Improve IPv6 support, enabling IPv6 traffic on (almost) all dissectors. (#1406)

Follow-up of 7cba34a1
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2022-01-15 17:34:56 +0100
committer: GitHub <noreply@github.com> 2022-01-15 17:34:56 +0100
commit: 20b5f6d7ccec517cf7455911040d114d8c2eba29 (patch)
tree: dc47de252f943a62df3d3545080daa6e382199b5 /src/lib/protocols
parent: 7f69de0b514082553f3cfaf73afb7d55c626b461 (diff)
16 files changed, 64 insertions, 32 deletions
diff --git a/src/lib/protocols/amazon_video.c b/src/lib/protocols/amazon_video.c
index 190463b79..6250962bd 100644
--- a/src/lib/protocols/amazon_video.c
+++ b/src/lib/protocols/amazon_video.c
@@ -71,7 +71,7 @@ void init_amazon_video_dissector(struct ndpi_detection_module_struct *ndpi_struc
   ndpi_set_bitmask_protocol_detection("AMAZON_VIDEO", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_AMAZON_VIDEO,
 				      ndpi_search_amazon_video,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c
index 12295d78a..fab5dc85f 100644
--- a/src/lib/protocols/apple_push.c
+++ b/src/lib/protocols/apple_push.c
@@ -27,26 +27,58 @@
 
 #include "ndpi_api.h"
 
+static int is_apple_push_addr(const struct ndpi_packet_struct *packet)
+{
+  if(packet->iph) {
+    /* 17.0.0.0/8 */
+    if(((ntohl(packet->iph->saddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000) ||
+       ((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000))
+      return 1;
+  } else if(packet->iphv6) {
+    /* 2620:149:a44::/48 */
+    if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x26200149)) &&
+        ((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a440000))) ||
+       ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x26200149)) &&
+        ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a440000))))
+      return 1;
+    /* 2403:300:a42::/48 */
+    if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x24030300)) &&
+        ((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))) ||
+       ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x24030300)) &&
+        ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))))
+      return 1;
+    /* 2403:300:a51::/48 */
+    if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x24030300)) &&
+        ((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a510000))) ||
+       ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x24030300)) &&
+        ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a510000))))
+      return 1;
+    /* 2a01:b740:a42::/48 */
+    if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x2a0ab740)) &&
+        ((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))) ||
+       ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x2a0ab740)) &&
+        ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))))
+      return 1;
+
+  }
+  return 0;
+}
+
+
 static void ndpi_check_apple_push(struct ndpi_detection_module_struct *ndpi_struct,
 				  struct ndpi_flow_struct *flow) {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
 
-  if(packet->iph) {
-    /* https://support.apple.com/en-us/HT203609 */
-    if(((ntohl(packet->iph->saddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0/8 */)
-       || ((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0/8 */)) {
-      u_int16_t apple_push_port       = ntohs(5223);
-      u_int16_t notification_apn_port = ntohs(2195);
-      u_int16_t apn_feedback_port     = ntohs(2196);
+  /* https://support.apple.com/en-us/HT203609 */
+  if(is_apple_push_addr(packet)) {
+    u_int16_t apple_push_port       = ntohs(5223);
+    u_int16_t notification_apn_port = ntohs(2197);
 	
-      if(((packet->tcp->source == apple_push_port) || (packet->tcp->dest == apple_push_port))
-	 || ((packet->tcp->source == notification_apn_port) || (packet->tcp->dest == notification_apn_port))
-	 || ((packet->tcp->source == apn_feedback_port) || (packet->tcp->dest == apn_feedback_port))
-	 ) {
-	NDPI_LOG_INFO(ndpi_struct, "found apple_push\n");
-	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-	return;
-      }
+    if((packet->tcp->source == apple_push_port) || (packet->tcp->dest == apple_push_port) ||
+       (packet->tcp->source == notification_apn_port) || (packet->tcp->dest == notification_apn_port)) {
+      NDPI_LOG_INFO(ndpi_struct, "found apple_push\n");
+      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+      return;
     }
   }
 
@@ -68,7 +100,7 @@ void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   ndpi_set_bitmask_protocol_detection("APPLE_PUSH", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_APPLE_PUSH,
 				      ndpi_search_apple_push,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c
index f60573824..fae1f6f46 100644
--- a/src/lib/protocols/bittorrent.c
+++ b/src/lib/protocols/bittorrent.c
@@ -481,7 +481,7 @@ static void ndpi_skip_bittorrent(struct ndpi_detection_module_struct *ndpi_struc
   else
     sport = packet->tcp->source, dport = packet->tcp->dest;
   
