diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-01-11 15:23:39 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-11 15:23:39 +0100 |
| commit | 3a087e951d96f509c75344ad6791591e10e4f1cd (patch) | |
| tree | e1c83179768f1445610bf060917700f17fce908f /src/lib/protocols | |
| parent | a2916d2e4c19aff56979b1dafa7edd0c7d3c17fe (diff) | |
Add a "confidence" field about the reliability of the classification. (#1395)
As a general rule, the higher the confidence value, the higher the
"reliability/precision" of the classification.
In other words, this new field provides an hint about "how" the flow
classification has been obtained.
For example, the application may want to ignore classification "by-port"
(they are not real DPI classifications, after all) or give a second
glance at flows classified via LRU caches (because of false positives).
Setting only one value for the confidence field is a bit tricky: more
work is probably needed in the next future to tweak/fix/improve the logic.
Diffstat (limited to 'src/lib/protocols')
167 files changed, 285 insertions, 284 deletions
diff --git a/src/lib/protocols/afp.c b/src/lib/protocols/afp.c index ddbb8c2d6..37bf259b5 100644 --- a/src/lib/protocols/afp.c +++ b/src/lib/protocols/afp.c @@ -37,7 +37,7 @@ struct afpHeader { static void ndpi_int_afp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AFP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AFP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c index b646e463f..61158dda3 100644 --- a/src/lib/protocols/aimini.c +++ b/src/lib/protocols/aimini.c @@ -33,7 +33,7 @@ static void ndpi_int_aimini_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ /* ndpi_protocol_type_t protocol_type */) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_AIMINI); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_AIMINI, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/ajp.c b/src/lib/protocols/ajp.c index e84be938e..0afe8736b 100644 --- a/src/lib/protocols/ajp.c +++ b/src/lib/protocols/ajp.c @@ -63,7 +63,7 @@ static void set_ajp_detected(struct ndpi_detection_module_struct *ndpi_struct, /* If no custom protocol has been detected */ /* if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ ndpi_int_reset_protocol(flow); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AJP, flow->guessed_host_protocol_id); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AJP, flow->guessed_host_protocol_id, NDPI_CONFIDENCE_DPI); } } diff --git a/src/lib/protocols/amazon_video.c b/src/lib/protocols/amazon_video.c index fa28737b5..190463b79 100644 --- a/src/lib/protocols/amazon_video.c +++ b/src/lib/protocols/amazon_video.c @@ -40,7 +40,7 @@ static void ndpi_check_amazon_video(struct ndpi_detection_module_struct *ndpi_st packet->payload[2] == 0xFA && packet->payload[3] == 0xCE)) { NDPI_LOG_INFO(ndpi_struct, "found Amazon Video on TCP\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } else if((packet->udp != NULL) && (packet->payload[0] == 0xDE && @@ -48,7 +48,7 @@ static void ndpi_check_amazon_video(struct ndpi_detection_module_struct *ndpi_st packet->payload[2] == 0xBE && packet->payload[3] == 0xEF)) { NDPI_LOG_INFO(ndpi_struct, "found Amazon Video on UDP\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/among_us.c b/src/lib/protocols/among_us.c index 3c799dcc9..68ce00605 100644 --- a/src/lib/protocols/among_us.c +++ b/src/lib/protocols/among_us.c @@ -27,7 +27,7 @@ static void ndpi_int_among_us_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AMONG_US, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AMONG_US, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_among_us(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c index 218fea47d..082df1a10 100644 --- a/src/lib/protocols/amqp.c +++ b/src/lib/protocols/amqp.c @@ -36,7 +36,7 @@ struct amqp_header { static void ndpi_int_amqp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ /* ndpi_protocol_type_t protocol_type */) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AMQP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AMQP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c index 7e05faa83..12295d78a 100644 --- a/src/lib/protocols/apple_push.c +++ b/src/lib/protocols/apple_push.c @@ -44,7 +44,7 @@ static void ndpi_check_apple_push(struct ndpi_detection_module_struct *ndpi_stru || ((packet->tcp->source == apn_feedback_port) || (packet->tcp->dest == apn_feedback_port)) ) { NDPI_LOG_INFO(ndpi_struct, "found apple_push\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/applejuice.c b/src/lib/protocols/applejuice.c index 8bbd0a28a..d403c968e 100644 --- a/src/lib/protocols/applejuice.c +++ b/src/lib/protocols/applejuice.c @@ -32,7 +32,7 @@ static void ndpi_int_applejuice_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLEJUICE, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLEJUICE, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_applejuice_tcp(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/armagetron.c b/src/lib/protocols/armagetron.c index dd40f477a..9dc441d7e 100644 --- a/src/lib/protocols/armagetron.c +++ b/src/lib/protocols/armagetron.c @@ -32,7 +32,7 @@ static void ndpi_int_armagetron_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ARMAGETRON, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ARMAGETRON, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/attic/flash.c b/src/lib/protocols/attic/flash.c index cf1c3f374..8ffdf2f06 100644 --- a/src/lib/protocols/attic/flash.c +++ b/src/lib/protocols/attic/flash.c @@ -28,7 +28,7 @@ static void ndpi_int_flash_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FLASH); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FLASH, NDPI_CONFIDENCE_DPI); } void ndpi_search_flash(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/attic/ftp.c b/src/lib/protocols/attic/ftp.c index 13b242b56..99330aa54 100644 --- a/src/lib/protocols/attic/ftp.c +++ b/src/lib/protocols/attic/ftp.c @@ -31,7 +31,7 @@ static void ndpi_int_ftp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FTP); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FTP, NDPI_CONFIDENCE_DPI); } /** diff --git a/src/lib/protocols/attic/manolito.c b/src/lib/protocols/attic/manolito.c index 9c139edb4..07965b35d 100644 --- a/src/lib/protocols/attic/manolito.c +++ b/src/lib/protocols/attic/manolito.c @@ -35,7 +35,7 @@ static void ndpi_int_manolito_add_connection(struct struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MANOLITO); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MANOLITO, NDPI_CONFIDENCE_DPI); if (src != NULL) { diff --git a/src/lib/protocols/attic/popo.c b/src/lib/protocols/attic/popo.c index b3c4f90a0..41cda83a6 100644 --- a/src/lib/protocols/attic/popo.c +++ b/src/lib/protocols/attic/popo.c @@ -29,7 +29,7 @@ static void ndpi_int_popo_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_POPO); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_POPO, NDPI_CONFIDENCE_DPI); } void ndpi_search_popo_tcp_udp(struct ndpi_detection_module_struct diff --git a/src/lib/protocols/attic/secondlife.c b/src/lib/protocols/attic/secondlife.c index a41e71765..b4787a910 100644 --- a/src/lib/protocols/attic/secondlife.c +++ b/src/lib/protocols/attic/secondlife.c @@ -30,7 +30,7 @@ static void ndpi_int_secondlife_add_connection(struct ndpi_detection_module_stru struct ndpi_flow_struct *flow/* , */ /* ndpi_protocol_type_t protocol_type */) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SECONDLIFE, protocol_type); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SECONDLIFE, protocol_type, NDPI_CONFIDENCE_DPI); } void ndpi_search_secondlife(struct ndpi_detection_module_struct diff --git a/src/lib/protocols/avast_securedns.c b/src/lib/protocols/avast_securedns.c index caa917174..5edd1e689 100644 --- a/src/lib/protocols/avast_securedns.c +++ b/src/lib/protocols/avast_securedns.c @@ -28,7 +28,7 @@ static void ndpi_int_avast_securedns_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AVAST_SECUREDNS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AVAST_SECUREDNS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static void ndpi_search_avast_securedns(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c index 83207d0ec..20088d570 100644 --- a/src/lib/protocols/ayiya.c +++ b/src/lib/protocols/ayiya.c @@ -61,7 +61,7 @@ void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct if((epoch >= (now - fiveyears)) && (epoch <= (now+86400 /* 1 day */))) { NDPI_LOG_INFO(ndpi_struct, "found AYIYA\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AYIYA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AYIYA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } return; diff --git a/src/lib/protocols/bgp.c b/src/lib/protocols/bgp.c index 6b10052b5..e9fc4ccba 100644 --- a/src/lib/protocols/bgp.c +++ b/src/lib/protocols/bgp.c @@ -45,7 +45,7 @@ void ndpi_search_bgp(struct ndpi_detection_module_struct *ndpi_struct, struct nd && (ntohs(get_u_int16_t(packet->payload, 16)) <= packet->payload_packet_len)) { NDPI_LOG_INFO(ndpi_struct, "found BGP\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BGP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BGP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index 3edb6373f..f60573824 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -116,7 +116,7 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc if(check_hash) ndpi_search_bittorrent_hash(ndpi_struct, flow, bt_offset); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_CACHE); if(flow->protos.bittorrent.hash[0] == '\0') { /* This is necessary to inform the core to call this dissector again */ diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c index 32ad2e61c..c5fad5abd 100644 --- a/src/lib/protocols/bjnp.c +++ b/src/lib/protocols/bjnp.c @@ -8,7 +8,7 @@ static void ndpi_int_bjnp_add_connection(struct ndpi_detection_module_struct *nd struct ndpi_flow_struct *flow, u_int8_t due_to_correlation) { ndpi_set_detected_protocol(ndpi_struct, flow, - NDPI_PROTOCOL_BJNP, NDPI_PROTOCOL_UNKNOWN); + NDPI_PROTOCOL_BJNP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/capwap.c b/src/lib/protocols/capwap.c index 5d1831847..954612940 100644 --- a/src/lib/protocols/capwap.c +++ b/src/lib/protocols/capwap.c @@ -31,7 +31,7 @@ static void ndpi_int_capwap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CAPWAP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CAPWAP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static int is_capwap_multicast(const struct ndpi_packet_struct *packet) diff --git a/src/lib/protocols/cassandra.c b/src/lib/protocols/cassandra.c index 33ac1f72a..d790f942a 100644 --- a/src/lib/protocols/cassandra.c +++ b/src/lib/protocols/cassandra.c @@ -117,7 +117,7 @@ void ndpi_search_cassandra(struct ndpi_detection_module_struct *ndpi_struct, ndpi_check_valid_cassandra_opcode(get_u_int8_t(packet->payload, 4)) && get_u_int32_t(packet->payload, 5) <= CASSANDRA_MAX_BODY_SIZE && get_u_int32_t(packet->payload, 5) >= (uint32_t) (packet->payload_packet_len - CASSANDRA_HEADER_LEN)) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CASSANDRA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CASSANDRA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c index 1f59c288e..f02e32265 100644 --- a/src/lib/protocols/checkmk.c +++ b/src/lib/protocols/checkmk.c @@ -31,7 +31,7 @@ static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CHECKMK, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CHECKMK, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c index 42cd51abf..c1808b0c5 100644 --- a/src/lib/protocols/ciscovpn.c +++ b/src/lib/protocols/ciscovpn.c @@ -30,7 +30,7 @@ static void ndpi_int_ciscovpn_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CISCOVPN, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CISCOVPN, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /* ****************************************************************** */ diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c index 3575d0e08..6a9aa25b9 100644 --- a/src/lib/protocols/citrix.c +++ b/src/lib/protocols/citrix.c @@ -48,7 +48,7 @@ static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, if(memcmp(packet->payload, citrix_header, sizeof(citrix_header)) == 0) { NDPI_LOG_INFO(ndpi_struct, "found citrix\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } return; } else if(payload_len > 22) { @@ -57,7 +57,7 @@ static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, if((memcmp(packet->payload, citrix_header, sizeof(citrix_header)) == 0) || (ndpi_strnstr((const char *)packet->payload, "Citrix.TcpProxyService", payload_len) != NULL)) { NDPI_LOG_INFO(ndpi_struct, "found citrix\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } return; } diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c index cf89748d7..1bd16a917 100644 --- a/src/lib/protocols/coap.c +++ b/src/lib/protocols/coap.c @@ -83,7 +83,7 @@ struct ndpi_coap_hdr static void ndpi_int_coap_add_connection (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_COAP,NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_COAP,NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /** diff --git a/src/lib/protocols/collectd.c b/src/lib/protocols/collectd.c index 3462d158e..f9535ab91 100644 --- a/src/lib/protocols/collectd.c +++ b/src/lib/protocols/collectd.c @@ -47,7 +47,7 @@ void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, stru if(len == packet->payload_packet_len) { NDPI_LOG_INFO(ndpi_struct, "found COLLECTD\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_COLLECTD, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_COLLECTD, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/corba.c b/src/lib/protocols/corba.c index 19f2f6165..c994b756c 100644 --- a/src/lib/protocols/corba.c +++ b/src/lib/protocols/corba.c @@ -27,7 +27,7 @@ static void ndpi_int_corba_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CORBA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CORBA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_corba(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { diff --git a/src/lib/protocols/cpha.c b/src/lib/protocols/cpha.c index 7058fc689..d1dcc6f66 100644 --- a/src/lib/protocols/cpha.c +++ b/src/lib/protocols/cpha.c @@ -45,7 +45,7 @@ void