diff options
| author | Luca Deri <deri@ntop.org> | 2020-06-06 11:29:03 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-06-06 11:29:03 +0200 |
| commit | 801c9481cb9c1b55382dc6e14dd0f9f573d3fea7 (patch) | |
| tree | 629d74482946020394f1a3dfd95f8ee71798f31e /src/lib/protocols | |
| parent | 605d548d4a5f2c298a6f98e5135d4ac63886d89a (diff) | |
Removed some obsolete protocols (battlefield, oscar, pcanywhere, tvants)
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/ayiya.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/battlefield.c | 126 | ||||
| -rw-r--r-- | src/lib/protocols/directconnect.c | 32 | ||||
| -rw-r--r-- | src/lib/protocols/gnutella.c | 18 | ||||
| -rw-r--r-- | src/lib/protocols/irc.c | 24 | ||||
| -rw-r--r-- | src/lib/protocols/jabber.c | 16 | ||||
| -rw-r--r-- | src/lib/protocols/oscar.c | 816 | ||||
| -rw-r--r-- | src/lib/protocols/pcanywhere.c | 67 | ||||
| -rw-r--r-- | src/lib/protocols/rtsp.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/soulseek.c | 34 | ||||
| -rw-r--r-- | src/lib/protocols/thunder.c | 12 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 6 | ||||
| -rw-r--r-- | src/lib/protocols/tvants.c | 85 | ||||
| -rw-r--r-- | src/lib/protocols/zattoo.c | 12 |
14 files changed, 81 insertions, 1173 deletions
diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c index b0ebc3749..b810da2d1 100644 --- a/src/lib/protocols/ayiya.c +++ b/src/lib/protocols/ayiya.c @@ -57,7 +57,7 @@ void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct u_int32_t epoch = ntohl(a->epoch), now; u_int32_t fiveyears = 86400 * 365 * 5; - now = flow->packet.tick_timestamp; + now = flow->packet.current_time_ms; if((epoch >= (now - fiveyears)) && (epoch <= (now+86400 /* 1 day */))) { NDPI_LOG_INFO(ndpi_struct, "found AYIYA\n"); diff --git a/src/lib/protocols/battlefield.c b/src/lib/protocols/battlefield.c deleted file mode 100644 index 14768cdb3..000000000 --- a/src/lib/protocols/battlefield.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - * battlefield.c - * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-20 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see <http://www.gnu.org/licenses/>. - * - */ - -#include "ndpi_protocol_ids.h" - -#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BATTLEFIELD - -#include "ndpi_api.h" - -static void ndpi_int_battlefield_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - struct ndpi_id_struct *src = flow->src; - struct ndpi_id_struct *dst = flow->dst; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BATTLEFIELD, NDPI_PROTOCOL_UNKNOWN); - - if (src != NULL) { - src->battlefield_ts = packet->tick_timestamp; - } - if (dst != NULL) { - dst->battlefield_ts = packet->tick_timestamp; - } -} - -void ndpi_search_battlefield(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - struct ndpi_id_struct *src = flow->src; - struct ndpi_id_struct *dst = flow->dst; - - if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_BATTLEFIELD) { - if (src != NULL && ((u_int32_t) - (packet->tick_timestamp - src->battlefield_ts) < ndpi_struct->battlefield_timeout)) { - NDPI_LOG_DBG2(ndpi_struct, - "battlefield : save src connection packet detected\n"); - src->battlefield_ts = packet->tick_timestamp; - } else if (dst != NULL && ((u_int32_t) - (packet->tick_timestamp - dst->battlefield_ts) < ndpi_struct->battlefield_timeout)) { - NDPI_LOG_DBG2(ndpi_struct, - "battlefield : save dst connection packet detected\n"); - dst->battlefield_ts = packet->tick_timestamp; - } - return; - } - - if (NDPI_SRC_OR_DST_HAS_PROTOCOL(src, dst, NDPI_PROTOCOL_BATTLEFIELD)) { - if (flow->l4.udp.battlefield_stage == 0 || flow->l4.udp.battlefield_stage == 1 + packet->packet_direction) { - if (packet->payload_packet_len > 8 && get_u_int16_t(packet->payload, 0) == htons(0xfefd)) { - flow->l4.udp.battlefield_msg_id = get_u_int32_t(packet->payload, 2); - flow->l4.udp.battlefield_stage = 1 + packet->packet_direction; - return; - } - } else if (flow->l4.udp.battlefield_stage == 2 - packet->packet_direction) { - if (packet->payload_packet_len > 8 && get_u_int32_t(packet->payload, 0) == flow->l4.udp.battlefield_msg_id) { - NDPI_LOG_INFO(ndpi_struct, "found Battlefield message and reply detected\n"); - ndpi_int_battlefield_add_connection(ndpi_struct, flow); - return; - } - } - } - - if (flow->l4.udp.battlefield_stage == 0) { - if (packet->payload_packet_len == 46 && packet->payload[2] == 0 && packet->payload[4] == 0 - && get_u_int32_t(packet->payload, 7) == htonl(0x98001100)) { - flow->l4.udp.battlefield_stage = 3 + packet->packet_direction; - return; - } - } else if (flow->l4.udp.battlefield_stage == 4 - packet->packet_direction) { - if (packet->payload_packet_len == 7 - && (packet->payload[0] == 0x02 || packet->payload[packet->payload_packet_len - 1] == 0xe0)) { - NDPI_LOG_INFO(ndpi_struct, "found Battlefield message and reply detected\n"); - ndpi_int_battlefield_add_connection(ndpi_struct, flow); - return; - } - } - - if (packet->payload_packet_len == 18 && memcmp(&packet->payload[5], "battlefield2\x00", 13) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found Battlefield 2 hello packet detected\n"); - ndpi_int_battlefield_add_connection(ndpi_struct, flow); - return; - } else if (packet->payload_packet_len > 10 && - (memcmp(packet->payload, "\x11\x20\x00\x01\x00\x00\x50\xb9\x10\x11", 10) == 0 - || memcmp(packet->payload, "\x11\x20\x00\x01\x00\x00\x30\xb9\x10\x11", 10) == 0 - || memcmp(packet->payload, "\x11\x20\x00\x01\x00\x00\xa0\x98\x00\x11", 10) == 0)) { - NDPI_LOG_INFO(ndpi_struct, "found Battlefield safe pattern detected\n"); - ndpi_int_battlefield_add_connection(ndpi_struct, flow); - return; - } - - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); -} - - -void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - ndpi_set_bitmask_protocol_detection("BattleField", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_BATTLEFIELD, - ndpi_search_battlefield, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); - *id += 1; -} diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index 07e9f70f3..e93214228 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -85,7 +85,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); if(src != NULL) { - src->directconnect_last_safe_access_time = packet->tick_timestamp; + src->directconnect_last_safe_access_time = packet->current_time_ms; if(connection_type == DIRECT_CONNECT_TYPE_PEER) { if(packet->tcp != NULL && flow->setup_packet_direction != packet->packet_direction && src->detected_directconnect_port == 0) { @@ -101,7 +101,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s } if(dst != NULL) { - dst->directconnect_last_safe_access_time = packet->tick_timestamp; + dst->directconnect_last_safe_access_time = packet->current_time_ms; if(connection_type == DIRECT_CONNECT_TYPE_PEER) { if(packet->tcp != NULL && flow->setup_packet_direction == packet->packet_direction && dst->detected_directconnect_port == 0) { @@ -162,9 +162,9 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if(src != NULL) { if(src->detected_directconnect_port == packet->tcp->source) { if((u_int32_t) - (packet->tick_timestamp - + (packet->current_time_ms - src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - src->directconnect_last_safe_access_time = packet->tick_timestamp; + src->directconnect_last_safe_access_time = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(src->detected_directconnect_port)); ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; @@ -176,9 +176,9 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n } if(src->detected_directconnect_ssl_port == packet->tcp->dest) { if((u_int32_t) - (packet->tick_timestamp - + (packet->current_time_ms - src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - src->directconnect_last_safe_access_time = packet->tick_timestamp; + src->directconnect_last_safe_access_time = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(src->detected_directconnect_ssl_port)); ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; @@ -194,9 +194,9 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if(dst != NULL) { if(dst->detected_directconnect_port == packet->tcp->dest) { if((u_int32_t) - (packet->tick_timestamp - + (packet->current_time_ms - dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - dst->directconnect_last_safe_access_time = packet->tick_timestamp; + dst->directconnect_last_safe_access_time = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(dst->detected_directconnect_port)); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; @@ -208,9 +208,9 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n } if(dst->detected_directconnect_ssl_port == packet->tcp->dest) { if((u_int32_t) - (packet->tick_timestamp - + (packet->current_time_ms - dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - dst->directconnect_last_safe_access_time = packet->tick_timestamp; + dst->directconnect_last_safe_access_time = packet->current_time_ms; NDPI_LOG_DBG(ndpi_struct, "found DC using port %d\n", ntohs(dst->detected_directconnect_ssl_port)); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; @@ -319,10 +319,10 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct if(dst != NULL && dst->detected_directconnect_udp_port == packet->udp->dest) { if((u_int32_t) - (packet->tick_timestamp - + (packet->current_time_ms - dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - dst->directconnect_last_safe_access_time = packet->tick_timestamp; + dst->directconnect_last_safe_access_time = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found DC using udp port %d\n", ntohs(dst->detected_directconnect_udp_port)); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; @@ -405,16 +405,16 @@ void ndpi_search_directconnect(struct ndpi_detection_module_struct if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_DIRECTCONNECT) { if(src != NULL && ((u_int32_t) - (packet->tick_timestamp - + (packet->current_time_ms - src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout)) { - src->directconnect_last_safe_access_time = packet->tick_timestamp; + src->directconnect_last_safe_access_time = packet->current_time_ms; } else if(dst != NULL && ((u_int32_t) - (packet->tick_timestamp - + (packet->current_time_ms - dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout)) { - dst->directconnect_last_safe_access_time = packet->tick_timestamp; + dst->directconnect_last_safe_access_time = packet->current_time_ms; } else { packet->detected_protocol_stack[0] = NDPI_PROTOCOL_UNKNOWN; NDPI_LOG_DBG2(ndpi_struct, "skipping as unknown due to timeout\n"); diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c index 68313d668..18c5b2f2b 100644 --- a/src/lib/protocols/gnutella.c +++ b/src/lib/protocols/gnutella.c @@ -41,7 +41,7 @@ static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct NDPI_LOG_INFO(ndpi_struct, "found GNUTELLA\n"); if (src != NULL) { - src->gnutella_ts = packet->tick_timestamp; + src->gnutella_ts = packet->current_time_ms; if (packet->udp != NULL) { if (!src->detected_gnutella_udp_port1) { src->detected_gnutella_udp_port1 = (packet->udp->source); @@ -58,7 +58,7 @@ static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct } } if (dst != NULL) { - dst->gnutella_ts = packet->tick_timestamp; + dst->gnutella_ts = packet->current_time_ms; } } @@ -74,19 +74,19 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_GNUTELLA) { if (src != NULL && ((u_int32_t) - (packet->tick_timestamp - src->gnutella_ts) < ndpi_struct->gnutella_timeout)) { + (packet->current_time_ms - src->gnutella_ts) < ndpi_struct->gnutella_timeout)) { NDPI_LOG_DBG2(ndpi_struct, "save src connection packet detected\n"); - src->gnutella_ts = packet->tick_timestamp; + src->gnutella_ts = packet->current_time_ms; } else if (dst != NULL && ((u_int32_t) - (packet->tick_timestamp - dst->gnutella_ts) < ndpi_struct->gnutella_timeout)) { + (packet->current_time_ms - dst->gnutella_ts) < ndpi_struct->gnutella_timeout)) { NDPI_LOG_DBG2(ndpi_struct, "save dst connection packet detected\n"); - dst->gnutella_ts = packet->tick_timestamp; + dst->gnutella_ts = packet->current_time_ms; } - if (src != NULL && (packet->tick_timestamp - src->gnutella_ts) > ndpi_struct->gnutella_timeout) { + if (src != NULL && (packet->current_time_ms - src->gnutella_ts) > ndpi_struct->gnutella_timeout) { src->detected_gnutella_udp_port1 = 0; src->detected_gnutella_udp_port2 = 0; } - if (dst != NULL && (packet->tick_timestamp - dst->gnutella_ts) > ndpi_struct->gnutella_timeout) { + if (dst != NULL && (packet->current_time_ms - dst->gnutella_ts) > ndpi_struct->gnutella_timeout) { dst->detected_gnutella_udp_port1 = 0; dst->detected_gnutella_udp_port2 = 0; } @@ -236,7 +236,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru } else if (packet->udp != NULL) { if (src != NULL && (packet->udp->source == src->detected_gnutella_udp_port1 || packet->udp->source == src->detected_gnutella_udp_port2) && - (packet->tick_timestamp - src->gnutella_ts) < ndpi_struct->gnutella_timeout) { + (packet->current_time_ms - src->gnutella_ts) < ndpi_struct->gnutella_timeout) { NDPI_LOG_DBG2(ndpi_struct, "port based detection\n\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); } diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index 2ebb929fa..e1cc59be2 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -399,25 +399,25 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_IRC) { if (src != NULL && ((u_int32_t) - (packet->tick_timestamp - src->irc_ts) < ndpi_struct->irc_timeout)) { + (packet->current_time_ms - src->irc_ts) < ndpi_struct->irc_timeout)) { NDPI_LOG_DBG2(ndpi_struct, "irc : save src connection packet detected\n"); - src->irc_ts = packet->tick_timestamp; + src->irc_ts = packet->current_time_ms; } else if (dst != NULL && ((u_int32_t) - (packet->tick_timestamp - dst->irc_ts) < ndpi_struct->irc_timeout)) { + (packet->current_time_ms - dst->irc_ts) < ndpi_struct->irc_timeout)) { NDPI_LOG_DBG2(ndpi_struct, "irc : save dst connection packet detected\n"); - dst->irc_ts = packet->tick_timestamp; + dst->irc_ts = packet->current_time_ms; } } if (((dst != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_IRC) && ((u_int32_t) - (packet->tick_timestamp - dst->irc_ts)) < + (packet->current_time_ms - dst->irc_ts)) < ndpi_struct->irc_timeout)) || (src != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK (src->detected_protocol_bitmask, NDPI_PROTOCOL_IRC) && ((u_int32_t) - (packet->tick_timestamp - src->irc_ts)) < ndpi_struct->irc_timeout)) { + (packet->current_time_ms - src->irc_ts)) < ndpi_struct->irc_timeout)) { if (packet->tcp != NULL) { sport = packet->tcp->source; dport = packet->tcp->dest; @@ -425,7 +425,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (dst != NULL) { for (counter = 0; counter < dst->irc_number_of_port; counter++) { if (dst->irc_port[counter] == sport || dst->irc_port[counter] == dport) { - dst->last_time_port_used[counter] = packet->tick_timestamp; + dst->last_time_port_used[counter] = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found IRC: dest port matched with the DCC port"); ndpi_int_irc_add_connection(ndpi_struct, flow); return; @@ -435,7 +435,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (src != NULL) { for (counter = 0; counter < src->irc_number_of_port; counter++) { if (src->irc_port[counter] == sport || src->irc_port[counter] == dport) { - src->last_time_port_used[counter] = packet->tick_timestamp; + src->last_time_port_used[counter] = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found IRC: Source port matched with the DCC port"); ndpi_int_irc_add_connection(ndpi_struct, flow); return; @@ -716,7 +716,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG_DBG2(ndpi_struct, "found port=%d jjeeeeeeeeeeeeeeeeeeeeeeeee", ntohs(get_u_int16_t(src->irc_port, 0))); } - src->irc_ts = packet->tick_timestamp; + src->irc_ts = packet->current_time_ms; } else if (port != 0 && src->irc_number_of_port == NDPI_PROTOCOL_IRC_MAXPORT) { if (!ndpi_is_duplicate(src, port)) { less = 0; @@ -724,7 +724,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc src->irc_port[less] = port; NDPI_LOG_DBG2(ndpi_struct, "found port=%d", ntohs(get_u_int16_t(src->irc_port, 0))); } - src->irc_ts = packet->tick_timestamp; + src->irc_ts = packet->current_time_ms; } if (dst == NULL) { break; @@ -747,7 +747,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG_DBG2(ndpi_struct, "found port=%d", ntohs(get_u_int16_t(dst->irc_port, 0))); NDPI_LOG_DBG2(ndpi_struct, "juuuuuuuuuuuuuuuu"); } - dst->irc_ts = packet->tick_timestamp; + dst->irc_ts = packet->current_time_ms; } else if (port != 0 && dst->irc_number_of_port == NDPI_PROTOCOL_IRC_MAXPORT) { if (!ndpi_is_duplicate(dst, port)) { less = 0; @@ -756,7 +756,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG_DBG2(ndpi_struct, "found port=%d", ntohs(get_u_int16_t(dst->irc_port, 0))); } - dst->irc_ts = packet->tick_timestamp; + dst->irc_ts = packet->current_time_ms; } break; diff --git a/src/lib/protocols/jabber.c b/src/lib/protocols/jabber.c index 9302f84d7..ecf29c54f 100644 --- a/src/lib/protocols/jabber.c +++ b/src/lib/protocols/jabber.c @@ -81,9 +81,9 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st ntohs(src->jabber_file_transfer_port[0]), ntohs(src->jabber_file_transfer_port[1])); if (((u_int32_t) - (packet->tick_timestamp - src->jabber_stun_or_ft_ts)) >= ndpi_struct->jabber_file_transfer_timeout) { + (packet->current_time_ms - src->jabber_stun_or_ft_ts)) >= ndpi_struct->jabber_file_transfer_timeout) { NDPI_LOG_DBG2(ndpi_struct, "JABBER src stun timeout %u %u\n", - src->jabber_stun_or_ft_ts, packet->tick_timestamp); + src->jabber_stun_or_ft_ts, packet->current_time_ms); src->jabber_file_transfer_port[0] = 0; src->jabber_file_transfer_port[1] = 0; } else if (src->jabber_file_transfer_port[0] == packet->tcp->dest @@ -101,9 +101,9 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st ntohs(dst->jabber_file_transfer_port[0]), ntohs(dst->jabber_file_transfer_port[1])); if (((u_int32_t) - (packet->tick_timestamp - dst->jabber_stun_or_ft_ts)) >= ndpi_struct->jabber_file_transfer_timeout) { + (packet->current_time_ms - dst->jabber_stun_or_ft_ts)) >= ndpi_struct->jabber_file_transfer_timeout) { NDPI_LOG_DBG2(ndpi_struct, "JABBER dst stun timeout %u %u\n", - dst->jabber_stun_or_ft_ts, packet->tick_timestamp); + dst->jabber_stun_or_ft_ts, packet->current_time_ms); dst->jabber_file_transfer_port[0] = 0; dst->jabber_file_transfer_port[1] = 0; } else if (dst->jabber_file_transfer_port[0] == packet->tcp->dest @@ -143,11 +143,11 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st if (memcmp(&packet->payload[x], "port=", 5) == 0) { NDPI_LOG_DBG2(ndpi_struct, "port=\n"); if (src != NULL) { - src->jabber_stun_or_ft_ts = packet->tick_timestamp; + src->jabber_stun_or_ft_ts = packet->current_time_ms; } if (dst != NULL) { - dst->jabber_stun_or_ft_ts = packet->tick_timestamp; + dst->jabber_stun_or_ft_ts = packet->current_time_ms; } x += 6; j_port = ntohs_ndpi_bytestream_to_number(&packet->payload[x], packet->payload_packet_len, &x); @@ -204,11 +204,11 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st if (memcmp(&packet->payload[x], "port=", 5) == 0) { NDPI_LOG_DBG2(ndpi_struct, "port=\n"); if (src != NULL) { - src->jabber_stun_or_ft_ts = packet->tick_timestamp; + src->jabber_stun_or_ft_ts = packet->current_time_ms; } if (dst != NULL) { - dst->jabber_stun_or_ft_ts = packet->tick_timestamp; + dst->jabber_stun_or_ft_ts = packet->current_time_ms; } x += 6; diff --git a/src/lib/protocols/oscar.c b/src/lib/protocols/oscar.c deleted file mode 100644 index cba0c3bcc..000000000 --- a/src/lib/protocols/oscar.c +++ /dev/null @@ -1,816 +0,0 @@ -/* - * oscar.c - * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-20 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see <http://www.gnu.org/licenses/>. - * - */ - -#include "ndpi_protocol_ids.h" - -#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OSCAR - -#include "ndpi_api.h" - -#define FLAPVERSION 0x00000001 - -/* Flap channels */ -#define SIGNON 0x01 -#define DATA 0x02 -#define O_ERROR 0x03 -#define SIGNOFF 0x04 -#define KEEP_ALIVE 0x05 - -/* Signon tags */ -#define SCREEN_NAME 0x0001 -#define PASSWD 0x0002 -#define CLIENT_NAME 0x0003 -#define BOS 0x0005 -#define LOGIN_COOKIE 0x0006 -#define MAJOR_VERSION 0x0017 -#define MINOR_VERSION 0x0018 -#define POINT_VERSION 0x0019 -#define BUILD_NUM 0x001a -#define MULTICONN_FLAGS 0x004a -#define CLIENT_LANG 0x00OF -#define CLIENT_CNTRY 0x00OE -#define CLIENT_RECONNECT 0x0094 - -/* Family */ -#define GE_SE_CTL 0x0001 -#define LOC_SRV 0x0002 -#define BUDDY_LIST 0x0003 -#define IM 0x0004 -#define IS 0x0006 -#define ACC_ADM 0x0007 -#define POPUP 0x0008 -#define PMS 0x0009 -#define USS 0x000b -#define CHAT_ROOM_SETUP 0x000d -#define CHAT_ROOM_ACT 0x000e -#define USER_SRCH 0x000f -#define BUDDY_ICON_SERVER 0x0010 -#define SERVER_STORED_INFO 0x0013 -#define ICQ 0x0015 -#define INIT_AUTH 0x0017 -#define EMAIL 0x0018 -#define IS_EXT 0x0085 - - -static void ndpi_int_oscar_add_connection(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) -{ - - struct ndpi_packet_struct *packet = &flow->packet; - struct ndpi_id_struct *src = flow->src; - struct ndpi_id_struct *dst = flow->dst; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OSCAR, NDPI_PROTOCOL_UNKNOWN); - - if(src != NULL) { - src->oscar_last_safe_access_time = packet->tick_timestamp; - } - if(dst != NULL) { - dst->oscar_last_safe_access_time = packet->tick_timestamp; - } -} - -/** - Oscar connection work on FLAP protocol. - - FLAP is a low-level communications protocol that facilitates the development of higher-level, datagram-oriented, communications layers. - It is used on the TCP connection between all clients and servers. - Here is format of FLAP datagram -**/ -static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - - int excluded = 0; -// u_int8_t channel; - u_int16_t family; - u_int16_t type; - u_int16_t flag; - struct ndpi_packet_struct * packet = &flow->packet; - struct ndpi_id_struct * src = flow->src; - struct ndpi_id_struct * dst = flow->dst; - - /* FLAP__Header - * - * [ 6 byte FLAP header ] - * +-----------+--------------+-------------+--------------+ - * | 0x2a (1B) | Channel (1B) | SeqNum (2B) | PyldLen (2B) | - * +-----------+--------------+-------------+--------------+ - * - * [ 4 byte of data ] - * - * */ - if(packet->payload_packet_len >= 6 && packet->payload[0] == 0x2a) - { - - /* FLAP__FRAME_TYPE (Channel)*/ - u_int8_t channel = get_u_int8_t(packet->payload, 1); - - /* - Initialize the FLAP connection. - - SIGNON -> FLAP__SIGNON_FRAME - +--------------------------------------------------+ - + FLAP__Header | 6 byte + - + FlapVersion | 4 byte (Always 1 = 0x00000001) + - + TLVs | [Class: FLAP__SIGNON_TAGS] TLVs + - +--------------------------------------------------+ - */ - if(channel == SIGNON && packet->payload_packet_len >= 10 && - get_u_int16_t(packet->payload, 4) == htons(packet->payload_packet_len - 6) && - get_u_int32_t(packet->payload, 6) == htonl(FLAPVERSION)) - { - - /* No TLVs */ - if(packet->payload_packet_len == 10) - { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Sign In \n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - /* /\* SCREEN_NAME *\/ */ - /* if(get_u_int16_t(packet->payload, 10) == htons(SCREEN_NAME)) /\* packet->payload[10] == 0x00 && packet->payload[11] == 0x01 *\/ */ - /* { */ - /* NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Screen Name \n"); */ - /* ndpi_int_oscar_add_connection(ndpi_struct, flow); */ - /* return; */ - /* } */ - /* /\* PASSWD *\/ */ - /* if(get_u_int16_t(packet->payload, 10) == htons(PASSWD)) /\* packet->payload[10] == 0x00 && packet->payload[11] == 0x02 *\/ */ - /* { */ - /* NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Password (roasted) \n"); */ - /* ndpi_int_oscar_add_connection(ndpi_struct, flow); */ - /* return; */ - /* } */ - /* CLIENT_NAME */ - if(get_u_int16_t(packet->payload, 10) == htons(CLIENT_NAME)) /* packet->payload[10] == 0x00 && packet->payload[11] == 0x03 */ - { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Client Name \n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - /* LOGIN_COOKIE */ - if(get_u_int16_t(packet->payload, 10) == htons(LOGIN_COOKIE) && - get_u_int16_t(packet->payload, 12) == htons(0x0100)) - { - if(get_u_int16_t(packet->payload, packet->payload_packet_len - 5) == htons(MULTICONN_FLAGS)) /* MULTICONN_FLAGS */ - { - if(get_u_int16_t(packet->payload, packet->payload_packet_len - 3) == htons(0x0001)) - if((get_u_int8_t(packet->payload, packet->payload_packet_len - 1) == 0x00) || - (get_u_int8_t(packet->payload, packet->payload_packet_len - 1) == 0x01) || - (get_u_int8_t(packet->payload, packet->payload_packet_len - 1) == 0x03)) - { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Login \n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - } - } - /* MAJOR_VERSION */ - if(get_u_int16_t(packet->payload, 10) == htons(MAJOR_VERSION)) - { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Major_Version \n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - /* MINOR_VERSION */ - if(get_u_int16_t(packet->payload, 10) == htons(MINOR_VERSION)) - { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Minor_Version \n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - /* POINT_VERSION */ - if(get_u_int16_t(packet->payload, 10) == htons(POINT_VERSION)) - { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Point_Version \n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - /* BUILD_NUM */ - if(get_u_int16_t(packet->payload, 10) == htons(BUILD_NUM)) - { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Build_Num \n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - /* CLIENT_RECONNECT */ - if(get_u_int16_t(packet->payload, 10) == htons(CLIENT_RECONNECT)) - { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Client_Reconnect \n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - } - - /* - Messages using the FLAP connection, usually a SNAC message. - - DATA -> FLAP__DATA_FRAME - +-------------------------+ - + FLAP__Header | 6 byte + - + SNAC__Header | 10 byte + - + snac | + - +-------------------------+ - - SNAC__Header - +----------------------------------------------+ - + ID | 4 byte (2 foodgroup + 2 type) + - + FLAGS | 2 byte + - + requestId | 4 byte + - +----------------------------------------------+ - */ - if(channel == DATA) - { - if(packet->payload_packet_len >= 8) - family = get_u_int16_t(packet->payload, 6); - else - family = 0; - if(packet->payload_packet_len >= 10) - type = get_u_int16_t(packet->payload, 8); - else - type = 0; - if(family == 0 || type == 0) - { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - return; - } - - /* Family 0x0001 */ - if(family == htons(GE_SE_CTL)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - case (0x0005): break; - case (0x0006): break; - case (0x0007): break; - case (0x0008): break; - case (0x0009): break; - case (0x000a): break; - case (0x000b): break; - case (0x000c): break; - case (0x000d): break; - case (0x000e): break; - case (0x000f): break; - case (0x0010): break; - case (0x0011): break; - case (0x0012): break; - case (0x0013): break; - case (0x0014): break; - case (0x0015): break; - case (0x0016): break; - case (0x0017): break; - case (0x0018): break; - case (0x001e): break; - case (0x001f): break; - case (0x0020): break; - case (0x0021): break; - default: excluded = 1; - } - } - /* Family 0x0002 */ - if(family == htons(LOC_SRV)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - case (0x0005): break; - case (0x0006): break; - case (0x0007): break; - case (0x0008): break; - case (0x0009): break; - case (0x000a): break; - case (0x000b): break; - case (0x000c): break; - case (0x000f): break; - case (0x0010): break; - case (0x0015): break; - default: excluded = 1; - } - } - /* Family 0x0003 */ - if(family == htons(BUDDY_LIST)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - case (0x0005): break; - case (0x0006): break; - case (0x0007): break; - case (0x0008): break; - case (0x0009): break; - case (0x000a): break; - case (0x000b): break; - case (0x000c): break; - default: excluded = 1; - } - } - /* Family 0x0004 */ - if(family == htons(IM)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - case (0x0005): break; - case (0x0006): break; - case (0x0007): break; - case (0x0008): break; - case (0x0009): break; - case (0x000a): break; - case (0x000b): break; - case (0x000c): break; - case (0x0014): break; - default: excluded = 1; - } - } - /* Family 0x0006 */ - if(family == htons(IS)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - default: excluded = 1; - } - } - /* Family 0x0007 */ - if(family == htons(ACC_ADM)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - case (0x0005): break; - case (0x0006): break; - case (0x0007): break; - case (0x0008): break; - case (0x0009): break; - default: excluded = 1; - } - } - /* Family 0x0008 */ - if(family == htons(POPUP)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - default: excluded = 1; - } - } - /* Family 0x0009 */ - if(family == htons(PMS)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - case (0x0005): break; - case (0x0006): break; - case (0x0007): break; - case (0x0008): break; - case (0x0009): break; - case (0x000a): break; - case (0x000b): break; - default: excluded = 1; - } - } - /* Family 0x000b */ - if(family == htons(USS)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - default: excluded = 1; - } - } - /* Family 0x000d */ - if(family == htons(CHAT_ROOM_SETUP)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - case (0x0005): break; - case (0x0006): break; - case (0x0007): break; - case (0x0008): break; - case (0x0009): break; - default: excluded = 1; - } - } - /* Family 0x000e */ - if(family == htons(CHAT_ROOM_ACT)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - case (0x0005): break; - case (0x0006): break; - case (0x0007): break; - case (0x0008): break; - case (0x0009): break; - default: excluded = 1; - } - } - /* Family 0x000f */ - if(family == htons(USER_SRCH)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - case (0x0005): break; - default: excluded = 1; - } - } - /* Family 0x0010 */ - if(family == htons(BUDDY_ICON_SERVER)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - case (0x0005): break; - case (0x0006): break; - case (0x0007): break; - default: excluded = 1; - } - } - /* Family 0x0013 */ - if(family == htons(SERVER_STORED_INFO)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - case (0x0005): break; - case (0x0006): break; - case (0x0007): break; - case (0x0008): break; - case (0x0009): break; - case (0x000a): break; - case (0x000e): break; - case (0x000f): break; - case (0x0011): break; - case (0x0012): break; - case (0x0014): break; - case (0x0015): break; - case (0x0016): break; - case (0x0018): break; - case (0x001a): break; - case (0x001b): break; - case (0x001c): break; - default: excluded = 1; - } - } - /* Family 0x0015 */ - if(family == htons(ICQ)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - default: excluded = 1; - } - } - /* Family 0x0017 */ - if(family == htons(INIT_AUTH)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - case (0x0004): break; - case (0x0005): break; - case (0x0006): break; - case (0x0007): break; - case (0x000a): break; - case (0x000b): break; - default: excluded = 1; - } - } - /* Family 0x0018 */ - if(family == htons(EMAIL)) - { - /* TODO */ - } - /* Family 0x0085 */ - if(family == htons(IS_EXT)) - { - switch (type) { - - case (0x0001): break; - case (0x0002): break; - case (0x0003): break; - default: excluded = 1; - } - } - - if(excluded == 1) - { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - } - - /* flag */ - if(packet->payload_packet_len >= 12) - { - flag = get_u_int16_t(packet->payload, 10); - if(flag == htons(0x0000)|| flag == htons(0x8000) || flag == htons(0x0001)) - { - if(packet->payload_packet_len >= 16) - { - /* request ID */ - // u_int32_t req_ID = get_u_int32_t(packet->payload, 12); - /* if((req_ID <= ((u_int32_t)-1))) */ - { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - } - } - } - } - /* - ERROR -> FLAP__ERROR_CHANNEL_0x03 - A FLAP error - rare - */ - if(channel == O_ERROR) - { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Error frame \n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - /* - Close down the FLAP connection gracefully. - SIGNOFF: FLAP__SIGNOFF_CHANNEL_0x04 - */ - if(channel == SIGNOFF) - { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Signoff frame \n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - /* - Send a heartbeat to server to help keep connection open. - KEEP_ALIVE: FLAP__KEEP_ALIVE_CHANNEL_0x05 - */ - if(channel == KEEP_ALIVE) - { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Keep Alive frame \n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - } - - - /* detect http connections */ - if(packet->payload_packet_len >= 18) { - if((packet->payload[0] == 'P') && (memcmp(packet->payload, "POST /photo/upload", 18) == 0)) { - NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet); - if(packet->host_line.len >= 18 && packet->host_line.ptr != NULL) { - if(memcmp(packet->host_line.ptr, "lifestream.aol.com", 18) == 0) { - NDPI_LOG_INFO(ndpi_struct, - "found OSCAR over HTTP, POST method\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - } - } - } - if(packet->payload_packet_len > 40) { - if((packet->payload[0] == 'G') && (memcmp(packet->payload, "GET /", 5) == 0)) { - if((memcmp(&packet->payload[5], "aim/fetchEvents?aimsid=", 23) == 0) || - (memcmp(&packet->payload[5], "aim/startSession?", 17) == 0) || - (memcmp(&packet->payload[5], "aim/gromit/aim_express", 22) == 0) || - (memcmp(&packet->payload[5], "b/ss/aolwpaim", 13) == 0) || - (memcmp(&packet->payload[5], "hss/storage/aimtmpshare", 23) == 0)) { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR over HTTP, GET /aim/\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - - if((memcmp(&packet->payload[5], "aim", 3) == 0) || (memcmp(&packet->payload[5], "im", 2) == 0)) { - NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet); - if(packet->user_agent_line.len > 15 && packet->user_agent_line.ptr != NULL && - ((memcmp(packet->user_agent_line.ptr, "mobileAIM/", 10) == 0) || - (memcmp(packet->user_agent_line.ptr, "ICQ/", 4) == 0) || - (memcmp(packet->user_agent_line.ptr, "mobileICQ/", 10) == 0) || - (memcmp(packet->user_agent_line.ptr, "AIM%20Free/", NDPI_STATICSTRING_LEN("AIM%20Free/")) == 0) || - (memcmp(packet->user_agent_line.ptr, "AIM/", 4) == 0))) { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR over HTTP\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - } - NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet); - if(packet->referer_line.ptr != NULL && packet->referer_line.len >= 22) { - - if(memcmp(&packet->referer_line.ptr[packet->referer_line.len - NDPI_STATICSTRING_LEN("WidgetMain.swf")], - "WidgetMain.swf", NDPI_STATICSTRING_LEN("WidgetMain.swf")) == 0) { - u_int16_t i; - for (i = 0; i < (packet->referer_line.len - 22); i++) { - if(packet->referer_line.ptr[i] == 'a') { - if(memcmp(&packet->referer_line.ptr[i + 1], "im/gromit/aim_express", 21) == 0) { - NDPI_LOG_INFO(ndpi_struct, - "found OSCAR over HTTP : aim/gromit/aim_express\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - } - } - } - } - } - if(memcmp(packet->payload, "CONNECT ", 8) == 0) { - if(memcmp(packet->payload, "CONNECT login.icq.com:443 HTTP/1.", 33) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR ICQ-HTTP\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - if(memcmp(packet->payload, "CONNECT login.oscar.aol.com:5190 HTTP/1.", 40) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR AIM-HTTP\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - - } - } - - if(packet->payload_packet_len > 43 - && memcmp(packet->payload, "GET http://http.proxy.icq.com/hello HTTP/1.", 43) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR ICQ-HTTP PROXY\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - - if(packet->payload_packet_len > 46 - && memcmp(packet->payload, "GET http://aimhttp.oscar.aol.com/hello HTTP/1.", 46) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR AIM-HTTP PROXY\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - - if(packet->payload_packet_len > 5 && get_u_int32_t(packet->payload, 0) == htonl(0x05010003)) { - NDPI_LOG_DBG2(ndpi_struct, "Maybe OSCAR Picturetransfer\n"); - return; - } - - if(packet->payload_packet_len == 10 && get_u_int32_t(packet->payload, 0) == htonl(0x05000001) && - get_u_int32_t(packet->payload, 4) == 0) { - NDPI_LOG_DBG2(ndpi_struct, "Maybe OSCAR Picturetransfer\n"); - return; - } - - if(packet->payload_packet_len >= 70 && - memcmp(&packet->payload[packet->payload_packet_len - 26], - "\x67\x00\x65\x00\x74\x00\x43\x00\x61\x00\x74\x00\x61\x00\x6c\x00\x6f\x00\x67", 19) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR PICTURE TRANSFER\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - - if(NDPI_SRC_OR_DST_HAS_PROTOCOL(src, dst, NDPI_PROTOCOL_OSCAR) != 0) { - - if(flow->packet_counter == 1 - && - ((packet->payload_packet_len == 9 - && memcmp(packet->payload, "\x00\x09\x00\x00\x83\x01\xc0\x00\x00", 9) == 0) - || (packet->payload_packet_len == 13 - && (memcmp(packet->payload, "\x00\x0d\x00\x87\x01\xc0", 6) == 0 - || memcmp(packet->payload, "\x00\x0d\x00\x87\x01\xc1", 6) == 0)))) { - flow->oscar_video_voice = 1; - } - -#if 0 - if(flow->oscar_video_voice && ntohs(get_u_int16_t(packet->payload, 0)) == packet->payload_packet_len - && packet->payload[2] == 0x00 && packet->payload[3] == 0x00) { - } -#endif - - if(packet->payload_packet_len >= 70 && ntohs(get_u_int16_t(packet->payload, 4)) == packet->payload_packet_len) { - if(memcmp(packet->payload, "OFT", 3) == 0 && - ((packet->payload[3] == '3' && ((memcmp(&packet->payload[4], "\x01\x00\x01\x01", 4) == 0) - || (memcmp(&packet->payload[6], "\x01\x01\x00", 3) == 0))) - || (packet->payload[3] == '2' && ((memcmp(&packet->payload[6], "\x01\x01", 2) - == 0) - )))) { - // FILE TRANSFER PATTERN:: OFT3 or OFT2 - NDPI_LOG_INFO(ndpi_struct, "found OSCAR FILE TRANSFER\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - - if(memcmp(packet->payload, "ODC2", 4) == 0 && memcmp(&packet->payload[6], "\x00\x01\x00\x06", 4) == 0) { - //PICTURE TRANSFER PATTERN EXMAPLE:: - //4f 44 43 32 00 4c 00 01 00 06 00 00 00 00 00 00 ODC2.L.......... - NDPI_LOG_INFO(ndpi_struct, "found OSCAR PICTURE TRANSFER\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - return; - } - } - if(packet->payload_packet_len > 40 && (memcmp(&packet->payload[2], "\x04\x4a\x00", 3) == 0) - && (memcmp(&packet->payload[6], "\x00\x00", 2) == 0) - && packet->payload[packet->payload_packet_len - 15] == 'F' - && packet->payload[packet->payload_packet_len - 12] == 'L' - && (memcmp(&packet->payload[packet->payload_packet_len - 6], "DEST", 4) == 0) - && (memcmp(&packet->payload[packet->payload_packet_len - 2], "\x00\x00", 2) == 0)) { - NDPI_LOG_INFO(ndpi_struct, "found OSCAR PICTURE TRANSFER\n"); - ndpi_int_oscar_add_connection(ndpi_struct, flow); - if(ntohs(packet->tcp->dest) == 443 || ntohs(packet->tcp->source) == 443) { - flow->oscar_ssl_voice_stage = 1; - } - return; - - } - } - if(flow->packet_counter < 3 && packet->payload_packet_len > 11 && (memcmp(packet->payload, "\x00\x37\x04\x4a", 4) - || memcmp(packet->payload, "\x00\x0a\x04\x4a", - 4))) { - return; - } - - - if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_OSCAR) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - return; - } -} - -void ndpi_search_oscar(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG_DBG(ndpi_struct, "search OSCAR\n"); - if(packet->tcp != NULL) { - ndpi_search_oscar_tcp_connect(ndpi_struct, flow); - } -} - - -void init_oscar_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - ndpi_set_bitmask_protocol_detection("Oscar", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_OSCAR, - ndpi_search_oscar, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); - - *id += 1; -} diff --git a/src/lib/protocols/pcanywhere.c b/src/lib/protocols/pcanywhere.c deleted file mode 100644 index 266b4c590..000000000 --- a/src/lib/protocols/pcanywhere.c +++ /dev/null @@ -1,67 +0,0 @@ -/* - * pcanywhere.c - * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-20 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see <http://www.gnu.org/licenses/>. - * - */ - - -#include "ndpi_protocol_ids.h" - -#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PCANYWHERE - -#include "ndpi_api.h" - - -static void ndpi_int_pcanywhere_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PCANYWHERE, NDPI_PROTOCOL_UNKNOWN); -} - -void ndpi_search_pcanywhere(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - if (packet->udp != NULL && packet->udp->dest == htons(5632) - && packet->payload_packet_len == 2 - && (memcmp(packet->payload, "NQ", 2) == 0 || memcmp(packet->payload, "ST", 2) == 0)) { - NDPI_LOG_INFO(ndpi_struct, "PC Anywhere name or status query detected\n"); - ndpi_int_pcanywhere_add_connection(ndpi_struct, flow); - return; - } - - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); -} - - -void init_pcanywhere_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - ndpi_set_bitmask_protocol_detection("PcAnywhere", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_PCANYWHERE, - ndpi_search_pcanywhere, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); - - *id += 1; -} - diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index 4b5589e6d..f2baf3056 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -75,13 +75,13 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct if (dst != NULL) { NDPI_LOG_DBG2(ndpi_struct, "found dst\n"); ndpi_packet_src_ip_get(packet, &dst->rtsp_ip_address); - dst->rtsp_timer = packet->tick_timestamp; + dst->rtsp_timer = packet->current_time_ms; dst->rtsp_ts_set = 1; } if (src != NULL) { NDPI_LOG_DBG2(ndpi_struct, "found src\n"); ndpi_packet_dst_ip_get(packet, &src->rtsp_ip_address); - src->rtsp_timer = packet->tick_timestamp; + src->rtsp_timer = packet->current_time_ms; src->rtsp_ts_set = 1; } NDPI_LOG_INFO(ndpi_struct, "found RTSP\n"); diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index 042ead2b8..7ff299070 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -29,9 +29,9 @@ #define SOULSEEK_DETECT \ if(src != NULL) \ - src->soulseek_last_safe_access_time = packet->tick_timestamp; \ + src->soulseek_last_safe_access_time = packet->current_time_ms; \ if(dst != NULL) \ - dst->soulseek_last_safe_access_time = packet->tick_timestamp; \ + dst->soulseek_last_safe_access_time = packet->current_time_ms; \ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN) void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, @@ -50,24 +50,24 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_DBG2(ndpi_struct, " SRC bitmask: %u, packet tick %llu , last safe access timestamp: %llu\n", NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK) - != 0 ? 1 : 0, (long long unsigned int) packet->tick_timestamp, + != 0 ? 1 : 0, (long long unsigned int) packet->current_time_ms, (long long unsigned int) src->soulseek_last_safe_access_time); if(dst != NULL) NDPI_LOG_DBG2(ndpi_struct, " DST bitmask: %u, packet tick %llu , last safe ts: %llu\n", NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK) - != 0 ? 1 : 0, (long long unsigned int) packet->tick_timestamp, + != 0 ? 1 : 0, (long long unsigned int) packet->current_time_ms, (long long unsigned int) dst->soulseek_last_safe_access_time); if(packet->payload_packet_len == 431) { if(dst != NULL) { - dst->soulseek_last_safe_access_time = packet->tick_timestamp; + dst->soulseek_last_safe_access_time = packet->current_time_ms; } return; } if(packet->payload_packet_len == 12 && get_l32(packet->payload, 4) == 0x02) { if(src != NULL) { - src->soulseek_last_safe_access_time = packet->tick_timestamp; + src->soulseek_last_safe_access_time = packet->current_time_ms; if(packet->tcp != NULL && src->soulseek_listen_port == 0) { src->soulseek_listen_port = get_l32(packet->payload, 8); return; @@ -75,30 +75,30 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, } } - if(src != NULL && ((u_int32_t)(packet->tick_timestamp - src->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { + if(src != NULL && ((u_int32_t)(packet->current_time_ms - src->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { NDPI_LOG_DBG2(ndpi_struct, "Soulseek: SRC update last safe access time and SKIP_FOR_TIME \n"); - src->soulseek_last_safe_access_time = packet->tick_timestamp; + src->soulseek_last_safe_access_time = packet->current_time_ms; } - if(dst != NULL && ((u_int32_t)(packet->tick_timestamp - dst->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { + if(dst != NULL && ((u_int32_t)(packet->current_time_ms - dst->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { NDPI_LOG_DBG2(ndpi_struct, "Soulseek: DST update last safe access time and SKIP_FOR_TIME \n"); - dst->soulseek_last_safe_access_time = packet->tick_timestamp; + dst->soulseek_last_safe_access_time = packet->current_time_ms; } } if(dst != NULL && dst->soulseek_listen_port != 0 && dst->soulseek_listen_port == ntohs(packet->tcp->dest) - && ((u_int32_t)(packet->tick_timestamp - dst->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { + && ((u_int32_t)(packet->current_time_ms - dst->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { NDPI_LOG_DBG2(ndpi_struct, - "Soulseek: Plain detection on Port : %u packet_tick_timestamp: %u soulseek_last_safe_access_time: %u soulseek_connection_ip_ticktimeout: %u\n", - dst->soulseek_listen_port, packet->tick_timestamp, dst->soulseek_last_safe_access_time, ndpi_struct->soulseek_connection_ip_tick_timeout); + "Soulseek: Plain detection on Port : %u packet_current_time_ms: %u soulseek_last_safe_access_time: %u soulseek_connection_ip_ticktimeout: %u\n", + dst->soulseek_listen_port, packet->current_time_ms, dst->soulseek_last_safe_access_time, ndpi_struct->soulseek_connection_ip_tick_timeout); - dst->soulseek_last_safe_access_time = packet->tick_timestamp; + dst->soulseek_last_safe_access_time = packet->current_time_ms; if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; + src->soulseek_last_safe_access_time = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found