-  if(ndpi_search_into_bittorrent_cache(ndpi_struct, flow, packet->iph->saddr, sport, packet->iph->daddr, dport))
+  if(packet->iph && ndpi_search_into_bittorrent_cache(ndpi_struct, flow, packet->iph->saddr, sport, packet->iph->daddr, dport))
     ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 0,
 				      NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION);
   else
@@ -625,7 +625,7 @@ void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   ndpi_set_bitmask_protocol_detection("BitTorrent", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_BITTORRENT,
 				      ndpi_search_bittorrent,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c
index c1808b0c5..d7fa21d5b 100644
--- a/src/lib/protocols/ciscovpn.c
+++ b/src/lib/protocols/ciscovpn.c
@@ -138,7 +138,7 @@ void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
   ndpi_set_bitmask_protocol_detection("CiscoVPN", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_CISCOVPN,
 				      ndpi_search_ciscovpn,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c
index 39f29083f..d7fba5f81 100644
--- a/src/lib/protocols/h323.c
+++ b/src/lib/protocols/h323.c
@@ -122,7 +122,7 @@ void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   ndpi_set_bitmask_protocol_detection("H323", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_H323,
 				      ndpi_search_h323,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
 
diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c
index c6557a672..35ca5c630 100644
--- a/src/lib/protocols/hangout.c
+++ b/src/lib/protocols/hangout.c
@@ -129,7 +129,7 @@ void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
   ndpi_set_bitmask_protocol_detection("GoogleHangout", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_HANGOUT_DUO,
 				      ndpi_search_hangout,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, /* TODO: IPv6? */
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
 
diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c
index 851739001..4614e6c1c 100644
--- a/src/lib/protocols/netbios.c
+++ b/src/lib/protocols/netbios.c
@@ -418,7 +418,7 @@ void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
   ndpi_set_bitmask_protocol_detection("NETBIOS", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_NETBIOS,
 				      ndpi_search_netbios,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
 
diff --git a/src/lib/protocols/noe.c b/src/lib/protocols/noe.c
index e1d2a0ede..23c2b663a 100644
--- a/src/lib/protocols/noe.c
+++ b/src/lib/protocols/noe.c
@@ -75,7 +75,7 @@ void init_noe_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
   ndpi_set_bitmask_protocol_detection("NOE", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_NOE,
 				      ndpi_search_noe,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
 
diff --git a/src/lib/protocols/openvpn.c b/src/lib/protocols/openvpn.c
index cae343a06..4a7c6567d 100644
--- a/src/lib/protocols/openvpn.c
+++ b/src/lib/protocols/openvpn.c
@@ -181,7 +181,7 @@ void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   ndpi_set_bitmask_protocol_detection("OpenVPN", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_OPENVPN,
 				      ndpi_search_openvpn,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
 
diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c
index d38a5ccb5..eb4a7ce79 100644
--- a/src/lib/protocols/rtcp.c
+++ b/src/lib/protocols/rtcp.c
@@ -76,7 +76,7 @@ void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   ndpi_set_bitmask_protocol_detection("RTCP", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_RTCP,
 				      ndpi_search_rtcp,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
 
diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c
index aa9dfd32f..71534ab5d 100644
--- a/src/lib/protocols/skype.c
+++ b/src/lib/protocols/skype.c
@@ -189,7 +189,7 @@ void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
   ndpi_set_bitmask_protocol_detection("Skype", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_SKYPE_TEAMS,
 				      ndpi_search_skype,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
 
diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c
index f5038f5d7..522a425fe 100644
--- a/src/lib/protocols/spotify.c
+++ b/src/lib/protocols/spotify.c
@@ -135,7 +135,7 @@ void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
   ndpi_set_bitmask_protocol_detection("SPOTIFY", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_SPOTIFY,
 				      ndpi_search_spotify,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
 
diff --git a/src/lib/protocols/targus_getdata.c b/src/lib/protocols/targus_getdata.c
index c096e481a..4fa002807 100644
--- a/src/lib/protocols/targus_getdata.c
+++ b/src/lib/protocols/targus_getdata.c
@@ -68,7 +68,7 @@ void init_targus_getdata_dissector(struct ndpi_detection_module_struct *ndpi_str
   ndpi_set_bitmask_protocol_detection("TARGUS_GETDATA", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_TARGUS_GETDATA,
 				      ndpi_search_targus_getdata,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
   *id += 1;
diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c
index 27512ce48..cadd9f983 100644
--- a/src/lib/protocols/teamspeak.c
+++ b/src/lib/protocols/teamspeak.c
@@ -65,7 +65,7 @@ void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct,
   ndpi_set_bitmask_protocol_detection("TeamSpeak", ndpi_struct, detection_bitmask, *id,
                                       NDPI_PROTOCOL_TEAMSPEAK,
                                       ndpi_search_teamspeak,
-                                      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+                                      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
                                       SAVE_DETECTION_BITMASK_AS_UNKNOWN,
                                       ADD_TO_DETECTION_BITMASK);
 
diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c
index 398e5dbf1..5948c4379 100644
--- a/src/lib/protocols/tinc.c
+++ b/src/lib/protocols/tinc.c
@@ -141,7 +141,7 @@ void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
   ndpi_set_bitmask_protocol_detection("TINC", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_TINC,
 				      ndpi_search_tinc,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION, /* TODO: IPv6? */
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
 
diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c
index fbe3e6d1d..d32c36866 100644
--- a/src/lib/protocols/zattoo.c
+++ b/src/lib/protocols/zattoo.c
@@ -223,7 +223,7 @@ void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
   ndpi_set_bitmask_protocol_detection("Zattoo", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_ZATTOO,
 				      ndpi_search_zattoo,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
 				      ADD_TO_DETECTION_BITMASK);
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2022-01-15 17:34:56 +0100
committer	GitHub <noreply@github.com>	2022-01-15 17:34:56 +0100
commit	20b5f6d7ccec517cf7455911040d114d8c2eba29 (patch)
tree	dc47de252f943a62df3d3545080daa6e382199b5 /src/lib/protocols
parent	7f69de0b514082553f3cfaf73afb7d55c626b461 (diff)