Improved DNS traffic analysis

Added ability to identify application and network protocols
author: Luca Deri <deri@ntop.org> 2022-06-13 23:19:47 +0200
committer: Luca Deri <deri@ntop.org> 2022-06-13 23:19:47 +0200
commit: cf5873ffd72ba8b530429bda3c8931f9ada33747 (patch)
tree: b41586b7fcd1f8e7291c0e348f57f2d0b532ef20 /src/lib/protocols/aimini.c
parent: 32428026d6dbcf7ee36aa3c882056b869b593d65 (diff)
1 files changed, 200 insertions, 200 deletions
diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c
index 2c42b1a41..297d180bc 100644
--- a/src/lib/protocols/aimini.c
+++ b/src/lib/protocols/aimini.c
@@ -39,220 +39,220 @@ static void ndpi_int_aimini_add_connection(struct ndpi_detection_module_struct *
 
 void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
 {
-	struct ndpi_packet_struct *packet = &ndpi_struct->packet;
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
 
-	NDPI_LOG_DBG(ndpi_struct, "search aimini\n");
+  NDPI_LOG_DBG(ndpi_struct, "search aimini\n");
 
-	if (packet->udp != NULL) {
-		if (flow->l4.udp.aimini_stage == 0) {
-			if (packet->payload_packet_len == 64 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010b) {
-				flow->l4.udp.aimini_stage = 1;
-				NDPI_LOG_DBG2(ndpi_struct, "stage = 1\n");
-				return;
-			}
-			if (packet->payload_packet_len == 136
-				&& (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9 || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)) {
-				flow->l4.udp.aimini_stage = 4;
-				NDPI_LOG_DBG2(ndpi_struct, "stage = 4\n");
-				return;
-			}
-			if (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101) {
-				flow->l4.udp.aimini_stage = 7;
-				NDPI_LOG_DBG2(ndpi_struct, "stage = 7\n");
-				return;
-			}
-			if (packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102) {
-				flow->l4.udp.aimini_stage = 10;
-				NDPI_LOG_DBG2(ndpi_struct, "stage = 10\n");
-				return;
-			}
-			if (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca) {
-				flow->l4.udp.aimini_stage = 13;
-				NDPI_LOG_DBG2(ndpi_struct, "stage = 13\n");
-				return;
-			}
-			if (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c) {
-				flow->l4.udp.aimini_stage = 16;
-				NDPI_LOG_DBG2(ndpi_struct, "stage = 16\n");
-				return;
-			}
-		}
-		/* first packet chronology: (len, value): (64, 0x010b), (>100, 0x0115), (16, 0x010c || 64, 0x010b || 88, 0x0115),
-		 * (16, 0x010c || 64, 0x010b || >100, 0x0115)
-		 */
-		if (flow->l4.udp.aimini_stage == 1 && packet->payload_packet_len > 100
-			&& ntohs(get_u_int16_t(packet->payload, 0)) == 0x0115) {
-			flow->l4.udp.aimini_stage = 2;
-			NDPI_LOG_DBG2(ndpi_struct, "stage = 2\n");
-			return;
-		}
-		if (flow->l4.udp.aimini_stage == 2 &&
-			((packet->payload_packet_len == 16 && get_u_int16_t(packet->payload, 0) == htons(0x010c)) ||
-			 (packet->payload_packet_len == 64 && get_u_int16_t(packet->payload, 0) == htons(0x010b)) ||
-			 (packet->payload_packet_len == 88 && get_u_int16_t(packet->payload, 0) == ntohs(0x0115)))) {
-			flow->l4.udp.aimini_stage = 3;
-			NDPI_LOG_DBG2(ndpi_struct, "stage = 3\n");
-			return;
-		}
-		if (flow->l4.udp.aimini_stage == 3
-			&& ((packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)
-				|| (packet->payload_packet_len == 64 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010b)
-				|| (packet->payload_packet_len > 100 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0115))) {
-			NDPI_LOG_INFO(ndpi_struct, "found aimini (64, 0x010b), (>300, 0x0115), "
-					"(16, 0x010c || 64, 0x010b), (16, 0x010c || 64, 0x010b || >100, 0x0115).\n");
-			ndpi_int_aimini_add_connection(ndpi_struct, flow);
-			return;
-		}
+  if (packet->udp != NULL) {
+    if (flow->l4.udp.aimini_stage == 0) {
+      if (packet->payload_packet_len == 64 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010b) {
+	flow->l4.udp.aimini_stage = 1;
+	NDPI_LOG_DBG2(ndpi_struct, "stage = 1\n");
+	return;
+      }
+      if (packet->payload_packet_len == 136
+	  && (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9 || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)) {
+	flow->l4.udp.aimini_stage = 4;
+	NDPI_LOG_DBG2(ndpi_struct, "stage = 4\n");
+	return;
+      }
+      if (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101) {
+	flow->l4.udp.aimini_stage = 7;
+	NDPI_LOG_DBG2(ndpi_struct, "stage = 7\n");
+	return;
+      }
+      if (packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102) {
+	flow->l4.udp.aimini_stage = 10;
+	NDPI_LOG_DBG2(ndpi_struct, "stage = 10\n");
+	return;
+      }
+      if (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca) {
+	flow->l4.udp.aimini_stage = 13;
+	NDPI_LOG_DBG2(ndpi_struct, "stage = 13\n");
+	return;
+      }
+      if (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c) {
+	flow->l4.udp.aimini_stage = 16;
+	NDPI_LOG_DBG2(ndpi_struct, "stage = 16\n");
+	return;
+      }
+    }
+    /* first packet chronology: (len, value): (64, 0x010b), (>100, 0x0115), (16, 0x010c || 64, 0x010b || 88, 0x0115),
+     * (16, 0x010c || 64, 0x010b || >100, 0x0115)
+     */
+    if (flow->l4.udp.aimini_stage == 1 && packet->payload_packet_len > 100
+	&& ntohs(get_u_int16_t(packet->payload, 0)) == 0x0115) {
+      flow->l4.udp.aimini_stage = 2;
+      NDPI_LOG_DBG2(ndpi_struct, "stage = 2\n");
+      return;
+    }
+    if (flow->l4.udp.aimini_stage == 2 &&
+	((packet->payload_packet_len == 16 && get_u_int16_t(packet->payload, 0) == htons(0x010c)) ||
+	 (packet->payload_packet_len == 64 && get_u_int16_t(packet->payload, 0) == htons(0x010b)) ||
+	 (packet->payload_packet_len == 88 && get_u_int16_t(packet->payload, 0) == ntohs(0x0115)))) {
+      flow->l4.udp.aimini_stage = 3;
+      NDPI_LOG_DBG2(ndpi_struct, "stage = 3\n");
+      return;
+    }
+    if (flow->l4.udp.aimini_stage == 3
+	&& ((packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)
+	    || (packet->payload_packet_len == 64 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010b)
+	    || (packet->payload_packet_len > 100 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0115))) {
+      NDPI_LOG_INFO(ndpi_struct, "found aimini (64, 0x010b), (>300, 0x0115), "
+		    "(16, 0x010c || 64, 0x010b), (16, 0x010c || 64, 0x010b || >100, 0x0115).\n");
+      ndpi_int_aimini_add_connection(ndpi_struct, flow);
+      return;
+    }
 