ndpi_search_cpha(struct ndpi_detection_module_struct *ndpi_struct, struct n && (packet->udp->dest == cpha_port) && packet->iph->saddr == 0 /* 0.0.0.0 */ ) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CPHA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CPHA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } else NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/crossfire.c b/src/lib/protocols/crossfire.c index 8ecdf3235..51072d609 100644 --- a/src/lib/protocols/crossfire.c +++ b/src/lib/protocols/crossfire.c @@ -32,7 +32,7 @@ static void ndpi_int_crossfire_add_connection(struct ndpi_detection_module_struc struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CROSSFIRE, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CROSSFIRE, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_crossfire_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c index 47b32658c..f48636ef4 100644 --- a/src/lib/protocols/csgo.c +++ b/src/lib/protocols/csgo.c @@ -50,7 +50,7 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n if(flow->l4.udp.csgo_state == 1 && packet->payload_packet_len >= 42 && w == 0xfffffffful) { if(!memcmp(packet->payload + 24, flow->l4.udp.csgo_strid, 18)) { flow->l4.udp.csgo_state++; - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); NDPI_LOG_INFO( ndpi_struct, "found csgo connect0x reply\n"); return; } @@ -58,13 +58,13 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n if(packet->payload_packet_len == 8 && ( w == 0x3a180000 || w == 0x39180000) ) { NDPI_LOG_INFO( ndpi_struct, "found csgo udp 8b\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } if(packet->payload_packet_len >= 36 && w == 0x56533031ul) { NDPI_LOG_INFO( ndpi_struct, "found csgo udp\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } @@ -72,7 +72,7 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n uint32_t w2 = htonl(get_u_int32_t(packet->payload, 4)); if(w2 == 0x70696e67) { NDPI_LOG_INFO( ndpi_struct, "found csgo udp ping\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } @@ -98,7 +98,7 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n if(packet->payload_packet_len == 15) { if(flow->l4.udp.csgo_s2 == 1 && flow->l4.udp.csgo_id2 == w2) { NDPI_LOG_INFO( ndpi_struct, "found csgo udp 0d1d\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } @@ -108,14 +108,14 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n if(packet->payload_packet_len >= 140 && (w == 0x02124c6c || w == 0x02125c6c) && !memcmp(&packet->payload[3], "lta\000mob\000tpc\000bhj\000bxd\000tae\000urg\000gkh\000", 32)) { NDPI_LOG_INFO( ndpi_struct, "found csgo dictionary udp\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } if(packet->payload_packet_len >= 33 && packet->iph && packet->iph->daddr == 0xffffffff && !memcmp(&packet->payload[17], "LanSearch", 9)) { NDPI_LOG_INFO( ndpi_struct, "found csgo LanSearch udp\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } diff --git a/src/lib/protocols/dcerpc.c b/src/lib/protocols/dcerpc.c index 0c6dc45a8..b353caf20 100644 --- a/src/lib/protocols/dcerpc.c +++ b/src/lib/protocols/dcerpc.c @@ -31,7 +31,7 @@ static void ndpi_int_dcerpc_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DCERPC, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DCERPC, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } bool is_connection_oriented_dcerpc(struct ndpi_packet_struct *packet, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index 3e9521bf6..46f64759b 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -54,7 +54,7 @@ typedef struct { static void ndpi_int_dhcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DHCP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DHCP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/dhcpv6.c b/src/lib/protocols/dhcpv6.c index a4d3c5060..7336669ce 100644 --- a/src/lib/protocols/dhcpv6.c +++ b/src/lib/protocols/dhcpv6.c @@ -33,7 +33,7 @@ static void ndpi_int_dhcpv6_add_connection(struct ndpi_detection_module_struct * struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DHCPV6, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DHCPV6, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_dhcpv6_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/diameter.c b/src/lib/protocols/diameter.c index c90848d27..7d63653ee 100644 --- a/src/lib/protocols/diameter.c +++ b/src/lib/protocols/diameter.c @@ -106,7 +106,7 @@ void ndpi_search_diameter(struct ndpi_detection_module_struct *ndpi_struct, } else { NDPI_LOG_INFO(ndpi_struct, "found Diameter\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIAMETER, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIAMETER, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } } else { // UDP diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index 5085bacc9..55a3f8145 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -82,7 +82,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); if(src != NULL) { src->directconnect_last_safe_access_time = packet->current_time_ms; @@ -166,7 +166,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { src->directconnect_last_safe_access_time = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(src->detected_directconnect_port)); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_SRC_DST_ID); return; } else { src->detected_directconnect_port = 0; @@ -180,7 +180,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { src->directconnect_last_safe_access_time = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(src->detected_directconnect_ssl_port)); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_SRC_DST_ID); return; } else { src->detected_directconnect_ssl_port = 0; @@ -198,7 +198,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { dst->directconnect_last_safe_access_time = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(dst->detected_directconnect_port)); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_SRC_DST_ID); return; } else { dst->detected_directconnect_port = 0; @@ -212,7 +212,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { dst->directconnect_last_safe_access_time = packet->current_time_ms; NDPI_LOG_DBG(ndpi_struct, "found DC using port %d\n", ntohs(dst->detected_directconnect_ssl_port)); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_SRC_DST_ID); return; } else { dst->detected_directconnect_ssl_port = 0; @@ -324,7 +324,7 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct dst->directconnect_last_safe_access_time = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found DC using udp port %d\n", ntohs(dst->detected_directconnect_udp_port)); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_SRC_DST_ID); return; } else { dst->detected_directconnect_udp_port = 0; @@ -416,7 +416,7 @@ void ndpi_search_directconnect(struct ndpi_detection_module_struct ndpi_struct->directconnect_connection_ip_tick_timeout)) { dst->directconnect_last_safe_access_time = packet->current_time_ms; } else { - flow->detected_protocol_stack[0] = NDPI_PROTOCOL_UNKNOWN; + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_UNKNOWN); NDPI_LOG_DBG2(ndpi_struct, "skipping as unknown due to timeout\n"); } return; diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index 827f72903..404f447e6 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -39,7 +39,7 @@ static void ndpi_int_direct_download_link_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/dnp3.c b/src/lib/protocols/dnp3.c index e4bdf1348..9aa04cc24 100644 --- a/src/lib/protocols/dnp3.c +++ b/src/lib/protocols/dnp3.c @@ -44,7 +44,7 @@ void ndpi_search_dnp3_tcp(struct ndpi_detection_module_struct *ndpi_struct, && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x64)) { NDPI_LOG_INFO(ndpi_struct, "found DNP3\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DNP3, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DNP3, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 55fb24f8d..6537b8b2e 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -318,7 +318,7 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct, /* We missed the request */ u_int16_t s_port = packet->udp ? ntohs(packet->udp->source) : ntohs(packet->tcp->source); - ndpi_set_detected_protocol(ndpi_struct, flow, checkPort(s_port), NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, checkPort(s_port), NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } } } @@ -498,7 +498,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st if(is_query) { /* In this case we say that the protocol has been detected just to let apps carry on with their activities */ - ndpi_set_detected_protocol(ndpi_struct, flow, ret.app_protocol, ret.master_protocol); + ndpi_set_detected_protocol(ndpi_struct, flow, ret.app_protocol, ret.master_protocol, NDPI_CONFIDENCE_DPI); /* This is necessary to inform the core to call this dissector again */ flow->check_extra_packets = 1; @@ -525,7 +525,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st matched a subprotocol **/ NDPI_LOG_INFO(ndpi_struct, "found DNS\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, ret.app_protocol, ret.master_protocol); + ndpi_set_detected_protocol(ndpi_struct, flow, ret.app_protocol, ret.master_protocol, NDPI_CONFIDENCE_DPI); } else { if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_DNS) || (flow->detected_protocol_stack[1] == NDPI_PROTOCOL_DNS)) diff --git a/src/lib/protocols/dnscrypt.c b/src/lib/protocols/dnscrypt.c index a51ed60f7..1480abd62 100644 --- a/src/lib/protocols/dnscrypt.c +++ b/src/lib/protocols/dnscrypt.c @@ -27,7 +27,7 @@ static void ndpi_int_dnscrypt_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_dnscrypt(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/dofus.c b/src/lib/protocols/dofus.c index 9d8fbb3c3..1313749e8 100644 --- a/src/lib/protocols/dofus.c +++ b/src/lib/protocols/dofus.c @@ -30,7 +30,7 @@ static void ndpi_dofus_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DOFUS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DOFUS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); NDPI_LOG_INFO(ndpi_struct, "found dofus\n"); } diff --git a/src/lib/protocols/drda.c b/src/lib/protocols/drda.c index 0bd67895e..1b76b6049 100644 --- a/src/lib/protocols/drda.c +++ b/src/lib/protocols/drda.c @@ -76,7 +76,7 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, if(count != payload_len) goto no_drda; } NDPI_LOG_INFO(ndpi_struct, "found DRDA\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DRDA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DRDA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index 5e737a1f4..6dd7693ed 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -33,7 +33,7 @@ static void ndpi_int_dropbox_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t due_to_correlation) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c index 1484993bc..73fc9f5f7 100644 --- a/src/lib/protocols/eaq.c +++ b/src/lib/protocols/eaq.c @@ -36,7 +36,7 @@ static void ndpi_int_eaq_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_EAQ, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_EAQ, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c index 24f14e603..5dfb9b6bd 100644 --- a/src/lib/protocols/edonkey.c +++ b/src/lib/protocols/edonkey.c @@ -31,7 +31,7 @@ static void ndpi_int_edonkey_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_EDONKEY, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_EDONKEY, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static int ndpi_edonkey_payload_check(const u_int8_t *data, u_int32_t len) { diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c index 2216cc4d1..59752a907 100644 --- a/src/lib/protocols/fasttrack.c +++ b/src/lib/protocols/fasttrack.c @@ -31,7 +31,7 @@ static void ndpi_int_fasttrack_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FASTTRACK, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FASTTRACK, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/fiesta.c b/src/lib/protocols/fiesta.c index 9a2ecddd1..4ba5f3082 100644 --- a/src/lib/protocols/fiesta.c +++ b/src/lib/protocols/fiesta.c @@ -31,7 +31,7 @@ static void ndpi_int_fiesta_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIESTA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIESTA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/fix.c b/src/lib/protocols/fix.c index f2d6cad7e..dcfce6065 100644 --- a/src/lib/protocols/fix.c +++ b/src/lib/protocols/fix.c @@ -43,7 +43,7 @@ void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct nd packet->payload[5] == 0x2e) { NDPI_LOG_INFO(ndpi_struct, "found FIX\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } // 0. 