Improved Viber protocol dissection

Added Hulu dissection
author: Luca Deri <deri@ntop.org> 2019-10-02 20:57:17 +0200
committer: Luca Deri <deri@ntop.org> 2019-10-02 20:57:17 +0200
commit: 8f20e482ce3262426e8fbb2c0a4888f1e159ee56 (patch)
tree: 1f5a20551ee34ba93323fe26000c0af531cba173 /src/lib
parent: 7f510c10fe1f764bf42417110cd53cf6ac765a4b (diff)
3 files changed, 22 insertions, 7 deletions
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index db1dedbdc..85cc60b58 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -8276,6 +8276,7 @@ static ndpi_network host_protocol_list[] = {
   { 0xDD7A5980 /* 221.122.89.128/25 */, 25, NDPI_PROTOCOL_ZOOM },
   /* 2620:123:2000::/44 IPV6 */
 
+  /* PS_VUE IP address */
   { 0x08F8DA14 /* 8.248.218.20/32 */, 32, NDPI_PROTOCOL_PS_VUE },
   { 0x08FA6E14 /* 8.250.110.20/32 */, 32, NDPI_PROTOCOL_PS_VUE },
   { 0x08FC028B /* 8.252.2.139/32 */, 32, NDPI_PROTOCOL_PS_VUE },
@@ -8306,6 +8307,15 @@ static ndpi_network host_protocol_list[] = {
   { 0xA7CEDA82 /* 167.206.218.130/32*/, 32, NDPI_PROTOCOL_PS_VUE },
   { 0xA7CEDA8A /* 167.206.218.138/32*/, 32, NDPI_PROTOCOL_PS_VUE },
 
+  /* AS23286 Hulu, LLC. */
+  { 0x081C7C00 /* 8.28.124.0/24 */, 24, NDPI_PROTOCOL_HULU },
+  { 0x081C7D00 /* 8.28.125.0/24 */, 24, NDPI_PROTOCOL_HULU },
+  { 0xC7C83200 /* 199.200.50.0/23 */, 23, NDPI_PROTOCOL_HULU },
+  { 0xC7C83300 /* 199.200.51.0/24 */, 24, NDPI_PROTOCOL_HULU },
+  { 0xC73C7400 /* 199.60.116.0/24 */, 24, NDPI_PROTOCOL_HULU },
+  { 0xD05B9E00 /* 208.91.158.0/23 */, 23, NDPI_PROTOCOL_HULU },
+  { 0xD1F9BA00 /* 209.249.186.0/24 */, 24, NDPI_PROTOCOL_HULU },
+
   { 0x0, 0, 0 }
 };
 
@@ -8770,6 +8780,8 @@ static ndpi_protocol_match host_match[] = {
   { ".ppstream.com", NULL, "\\.ppstream" TLD,                          "PPStream",         NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
   { ".pps.tv", NULL, "\\.pps\\.tv$",                                   "PPStream",         NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
 
+  { ".hulu.com", NULL, "\\.hulu",                                       "Hulu",            NDPI_PROTOCOL_HULU, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN },
+  
   /*
     VidTO streaming service
   */
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 4db0fdaa9..07f96cca8 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1288,11 +1288,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    no_master, "AFP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
 			    ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FREE_137,
-                            0 /* can_have_a_subprotocol */, no_master,
-                            no_master, "Free137", NDPI_PROTOCOL_CATEGORY_WEB,
-                            ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
-                            ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+    ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HULU,
+			    0 /* can_have_a_subprotocol */, no_master,
+			    no_master, "Hulu", NDPI_PROTOCOL_CATEGORY_STREAMING,
+			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CHECKMK,
                             0 /* can_have_a_subprotocol */, no_master,
                             no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c
index dfeeb3626..28ac864e7 100644
--- a/src/lib/protocols/viber.c
+++ b/src/lib/protocols/viber.c
@@ -2,7 +2,7 @@
  * viber.c 
  *
  * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
- * Copyright (C) 2013-19 - ntop.org
+ * Copyright (C) 2013-18 - ntop.org
  *
  * This module is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -34,8 +34,11 @@ void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct, struct
   if(packet->udp != NULL) {
     NDPI_LOG_DBG2(ndpi_struct, "calculating dport over udp\n");
 
-    if((packet->payload_packet_len == 12 && packet->payload[2] == 0x03 && packet->payload[3] == 0x00)
+    if((packet->payload[2] == 0x03 && packet->payload[3] == 0x00)
        || (packet->payload_packet_len == 20 && packet->payload[2] == 0x09 && packet->payload[3] == 0x00)
+       || (packet->payload[2] == 0x01 && packet->payload[3] == 0x00 && packet->payload[4] == 0x05 && packet->payload[5] == 0x00)
+       || (packet->payload_packet_len == 34 && packet->payload[2] == 0x19 && packet->payload[3] == 0x00)
+       || (packet->payload_packet_len == 34 && packet->payload[2] == 0x1b && packet->payload[3] == 0x00)
        ) {
       NDPI_LOG_DBG(ndpi_struct, "found VIBER\n");
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_UNKNOWN);
author	Luca Deri <deri@ntop.org>	2019-10-02 20:57:17 +0200
committer	Luca Deri <deri@ntop.org>	2019-10-02 20:57:17 +0200
commit	8f20e482ce3262426e8fbb2c0a4888f1e159ee56 (patch)
tree	1f5a20551ee34ba93323fe26000c0af531cba173 /src/lib
parent	7f510c10fe1f764bf42417110cd53cf6ac765a4b (diff)