diff options
| author | Daniele De Lorenzi <daniele.delorenzi@fastnetserv.net> | 2018-12-20 11:04:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-12-20 11:04:03 +0100 |
| commit | 2aea4da9adc3ba87346d01d20bd815004016db4f (patch) | |
| tree | 91c94e1645640407f32e0cf5b1097444f6f26271 /src/include | |
| parent | 3b1047b0c8136b85010554ac31f7845c68b5898b (diff) | |
| parent | d3be349fa0d03477be1c84fad23fcc37df9bcf67 (diff) | |
Merge pull request #10 from ntop/dev
Repo sync
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ndpi_api.h | 45 | ||||
| -rw-r--r-- | src/include/ndpi_define.h.in | 11 | ||||
| -rw-r--r-- | src/include/ndpi_main.h | 67 | ||||
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 517 | ||||
| -rw-r--r-- | src/include/ndpi_protocols.h | 7 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 514 |
6 files changed, 632 insertions, 529 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 16ac45de0..e57f3a568 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -213,11 +213,13 @@ extern "C" { * * @par ndpi_struct = the detection module * @par flow = the flow given for the detection module + * @par enable_guess = guess protocol if unknown * @return the detected protocol even if the flow is not completed; * */ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow); + struct ndpi_flow_struct *flow, + u_int8_t enable_guess); /** * Processes an extra packet in order to get more information for a given protocol @@ -326,6 +328,7 @@ extern "C" { * Search and return the protocol guessed that is undetected * * @par ndpi_struct = the detection module + * @par flow = the flow we're trying to guess, NULL if not available * @par proto = the l4 protocol number * @par shost = source address in host byte order * @par sport = source port number @@ -335,6 +338,7 @@ extern "C" { * */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int32_t shost, u_int16_t sport, @@ -346,6 +350,7 @@ extern "C" { * @par ndpi_struct = the detection module * @par string_to_match = the string to match * @par string_to_match_len = the length of the string + * @par ret_match = completed returned match information * @par is_host_match = value of the second field of struct ndpi_automa * @return the ID of the matched subprotocol * @@ -353,6 +358,7 @@ extern "C" { int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int8_t is_host_match); /** * Check if the host passed match with a protocol @@ -361,6 +367,7 @@ extern "C" { * @par flow = the flow where match the host * @par string_to_match = the string to match * @par string_to_match_len = the length of the string + * @par ret_match = completed returned match information * @par master_protocol_id = value of the ID associated to the master protocol detected * @return the ID of the matched subprotocol * @@ -369,6 +376,7 @@ extern "C" { struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id); @@ -379,6 +387,7 @@ extern "C" { * @par flow = the flow where match the host * @par string_to_match = the string to match * @par string_to_match_len = the length of the string + * @par ret_match = completed returned match information * @par master_protocol_id = value of the ID associated to the master protocol detected * @return the ID of the matched subprotocol * @@ -387,6 +396,7 @@ extern "C" { struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id); /** * Exclude protocol from search @@ -427,6 +437,20 @@ extern "C" { ndpi_protocol proto, char *buf, u_int buf_len); /** + * Same as ndpi_protocol2name() with the difference that the numeric protocol + * name is returned + * + * @par ndpi_mod = the detection module + * @par proto = the struct ndpi_protocol contain the protocols name + * @par buf = the buffer to write the name of the protocols + * @par buf_len = the length of the buffer + * @return the buffer contains the master_protocol and protocol name + * + */ + char* ndpi_protocol2id(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol proto, char *buf, u_int buf_len); + + /** * Find out if a given category is custom/user-defined * * @par category = the category associated to the protocol @@ -606,7 +630,7 @@ extern "C" { void ndpi_set_automa(struct ndpi_detection_module_struct *ndpi_struct, void* automa); -#ifdef NDPI_PROTOCOL_HTTP +/* NDPI_PROTOCOL_HTTP */ /** * Retrieve information for HTTP flows * @@ -639,9 +663,8 @@ extern "C" { */ char* ndpi_get_http_content_type(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow); -#endif -#ifdef NDPI_PROTOCOL_TOR +/* NDPI_PROTOCOL_TOR */ /** * Check if the flow could be detected as TOR protocol * @@ -654,7 +677,6 @@ extern "C" { */ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *certificate); -#endif /* Wrappers functions */ /** @@ -717,9 +739,14 @@ extern "C" { int ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct, char *name, ndpi_protocol_category_t category); int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_struct); + int ndpi_fill_ip_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, + const struct ndpi_iphdr *iph, + ndpi_protocol *ret); void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, ndpi_protocol *ret); + int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_struct, + char *name_or_ip, unsigned long *id); int ndpi_set_detection_preferences(struct ndpi_detection_module_struct *ndpi_mod, ndpi_detection_preference pref, int value); @@ -752,6 +779,14 @@ extern "C" { void * ndpi_calloc(unsigned long count, size_t size); void ndpi_free(void *ptr); u_int8_t ndpi_get_api_version(); + + /* https://github.com/corelight/community-id-spec */ + int ndpi_flowv4_flow_hash(u_int8_t l4_proto, u_int32_t src_ip, u_int32_t dst_ip, u_int16_t src_port, u_int16_t dst_port, + u_int8_t icmp_type, u_int8_t icmp_code, u_char *hash_buf, u_int8_t hash_buf_len); + int ndpi_flowv6_flow_hash(u_int8_t l4_proto, struct ndpi_in6_addr *src_ip, struct ndpi_in6_addr *dst_ip, + u_int16_t src_port, u_int16_t dst_port, u_int8_t icmp_type, u_int8_t icmp_code, + u_char *hash_buf, u_int8_t hash_buf_len); + #ifdef __cplusplus } #endif diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index a641c7b66..a73e03bc5 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -231,11 +231,11 @@ # define NDPI_LOG_DBG(...) {} # define NDPI_LOG_DBG2(...) {} # else -# define NDPI_LOG(proto, mod, log_level, args...) {} -# define NDPI_LOG_ERR(mod, args...) {} -# define NDPI_LOG_INFO(mod, args...) {} -# define NDPI_LOG_DBG(mod, args...) {} -# define