9= @@ -53,7 +53,7 @@ void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct nd packet->payload[5] == 0x3d) { NDPI_LOG_INFO(ndpi_struct, "found FIX\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/florensia.c b/src/lib/protocols/florensia.c index fd9c07eac..ca173a48c 100644 --- a/src/lib/protocols/florensia.c +++ b/src/lib/protocols/florensia.c @@ -31,7 +31,7 @@ static void ndpi_florensia_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FLORENSIA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FLORENSIA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index 4045c4117..04a5d2e96 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -36,7 +36,7 @@ static void ndpi_int_ftp_control_add_connection(struct ndpi_detection_module_str flow->host_server_name[0] = '\0'; /* Remove any data set by other dissectors (eg. SMTP) */ ndpi_set_detected_protocol(ndpi_struct, flow, - NDPI_PROTOCOL_FTP_CONTROL, NDPI_PROTOCOL_UNKNOWN); + NDPI_PROTOCOL_FTP_CONTROL, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /* *************************************************************** */ diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c index b379a54a5..4a3ad973d 100644 --- a/src/lib/protocols/ftp_data.c +++ b/src/lib/protocols/ftp_data.c @@ -30,7 +30,7 @@ #include "ndpi_api.h" static void ndpi_int_ftp_data_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FTP_DATA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FTP_DATA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static int ndpi_match_ftp_data_port(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { diff --git a/src/lib/protocols/genshin_impact.c b/src/lib/protocols/genshin_impact.c index 214d706aa..4333345a8 100644 --- a/src/lib/protocols/genshin_impact.c +++ b/src/lib/protocols/genshin_impact.c @@ -29,7 +29,7 @@ static void ndpi_int_genshin_impact_add_connection( struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GENSHIN_IMPACT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GENSHIN_IMPACT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static void ndpi_search_genshin_impact(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/git.c b/src/lib/protocols/git.c index 7000f249b..6c3621bab 100644 --- a/src/lib/protocols/git.c +++ b/src/lib/protocols/git.c @@ -61,7 +61,7 @@ void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, if(found_git) { NDPI_LOG_INFO(ndpi_struct, "found Git\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GIT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GIT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c index 6dabfc662..2af76085f 100644 --- a/src/lib/protocols/gnutella.c +++ b/src/lib/protocols/gnutella.c @@ -30,14 +30,14 @@ static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow/* , */ - /* ndpi_protocol_type_t protocol_type */) + struct ndpi_flow_struct *flow, + ndpi_confidence_t confidence) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GNUTELLA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GNUTELLA, NDPI_PROTOCOL_UNKNOWN, confidence); NDPI_LOG_INFO(ndpi_struct, "found GNUTELLA\n"); if (src != NULL) { @@ -101,12 +101,12 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if (packet->tcp != NULL) { /* this case works asymmetrically */ if (packet->payload_packet_len > 10 && memcmp(packet->payload, "GNUTELLA/", 9) == 0) { - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } /* this case works asymmetrically */ if (packet->payload_packet_len > 17 && memcmp(packet->payload, "GNUTELLA CONNECT/", 17) == 0) { - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } @@ -120,7 +120,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru || (packet->line[c].len > 7 && memcmp(packet->line[c].ptr, "X-Queue:", 8) == 0) || (packet->line[c].len > 36 && memcmp(packet->line[c].ptr, "Content-Type: application/x-gnutella-", 37) == 0)) { - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } } @@ -131,7 +131,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && memcmp(packet->user_agent_line.ptr, "BearShare Lite ", 15) == 0) || (packet->accept_line.ptr != NULL && packet->accept_line.len > 24 && memcmp(packet->accept_line.ptr, "application n/x-gnutella", 24) == 0)) { - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); } } @@ -147,7 +147,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if (c < (packet->payload_packet_len - 9) && memcmp(&packet->payload[c], "urn:sha1:", 9) == 0) { NDPI_LOG_DBG2(ndpi_struct, "detected GET /get/ or GET /uri-res/\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); } } @@ -156,7 +156,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru * it is searched in the upper paragraph. */ if (packet->payload_packet_len > 30 && memcmp(packet->payload, "HEAD /gnutella/push-proxy?", 26) == 0) { NDPI_LOG_DBG2(ndpi_struct, "detected HEAD /gnutella/push-proxy?\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } /* haven't found any trace with this pattern */ @@ -164,7 +164,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && memcmp(packet->payload, "\x50\x55\x53\x48\x20\x67\x75\x69\x64\x3a", 10) == 0) { NDPI_LOG_DBG2(ndpi_struct, "detected \x50\x55\x53\x48\x20\x67\x75\x69\x64\x3a\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } /* haven't found any trace with this pattern */ @@ -184,7 +184,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru || (end - c > 13 && memcmp(&packet->payload[c], "\r\nX-Features:", 13) == 0)) { NDPI_LOG_DBG2(ndpi_struct, "FOXY :: GNUTELLA GET 2 DETECTED\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } @@ -205,14 +205,14 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru get_u_int32_t(packet->payload, 4) == htonl(0x01000300) && get_u_int32_t(packet->payload, 8) == htonl(0x00002000) && get_u_int16_t(packet->payload, 12) == htons(0x0034)) { NDPI_LOG_DBG2(ndpi_struct, "detected gnutella len == 46\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } if (packet->payload_packet_len == 49 && memcmp(packet->payload, "\x80\x2f\x01\x03\x01\x00\x06\x00\x00\x00\x20\x00\x00\x34\x00\x00\xff\x4d\x6c", 19) == 0) { NDPI_LOG_DBG2(ndpi_struct, "detected gnutella len == 49\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } if (packet->payload_packet_len == 89 && memcmp(&packet->payload[43], "\x20\x4d\x6c", 3) == 0 && @@ -220,7 +220,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru memcmp(&packet->payload[76], "\x00\x02\x00\x34\x01\x00\x00\x05", 8) == 0) { NDPI_LOG_DBG2(ndpi_struct, "detected gnutella asymmetrically len == 388.\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } else if (packet->payload_packet_len == 82) { if (get_u_int32_t(packet->payload, 0) == htonl(0x16030100) @@ -229,7 +229,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && get_u_int16_t(packet->payload, 76) == htons(0x0002) && get_u_int32_t(packet->payload, 78) == htonl(0x00340100)) { NDPI_LOG_DBG2(ndpi_struct, "detected len == 82\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } } @@ -238,7 +238,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru packet->udp->source == src->detected_gnutella_udp_port2) && (packet->current_time_ms - src->gnutella_ts) < ndpi_struct->gnutella_timeout) { NDPI_LOG_DBG2(ndpi_struct, "port based detection\n\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI_SRC_DST_ID); } /* observations: * all the following patterns send out many packets which are the only ones of their flows, @@ -251,7 +251,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && packet->payload[18] == 0x00 && packet->payload[19] == 0x00 && packet->payload[20] == 0x00 && packet->payload[21] == 0x00 && packet->payload[22] == 0x00) { NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 23\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } @@ -260,25 +260,25 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && packet->payload[28] == 0x83 && packet->payload[29] == 0x53 && packet->payload[30] == 0x43 && packet->payload[31] == 0x50 && packet->payload[32] == 0x41) { NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 35\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } if (packet->payload_packet_len == 32 && (memcmp(&packet->payload[16], "\x31\x01\x00\x09\x00\x00\x00\x4c\x49\x4d\x45", 11) == 0)) { NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 32\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } if (packet->payload_packet_len == 34 && (memcmp(&packet->payload[25], "SCP@", 4) == 0) && (memcmp(&packet->payload[30], "DNA@", 4) == 0)) { NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 34\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } if ((packet->payload_packet_len == 73 || packet->payload_packet_len == 96) && memcmp(&packet->payload[32], "urn:sha1:", 9) == 0) { NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 73,96\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } @@ -297,7 +297,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru || (packet->payload_packet_len > 200 && packet->payload_packet_len < 300 && packet->payload[3] == 0x03) || (packet->payload_packet_len > 300 && (packet->payload[3] == 0x01 || packet->payload[3] == 0x03))) { NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, GND\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } } @@ -305,13 +305,13 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if ((packet->payload_packet_len == 32) && memcmp(&packet->payload[16], "\x31\x01\x00\x09\x00\x00\x00", 7) == 0) { NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 32 ii\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } if ((packet->payload_packet_len == 23) && memcmp(&packet->payload[16], "\x00\x01\x00\x00\x00\x00\x00", 7) == 0) { NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 23 ii\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } } @@ -336,7 +336,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && flow->l4.tcp.gnutella_msg_id[2] == packet->payload[4] && NDPI_SRC_OR_DST_HAS_PROTOCOL(src, dst, NDPI_PROTOCOL_GNUTELLA)) { NDPI_LOG_DBG2(ndpi_struct, "GNUTELLA DETECTED due to message ID match (NEONet protocol)\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI_SRC_DST_ID); return; } } else if (flow->l4.tcp.gnutella_stage == 2 - packet->packet_direction) { @@ -346,7 +346,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && flow->l4.tcp.gnutella_msg_id[2] == packet->payload[4] && NDPI_SRC_OR_DST_HAS_PROTOCOL(src, dst, NDPI_PROTOCOL_GNUTELLA)) { NDPI_LOG_DBG2(ndpi_struct, "GNUTELLA DETECTED due to message ID match (NEONet protocol)\n"); - ndpi_int_gnutella_add_connection(ndpi_struct, flow); + ndpi_int_gnutella_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI_SRC_DST_ID); return; } } diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c index 8fd85f755..1a40784ef 100644 --- a/src/lib/protocols/gtp.c +++ b/src/lib/protocols/gtp.c @@ -82,7 +82,7 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str (payload_len >= HEADER_LEN_GTP_U) && (message_len <= (payload_len - HEADER_LEN_GTP_U))) { NDPI_LOG_INFO(ndpi_struct, "found gtp-u\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GTP_U, NDPI_PROTOCOL_GTP); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GTP_U, NDPI_PROTOCOL_GTP, NDPI_CONFIDENCE_DPI); return; } } @@ -96,7 +96,7 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str /* payload_len is always valid, because HEADER_LEN_GTP_C_V2 == sizeof(struct gtp_header_generic) */ (message_len == (payload_len - HEADER_LEN_GTP_C_V2)))) { NDPI_LOG_INFO(ndpi_struct, "found gtp-c\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GTP_C, NDPI_PROTOCOL_GTP); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GTP_C, NDPI_PROTOCOL_GTP, NDPI_CONFIDENCE_DPI); return; } } @@ -108,7 +108,7 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str ((gtp->message_type > 0 && gtp->message_type <= 7) || /* Check based on TS 32.295 6.2.1 */ gtp->message_type == 240 || gtp->message_type == 241)) { NDPI_LOG_INFO(ndpi_struct, "found gtp-prime\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GTP_PRIME, NDPI_PROTOCOL_GTP); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GTP_PRIME, NDPI_PROTOCOL_GTP, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/guildwars.c b/src/lib/protocols/guildwars.c index 0b8aaca7d..924133793 100644 --- a/src/lib/protocols/guildwars.c +++ b/src/lib/protocols/guildwars.c @@ -31,7 +31,7 @@ static void ndpi_int_guildwars_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GUILDWARS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GUILDWARS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_guildwars_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c index 70d34d7ee..39f29083f 100644 --- a/src/lib/protocols/h323.c +++ b/src/lib/protocols/h323.c @@ -63,7 +63,7 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n if((packet->payload[5] == 0xE0 /* CC Connect Request */) || (packet->payload[5] == 0xD0 /* CC Connect Confirm */)) { NDPI_LOG_INFO(ndpi_struct, "found RDP\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RDP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RDP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } @@ -72,7 +72,7 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n if(flow->l4.tcp.h323_valid_packets >= 2) { NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } } else { /* This is not H.323 */ @@ -89,7 +89,7 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n packet->payload[4] == 0x00 && packet->payload[5] == 0x00) { NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } /* H323 */ @@ -100,11 +100,11 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n && (packet->payload[4] == 0x06) && (packet->payload[5] == 0x00)) { NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } else if(packet->payload_packet_len >= 20 && packet->payload_packet_len <= 117) { NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/halflife2_and_mods.c b/src/lib/protocols/halflife2_and_mods.c index 68ba574c3..c28899f35 100644 --- a/src/lib/protocols/halflife2_and_mods.c +++ b/src/lib/protocols/halflife2_and_mods.c @@ -32,7 +32,7 @@ static void ndpi_int_halflife2_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HALFLIFE2, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HALFLIFE2, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_halflife2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index c9d021a1c..c6557a672 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -114,7 +114,7 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, } ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HANGOUT_DUO, - NDPI_PROTOCOL_STUN); + NDPI_PROTOCOL_STUN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/hpvirtgrp.c b/src/lib/protocols/hpvirtgrp.c index 29a8d83ec..8b6c70b77 100644 --- a/src/lib/protocols/hpvirtgrp.c +++ b/src/lib/protocols/hpvirtgrp.c @@ -29,7 +29,7 @@ static void ndpi_int_hpvirtgrp_add_connection( struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HPVIRTGRP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HPVIRTGRP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static void ndpi_search_hpvirtgrp(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 99a49ab2d..a33cd6f00 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -341,9 +341,9 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd // ndpi_int_reset_protocol(flow); ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, (flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) ? - flow->detected_protocol_stack[1] : NDPI_PROTOCOL_HTTP - ); - + flow->detected_protocol_stack[1] : NDPI_PROTOCOL_HTTP, + NDPI_CONFIDENCE_DPI); + /* This is necessary to inform the core to call this dissector again */ flow->check_extra_packets = 1; flow->max_extra_packets_to_check = 8; @@ -410,7 +410,7 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp ((strstr(flow->http.url, ":8080/downloading?n=0.") != NULL) || (strstr(flow->http.url, ":8080/upload?n=0.") != NULL))) { /* This looks like Ookla speedtest */ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP, NDPI_CONFIDENCE_DPI); } } } @@ -614,7 +614,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(packet->server_line.ptr != NULL && (packet->server_line.len > 7)) { if(strncmp((const char *)packet->server_line.ptr, "ntopng ", 7) == 0) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NTOP, NDPI_PROTOCOL_HTTP); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NTOP, NDPI_PROTOCOL_HTTP, NDPI_CONFIDENCE_DPI); NDPI_CLR_BIT(flow->risk, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT); } } @@ -759,7 +759,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ */ if(strncmp((const char *)packet->content_line.ptr, "application/ocsp-", 17) == 0) { NDPI_LOG_DBG2(ndpi_struct, "Found OCSP\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OCSP, NDPI_PROTOCOL_HTTP); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OCSP, NDPI_PROTOCOL_HTTP, NDPI_CONFIDENCE_DPI); } } } @@ -1123,14 +1123,15 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if((packet->http_url_name.len > 7) && (!strncasecmp((const char*) packet->http_url_name.ptr, "http://", 7))) { NDPI_LOG_INFO(ndpi_struct, "found HTTP_PROXY\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_PROXY, flow->detected_protocol_stack[0]); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_PROXY, flow->detected_protocol_stack[0], NDPI_CONFIDENCE_DPI); check_content_type_and_change_protocol(ndpi_struct, flow); } if(filename_start == 8 && (strncasecmp((const char *)packet->payload, "CONNECT ", 8) == 0)) { NDPI_LOG_INFO(ndpi_struct, "found HTTP_CONNECT\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_CONNECT, - (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) ? flow->detected_protocol_stack[0] : NDPI_PROTOCOL_UNKNOWN); + (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) ? flow->detected_protocol_stack[0] : NDPI_PROTOCOL_UNKNOWN, + NDPI_CONFIDENCE_DPI); check_content_type_and_change_protocol(ndpi_struct, flow); } diff --git a/src/lib/protocols/iax.c b/src/lib/protocols/iax.c index d45c3c92e..48df17b38 100644 --- a/src/lib/protocols/iax.c +++ b/src/lib/protocols/iax.c @@ -34,7 +34,7 @@ static void ndpi_int_iax_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IAX, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IAX, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/icecast.c b/src/lib/protocols/icecast.c index f6c7085dd..61dafc2d6 100644 --- a/src/lib/protocols/icecast.c +++ b/src/lib/protocols/icecast.c @@ -30,7 +30,7 @@ static void ndpi_int_icecast_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ICECAST, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ICECAST, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/iec60870-5-104.c b/src/lib/protocols/iec60870-5-104.c index a6ab66220..dbb5e5b19 100644 --- a/src/lib/protocols/iec60870-5-104.c +++ b/src/lib/protocols/iec60870-5-104.c @@ -62,7 +62,7 @@ void ndpi_search_iec60870_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(found) { NDPI_LOG_INFO(ndpi_struct, "Found IEC60870-104\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IEC60870, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IEC60870, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/imo.c b/src/lib/protocols/imo.c index fab99d301..effb40826 100644 --- a/src/lib/protocols/imo.c +++ b/src/lib/protocols/imo.c @@ -29,7 +29,7 @@ static void ndpi_int_imo_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IMO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IMO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_imo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { diff --git a/src/lib/protocols/ipp.c b/src/lib/protocols/ipp.c index 5e69ba06b..57edee6ad 100644 --- a/src/lib/protocols/ipp.c +++ b/src/lib/protocols/ipp.c @@ -32,7 +32,7 @@ static void ndpi_int_ipp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IPP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IPP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index 7bf7399f7..6ff3af836 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -36,9 +36,9 @@ timestamp = time_err[t1]; \ less = t1;}}} -static void ndpi_int_irc_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +static void ndpi_int_irc_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, ndpi_confidence_t confidence) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IRC, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IRC, NDPI_PROTOCOL_UNKNOWN, confidence); } @@ -180,7 +180,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det || ntohs(get_u_int16_t(packet->payload, 2)) == 0x2000)) { NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1460,1460,1176,<-4096||8192"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return 1; } /* case 2: len 1448, len 1448, len 1200 several times in one direction, than len = 4, 4096, 8192 in the other direction */ @@ -211,7 +211,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det || ntohs(get_u_int16_t(packet->payload, 2)) == 0x2000)) { NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1448,1448,1200,<-4096||8192"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return 1; } /* case 3: several packets with len 1380, 1200, 1024, 1448, 1248, @@ -228,7 +228,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det || ntohs(get_u_int16_t(packet->payload, 2)) == 2760)) { NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1380,<-1380||2760"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return 1; } if (packet->payload_packet_len == 1200 && ((flow->l4.tcp.irc_stage2 == 0 && flow->l4.tcp.irc_direction == 0) @@ -243,7 +243,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det || ntohs(get_u_int16_t(packet->payload, 2)) == 2400)) { NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1200,<-1200||2400"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return 1; } if (packet->payload_packet_len == 1024 && ((flow->l4.tcp.irc_stage2 == 0 && flow->l4.tcp.irc_direction == 0) @@ -258,7 +258,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det || ntohs(get_u_int16_t(packet->payload, 2)) == 2048)) { NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1024,<-1024||2048"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return 1; } if (packet->payload_packet_len == 1248 && ((flow->l4.tcp.irc_stage2 == 0 && flow->l4.tcp.irc_direction == 0) @@ -273,7 +273,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det || ntohs(get_u_int16_t(packet->payload, 2)) == 2496)) { NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1248,<-1248||2496"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return 1; } if (packet->payload_packet_len == 1448 @@ -288,7 +288,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det || ntohs(get_u_int16_t(packet->payload, 2)) == 2896)) { NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1448,<-1448||2896"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return 1; } /* case 4 : five packets with len = 1448, one with len 952, than one packet from other direction len = 8192 */ @@ -311,7 +311,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_stage2 == 14 && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && ntohs(get_u_int16_t(packet->payload, 2)) == 8192) { NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1448,1448,1448,1448,1448,952,<-8192"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return 1; } /* case 5: len 1024, len 1448, len 1448, len 1200, len 1448, len 600 */ @@ -344,7 +344,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_stage2 == 19 && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && ntohs(get_u_int16_t(packet->payload, 2)) == 7168) { NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1024,1448,1448,1200,1448,600,<-7168"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return 1; } /* -> 1024, 1380, -> 2404 */ @@ -357,7 +357,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_stage2 == 20 && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && ntohs(get_u_int16_t(packet->payload, 2)) == 2404) { NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1024,1380 <-2404"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return 1; } @@ -421,7 +421,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (dst->irc_port[counter] == sport || dst->irc_port[counter] == dport) { dst->last_time_port_used[counter] = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found IRC: dest port matched with the DCC port"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI_SRC_DST_ID); return; } } @@ -431,7 +431,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (src->irc_port[counter] == sport || src->irc_port[counter] == dport) { src->last_time_port_used[counter] = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found IRC: Source port matched with the DCC port"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI_SRC_DST_ID); return; } } @@ -462,14 +462,14 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc flow->l4.tcp.irc_3a_counter++; if (flow->l4.tcp.irc_3a_counter == 7) { /* ':' == 0x3a */ NDPI_LOG_INFO(ndpi_struct, "found irc. 0x3a. seven times."); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); goto detected_irc; } } } if (flow->l4.tcp.irc_3a_counter == 7) { /* ':' == 0x3a */ NDPI_LOG_INFO(ndpi_struct, "found irc. 0x3a. seven times."); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); goto detected_irc; } } @@ -488,7 +488,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc "USER, NICK, PASS, NOTICE, PRIVMSG one time"); if (flow->l4.tcp.irc_stage == 2) { NDPI_LOG_INFO(ndpi_struct, "found irc"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); flow->l4.tcp.irc_stage = 3; } if (flow->l4.tcp.irc_stage == 1) { @@ -509,7 +509,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (packet->line[c].len > 4 && (memcmp(packet->line[c].ptr, "NICK ", 5) == 0 || memcmp(packet->line[c].ptr, "USER ", 5) == 0)) { NDPI_LOG_INFO(ndpi_struct, "found IRC: two icq signal words in the same packet"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); flow->l4.tcp.irc_stage = 3; return; } @@ -525,7 +525,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc || memcmp(packet->line[c].ptr, "USER ", 5) == 0)) { NDPI_LOG_INFO(ndpi_struct, "found IRC: two icq signal words in the same packet"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); flow->l4.tcp.irc_stage = 3; return; } @@ -576,7 +576,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && (memcmp(packet->payload + http_content_ptr_len, "item=", 5) == 0) && (ndpi_check_for_cmd(ndpi_struct, flow) != 0))) { NDPI_LOG_INFO(ndpi_struct, "found IRC: Nickname, cmd, one time"); - ndpi_int_irc_add_connection(ndpi_struct, flow); + ndpi_int_irc_add_connection(ndpi_struct, flow, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/jabber.c b/src/lib/protocols/jabber.c index 609771c75..a5e5a069e 100644 --- a/src/lib/protocols/jabber.c +++ b/src/lib/protocols/jabber.c @@ -41,9 +41,9 @@ static struct jabber_string jabber_strings[] = { static void ndpi_int_jabber_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - u_int32_t protocol) + u_int32_t protocol, ndpi_confidence_t confidence) { - ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN, confidence); } static void check_content_type_and_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, @@ -56,7 +56,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ for(i=0; jabber_strings[i].string != NULL; i++) { if(ndpi_strnstr((const char*)&packet->payload[x], jabber_strings[i].string, left) != NULL) { - ndpi_int_jabber_add_connection(ndpi_struct, flow, jabber_strings[i].ndpi_protocol); + ndpi_int_jabber_add_connection(ndpi_struct, flow, jabber_strings[i].ndpi_protocol, NDPI_CONFIDENCE_DPI); return; } } @@ -97,7 +97,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st NDPI_LOG_INFO(ndpi_struct, "found jabber file transfer\n"); ndpi_int_jabber_add_connection(ndpi_struct, flow, - NDPI_PROTOCOL_JABBER); + NDPI_PROTOCOL_JABBER, NDPI_CONFIDENCE_DPI_SRC_DST_ID); } } if (dst != NULL && dst->jabber_file_transfer_port[0] != 0) { @@ -117,7 +117,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st NDPI_LOG_INFO(ndpi_struct, "found jabber file transfer\n"); ndpi_int_jabber_add_connection(ndpi_struct, flow, - NDPI_PROTOCOL_JABBER); + NDPI_PROTOCOL_JABBER, NDPI_CONFIDENCE_DPI_SRC_DST_ID); } } return; @@ -274,7 +274,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st || ndpi_strnstr((const char *)&packet->payload[13], "xmlns:stream=\"http://etherx.jabber.org/streams\"", start)) { /* Protocol family */ - ndpi_int_jabber_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_JABBER); + ndpi_int_jabber_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_JABBER, NDPI_CONFIDENCE_DPI); /* search for subprotocols */ check_content_type_and_change_protocol(ndpi_struct, flow, 13); diff --git a/src/lib/protocols/kakaotalk_voice.c b/src/lib/protocols/kakaotalk_voice.c index 5810c7af7..36a8cdc3b 100644 --- a/src/lib/protocols/kakaotalk_voice.c +++ b/src/lib/protocols/kakaotalk_voice.c @@ -54,7 +54,7 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struc if(((ntohl(packet->iph->saddr) & 0xFFFF0000 /* 255.255.0.0 */) == 0x01C90000 /* 1.201.0.0/16 */) || ((ntohl(packet->iph->daddr) & 0xFFFF0000 /* 255.255.0.0 */) == 0x01C90000 /* 1.201.0.0/16 */)) { NDPI_LOG_INFO(ndpi_struct, "found kakaotalk_voice\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KAKAOTALK_VOICE, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KAKAOTALK_VOICE, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index a6006ce20..c89923fc6 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -38,7 +38,7 @@ static int ndpi_search_kerberos_extra(struct ndpi_detection_module_struct *ndpi_ static void ndpi_int_kerberos_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KERBEROS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KERBEROS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); NDPI_LOG_DBG(ndpi_struct, "trace KERBEROS\n"); } diff --git a/src/lib/protocols/kontiki.c b/src/lib/protocols/kontiki.c index 4bd22f1d4..c9822f4bf 100644 --- a/src/lib/protocols/kontiki.c +++ b/src/lib/protocols/kontiki.c @@ -33,7 +33,7 @@ static void ndpi_int_kontiki_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KONTIKI, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KONTIKI, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); NDPI_LOG_INFO(ndpi_struct, "found Kontiki UDP\n"); } diff --git a/src/lib/protocols/ldap.c b/src/lib/protocols/ldap.c index f5ab310d6..ae58fd71e 100644 --- a/src/lib/protocols/ldap.c +++ b/src/lib/protocols/ldap.c @@ -32,7 +32,7 @@ static void ndpi_int_ldap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LDAP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LDAP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index d8911e829..403355772 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -32,7 +32,7 @@ static void ndpi_int_lisp_add_connection(struct ndpi_detection_module_struct *nd u_int8_t due_to_correlation) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LISP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LISP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/lotus_notes.c b/src/lib/protocols/lotus_notes.c index 3bc2f8817..ff5c9cf71 100644 --- a/src/lib/protocols/lotus_notes.c +++ b/src/lib/protocols/lotus_notes.c @@ -47,7 +47,7 @@ static void ndpi_check_lotus_notes(struct ndpi_detection_module_struct *ndpi_str if(memcmp(&packet->payload[6], lotus_notes_header, sizeof(lotus_notes_header)) == 0) { NDPI_LOG_INFO(ndpi_struct, "found lotus_notes\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LOTUS_NOTES, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LOTUS_NOTES, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } return; } diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c index 7391bb04a..12d652ecb 100644 --- a/src/lib/protocols/mail_imap.c +++ b/src/lib/protocols/mail_imap.c @@ -30,9 +30,10 @@ /* #define IMAP_DEBUG 1*/ -static void ndpi_int_mail_imap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { +static void ndpi_int_mail_imap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, + u_int16_t protocol) { flow->guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; /* Avoid IMAPS to be used s sub-protocol */ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_IMAP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -155,7 +156,7 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, && (packet->payload[command_start + 7] == 'S' || packet->payload[command_start + 7] == 's')) { flow->l4.tcp.mail_imap_stage += 1; flow->l4.tcp.mail_imap_starttls = 1; - flow->detected_protocol_stack[0] = NDPI_PROTOCOL_MAIL_IMAPS; + ndpi_int_mail_imap_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_IMAPS); saw_command = 1; } } @@ -240,7 +241,7 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, /* Authenticate phase may have multiple messages. Ignore them since they are somehow encrypted anyway. */ flow->l4.tcp.mail_imap_starttls = 2; - flow->detected_protocol_stack[0] = NDPI_PROTOCOL_MAIL_IMAPS; + ndpi_int_mail_imap_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_IMAPS); saw_command = 1; } } @@ -323,7 +324,7 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, if((flow->l4.tcp.ftp_imap_pop_smtp.username[0] != '\0') || (flow->l4.tcp.mail_imap_stage >= 7)) { NDPI_LOG_INFO(ndpi_struct, "found MAIL_IMAP\n"); - ndpi_int_mail_imap_add_connection(ndpi_struct, flow); + ndpi_int_mail_imap_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_IMAP); } return; diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c index 7ef6d829a..2dca5d39b 100644 --- a/src/lib/protocols/mail_pop.c +++ b/src/lib/protocols/mail_pop.c @@ -47,7 +47,7 @@ static void ndpi_int_mail_pop_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { flow->guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; /* Avoid POP3S to be used s sub-protocol */ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_POP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_POP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /* **************************************** */ diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 757b20627..9d183976f 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -57,7 +57,7 @@ static void ndpi_int_mail_smtp_add_connection(struct ndpi_detection_module_struc flow->guessed_protocol_id = NDPI_PROTOCOL_MAIL_SMTP; /* Avoid SMTPS to be used s sub-protocol */ ndpi_set_detected_protocol(ndpi_struct, flow, - NDPI_PROTOCOL_MAIL_SMTP, NDPI_PROTOCOL_UNKNOWN); + NDPI_PROTOCOL_MAIL_SMTP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /* **************************************** */ diff --git a/src/lib/protocols/maplestory.c b/src/lib/protocols/maplestory.c index 23ae4f2be..1f119ce5f 100644 --- a/src/lib/protocols/maplestory.c +++ b/src/lib/protocols/maplestory.c @@ -30,7 +30,7 @@ static void ndpi_int_maplestory_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAPLESTORY, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAPLESTORY, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/megaco.c b/src/lib/protocols/megaco.c index ed95d5b48..8c6f0a347 100644 --- a/src/lib/protocols/megaco.c +++ b/src/lib/protocols/megaco.c @@ -40,7 +40,7 @@ void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, packet->payload[5] == 'O' && packet->payload[6] == '/' && packet->payload[7] == '1' && packet->payload[8] == ' ' && packet->payload[9] == '[')) { NDPI_LOG_INFO(ndpi_struct, "found MEGACO\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MEGACO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MEGACO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/memcached.c b/src/lib/protocols/memcached.c index d370e42d1..6c8514f76 100644 --- a/src/lib/protocols/memcached.c +++ b/src/lib/protocols/memcached.c @@ -96,7 +96,7 @@ static void ndpi_int_memcached_add_connection(struct ndpi_detection_module_struc { NDPI_LOG_INFO(ndpi_struct, "found memcached\n"); ndpi_set_detected_protocol(ndpi_struct, flow, - NDPI_PROTOCOL_MEMCACHED, NDPI_PROTOCOL_UNKNOWN); + NDPI_PROTOCOL_MEMCACHED, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_memcached( diff --git a/src/lib/protocols/mgcp.c b/src/lib/protocols/mgcp.c index 566dc868a..85c6acf86 100644 --- a/src/lib/protocols/mgcp.c +++ b/src/lib/protocols/mgcp.c @@ -30,7 +30,7 @@ static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MGCP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MGCP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/mining.c b/src/lib/protocols/mining.c index ac08f2276..7d1f32e67 100644 --- a/src/lib/protocols/mining.c +++ b/src/lib/protocols/mining.c @@ -61,7 +61,7 @@ void ndpi_search_mining_udp(struct ndpi_detection_module_struct *ndpi_struct, ; else { snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); if(packet->iph) /* TODO: ipv6 */ cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; @@ -97,7 +97,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, if((*to_match == magic) || (*to_match == magic1)) { snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); if(packet->iph) /* TODO: ipv6 */ cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; @@ -110,7 +110,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(isEthPort(ntohs(packet->tcp->dest)) /* Ethereum port */) { snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); if(packet->iph) /* TODO: ipv6 */ cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; @@ -131,7 +131,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, {"worker": "", "jsonrpc": "2.0", "params": [], "id": 3, "method": "eth_getWork"} */ snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); if(packet->iph) /* TODO: ipv6 */ cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; @@ -155,7 +155,7 @@ void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_struct, {"method":"submit","params":{"id":"479059546883218","job_id":"722134174127131","nonce":"98024001","result":"c9be9381a68d533c059d614d961e0534d7d8785dd5c339c2f9596eb95f320100"},"id":1} */ snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ZCash/Monero"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); if(packet->iph) /* TODO: ipv6 */ cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr); return; diff --git a/src/lib/protocols/modbus.c b/src/lib/protocols/modbus.c index cd6d55dec..867bfa166 100644 --- a/src/lib/protocols/modbus.c +++ b/src/lib/protocols/modbus.c @@ -47,7 +47,7 @@ void ndpi_search_modbus_tcp(struct ndpi_detection_module_struct *ndpi_struct, // the fourth parameter of the payload is the length of the segment if((modbus_len-1) == (packet->payload_packet_len - 7 /* ModbusTCP header len */)) { NDPI_LOG_INFO(ndpi_struct, "found MODBUS\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MODBUS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MODBUS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/mongodb.c b/src/lib/protocols/mongodb.c index 70d841709..09e4662d8 100644 --- a/src/lib/protocols/mongodb.c +++ b/src/lib/protocols/mongodb.c @@ -56,7 +56,7 @@ static void set_mongodb_detected(struct ndpi_detection_module_struct *ndpi_struc /* If no custom protocol has been detected */ /* if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ ndpi_int_reset_protocol(flow); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MONGODB, flow->guessed_host_protocol_id); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MONGODB, flow->guessed_host_protocol_id, NDPI_CONFIDENCE_DPI); } } diff --git a/src/lib/protocols/mpegts.c b/src/lib/protocols/mpegts.c index 1cfe64c9a..2a46ea4fa 100644 --- a/src/lib/protocols/mpegts.c +++ b/src/lib/protocols/mpegts.c @@ -42,7 +42,7 @@ void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct /* This looks MPEG TS */ NDPI_LOG_INFO(ndpi_struct, "found MPEGTS\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MPEGTS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MPEGTS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c index 58bb2fb1c..23bb72cd8 100644 --- a/src/lib/protocols/mqtt.c +++ b/src/lib/protocols/mqtt.c @@ -55,7 +55,7 @@ enum MQTT_PACKET_TYPES { static void ndpi_int_mqtt_add_connection (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_MQTT,NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_MQTT,NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); NDPI_LOG_INFO(ndpi_struct, "found Mqtt\n"); } diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c index 749a81117..5962c7724 100644 --- a/src/lib/protocols/mssql_tds.c +++ b/src/lib/protocols/mssql_tds.c @@ -41,7 +41,7 @@ struct tds_packet_header { static void ndpi_int_mssql_tds_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MSSQL_TDS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MSSQL_TDS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/mysql.c b/src/lib/protocols/mysql.c index df3fd831b..2d3a9b153 100644 --- a/src/lib/protocols/mysql.c +++ b/src/lib/protocols/mysql.c @@ -54,7 +54,7 @@ void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, str && get_u_int32_t(packet->payload, a + 27) == 0x0 // filler bytes && get_u_int8_t(packet->payload, a + 31) == 0x0) { NDPI_LOG_INFO(ndpi_struct, "found MySQL\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MYSQL, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MYSQL, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } @@ -65,7 +65,7 @@ void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, str if(strncmp((const char*)&packet->payload[packet->payload_packet_len-22], "mysql_", 6) == 0) { NDPI_LOG_INFO(ndpi_struct, "found MySQL\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MYSQL, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MYSQL, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } #endif diff --git a/src/lib/protocols/nats.c b/src/lib/protocols/nats.c index d93c11b76..5d39dfd21 100644 --- a/src/lib/protocols/nats.c +++ b/src/lib/protocols/nats.c @@ -64,7 +64,7 @@ void ndpi_search_nats_tcp(struct ndpi_detection_module_struct *ndpi_struct, packet->payload_packet_len - ((size_t)match - (size_t)packet->payload)) != NULL) { NDPI_LOG_INFO(ndpi_struct, "found NATS\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NATS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NATS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/nest_log_sink.c b/src/lib/protocols/nest_log_sink.c index 2763de4e6..2f6a9f7a9 100644 --- a/src/lib/protocols/nest_log_sink.c +++ b/src/lib/protocols/nest_log_sink.c @@ -59,7 +59,7 @@ void ndpi_search_nest_log_sink( if (flow->l4.tcp.nest_log_sink_matches == NEST_LOG_SINK_MIN_MATCH) { NDPI_LOG_INFO(ndpi_struct, "found nest_log_sink\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NEST_LOG_SINK, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NEST_LOG_SINK, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } } diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index 23780c0a4..851739001 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -108,9 +108,9 @@ static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct } if(sub_protocol == NDPI_PROTOCOL_UNKNOWN) - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NETBIOS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NETBIOS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); else - ndpi_set_detected_protocol(ndpi_struct, flow, sub_protocol, NDPI_PROTOCOL_NETBIOS); + ndpi_set_detected_protocol(ndpi_struct, flow, sub_protocol, NDPI_PROTOCOL_NETBIOS, NDPI_CONFIDENCE_DPI); } /* ****************************************************************** */ diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c index ba1ff90ac..963741c18 100644 --- a/src/lib/protocols/netflow.c +++ b/src/lib/protocols/netflow.c @@ -174,7 +174,7 @@ void ndpi_search_netflow(struct ndpi_detection_module_struct *ndpi_struct, struc if(((version == 1) && (when == 0)) || ((when >= 946684800 /* 1/1/2000 */) && (when <= (u_int32_t)now))) { NDPI_LOG_INFO(ndpi_struct, "found netflow\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NETFLOW, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NETFLOW, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } else diff --git a/src/lib/protocols/nfs.c b/src/lib/protocols/nfs.c index 9162823b7..fefd15997 100644 --- a/src/lib/protocols/nfs.c +++ b/src/lib/protocols/nfs.c @@ -33,7 +33,7 @@ static void ndpi_int_nfs_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NFS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NFS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_nfs(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/nintendo.c b/src/lib/protocols/nintendo.c index a859b47df..b81fc61a2 100644 --- a/src/lib/protocols/nintendo.c +++ b/src/lib/protocols/nintendo.c @@ -30,7 +30,7 @@ static void ndpi_int_nintendo_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t due_to_correlation) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/noe.c b/src/lib/protocols/noe.c index 66d7cd7ae..e1d2a0ede 100644 --- a/src/lib/protocols/noe.c +++ b/src/lib/protocols/noe.c @@ -32,7 +32,7 @@ static void ndpi_int_noe_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NOE, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NOE, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); NDPI_LOG_INFO(ndpi_struct, "found noe\n"); } diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c index 1f71b2b72..8d078731b 100644 --- a/src/lib/protocols/non_tcp_udp.c +++ b/src/lib/protocols/non_tcp_udp.c @@ -32,7 +32,7 @@ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask,nprot) != 0) \ { \ ndpi_set_detected_protocol(ndpi_struct, flow, \ - nprot, NDPI_PROTOCOL_UNKNOWN); \ + nprot, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); \ } \ } diff --git a/src/lib/protocols/ntp.c b/src/lib/protocols/ntp.c index 0eda5bdea..e67638cbf 100644 --- a/src/lib/protocols/ntp.c +++ b/src/lib/protocols/ntp.c @@ -31,7 +31,7 @@ static void ndpi_int_ntp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NTP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NTP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_ntp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/ookla.c b/src/lib/protocols/ookla.c index 3b2dcbbd8..968f3e1c8 100644 --- a/src/lib/protocols/ookla.c +++ b/src/lib/protocols/ookla.c @@ -54,7 +54,7 @@ void ndpi_search_ookla(struct ndpi_detection_module_struct* ndpi_struct, struct && (packet->payload[0] == 0x48) /* HI\n */ && (packet->payload[1] == 0x49) && (packet->payload[2] == 0x0A)) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); if(ndpi_struct->ookla_cache == NULL) ndpi_struct->ookla_cache = ndpi_lru_cache_init(1024); @@ -84,7 +84,7 @@ void ndpi_search_ookla(struct ndpi_detection_module_struct* ndpi_struct, struct if(ndpi_lru_find_cache(ndpi_struct->ookla_cache, h, &dummy, 0 /* Don't remove it as it can be used for other connections */)) { NDPI_LOG_INFO(ndpi_struct, "found ookla tcp connection\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_CACHE); #ifdef OOKLA_DEBUG printf("=>>>>> Found %u\n", h); #endif @@ -117,7 +117,7 @@ void ndpi_search_ookla(struct ndpi_detection_module_struct* ndpi_struct, struct if(ndpi_lru_find_cache(ndpi_struct->ookla_cache, addr, &dummy, 0 /* Don't remove it as it can be used for other connections */)) { NDPI_LOG_INFO(ndpi_struct, "found ookla tcp connection\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_CACHE); #ifdef OOKLA_DEBUG printf("=>>>>> Found %u\n", addr); #endif diff --git a/src/lib/protocols/openft.c b/src/lib/protocols/openft.c index c540d09e1..52d18c7c7 100644 --- a/src/lib/protocols/openft.c +++ b/src/lib/protocols/openft.c @@ -31,7 +31,7 @@ static void ndpi_int_openft_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OPENFT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OPENFT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_openft_tcp(struct ndpi_detection_module_struct diff --git a/src/lib/protocols/openvpn.c b/src/lib/protocols/openvpn.c index 7105215a1..cae343a06 100644 --- a/src/lib/protocols/openvpn.c +++ b/src/lib/protocols/openvpn.c @@ -115,7 +115,7 @@ void ndpi_search_openvpn(struct ndpi_detection_module_struct* ndpi_struct, && ((opcode == 184) || (opcode == 88) || (opcode == 160) || (opcode == 168) || (opcode == 200))) )) { NDPI_LOG_INFO(ndpi_struct,"found openvpn\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OPENVPN, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OPENVPN, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } @@ -148,7 +148,7 @@ void ndpi_search_openvpn(struct ndpi_detection_module_struct* ndpi_struct, if(memcmp(flow->ovpn_session_id, session_remote, 8) == 0) { NDPI_LOG_INFO(ndpi_struct,"found openvpn\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OPENVPN, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OPENVPN, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } else { NDPI_LOG_DBG2(ndpi_struct, diff --git a/src/lib/protocols/oracle.c b/src/lib/protocols/oracle.c index bd04922bc..2b8307676 100644 --- a/src/lib/protocols/oracle.c +++ b/src/lib/protocols/oracle.c @@ -28,7 +28,7 @@ static void ndpi_int_oracle_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ORACLE, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ORACLE, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c index 92ad3e89e..43645daf7 100644 --- a/src/lib/protocols/postgres.c +++ b/src/lib/protocols/postgres.c @@ -33,7 +33,7 @@ static void ndpi_int_postgres_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_POSTGRES, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_POSTGRES, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c index 7db639597..069991feb 100644 --- a/src/lib/protocols/ppstream.c +++ b/src/lib/protocols/ppstream.c @@ -33,7 +33,7 @@ static void ndpi_int_ppstream_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); NDPI_LOG_INFO(ndpi_struct, "found PPStream over UDP\n"); } diff --git a/src/lib/protocols/pptp.c b/src/lib/protocols/pptp.c index 8d7e2e915..083bdb337 100644 --- a/src/lib/protocols/pptp.c +++ b/src/lib/protocols/pptp.c @@ -31,7 +31,7 @@ static void ndpi_int_pptp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPTP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPTP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_pptp(struct ndpi_detection_module_struct diff --git a/src/lib/protocols/qq.c b/src/lib/protocols/qq.c index 76f34a241..6d7396156 100644 --- a/src/lib/protocols/qq.c +++ b/src/lib/protocols/qq.c @@ -33,7 +33,7 @@ static void ndpi_int_qq_add_connection(struct ndpi_detection_module_struct *ndpi struct ndpi_flow_struct *flow/* , */ /* ndpi_protocol_type_t protocol_type */) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 81cd95d39..7468cd398 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1342,7 +1342,7 @@ static void process_tls(struct ndpi_detection_module_struct *ndpi_struct, if(flow->protos.tls_quic.alpn && strncmp(flow->protos.tls_quic.alpn, "doq", 3) == 0) { NDPI_LOG_DBG(ndpi_struct, "Found DOQ (ALPN: [%s])\n", flow->protos.tls_quic.alpn); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_QUIC); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_QUIC, NDPI_CONFIDENCE_DPI); } } static void process_chlo(struct ndpi_detection_module_struct *ndpi_struct, @@ -1594,7 +1594,7 @@ static int ndpi_search_quic_extra(struct ndpi_detection_module_struct *ndpi_stru packet->payload[1] == 200 || /* RTCP, Sender Report */ is_valid_rtp_payload_type(packet->payload[1] & 0x7F)) /* RTP */) { NDPI_LOG_DBG(ndpi_struct, "Found RTP/RTCP over QUIC\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNAPCHAT_CALL, NDPI_PROTOCOL_QUIC); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNAPCHAT_CALL, NDPI_PROTOCOL_QUIC, NDPI_CONFIDENCE_DPI); } else { /* Unexpected traffic pattern: we should investigate it... */ NDPI_LOG_INFO(ndpi_struct, "To investigate...\n"); @@ -1638,7 +1638,7 @@ static void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, */ NDPI_LOG_INFO(ndpi_struct, "found QUIC\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); /* * 3) Skip not supported versions diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c index 162b242ae..b1115e6d8 100644 --- a/src/lib/protocols/radius.c +++ b/src/lib/protocols/radius.c @@ -56,7 +56,7 @@ static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct, && (h->code <= 13) && (ntohs(h->len) == payload_len)) { NDPI_LOG_INFO(ndpi_struct, "Found radius\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RADIUS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RADIUS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } diff --git a/src/lib/protocols/rdp.c b/src/lib/protocols/rdp.c index 23f96f4f9..ec4e6a4a5 100644 --- a/src/lib/protocols/rdp.c +++ b/src/lib/protocols/rdp.c @@ -33,7 +33,7 @@ static void ndpi_int_rdp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RDP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RDP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/redis_net.c b/src/lib/protocols/redis_net.c index 9dd5b31de..609ab70e9 100644 --- a/src/lib/protocols/redis_net.c +++ b/src/lib/protocols/redis_net.c @@ -26,7 +26,7 @@ static void ndpi_int_redis_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_REDIS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_REDIS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/rsync.c b/src/lib/protocols/rsync.c index 978cc42e0..769c56d5e 100644 --- a/src/lib/protocols/rsync.c +++ b/src/lib/protocols/rsync.c @@ -28,7 +28,7 @@ static void ndpi_int_rsync_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RSYNC, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RSYNC, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c index 253402955..d38a5ccb5 100644 --- a/src/lib/protocols/rtcp.c +++ b/src/lib/protocols/rtcp.c @@ -14,7 +14,7 @@ static void ndpi_int_rtcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTCP, - NDPI_PROTOCOL_UNKNOWN); + NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/rtmp.c b/src/lib/protocols/rtmp.c index 80d92f151..0b92ca7fa 100644 --- a/src/lib/protocols/rtmp.c +++ b/src/lib/protocols/rtmp.c @@ -32,7 +32,7 @@ static void ndpi_int_rtmp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTMP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTMP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static void ndpi_check_rtmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index b63e5724e..7c2eafd92 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -102,14 +102,14 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, ) ) { NDPI_LOG_INFO(ndpi_struct, "Found RTP\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } else if((payload_len >= 12) && (((payload[0] & 0xFF) == 0x80) || ((payload[0] & 0xFF) == 0xA0)) /* RTP magic byte[1] */ && (payloadType = isValidMSRTPType(payload[1] & 0xFF))) { if(payloadType == 1 /* RTP */) { NDPI_LOG_INFO(ndpi_struct, "Found Skype for Business (former MS Lync)\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } @@ -149,7 +149,7 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd static void ndpi_int_rtp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /* diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index 23be7504e..9592d1db5 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -33,7 +33,7 @@ static void ndpi_int_rtsp_add_connection(struct ndpi_detection_module_struct *nd struct ndpi_flow_struct *flow/* , */ /* ndpi_protocol_type_t protocol_type */) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /* this function searches for a rtsp-"handshake" over tcp or udp. */ diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index 7aa2e009a..e5bc70c5d 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -187,7 +187,7 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, flow->l4.udp.rx_conn_id == header->conn_id) { NDPI_LOG_INFO(ndpi_struct, "found RX\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RX, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RX, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /* https://www.central.org/frameless/numbers/rxservice.html. */ else @@ -200,7 +200,7 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, flow->l4.udp.rx_conn_id = header->conn_id; { NDPI_LOG_INFO(ndpi_struct, "found RX\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RX, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RX, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } } } diff --git a/src/lib/protocols/s7comm.c b/src/lib/protocols/s7comm.c index 81579b98b..f92e1b351 100644 --- a/src/lib/protocols/s7comm.c +++ b/src/lib/protocols/s7comm.c @@ -33,7 +33,7 @@ void ndpi_search_s7comm_tcp(struct ndpi_detection_module_struct *ndpi_struct, if((packet->payload_packet_len >= 2) && (packet->payload[0]==0x03)&&(packet->payload[1]==0x00)&&((packet->tcp->dest == s7comm_port) || (packet->tcp->source == s7comm_port))) {
NDPI_LOG_INFO(ndpi_struct, "found S7\n");
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM, NDPI_PROTOCOL_UNKNOWN);
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_S7COMM, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
return;
diff --git a/src/lib/protocols/sflow.c b/src/lib/protocols/sflow.c index 3a9f03bec..7151e6ad7 100644 --- a/src/lib/protocols/sflow.c +++ b/src/lib/protocols/sflow.c @@ -38,7 +38,7 @@ void ndpi_search_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct && (packet->payload[0] == 0) && (packet->payload[1] == 0) && (packet->payload[2] == 0) && ((packet->payload[3] == 2) || (packet->payload[3] == 5))) { NDPI_LOG_INFO(ndpi_struct, "found sflow\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SFLOW, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SFLOW, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } diff --git a/src/lib/protocols/shoutcast.c b/src/lib/protocols/shoutcast.c index 0c434c0f1..4a9f282d8 100644 --- a/src/lib/protocols/shoutcast.c +++ b/src/lib/protocols/shoutcast.c @@ -31,7 +31,7 @@ static void ndpi_int_shoutcast_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SHOUTCAST, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SHOUTCAST, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 688156590..ad9c65a68 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -31,7 +31,7 @@ static void ndpi_int_sip_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t due_to_correlation) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SIP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SIP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } #if !defined(WIN32) diff --git a/src/lib/protocols/skinny.c b/src/lib/protocols/skinny.c index 23a3b32c3..9a0d23d21 100644 --- a/src/lib/protocols/skinny.c +++ b/src/lib/protocols/skinny.c @@ -27,7 +27,7 @@ static void ndpi_int_skinny_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKINNY, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKINNY, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_skinny(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index f5ed59d2b..aa9dfd32f 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -54,7 +54,7 @@ static int ndpi_check_skype_udp_again(struct ndpi_detection_module_struct *ndpi_ } if (detected) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); flow->extra_packets_func = NULL; /* Stop checking extra packets */ @@ -107,9 +107,9 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s && (packet->payload[2] == 0x02))) { if(is_port(sport, dport, 8801)) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZOOM, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZOOM, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } else if (payload_len >= 16 && packet->payload[0] != 0x01) /* Avoid invalid Cisco HSRP detection / RADIUS */ { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_CALL, NDPI_PROTOCOL_SKYPE_TEAMS); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_CALL, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_CONFIDENCE_DPI); } } @@ -159,7 +159,7 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s /* printf("[SKYPE] %u/%u\n", ntohs(packet->tcp->source), ntohs(packet->tcp->dest)); */ NDPI_LOG_INFO(ndpi_struct, "found skype\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS_CALL, NDPI_PROTOCOL_SKYPE_TEAMS); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE_TEAMS_CALL, NDPI_PROTOCOL_SKYPE_TEAMS, NDPI_CONFIDENCE_DPI); } else { // printf("NO [SKYPE] payload_len=%u\n", payload_len); } diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c index af1741790..ae18816eb 100644 --- a/src/lib/protocols/smb.c +++ b/src/lib/protocols/smb.c @@ -45,11 +45,11 @@ void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if(memcmp(&packet->payload[4], smbv1, sizeof(smbv1)) == 0) { if(packet->payload[8] != 0x72) /* Skip Negotiate request */ { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV1, NDPI_PROTOCOL_NETBIOS); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV1, NDPI_PROTOCOL_NETBIOS, NDPI_CONFIDENCE_DPI); ndpi_set_risk(ndpi_struct, flow, NDPI_SMB_INSECURE_VERSION); } } else - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV23, NDPI_PROTOCOL_NETBIOS); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMBV23, NDPI_PROTOCOL_NETBIOS, NDPI_CONFIDENCE_DPI); return; } diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c index 3a05cc48a..e4ab8f93f 100644 --- a/src/lib/protocols/smpp.c +++ b/src/lib/protocols/smpp.c @@ -30,7 +30,7 @@ static void ndpi_int_smpp_add_connection(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMPP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMPP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static u_int8_t ndpi_check_overflow(u_int32_t current_length, u_int32_t total_lenth) diff --git a/src/lib/protocols/snmp_proto.c b/src/lib/protocols/snmp_proto.c index ac6db42b8..6ad2c4d24 100644 --- a/src/lib/protocols/snmp_proto.c +++ b/src/lib/protocols/snmp_proto.c @@ -27,7 +27,7 @@ static void ndpi_int_snmp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNMP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNMP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/soap.c b/src/lib/protocols/soap.c index 6ae0bdae3..da8d10fef 100644 --- a/src/lib/protocols/soap.c +++ b/src/lib/protocols/soap.c @@ -27,7 +27,7 @@ static void ndpi_int_soap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOAP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOAP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_soap(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c index 1ccc2e654..e4f4e7ff6 100644 --- a/src/lib/protocols/socks45.c +++ b/src/lib/protocols/socks45.c @@ -31,7 +31,7 @@ static void ndpi_int_socks_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOCKS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOCKS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c index 5ac2a4f4b..50a823ec0 100644 --- a/src/lib/protocols/someip.c +++ b/src/lib/protocols/someip.c @@ -83,7 +83,7 @@ enum DEFAULT_PROTOCOL_PORTS{ static void ndpi_int_someip_add_connection (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_SOMEIP,NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_SOMEIP,NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); NDPI_LOG_INFO(ndpi_struct, "found SOME/IP\n"); } diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index a47211a52..b4f36ef94 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -32,7 +32,7 @@ static void ndpi_int_sopcast_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOPCAST, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOPCAST, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /** diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c index 6e5efb36e..f5038f5d7 100644 --- a/src/lib/protocols/spotify.c +++ b/src/lib/protocols/spotify.c @@ -32,7 +32,7 @@ static void ndpi_int_spotify_add_connection(struct ndpi_detection_module_struct struct ndpi_flow_struct *flow, u_int8_t due_to_correlation) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } @@ -62,7 +62,7 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, packet->payload[6] == 0x52 && (packet->payload[7] == 0x0e || packet->payload[7] == 0x0f) && packet->payload[8] == 0x50 ) { NDPI_LOG_INFO(ndpi_struct, "found spotify tcp dissector\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_UNKNOWN); + ndpi_int_spotify_add_connection(ndpi_struct, flow, 0); } @@ -109,7 +109,7 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, || dst_addr_masked_24 == 0xC284A200 /* 194.132.162.0 */ ) { NDPI_LOG_INFO(ndpi_struct, "found spotify via ip range\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_UNKNOWN); + ndpi_int_spotify_add_connection(ndpi_struct, flow, 0); return; } } diff --git a/src/lib/protocols/ssdp.c b/src/lib/protocols/ssdp.c index c8a790a5a..92354b27a 100644 --- a/src/lib/protocols/ssdp.c +++ b/src/lib/protocols/ssdp.c @@ -32,7 +32,7 @@ static void ndpi_int_ssdp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSDP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSDP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /* this detection also works asymmetrically */ diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 9f77a3fb4..714faf5cb 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -212,7 +212,7 @@ static void ndpi_int_ssh_add_connection(struct ndpi_detection_module_struct flow->max_extra_packets_to_check = 12; flow->extra_packets_func = search_ssh_again; - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSH, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSH, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /* ************************************************************************ */ diff --git a/src/lib/protocols/starcraft.c b/src/lib/protocols/starcraft.c index edd94dd71..0a761fb4c 100644 --- a/src/lib/protocols/starcraft.c +++ b/src/lib/protocols/starcraft.c @@ -126,7 +126,7 @@ void ndpi_search_starcraft(struct ndpi_detection_module_struct* ndpi_struct, str result = ndpi_check_starcraft_udp(ndpi_struct, flow); if (result == 1) { NDPI_LOG_INFO(ndpi_struct, "Found Starcraft 2 [Game, UDP]\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STARCRAFT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STARCRAFT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } @@ -134,7 +134,7 @@ void ndpi_search_starcraft(struct ndpi_detection_module_struct* ndpi_struct, str result = ndpi_check_starcraft_tcp(ndpi_struct, flow); if (result == 1) { NDPI_LOG_INFO(ndpi_struct, "Found Starcraft 2 [Client, TCP]\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STARCRAFT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STARCRAFT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/stealthnet.c b/src/lib/protocols/stealthnet.c index 587ce2edf..cba9cbf30 100644 --- a/src/lib/protocols/stealthnet.c +++ b/src/lib/protocols/stealthnet.c @@ -32,7 +32,7 @@ static void ndpi_int_stealthnet_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STEALTHNET, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STEALTHNET, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_stealthnet(struct ndpi_detection_module_struct diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c index 48cb5df90..5d35260a6 100644 --- a/src/lib/protocols/steam.c +++ b/src/lib/protocols/steam.c @@ -31,7 +31,7 @@ #include "ndpi_api.h" static void ndpi_int_steam_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } static void ndpi_check_steam_http(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 722db1695..38df16146 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -53,6 +53,7 @@ void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_stru struct ndpi_flow_struct *flow, u_int proto, u_int app_proto) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; + ndpi_confidence_t confidence = NDPI_CONFIDENCE_DPI; if(ndpi_struct->stun_cache == NULL) ndpi_struct->stun_cache = ndpi_lru_cache_init(1024); @@ -71,6 +72,7 @@ void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_stru printf("[LRU] FOUND %u / %u: no need to cache %u.%u\n", key, cached_proto, proto, app_proto); #endif app_proto = cached_proto, proto = NDPI_PROTOCOL_STUN; + confidence = NDPI_CONFIDENCE_DPI_CACHE; } else { u_int32_t key_rev = get_stun_lru_key(packet, 1); @@ -80,6 +82,7 @@ void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_stru printf("[LRU] FOUND %u / %u: no need to cache %u.%u\n", key_rev, cached_proto, proto, app_proto); #endif app_proto = cached_proto, proto = NDPI_PROTOCOL_STUN; + confidence = NDPI_CONFIDENCE_DPI_CACHE; } else { if(app_proto != NDPI_PROTOCOL_STUN) { /* No sense to add STUN, but only subprotocols */ @@ -101,7 +104,7 @@ void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_stru } } - ndpi_set_detected_protocol(ndpi_struct, flow, app_proto, proto); + ndpi_set_detected_protocol(ndpi_struct, flow, app_proto, proto, confidence); } typedef enum { diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c index 8e42d0549..9722c92a0 100644 --- a/src/lib/protocols/syslog.c +++ b/src/lib/protocols/syslog.c @@ -31,7 +31,7 @@ static void ndpi_int_syslog_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SYSLOG, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SYSLOG, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_syslog(struct ndpi_detection_module_struct diff --git a/src/lib/protocols/targus_getdata.c b/src/lib/protocols/targus_getdata.c index acaa4f6a2..c096e481a 100644 --- a/src/lib/protocols/targus_getdata.c +++ b/src/lib/protocols/targus_getdata.c @@ -45,7 +45,7 @@ static void ndpi_check_targus_getdata(struct ndpi_detection_module_struct *ndpi_ || (packet->udp->source == complex_link_port)))) { NDPI_LOG_INFO(ndpi_struct, "found targus getdata used for speedtest\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TARGUS_GETDATA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TARGUS_GETDATA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index 0daf596d7..03965d1c2 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -61,7 +61,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st return; if(ndpi_is_tor_flow(ndpi_struct, flow)) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } @@ -79,6 +79,6 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st sport, dport); if(proto != NDPI_PROTOCOL_UNKNOWN) - ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_MATCH_BY_PORT); } } diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c index 8f6cdc7ba..27512ce48 100644 --- a/src/lib/protocols/teamspeak.c +++ b/src/lib/protocols/teamspeak.c @@ -26,7 +26,7 @@ static void ndpi_int_teamspeak_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEAMSPEAK, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEAMSPEAK, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c index fb5707ae4..9c602a55e 100644 --- a/src/lib/protocols/teamviewer.c +++ b/src/lib/protocols/teamviewer.c @@ -32,7 +32,7 @@ static void ndpi_int_teamview_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEAMVIEWER, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEAMVIEWER, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); NDPI_LOG_INFO(ndpi_struct, "found teamwiewer\n"); } diff --git a/src/lib/protocols/telegram.c b/src/lib/protocols/telegram.c index 8c339e5f7..d4f660374 100644 --- a/src/lib/protocols/telegram.c +++ b/src/lib/protocols/telegram.c @@ -31,7 +31,7 @@ static void ndpi_int_telegram_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); NDPI_LOG_INFO(ndpi_struct, "found telegram\n"); } diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index 7ad868176..4eec7d0b3 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -118,7 +118,7 @@ static void ndpi_int_telnet_add_connection(struct ndpi_detection_module_struct flow->max_extra_packets_to_check = 64; flow->extra_packets_func = search_telnet_again; - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TELNET, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TELNET, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /* ************************************************************************ */ diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c index 66081ef07..4f75d300d 100644 --- a/src/lib/protocols/teredo.c +++ b/src/lib/protocols/teredo.c @@ -36,7 +36,7 @@ void ndpi_search_teredo(struct ndpi_detection_module_struct *ndpi_struct, struct && ((ntohs(packet->udp->source) == 3544) || (ntohs(packet->udp->dest) == 3544)) && (packet->payload_packet_len >= 40 /* IPv6 header */)) { NDPI_LOG_INFO(ndpi_struct,"found teredo\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEREDO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEREDO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/tftp.c b/src/lib/protocols/tftp.c index 18d5b3024..2bf368cbe 100644 --- a/src/lib/protocols/tftp.c +++ b/src/lib/protocols/tftp.c @@ -33,7 +33,7 @@ static void ndpi_int_tftp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TFTP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TFTP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_tftp(struct ndpi_detection_module_struct diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index 6bd32909a..7b5625511 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -32,7 +32,7 @@ static void ndpi_int_thunder_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_THUNDER, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_THUNDER, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index b4564a191..398e5dbf1 