-		/* second packet chronology: (len, value): (136, 0x01c9), (136, 0x01c9),(136, 0x01c9),(136, 0x01c9 || 32, 0x01ca) */
+    /* second packet chronology: (len, value): (136, 0x01c9), (136, 0x01c9),(136, 0x01c9),(136, 0x01c9 || 32, 0x01ca) */
 
-		if (flow->l4.udp.aimini_stage == 4 && packet->payload_packet_len == 136
-			&& (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9 || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)) {
-			flow->l4.udp.aimini_stage = 5;
-			NDPI_LOG_DBG2(ndpi_struct, "stage = 5\n");
-			return;
-		}
-		if (flow->l4.udp.aimini_stage == 5 && (packet->payload_packet_len == 136
-											   && (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9
-												   || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165))) {
-			flow->l4.udp.aimini_stage = 6;
-			NDPI_LOG_DBG2(ndpi_struct, "stage = 6\n");
-			return;
-		}
-		if (flow->l4.udp.aimini_stage == 6 && ((packet->payload_packet_len == 136
-												&& ((ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)
-													|| ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9))
-											   || (packet->payload_packet_len == 32
-												   && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) {
-			NDPI_LOG_INFO(ndpi_struct,
-					"found aimini (136, 0x01c9), (136, 0x01c9)," "(136, 0x01c9),(136, 0x01c9 || 32, 0x01ca).\n");
-			ndpi_int_aimini_add_connection(ndpi_struct, flow);
-			return;
-		}
+    if (flow->l4.udp.aimini_stage == 4 && packet->payload_packet_len == 136
+	&& (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9 || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)) {
+      flow->l4.udp.aimini_stage = 5;
+      NDPI_LOG_DBG2(ndpi_struct, "stage = 5\n");
+      return;
+    }
+    if (flow->l4.udp.aimini_stage == 5 && (packet->payload_packet_len == 136
+					   && (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9
+					       || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165))) {
+      flow->l4.udp.aimini_stage = 6;
+      NDPI_LOG_DBG2(ndpi_struct, "stage = 6\n");
+      return;
+    }
+    if (flow->l4.udp.aimini_stage == 6 && ((packet->payload_packet_len == 136
+					    && ((ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)
+						|| ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9))
+					   || (packet->payload_packet_len == 32
+					       && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) {
+      NDPI_LOG_INFO(ndpi_struct,
+		    "found aimini (136, 0x01c9), (136, 0x01c9)," "(136, 0x01c9),(136, 0x01c9 || 32, 0x01ca).\n");
+      ndpi_int_aimini_add_connection(ndpi_struct, flow);
+      return;
+    }
 
