Added ndpi_get_proto_by_name() for mapping protocolIDs to protocol names

Added a new parameter to ndpi_guess_protocol_id() to indicate if the guessed protocol has been set by the user through a custom protocols file
author: Luca Deri <deri@ntop.org> 2016-07-25 14:52:44 +0200
committer: Luca Deri <deri@ntop.org> 2016-07-25 14:52:44 +0200
commit: da80bd8bb4c79e7e49724d3e86a13e8e83beed9a (patch)
tree: c816539ce9196d7d0b2a84a03cb1c7e779775a3b /src/lib
parent: 32e6a79e9c93c3d7b1183a9e3dfc014b384f915c (diff)
1 files changed, 78 insertions, 31 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 203ce0c2c..4224dd2d6 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -302,9 +302,13 @@ strncasecmp(s1, s2, n)
 
 /* Forward */
 static void addDefaultPort(ndpi_port_range *range,
-			   ndpi_proto_defaults_t *def, ndpi_default_ports_tree_node_t **root);
+			   ndpi_proto_defaults_t *def,
+			   u_int8_t customUserProto,
+			   ndpi_default_ports_tree_node_t **root);
+
 static int removeDefaultPort(ndpi_port_range *range,
-			     ndpi_proto_defaults_t *def, ndpi_default_ports_tree_node_t **root);
+			     ndpi_proto_defaults_t *def,
+			     ndpi_default_ports_tree_node_t **root);
 
 /* ****************************************** */
 
@@ -373,6 +377,18 @@ char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int
   return((id >= ndpi_mod->ndpi_num_supported_protocols) ? NULL : ndpi_mod->proto_defaults[id].protoName);
 }
 
+/* ****************************************************** */
+
+u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) {
+  u_int16_t i, num = ndpi_get_num_supported_protocols(ndpi_mod);
+
+  for(i = 0; i < num; i++)
+    if(strcasecmp(ndpi_get_proto_by_id(ndpi_mod, i), name) == 0)
+      return(i);
+  
+  return(NDPI_PROTOCOL_UNKNOWN);
+}
+
 /* ******************************************************************** */
 
 ndpi_port_range* ndpi_build_default_ports_range(ndpi_port_range *ports,
@@ -445,8 +461,8 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod,
   memcpy(&ndpi_mod->proto_defaults[protoId].master_udp_protoId, udp_master_protoId, 2*sizeof(u_int16_t));
 
   for(j=0; j<MAX_DEFAULT_PORTS; j++) {
-    if(udpDefPorts[j].port_low != 0) addDefaultPort(&udpDefPorts[j], &ndpi_mod->proto_defaults[protoId], &ndpi_mod->udpRoot);
-    if(tcpDefPorts[j].port_low != 0) addDefaultPort(&tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], &ndpi_mod->tcpRoot);
+    if(udpDefPorts[j].port_low != 0) addDefaultPort(&udpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->udpRoot);
+    if(tcpDefPorts[j].port_low != 0) addDefaultPort(&tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->tcpRoot);
   }
 }
 
@@ -479,12 +495,12 @@ void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT wh
 /* ******************************************************************** */
 
 static void addDefaultPort(ndpi_port_range *range,
-			   ndpi_proto_defaults_t *def, ndpi_default_ports_tree_node_t **root) {
+			   ndpi_proto_defaults_t *def,
+			   u_int8_t customUserProto,
+			   ndpi_default_ports_tree_node_t **root) {
   ndpi_default_ports_tree_node_t *ret;
   u_int16_t port;
 
-  // printf("[NDPI] %s(%d)\n", __FUNCTION__, port);
-
   for(port=range->port_low; port<=range->port_high; port++) {
     ndpi_default_ports_tree_node_t *node = (ndpi_default_ports_tree_node_t*)ndpi_malloc(sizeof(ndpi_default_ports_tree_node_t));
 
@@ -493,11 +509,11 @@ static void addDefaultPort(ndpi_port_range *range,
       break;
     }
 
-    node->proto = def, node->default_port = port;
+    node->proto = def, node->default_port = port, node->customUserProto = customUserProto;
     ret = *(ndpi_default_ports_tree_node_t**)ndpi_tsearch(node, (void*)root, ndpi_default_ports_tree_node_t_cmp); /* Add it to the tree */
 
     if(ret != node) {
-      printf("[NDPI] %s(): found duplicate for port %u: overwriting it with new value\n", __FUNCTION__, port);
+      /* printf("[NDPI] %s(): found duplicate for port %u: overwriting it with new value\n", __FUNCTION__, port); */
 
       ret->proto = def;
       ndpi_free(node);
@@ -1864,11 +1880,11 @@ int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_
 
 /* ****************************************************** */
 
-u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct,
-				 u_int8_t proto, u_int16_t sport, u_int16_t dport) {
+static ndpi_default_ports_tree_node_t* ndpi_get_guessed_protocol_id(struct ndpi_detection_module_struct *ndpi_struct,
+								    u_int8_t proto, u_int16_t sport, u_int16_t dport) {
   const void *ret;
   ndpi_default_ports_tree_node_t node;
-
+  
   if(sport && dport) {
     int low  = ndpi_min(sport, dport);
     int high = ndpi_max(sport, dport);
@@ -1885,10 +1901,27 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struc
 		       ndpi_default_ports_tree_node_t_cmp);
     }
 
