diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-03-09 22:37:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-09 22:37:35 +0100 |
| commit | 7aee856aa063f7861be7e7fe2970ba014391d9bf (patch) | |
| tree | b02873c5d63cb1ade981a437bbf4c1cfdf19a66f /src/lib/protocols/ipp.c | |
| parent | f646a4bce036edfd26215b5875fe81473dbb175d (diff) | |
Extend tests coverage (#1476)
Now there is at least one flow under `tests/pcap` for 249 protocols out
of the 284 ones supported by nDPI.
The 35 protocols without any tests are:
* P2P/sharing protocols: DIRECT_DOWNLOAD_LINK, OPENFT, FASTTRACK,
EDONKEY, SOPCAST, THUNDER, APPLEJUICE, DIRECTCONNECT, STEALTHNET
* games: CSGO, HALFLIFE2, ARMAGETRON, CROSSFIRE, DOFUS, FIESTA,
FLORENSIA, GUILDWARS, MAPLESTORY, WORLD_OF_KUNG_FU
* voip/streaming: VHUA, ICECAST, SHOUTCAST, TVUPLAYER, TRUPHONE
* other: AYIYA, SOAP, TARGUS_GETDATA, RPC, ZMQ, REDIS, VMWARE, NOE,
LOTUS_NOTES, EGP, SAP
Most of these protocols (expecially the P2P and games ones) have been
inherited by OpenDPI and have not been updated since then: even if they
are still used, the detection rules might be outdated.
However code coverage (of `lib/protocols`) only increases from 65.6% to
68.9%.
Improve Citrix, Corba, Fix, Aimini, Megaco, PPStream, SNMP and Some/IP
dissection.
Treat IPP as a HTTP sub protocol.
Fix Cassandra false positives.
Remove `NDPI_PROTOCOL_QQLIVE` and `NDPI_PROTOCOL_REMOTE_SCAN`:
these protocol ids are defined but they are never used.
Remove Collectd support: its code has never been called. If someone is
really interested in this protocol, we can re-add it later, updating the
dissector.
Add decoding of PPI (Per-Packet Information) data link type.
Diffstat (limited to 'src/lib/protocols/ipp.c')
| -rw-r--r-- | src/lib/protocols/ipp.c | 81 |
1 files changed, 13 insertions, 68 deletions
diff --git a/src/lib/protocols/ipp.c b/src/lib/protocols/ipp.c index 57edee6ad..546bfaea3 100644 --- a/src/lib/protocols/ipp.c +++ b/src/lib/protocols/ipp.c @@ -30,83 +30,28 @@ static void ndpi_int_ipp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */) + struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IPP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_IPP, NDPI_CONFIDENCE_DPI); } void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &ndpi_struct->packet; - u_int8_t i; + struct ndpi_packet_struct *packet = &ndpi_struct->packet; - NDPI_LOG_DBG(ndpi_struct, "search ipp\n"); + NDPI_LOG_DBG(ndpi_struct, "search ipp\n"); - if (packet->payload_packet_len > 20) { + /* Treat IPP as a HTTP sub-protocol */ - NDPI_LOG_DBG2(ndpi_struct, - "searching for a payload with a pattern like 'number(1to8)blanknumber(1to3)ipp://.\n"); - /* this pattern means that there is a printer saying that his state is idle, - * means that he is not printing anything at the moment */ - i = 0; + if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP && + flow->http.method == NDPI_HTTP_METHOD_POST && + LINE_STARTS(packet->http_url_name, "/ipp/") == 1) { + NDPI_LOG_INFO(ndpi_struct, "found ipp\n"); + ndpi_int_ipp_add_connection(ndpi_struct, flow); + return; + } - if (packet->payload[i] < '0' || packet->payload[i] > '9') { - NDPI_LOG_DBG2(ndpi_struct, "payload does not begin with a number\n"); - goto search_for_next_pattern; - } - - for (;;) { - i++; - if (!((packet->payload[i] >= '0' && packet->payload[i] <= '9') || - (packet->payload[i] >= 'a' && packet->payload[i] <= 'f') || - (packet->payload[i] >= 'A' && packet->payload[i] <= 'F')) || i > 8) { - NDPI_LOG_DBG2(ndpi_struct, - "read symbols while the symbol is a number.\n"); - break; - } - } - - if (packet->payload[i++] != ' ') { - NDPI_LOG_DBG2(ndpi_struct, "there is no blank following the number\n"); - goto search_for_next_pattern; - } - - if (packet->payload[i] < '0' || packet->payload[i] > '9') { - NDPI_LOG_DBG2(ndpi_struct, "no number following the blank\n"); - goto search_for_next_pattern; - } - - for (;;) { - i++; - if (packet->payload[i] < '0' || packet->payload[i] > '9' || i > 12) { - NDPI_LOG_DBG2(ndpi_struct, - "read symbols while the symbol is a number.\n"); - break; - } - } - - if (memcmp(&packet->payload[i], " ipp://", 7) != 0) { - NDPI_LOG_DBG2(ndpi_struct, "the string ' ipp://' does not follow\n"); - goto search_for_next_pattern; - } - - NDPI_LOG_INFO(ndpi_struct, "found ipp\n"); - ndpi_int_ipp_add_connection(ndpi_struct, flow); - return; - } - - search_for_next_pattern: - - if (packet->payload_packet_len > 3 && memcmp(packet->payload, "POST", 4) == 0) { - ndpi_parse_packet_line_info(ndpi_struct, flow); - if (packet->content_line.ptr != NULL && packet->content_line.len > 14 - && memcmp(packet->content_line.ptr, "application/ipp", 15) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found ipp via POST ... application/ipp\n"); - ndpi_int_ipp_add_connection(ndpi_struct, flow); - return; - } - } - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } |