diff options
| author | Sorin Zamfir <sorin.zamfir@yahoo.com> | 2016-02-18 21:36:06 +0200 |
|---|---|---|
| committer | Sorin Zamfir <sorin.zamfir@yahoo.com> | 2016-02-18 21:36:06 +0200 |
| commit | 7d3ab6d0b4284a76232ce82233db14c581b37332 (patch) | |
| tree | 95e256fa952d355709929030611fae27492de2e9 /src/lib/protocols/mqtt.c | |
| parent | 237102b5f2ee0229447c95bf10de450d6ed33428 (diff) | |
Some filtering applied. Not yet functional.
Diffstat (limited to 'src/lib/protocols/mqtt.c')
| -rw-r--r-- | src/lib/protocols/mqtt.c | 59 |
1 files changed, 57 insertions, 2 deletions
diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c index 3c677dc9c..9aec23504 100644 --- a/src/lib/protocols/mqtt.c +++ b/src/lib/protocols/mqtt.c @@ -23,6 +23,29 @@ #include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_MQTT + +/** + * The type of control messages in mqtt version 3.1.1 + * see http://docs.oasis-open.org/mqtt/mqtt/v3.1.1 + */ +enum MQTT_PACKET_TYPES { + CONNECT = 1, + CONNACK = 2, + PUBLISH = 3, + PUBACK = 4, + PUBREC = 5, + PUBREL = 6, + PUBCOMP = 7, + SUBSCRIBE = 8, + SUBACK = 9, + UNSUBSCRIBE = 10, + UNSUBACK = 11, + PINGREQ = 12, + PINGRESP = 13, + DISCONNECT = 14 +}; + + /** * Entry point when protocol is identified. */ @@ -53,12 +76,44 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } - u_int8_t pt = (u_int8_t) (packet->payload[0]); + // we first extract the packet type + u_int8_t pt = (u_int8_t) ((packet->payload[0] & 0xF0) >> 4); + if ((pt == 0) || (pt == 15)) { + NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. invalid packet type!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); + return; + } + u_int8_t flags = (u_int8_t) (packet->payload[0] & 0x0F); + if ((((pt == CONNECT) || (pt == CONNACK) || (pt == PUBACK) || (pt == PUBREC) || (pt == PUBCOMP) || + (pt = SUBACK) || (pt == UNSUBACK) || (pt == PINGREQ) || (pt == PINGRESP) || (pt == DISCONNECT))) && (flags != 0)) + { + NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); + return; + } + if (((pt == PUBREL) || (pt == SUBSCRIBE) || (pt == UNSUBSCRIBE)) && (flags != 2)) { + NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); + return; + } + if ((pt == PUBLISH) && ((flags & 0x06) == 6)) // QoS combination + { + NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); + return; + } + // we have reached this point without any serious errors +// switch (pt) { +// case CONNECT: +// +// break; +// default: +// break; +// } NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt ...\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; - //TODO } /** * Entry point for the ndpi library |