Soulseek\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); @@ -154,14 +154,14 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, const u_int32_t soulseek_listen_port = get_l32(packet->payload, 8); if(src != NULL) { - src->soulseek_last_safe_access_time = packet->tick_timestamp; + src->soulseek_last_safe_access_time = packet->current_time_ms; if(packet->tcp != NULL && src->soulseek_listen_port == 0) { src->soulseek_listen_port = soulseek_listen_port; NDPI_LOG_DBG2(ndpi_struct, "\n Listen Port Saved : %u", src->soulseek_listen_port); if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; + dst->soulseek_last_safe_access_time = packet->current_time_ms; ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); return; diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index ea044909e..30194d153 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -39,10 +39,10 @@ static void ndpi_int_thunder_add_connection(struct ndpi_detection_module_struct ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_THUNDER, NDPI_PROTOCOL_UNKNOWN); if (src != NULL) { - src->thunder_ts = packet->tick_timestamp; + src->thunder_ts = packet->current_time_ms; } if (dst != NULL) { - dst->thunder_ts = packet->tick_timestamp; + dst->thunder_ts = packet->current_time_ms; } } @@ -151,15 +151,15 @@ void ndpi_int_search_thunder_http(struct ndpi_detection_module_struct if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_THUNDER) { if (src != NULL && ((u_int32_t) - (packet->tick_timestamp - src->thunder_ts) < ndpi_struct->thunder_timeout)) { + (packet->current_time_ms - src->thunder_ts) < ndpi_struct->thunder_timeout)) { NDPI_LOG_DBG2(ndpi_struct, "thunder : save src connection packet detected\n"); - src->thunder_ts = packet->tick_timestamp; + src->thunder_ts = packet->current_time_ms; } else if (dst != NULL && ((u_int32_t) - (packet->tick_timestamp - dst->thunder_ts) < ndpi_struct->thunder_timeout)) { + (packet->current_time_ms - dst->thunder_ts) < ndpi_struct->thunder_timeout)) { NDPI_LOG_DBG2(ndpi_struct, "thunder : save dst connection packet detected\n"); - dst->thunder_ts = packet->tick_timestamp; + dst->thunder_ts = packet->current_time_ms; } return; } diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 222fa480d..4f395a34d 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -349,6 +349,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi offset += 2; if((offset+len) < packet->payload_packet_len) { + u_int32_t time_sec = flow->packet.current_time_ms / 1000; #ifdef DEBUG_TLS u_int j; @@ -374,8 +375,9 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi } } - if((flow->packet.tick_timestamp < flow->protos.stun_ssl.ssl.notBefore) - || (flow->packet.tick_timestamp > flow->protos.stun_ssl.ssl.notAfter)) + + if((time_sec < flow->protos.stun_ssl.ssl.notBefore) + || (time_sec > flow->protos.stun_ssl.ssl.notAfter)) NDPI_SET_BIT(flow->risk, NDPI_TLS_CERTIFICATE_EXPIRED); /* Certificate expired */ } } diff --git a/src/lib/protocols/tvants.c b/src/lib/protocols/tvants.c deleted file mode 100644 index 74414aa06..000000000 --- a/src/lib/protocols/tvants.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * tvants.c - * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-20 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see <http://www.gnu.org/licenses/>. - * - */ - -#include "ndpi_protocol_ids.h" - -#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TVANTS - -#include "ndpi_api.h" - -static void ndpi_int_tvants_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TVANTS, NDPI_PROTOCOL_UNKNOWN); -} - - - - -void ndpi_search_tvants_udp(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - NDPI_LOG_DBG(ndpi_struct, "search tvants. \n"); - - if (packet->udp != NULL && packet->payload_packet_len > 57 - && packet->payload[0] == 0x04 && packet->payload[1] == 0x00 - && (packet->payload[2] == 0x05 || packet->payload[2] == 0x06 - || packet->payload[2] == 0x07) && packet->payload[3] == 0x00 - && packet->payload_packet_len == (packet->payload[5] << 8) + packet->payload[4] - && packet->payload[6] == 0x00 && packet->payload[7] == 0x00 - && (memcmp(&packet->payload[48], "TVANTS", 6) == 0 - || memcmp(&packet->payload[49], "TVANTS", 6) == 0 || memcmp(&packet->payload[51], "TVANTS", 6) == 0)) { - - NDPI_LOG_INFO(ndpi_struct, "found tvants over udp. \n"); - ndpi_int_tvants_add_connection(ndpi_struct, flow); - - } else if (packet->tcp != NULL && packet->payload_packet_len > 15 - && packet->payload[0] == 0x04 && packet->payload[1] == 0x00 - && packet->payload[2] == 0x07 && packet->payload[3] == 0x00 - && packet->payload_packet_len == (packet->payload[5] << 8) + packet->payload[4] - && packet->payload[6] == 0x00 && packet->payload[7] == 0x00 - && memcmp(&packet->payload[8], "TVANTS", 6) == 0) { - - NDPI_LOG_INFO(ndpi_struct, "found tvants over tcp. \n"); - ndpi_int_tvants_add_connection(ndpi_struct, flow); - - } - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - -} - - -void init_tvants_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - ndpi_set_bitmask_protocol_detection("Tvants", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_TVANTS, - ndpi_search_tvants_udp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); - - *id += 1; -} diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index fb6516458..b43dd765a 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -46,9 +46,9 @@ u_int8_t ndpi_int_zattoo_user_agent_set(struct ndpi_detection_module_struct *ndp #define ZATTOO_DETECTED \ if (src != NULL) \ - src->zattoo_ts = packet->tick_timestamp; \ + src->zattoo_ts = packet->current_time_ms; \ if (dst != NULL) \ - dst->zattoo_ts = packet->tick_timestamp; \ + dst->zattoo_ts = packet->current_time_ms; \ \ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN) @@ -63,10 +63,10 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct NDPI_LOG_DBG(ndpi_struct, "search ZATTOO\n"); if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_ZATTOO) { - if(src != NULL && ((u_int32_t) (packet->tick_timestamp - src->zattoo_ts) < ndpi_struct->zattoo_connection_timeout)) - src->zattoo_ts = packet->tick_timestamp; - if (dst != NULL && ((u_int32_t) (packet->tick_timestamp - dst->zattoo_ts) < ndpi_struct->zattoo_connection_timeout)) - dst->zattoo_ts = packet->tick_timestamp; + if(src != NULL && ((u_int32_t) (packet->current_time_ms - src->zattoo_ts) < ndpi_struct->zattoo_connection_timeout)) + src->zattoo_ts = packet->current_time_ms; + if (dst != NULL && ((u_int32_t) (packet->current_time_ms - dst->zattoo_ts) < ndpi_struct->zattoo_connection_timeout)) + dst->zattoo_ts = packet->current_time_ms; return; } /* search over TCP */ |