; break; - case HTTP_METHOD_GET: method = "HTTP_METHOD_GET"; break; - case HTTP_METHOD_HEAD: method = "HTTP_METHOD_HEAD"; break; - case HTTP_METHOD_POST: method = "HTTP_METHOD_POST"; break; - case HTTP_METHOD_PUT: method = "HTTP_METHOD_PUT"; break; - case HTTP_METHOD_DELETE: method = "HTTP_METHOD_DELETE"; break; - case HTTP_METHOD_TRACE: method = "HTTP_METHOD_TRACE"; break; - case HTTP_METHOD_CONNECT: method = "HTTP_METHOD_CONNECT"; break; - default: method = "HTTP_METHOD_UNKNOWN"; break; - } - - printf("[Method] %s\n", method); - } - } -#endif - free_ndpi_flow(flow); if(verbose > 1) { @@ -1123,11 +1087,6 @@ static unsigned int packet_processing(u_int16_t thread_id, } } -#if 0 - if(ndpi_flow->l4.tcp.host_server_name[0] != '\0') - printf("%s\n", ndpi_flow->l4.tcp.host_server_name); -#endif - if(live_capture) { if(ndpi_thread_info[thread_id].last_idle_scan_time + IDLE_SCAN_PERIOD < ndpi_thread_info[thread_id].last_time) { /* scan for idle flows */ @@ -1600,40 +1559,47 @@ static void pcap_packet_callback(u_char *args, /* * Declare pointers to packet headers */ - /** --- Ethernet header --- **/ + + /* --- Ethernet header --- */ const struct ndpi_ethhdr *ethernet; - /** --- Cisco HDLC header --- **/ + /* --- Ethernet II header --- */ + const struct ndpi_ethhdr *ethernet_2; + /* --- LLC header --- */ + const struct ndpi_llc_header *llc; + + /* --- Cisco HDLC header --- */ const struct ndpi_chdlc *chdlc; + /* --- SLARP frame --- */ + struct ndpi_slarp *slarp; + /* --- CDP --- */ + struct ndpi_cdp *cdp; - /** --- ieee802.11 --- **/ - /* Radio Tap header */ + /* --- Radio Tap header --- */ const struct ndpi_radiotap_header *radiotap; - /* LLC header */ - const struct ndpi_llc_header_proto *llc; - /* Data frame */ - const struct ndpi_wifi_data_frame *wifi_data; + /* --- Wifi header --- */ + const struct ndpi_wifi_header *wifi; - /* SLARP frame */ - struct ndpi_slarp *slarp; - /* CDP */ - struct ndpi_cdp *cdp; + /* --- MPLS header --- */ + struct ndpi_mpls_header *mpls; /** --- IP header --- **/ struct ndpi_iphdr *iph; /** --- IPv6 header --- **/ - struct ndpi_ip6_hdr *iph6; + struct ndpi_ipv6hdr *iph6; /* lengths and offsets */ u_int16_t eth_offset = 0; u_int16_t radio_len; u_int16_t fc; - int wifi_data_len; - int llc_len; - u_int16_t llc_ether_type; + u_int16_t type; + int wifi_len; + int llc_off; + int pyld_eth_len = 0; + int check; u_int32_t fcs; u_int64_t time; - u_int16_t type, ip_offset, ip_len, ip6_offset; + u_int16_t ip_offset, ip_len, ip6_offset; u_int16_t frag_off = 0, vlan_id = 0; u_int8_t proto = 0; u_int32_t label; @@ -1676,6 +1642,7 @@ static void pcap_packet_callback(u_char *args, datalink_check: switch(datalink_type) { + case DLT_NULL : if(ntohl(*((u_int32_t*)&packet[eth_offset])) == 2) type = ETH_P_IP; @@ -1684,7 +1651,7 @@ static void pcap_packet_callback(u_char *args, ip_offset = 4 + eth_offset; - /* Cisco PPP in HDLC-like framing - 50*/ + /* Cisco PPP in HDLC-like framing - 50 */ case DLT_PPP_SERIAL: chdlc = (struct ndpi_chdlc *) &packet[eth_offset]; ip_offset = sizeof(struct ndpi_chdlc); /* CHDLC_OFF = 4 */ @@ -1702,7 +1669,21 @@ static void pcap_packet_callback(u_char *args, case DLT_EN10MB : ethernet = (struct ndpi_ethhdr *) &packet[eth_offset]; ip_offset = sizeof(struct ndpi_ethhdr) + eth_offset; - type = ntohs(ethernet->h_proto); + check = ntohs(ethernet->h_lt); + + if(check <= 1500) + pyld_eth_len = check; + else if (check >= 1536) + type = check; + + if(pyld_eth_len != 0) { + /* check for LLC layer with SNAP extension */ + if(packet[ip_offset] == SNAP) { + llc = (struct ndpi_llc_header *)(&packet[ip_offset]); + type = llc->snap.proto_ID; + ip_offset += + 8; + } + } break; /* Linux Cooked Capture - 113 */ @@ -1726,73 +1707,67 @@ static void pcap_packet_callback(u_char *args, fcs = header->len - 4; /* Calculate 802.11 header length (variable) */ - wifi_data = (struct ndpi_wifi_data_frame*)( packet + eth_offset + radio_len); - fc = wifi_data->fc; + wifi = (struct ndpi_wifi_header*)( packet + eth_offset + radio_len); + fc = wifi->fc; /* check wifi data presence */ if(FCF_TYPE(fc) == WIFI_DATA) { if((FCF_TO_DS(fc) && FCF_FROM_DS(fc) == 0x0) || (FCF_TO_DS(fc) == 0x0 && FCF_FROM_DS(fc))) - wifi_data_len = 26; /* + 4 byte fcs */ - - /* TODO: check QoS Control for aggregated MSDU */ + wifi_len = 26; /* + 4 byte fcs */ } else /* no data frames */ break; /* Check ether_type from LLC */ - llc = (struct ndpi_llc_header_proto*)(packet + eth_offset + wifi_data_len + radio_len); - llc_ether_type = ntohs(llc->ether_IP_type); + llc = (struct ndpi_llc_header*)(packet + eth_offset + wifi_len + radio_len); + if(llc->dsap == SNAP) + type = ntohs(llc->snap.proto_ID); /* Set IP header offset */ - ip_offset = wifi_data_len + radio_len + sizeof(struct ndpi_llc_header_proto) + eth_offset; + ip_offset = wifi_len + radio_len + sizeof(struct ndpi_llc_header) + eth_offset; break; default: return; } - while(1) { - if(type == VLAN) { - vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF; - type = (packet[ip_offset+2] << 8) + packet[ip_offset+3]; + /* check ether type */ + if(type == VLAN) { + vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF; + type = (packet[ip_offset+2] << 8) + packet[ip_offset+3]; + ip_offset += 4; + vlan_packet = 1; + } + else if(type == MPLS_UNI || type == MPLS_MULTI) { + + mpls = (struct ndpi_mpls_header *) &packet[ip_offset]; + label = ntohl(mpls->label); + /* label = ntohl(*((u_int32_t*)&packet[ip_offset])); */ + ndpi_thread_info[thread_id].stats.mpls_count++; + type = ETH_P_IP, ip_offset += 4; + + while((label & 0x100) != 0x100) { ip_offset += 4; - vlan_packet = 1; - break; - } - else if(type == MPLS_UNI || type == MPLS_MULTI) { - label = ntohl(*((u_int32_t*)&packet[ip_offset])); - ndpi_thread_info[thread_id].stats.mpls_count++; - type = 0x800, ip_offset += 4; - - while((label & 0x100) != 0x100) { - ip_offset += 4; - label = ntohl(*((u_int32_t*)&packet[ip_offset])); - } - break; - } - else if(type == SLARP) { - slarp = (struct ndpi_slarp *) &packet[ip_offset]; - if(slarp->slarp_type == 0x02 || slarp->slarp_type == 0x00 || slarp->slarp_type == 0x01) { - /* TODO if info are needed */ - } - slarp_pkts++; - break; + label = ntohl(mpls->label); } - else if(type == CISCO_D_PROTO) { - cdp = (struct ndpi_cdp *) &packet[ip_offset]; - cdp_pkts++; - break; - } - else if(type == PPPoE) { - ndpi_thread_info[thread_id].stats.pppoe_count++; - type = 0x0800; - ip_offset += 8; - break; + } + else if(type == SLARP) { + slarp = (struct ndpi_slarp *) &packet[ip_offset]; + if(slarp->slarp_type == 0x02 || slarp->slarp_type == 0x00 || slarp->slarp_type == 0x01) { + /* TODO if info are needed */ } - else - break; - } /* while(1) */ - + slarp_pkts++; + } + else if(type == CISCO_D_PROTO) { + cdp = (struct ndpi_cdp *) &packet[ip_offset]; + cdp_pkts++; + } + else if(type == PPPoE) { + ndpi_thread_info[thread_id].stats.pppoe_count++; + type = ETH_P_IP; + ip_offset += 8; + } + ndpi_thread_info[thread_id].stats.vlan_count += vlan_packet; iph_check: @@ -1836,9 +1811,9 @@ static void pcap_packet_callback(u_char *args, return; } } else if(iph->version == 6) { - iph6 = (struct ndpi_ip6_hdr *)&packet[ip_offset]; + iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset]; proto = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt; - ip_len = sizeof(struct ndpi_ip6_hdr); + ip_len = sizeof(struct ndpi_ipv6hdr); if(proto == 0x3C /* IPv6 destination option */) { @@ -1848,15 +1823,6 @@ static void pcap_packet_callback(u_char *args, } iph = NULL; - /* tunnel 6in4 */ - /* ipv6in4: */ - /* ip6_offset = ip_len + ip_offset; */ - /* iph6 = (struct ndpi_ip6_hdr *)&packet[ip6_offset]; */ - /* proto = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt; */ - /* ip_len = sizeof(struct ndpi_ip6_hdr); */ - /* ip_offset = ip_len + ip6_offset; */ - /* iph = NULL; */ - } else { static u_int8_t ipv4_warning_used = 0; @@ -2071,16 +2037,6 @@ struct timezone { /* ***************************************************** */ -#if 0 -int gettimeofday(struct timeval *tv, void *notUsed) { - tv->tv_sec = time(NULL); - tv->tv_usec = 0; - return(0); -} -#endif - -/* ***************************************************** */ - int gettimeofday(struct timeval *tv, struct timezone *tz) { FILETIME ft; LARGE_INTEGER li; diff --git a/src/include/Makefile.am b/src/include/Makefile.am index 71a507ae2..05266a106 100644 --- a/src/include/Makefile.am +++ b/src/include/Makefile.am @@ -1,9 +1,8 @@ - library_includedir=$(includedir)/libndpi-1.4/libndpi library_include_HEADERS = ndpi_api.h \ - ndpi_debug_functions.h \ - ndpi_define.h \ - ndpi_macros.h \ - ndpi_protocols_osdpi.h \ - ndpi_public_functions.h + ndpi_define.h \ + ndpi_typedefs.h \ + ndpi_main.h \ + ndpi_protocol_ids.h \ + ndpi_protocols.h diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 7b4550150..c1f7fac84 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -32,26 +32,14 @@ extern "C" { #endif - /** - * This function returns the size of the flow struct - * @return the size of the flow struct - */ - u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void); - - /** - * This function returns the size of the id struct - * @return the size of the id struct - */ - u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void); - - /* Public malloc/free */ void* ndpi_malloc(unsigned long size); void* ndpi_calloc(unsigned long count, unsigned long size); void ndpi_free(void *ptr); void *ndpi_realloc(void *ptr, size_t old_size, size_t new_size); char *ndpi_strdup(const char *s); - /* + + /** * Find the first occurrence of find in s, where the search is limited to the * first slen characters of s. */ @@ -150,14 +138,6 @@ extern "C" { */ u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_int8_t ** l4_return, u_int16_t * l4_len_return, u_int8_t * l4_protocol_return, u_int32_t flags); - /** - * returns the real protocol for the flow of the last packet given to the detection. - * if no real protocol could be found, the unknown protocol will be returned. - * - * @param ndpi_struct the detection module - * @return the protocol id of the last real protocol found in the protocol history of the flow - */ - /* u_int16_t ndpi_detection_get_real_protocol_of_flow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); */ /** * returns true if the protocol history of the flow of the last packet given to the detection diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h index f938c8ffb..cfae5f305 100644 --- a/src/include/ndpi_define.h +++ b/src/include/ndpi_define.h @@ -42,12 +42,6 @@ #endif/* BYTE_ORDER */ #endif/* __OPENBSD__ */ -#if 0 -#ifndef NDPI_ENABLE_DEBUG_MESSAGES -#define NDPI_ENABLE_DEBUG_MESSAGES -#endif -#endif - #ifdef WIN32 #define __LITTLE_ENDIAN__ 1 #endif @@ -59,13 +53,6 @@ #define __BIG_ENDIAN__ #endif -/* Kernel modules */ -#if defined(__LITTLE_ENDIAN) -#define __LITTLE_ENDIAN__ -#endif -#if defined(__BIG_ENDIAN) -#define __BIG_ENDIAN__ -#endif /* Everything else */ #if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ @@ -165,11 +152,6 @@ #define MAX_PACKET_COUNTER 65000 #define MAX_DEFAULT_PORTS 5 -/********************** - * detection features * - **********************/ -/* #define NDPI_SELECT_DETECTION_WITH_REAL_PROTOCOL ( 1 << 0 ) */ - #define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 #define NDPI_IRC_CONNECTION_TIMEOUT 120 #define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index cb6d9b629..c570a5833 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -34,6 +34,7 @@ #endif #include <ctype.h> #include <time.h> +#include <arpa/inet.h> #ifndef WIN32 @@ -50,12 +51,11 @@ #include <limits.h> #endif -#include "ndpi_win32.h" -#include "ndpi_unix.h" #include "ndpi_define.h" #include "ndpi_protocol_ids.h" #include "ndpi_typedefs.h" #include "ndpi_protocols.h" +#include "ndpi_api.h" void *ndpi_tdelete(const void * __restrict, void ** __restrict, @@ -90,43 +90,40 @@ void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - -/* function to parse a packet which has line based information into a line based structure - * this function will also set some well known line pointers like: - * - host, user agent, empty line,.... - */ extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); + extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter); -extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, + +extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); -extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, +extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); -extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, - ndpi_protocol_breed_t protoBreed, u_int16_t protoId, - u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], - char *protoName, +extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t protoBreed, u_int16_t protoId, + u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], char *protoName, ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts); + extern void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet); extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow); + extern int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip); extern int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip); extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); extern void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); + extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const ndpi_ip_addr_t * ip); -extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, - const struct ndpi_packet_struct *packet); +extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_packet_struct *packet); extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id); + extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t proto, u_int16_t sport, u_int16_t dport); + extern u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto); + extern u_int16_t ndpi_get_lower_proto(ndpi_protocol p); -extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t protocol_id, +extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id, u_int16_t** tcp_master_proto, u_int16_t** udp_master_proto); @@ -135,6 +132,4 @@ void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct * const char **file, const char **func, u_int32_t * line); #endif -#include "ndpi_api.h" - #endif /* __NDPI_MAIN_INCLUDE_FILE__ */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 63013230c..47df3f0b2 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -22,82 +22,247 @@ * */ -#ifndef __NDPI_TYPEDEFS_FILE__ -#define __NDPI_TYPEDEFS_FILE__ +#ifndef __NDPI_TYPEDEFS_H__ +#define __NDPI_TYPEDEFS_H__ -typedef enum { +#include "ndpi_define.h" + +#define BT_ANNOUNCE +#define _WS2TCPIP_H_ /* Avoid compilation problems */ +#define SNAP_EXT + + +/* NDPI_LOG_LEVEL */ +typedef enum +{ NDPI_LOG_ERROR, NDPI_LOG_TRACE, NDPI_LOG_DEBUG } ndpi_log_level_t; -typedef void (*ndpi_debug_function_ptr) (u_int32_t protocol, - void *module_struct, ndpi_log_level_t log_level, - const char *format, ...); -#define BT_ANNOUNCE - -typedef enum { +/* NDPI_VISIT */ +typedef enum +{ ndpi_preorder, ndpi_postorder, ndpi_endorder, ndpi_leaf } ndpi_VISIT; -typedef struct node_t { +/* NDPI_NODE */ +typedef struct node_t +{ char *key; struct node_t *left, *right; } ndpi_node; +/* NDPI_MASK_SIZE */ typedef u_int32_t ndpi_ndpi_mask; -typedef struct ndpi_protocol_bitmask_struct { - ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS]; +/* NDPI_PROTO_BITMASK_STRUCT */ +typedef struct ndpi_protocol_bitmask_struct +{ + ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS]; } ndpi_protocol_bitmask_struct_t; -#ifdef NDPI_DETECTION_SUPPORT_IPV6 -struct ndpi_ip6_addr { - union { - u_int8_t u6_addr8[16]; - u_int16_t u6_addr16[8]; - u_int32_t u6_addr32[4]; - u_int64_t u6_addr64[2]; - } ndpi_v6_u; - -#define ndpi_v6_addr ndpi_v6_u.u6_addr8 -#define ndpi_v6_addr16 ndpi_v6_u.u6_addr16 -#define ndpi_v6_addr32 ndpi_v6_u.u6_addr32 -#define ndpi_v6_addr64 ndpi_v6_u.u6_addr64 -}; +/* NDPI_DEBUG_FUNCTION_PTR (cast) */ +typedef void (*ndpi_debug_function_ptr) (u_int32_t protocol, void *module_struct, + ndpi_log_level_t log_level, const char *format, ...); -struct ndpi_ipv6hdr { - /* use userspace and kernelspace compatible compile parameters */ -#if defined(__LITTLE_ENDIAN__) - u_int8_t priority:4, version:4; + +/* ************************************************************ */ +/* ******************* NDPI NETWORKS HEADERS ****************** */ +/* ************************************************************ */ + +/* ++++++++++++++++++++++++ Cisco headers +++++++++++++++++++++ */ + +/* Cisco HDLC */ +struct ndpi_chdlc +{ + u_int8_t addr; /* 0x0F (Unicast) - 0x8F (Broadcast) */ + u_int8_t ctrl; /* always 0x00 */ + u_int16_t proto_code; /* protocol type (e.g. 0x0800 IP) */ +} __attribute__((packed)); + +/* SLARP - Serial Line ARP http://tinyurl.com/qa54e95 */ +struct ndpi_slarp +{ + /* address requests (0x00) + address replies (0x01) + keep-alive (0x02) + */ + u_int32_t slarp_type; + u_int32_t addr_1; + u_int32_t addr_2; +} __attribute__((packed)); + +/* Cisco Discovery Protocol http://tinyurl.com/qa6yw9l */ +struct ndpi_cdp +{ + u_int8_t version; + u_int8_t ttl; + u_int16_t checksum; + u_int16_t type; + u_int16_t length; +} __attribute__((packed)); + + +/* +++++++++++++++ Ethernet header (IEEE 802.3) +++++++++++++++ */ +struct ndpi_ethhdr +{ + u_char h_dest[6]; /* destination eth addr */ + u_char h_source[6]; /* source ether addr */ + u_int16_t h_lt; /* data length (<= 1500) or type ID proto (>=1536) */ +} __attribute__((packed)); + +/* +++++++++++++++++++ LLC header (IEEE 802.2) ++++++++++++++++ */ +struct ndpi_snap_extension +{ + u_int16_t oui; + u_int8_t oui2; + u_int16_t proto_ID; +} __attribute__((packed)); + +struct ndpi_llc_header +{ + u_int8_t dsap; + u_int8_t ssap; + u_int8_t ctrl; +#ifdef SNAP_EXT + struct ndpi_snap_extension snap; +#endif +} __attribute__((packed)); + + +/* ++++++++++ RADIO TAP header (for IEEE 802.11) +++++++++++++ */ +struct ndpi_radiotap_header +{ + u_int8_t version; /* set to 0 */ + u_int8_t pad; + u_int16_t len; + u_int32_t present; + u_int64_t MAC_timestamp; + u_int8_t flags; + +} __attribute__((packed)); + +/* ++++++++++++ Wireless header (IEEE 802.11) ++++++++++++++++ */ +struct ndpi_wifi_header +{ + u_int16_t fc; + u_int16_t duration; + u_char rcvr[6]; + u_char trsm[6]; + u_char dest[6]; + u_int16_t seq_ctrl; + /* u_int64_t ccmp - for data encription only - check fc.flag */ +} __attribute__((packed)); + + + +/* +++++++++++++++++++++++ MPLS header +++++++++++++++++++++++ */ +struct ndpi_mpls_header +{ + u_int32_t label:20, exp:3, s:1, ttl:8; +} __attribute__((packed)); + + + +/* ++++++++++++++++++++++++ IP header ++++++++++++++++++++++++ */ +struct ndpi_iphdr { +#if defined(__LITTLE_ENDIAN__) + u_int8_t ihl:4, version:4; #elif defined(__BIG_ENDIAN__) - u_int8_t version:4, priority:4; + u_int8_t version:4, ihl:4; #else # error "Byte order must be defined" #endif + u_int8_t tos; + u_int16_t tot_len; + u_int16_t id; + u_int16_t frag_off; + u_int8_t ttl; + u_int8_t protocol; + u_int16_t check; + u_int32_t saddr; + u_int32_t daddr; +} __attribute__((packed)); + + +/* +++++++++++++++++++++++ IPv6 header +++++++++++++++++++++++ */ +/* rfc3542 */ + +struct ndpi_in6_addr +{ + union + { + u_int8_t u6_addr8[16]; + u_int16_t u6_addr16[8]; + u_int32_t u6_addr32[4]; + } u6_addr; /* 128-bit IP6 address */ +}; - u_int8_t flow_lbl[3]; +struct ndpi_ipv6hdr +{ + union + { + struct ndpi_ip6_hdrctl + { + u_int32_t ip6_un1_flow; + u_int16_t ip6_un1_plen; + u_int8_t ip6_un1_nxt; + u_int8_t ip6_un1_hlim; + } ip6_un1; + u_int8_t ip6_un2_vfc; + } ip6_ctlun; + struct ndpi_in6_addr ip6_src; + struct ndpi_in6_addr ip6_dst; +} __attribute__((packed)); + + + +/* +++++++++++++++++++++++ TCP header +++++++++++++++++++++++ */ +struct ndpi_tcphdr +{ + u_int16_t source; + u_int16_t dest; + u_int32_t seq; + u_int32_t ack_seq; +#if defined(__LITTLE_ENDIAN__) + u_int16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1; +#elif defined(__BIG_ENDIAN__) + u_int16_t doff:4, res1:4, cwr:1, ece:1, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1; +#else +# error "Byte order must be defined" +#endif + u_int16_t window; + u_int16_t check; + u_int16_t urg_ptr; +} __attribute__((packed)); + +/* +++++++++++++++++++++++ UDP header +++++++++++++++++++++++ */ +struct ndpi_udphdr +{ + u_int16_t source; + u_int16_t dest; + u_int16_t len; + u_int16_t check; +} __attribute__((packed)); - u_int16_t payload_len; - u_int8_t nexthdr; - u_int8_t hop_limit; - struct ndpi_ip6_addr saddr; - struct ndpi_ip6_addr daddr; -}; -#endif -typedef union { +typedef union +{ u_int32_t ipv4; u_int8_t ipv4_u_int8_t[4]; #ifdef NDPI_DETECTION_SUPPORT_IPV6 - struct ndpi_ip6_addr ipv6; + struct ndpi_in6_addr ipv6; #endif } ndpi_ip_addr_t; +/* ************************************************************ */ +/* ******************* ********************* ****************** */ +/* ************************************************************ */ #ifdef NDPI_PROTOCOL_BITTORRENT typedef struct spinlock { @@ -152,16 +317,13 @@ typedef enum { } ndpi_http_method; typedef struct ndpi_id_struct { - /* detected_protocol_bitmask: - * access this bitmask to find out whether an id has used skype or not - * if a flag is set here, it will not be resetted - * to compare this, use: - * if (NDPI_BITMASK_COMPARE(id->detected_protocol_bitmask, - * NDPI_PROTOCOL_BITMASK_XXX) != 0) - * { - * // protocol XXX detected on this id - * } - */ + + /** + detected_protocol_bitmask: + access this bitmask to find out whether an id has used skype or not + if a flag is set here, it will not be resetted + to compare this, use: + **/ NDPI_PROTOCOL_BITMASK detected_protocol_bitmask; #ifdef