-    if(ret != NULL) {
-      ndpi_default_ports_tree_node_t *found = *(ndpi_default_ports_tree_node_t**)ret;
+    if(ret) return(*(ndpi_default_ports_tree_node_t**)ret);
+  }
+
+  return(NULL);
+}
 
-      return(found->proto->protoId);
+/* ****************************************************** */
+
+u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct,
+				 u_int8_t proto, u_int16_t sport, u_int16_t dport,
+				 u_int8_t *user_defined_proto) {
+  const void *ret;
+  ndpi_default_ports_tree_node_t node;
+
+  *user_defined_proto = 0; /* Default */
+  if(sport && dport) {
+    ndpi_default_ports_tree_node_t *found = ndpi_get_guessed_protocol_id(ndpi_struct, proto, sport, dport);
+
+    if(found != NULL) {
+      *user_defined_proto = found->customUserProto;
+      return(found->proto->protoId);    
     }
   } else {
     /* No TCP/UDP */
@@ -1942,13 +1975,13 @@ u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi
 #ifdef WIN32
 char * strsep(char **sp, char *sep)
 {
-	char *p, *s;
-	if (sp == NULL || *sp == NULL || **sp == '\0') return(NULL);
-	s = *sp;
-	p = s + strcspn(s, sep);
-	if (*p != '\0') *p++ = '\0';
-	*sp = p;
-	return(s);
+  char *p, *s;
+  if (sp == NULL || *sp == NULL || **sp == '\0') return(NULL);
+  s = *sp;
+  p = s + strcspn(s, sep);
+  if (*p != '\0') *p++ = '\0';
+  *sp = p;
+  return(s);
 }
 #endif
 
@@ -2041,7 +2074,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule,
       if(sscanf(value, "%u-%u", (unsigned int *)&range.port_low, (unsigned int *)&range.port_high) != 2)
         range.port_low = range.port_high = atoi(&elem[4]);
       if(do_add)
-        addDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot);
+        addDefaultPort(&range, def, 1 /* Custom user proto */, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot);
       else
         removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot);
     } else if(is_ip) {
@@ -3237,7 +3270,7 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru
 					       u_int8_t l4_proto,
 					       struct ndpi_id_struct *src,
 					       u_int16_t sport,
-					       struct ndpi_id_struct *dst,
+				       struct ndpi_id_struct *dst,
 					       u_int16_t dport,
 					       const u_int64_t current_tick_l,
 					       u_int8_t *payload, u_int16_t payload_len) {
@@ -3304,10 +3337,16 @@ ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_stru
 	 flow->packet.iphv6 ||
 #endif
 	 flow->packet.iph)) {
-    flow->protocol_id_already_guessed = 1;
-
-    flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, l4_proto, sport, dport);
+    u_int8_t user_defined_proto;
+    
+    flow->protocol_id_already_guessed = 1,
+      flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, l4_proto, sport, dport, &user_defined_proto);
 
+    if(user_defined_proto && (flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)) {
+      ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.protocol = flow->guessed_protocol_id;
+      return(ret);
+    }
+      
     if(flow->packet.iph) {
       if((flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN)
         flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr);
@@ -3447,6 +3486,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
     u_int16_t sport, dport;
     u_int8_t protocol;
     u_int32_t saddr, daddr;
+    u_int8_t user_defined_proto;
 
     flow->protocol_id_already_guessed = 1;
 
@@ -3463,7 +3503,12 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
     else if(flow->packet.tcp) sport = ntohs(flow->packet.tcp->source), dport = ntohs(flow->packet.tcp->dest);
     else sport = dport = 0;
 
-    flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport);
+    flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto);
+
+    if(user_defined_proto && (flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)) {
+      ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.protocol = flow->guessed_protocol_id;
+      return(ret);
+    }
 
     if(flow->packet.iph) {
       if((flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN)
@@ -4298,12 +4343,14 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct
   unsigned int rc;
   struct in_addr addr;
   ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN };
+  u_int8_t user_defined_proto;
 
   if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) {
     rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, proto, shost, dhost, sport, dport);
+
     if(rc != NDPI_PROTOCOL_UNKNOWN) {
       ret.protocol = rc,
-	ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport);
+	ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto);
 
       if(ret.protocol == ret.master_protocol)
 	ret.master_protocol = NDPI_PROTOCOL_UNKNOWN;
@@ -4311,7 +4358,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct
       return(ret);
     }
 
-    rc = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport);
+    rc = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto);
     if(rc != NDPI_PROTOCOL_UNKNOWN) {
       ret.protocol = rc;
 
@@ -4335,7 +4382,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct
 	ret.protocol = NDPI_PROTOCOL_SKYPE;
     }
   } else
-    ret.protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport);
+    ret.protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto);
 
   return(ret);
 }
author	Luca Deri <deri@ntop.org>	2016-07-25 14:52:44 +0200
committer	Luca Deri <deri@ntop.org>	2016-07-25 14:52:44 +0200
commit	da80bd8bb4c79e7e49724d3e86a13e8e83beed9a (patch)
tree	c816539ce9196d7d0b2a84a03cb1c7e779775a3b /src/lib
parent	32e6a79e9c93c3d7b1183a9e3dfc014b384f915c (diff)