diff options
| author | Luca Deri <deri@ntop.org> | 2020-05-10 21:25:38 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-05-10 21:25:38 +0200 |
| commit | e5e69d0f7ab382e3507660fe752027c09e32310e (patch) | |
| tree | d75624af11299774d82198a69c512451da9e0b29 /src/include | |
| parent | 39ae57e6a3d93cb91def5d76fc54e89075f01867 (diff) | |
Added the ability to detect when a known protocol is using a non-standard port
Added check to spot executables exchanged via HTTP
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ndpi_api.h.in | 4 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 26 |
2 files changed, 19 insertions, 11 deletions
diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in index 1ba0c1065..bed449f60 100644 --- a/src/include/ndpi_api.h.in +++ b/src/include/ndpi_api.h.in @@ -1029,10 +1029,12 @@ extern "C" { void ndpi_data_print_window_values(struct ndpi_analyze_struct *s); /* debug */ - ndpi_url_risk ndpi_validate_url(char *url); + ndpi_risk ndpi_validate_url(char *url); u_int8_t ndpi_is_protocol_detected(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol proto); + + const char* ndpi_risk2str(ndpi_risk risk); #ifdef __cplusplus } #endif diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index ef3da7cc5..d1536c4da 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -51,11 +51,16 @@ typedef enum { } ndpi_packet_tunnel; typedef enum { - ndpi_url_no_problem = 0, - ndpi_url_possible_xss, - ndpi_url_possible_sql_injection, - ndpi_url_possible_rce_injection -} ndpi_url_risk; + NDPI_NO_RISK = 0, + NDPI_URL_POSSIBLE_XSS, + NDPI_URL_POSSIBLE_SQL_INJECTION, + NDPI_URL_POSSIBLE_RCE_INJECTION, + NDPI_BINARY_APPLICATION_TRANSFER, + NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT, + + /* Leave this as last member */ + NDPI_MAX_RISK +} ndpi_risk; /* NDPI_VISIT */ typedef enum { @@ -941,6 +946,7 @@ typedef struct ndpi_proto_defaults { u_int8_t can_have_a_subprotocol; u_int16_t protoId, protoIdx; u_int16_t master_tcp_protoId[2], master_udp_protoId[2]; /* The main protocols on which this sub-protocol sits on */ + u_int16_t tcp_default_ports[MAX_DEFAULT_PORTS], udp_default_ports[MAX_DEFAULT_PORTS]; ndpi_protocol_breed_t protoBreed; void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow); } ndpi_proto_defaults_t; @@ -1152,7 +1158,10 @@ struct ndpi_flow_struct { struct ndpi_id_struct *server_id; /* HTTP host or DNS query */ u_char host_server_name[240]; - + u_int8_t initial_binary_bytes[8], initial_binary_bytes_len; + u_int8_t risk_checked; + u_int16_t risk; /* Issues found with this flow [bitmask of ndpi_risk] */ + /* This structure below will not not stay inside the protos structure below as HTTP is used by many subprotocols @@ -1342,10 +1351,7 @@ struct ndpi_flow_struct { /* NDPI_PROTOCOL_CSGO */ u_int8_t csgo_strid[18],csgo_state,csgo_s2; u_int32_t csgo_id2; - - /* NDPI_PROTOCOL_1KXUN || NDPI_PROTOCOL_IQIYI */ - u_int16_t kxun_counter, iqiyi_counter; - + /* internal structures to save functions calls */ struct ndpi_packet_struct packet; struct ndpi_flow_struct *flow; |