-		/* third packet chronology: (len, value): (88, 0x0101), (88, 0x0101),(88, 0x0101),(88, 0x0101) */
+    /* third packet chronology: (len, value): (88, 0x0101), (88, 0x0101),(88, 0x0101),(88, 0x0101) */
 
-		if (flow->l4.udp.aimini_stage == 7 && packet->payload_packet_len == 88
-			&& ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101) {
-			flow->l4.udp.aimini_stage = 8;
-			NDPI_LOG_DBG2(ndpi_struct, "stage = 8\n");
-			return;
-		}
-		if (flow->l4.udp.aimini_stage == 8
-			&& (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101)) {
-			flow->l4.udp.aimini_stage = 9;
-			NDPI_LOG_DBG2(ndpi_struct, "stage = 9\n");
-			return;
-		}
-		if (flow->l4.udp.aimini_stage == 9
-			&& (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101)) {
-			NDPI_LOG_INFO(ndpi_struct,
-					"found aimini (88, 0x0101), (88, 0x0101)," "(88, 0x0101),(88, 0x0101).\n");
-			ndpi_int_aimini_add_connection(ndpi_struct, flow);
-			return;
-		}
+    if (flow->l4.udp.aimini_stage == 7 && packet->payload_packet_len == 88
+	&& ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101) {
+      flow->l4.udp.aimini_stage = 8;
+      NDPI_LOG_DBG2(ndpi_struct, "stage = 8\n");
+      return;
+    }
+    if (flow->l4.udp.aimini_stage == 8
+	&& (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101)) {
+      flow->l4.udp.aimini_stage = 9;
+      NDPI_LOG_DBG2(ndpi_struct, "stage = 9\n");
+      return;
+    }
+    if (flow->l4.udp.aimini_stage == 9
+	&& (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101)) {
+      NDPI_LOG_INFO(ndpi_struct,
+		    "found aimini (88, 0x0101), (88, 0x0101)," "(88, 0x0101),(88, 0x0101).\n");
+      ndpi_int_aimini_add_connection(ndpi_struct, flow);
+      return;
+    }
 
-		/* fourth packet chronology: (len, value): (104, 0x0102), (104, 0x0102), (104, 0x0102), (104, 0x0102) */
+    /* fourth packet chronology: (len, value): (104, 0x0102), (104, 0x0102), (104, 0x0102), (104, 0x0102) */
 
-		if (flow->l4.udp.aimini_stage == 10 && packet->payload_packet_len == 104
-			&& ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102) {
-			flow->l4.udp.aimini_stage = 11;
-			NDPI_LOG_DBG2(ndpi_struct, "stage = 11\n");
-			return;
-		}
-		if (flow->l4.udp.aimini_stage == 11
-			&& (packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102)) {
-			flow->l4.udp.aimini_stage = 12;
-			NDPI_LOG_DBG2(ndpi_struct, "stage = 12\n");
-			return;
-		}
-		if (flow->l4.udp.aimini_stage == 12
-			&& ((packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102)
-				|| (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) {
-			NDPI_LOG_INFO(ndpi_struct,
-					"found aimini (104, 0x0102), (104, 0x0102), " "(104, 0x0102), (104, 0x0102).\n");
-			ndpi_int_aimini_add_connection(ndpi_struct, flow);
-			return;
-		}
+    if (flow->l4.udp.aimini_stage == 10 && packet->payload_packet_len == 104
+	&& ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102) {
+      flow->l4.udp.aimini_stage = 11;
+      NDPI_LOG_DBG2(ndpi_struct, "stage = 11\n");
+      return;
+    }
+    if (flow->l4.udp.aimini_stage == 11
+	&& (packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102)) {
+      flow->l4.udp.aimini_stage = 12;
+      NDPI_LOG_DBG2(ndpi_struct, "stage = 12\n");
+      return;
+    }
+    if (flow->l4.udp.aimini_stage == 12
+	&& ((packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102)
+	    || (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) {
+      NDPI_LOG_INFO(ndpi_struct,
+		    "found aimini (104, 0x0102), (104, 0x0102), " "(104, 0x0102), (104, 0x0102).\n");
+      ndpi_int_aimini_add_connection(ndpi_struct, flow);
+      return;
+    }
 
-		/* fifth packet chronology (len, value): (32,0x01ca), (32,0x01ca), (32,0x01ca), ((136, 0x0166) || (32,0x01ca)) */
+    /* fifth packet chronology (len, value): (32,0x01ca), (32,0x01ca), (32,0x01ca), ((136, 0x0166) || (32,0x01ca)) */
 
-		if (flow->l4.udp.aimini_stage == 13 && packet->payload_packet_len == 32
-			&& ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca) {
-			flow->l4.udp.aimini_stage = 14;
-			NDPI_LOG_DBG2(ndpi_struct, "stage = 14\n");
-			return;
-		}
-		if (flow->l4.udp.aimini_stage == 14
-			&& ((packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca)
-				|| (packet->payload_packet_len == 136 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0166))) {
-			flow->l4.udp.aimini_stage = 15;
-			NDPI_LOG_DBG2(ndpi_struct, "stage = 15\n");
-			return;
-		}
-		if (flow->l4.udp.aimini_stage == 15
-			&& ((packet->payload_packet_len == 136 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0166)
-				|| (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) {
-			NDPI_LOG_INFO(ndpi_struct,
-					"found aimini (32,0x01ca), (32,0x01ca), (32,0x01ca), ((136, 0x0166)||(32,0x01ca)).\n");
-			ndpi_int_aimini_add_connection(ndpi_struct, flow);
-			return;
-		}
+    if (flow->l4.udp.aimini_stage == 13 && packet->payload_packet_len == 32
+	&& ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca) {
+      flow->l4.udp.aimini_stage = 14;
+      NDPI_LOG_DBG2(ndpi_struct, "stage = 14\n");
+      return;
+    }
+    if (flow->l4.udp.aimini_stage == 14
+	&& ((packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca)
+	    || (packet->payload_packet_len == 136 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0166))) {
+      flow->l4.udp.aimini_stage = 15;
+      NDPI_LOG_DBG2(ndpi_struct, "stage = 15\n");
+      return;
+    }
+    if (flow->l4.udp.aimini_stage == 15
+	&& ((packet->payload_packet_len == 136 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0166)
+	    || (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) {
+      NDPI_LOG_INFO(ndpi_struct,
+		    "found aimini (32,0x01ca), (32,0x01ca), (32,0x01ca), ((136, 0x0166)||(32,0x01ca)).\n");
+      ndpi_int_aimini_add_connection(ndpi_struct, flow);
+      return;
+    }
 
-		/* sixth packet chronology (len, value): (16, 0x010c), (16, 0x010c), (16, 0x010c), (16, 0x010c) */
+    /* sixth packet chronology (len, value): (16, 0x010c), (16, 0x010c), (16, 0x010c), (16, 0x010c) */
 
-		if (flow->l4.udp.aimini_stage == 16 && packet->payload_packet_len == 16
-			&& ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c) {
-			flow->l4.udp.aimini_stage = 17;
-			NDPI_LOG_DBG2(ndpi_struct, "stage = 17\n");
-			return;
-		}
-		if (flow->l4.udp.aimini_stage == 17
-			&& (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)) {
-			flow->l4.udp.aimini_stage = 18;
-			NDPI_LOG_DBG2(ndpi_struct, "stage = 18\n");
-			return;
-		}
-		if (flow->l4.udp.aimini_stage == 18
-			&& (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)) {
-			NDPI_LOG_INFO(ndpi_struct,
-					"found aimini (16, 0x010c), (16, 0x010c), (16, 0x010c), (16, 0x010c).\n");
-			ndpi_int_aimini_add_connection(ndpi_struct, flow);
-			return;
-		}
-	}
+    if (flow->l4.udp.aimini_stage == 16 && packet->payload_packet_len == 16
+	&& ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c) {
+      flow->l4.udp.aimini_stage = 17;
+      NDPI_LOG_DBG2(ndpi_struct, "stage = 17\n");
+      return;
+    }
+    if (flow->l4.udp.aimini_stage == 17
+	&& (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)) {
+      flow->l4.udp.aimini_stage = 18;
+      NDPI_LOG_DBG2(ndpi_struct, "stage = 18\n");
+      return;
+    }
+    if (flow->l4.udp.aimini_stage == 18
+	&& (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)) {
+      NDPI_LOG_INFO(ndpi_struct,
+		    "found aimini (16, 0x010c), (16, 0x010c), (16, 0x010c), (16, 0x010c).\n");
+      ndpi_int_aimini_add_connection(ndpi_struct, flow);
+      return;
+    }
+  }
 