NDPI_LOG_DBG2(mod, args...) {} +# define NDPI_LOG(proto, mod, log_level, args...) { /* printf(args); */ } +# define NDPI_LOG_ERR(mod, args...) { printf(args); } +# define NDPI_LOG_INFO(mod, args...) { /* printf(args); */ } +# define NDPI_LOG_DBG(mod, args...) { /* printf(args); */ } +# define NDPI_LOG_DBG2(mod, args...) { /* printf(args); */ } # endif #endif /* NDPI_ENABLE_DEBUG_MESSAGES */ @@ -332,6 +332,7 @@ #endif #define NDPI_MAX_DNS_REQUESTS 16 +#define NDPI_MIN_NUM_STUN_DETECTION 8 #define NDPI_MAJOR @NDPI_MAJOR@ #define NDPI_MINOR @NDPI_MINOR@ diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index b76335e02..e37576289 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -1,7 +1,7 @@ /* * ndpi_main.h * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -53,34 +53,56 @@ extern "C" { extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst, u_int32_t net, u_int32_t num_bits); - u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - - u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); + u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, + u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + + u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, + u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, + u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, + u_int16_t * bytes_read); void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); - extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); + extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); + extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); - extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter); + extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int16_t counter); - extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, + extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, + extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t protoBreed, u_int16_t protoId, - u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], char *protoName, + extern void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + ndpi_protocol_category_t protocol_category); + + extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_breed_t protoBreed, u_int16_t protoId, + u_int8_t can_have_a_subprotocol, + u_int16_t tcp_alias_protoId[2], + u_int16_t udp_alias_protoId[2], char *protoName, ndpi_protocol_category_t protoCategory, - ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts); + ndpi_port_range *tcpDefPorts, + ndpi_port_range *udpDefPorts); extern void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet); extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow); @@ -90,24 +112,27 @@ extern "C" { extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); extern void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); - extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const ndpi_ip_addr_t * ip); - extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_packet_struct *packet); + extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, + const ndpi_ip_addr_t * ip); + extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, + const struct ndpi_packet_struct *packet); extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id); u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name); extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto); extern u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto); extern u_int16_t ndpi_get_lower_proto(ndpi_protocol p); - extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id, + extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, + u_int16_t protocol_id, u_int16_t** tcp_master_proto, u_int16_t** udp_master_proto); -#ifdef NDPI_PROTOCOL_NETBIOS + #/* NDPI_PROTOCOL_NETBIOS */ int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len); -#endif #ifdef NDPI_ENABLE_DEBUG_MESSAGES void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index d04722b8d..14f1810ed 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -33,262 +33,265 @@ #define NDPI_DETECTION_SUPPORT_IPV6 #define NDPI_PROTOCOL_SIZE 2 -#define NDPI_PROTOCOL_UNKNOWN 0 +typedef enum { + NDPI_PROTOCOL_UNKNOWN = 0, + NDPI_PROTOCOL_FTP_CONTROL = 1, /* Tomasz Bujlow <tomasz@skatnet.dk> */ + NDPI_PROTOCOL_MAIL_POP = 2, + NDPI_PROTOCOL_MAIL_SMTP = 3, + NDPI_PROTOCOL_MAIL_IMAP = 4, + NDPI_PROTOCOL_DNS = 5, + NDPI_PROTOCOL_IPP = 6, + NDPI_PROTOCOL_HTTP = 7, + NDPI_PROTOCOL_MDNS = 8, + NDPI_PROTOCOL_NTP = 9, + NDPI_PROTOCOL_NETBIOS = 10, + NDPI_PROTOCOL_NFS = 11, + NDPI_PROTOCOL_SSDP = 12, + NDPI_PROTOCOL_BGP = 13, + NDPI_PROTOCOL_SNMP = 14, + NDPI_PROTOCOL_XDMCP = 15, + NDPI_PROTOCOL_SMBV1 = 16, /* SMB version 1 */ + NDPI_PROTOCOL_SYSLOG = 17, + NDPI_PROTOCOL_DHCP = 18, + NDPI_PROTOCOL_POSTGRES = 19, + NDPI_PROTOCOL_MYSQL = 20, + NDPI_PROTOCOL_HOTMAIL = 21, + NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK = 22, + NDPI_PROTOCOL_MAIL_POPS = 23, + NDPI_PROTOCOL_APPLEJUICE = 24, + NDPI_PROTOCOL_DIRECTCONNECT = 25, + NDPI_PROTOCOL_NTOP = 26, + NDPI_PROTOCOL_COAP = 27, + NDPI_PROTOCOL_VMWARE = 28, + NDPI_PROTOCOL_MAIL_SMTPS = 29, + NDPI_PROTOCOL_FBZERO = 30, + NDPI_PROTOCOL_UBNTAC2 = 31, /* Ubiquity UBNT AirControl = 2 - Thomas Fjellstrom <thomas+ndpi@fjellstrom.ca> */ + NDPI_PROTOCOL_KONTIKI = 32, + NDPI_PROTOCOL_OPENFT = 33, + NDPI_PROTOCOL_FASTTRACK = 34, + NDPI_PROTOCOL_GNUTELLA = 35, + NDPI_PROTOCOL_EDONKEY = 36, /* Tomasz Bujlow <tomasz@skatnet.dk> */ + NDPI_PROTOCOL_BITTORRENT = 37, + NDPI_PROTOCOL_SKYPE_CALL = 38, /* Skype call and videocalls */ + NDPI_PROTOCOL_SIGNAL = 39, + NDPI_PROTOCOL_MEMCACHED = 40, /* Memcached - Darryl Sokoloski <darryl@egloo.ca> */ + NDPI_PROTOCOL_SMBV23 = 41, /* SMB version 2/3 */ + NDPI_PROTOCOL_MINING = 42, /* Bitcoin, Ethereum, ZCash, Monero */ + NDPI_PROTOCOL_NEST_LOG_SINK = 43, /* Nest Log Sink (Nest Protect) - Darryl Sokoloski <darryl@egloo.ca> */ + + NDPI_PROTOCOL_FREE_44 = 44, /* Free */ + NDPI_PROTOCOL_FREE_45 = 45, /* Free */ + NDPI_PROTOCOL_FREE_46 = 46, /* Free */ + + NDPI_PROTOCOL_XBOX = 47, + NDPI_PROTOCOL_QQ = 48, + NDPI_PROTOCOL_FREE_49 = 49, /* Free */ + NDPI_PROTOCOL_RTSP = 50, + NDPI_PROTOCOL_MAIL_IMAPS = 51, + NDPI_PROTOCOL_ICECAST = 52, + NDPI_PROTOCOL_PPLIVE = 53, /* Tomasz Bujlow <tomasz@skatnet.dk> */ + NDPI_PROTOCOL_PPSTREAM = 54, + NDPI_PROTOCOL_ZATTOO = 55, + NDPI_PROTOCOL_SHOUTCAST = 56, + NDPI_PROTOCOL_SOPCAST = 57, + NDPI_PROTOCOL_TVANTS = 58, + NDPI_PROTOCOL_TVUPLAYER = 59, + NDPI_PROTOCOL_HTTP_DOWNLOAD = 60, + NDPI_PROTOCOL_QQLIVE = 61, + NDPI_PROTOCOL_THUNDER = 62, + NDPI_PROTOCOL_SOULSEEK = 63, + NDPI_PROTOCOL_SSL_NO_CERT = 64, + NDPI_PROTOCOL_IRC = 65, + NDPI_PROTOCOL_AYIYA = 66, + NDPI_PROTOCOL_UNENCRYPTED_JABBER = 67, + NDPI_PROTOCOL_MSN = 68, + NDPI_PROTOCOL_OSCAR = 69, + NDPI_PROTOCOL_YAHOO = 70, + NDPI_PROTOCOL_BATTLEFIELD = 71, + NDPI_PROTOCOL_GOOGLE_PLUS = 72, + NDPI_PROTOCOL_IP_VRRP = 73, + NDPI_PROTOCOL_STEAM = 74, /* Tomasz Bujlow <tomasz@skatnet.dk> */ + NDPI_PROTOCOL_HALFLIFE2 = 75, + NDPI_PROTOCOL_WORLDOFWARCRAFT = 76, + NDPI_PROTOCOL_TELNET = 77, + NDPI_PROTOCOL_STUN = 78, + NDPI_PROTOCOL_IP_IPSEC = 79, + NDPI_PROTOCOL_IP_GRE = 80, + NDPI_PROTOCOL_IP_ICMP = 81, + NDPI_PROTOCOL_IP_IGMP = 82, + NDPI_PROTOCOL_IP_EGP = 83, + NDPI_PROTOCOL_IP_SCTP = 84, + NDPI_PROTOCOL_IP_OSPF = 85, + NDPI_PROTOCOL_IP_IP_IN_IP = 86, + NDPI_PROTOCOL_RTP = 87, + NDPI_PROTOCOL_RDP = 88, + NDPI_PROTOCOL_VNC = 89, + NDPI_PROTOCOL_PCANYWHERE = 90, + NDPI_PROTOCOL_SSL = 91, + NDPI_PROTOCOL_SSH = 92, + NDPI_PROTOCOL_USENET = 93, + NDPI_PROTOCOL_MGCP = 94, + NDPI_PROTOCOL_IAX = 95, + NDPI_PROTOCOL_TFTP = 96, + NDPI_PROTOCOL_AFP = 97, + NDPI_PROTOCOL_STEALTHNET = 98, + NDPI_PROTOCOL_AIMINI = 99, + NDPI_PROTOCOL_SIP = 100, + NDPI_PROTOCOL_TRUPHONE = 101, + NDPI_PROTOCOL_IP_ICMPV6 = 102, + NDPI_PROTOCOL_DHCPV6 = 103, + NDPI_PROTOCOL_ARMAGETRON = 104, + NDPI_PROTOCOL_CROSSFIRE = 105, + NDPI_PROTOCOL_DOFUS = 106, + NDPI_PROTOCOL_FIESTA = 107, + NDPI_PROTOCOL_FLORENSIA = 108, + NDPI_PROTOCOL_GUILDWARS = 109, + NDPI_PROTOCOL_HTTP_ACTIVESYNC = 110, + NDPI_PROTOCOL_KERBEROS = 111, + NDPI_PROTOCOL_LDAP = 112, + NDPI_PROTOCOL_MAPLESTORY = 113, + NDPI_PROTOCOL_MSSQL_TDS = 114, + NDPI_PROTOCOL_PPTP = 115, + NDPI_PROTOCOL_WARCRAFT3 = 116, + NDPI_PROTOCOL_WORLD_OF_KUNG_FU = 117, + NDPI_PROTOCOL_SLACK = 118, + NDPI_PROTOCOL_FACEBOOK = 119, + NDPI_PROTOCOL_TWITTER = 120, + NDPI_PROTOCOL_DROPBOX = 121, + NDPI_PROTOCOL_GMAIL = 122, + NDPI_PROTOCOL_GOOGLE_MAPS = 123, + NDPI_PROTOCOL_YOUTUBE = 124, + NDPI_PROTOCOL_SKYPE = 125, + NDPI_PROTOCOL_GOOGLE = 126, + NDPI_PROTOCOL_DCERPC = 127, + NDPI_PROTOCOL_NETFLOW = 128, + NDPI_PROTOCOL_SFLOW = 129, + NDPI_PROTOCOL_HTTP_CONNECT = 130, + NDPI_PROTOCOL_HTTP_PROXY = 131, + NDPI_PROTOCOL_CITRIX = 132, /* It also includes the old NDPI_PROTOCOL_CITRIX_ONLINE */ + NDPI_PROTOCOL_NETFLIX = 133, + NDPI_PROTOCOL_LASTFM = 134, + NDPI_PROTOCOL_WAZE = 135, + NDPI_PROTOCOL_YOUTUBE_UPLOAD = 136, /* Upload files to youtube */ + NDPI_PROTOCOL_GENERIC = 137, /* Generic protocol used for category matching */ + NDPI_PROTOCOL_CHECKMK = 138, + NDPI_PROTOCOL_AJP = 139, /* Leonn Paiva <leonn.paiva@gmail.com> */ + NDPI_PROTOCOL_APPLE = 140, + NDPI_PROTOCOL_WEBEX = 141, + NDPI_PROTOCOL_WHATSAPP = 142, + NDPI_PROTOCOL_APPLE_ICLOUD = 143, + NDPI_PROTOCOL_VIBER = 144, + NDPI_PROTOCOL_APPLE_ITUNES = 145, + NDPI_PROTOCOL_RADIUS = 146, + NDPI_PROTOCOL_WINDOWS_UPDATE = 147, + NDPI_PROTOCOL_TEAMVIEWER = 148, /* xplico.org */ + NDPI_PROTOCOL_TUENTI = 149, + NDPI_PROTOCOL_LOTUS_NOTES = 150, + NDPI_PROTOCOL_SAP = 151, + NDPI_PROTOCOL_GTP = 152, + NDPI_PROTOCOL_UPNP = 153, + NDPI_PROTOCOL_LLMNR = 154, + NDPI_PROTOCOL_REMOTE_SCAN = 155, + NDPI_PROTOCOL_SPOTIFY = 156, + NDPI_PROTOCOL_MESSENGER = 157, + NDPI_PROTOCOL_H323 = 158, /* Remy Mudingay <mudingay@ill.fr> */ + NDPI_PROTOCOL_OPENVPN = 159, /* Remy Mudingay <mudingay@ill.fr> */ + NDPI_PROTOCOL_NOE = 160, /* Remy Mudingay <mudingay@ill.fr> */ + NDPI_PROTOCOL_CISCOVPN = 161, /* Remy Mudingay <mudingay@ill.fr> */ + NDPI_PROTOCOL_TEAMSPEAK = 162, /* Remy Mudingay <mudingay@ill.fr> */ + NDPI_PROTOCOL_TOR = 163, /* Remy Mudingay <mudingay@ill.fr> */ + NDPI_PROTOCOL_SKINNY = 164, /* Remy Mudingay <mudingay@ill.fr> */ + NDPI_PROTOCOL_RTCP = 165, /* Remy Mudingay <mudingay@ill.fr> */ + NDPI_PROTOCOL_RSYNC = 166, /* Remy Mudingay <mudingay@ill.fr> */ + NDPI_PROTOCOL_ORACLE = 167, /* Remy Mudingay <mudingay@ill.fr> */ + NDPI_PROTOCOL_CORBA = 168, /* Remy Mudingay <mudingay@ill.fr> */ + NDPI_PROTOCOL_UBUNTUONE = 169, /* Remy Mudingay <mudingay@ill.fr> */ + NDPI_PROTOCOL_WHOIS_DAS = 170, + NDPI_PROTOCOL_COLLECTD = 171, + NDPI_PROTOCOL_SOCKS = 172, /* Tomasz Bujlow <tomasz@skatnet.dk> */ + NDPI_PROTOCOL_NINTENDO = 173, + NDPI_PROTOCOL_RTMP = 174, /* Tomasz Bujlow <tomasz@skatnet.dk> */ + NDPI_PROTOCOL_FTP_DATA = 175, /* Tomasz Bujlow <tomasz@skatnet.dk> */ + NDPI_PROTOCOL_WIKIPEDIA = 176, /* Tomasz Bujlow <tomasz@skatnet.dk> */ + NDPI_PROTOCOL_ZMQ = 177, + NDPI_PROTOCOL_AMAZON = 178, /* Tomasz Bujlow <tomasz@skatnet.dk> */ + NDPI_PROTOCOL_EBAY = 179, /* Tomasz Bujlow <tomasz@skatnet.dk> */ + NDPI_PROTOCOL_CNN = 180, /* Tomasz Bujlow <tomasz@skatnet.dk> */ + NDPI_PROTOCOL_MEGACO = 181, /* Gianluca Costa <g.costa@xplico.org> */ + NDPI_PROTOCOL_REDIS = 182, + NDPI_PROTOCOL_PANDO = 183, /* Tomasz Bujlow <tomasz@skatnet.dk> */ + NDPI_PROTOCOL_VHUA = 184, + NDPI_PROTOCOL_TELEGRAM = 185, /* Gianluca Costa <g.costa@xplico.org> */ + NDPI_PROTOCOL_VEVO = 186, + NDPI_PROTOCOL_PANDORA = 187, + NDPI_PROTOCOL_QUIC = 188, /* Andrea Buscarinu <andrea.buscarinu@gmail.com> - Michele Campus <michelecampus5@gmail.com> */ + NDPI_PROTOCOL_WHATSAPP_VOICE = 189, + NDPI_PROTOCOL_EAQ = 190, + NDPI_PROTOCOL_OOKLA = 191, + NDPI_PROTOCOL_AMQP = 192, + NDPI_PROTOCOL_KAKAOTALK = 193, /* KakaoTalk Chat (no voice call) */ + NDPI_PROTOCOL_KAKAOTALK_VOICE = 194, /* KakaoTalk Voice */ + NDPI_PROTOCOL_TWITCH = 195, /* Edoardo Dominici <edoaramis@gmail.com> */ + NDPI_PROTOCOL_FREE_196 = 196, /* Free */ + NDPI_PROTOCOL_WECHAT = 197, + NDPI_PROTOCOL_MPEGTS = 198, + NDPI_PROTOCOL_SNAPCHAT = 199, + NDPI_PROTOCOL_SINA = 200, + NDPI_PROTOCOL_HANGOUT = 201, + NDPI_PROTOCOL_IFLIX = 202, /* www.vizuamatix.com R&D team & M.Mallawaarachchie <manoj_ws@yahoo.com> */ + NDPI_PROTOCOL_GITHUB = 203, + NDPI_PROTOCOL_BJNP = 204, + NDPI_PROTOCOL_FREE_205 = 205, /* Free */ + NDPI_PROTOCOL_VIDTO = 206, + NDPI_PROTOCOL_SMPP = 207, /* Damir Franusic <df@release14.org> */ + NDPI_PROTOCOL_DNSCRYPT = 208, + NDPI_PROTOCOL_TINC = 209, /* William Guglielmo <william@deselmo.com> */ + NDPI_PROTOCOL_DEEZER = 210, + NDPI_PROTOCOL_INSTAGRAM = 211, /* Andrea Buscarinu <andrea.buscarinu@gmail.com> */ + NDPI_PROTOCOL_MICROSOFT = 212, + NDPI_PROTOCOL_STARCRAFT = 213, /* Matteo Bracci <matteobracci1@gmail.com> */ + NDPI_PROTOCOL_TEREDO = 214, + NDPI_PROTOCOL_HOTSPOT_SHIELD = 215, + NDPI_PROTOCOL_HEP = 216, /* sipcapture.org QXIP BV */ + NDPI_PROTOCOL_GOOGLE_DRIVE = 217, + NDPI_PROTOCOL_OCS = 218, + NDPI_PROTOCOL_OFFICE_365 = 219, + NDPI_PROTOCOL_CLOUDFLARE = 220, + NDPI_PROTOCOL_MS_ONE_DRIVE = 221, + NDPI_PROTOCOL_MQTT = 222, + NDPI_PROTOCOL_RX = 223, + NDPI_PROTOCOL_APPLESTORE = 224, + NDPI_PROTOCOL_OPENDNS = 225, + NDPI_PROTOCOL_GIT = 226, + NDPI_PROTOCOL_DRDA = 227, + NDPI_PROTOCOL_PLAYSTORE = 228, + NDPI_PROTOCOL_SOMEIP = 229, + NDPI_PROTOCOL_FIX = 230, + NDPI_PROTOCOL_PLAYSTATION = 231, + NDPI_PROTOCOL_PASTEBIN = 232, /* Paulo Angelo <pa@pauloangelo.com> */ + NDPI_PROTOCOL_LINKEDIN = 233, /* Paulo Angelo <pa@pauloangelo.com> */ + NDPI_PROTOCOL_SOUNDCLOUD = 234, + NDPI_PROTOCOL_CSGO = 235, /* Counter-Strike Global Offensive, Dota = 2 */ + NDPI_PROTOCOL_LISP = 236, + NDPI_PROTOCOL_DIAMETER = 237, + NDPI_PROTOCOL_APPLE_PUSH = 238, + NDPI_PROTOCOL_GOOGLE_SERVICES = 239, + NDPI_PROTOCOL_AMAZON_VIDEO = 240, + NDPI_PROTOCOL_GOOGLE_DOCS = 241, + NDPI_PROTOCOL_WHATSAPP_FILES = 242, /* Videos, pictures, voice messages... */ + /* + IMPORTANT + before allocating a new identifier please fill up + one of those named NDPI_PROTOCOL_FREE_XXX and not used + (placeholders to avoid protocol renumbering) + */ + + + /* IMPORTANT:NDPI_LAST_IMPLEMENTED_PROTOCOL MUST BE THE LAST ELEMENT */ + NDPI_LAST_IMPLEMENTED_PROTOCOL +} ndpi_protocol_id_t; -#define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN - -#define NDPI_PROTOCOL_UNKNOWN 0 -#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow <tomasz@skatnet.dk> */ -#define NDPI_PROTOCOL_MAIL_POP 2 -#define NDPI_PROTOCOL_MAIL_SMTP 3 -#define NDPI_PROTOCOL_MAIL_IMAP 4 -#define NDPI_PROTOCOL_DNS 5 -#define NDPI_PROTOCOL_IPP 6 -#define NDPI_PROTOCOL_HTTP 7 -#define NDPI_PROTOCOL_MDNS 8 -#define NDPI_PROTOCOL_NTP 9 -#define NDPI_PROTOCOL_NETBIOS 10 -#define NDPI_PROTOCOL_NFS 11 -#define NDPI_PROTOCOL_SSDP 12 -#define NDPI_PROTOCOL_BGP 13 -#define NDPI_PROTOCOL_SNMP 14 -#define NDPI_PROTOCOL_XDMCP 15 -#define NDPI_PROTOCOL_SMB 16 -#define NDPI_PROTOCOL_SYSLOG 17 -#define NDPI_PROTOCOL_DHCP 18 -#define NDPI_PROTOCOL_POSTGRES 19 -#define NDPI_PROTOCOL_MYSQL 20 -#define NDPI_PROTOCOL_HOTMAIL 21 -#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 -#define NDPI_PROTOCOL_MAIL_POPS 23 -#define NDPI_PROTOCOL_APPLEJUICE 24 -#define NDPI_PROTOCOL_DIRECTCONNECT 25 -#define NDPI_PROTOCOL_NTOP 26 -#define NDPI_PROTOCOL_COAP 27 -#define NDPI_PROTOCOL_VMWARE 28 -#define NDPI_PROTOCOL_MAIL_SMTPS 29 -#define NDPI_PROTOCOL_FBZERO 30 -#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom <thomas+ndpi@fjellstrom.ca> */ -#define NDPI_PROTOCOL_KONTIKI 32 -#define NDPI_PROTOCOL_OPENFT 33 -#define NDPI_PROTOCOL_FASTTRACK 34 -#define NDPI_PROTOCOL_GNUTELLA 35 -#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow <tomasz@skatnet.dk> */ -#define NDPI_PROTOCOL_BITTORRENT 37 -#define NDPI_PROTOCOL_SKYPE_CALL_OUT 38 -#define NDPI_PROTOCOL_MUSICALLY 39 - -/* 40..46 are free */ -#define NDPI_PROTOCOL_FREE_40 40 -#define NDPI_PROTOCOL_FREE_41 41 -#define NDPI_PROTOCOL_FREE_42 42 -#define NDPI_PROTOCOL_FREE_43 43 -#define NDPI_PROTOCOL_FREE_44 44 -#define NDPI_PROTOCOL_FREE_45 45 -#define NDPI_PROTOCOL_FREE_46 46 - -#define NDPI_PROTOCOL_XBOX 47 -#define NDPI_PROTOCOL_QQ 48 -#define NDPI_PROTOCOL_SKYPE_CALL_IN 49 -#define NDPI_PROTOCOL_RTSP 50 -#define NDPI_PROTOCOL_MAIL_IMAPS 51 -#define NDPI_PROTOCOL_ICECAST 52 -#define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow <tomasz@skatnet.dk> */ -#define NDPI_PROTOCOL_PPSTREAM 54 -#define NDPI_PROTOCOL_ZATTOO 55 -#define NDPI_PROTOCOL_SHOUTCAST 56 -#define NDPI_PROTOCOL_SOPCAST 57 -#define NDPI_PROTOCOL_TVANTS 58 -#define NDPI_PROTOCOL_TVUPLAYER 59 -#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 -#define NDPI_PROTOCOL_QQLIVE 61 -#define NDPI_PROTOCOL_THUNDER 62 -#define NDPI_PROTOCOL_SOULSEEK 63 -#define NDPI_PROTOCOL_SSL_NO_CERT 64 -#define NDPI_PROTOCOL_IRC 65 -#define NDPI_PROTOCOL_AYIYA 66 -#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 -#define NDPI_PROTOCOL_MSN 68 -#define NDPI_PROTOCOL_OSCAR 69 -#define NDPI_PROTOCOL_YAHOO 70 -#define NDPI_PROTOCOL_BATTLEFIELD 71 -#define NDPI_PROTOCOL_GOOGLE_PLUS 72 -#define NDPI_PROTOCOL_IP_VRRP 73 -#define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow <tomasz@skatnet.dk> */ -#define NDPI_PROTOCOL_HALFLIFE2 75 -#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 -#define NDPI_PROTOCOL_TELNET 77 -#define NDPI_PROTOCOL_STUN 78 -#define NDPI_PROTOCOL_IP_IPSEC 79 -#define NDPI_PROTOCOL_IP_GRE 80 -#define NDPI_PROTOCOL_IP_ICMP 81 -#define NDPI_PROTOCOL_IP_IGMP 82 -#define NDPI_PROTOCOL_IP_EGP 83 -#define NDPI_PROTOCOL_IP_SCTP 84 -#define NDPI_PROTOCOL_IP_OSPF 85 -#define NDPI_PROTOCOL_IP_IP_IN_IP 86 -#define NDPI_PROTOCOL_RTP 87 -#define NDPI_PROTOCOL_RDP 88 -#define NDPI_PROTOCOL_VNC 89 -#define NDPI_PROTOCOL_PCANYWHERE 90 -#define NDPI_PROTOCOL_SSL 91 -#define NDPI_PROTOCOL_SSH 92 -#define NDPI_PROTOCOL_USENET 93 -#define NDPI_PROTOCOL_MGCP 94 -#define NDPI_PROTOCOL_IAX 95 -#define NDPI_PROTOCOL_TFTP 96 -#define NDPI_PROTOCOL_AFP 97 -#define NDPI_PROTOCOL_STEALTHNET 98 -#define NDPI_PROTOCOL_AIMINI 99 -#define NDPI_PROTOCOL_SIP 100 -#define NDPI_PROTOCOL_TRUPHONE 101 -#define NDPI_PROTOCOL_IP_ICMPV6 102 -#define NDPI_PROTOCOL_DHCPV6 103 -#define NDPI_PROTOCOL_ARMAGETRON 104 -#define NDPI_PROTOCOL_CROSSFIRE 105 -#define NDPI_PROTOCOL_DOFUS 106 -#define NDPI_PROTOCOL_FIESTA 107 -#define NDPI_PROTOCOL_FLORENSIA 108 -#define NDPI_PROTOCOL_GUILDWARS 109 -#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 /*avoid large declarations in the future*/ -#define NDPI_PROTOCOL_KERBEROS 111 -#define NDPI_PROTOCOL_LDAP 112 -#define NDPI_PROTOCOL_MAPLESTORY 113 -#define NDPI_PROTOCOL_MSSQL_TDS 114 -#define NDPI_PROTOCOL_PPTP 115 -#define NDPI_PROTOCOL_WARCRAFT3 116 -#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 -#define NDPI_PROTOCOL_SLACK 118 -#define NDPI_PROTOCOL_FACEBOOK 119 -#define NDPI_PROTOCOL_TWITTER 120 -#define NDPI_PROTOCOL_DROPBOX 121 -#define NDPI_PROTOCOL_GMAIL 122 -#define NDPI_PROTOCOL_GOOGLE_MAPS 123 -#define NDPI_PROTOCOL_YOUTUBE 124 -#define NDPI_PROTOCOL_SKYPE 125 -#define NDPI_PROTOCOL_GOOGLE 126 -#define NDPI_PROTOCOL_DCERPC 127 -#define NDPI_PROTOCOL_NETFLOW 128 -#define NDPI_PROTOCOL_SFLOW 129 -#define NDPI_PROTOCOL_HTTP_CONNECT 130 -#define NDPI_PROTOCOL_HTTP_PROXY 131 -#define NDPI_PROTOCOL_CITRIX 132 /* It includes also the old NDPI_PROTOCOL_CITRIX_ONLINE */ -#define NDPI_PROTOCOL_NETFLIX 133 -#define NDPI_PROTOCOL_LASTFM 134 -#define NDPI_PROTOCOL_WAZE 135 -#define NDPI_PROTOCOL_YOUTUBE_UPLOAD 136 /* Upload files to youtube */ -#define NDPI_PROTOCOL_ICQ 137 -#define NDPI_PROTOCOL_CHECKMK 138 -#define NDPI_PROTOCOL_AJP 139 /* Leonn Paiva <leonn.paiva@gmail.com>*/ -#define NDPI_PROTOCOL_APPLE 140 -#define NDPI_PROTOCOL_WEBEX 141 -#define NDPI_PROTOCOL_WHATSAPP 142 -#define NDPI_PROTOCOL_APPLE_ICLOUD 143 -#define NDPI_PROTOCOL_VIBER 144 -#define NDPI_PROTOCOL_APPLE_ITUNES 145 -#define NDPI_PROTOCOL_RADIUS 146 -#define NDPI_PROTOCOL_WINDOWS_UPDATE 147 -#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ -#define NDPI_PROTOCOL_TUENTI 149 -#define NDPI_PROTOCOL_LOTUS_NOTES 150 -#define NDPI_PROTOCOL_SAP 151 -#define NDPI_PROTOCOL_GTP 152 -#define NDPI_PROTOCOL_UPNP 153 -#define NDPI_PROTOCOL_LLMNR 154 -#define NDPI_PROTOCOL_REMOTE_SCAN 155 -#define NDPI_PROTOCOL_SPOTIFY 156 -#define NDPI_PROTOCOL_MESSENGER 157 -#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay <mudingay@ill.fr> */ -#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay <mudingay@ill.fr> */ -#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay <mudingay@ill.fr> */ -#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay <mudingay@ill.fr> */ -#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay <mudingay@ill.fr> */ -#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay <mudingay@ill.fr> */ -#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay <mudingay@ill.fr> */ -#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay <mudingay@ill.fr> */ -#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay <mudingay@ill.fr> */ -#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay <mudingay@ill.fr> */ -#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay <mudingay@ill.fr> */ -#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay <mudingay@ill.fr> */ -#define NDPI_PROTOCOL_WHOIS_DAS 170 -#define NDPI_PROTOCOL_COLLECTD 171 -#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow <tomasz@skatnet.dk> */ -#define NDPI_PROTOCOL_NINTENDO 173 -#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow <tomasz@skatnet.dk> */ -#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow <tomasz@skatnet.dk> */ -#define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow <tomasz@skatnet.dk> */ -#define NDPI_PROTOCOL_ZMQ 177 -#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow <tomasz@skatnet.dk> */ -#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow <tomasz@skatnet.dk> */ -#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow <tomasz@skatnet.dk> */ -#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa <g.costa@xplico.org> */ -#define NDPI_PROTOCOL_REDIS 182 -#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow <tomasz@skatnet.dk> */ -#define NDPI_PROTOCOL_VHUA 184 -#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa <g.costa@xplico.org> */ -#define NDPI_PROTOCOL_VEVO 186 -#define NDPI_PROTOCOL_PANDORA 187 -#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu <andrea.buscarinu@gmail.com> - Michele Campus <michelecampus5@gmail.com> */ -#define NDPI_PROTOCOL_WHATSAPP_VOICE 189 -#define NDPI_PROTOCOL_EAQ 190 -#define NDPI_PROTOCOL_OOKLA 191 -#define NDPI_PROTOCOL_AMQP 192 -#define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ -#define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ -#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici <edoaramis@gmail.com> */ -#define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ -#define NDPI_PROTOCOL_WECHAT 197 -#define NDPI_PROTOCOL_MPEGTS 198 -#define NDPI_PROTOCOL_SNAPCHAT 199 -#define NDPI_PROTOCOL_SINA 200 -#define NDPI_PROTOCOL_HANGOUT 201 -#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie <manoj_ws@yahoo.com> */ -#define NDPI_PROTOCOL_GITHUB 203 -#define NDPI_PROTOCOL_BJNP 204 -#define NDPI_PROTOCOL_1KXUN 205 -#define NDPI_PROTOCOL_IQIYI 206 -#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic <df@release14.org> */ -#define NDPI_PROTOCOL_DNSCRYPT 208 -#define NDPI_PROTOCOL_TINC 209 /* William Guglielmo <william@deselmo.com> */ -#define NDPI_PROTOCOL_DEEZER 210 -#define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu <andrea.buscarinu@gmail.com> */ -#define NDPI_PROTOCOL_MICROSOFT 212 -#define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci <matteobracci1@gmail.com> */ -#define NDPI_PROTOCOL_TEREDO 214 -#define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 -#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ -#define NDPI_PROTOCOL_GOOGLE_DRIVE 217 -#define NDPI_PROTOCOL_OCS 218 -#define NDPI_PROTOCOL_OFFICE_365 219 -#define NDPI_PROTOCOL_CLOUDFLARE 220 -#define NDPI_PROTOCOL_MS_ONE_DRIVE 221 -#define NDPI_PROTOCOL_MQTT 222 -#define NDPI_PROTOCOL_RX 223 -#define NDPI_PROTOCOL_APPLESTORE 224 -#define NDPI_PROTOCOL_OPENDNS 225 -#define NDPI_PROTOCOL_GIT 226 -#define NDPI_PROTOCOL_DRDA 227 -#define NDPI_PROTOCOL_PLAYSTORE 228 -#define NDPI_PROTOCOL_SOMEIP 229 -#define NDPI_PROTOCOL_FIX 230 -#define NDPI_PROTOCOL_PLAYSTATION 231 -#define NDPI_PROTOCOL_PASTEBIN 232 /* Paulo Angelo <pa@pauloangelo.com> */ -#define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo <pa@pauloangelo.com> */ -#define NDPI_PROTOCOL_SOUNDCLOUD 234 -#define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ -#define NDPI_PROTOCOL_LISP 236 -#define NDPI_PROTOCOL_DIAMETER 237 -#define NDPI_PROTOCOL_APPLE_PUSH 238 -#define NDPI_PROTOCOL_GOOGLE_SERVICES 239 -#define NDPI_PROTOCOL_AMAZON_VIDEO 240 -#define NDPI_PROTOCOL_GOOGLE_DOCS 241 -#define NDPI_PROTOCOL_WHATSAPP_FILES 242 /* Videos, pictures, voice messages... */ -#define NDPI_PROTOCOL_VIDTO 243 /* VidTO streaming service */ -#define NDPI_PROTOCOL_RAPIDVIDEO 244 /* RapidVideo streaming */ - -/* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_RAPIDVIDEO - -#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) -#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) +#define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN +#define NDPI_MAX_SUPPORTED_PROTOCOLS NDPI_LAST_IMPLEMENTED_PROTOCOL +#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) #endif diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index f08b1de73..5349237d4 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -203,6 +203,8 @@ void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_csgo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_ajp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_memcached(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_nest_log_sink(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); @@ -259,6 +261,7 @@ void init_maplestory_dissector(struct ndpi_detection_module_struct *ndpi_struct, void init_mdns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_mgpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_mining_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); @@ -322,6 +325,7 @@ void init_tor_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 void init_tvants_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_upnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_veohtv_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); @@ -356,4 +360,7 @@ void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_fbzero_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_memcached_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_nest_log_sink_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 77440b5c7..294af22b3 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -25,9 +25,7 @@ #define __NDPI_TYPEDEFS_H__ #include "ndpi_define.h" - -#define BT_ANNOUNCE -#define SNAP_EXT +#include "ndpi_protocol_ids.h" /* NDPI_LOG_LEVEL */ typedef enum { @@ -308,8 +306,7 @@ struct ndpi_icmphdr { /* ******************* ********************* ****************** */ /* ************************************************************ */ -#ifdef NDPI_PROTOCOL_BITTORRENT - +/* NDPI_PROTOCOL_BITTORRENT */ typedef struct spinlock { volatile int val; } spinlock_t; @@ -348,9 +345,8 @@ struct bt_announce { // 192 bytes u_int8_t name_len, name[192 - 4*10 - 2 - 1]; // 149 bytes }; -#endif -#ifdef NDPI_PROTOCOL_TINC +/* NDPI_PROTOCOL_TINC */ #define TINC_CACHE_MAX_SIZE 10 PACK_ON struct tinc_cache_entry { @@ -359,8 +355,6 @@ PACK_ON struct tinc_cache_entry { u_int16_t dst_port; } PACK_OFF; -#endif - typedef enum { HTTP_METHOD_UNKNOWN = 0, HTTP_METHOD_OPTIONS, @@ -381,227 +375,230 @@ struct ndpi_id_struct { to compare this, use: **/ NDPI_PROTOCOL_BITMASK detected_protocol_bitmask; -#ifdef NDPI_PROTOCOL_RTSP +/* NDPI_PROTOCOL_RTSP */ ndpi_ip_addr_t rtsp_ip_address; -#endif -#ifdef NDPI_PROTOCOL_SIP -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_video_lan_timer; -#endif -#endif + /* NDPI_PROTOCOL_IRC_MAXPORT % 2 must be 0 */ -#ifdef NDPI_PROTOCOL_IRC +/* NDPI_PROTOCOL_IRC */ #define NDPI_PROTOCOL_IRC_MAXPORT 8 u_int16_t irc_port[NDPI_PROTOCOL_IRC_MAXPORT]; u_int32_t last_time_port_used[NDPI_PROTOCOL_IRC_MAXPORT]; u_int32_t irc_ts; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int32_t gnutella_ts; -#endif -#ifdef NDPI_PROTOCOL_BATTLEFIELD + +/* NDPI_PROTOCOL_BATTLEFIELD */ u_int32_t battlefield_ts; -#endif -#ifdef NDPI_PROTOCOL_THUNDER + +/* NDPI_PROTOCOL_THUNDER */ u_int32_t thunder_ts; -#endif -#ifdef NDPI_PROTOCOL_RTSP + +/* NDPI_PROTOCOL_RTSP */ u_int32_t rtsp_timer; -#endif -#ifdef NDPI_PROTOCOL_OSCAR + +/* NDPI_PROTOCOL_OSCAR */ u_int32_t oscar_last_safe_access_time; -#endif -#ifdef NDPI_PROTOCOL_ZATTOO + +/* NDPI_PROTOCOL_ZATTOO */ u_int32_t zattoo_ts; -#endif -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + +/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */ u_int32_t jabber_stun_or_ft_ts; -#endif -#ifdef NDPI_PROTOCOL_DIRECTCONNECT + +/* NDPI_PROTOCOL_DIRECTCONNECT */ u_int32_t directconnect_last_safe_access_time; -#endif -#ifdef NDPI_PROTOCOL_SOULSEEK + +/* NDPI_PROTOCOL_SOULSEEK */ u_int32_t soulseek_last_safe_access_time; -#endif -#ifdef NDPI_PROTOCOL_DIRECTCONNECT + +/* NDPI_PROTOCOL_DIRECTCONNECT */ u_int16_t detected_directconnect_port; u_int16_t detected_directconnect_udp_port; u_int16_t detected_directconnect_ssl_port; -#endif -#ifdef NDPI_PROTOCOL_BITTORRENT + +/* NDPI_PROTOCOL_BITTORRENT */ #define NDPI_BT_PORTS 8 u_int16_t bt_port_t[NDPI_BT_PORTS]; u_int16_t bt_port_u[NDPI_BT_PORTS]; -#endif -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + +/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */ #define JABBER_MAX_STUN_PORTS 6 u_int16_t jabber_voice_stun_port[JABBER_MAX_STUN_PORTS]; u_int16_t jabber_file_transfer_port[2]; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int16_t detected_gnutella_port; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int16_t detected_gnutella_udp_port1; u_int16_t detected_gnutella_udp_port2; -#endif -#ifdef NDPI_PROTOCOL_SOULSEEK + +/* NDPI_PROTOCOL_SOULSEEK */ u_int16_t soulseek_listen_port; -#endif -#ifdef NDPI_PROTOCOL_IRC + +/* NDPI_PROTOCOL_IRC */ u_int8_t irc_number_of_port; -#endif -#ifdef NDPI_PROTOCOL_OSCAR + +/* NDPI_PROTOCOL_OSCAR */ u_int8_t oscar_ssl_session_id[33]; -#endif -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + +/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */ u_int8_t jabber_voice_stun_used_ports; -#endif -#ifdef NDPI_PROTOCOL_SIP -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_SIP */ +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_video_lan_dir:1; -#endif -#endif -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_conf_logged_in:1; u_int32_t yahoo_voice_conf_logged_in:1; -#endif -#ifdef NDPI_PROTOCOL_RTSP + +/* NDPI_PROTOCOL_RTSP */ u_int32_t rtsp_ts_set:1; -#endif }; /* ************************************************** */ struct ndpi_flow_tcp_struct { -#ifdef NDPI_PROTOCOL_MAIL_SMTP +/* NDPI_PROTOCOL_MAIL_SMTP */ u_int16_t smtp_command_bitmask; -#endif -#ifdef NDPI_PROTOCOL_MAIL_POP + +/* NDPI_PROTOCOL_MAIL_POP */ u_int16_t pop_command_bitmask; -#endif -#ifdef NDPI_PROTOCOL_QQ + +/* NDPI_PROTOCOL_QQ */ u_int16_t qq_nxt_len; -#endif -#ifdef NDPI_PROTOCOL_TDS + + /* NDPI_PROTOCOL_WHATSAPP */ + u_int8_t wa_matched_so_far; + +/* NDPI_PROTOCOL_TDS */ u_int8_t tds_login_version; -#endif -#ifdef NDPI_PROTOCOL_IRC + +/* NDPI_PROTOCOL_IRC */ u_int8_t irc_stage; u_int8_t irc_port; -#endif -#ifdef NDPI_PROTOCOL_H323 +/* NDPI_PROTOCOL_H323 */ u_int8_t h323_valid_packets; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int8_t gnutella_msg_id[3]; -#endif -#ifdef NDPI_PROTOCOL_IRC + +/* NDPI_PROTOCOL_IRC */ u_int32_t irc_3a_counter:3; u_int32_t irc_stage2:5; u_int32_t irc_direction:2; u_int32_t irc_0x1000_full:1; -#endif -#ifdef NDPI_PROTOCOL_SOULSEEK + +/* NDPI_PROTOCOL_SOULSEEK */ u_int32_t soulseek_stage:2; -#endif -#ifdef NDPI_PROTOCOL_TDS + +/* NDPI_PROTOCOL_TDS */ u_int32_t tds_stage:3; -#endif -#ifdef NDPI_PROTOCOL_USENET + +/* NDPI_PROTOCOL_USENET */ u_int32_t usenet_stage:2; -#endif -#ifdef NDPI_PROTOCOL_IMESH + +/* NDPI_PROTOCOL_IMESH */ u_int32_t imesh_stage:4; -#endif -#ifdef NDPI_PROTOCOL_HTTP + +/* NDPI_PROTOCOL_HTTP */ u_int32_t http_setup_dir:2; u_int32_t http_stage:2; u_int32_t http_empty_line_seen:1; u_int32_t http_wait_for_retransmission:1; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int32_t gnutella_stage:2; // 0 - 2 -#endif -#ifdef NDPI_CONTENT_MMS + +/* NDPI_CONTENT_MMS */ u_int32_t mms_stage:2; -#endif -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_sip_comm:1; u_int32_t yahoo_http_proxy_stage:2; -#endif -#ifdef NDPI_PROTOCOL_MSN + +/* NDPI_PROTOCOL_MSN */ u_int32_t msn_stage:3; u_int32_t msn_ssl_ft:2; -#endif -#ifdef NDPI_PROTOCOL_SSH + +/* NDPI_PROTOCOL_SSH */ u_int32_t ssh_stage:3; -#endif -#ifdef NDPI_PROTOCOL_VNC + +/* NDPI_PROTOCOL_VNC */ u_int32_t vnc_stage:2; // 0 - 3 -#endif -#ifdef NDPI_PROTOCOL_TELNET + +/* NDPI_PROTOCOL_TELNET */ u_int32_t telnet_stage:2; // 0 - 2 -#endif -#ifdef NDPI_PROTOCOL_SSL - u_int8_t ssl_stage:2, ssl_seen_client_cert:1, ssl_seen_server_cert:1; // 0 - 5 -#endif -#ifdef NDPI_PROTOCOL_POSTGRES + +/* NDPI_PROTOCOL_SSL */ + u_int8_t ssl_seen_client_cert:1, ssl_seen_server_cert:1, ssl_stage:2; // 0 - 5 + +/* NDPI_PROTOCOL_POSTGRES */ u_int32_t postgres_stage:3; -#endif -#ifdef NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK + +/* NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK */ u_int32_t ddlink_server_direction:1; -#endif u_int32_t seen_syn:1; u_int32_t seen_syn_ack:1; u_int32_t seen_ack:1; -#ifdef NDPI_PROTOCOL_ICECAST + +/* NDPI_PROTOCOL_ICECAST */ u_int32_t icecast_stage:1; -#endif -#ifdef NDPI_PROTOCOL_DOFUS + +/* NDPI_PROTOCOL_DOFUS */ u_int32_t dofus_stage:1; -#endif -#ifdef NDPI_PROTOCOL_FIESTA + +/* NDPI_PROTOCOL_FIESTA */ u_int32_t fiesta_stage:2; -#endif -#ifdef NDPI_PROTOCOL_WORLDOFWARCRAFT + +/* NDPI_PROTOCOL_WORLDOFWARCRAFT */ u_int32_t wow_stage:2; -#endif -#ifdef NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV + +/* NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV */ u_int32_t veoh_tv_stage:2; -#endif -#ifdef NDPI_PROTOCOL_SHOUTCAST + +/* NDPI_PROTOCOL_SHOUTCAST */ u_int32_t shoutcast_stage:2; -#endif -#ifdef NDPI_PROTOCOL_RTP + +/* NDPI_PROTOCOL_RTP */ u_int32_t rtp_special_packets_seen:1; -#endif -#ifdef NDPI_PROTOCOL_MAIL_POP + +/* NDPI_PROTOCOL_MAIL_POP */ u_int32_t mail_pop_stage:2; -#endif -#ifdef NDPI_PROTOCOL_MAIL_IMAP + +/* NDPI_PROTOCOL_MAIL_IMAP */ u_int32_t mail_imap_stage:3, mail_imap_starttls:2; -#endif -#ifdef NDPI_PROTOCOL_SKYPE + +/* NDPI_PROTOCOL_SKYPE */ u_int8_t skype_packet_id; -#endif -#ifdef NDPI_PROTOCOL_CITRIX + +/* NDPI_PROTOCOL_CITRIX */ u_int8_t citrix_packet_id; -#endif -#ifdef NDPI_PROTOCOL_LOTUS_NOTES + +/* NDPI_PROTOCOL_LOTUS_NOTES */ u_int8_t lotus_notes_packet_id; -#endif -#ifdef NDPI_PROTOCOL_TEAMVIEWER + +/* NDPI_PROTOCOL_TEAMVIEWER */ u_int8_t teamviewer_stage; -#endif -#ifdef NDPI_PROTOCOL_ZMQ + +/* NDPI_PROTOCOL_ZMQ */ u_int8_t prev_zmq_pkt_len; u_char prev_zmq_pkt[10]; -#endif -#ifdef NDPI_PROTOCOL_PPSTREAM + +/* NDPI_PROTOCOL_PPSTREAM */ u_int32_t ppstream_stage:3; -#endif + +/* NDPI_PROTOCOL_MEMCACHED */ + u_int8_t memcached_matches; + +/* NDPI_PROTOCOL_NEST_LOG_SINK */ + u_int8_t nest_log_sink_matches; } #ifndef WIN32 __attribute__ ((__packed__)) @@ -611,50 +608,52 @@ struct ndpi_flow_tcp_struct { /* ************************************************** */ struct ndpi_flow_udp_struct { -#ifdef NDPI_PROTOCOL_BATTLEFIELD +/* NDPI_PROTOCOL_BATTLEFIELD */ u_int32_t battlefield_msg_id; -#endif -#ifdef NDPI_PROTOCOL_SNMP + +/* NDPI_PROTOCOL_SNMP */ u_int32_t snmp_msg_id; -#endif -#ifdef NDPI_PROTOCOL_BATTLEFIELD + +/* NDPI_PROTOCOL_BATTLEFIELD */ u_int32_t battlefield_stage:3; -#endif -#ifdef NDPI_PROTOCOL_SNMP + +/* NDPI_PROTOCOL_SNMP */ u_int32_t snmp_stage:2; -#endif -#ifdef NDPI_PROTOCOL_PPSTREAM + +/* NDPI_PROTOCOL_PPSTREAM */ u_int32_t ppstream_stage:3; // 0 - 7 -#endif -#ifdef NDPI_PROTOCOL_HALFLIFE2 + +/* NDPI_PROTOCOL_HALFLIFE2 */ u_int32_t halflife2_stage:2; // 0 - 2 -#endif -#ifdef NDPI_PROTOCOL_TFTP + +/* NDPI_PROTOCOL_TFTP */ u_int32_t tftp_stage:1; -#endif -#ifdef NDPI_PROTOCOL_AIMINI + +/* NDPI_PROTOCOL_AIMINI */ u_int32_t aimini_stage:5; -#endif -#ifdef NDPI_PROTOCOL_XBOX + +/* NDPI_PROTOCOL_XBOX */ u_int32_t xbox_stage:1; -#endif -#ifdef NDPI_PROTOCOL_WINDOWS_UPDATE + +/* NDPI_PROTOCOL_WINDOWS_UPDATE */ u_int32_t wsus_stage:1; -#endif -#ifdef NDPI_PROTOCOL_SKYPE + +/* NDPI_PROTOCOL_SKYPE */ u_int8_t skype_packet_id; -#endif -#ifdef NDPI_PROTOCOL_TEAMVIEWER + +/* NDPI_PROTOCOL_TEAMVIEWER */ u_int8_t teamviewer_stage; -#endif -#ifdef NDPI_PROTOCOL_EAQ + +/* NDPI_PROTOCOL_EAQ */ u_int8_t eaq_pkt_id; u_int32_t eaq_sequence; -#endif -#ifdef NDPI_PROTOCOL_RX + +/* NDPI_PROTOCOL_RX */ u_int32_t rx_conn_epoch; u_int32_t rx_conn_id; -#endif + +/* NDPI_PROTOCOL_MEMCACHED */ + u_int8_t memcached_matches; } #ifndef WIN32 __attribute__ ((__packed__)) @@ -684,7 +683,6 @@ struct ndpi_packet_struct { u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; u_int8_t detected_subprotocol_stack[NDPI_PROTOCOL_SIZE]; - #ifndef WIN32 __attribute__ ((__packed__)) #endif @@ -799,12 +797,23 @@ typedef enum { NDPI_CONTENT_CATEGORY_WINDOWSMEDIA, NDPI_CONTENT_CATEGORY_WEBM, - /* Out custom categories */ - CUSTOM_CATEGORY_MINING = 99, - CUSTOM_CATEGORY_MALWARE = 100, - CUSTOM_CATEGORY_ADVERTISEMENT = 101, - CUSTOM_CATEGORY_BANNED_SITE = 102, - + /* Some custom categories */ + CUSTOM_CATEGORY_MINING = 99, + CUSTOM_CATEGORY_MALWARE = 100, + CUSTOM_CATEGORY_ADVERTISEMENT = 101, + CUSTOM_CATEGORY_BANNED_SITE = 102, + CUSTOM_CATEGORY_SITE_UNAVAILABLE = 103, + + /* + IMPORTANT + + Please keep in sync with + + static const char* categories[] = { ..