NDPI_PROTOCOL_RTSP ndpi_ip_addr_t rtsp_ip_address; @@ -672,26 +834,34 @@ typedef struct ndpi_flow_struct { u_int16_t guessed_protocol_id, guessed_host_proto_id; u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1; - /* if ndpi_struct->direction_detect_disable == 1 */ - /* tcp sequence number connection tracking */ + + /* + if ndpi_struct->direction_detect_disable == 1 + tcp sequence number connection tracking + */ u_int32_t next_tcp_seq_nr[2]; - /* the tcp / udp / other l4 value union - * this is used to reduce the number of bytes for tcp or udp protocol states - * */ + /* + the tcp / udp / other l4 value union + used to reduce the number of bytes for tcp or udp protocol states + */ union { struct ndpi_flow_tcp_struct tcp; struct ndpi_flow_udp_struct udp; } l4; - struct ndpi_id_struct *server_id; /* - Pointer to src or dst - that identifies the - server of this connection - */ - u_char host_server_name[256]; /* HTTP host or DNS query */ - u_char detected_os[32]; /* Via HTTP User-Agent */ - u_char nat_ip[24]; /* Via HTTP X-Forwarded-For */ + /* + Pointer to src or dst + that identifies the + server of this connection + */ + struct ndpi_id_struct *server_id; + /* HTTP host or DNS query */ + u_char host_server_name[256]; + /* Via HTTP User-Agent */ + u_char detected_os[32]; + /* Via HTTP X-Forwarded-For */ + u_char nat_ip[24]; /* This structure below will not not stay inside the protos @@ -721,7 +891,8 @@ typedef struct ndpi_flow_struct { char client_certificate[48], server_certificate[48]; } ssl; } protos; - /* ALL protocol specific 64 bit variables here */ + + /*** ALL protocol specific 64 bit variables here ***/ /* protocols which have marked a connection as this connection cannot be protocol XXX, multiple u_int64_t */ NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask; @@ -811,4 +982,4 @@ typedef struct ndpi_flow_struct { struct ndpi_id_struct *dst; } ndpi_flow_struct_t; -#endif/* __NDPI_TYPEDEFS_FILE__ */ +#endif/* __NDPI_TYPEDEFS_H__ */ diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index ee395f5cd..be9a50526 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -7,14 +7,11 @@ libndpi_la_LDFLAGS = -version-info 1:0:0 -export-symbols $(top_srcdir)/libndpi.s libndpi_la_includedir = $(includedir)/libndpi-@VERSION@/libndpi libndpi_la_include_HEADERS = ../include/ndpi_api.h \ - ../include/linux_compat.h \ ../include/ndpi_define.h \ ../include/ndpi_main.h \ ../include/ndpi_protocol_ids.h \ ../include/ndpi_protocols.h \ - ../include/ndpi_typedefs.h \ - ../include/ndpi_unix.h \ - ../include/ndpi_win32.h + ../include/ndpi_typedefs.h libndpi_la_SOURCES = ndpi_content_match.c.inc \ ndpi_main.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 16a956d4f..23977334e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -29,8 +29,6 @@ #include "ndpi_api.h" #include "../../config.h" -// #define DEBUG - #include <time.h> #ifndef WIN32 #include <unistd.h> @@ -40,13 +38,6 @@ #include "third_party/include/ndpi_patricia.h" #include "third_party/src/ndpi_patricia.c" -#ifdef WIN32 -/* http://social.msdn.microsoft.com/Forums/uk/vcgeneral/thread/963aac07-da1a-4612-be4a-faac3f1d65ca */ -#ifndef strtok_r -#define strtok_r(a,b,c) strtok(a,b) -#endif -#endif - /* ftp://ftp.cc.uoc.gr/mirrors/OpenBSD/src/lib/libc/stdlib/tsearch.c */ /* find or insert datum into search tree */ void * @@ -344,19 +335,6 @@ char *ndpi_strdup(const char *s) { return(m); } -/* ****************************************** */ - -u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void) -{ - return sizeof(struct ndpi_flow_struct); -} - -/* ****************************************** */ - -u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void) -{ - return sizeof(struct ndpi_id_struct); -} /* ******************************************************************** */ @@ -439,15 +417,6 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, if(udpDefPorts[j].port_low != 0) addDefaultPort(&udpDefPorts[j], &ndpi_mod->proto_defaults[protoId], &ndpi_mod->udpRoot); if(tcpDefPorts[j].port_low != 0) addDefaultPort(&tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], &ndpi_mod->tcpRoot); } - -#if 0 - printf("%s(%d, %s, %p) [%s]\n", - __FUNCTION__, - protoId, - ndpi_mod->proto_defaults[protoId].protoName, - ndpi_mod, - ndpi_mod->proto_defaults[1].protoName); -#endif } /* ******************************************************************** */ @@ -2547,8 +2516,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n * nxt_hdr: protocol of the actual payload * returns 0 upon success and 1 upon failure */ -static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_struct, - const u_int8_t ** l4ptr, u_int16_t * l4len, u_int8_t * nxt_hdr) +static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_struct, const u_int8_t ** l4ptr, u_int16_t * l4len, u_int8_t * nxt_hdr) { while ((*nxt_hdr == 0 || *nxt_hdr == 43 || *nxt_hdr == 44 || *nxt_hdr == 60 || *nxt_hdr == 135 || *nxt_hdr == 59)) { u_int16_t ehdr_len; @@ -2652,10 +2620,10 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru l4protocol = iph->protocol; } #ifdef NDPI_DETECTION_SUPPORT_IPV6 - else if(iph_v6 != NULL && (l3_len - sizeof(struct ndpi_ipv6hdr)) >= ntohs(iph_v6->payload_len)) { + else if(iph_v6 != NULL && (l3_len - sizeof(struct ndpi_ipv6hdr)) >= ntohs(iph_v6->ip6_ctlun.ip6_un1.ip6_un1_plen)) { l4ptr = (((const u_int8_t *) iph_v6) + sizeof(struct ndpi_ipv6hdr)); - l4len = ntohs(iph_v6->payload_len); - l4protocol = iph_v6->nexthdr; + l4len = ntohs(iph_v6->ip6_ctlun.ip6_un1.ip6_un1_plen); + l4protocol = iph_v6->ip6_ctlun.ip6_un1.ip6_un1_nxt; // we need to handle IPv6 extension headers if present if(ndpi_handle_ipv6_extension_headers(ndpi_struct, &l4ptr, &l4len, &l4protocol) != 0) { @@ -2683,11 +2651,6 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru return 0; } -#if !defined(WIN32) -#define ATTRIBUTE_ALWAYS_INLINE static inline -#else -__forceinline static -#endif void ndpi_apply_flow_protocol_to_packet(struct ndpi_flow_struct *flow, struct ndpi_packet_struct *packet) { @@ -2813,12 +2776,6 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str return 0; } - -#if !defined(WIN32) -static inline -#else -__forceinline static -#endif void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -2831,9 +2788,6 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_tcphdr *tcph = packet->tcp; const struct ndpi_udphdr *udph = flow->packet.udp; - //struct ndpi_unique_flow_struct unique_flow; - //uint8_t new_connection; - u_int8_t proxy_enabled = 0; packet->tcp_retransmission = 0, packet->packet_direction = 0; @@ -2845,7 +2799,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, packet->packet_direction = 1; #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->saddr, &iphv6->daddr) != 0) + if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->ip6_src, &iphv6->ip6_dst) != 0) packet->packet_direction = 1; #endif } @@ -3196,7 +3150,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct #ifdef NDPI_DETECTION_SUPPORT_IPV6 if(flow->packet.iphv6 != NULL) { - protocol = flow->packet.iphv6->nexthdr, saddr = 0, daddr = 0; + protocol = flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt, saddr = 0, daddr = 0; } else #endif { @@ -3217,16 +3171,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct goto ret_protocols; } } - -#if 0 - a = flow->detected_protocol_stack[0]; - if(a != NDPI_PROTOCOL_UNKNOWN) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_TRACE, "PROCESS KNOWN PROTOCOL\n"); - ndpi_struct->proto_defaults[a].func(ndpi_struct, flow); - return a; - } -#endif - + check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet); a = flow->packet.detected_protocol_stack[0]; @@ -3262,18 +3207,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct flow->host_already_guessed = 1; } -#if 0 - /* Swap protocols in case of success */ - if(ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) { - u_int16_t t = ret.master_protocol; - - ret.master_protocol = ret.protocol; - ret.protocol = t; - } -#endif - - if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN)) - ret.protocol = flow->guessed_host_proto_id; + if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN)) + ret.protocol = flow->guessed_host_proto_id; return(ret); } @@ -3885,39 +3820,50 @@ int NDPI_PROTOCOL_IP_is_set(const ndpi_ip_addr_t * ip) /* NTOP */ int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip) { + #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if(packet->iphv6 != NULL) { - if(packet->iphv6->saddr.ndpi_v6_u.u6_addr64[0] == ip->ipv6.ndpi_v6_u.u6_addr64[0] && - packet->iphv6->saddr.ndpi_v6_u.u6_addr64[1] == ip->ipv6.ndpi_v6_u.u6_addr64[1]) { + /* IPv6 */ + if(packet->iphv6 != NULL) { + + if(packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ip->ipv6.u6_addr.u6_addr32[0] && + packet->iphv6->ip6_src.u6_addr.u6_addr32[1] == ip->ipv6.u6_addr.u6_addr32[1] && + packet->iphv6->ip6_src.u6_addr.u6_addr32[2] == ip->ipv6.u6_addr.u6_addr32[2] && + packet->iphv6->ip6_src.u6_addr.u6_addr32[3] == ip->ipv6.u6_addr.u6_addr32[3]) return 1; - } else { - return 0; - } + //else + return 0; } #endif - if(packet->iph->saddr == ip->ipv4) { + + /* IPv4 */ + if(packet->iph->saddr == ip->ipv4) return 1; - } return 0; } /* check if the destination ip address in packet and ip are equal */ int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip) { + #ifdef NDPI_DETECTION_SUPPORT_IPV6 + + /* IPv6 */ if(packet->iphv6 != NULL) { - if(packet->iphv6->daddr.ndpi_v6_u.u6_addr64[0] == ip->ipv6.ndpi_v6_u.u6_addr64[0] && - packet->iphv6->daddr.ndpi_v6_u.u6_addr64[1] == ip->ipv6.ndpi_v6_u.u6_addr64[1]) { + + if(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ip->ipv6.u6_addr.u6_addr32[0] && + packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] == ip->ipv6.u6_addr.u6_addr32[1] && + packet->iphv6->ip6_dst.u6_addr.u6_addr32[2] == ip->ipv6.u6_addr.u6_addr32[2] && + packet->iphv6->ip6_dst.u6_addr.u6_addr32[3] == ip->ipv6.u6_addr.u6_addr32[3]) return 1; - } else { - return 0; - } + //else + return 0; } #endif - if(packet->iph->daddr == ip->ipv4) { + + /* IPv4 */ + if(packet->iph->saddr == ip->ipv4) return 1; - } return 0; } @@ -3926,12 +3872,21 @@ int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_i void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip) { NDPI_PROTOCOL_IP_clear(ip); + #ifdef NDPI_DETECTION_SUPPORT_IPV6 + + /* IPv6 */ if(packet->iphv6 != NULL) { - ip->ipv6.ndpi_v6_u.u6_addr64[0] = packet->iphv6->saddr.ndpi_v6_u.u6_addr64[0]; - ip->ipv6.ndpi_v6_u.u6_addr64[1] = packet->iphv6->saddr.ndpi_v6_u.u6_addr64[1]; + + ip->ipv6.u6_addr.u6_addr32[0] = packet->iphv6->ip6_src.u6_addr.u6_addr32[0]; + ip->ipv6.u6_addr.u6_addr32[1] = packet->iphv6->ip6_src.u6_addr.u6_addr32[1]; + ip->ipv6.u6_addr.u6_addr32[2] = packet->iphv6->ip6_src.u6_addr.u6_addr32[2]; + ip->ipv6.u6_addr.u6_addr32[3] = packet->iphv6->ip6_src.u6_addr.u6_addr32[3]; + } else #endif + + /* IPv4 */ ip->ipv4 = packet->iph->saddr; } @@ -3940,12 +3895,20 @@ void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_add void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip) { NDPI_PROTOCOL_IP_clear(ip); + #ifdef NDPI_DETECTION_SUPPORT_IPV6 + if(packet->iphv6 != NULL) { - ip->ipv6.ndpi_v6_u.u6_addr64[0] = packet->iphv6->daddr.ndpi_v6_u.u6_addr64[0]; - ip->ipv6.ndpi_v6_u.u6_addr64[1] = packet->iphv6->daddr.ndpi_v6_u.u6_addr64[1]; + + ip->ipv6.u6_addr.u6_addr32[0] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[0]; + ip->ipv6.u6_addr.u6_addr32[1] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[1]; + ip->ipv6.u6_addr.u6_addr32[2] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[2]; + ip->ipv6.u6_addr.u6_addr32[3] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[3]; + } else + #endif + ip->ipv4 = packet->iph->daddr; } @@ -3959,15 +3922,22 @@ char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const u_int8_t *a = (const u_int8_t *) &ip->ipv4; #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if(ip->ipv6.ndpi_v6_u.u6_addr32[1] != 0 || ip->ipv6.ndpi_v6_u.u6_addr64[1] != 0) { - const u_int16_t *b = ip->ipv6.ndpi_v6_u.u6_addr16; + if(ip->ipv6.u6_addr.u6_addr32[0] != 0 || + ip->ipv6.u6_addr.u6_addr32[1] != 0 || + ip->ipv6.u6_addr.u6_addr32[1] != 0 || + ip->ipv6.u6_addr.u6_addr32[1] != 0) { + + const u_int16_t *b = ip->ipv6.u6_addr.u6_addr16; snprintf(ndpi_struct->ip_string, 32, "%x:%x:%x:%x:%x:%x:%x:%x", ntohs(b[0]), ntohs(b[1]), ntohs(b[2]), ntohs(b[3]), ntohs(b[4]), ntohs(b[5]), ntohs(b[6]), ntohs(b[7])); + return ndpi_struct->ip_string; } #endif + snprintf(ndpi_struct->ip_string, 32, "%u.%u.%u.%u", a[0], a[1], a[2], a[3]); + return ndpi_struct->ip_string; } @@ -4383,44 +4353,44 @@ void NDPI_DUMP_BITMASK(NDPI_PROTOCOL_BITMASK a) { } -#ifdef WIN32 -/* http://www.opensource.apple.com/source/xnu/xnu-1456.1.26/bsd/libkern/strsep.c */ - -/* - * Get next token from string *stringp, where tokens are possibly-empty - * strings separated by characters from delim. - * - * Writes NULs into the string at *stringp to end tokens. - * delim need not remain constant from call to call. - * On return, *stringp points past the last NUL written (if there might - * be further tokens), or is NULL (if there are definitely no more tokens). - * - * If *stringp is NULL, strsep returns NULL. - */ -char* strsep(char **stringp, const char *delim) { - char *s; - const char *spanp; - int c, sc; - char *tok; - - if((s = *stringp) == NULL) - return (NULL); - for(tok = s;;) { - c = *s++; - spanp = delim; - do { - if((sc = *spanp++) == c) { - if(c == 0) - s = NULL; - else - s[-1] = 0; - *stringp = s; - return (tok); - } - } while (sc != 0); - } - /* NOTREACHED */ -} -#endif +/* #ifdef WIN32 */ +/* /\* http://www.opensource.apple.com/source/xnu/xnu-1456.1.26/bsd/libkern/strsep.c *\/ */ + +/* /\* */ +/* * Get next token from string *stringp, where tokens are possibly-empty */ +/* * strings separated by characters from delim. */ +/* * */ +/* * Writes NULs into the string at *stringp to end tokens. */ +/* * delim need not remain constant from call to call. */ +/* * On return, *stringp points past the last NUL written (if there might */ +/* * be further tokens), or is NULL (if there are definitely no more tokens). */ +/* * */ +/* * If *stringp is NULL, strsep returns NULL. */ +/* *\/ */ +/* char* strsep(char **stringp, const char *delim) { */ +/* char *s; */ +/* const char *spanp; */ +/* int c, sc; */ +/* char *tok; */ + +/* if((s = *stringp) == NULL) */ +/* return (NULL); */ +/* for(tok = s;;) { */ +/* c = *s++; */ +/* spanp = delim; */ +/* do { */ +/* if((sc = *spanp++) == c) { */ +/* if(c == 0) */ +/* s = NULL; */ +/* else */ +/* s[-1] = 0; */ +/* *stringp = s; */ +/* return (tok); */ +/* } */ +/* } while (sc != 0); */ +/* } */ +/* /\* NOTREACHED *\/ */ +/* } */ +/* #endif */ diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index e7f55a78d..99420b85e 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -432,14 +432,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st u_int32_t ts = ntohl(*((u_int32_t*)&(packet->payload[4]))); u_int32_t now; -#ifndef __KERNEL__ now = (u_int32_t)time(NULL); -#else - struct timespec t; - - getnstimeofday(&t); - now = t.tv_sec; -#endif if((ts < (now+86400)) && (ts > (now-86400))) { goto bittorrent_found; diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index 6442c7db7..beea43d0d 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -42,8 +42,6 @@ typedef signed long long int i_int64_t; #include "btlib.h" -#ifndef __KERNEL__ - int bt_parse_debug = 0; static char *printXb(char *s,const u_int8_t *b,int l) { @@ -183,11 +181,8 @@ static void _print_safe_str(char *msg,char *k,const u_int8_t *s,size_t l) { static void print_safe_str(char *msg,bt_parse_data_cb_t *cbd) { _print_safe_str(msg,cbd->buf,cbd->v.s.s,cbd->v.s.l); } -#define DEBUG_TRACE(cmd) { if(bt_parse_debug) cmd; } -#else -#define DEBUG_TRACE(cmd,args...) -#endif /* __KERNEL */ +#define DEBUG_TRACE(cmd) { if(bt_parse_debug) cmd; } #define STREQ(a,b) !strcmp(a,b) diff --git a/src/lib/protocols/btlib.h b/src/lib/protocols/btlib.h index cc2928155..db68370c9 100644 --- a/src/lib/protocols/btlib.h +++ b/src/lib/protocols/btlib.h @@ -139,9 +139,7 @@ typedef struct bt_parse_data_cb { } v; } bt_parse_data_cb_t; -#ifndef __KERNEL__ extern int bt_parse_debug; void dump_bt_proto_struct(struct bt_parse_protocol *p); -#endif const u_int8_t *bt_decode(const u_int8_t *b, size_t *l, int *ret, bt_parse_data_cb_t *cbd); diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c index d03c0cbe6..92607579c 100644 --- a/src/lib/protocols/citrix.c +++ b/src/lib/protocols/citrix.c @@ -33,14 +33,6 @@ static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_packet_struct *packet = &flow->packet; u_int32_t payload_len = packet->payload_packet_len; -#if 0 - printf("[len=%u][%02X %02X %02X %02X]\n", payload_len, - packet->payload[0] & 0xFF, - packet->payload[1] & 0xFF, - packet->payload[2] & 0xFF, - packet->payload[3] & 0xFF); -#endif - if(packet->tcp != NULL) { flow->l4.tcp.citrix_packet_id++; @@ -70,7 +62,6 @@ static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX); } else if(flow->l4.tcp.citrix_packet_id > 3) NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX); diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index 846c60170..24375c90f 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -709,23 +709,10 @@ void ndpi_search_direct_download_link_tcp(struct ndpi_detection_module_struct *n { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; -#if 0 - if (ndpi_struct->direct_download_link_counter_callback != NULL) { - if (packet->detected_protocol == NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) { - /* skip packets not requests from the client to the server */ - if (packet->packet_direction == flow->l4.tcp.ddlink_server_direction) { - search_ddl_domains(ndpi_struct, flow); // do the detection again in order to get the URL in keep alive streams - } else { - // just count the packet - ndpi_struct->direct_download_link_counter_callback(flow->hash_id_number, packet->l3_packet_len); - } - } - return; - } -#endif - // do not detect again if it is already ddl + /* struct ndpi_id_struct *src=ndpi_struct->src; */ + /* struct ndpi_id_struct *dst=ndpi_struct->dst; */ + + /* do not detect again if it is already ddl */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) { if (search_ddl_domains(ndpi_struct, flow) != 0) { return; diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c index ec2c1099e..97044f94e 100644 --- a/src/lib/protocols/gtp.c +++ b/src/lib/protocols/gtp.c @@ -35,14 +35,6 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; -#if 0 - printf("[len=%u][%02X %02X %02X %02X]\n", payload_len, - packet->payload[0] & 0xFF, - packet->payload[1] & 0xFF, - packet->payload[2] & 0xFF, - packet->payload[3] & 0xFF); -#endif - if((packet->udp != NULL) && (payload_len > sizeof(struct gtp_header_generic))) { u_int32_t gtp_u = ntohs(2152); u_int32_t gtp_c = ntohs(2123); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 9314dba65..ced34c099 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -349,14 +349,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type Line found %.*s\n", packet->user_agent_line.len, packet->user_agent_line.ptr); - -#if 0 - if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) - ndpi_match_content_subprotocol(ndpi_struct, flow, - (char*)packet->user_agent_line.ptr, - packet->user_agent_line.len, - NDPI_PROTOCOL_HTTP); -#endif } /* check for host line */ diff --git a/src/lib/protocols/lotus_notes.c b/src/lib/protocols/lotus_notes.c index d0b3aa50f..37c4cf896 100644 --- a/src/lib/protocols/lotus_notes.c +++ b/src/lib/protocols/lotus_notes.c @@ -35,20 +35,6 @@ static void ndpi_check_lotus_notes(struct ndpi_detection_module_struct *ndpi_str if(packet->tcp != NULL) { flow->l4.tcp.lotus_notes_packet_id++; -#if 0 - printf("[lotus_notes_packet_id: %u][len=%u][%02X %02X %02X %02X %02X %02X %02X %02X]\n", - flow->l4.tcp.lotus_notes_packet_id, payload_len, - packet->payload[6] & 0xFF, - packet->payload[7] & 0xFF, - packet->payload[8] & 0xFF, - packet->payload[9] & 0xFF, - packet->payload[10] & 0xFF, - packet->payload[11] & 0xFF, - packet->payload[12] & 0xFF, - packet->payload[13] & 0xFF - ); -#endif - if((flow->l4.tcp.lotus_notes_packet_id == 1) /* We have seen the 3-way handshake */ && flow->l4.tcp.seen_syn diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c index 8226ab93c..d4426e7f3 100644 --- a/src/lib/protocols/mdns.c +++ b/src/lib/protocols/mdns.c @@ -37,108 +37,108 @@ static void ndpi_int_mdns_add_connection(struct ndpi_detection_module_struct } static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) + *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &flow->packet; - if ((packet->payload[2] & 0x80) == 0 && - ntohs(get_u_int16_t(packet->payload, 4)) <= NDPI_MAX_MDNS_REQUESTS && - ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS) { + if ((packet->payload[2] & 0x80) == 0 && + ntohs(get_u_int16_t(packet->payload, 4)) <= NDPI_MAX_MDNS_REQUESTS && + ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS) { - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n"); + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n"); - return 1; - } else if ((packet->payload[2] & 0x80) != 0 && - ntohs(get_u_int16_t(packet->payload, 4)) == 0 && - ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS && - ntohs(get_u_int16_t(packet->payload, 6)) != 0) { - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with answer query.\n"); + return 1; + } else if ((packet->payload[2] & 0x80) != 0 && + ntohs(get_u_int16_t(packet->payload, 4)) == 0 && + ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS && + ntohs(get_u_int16_t(packet->payload, 6)) != 0) { + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with answer query.