added adobe flash host name - fix twitter and netflix detection - removed twitter dissector (useless have a dissector that looking for ip range; moved matching in ndpi_content_match.c.inc)

6 files changed, 19 insertions, 112 deletions

diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index 2acbb7f1b..93ba4b643 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -180,7 +180,6 @@ void ndpi_search_pando(struct ndpi_detection_module_struct *ndpi_struct, struct
 void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_redis(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_zmq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
-void ndpi_search_twitter(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_vhua(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
@@ -311,7 +310,6 @@ void init_thunder_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
 void init_tor_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_tvants_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
-void init_twitter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_veohtv_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 036871a6b..b35479464 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -140,7 +140,6 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \
 		     protocols/teredo.c \
 		     protocols/tvants.c \
 		     protocols/tvuplayer.c \
-		     protocols/twitter.c \
 		     protocols/ubntac2.c \
 		     protocols/usenet.c \
 		     protocols/viber.c \
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 2f9bc85d8..6168936d3 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -23,6 +23,20 @@
 static ndpi_network host_protocol_list[] = {
 
  /*
+   Twitter
+   199.59.148.0/22
+   192.133.76.0/22
+   199.16.156.0/22
+   199.96.58.0/23
+   199.96.62.0/23
+ */
+ { 0xC73B9400 /* 199.59.148.0/22 */, 22, NDPI_SERVICE_TWITTER },
+ { 0xC0854C00 /* 199.133.76.0/22 */, 22, NDPI_SERVICE_TWITTER },
+ { 0xC7109C00 /* 199.16.156.0/22 */, 22, NDPI_SERVICE_TWITTER },
+ { 0xC7603A00 /* 199.96.58.0/23 */,  23, NDPI_SERVICE_TWITTER },
+ { 0xC7603E00 /* 199.96.62.0/23 */, 23, NDPI_SERVICE_TWITTER },
+
+ /*
    OpenDNS
    208.67.216.0/21
  */
@@ -62,9 +76,12 @@ static ndpi_network host_protocol_list[] = {
     Netflix
     23.246.0.0/18
     23.21.190.124/32
+    69.53.224.0/19
+    
   */
   { 0x17F60000 /* 23.246.0.0/18 */, 18, NDPI_SERVICE_NETFLIX },
   { 0x1715BE7C /* 23.21.190.124/32 */, 32, NDPI_SERVICE_NETFLIX },
+  { 0x4535E000 /* 69.53.224.0/19 */, 19, NDPI_SERVICE_NETFLIX },
 
   /*    
     Cloudflare
@@ -7444,6 +7461,7 @@ ndpi_protocol_match content_match[] = {
   { "audio/ogg",			NULL,		        NDPI_CONTENT_OGG, NDPI_PROTOCOL_FUN },
   { "video/ogg",			NULL,		        NDPI_CONTENT_OGG, NDPI_PROTOCOL_FUN },
   { "application/ogg",			NULL,		        NDPI_CONTENT_OGG, NDPI_PROTOCOL_FUN },
+  { ".adobe.",				NULL,			NDPI_CONTENT_FLASH, NDPI_PROTOCOL_FUN },
   { "video/flv",			NULL,		        NDPI_CONTENT_FLASH, NDPI_PROTOCOL_FUN },
   { "video/x-flv",			NULL,		        NDPI_CONTENT_FLASH, NDPI_PROTOCOL_FUN },
   { "application/x-fcs",		NULL,		        NDPI_CONTENT_FLASH, NDPI_PROTOCOL_FUN },
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 589fa8ace..9c02b6890 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -2556,9 +2556,6 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
   /* ZMQ */
   init_zmq_dissector(ndpi_struct, &a, detection_bitmask);
 
-  /* TWITTER */
-  init_twitter_dissector(ndpi_struct, &a, detection_bitmask);
-
   /* TELEGRAM */
   init_telegram_dissector(ndpi_struct, &a, detection_bitmask);
 
