diff options
| author | Lorenzo Mangani <lorenzo.mangani@gmail.com> | 2015-09-01 18:11:52 +0200 |
|---|---|---|
| committer | Lorenzo Mangani <lorenzo.mangani@gmail.com> | 2015-09-01 18:11:52 +0200 |
| commit | 0dfd6d39865dbfc027bc3b1b053d2f9f6ec43796 (patch) | |
| tree | 8a574a7c376acc062b920336e114e30e5cbf1499 | |
| parent | 9450226675cc395b99638b2e63eae038e898e0b9 (diff) | |
| parent | 50757e7afee04aeb08bec7eac8765ddfd29fc136 (diff) | |
Merge pull request #92 from lmangani/dev
Added HEP protocol detection support (sipcapture)
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 3 | ||||
| -rw-r--r-- | src/include/ndpi_protocols.h | 2 | ||||
| -rw-r--r-- | src/lib/Makefile.am | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/hep.c | 68 |
5 files changed, 81 insertions, 1 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index cfb5897ba..82dfcf011 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -201,6 +201,7 @@ #define NDPI_PROTOCOL_WHATSAPP_VOICE 189 #define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci <matteobracci1@gmail.com> */ #define NDPI_PROTOCOL_TEREDO 214 +#define NDPI_PROTOCOL_HEP 216 /* Sipcapture.org QXIP BV */ #define NDPI_CONTENT_AVI 39 #define NDPI_CONTENT_FLASH 40 @@ -263,7 +264,7 @@ #define NDPI_SERVICE_HOTSPOT_SHIELD 215 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_SERVICE_HOTSPOT_SHIELD +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_HEP #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 6171f00bc..64d90ad6a 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -72,6 +72,7 @@ void ndpi_search_oscar(struct ndpi_detection_module_struct *ndpi_struct, struct void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_sip(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_hep(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_direct_download_link_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -288,6 +289,7 @@ void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_shoutcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_sip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_hep_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_skinny_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 4e8b1f6c4..215f3249a 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -52,6 +52,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/guildwars.c \ protocols/h323.c \ protocols/halflife2_and_mods.c \ + protocols/hep.c \ protocols/http_activesync.c \ protocols/http.c \ protocols/iax.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5639ed620..71dbdc557 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -833,6 +833,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "IPP", ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HEP, + no_master, + no_master, "HEP", + ndpi_build_default_ports(ports_a, 9064, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 9063, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP, no_master, no_master, "HTTP", @@ -2250,6 +2255,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* SIP */ init_sip_dissector(ndpi_struct, &a, detection_bitmask); + /* HEP */ + init_hep_dissector(ndpi_struct, &a, detection_bitmask); + /* BITTORRENT */ init_bittorrent_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/hep.c b/src/lib/protocols/hep.c new file mode 100644 index 000000000..516e430e7 --- /dev/null +++ b/src/lib/protocols/hep.c @@ -0,0 +1,68 @@ +/* + * hep.c + * + * Copyright (C) 2009-2011 by ipoque GmbH + * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-15 - QXIP BV + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + + +#include "ndpi_protocols.h" +#ifdef NDPI_PROTOCOL_HEP + +static void ndpi_int_hep_add_connection(struct ndpi_detection_module_struct + *ndpi_struct, struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HEP, NDPI_PROTOCOL_UNKNOWN); +} + +void ndpi_search_hep(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + const u_int8_t *packet_payload = packet->payload; + u_int32_t payload_len = packet->payload_packet_len; + + NDPI_LOG(NDPI_PROTOCOL_HEP, ndpi_struct, NDPI_LOG_DEBUG, "searching for HEP.\n"); + if (payload_len > 10) { + if (memcmp(packet_payload, "HEP3", 4) == 0) { + NDPI_LOG(NDPI_PROTOCOL_HEP, ndpi_struct, NDPI_LOG_DEBUG, "found HEP3.\n"); + ndpi_int_hep_add_connection(ndpi_struct, flow); + return; + } + } + + NDPI_LOG(NDPI_PROTOCOL_HEP, ndpi_struct, NDPI_LOG_DEBUG, "exclude HEP.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HEP); +} + + +void init_hep_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("HEP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_HEP, + ndpi_search_hep, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + +#endif |