aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols/netbios.c
diff options
context:
space:
mode:
authorVitaly Lavrov <vel21ripn@gmail.com>2017-10-14 14:38:48 +0300
committerVitaly Lavrov <vel21ripn@gmail.com>2017-10-26 20:41:22 +0300
commit2787c2390cdd7129c2dcf50b0d4990d3f7d1bccc (patch)
treedb110f640b9c1de43a0a64a43974ea90776c6588 /src/lib/protocols/netbios.c
parent4f72b954da705f8d54a9dd61eae46b2b36b24dc0 (diff)
Refactoring the debugging output.
levels of debug output: 0 - ERROR: Only for errors. 1 - TRACE: Start of each packets and if found protocol. 2 - DEBUG: Start of searching each protocol and excluding protocols. 3 - DEBUG_EXTRA: For all other messages. Added field ndpi_struct->debug_logging for enable debug output of each protocols. Simple macros for debugging output are added: NDPI_LOG_ERR(), NDPI_LOG_INFO(), NDPI_LOG_DBG(), NDPI_LOG_DBG2(), NDPI_EXCLUDE_PROTO()
Diffstat (limited to 'src/lib/protocols/netbios.c')
-rw-r--r--src/lib/protocols/netbios.c89
1 files changed, 38 insertions, 51 deletions
diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c
index c899086eb..d10a33b1a 100644
--- a/src/lib/protocols/netbios.c
+++ b/src/lib/protocols/netbios.c
@@ -23,10 +23,15 @@
*/
-#include "ndpi_protocols.h"
+#include "ndpi_protocol_ids.h"
#ifdef NDPI_PROTOCOL_NETBIOS
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NETBIOS
+
+#include "ndpi_api.h"
+
+
struct netbios_header {
u_int16_t transaction_id, flags, questions, answer_rrs, authority_rrs, additional_rrs;
};
@@ -81,10 +86,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
u_int16_t dport;
char name[64];
+ NDPI_LOG_DBG(ndpi_struct, "search netbios\n");
if(packet->udp != NULL) {
dport = ntohs(packet->udp->dest);
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "netbios udp start\n");
/*check standard NETBIOS over udp to port 137 */
if((dport == 137 || 0) && packet->payload_packet_len >= 50) {
@@ -95,16 +100,14 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
h.questions = ntohs(h.questions), h.answer_rrs = ntohs(h.answer_rrs),
h.authority_rrs = ntohs(h.authority_rrs), h.additional_rrs = ntohs(h.additional_rrs);
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG, "found netbios port 137 and payload_packet_len 50\n");
+ NDPI_LOG_DBG(ndpi_struct, "found netbios port 137 and payload_packet_len 50\n");
if(h.flags == 0 &&
h.questions == 1 &&
h.answer_rrs == 0 &&
h.authority_rrs == 0 && h.additional_rrs == 0) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 \n");
+ NDPI_LOG_INFO(ndpi_struct, "found netbios with questions = 1 and answers = 0, authority = 0 \n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
return;
@@ -114,8 +117,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
h.answer_rrs == 0 &&
h.authority_rrs == 0) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 and broadcast \n");
+ NDPI_LOG_INFO(ndpi_struct, "found netbios with questions = 1 and answers = 0, authority = 0 and broadcast \n");
if(ndpi_netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0)
snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name);
@@ -128,8 +130,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
h.answer_rrs == 0 &&
h.authority_rrs == 0 && h.additional_rrs == 1) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers, authority, additional = 0 \n");
+ NDPI_LOG_INFO(ndpi_struct, "found netbios with questions = 1 and answers, authority, additional = 0 \n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
return;
@@ -139,8 +140,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
h.answer_rrs == 0 &&
h.authority_rrs == 0 && h.additional_rrs == 1) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 \n");
+ NDPI_LOG_INFO(ndpi_struct, "found netbios with questions = 1 and answers = 0, authority = 0 \n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
return;
@@ -150,8 +150,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
h.answer_rrs == 1 &&
h.authority_rrs == 0 && h.additional_rrs == 0) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG,
+ NDPI_LOG_INFO(ndpi_struct,
"found netbios with flag 8400 questions = 0 and answers = 1, authority, additional = 0 \n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
@@ -162,8 +161,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
h.answer_rrs == 1 &&
h.authority_rrs == 0 && h.additional_rrs == 0) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG,
+ NDPI_LOG_INFO(ndpi_struct,
"found netbios with flag 8500 questions = 0 and answers = 1, authority, additional = 0 \n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
@@ -174,8 +172,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
h.answer_rrs == 0 &&
h.authority_rrs == 0 && h.additional_rrs == 1) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG,
+ NDPI_LOG_INFO(ndpi_struct,
"found netbios with flag 2910, questions = 1 and answers, authority=0, additional = 1 \n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
@@ -186,8 +183,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
h.answer_rrs == 1 &&
h.authority_rrs == 0 && h.additional_rrs == 0) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG,
+ NDPI_LOG_INFO(ndpi_struct,
"found netbios with flag ad86 questions = 0 and answers = 1, authority, additional = 0 \n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
@@ -198,8 +194,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
h.answer_rrs == 0 &&
h.authority_rrs == 0 && h.additional_rrs == 0) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG,
+ NDPI_LOG_INFO(ndpi_struct,
"found netbios with flag 0110 questions = 1 and answers = 0, authority, additional = 0 \n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
@@ -208,7 +203,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
if((h.flags & 0xf800) == 0) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query request\n");
+ NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query request\n");
if(get_u_int16_t(packet->payload, 4) == htons(1) &&
get_u_int16_t(packet->payload, 6) == 0 &&
@@ -217,12 +212,12 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
/* name is encoded as described in rfc883 */
u_int8_t name_length = packet->payload[12];
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_DBG2(ndpi_struct,
"possible netbios name query request, one question\n");
if(packet->payload_packet_len == 12 + 1 + name_length + 1 + 2 + 2) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_DBG2(ndpi_struct,
"possible netbios name query request, length matches\n");
/* null terminated? */
@@ -230,7 +225,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0020) &&
get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_INFO(ndpi_struct,
"found netbios name query request\n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
return;
@@ -238,7 +233,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
}
}
} else if((h.flags & 0xf800) == 0x8000) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_DBG2(ndpi_struct,
"possible netbios name query response\n");
if(get_u_int16_t(packet->payload, 4) == 0 &&
@@ -248,12 +243,12 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
/* name is encoded as described in rfc883 */
u_int8_t name_length = packet->payload[12];
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_DBG2(ndpi_struct,
"possible netbios positive name query response, one answer\n");
if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_DBG2(ndpi_struct,
"possible netbios name query response, length matches\n");
/* null terminated? */
@@ -261,7 +256,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0020) &&
get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_INFO(ndpi_struct,
"found netbios name query response\n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
return;
@@ -274,12 +269,12 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
/* name is encoded as described in rfc883 */
u_int8_t name_length = packet->payload[12];
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_DBG2(ndpi_struct,
"possible netbios negative name query response, one answer\n");
if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_DBG2(ndpi_struct,
"possible netbios name query response, length matches\n");
/* null terminated? */
@@ -287,7 +282,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x000A) &&
get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_INFO(ndpi_struct,
"found netbios name query response\n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
return;
@@ -300,12 +295,12 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
/* name is encoded as described in rfc883 */
u_int8_t name_length = packet->payload[12];
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_DBG2(ndpi_struct,
"possible netbios redirect name query response, one answer\n");
if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_DBG2(ndpi_struct,
"possible netbios name query response, length matches\n");
/* null terminated? */
@@ -313,7 +308,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0002) &&
get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG,
+ NDPI_LOG_INFO(ndpi_struct,
"found netbios name query response\n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
return;
@@ -332,17 +327,14 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
packet->payload_packet_len >= 14 &&
ntohs(get_u_int16_t(packet->payload, 10)) == packet->payload_packet_len - 14) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG, "found netbios port 138 and payload length >= 112 \n");
+ NDPI_LOG_DBG2(ndpi_struct, "found netbios port 138 and payload length >= 112 \n");
if(packet->payload[0] >= 0x11 && packet->payload[0] <= 0x16) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG, "found netbios with MSG-type 0x11,0x12,0x13,0x14,0x15 or 0x16\n");
+ NDPI_LOG_DBG2(ndpi_struct, "found netbios with MSG-type 0x11,0x12,0x13,0x14,0x15 or 0x16\n");
if(ntohl(get_u_int32_t(packet->payload, 4)) == ntohl(packet->iph->saddr)) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG, "found netbios with checked ip-address.\n");
+ NDPI_LOG_INFO(ndpi_struct, "found netbios with checked ip-address\n");
if(ndpi_netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0)
snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name);
@@ -357,21 +349,17 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
if(packet->tcp != NULL) {
dport = ntohs(packet->tcp->dest);
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "netbios tcp start\n");
-
/* destination port must be 139 */
if(dport == 139) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with destination port 139\n");
+ NDPI_LOG_DBG2(ndpi_struct, "found netbios with destination port 139\n");
/* payload_packet_len must be 72 */
if(packet->payload_packet_len == 72) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG, "found netbios with payload_packen_len = 72. \n");
+ NDPI_LOG_DBG2(ndpi_struct, "found netbios with payload_packen_len = 72. \n");
if(packet->payload[0] == 0x81 && packet->payload[1] == 0 && ntohs(get_u_int16_t(packet->payload, 2)) == 68) {
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct,
- NDPI_LOG_DEBUG,
+ NDPI_LOG_INFO(ndpi_struct,
"found netbios with session request = 81, flags=0 and length od following bytes = 68. \n");
ndpi_int_netbios_add_connection(ndpi_struct, flow);
@@ -382,8 +370,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
}
- NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "exclude netbios\n");
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NETBIOS);
+ NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
}
void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
Powered by cgit, Themed by Ted Yin.