diff options
| author | Luca <deri@ntop.org> | 2017-04-19 09:56:51 +0200 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2017-04-19 09:56:51 +0200 |
| commit | 45582194cf0fa64160530e8dac1e6fb4410e95a2 (patch) | |
| tree | 10c919da3fc68999332907f8638b06ef99e30b2c /src/lib | |
| parent | 56b6c7ed93b7fbdc1963200c208437c16fe5437f (diff) | |
Added DNScrypt detection
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 4 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 10 |
2 files changed, 10 insertions, 4 deletions
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index d9ceb77a4..6bf18ffbc 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8144,7 +8144,7 @@ ndpi_protocol_match host_match[] = { { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - + { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; @@ -8217,6 +8217,8 @@ ndpi_protocol_match content_match[] = { - www.qbtxzhetq4s2f.com - www.fgd2iwya7vinfutj5wq5we.net + See also DGA (Domain Generation Algorithm) + In essence www.<name>.com|net To do things properly we should check if host name in the certificate diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b07557b5a..5e864383a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1616,9 +1616,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - - /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNSCRYPT, + no_master, + no_master, "DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + +/* To be removed as soon as we define new protocols */ ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); |