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -55,7 +55,7 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st /* cache_free(ndpi_struct->tinc_cache); */ NDPI_LOG_INFO(ndpi_struct, "found tinc udp connection\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_CACHE); } } @@ -114,7 +114,7 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st cache_add(ndpi_struct->tinc_cache, &(flow->tinc_cache_entry), sizeof(flow->tinc_cache_entry)); NDPI_LOG_INFO(ndpi_struct, "found tinc tcp connection\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } return; } diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 925efa7e3..622fa678f 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -301,11 +301,9 @@ static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct if(ndpi_lru_find_cache(ndpi_struct->tls_cert_cache, key, &cached_proto, 0 /* Don't remove it as it can be used for other connections */)) { - ndpi_protocol ret = { NDPI_PROTOCOL_TLS, cached_proto, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED }; - - flow->detected_protocol_stack[0] = cached_proto, - flow->detected_protocol_stack[1] = NDPI_PROTOCOL_TLS; + ndpi_protocol ret = { NDPI_PROTOCOL_TLS, cached_proto, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED}; + ndpi_set_detected_protocol(ndpi_struct, flow, cached_proto, NDPI_PROTOCOL_TLS, NDPI_CONFIDENCE_DPI_CACHE); flow->category = ndpi_get_proto_category(ndpi_struct, ret); ndpi_check_subprotocol_risk(ndpi_struct, flow, cached_proto); } @@ -637,9 +635,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi u_int16_t proto_id = (u_int16_t)val; ndpi_protocol ret = { NDPI_PROTOCOL_TLS, proto_id, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED}; - flow->detected_protocol_stack[0] = proto_id, - flow->detected_protocol_stack[1] = NDPI_PROTOCOL_TLS; - + ndpi_set_detected_protocol(ndpi_struct, flow, proto_id, NDPI_PROTOCOL_TLS, NDPI_CONFIDENCE_DPI); flow->category = ndpi_get_proto_category(ndpi_struct, ret); ndpi_check_subprotocol_risk(ndpi_struct, flow, proto_id); @@ -848,7 +844,7 @@ static int processTLSBlock(struct ndpi_detection_module_struct *ndpi_struct, static void ndpi_looks_like_tls(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - // ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TLS, NDPI_PROTOCOL_UNKNOWN); + // ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TLS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); if(flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) flow->guessed_protocol_id = NDPI_PROTOCOL_TLS; @@ -1179,7 +1175,7 @@ static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndp else protocol = ndpi_tls_refine_master_protocol(ndpi_struct, flow, protocol); - ndpi_set_detected_protocol(ndpi_struct, flow, protocol, protocol); + ndpi_set_detected_protocol(ndpi_struct, flow, protocol, protocol, NDPI_CONFIDENCE_DPI); tlsInitExtraPacketProcessing(ndpi_struct, flow); } @@ -1775,7 +1771,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, /* Check if it ends in .com or .net */ && ((strcmp(&sni[sni_len-4], ".com") == 0) || (strcmp(&sni[sni_len-4], ".net") == 0)) && (strncmp(sni, "www.", 4) == 0)) /* Not starting with www.... */ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_TLS); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_TLS, NDPI_CONFIDENCE_DPI); } else { #ifdef DEBUG_TLS printf("[TLS] SNI: (NO DGA) [%s]\n", sni); diff --git a/src/lib/protocols/tvuplayer.c b/src/lib/protocols/tvuplayer.c index 6b7580d18..24c1d870c 100644 --- a/src/lib/protocols/tvuplayer.c +++ b/src/lib/protocols/tvuplayer.c @@ -32,7 +32,7 @@ static void ndpi_int_tvuplayer_add_connection(struct ndpi_detection_module_struc struct ndpi_flow_struct *flow/* , */ /* ndpi_protocol_type_t protocol_type */) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TVUPLAYER, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TVUPLAYER, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index 0a1674cb7..22262b904 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -27,7 +27,7 @@ static void ndpi_int_ubntac2_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UBNTAC2, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UBNTAC2, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/usenet.c b/src/lib/protocols/usenet.c index 5abcce584..819a13829 100644 --- a/src/lib/protocols/usenet.c +++ b/src/lib/protocols/usenet.c @@ -32,7 +32,7 @@ static void ndpi_int_usenet_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_USENET, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_USENET, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/vhua.c b/src/lib/protocols/vhua.c index 9dfa8f3f8..d3812d6f9 100644 --- a/src/lib/protocols/vhua.c +++ b/src/lib/protocols/vhua.c @@ -32,7 +32,7 @@ static void ndpi_int_vhua_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VHUA, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VHUA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); NDPI_LOG_INFO(ndpi_struct, "found VHUA\n"); } diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c index 929a8589f..6b263fc93 100644 --- a/src/lib/protocols/viber.c +++ b/src/lib/protocols/viber.c @@ -41,7 +41,7 @@ void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct, struct || (packet->payload_packet_len == 34 && packet->payload[2] == 0x1b && packet->payload[3] == 0x00) ) { NDPI_LOG_DBG(ndpi_struct, "found VIBER\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/vmware.c b/src/lib/protocols/vmware.c index 23493ee61..8150f5f60 100644 --- a/src/lib/protocols/vmware.c +++ b/src/lib/protocols/vmware.c @@ -36,7 +36,7 @@ void ndpi_search_vmware(struct ndpi_detection_module_struct *ndpi_struct, struct ((packet->payload[0] & 0xFF) == 0xA4)){ NDPI_LOG_INFO(ndpi_struct, "found vmware\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VMWARE, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VMWARE, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); return; } } diff --git a/src/lib/protocols/vnc.c b/src/lib/protocols/vnc.c index 6199cacfc..b949b2063 100644 --- a/src/lib/protocols/vnc.c +++ b/src/lib/protocols/vnc.c @@ -50,7 +50,7 @@ void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc || ((memcmp(packet->payload, "RFB 004.", 7) == 0) && (packet->payload[11] == 0x0a)))) { NDPI_LOG_INFO(ndpi_struct, "found vnc\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VNC, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VNC, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); ndpi_set_risk(ndpi_struct, flow, NDPI_DESKTOP_OR_FILE_SHARING_SESSION); /* Remote assistance */ return; } diff --git a/src/lib/protocols/warcraft3.c b/src/lib/protocols/warcraft3.c index 49f32bfd7..42162b4b7 100644 --- a/src/lib/protocols/warcraft3.c +++ b/src/lib/protocols/warcraft3.c @@ -31,7 +31,7 @@ static void ndpi_int_warcraft3_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WARCRAFT3, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WARCRAFT3, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_warcraft3(struct ndpi_detection_module_struct diff --git a/src/lib/protocols/websocket.c b/src/lib/protocols/websocket.c index 84aaf12f0..1901ec296 100644 --- a/src/lib/protocols/websocket.c +++ b/src/lib/protocols/websocket.c @@ -53,7 +53,7 @@ static void set_websocket_detected(struct ndpi_detection_module_struct *ndpi_str ndpi_search_tcp_or_udp(ndpi_struct, flow); ndpi_int_reset_protocol(flow); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WEBSOCKET, flow->guessed_host_protocol_id); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WEBSOCKET, flow->guessed_host_protocol_id, NDPI_CONFIDENCE_DPI); } } diff --git a/src/lib/protocols/whatsapp.c b/src/lib/protocols/whatsapp.c index bfb39273a..059958c18 100644 --- a/src/lib/protocols/whatsapp.c +++ b/src/lib/protocols/whatsapp.c @@ -42,7 +42,7 @@ void ndpi_search_whatsapp(struct ndpi_detection_module_struct *ndpi_struct, flow->l4.tcp.wa_matched_so_far += match_len; if(flow->l4.tcp.wa_matched_so_far == sizeof(whatsapp_sequence)) { NDPI_LOG_INFO(ndpi_struct, "found WhatsApp\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } return; } diff --git a/src/lib/protocols/whoisdas.c b/src/lib/protocols/whoisdas.c index 98a40dd56..f3ced8862 100644 --- a/src/lib/protocols/whoisdas.c +++ b/src/lib/protocols/whoisdas.c @@ -38,7 +38,7 @@ void ndpi_search_whois_das(struct ndpi_detection_module_struct *ndpi_struct, str packet->payload[packet->payload_packet_len - 2] == '\r' && packet->payload[packet->payload_packet_len - 1] == '\n') { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHOIS_DAS, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHOIS_DAS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); if((dport == 43) || (dport == 4343)) { /* Request */ ndpi_hostname_sni_set(flow, &packet->payload[0], packet->payload_packet_len - 2); /* Skip \r\n */ diff --git a/src/lib/protocols/wireguard.c b/src/lib/protocols/wireguard.c index eb18d94a8..a2e2291bc 100644 --- a/src/lib/protocols/wireguard.c +++ b/src/lib/protocols/wireguard.c @@ -108,7 +108,7 @@ void ndpi_search_wireguard(struct ndpi_detection_module_struct */ u_int32_t receiver_index = get_u_int32_t(payload, 8); if (receiver_index == flow->l4.udp.wireguard_peer_index[1 - packet->packet_direction]) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WIREGUARD, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WIREGUARD, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -124,7 +124,7 @@ void ndpi_search_wireguard(struct ndpi_detection_module_struct if (flow->l4.udp.wireguard_stage == 2 - packet->packet_direction) { u_int32_t receiver_index = get_u_int32_t(payload, 4); if (receiver_index == flow->l4.udp.wireguard_peer_index[1 - packet->packet_direction]) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WIREGUARD, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WIREGUARD, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -153,7 +153,7 @@ void ndpi_search_wireguard(struct ndpi_detection_module_struct /* need more packets before deciding */ } else if (flow->l4.udp.wireguard_stage == 5) { if (receiver_index == flow->l4.udp.wireguard_peer_index[packet->packet_direction]) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WIREGUARD, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WIREGUARD, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/world_of_kung_fu.c b/src/lib/protocols/world_of_kung_fu.c index 191f0eb9f..104315b16 100644 --- a/src/lib/protocols/world_of_kung_fu.c +++ b/src/lib/protocols/world_of_kung_fu.c @@ -30,7 +30,7 @@ static void ndpi_int_world_of_kung_fu_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WORLD_OF_KUNG_FU, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WORLD_OF_KUNG_FU, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_world_of_kung_fu(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) diff --git a/src/lib/protocols/world_of_warcraft.c b/src/lib/protocols/world_of_warcraft.c index 6bed73315..2d35fe7ab 100644 --- a/src/lib/protocols/world_of_warcraft.c +++ b/src/lib/protocols/world_of_warcraft.c @@ -31,7 +31,7 @@ static void ndpi_int_worldofwarcraft_add_connection(struct ndpi_detection_module struct ndpi_flow_struct *flow/* , */ /* ndpi_protocol_type_t protocol_type */) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/wsd.c b/src/lib/protocols/wsd.c index 32b2793a6..89efdd83a 100644 --- a/src/lib/protocols/wsd.c +++ b/src/lib/protocols/wsd.c @@ -45,7 +45,7 @@ void ndpi_search_wsd(struct ndpi_detection_module_struct *ndpi_struct, && (strncmp((char*)packet->payload, "<?xml", 5) == 0) ) { NDPI_LOG_INFO(ndpi_struct,"found wsd\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WSD, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WSD, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/xbox.c b/src/lib/protocols/xbox.c index d99476635..0878f933c 100644 --- a/src/lib/protocols/xbox.c +++ b/src/lib/protocols/xbox.c @@ -29,7 +29,7 @@ static void ndpi_int_xbox_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/xdmcp.c b/src/lib/protocols/xdmcp.c index 287b6a343..f8cbed095 100644 --- a/src/lib/protocols/xdmcp.c +++ b/src/lib/protocols/xdmcp.c @@ -32,7 +32,7 @@ static void ndpi_int_xdmcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_XDMCP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_XDMCP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } void ndpi_search_xdmcp(struct ndpi_detection_module_struct diff --git a/src/lib/protocols/z3950.c b/src/lib/protocols/z3950.c index 45522a0ff..3d238ceab 100644 --- a/src/lib/protocols/z3950.c +++ b/src/lib/protocols/z3950.c @@ -28,7 +28,7 @@ static void ndpi_int_z3950_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_Z3950, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_Z3950, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /* ***************************************************************** */ diff --git a/src/lib/protocols/zabbix.c b/src/lib/protocols/zabbix.c index 60461c61b..5e9209151 100644 --- a/src/lib/protocols/zabbix.c +++ b/src/lib/protocols/zabbix.c @@ -29,7 +29,7 @@ static void ndpi_int_zabbix_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ /* ndpi_protocol_type_t protocol_type */) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZABBIX, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZABBIX, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } /* *************************************************** */ diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 368a969a9..fbe3e6d1d 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -47,7 +47,7 @@ u_int8_t ndpi_int_zattoo_user_agent_set(struct ndpi_detection_module_struct *ndp } #define ZATTOO_DETECTED \ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN) + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI /* TODO */) void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { diff --git a/src/lib/protocols/zeromq.c b/src/lib/protocols/zeromq.c index 48780df37..abd53650d 100644 --- a/src/lib/protocols/zeromq.c +++ b/src/lib/protocols/zeromq.c @@ -24,7 +24,7 @@ #include "ndpi_api.h" static void ndpi_int_zmq_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZMQ, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZMQ, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); NDPI_LOG_INFO(ndpi_struct, "found ZMQ\n"); } |