-	if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP) {
-		if (flow->http.method == NDPI_HTTP_METHOD_GET)
-		{
-			if ((LINE_STARTS(packet->http_url_name, "/download/") == 1 ||
-			     LINE_STARTS(packet->http_url_name, "/player/") == 1 ||
-			     LINE_STARTS(packet->http_url_name, "/webcounter/") == 1 ||
-			     LINE_STARTS(packet->http_url_name, "/play/") == 1 ||
-			     LINE_STARTS(packet->http_url_name, "/search/") == 1 ||
-		             LINE_STARTS(packet->http_url_name, "/member/") == 1) &&
-			    (LINE_ENDS(packet->host_line, ".aimini.net") == 1 ||
-                 LINE_ENDS(packet->host_line, ".aimini.com") == 1))
-			{
-				NDPI_LOG_INFO(ndpi_struct, "found AIMINI HTTP traffic\n");
-				ndpi_int_aimini_add_connection(ndpi_struct, flow);
-				return;
-			}
-		} else if (flow->http.method == NDPI_HTTP_METHOD_POST)
-		{
-			if ((LINE_STARTS(packet->http_url_name, "/upload/") == 1 ||
-			     LINE_STARTS(packet->http_url_name, "/member/") == 1) &&
-			    (LINE_ENDS(packet->host_line, ".aimini.net") == 1 ||
-			     LINE_ENDS(packet->host_line, ".aimini.com") == 1))
-			{
-				NDPI_LOG_INFO(ndpi_struct, "found AIMINI HTTP traffic\n");
-				ndpi_int_aimini_add_connection(ndpi_struct, flow);
-				return;
-			}
-		}
-	}
+  if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP) {
+    if (flow->http.method == NDPI_HTTP_METHOD_GET)
+      {
+	if ((LINE_STARTS(packet->http_url_name, "/download/") == 1 ||
+	     LINE_STARTS(packet->http_url_name, "/player/") == 1 ||
+	     LINE_STARTS(packet->http_url_name, "/webcounter/") == 1 ||
+	     LINE_STARTS(packet->http_url_name, "/play/") == 1 ||
+	     LINE_STARTS(packet->http_url_name, "/search/") == 1 ||
+	     LINE_STARTS(packet->http_url_name, "/member/") == 1) &&
+	    (LINE_ENDS(packet->host_line, ".aimini.net") == 1 ||
+	     LINE_ENDS(packet->host_line, ".aimini.com") == 1))
+	  {
+	    NDPI_LOG_INFO(ndpi_struct, "found AIMINI HTTP traffic\n");
+	    ndpi_int_aimini_add_connection(ndpi_struct, flow);
+	    return;
+	  }
+      } else if (flow->http.method == NDPI_HTTP_METHOD_POST)
+      {
+	if ((LINE_STARTS(packet->http_url_name, "/upload/") == 1 ||
+	     LINE_STARTS(packet->http_url_name, "/member/") == 1) &&
+	    (LINE_ENDS(packet->host_line, ".aimini.net") == 1 ||
+	     LINE_ENDS(packet->host_line, ".aimini.com") == 1))
+	  {
+	    NDPI_LOG_INFO(ndpi_struct, "found AIMINI HTTP traffic\n");
+	    ndpi_int_aimini_add_connection(ndpi_struct, flow);
+	    return;
+	  }
+      }
+  }
 
-	NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
 
 }
author	Luca Deri <deri@ntop.org>	2022-06-13 23:19:47 +0200
committer	Luca Deri <deri@ntop.org>	2022-06-13 23:19:47 +0200
commit	cf5873ffd72ba8b530429bda3c8931f9ada33747 (patch)
tree	b41586b7fcd1f8e7291c0e348f57f2d0b532ef20 /src/lib/protocols/aimini.c
parent	32428026d6dbcf7ee36aa3c882056b869b593d65 (diff)