\n"); - return 1; - } + return 1; + } - return 0; + return 0; } void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - - u_int16_t dport; -// const u_int16_t sport=ntohs(packet->udp->source); - - /* check if UDP and */ - if (packet->udp != NULL) { - /*read destination port */ - dport = ntohs(packet->udp->dest); - - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "MDNS udp start \n"); - - - - /*check standard MDNS to port 5353 */ - /*took this information from http://www.it-administrator.de/lexikon/multicast-dns.html */ - - if (dport == 5353 && packet->payload_packet_len >= 12) { - - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with destination port 5353\n"); - - /* MDNS header is similar to dns header */ - /* dns header - 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | ID | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - |QR| Opcode |AA|TC|RD|RA| Z | RCODE | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | QDCOUNT | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | ANCOUNT | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | NSCOUNT | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | ARCOUNT | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - * - * dns query check: query: QR set, ancount = 0, nscount = 0, QDCOUNT < MAX_MDNS, ARCOUNT < MAX_MDNS - * - */ - - /* mdns protocol must have destination address 224.0.0.251 */ - /* took this information from http://www.it-administrator.de/lexikon/multicast-dns.html */ - - if (packet->iph != NULL && ntohl(packet->iph->daddr) == 0xe00000fb) { - - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, - NDPI_LOG_DEBUG, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n"); - - if (ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { - ndpi_int_mdns_add_connection(ndpi_struct, flow); - return; - } - } + // struct ndpi_id_struct *src=ndpi_struct->src; + // struct ndpi_id_struct *dst=ndpi_struct->dst; + + u_int16_t dport; + // const u_int16_t sport=ntohs(packet->udp->source); + + /* check if UDP and */ + if (packet->udp != NULL) { + /*read destination port */ + dport = ntohs(packet->udp->dest); + + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "MDNS udp start \n"); + + + + /*check standard MDNS to port 5353 */ + /*took this information from http://www.it-administrator.de/lexikon/multicast-dns.html */ + + if (dport == 5353 && packet->payload_packet_len >= 12) { + + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with destination port 5353\n"); + + /* MDNS header is similar to dns header */ + /* dns header + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ID | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + |QR| Opcode |AA|TC|RD|RA| Z | RCODE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | QDCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ANCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | NSCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ARCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * + * dns query check: query: QR set, ancount = 0, nscount = 0, QDCOUNT < MAX_MDNS, ARCOUNT < MAX_MDNS + * + */ + + /* mdns protocol must have destination address 224.0.0.251 */ + /* took this information from http://www.it-administrator.de/lexikon/multicast-dns.html */ + + if (packet->iph != NULL && ntohl(packet->iph->daddr) == 0xe00000fb) { + + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, + NDPI_LOG_DEBUG, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n"); + + if (ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { + ndpi_int_mdns_add_connection(ndpi_struct, flow); + return; + } + } #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if (packet->iphv6 != NULL) { - const u_int32_t *daddr = packet->iphv6->daddr.ndpi_v6_u.u6_addr32; - if (daddr[0] == htonl(0xff020000) && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb)) { - - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, - NDPI_LOG_DEBUG, "found MDNS with destination address ff02::fb\n"); - - if (ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { - ndpi_int_mdns_add_connection(ndpi_struct, flow); - return; - } - } - } -#endif + if (packet->iphv6 != NULL) { + const u_int32_t *daddr = packet->iphv6->ip6_dst.u6_addr.u6_addr32; + if (daddr[0] == htonl(0xff020000) && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb)) { + + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, + NDPI_LOG_DEBUG, "found MDNS with destination address ff02::fb\n"); - } + if (ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { + ndpi_int_mdns_add_connection(ndpi_struct, flow); + return; + } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MDNS); + } +#endif + + } + } + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MDNS); } diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c index 30bb898f2..54c634263 100644 --- a/src/lib/protocols/netflow.c +++ b/src/lib/protocols/netflow.c @@ -23,12 +23,10 @@ #ifdef NDPI_PROTOCOL_NETFLOW -#ifndef __KERNEL__ #ifdef WIN32 extern int gettimeofday(struct timeval * tp, struct timezone * tzp); #endif #define do_gettimeofday(a) gettimeofday(a, NULL) -#endif struct flow_ver1_rec { u_int32_t srcaddr; /* Source IP Address */ diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c index 09f26793b..625dc4108 100644 --- a/src/lib/protocols/radius.c +++ b/src/lib/protocols/radius.c @@ -35,14 +35,6 @@ static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct, // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; -#if 0 - printf("[len=%u][%02X %02X %02X %02X]\n", payload_len, - packet->payload[0] & 0xFF, - packet->payload[1] & 0xFF, - packet->payload[2] & 0xFF, - packet->payload[3] & 0xFF); -#endif - if(packet->udp != NULL) { struct radius_header *h = (struct radius_header*)packet->payload; u_int len = ntohs(h->len); diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index de9700e4a..9f9febfeb 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -64,7 +64,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st proto = ndpi_search_tcp_or_udp_raw(ndpi_struct, flow->packet.iph ? flow->packet.iph->protocol : #ifdef NDPI_DETECTION_SUPPORT_IPV6 - flow->packet.iphv6->nexthdr, + flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt, #else 0, #endif diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index 036162b1f..f2c2eae4c 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -66,14 +66,12 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, ndpi_int_tor_add_connection(ndpi_struct, flow); return(1); } else { -#ifndef __KERNEL__ #ifdef PENDANTIC_TOR_CHECK if(gethostbyname(certificate) == NULL) { ndpi_int_tor_add_connection(ndpi_struct, flow); return(1); } #endif -#endif } return(0); diff --git a/src/lib/third_party/include/ndpi_patricia.h b/src/lib/third_party/include/ndpi_patricia.h index 651e52fc9..3053cf9e1 100644 --- a/src/lib/third_party/include/ndpi_patricia.h +++ b/src/lib/third_party/include/ndpi_patricia.h @@ -51,18 +51,13 @@ /* { from defs.h */ #define prefix_touchar(prefix) ((u_char *)&(prefix)->add.sin) -#ifdef __KERNEL__ -#define MAXLINE 512 -#else #define MAXLINE 1024 -#endif #define BIT_TEST(f, b) ((f) & (b)) /* } */ #define addroute make_and_lookup -#ifndef __KERNEL__ #include <sys/types.h> /* for u_* definitions (on FreeBSD 5) */ #include <errno.h> /* for EAFNOSUPPORT */ @@ -81,8 +76,6 @@ #include <ws2tcpip.h> /* IPv6 */ #endif -#endif /* __KERNEL__ */ - /* { from mrt.h */ typedef struct the_prefix4_t { diff --git a/src/lib/third_party/src/ahocorasick.c b/src/lib/third_party/src/ahocorasick.c index 54a97e776..ce064033f 100644 --- a/src/lib/third_party/src/ahocorasick.c +++ b/src/lib/third_party/src/ahocorasick.c @@ -18,12 +18,10 @@ along with multifast. If not, see <http://www.gnu.org/licenses/>. */ -#ifndef __KERNEL__ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <ctype.h> -#endif #include "ndpi_api.h" #include "ahocorasick.h" @@ -245,7 +243,6 @@ void ac_automata_release (AC_AUTOMATA_t * thiz) ndpi_free(thiz); } -#ifndef __KERNEL__ /****************************************************************************** * FUNCTION: ac_automata_display * Prints the automata to output in human readable form. it is useful for @@ -299,7 +296,6 @@ void ac_automata_display (AC_AUTOMATA_t * thiz, char repcast) printf("---------------------------------\n"); } } -#endif /* __KERNEL__ */ /****************************************************************************** * FUNCTION: ac_automata_register_nodeptr diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index 59d17e556..0a8fa857d 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -39,7 +39,6 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef __KERNEL__ #include <assert.h> /* assert */ #include <ctype.h> /* isdigit */ #include <errno.h> /* errno */ @@ -54,26 +53,8 @@ #include <netinet/in.h> /* BSD, Linux: for inet_addr */ #include <arpa/inet.h> /* BSD, Linux, Solaris: for inet_addr */ #endif -#else -#define assert(a) ; -#endif /* __KERNEL__ */ - #include "ndpi_patricia.h" - -#ifdef __KERNEL__ - -long atol(const char *nptr) { - long l; - char *endp; - - l = simple_strtol(nptr, &endp, 10); - return(l); -} -#endif - -// #define PATRICIA_DEBUG - void ndpi_DeleteEntry(void *a) { ndpi_free(a); } @@ -126,7 +107,7 @@ inet_pton (int af, const char *src, void *dst) } } #ifdef NT -#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__)) +#if defined(PATRICIA_IPV6) else if(af == AF_INET6) { struct in6_addr Address; return (inet6_addr(src, &Address)); @@ -175,15 +156,13 @@ ndpi_my_inet_pton (int af, const char *src, void *dst) } memcpy (dst, xp, sizeof(struct in_addr)); return (1); -#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__)) +#if defined(PATRICIA_IPV6) } else if(af == AF_INET6) { - return (inet_pton (af, src, dst)); + return (inet_pton (af, src, dst)); #endif /* PATRICIA_IPV6 */ - } else { + } else { #ifndef NT -#ifndef __KERNEL__ - errno = EAFNOSUPPORT; -#endif + errno = EAFNOSUPPORT; #endif /* NT */ return -1; } @@ -236,7 +215,7 @@ ndpi_prefix_toa2x (prefix_t *prefix, char *buff, int with_len) } return (buff); } -#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__)) +#if defined(PATRICIA_IPV6) else if(prefix->family == AF_INET6) { char *r; r = (char *) inet_ntop (AF_INET6, &prefix->add.sin6, buff, 48 /* a guess value */ ); @@ -274,7 +253,7 @@ ndpi_New_Prefix2 (int family, void *dest, int bitlen, prefix_t *prefix) int dynamic_allocated = 0; int default_bitlen = sizeof(struct in_addr) * 8; -#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__)) +#if defined(PATRICIA_IPV6) if(family == AF_INET6) { default_bitlen = sizeof(struct in6_addr) * 8; if(prefix == NULL) { @@ -319,8 +298,7 @@ ndpi_New_Prefix (int family, void *dest, int bitlen) return (ndpi_New_Prefix2 (family, dest, bitlen, NULL)); } -/* ndpi_ascii2prefix - */ +/* ndpi_ascii2prefix */ prefix_t * ndpi_ascii2prefix (int family, char *string) { @@ -328,7 +306,7 @@ ndpi_ascii2prefix (int family, char *string) long maxbitlen = 0; char *cp; struct in_addr sin; -#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__)) +#if defined(PATRICIA_IPV6) struct in6_addr sin6; #endif /* PATRICIA_IPV6 */ char save[MAXLINE]; @@ -339,7 +317,7 @@ ndpi_ascii2prefix (int family, char *string) /* easy way to handle both families */ if(family == 0) { family = AF_INET; -#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__)) +#if defined(PATRICIA_IPV6) if(strchr (string, ':')) family = AF_INET6; #endif /* PATRICIA_IPV6 */ } @@ -347,7 +325,7 @@ ndpi_ascii2prefix (int family, char *string) if(family == AF_INET) { maxbitlen = sizeof(struct in_addr) * 8; } -#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__)) +#if defined(PATRICIA_IPV6) else if(family == AF_INET6) { maxbitlen = sizeof(struct in6_addr) * 8; } @@ -373,7 +351,7 @@ ndpi_ascii2prefix (int family, char *string) return (ndpi_New_Prefix (AF_INET, &sin, bitlen)); } -#if defined(PATRICIA_IPV6) && (!defined(__KERNEL__)) +#if defined(PATRICIA_IPV6) else if(family == AF_INET6) { // Get rid of this with next IPv6 upgrade #if defined(NT) && !defined(HAVE_INET_NTOP) @@ -420,8 +398,6 @@ ndpi_Deref_Prefix (prefix_t * prefix) } } -/* } */ - /* #define PATRICIA_DEBUG 1 */ static int num_active_patricia = 0; @@ -446,7 +422,6 @@ ndpi_New_Patricia (int maxbits) * if func is supplied, it will be called as func(node->data) * before deleting the node */ - void ndpi_Clear_Patricia (patricia_tree_t *patricia, void_fn_t func) { @@ -503,7 +478,6 @@ ndpi_Destroy_Patricia (patricia_tree_t *patricia, void_fn_t func) /* * if func is supplied, it will be called as func(node->prefix, node->data) */ - void ndpi_patricia_process (patricia_tree_t *patricia, void_fn2_t func) { @@ -1073,5 +1047,3 @@ ndpi_lookup_then_remove (patricia_tree_t *tree, char *string) patricia_remove (tree, node); } #endif - -/* } */ diff --git a/src/lib/third_party/src/node.c b/src/lib/third_party/src/node.c index 404fb24d4..a43cc59a6 100644 --- a/src/lib/third_party/src/node.c +++ b/src/lib/third_party/src/node.c @@ -18,14 +18,10 @@ along with multifast. If not, see <http://www.gnu.org/licenses/>. */ -#ifndef __KERNEL__ #include <stdio.h> #include <string.h> #include <stdlib.h> -#endif - #include "ndpi_api.h" - #include "../include/node.h" #include "sort.h" diff --git a/src/lib/third_party/src/sort.c b/src/lib/third_party/src/sort.c index d6545e85a..35c8e9fdf 100644 --- a/src/lib/third_party/src/sort.c +++ b/src/lib/third_party/src/sort.c @@ -4,9 +4,6 @@ * Jan 23 2005 Matt Mackall <mpm@selenic.com> */ -#ifdef __KERNEL__ -#include <linux/types.h> -#else #ifdef WIN32 #include <stdint.h> typedef uint32_t u_int32_t; @@ -15,7 +12,6 @@ typedef uint32_t u_int32_t; #include <stdlib.h> #include <stdio.h> #include <sys/types.h> -#endif /* This is a function ported from the Linux kernel lib/sort.c */ @@ -94,37 +90,3 @@ void sort(void *_base, size_t num, size_t size, } } } - - -#if 0 -/* a simple boot-time regression test */ - -int cmpint(const void *a, const void *b) -{ - return *(int *)a - *(int *)b; -} - -int main(int argc, char *argv[]) { - int *a, i, r = 1; - - a = ndpi_malloc(1000 * sizeof(int)); - - printf("testing sort()\n"); - - for (i = 0; i < 1000; i++) { - r = (r * 725861) % 6599; - a[i] = r; - } - - sort(a, 1000, sizeof(int), cmpint, NULL); - - for (i = 0; i < 999; i++) - if (a[i] > a[i+1]) { - printf("sort() failed!\n"); - break; - } - - return 0; -} - -#endif |