Fixes #1033

author: Luca Deri <deri@ntop.org> 2020-10-21 20:59:02 +0200
committer: Luca Deri <deri@ntop.org> 2020-10-21 20:59:02 +0200
commit: 9dac9945c9954d82cce16364e1f1190cee16063b (patch)
tree: e0390ce88e041e614d713debc37459e461c8226e /src/lib
parent: efb712c2c0958a08e2b3ee2fd9969df3e559e5c8 (diff)
3 files changed, 29 insertions, 77 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 43ce68699..8e5e2631f 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -927,8 +927,8 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  no_master, no_master, "TVUplayer", NDPI_PROTOCOL_CATEGORY_VIDEO,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-  ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_DOWNLOAD,
-			  1 /* can_have_a_subprotocol */, no_master, no_master, "HTTP_Download",
+  ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FREE60,
+			  1 /* can_have_a_subprotocol */, no_master, no_master, "FREE60",
 			  NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
@@ -1141,8 +1141,8 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  no_master, no_master, "Guildwars", NDPI_PROTOCOL_CATEGORY_GAME,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-  ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_ACTIVESYNC,
-			  1 /* can_have_a_subprotocol */, no_master, no_master, "HTTP_ActiveSync",
+  ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FREE110,
+			  1 /* can_have_a_subprotocol */, no_master, no_master, "FREE110",
 			  NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KERBEROS, 0 /* can_have_a_subprotocol */,
@@ -3015,9 +3015,6 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
   /* XBOX */
   init_xbox_dissector(ndpi_str, &a, detection_bitmask);
 
-  /* HTTP_APPLICATION_ACTIVESYNC */
-  init_http_activesync_dissector(ndpi_str, &a, detection_bitmask);
-
   /* SMB */
   init_smb_dissector(ndpi_str, &a, detection_bitmask);
 
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 2cc42edad..48a3010f2 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -32,6 +32,10 @@ static const char* binary_file_mimes_e[] = { "exe", NULL };
 static const char* binary_file_mimes_v[] = { "vnd.ms-cab-compressed", "vnd.microsoft.portable-executable", NULL };
 static const char* binary_file_mimes_x[] = { "x-msdownload", "x-dosexec", NULL };
 
+static const char* download_file_mimes_b[] = { "bz", "bz2", NULL };
+static const char* download_file_mimes_o[] = { "octet-stream", NULL };
+static const char* download_file_mimes_x[] = { "x-tar", "x-zip", "x-bzip", NULL };
+
 #define ATTACHMENT_LEN    3
 static const char* binary_file_ext[] = {
 					"exe",
@@ -113,7 +117,27 @@ static ndpi_protocol_category_t ndpi_http_check_content(struct ndpi_detection_mo
 	const char** cmp_mimes = NULL;
 
 	switch(app[0]) {
-	case 'e': cmp_mimes = binary_file_mimes_e; break;
+	case 'b': cmp_mimes = download_file_mimes_b; break;
+	case 'o': cmp_mimes = download_file_mimes_o; break;	  
+	case 'x': cmp_mimes = download_file_mimes_x; break;
+	}
+
+	if(cmp_mimes != NULL) {
+	  u_int8_t i;
+
+	  for(i = 0; cmp_mimes[i] != NULL; i++) {
+	    if(strncasecmp(app, cmp_mimes[i], app_len_avail) == 0) {
+	      flow->guessed_category = flow->category = NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT;
+	      NDPI_LOG_INFO(ndpi_struct, "found executable HTTP transfer");
+	      break;
+	    }
+	  }
+	}
+
+	/* ***************************************** */
+	
+	switch(app[0]) {
+	case 'e': cmp_mimes = binary_file_mimes_e; break;	  
 	case 'v': cmp_mimes = binary_file_mimes_v; break;
 	case 'x': cmp_mimes = binary_file_mimes_x; break;
 	}
diff --git a/src/lib/protocols/http_activesync.c b/src/lib/protocols/http_activesync.c
deleted file mode 100644
index 5e0f5020a..000000000
--- a/src/lib/protocols/http_activesync.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * http_activesync.c
- *
- * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-20 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP_ACTIVESYNC
-
-#include "ndpi_api.h"
-
-static void ndpi_int_activesync_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
-  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_ACTIVESYNC, NDPI_PROTOCOL_HTTP);
-}
-
-void ndpi_search_activesync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
-  struct ndpi_packet_struct *packet = &flow->packet;
-	
-  NDPI_LOG_DBG(ndpi_struct, "search activesync\n");
-  if (packet->tcp != NULL) {
-
-    if (packet->payload_packet_len > 150
-	&& ((memcmp(packet->payload, "OPTIONS /Microsoft-Server-ActiveSync?", 37) == 0)
-	    || (memcmp(packet->payload, "POST /Microsoft-Server-ActiveSync?", 34) == 0))) {
-      ndpi_int_activesync_add_connection(ndpi_struct, flow);
-      NDPI_LOG_INFO(ndpi_struct, "found ActiveSync \n");
-      return;
-    }
-  }
-
-  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-}
-
-void init_http_activesync_dissector(struct ndpi_detection_module_struct *ndpi_struct,
-				    u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
-{
-  ndpi_set_bitmask_protocol_detection("HTTP_Application_ActiveSync", ndpi_struct, detection_bitmask, *id,
-				      NDPI_PROTOCOL_HTTP_ACTIVESYNC,
-				      ndpi_search_activesync,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
-				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-				      ADD_TO_DETECTION_BITMASK);
-
-  *id += 1;
-}
-
author	Luca Deri <deri@ntop.org>	2020-10-21 20:59:02 +0200
committer	Luca Deri <deri@ntop.org>	2020-10-21 20:59:02 +0200
commit	9dac9945c9954d82cce16364e1f1190cee16063b (patch)
tree	e0390ce88e041e614d713debc37459e461c8226e /src/lib
parent	efb712c2c0958a08e2b3ee2fd9969df3e559e5c8 (diff)