diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-01-15 17:34:56 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-15 17:34:56 +0100 |
| commit | 20b5f6d7ccec517cf7455911040d114d8c2eba29 (patch) | |
| tree | dc47de252f943a62df3d3545080daa6e382199b5 /src/lib/protocols/apple_push.c | |
| parent | 7f69de0b514082553f3cfaf73afb7d55c626b461 (diff) | |
Improve IPv6 support, enabling IPv6 traffic on (almost) all dissectors. (#1406)
Follow-up of 7cba34a1
Diffstat (limited to 'src/lib/protocols/apple_push.c')
| -rw-r--r-- | src/lib/protocols/apple_push.c | 64 |
1 files changed, 48 insertions, 16 deletions
diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c index 12295d78a..fab5dc85f 100644 --- a/src/lib/protocols/apple_push.c +++ b/src/lib/protocols/apple_push.c @@ -27,26 +27,58 @@ #include "ndpi_api.h" +static int is_apple_push_addr(const struct ndpi_packet_struct *packet) +{ + if(packet->iph) { + /* 17.0.0.0/8 */ + if(((ntohl(packet->iph->saddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000) || + ((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000)) + return 1; + } else if(packet->iphv6) { + /* 2620:149:a44::/48 */ + if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x26200149)) && + ((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a440000))) || + ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x26200149)) && + ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a440000)))) + return 1; + /* 2403:300:a42::/48 */ + if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x24030300)) && + ((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))) || + ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x24030300)) && + ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000)))) + return 1; + /* 2403:300:a51::/48 */ + if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x24030300)) && + ((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a510000))) || + ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x24030300)) && + ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a510000)))) + return 1; + /* 2a01:b740:a42::/48 */ + if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x2a0ab740)) && + ((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))) || + ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x2a0ab740)) && + ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000)))) + return 1; + + } + return 0; +} + + static void ndpi_check_apple_push(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; - if(packet->iph) { - /* https://support.apple.com/en-us/HT203609 */ - if(((ntohl(packet->iph->saddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0/8 */) - || ((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0/8 */)) { - u_int16_t apple_push_port = ntohs(5223); - u_int16_t notification_apn_port = ntohs(2195); - u_int16_t apn_feedback_port = ntohs(2196); + /* https://support.apple.com/en-us/HT203609 */ + if(is_apple_push_addr(packet)) { + u_int16_t apple_push_port = ntohs(5223); + u_int16_t notification_apn_port = ntohs(2197); - if(((packet->tcp->source == apple_push_port) || (packet->tcp->dest == apple_push_port)) - || ((packet->tcp->source == notification_apn_port) || (packet->tcp->dest == notification_apn_port)) - || ((packet->tcp->source == apn_feedback_port) || (packet->tcp->dest == apn_feedback_port)) - ) { - NDPI_LOG_INFO(ndpi_struct, "found apple_push\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); - return; - } + if((packet->tcp->source == apple_push_port) || (packet->tcp->dest == apple_push_port) || + (packet->tcp->source == notification_apn_port) || (packet->tcp->dest == notification_apn_port)) { + NDPI_LOG_INFO(ndpi_struct, "found apple_push\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + return; } } @@ -68,7 +100,7 @@ void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("APPLE_PUSH", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_APPLE_PUSH, ndpi_search_apple_push, - NDPI_SELECTION_BITMASK_PROTOCOL_TCP, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; |