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index caac7390b..11ea138db 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -166,39 +166,10 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc
   // int i = 0;
   struct ndpi_packet_struct *packet = &flow->packet;
 
-  if(packet->iph /* IPv4 only */) {
-    /*
-      Twitter Inc. TWITTER-NETWORK (NET-199-59-148-0-1) 199.59.148.0 - 199.59.151.255
-      199.59.148.0/22
-    */
-    if(((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC73B9400 /* 199.59.148.0 */)
-       || ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC73B9400 /* 199.59.148.0 */)) {
-      packet->detected_protocol_stack[0] = NDPI_SERVICE_TWITTER,
-	packet->detected_protocol_stack[1] = NDPI_PROTOCOL_HTTP;
-      return;
-    }
-
-    /*
-      CIDR:           69.53.224.0/19
-      OriginAS:       AS2906
-      NetName:        NETFLIX-INC
-    */
-    if(((ntohl(packet->iph->saddr) & 0xFFFFE000 /* 255.255.224.0 */) == 0x4535E000 /* 69.53.224.0 */)
-       || ((ntohl(packet->iph->daddr) & 0xFFFFE000 /* 255.255.224.0 */) == 0x4535E000 /* 69.53.224.0 */)) {
-      packet->detected_protocol_stack[0] = NDPI_SERVICE_NETFLIX,
-	packet->detected_protocol_stack[1] = NDPI_PROTOCOL_HTTP;
-      return;
-    }
-  }
-
   if((flow->l4.tcp.http_stage == 0)
      || (flow->http.url && flow->http_detected)) {
-      /* Try matching subprotocols */
-      // ndpi_match_host_subprotocol(ndpi_struct, flow, (char*)packet->host_line.ptr, packet->host_line.len);
-
     /*
-      NOTE
-      
+      NOTE      
       If http_dont_dissect_response = 1 dissection of HTTP response
       mime types won't happen
     */
diff --git a/src/lib/protocols/twitter.c b/src/lib/protocols/twitter.c
deleted file mode 100644
index 0297bad1e..000000000
--- a/src/lib/protocols/twitter.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * twitter.c
- *
- * Copyright (C) 2014 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-
-#include "ndpi_protocols.h"
-
-#ifdef NDPI_SERVICE_TWITTER
-
-static void ndpi_int_twitter_add_connection(struct ndpi_detection_module_struct
-                                             *ndpi_struct, struct ndpi_flow_struct *flow)
-{
-  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_SERVICE_TWITTER, NDPI_PROTOCOL_UNKNOWN);
-}
-
-
-void ndpi_search_twitter(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
-
-  /*
-    Twitter AS34702
-
-    http://bgp.he.net/AS13414
-  */
-  if(flow->packet.iph) {
-    // IPv4
-    u_int32_t src = ntohl(flow->packet.iph->saddr);
-    u_int32_t dst = ntohl(flow->packet.iph->daddr);
-    
-    if(ndpi_ips_match(src, dst, 0xC0854C00, 22)     /* 192.133.76.0/22 */
-       || ndpi_ips_match(src, dst, 0xC7109C00, 22)  /* 199.16.156.0/22 */
-       || ndpi_ips_match(src, dst, 0xC73B9400, 22)  /* 199.59.148.0/22 */
-       || ndpi_ips_match(src, dst, 0xC7603A00, 23)  /* 199.96.58.0/23  */
-       || ndpi_ips_match(src, dst, 0xC7603E00, 23)  /* 199.96.62.0/23  */
-       ) {
-      ndpi_int_twitter_add_connection(ndpi_struct, flow);
-      return;
-    }
-  }
-  
-  NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_SERVICE_TWITTER);
-}
-
-
-void init_twitter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
-{
-  ndpi_set_bitmask_protocol_detection("TWITTER", ndpi_struct, detection_bitmask, *id,
-				      NDPI_SERVICE_TWITTER,
-				      ndpi_search_twitter,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP,
-				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-				      ADD_TO_DETECTION_BITMASK);
-
-  *id += 1;
-}
-
-#endif