diff options
| author | Vladimir Gavrilov <105977161+0xA50C1A1@users.noreply.github.com> | 2023-11-27 15:10:50 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-27 13:10:50 +0100 |
| commit | 0b6e261523f6d8ff66ae711922fc266bb6baa07c (patch) | |
| tree | d20e9813dea8a27f3dcf678468649510dc08257b /src/lib/protocols/corba.c | |
| parent | da629709f3c07bbd7ffda48be57af7dc56c57d5c (diff) | |
Improve CORBA detection (#2167)
* Improve CORBA detection
* Remove dummy flow from ziop.pcap
* Merge ziop.pcap and miop.pcap into corba.pcap
Diffstat (limited to 'src/lib/protocols/corba.c')
| -rw-r--r-- | src/lib/protocols/corba.c | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/src/lib/protocols/corba.c b/src/lib/protocols/corba.c index aaf3563e6..8aa98babe 100644 --- a/src/lib/protocols/corba.c +++ b/src/lib/protocols/corba.c @@ -26,27 +26,36 @@ #include "ndpi_private.h" static void ndpi_int_corba_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) + *ndpi_struct, struct ndpi_flow_struct *flow) { + NDPI_LOG_INFO(ndpi_struct, "found Corba\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CORBA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static void ndpi_search_corba(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &ndpi_struct->packet; - - NDPI_LOG_DBG(ndpi_struct, "search for CORBA\n"); - if(packet->tcp != NULL) { - NDPI_LOG_DBG2(ndpi_struct, "calculating CORBA over tcp\n"); - /* Corba General Inter-ORB Protocol -> GIOP */ - if(packet->payload_packet_len >= 24 && - memcmp(packet->payload, "GIOP", 4) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found corba\n"); + struct ndpi_packet_struct const * const packet = &ndpi_struct->packet; + + NDPI_LOG_DBG(ndpi_struct, "search for Corba\n"); + + if (packet->tcp != NULL && packet->payload_packet_len >= 24) { + /* General Inter-ORB Protocol -> GIOP + * Zipped Inter-ORB Protocol -> ZIOP */ + if ((memcmp(packet->payload, "GIOP", 4) == 0) || + (memcmp(packet->payload, "ZIOP", 4) == 0)) + { + ndpi_int_corba_add_connection(ndpi_struct, flow); + return; + } + } + else if (packet->udp != NULL && packet->payload_packet_len > 32) { + /* Unreliable Multicast Inter-ORB Protocol -> MIOP */ + if (memcmp(packet->payload, "MIOP", 4) == 0) { ndpi_int_corba_add_connection(ndpi_struct, flow); return; } } - if(flow->packet_counter > 5) - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -55,7 +64,7 @@ void init_corba_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in ndpi_set_bitmask_protocol_detection("Corba", ndpi_struct, *id, NDPI_PROTOCOL_CORBA, ndpi_search_corba, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; |