diff options
| author | MrRadix <edo.ermini@gmail.com> | 2020-07-22 10:54:55 +0200 |
|---|---|---|
| committer | MrRadix <edo.ermini@gmail.com> | 2020-07-22 10:54:55 +0200 |
| commit | 847eb7b1805e84d2ff90e99398d6a02429907d24 (patch) | |
| tree | f115b65f28cb7a44f5894a481cb17bfb1ba599c9 /src/lib/protocols/ssh.c | |
| parent | f66cd5aabc4319e64fd4fd6290afefbff1b4ed69 (diff) | |
improved performance by removing linear scan
Diffstat (limited to 'src/lib/protocols/ssh.c')
| -rw-r--r-- | src/lib/protocols/ssh.c | 116 |
1 files changed, 37 insertions, 79 deletions
diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index c5d502ad7..ac1146ba0 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -25,6 +25,7 @@ #include "ndpi_protocol_ids.h" #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSH +#define VERSION_CUTOFF 7 #include "ndpi_api.h" #include "ndpi_md5.h" @@ -59,105 +60,62 @@ /* #define SSH_DEBUG 1 */ static void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); - -/* ************************************************************************ */ - -static int ssh_has_old_signature(char *signature) { - int is_old = 0; - int i = 0; - - char *old_versions[46] = { - "OpenSSH_1.2.2", - "OpenSSH_2.5.1", - "OpenSSH_2.9.9", - "OpenSSH_3.0", - "OpenSSH_3.4", - "OpenSSH_3.5", - "OpenSSH_3.6", - "OpenSSH_3.6.1", - "OpenSSH_3.7", - "OpenSSH_3.7.1", - "OpenSSH_3.8", - "OpenSSH_3.9", - "OpenSSH_4.0", - "OpenSSH_4.1", - "OpenSSH_4.2", - "OpenSSH_4.3", - "OpenSSH_4.4", - "OpenSSH_4.5", - "OpenSSH_4.6", - "OpenSSH_4.7", - "OpenSSH_4.9", - "OpenSSH_5.0", - "OpenSSH_5.1", - "OpenSSH_5.2", - "OpenSSH_5.3", - "OpenSSH_5.4", - "OpenSSH_5.5", - "OpenSSH_5.6", - "OpenSSH_5.7", - "OpenSSH_5.8", - "OpenSSH_5.9", - "OpenSSH_6.0", - "OpenSSH_6.1", - "OpenSSH_6.2", - "OpenSSH_6.3", - "OpenSSH_6.4", - "OpenSSH_6.5", - "OpenSSH_6.6", - "OpenSSH_6.7", - "OpenSSH_6.8", - "OpenSSH_6.9", - "OpenSSH_7.0", - "OpenSSH_7.1", - "OpenSSH_7.3", - "OpenSSH_7.4", - "OpenSSH_7.5" - }; - - while (i < 46 && !is_old) { - if (strstr(old_versions[i], signature) != NULL) - is_old = 1; - - i++; - } - - return is_old; -} /* ************************************************************************ */ -static void ssh_analyse_signature_version(struct ndpi_detection_module_struct *ndpi_struct, +static void ssh_analyze_signature_version(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *str_to_check, u_int8_t is_client_signature) { if (str_to_check == NULL) return; - - char *copy = (char*)malloc(sizeof(char)*strlen(str_to_check)); - char *rest; + + char *rem; char *signature; - int obsolete_ssh_version; + char *version; + int major_number; + char *copy = (char*)ndpi_malloc(sizeof(char)*(strlen(str_to_check)+1)); + int obsolete_ssh_version = 0; + + /* + string example: SSH-2.0-OpenSSH_5.3 + */ strcpy(copy, str_to_check); - strtok_r(copy, "-", &rest); // SSH - strtok_r(NULL, "-", &rest); // 2.0 + /* SSH */ + strtok_r(copy, "-", &rem); + + /* 2.0 */ + strtok_r(NULL, "-", &rem); - // OpenSSH_X.X - signature = strtok_r(NULL, "-", &rest); + /* signature = OpenSSH_5.3 */ + signature = strtok_r(NULL, "-", &rem); + + /* OpenSSH */ + strtok_r(signature, "_", &rem); + + /* version = 5.3 */ + version = strtok_r(NULL, "_", &rem); - if (signature == NULL) return; + if (version == NULL) return; - obsolete_ssh_version = ssh_has_old_signature(signature); + /* major_number = 5 */ + major_number = atoi(strtok_r(version, ".", &rem)); + + if (major_number < VERSION_CUTOFF) { + obsolete_ssh_version = 1; + } #ifdef SSH_DEBUG if(obsolete_ssh_version) - printf("[SSH] %s: obsolete signature\n", signature); + printf("[SSH] Obsolete signature\n"); #endif if(obsolete_ssh_version) NDPI_SET_BIT(flow->risk, is_client_signature ? NDPI_SSH_OBSOLETE_CLIENT_SIGNATURE : NDPI_SSH_OBSOLETE_SERVER_SIGNATURE); + + ndpi_free(copy); } /* ************************************************************************ */ @@ -390,7 +348,7 @@ static void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct flow->protos.ssh.client_signature[len] = '\0'; ndpi_ssh_zap_cr(flow->protos.ssh.client_signature, len); - ssh_analyse_signature_version(ndpi_struct, flow, flow->protos.ssh.client_signature, 1); + ssh_analyze_signature_version(ndpi_struct, flow, flow->protos.ssh.client_signature, 1); #ifdef SSH_DEBUG printf("[SSH] [client_signature: %s]\n", flow->protos.ssh.client_signature); @@ -410,7 +368,7 @@ static void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct flow->protos.ssh.server_signature[len] = '\0'; ndpi_ssh_zap_cr(flow->protos.ssh.server_signature, len); - ssh_analyse_signature_version(ndpi_struct, flow, flow->protos.ssh.server_signature, 0); + ssh_analyze_signature_version(ndpi_struct, flow, flow->protos.ssh.server_signature, 0); #ifdef SSH_DEBUG printf("[SSH] [server_signature: %s]\n", flow->protos.ssh.server_signature); |