} + + in ndpi_main.c + */ + NDPI_PROTOCOL_NUM_CATEGORIES /* NOTE: Keep this as last member Unused as value but useful to getting the number of elements @@ -817,13 +826,14 @@ typedef enum { ndpi_pref_dns_dissect_response, ndpi_pref_direction_detect_disable, ndpi_pref_disable_metadata_export, - ndpi_pref_enable_category_substring_match, + ndpi_pref_enable_category_substring_match } ndpi_detection_preference; /* ntop extensions */ typedef struct ndpi_proto_defaults { char *protoName; ndpi_protocol_category_t protoCategory; + u_int8_t can_have_a_subprotocol; u_int16_t protoId, protoIdx; u_int16_t master_tcp_protoId[2], master_udp_protoId[2]; /* The main protocols on which this sub-protocol sits on */ ndpi_protocol_breed_t protoBreed; @@ -842,6 +852,11 @@ typedef struct _ndpi_automa { } ndpi_automa; typedef struct ndpi_proto { + /* + Note + below we do not use ndpi_protocol_id_t as users can define their own + custom protocols and thus the typedef could be too short in size. + */ u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; ndpi_protocol_category_t category; } ndpi_protocol; @@ -851,15 +866,25 @@ typedef struct ndpi_proto { #define NUM_CUSTOM_CATEGORIES 5 #define CUSTOM_CATEGORY_LABEL_LEN 32 +#ifdef NDPI_LIB_COMPILATION + +/* Needed to have access to HAVE_* defines */ +#include "ndpi_config.h" + #ifdef HAVE_HYPERSCAN +#include <hs/hs.h> + struct hs_list { - char *expression; - unsigned int id; - struct hs_list *next; + char *expression; + unsigned int id; + struct hs_list *next; }; -#endif -#ifdef NDPI_LIB_COMPILATION +struct hs { + hs_database_t *database; + hs_scratch_t *scratch; +}; +#endif struct ndpi_detection_module_struct { NDPI_PROTOCOL_BITMASK detection_bitmask; @@ -961,19 +986,21 @@ struct ndpi_detection_module_struct { char ip_string[NDPI_IP_STRING_SIZE]; #endif u_int8_t ip_version_limit; -#ifdef NDPI_PROTOCOL_BITTORRENT +/* NDPI_PROTOCOL_BITTORRENT */ struct hash_ip4p_table *bt_ht; #ifdef NDPI_DETECTION_SUPPORT_IPV6 struct hash_ip4p_table *bt6_ht; #endif -#ifdef BT_ANNOUNCE + +/* BT_ANNOUNCE */ struct bt_announce *bt_ann; int bt_ann_len; -#endif -#endif -#ifdef NDPI_PROTOCOL_TINC + + /* NDPI_PROTOCOL_OOKLA */ + void *ookla_cache; + + /* NDPI_PROTOCOL_TINC */ struct cache *tinc_cache; -#endif ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; @@ -985,7 +1012,8 @@ struct ndpi_detection_module_struct { void *hyperscan; /* Intel Hyperscan */ }; -#endif + +#endif /* NDPI_LIB_COMPILATION */ struct ndpi_flow_struct { u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; @@ -996,7 +1024,6 @@ struct ndpi_flow_struct { /* init parameter, internal used to set up timestamp,... */ u_int16_t guessed_protocol_id, guessed_host_protocol_id, guessed_category; - u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1, check_extra_packets:1; /* @@ -1007,6 +1034,8 @@ struct ndpi_flow_struct { u_int8_t max_extra_packets_to_check; u_int8_t num_extra_packets_checked; + u_int8_t num_processed_pkts; /* <= WARNING it can wrap but we do expect people to giveup earlier */ + int (*extra_packets_func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow); /* @@ -1055,7 +1084,7 @@ struct ndpi_flow_struct { struct { struct { - char client_certificate[48], server_certificate[48]; + char client_certificate[64], server_certificate[64]; } ssl; struct { @@ -1099,97 +1128,94 @@ struct ndpi_flow_struct { /* protocols which have marked a connection as this connection cannot be protocol XXX, multiple u_int64_t */ NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask; - -#ifdef NDPI_PROTOCOL_REDIS + ndpi_protocol_category_t category; + +/* NDPI_PROTOCOL_REDIS */ u_int8_t redis_s2d_first_char, redis_d2s_first_char; -#endif + u_int16_t packet_counter; // can be 0 - 65000 u_int16_t packet_direction_counter[2]; u_int16_t byte_counter[2]; -#ifdef NDPI_PROTOCOL_BITTORRENT +/* NDPI_PROTOCOL_BITTORRENT */ u_int8_t bittorrent_stage; // can be 0 - 255 -#endif -#ifdef NDPI_PROTOCOL_DIRECTCONNECT + +/* NDPI_PROTOCOL_DIRECTCONNECT */ u_int32_t directconnect_stage:2; // 0 - 1 -#endif -#ifdef NDPI_PROTOCOL_SIP -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t sip_yahoo_voice:1; -#endif -#endif -#ifdef NDPI_PROTOCOL_HTTP + +/* NDPI_PROTOCOL_HTTP */ u_int32_t http_detected:1; -#endif -#ifdef NDPI_PROTOCOL_RTSP + +/* NDPI_PROTOCOL_RTSP */ u_int32_t rtsprdt_stage:2; u_int32_t rtsp_control_flow:1; -#endif -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_detection_finished:2; -#endif -#ifdef NDPI_PROTOCOL_ZATTOO + +/* NDPI_PROTOCOL_ZATTOO */ u_int32_t zattoo_stage:3; -#endif -#ifdef NDPI_PROTOCOL_QQ + +/* NDPI_PROTOCOL_QQ */ u_int32_t qq_stage:3; -#endif -#ifdef NDPI_PROTOCOL_THUNDER + +/* NDPI_PROTOCOL_THUNDER */ u_int32_t thunder_stage:2; // 0 - 3 -#endif -#ifdef NDPI_PROTOCOL_OSCAR + +/* NDPI_PROTOCOL_OSCAR */ u_int32_t oscar_ssl_voice_stage:3; u_int32_t oscar_video_voice:1; -#endif -#ifdef NDPI_PROTOCOL_FLORENSIA + +/* NDPI_PROTOCOL_FLORENSIA */ u_int32_t florensia_stage:1; -#endif -#ifdef NDPI_PROTOCOL_SOCKS + +/* NDPI_PROTOCOL_SOCKS */ u_int32_t socks5_stage:2; // 0 - 3 u_int32_t socks4_stage:2; // 0 - 3 -#endif -#ifdef NDPI_PROTOCOL_EDONKEY + +/* NDPI_PROTOCOL_EDONKEY */ u_int32_t edonkey_stage:2; // 0 - 3 -#endif -#ifdef NDPI_PROTOCOL_FTP_CONTROL + +/* NDPI_PROTOCOL_FTP_CONTROL */ u_int32_t ftp_control_stage:2; -#endif -#ifdef NDPI_PROTOCOL_RTMP + +/* NDPI_PROTOCOL_RTMP */ u_int32_t rtmp_stage:2; -#endif -#ifdef NDPI_PROTOCOL_PANDO + +/* NDPI_PROTOCOL_PANDO */ u_int32_t pando_stage:3; -#endif -#ifdef NDPI_PROTOCOL_STEAM + +/* NDPI_PROTOCOL_STEAM */ u_int32_t steam_stage:3; u_int32_t steam_stage1:3; // 0 - 4 u_int32_t steam_stage2:2; // 0 - 2 u_int32_t steam_stage3:2; // 0 - 2 -#endif -#ifdef NDPI_PROTOCOL_PPLIVE + +/* NDPI_PROTOCOL_PPLIVE */ u_int32_t pplive_stage1:3; // 0 - 6 u_int32_t pplive_stage2:2; // 0 - 2 u_int32_t pplive_stage3:2; // 0 - 2 -#endif -#ifdef NDPI_PROTOCOL_STARCRAFT + +/* NDPI_PROTOCOL_STARCRAFT */ u_int32_t starcraft_udp_stage : 3; // 0-7 -#endif -#ifdef NDPI_PROTOCOL_OPENVPN + +/* NDPI_PROTOCOL_OPENVPN */ u_int8_t ovpn_session_id[8]; u_int8_t ovpn_counter; -#endif -#ifdef NDPI_PROTOCOL_TINC + +/* NDPI_PROTOCOL_TINC */ u_int8_t tinc_state; struct tinc_cache_entry tinc_cache_entry; -#endif -#ifdef NDPI_PROTOCOL_CSGO + +/* NDPI_PROTOCOL_CSGO */ u_int8_t csgo_strid[18],csgo_state,csgo_s2; u_int32_t csgo_id2; -#endif -#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) +/* NDPI_PROTOCOL_1KXUN || NDPI_PROTOCOL_IQIYI */ u_int16_t kxun_counter, iqiyi_counter; -#endif /* internal structures to save functions calls */ struct ndpi_packet_struct packet; @@ -1201,7 +1227,7 @@ struct ndpi_flow_struct { typedef struct { char *string_to_match, *string2_to_match, *pattern_to_match, *proto_name; int protocol_id; - ndpi_protocol_category_t proto_category; + ndpi_protocol_category_t protocol_category; ndpi_protocol_breed_t protocol_breed; } ndpi_protocol_match; @@ -1211,4 +1237,10 @@ typedef struct { u_int8_t value; } ndpi_network; -#endif/* __NDPI_TYPEDEFS_H__ */ +typedef struct { + int protocol_id; + ndpi_protocol_category_t protocol_category; + ndpi_protocol_breed_t protocol_breed; +} ndpi_protocol_match_result; + +#endif /* __NDPI_TYPEDEFS_H__ */ |