aboutsummaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorCampus <campus@ntop.org>2016-10-12 00:10:06 +0200
committerCampus <campus@ntop.org>2016-10-12 00:10:06 +0200
commit3b95cd9a1133071ebf475c58aa830f83965bb889 (patch)
tree987ae2a8a43a2a45ecf7fe5a09e12770226a24e8 /src/lib
parentbbe47170752ad80c7ee7b246c83f97ae4ae908fb (diff)
fix vnc dissector
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/protocols/vnc.c63
1 files changed, 30 insertions, 33 deletions
diff --git a/src/lib/protocols/vnc.c b/src/lib/protocols/vnc.c
index 5d793bccf..6315a2aa5 100644
--- a/src/lib/protocols/vnc.c
+++ b/src/lib/protocols/vnc.c
@@ -1,8 +1,7 @@
/*
* vnc.c
*
- * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2016 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -21,48 +20,46 @@
* along with nDPI. If not, see <http://www.gnu.org/licenses/>.
*
*/
-
-
#include "ndpi_protocols.h"
#ifdef NDPI_PROTOCOL_VNC
-static void ndpi_int_vnc_add_connection(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VNC, NDPI_PROTOCOL_UNKNOWN);
-}
-
-/*
- return 0 if nothing has been detected
- return 1 if it is a http packet
-*/
void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
- // struct ndpi_id_struct *src=ndpi_struct->src;
- // struct ndpi_id_struct *dst=ndpi_struct->dst;
-
-
- if (flow->l4.tcp.vnc_stage == 0) {
- if (packet->payload_packet_len == 12
- && memcmp(packet->payload, "RFB 003.00", 10) == 0 && packet->payload[11] == 0x0a) {
- NDPI_LOG(NDPI_PROTOCOL_VNC, ndpi_struct, NDPI_LOG_DEBUG, "reached vnc stage one\n");
- flow->l4.tcp.vnc_stage = 1 + packet->packet_direction;
- return;
- }
- } else if (flow->l4.tcp.vnc_stage == 2 - packet->packet_direction) {
- if (packet->payload_packet_len == 12
- && memcmp(packet->payload, "RFB 003.00", 10) == 0 && packet->payload[11] == 0x0a) {
- NDPI_LOG(NDPI_PROTOCOL_VNC, ndpi_struct, NDPI_LOG_DEBUG, "found vnc\n");
- ndpi_int_vnc_add_connection(ndpi_struct, flow);
- return;
+ /* search over TCP */
+ if(packet->tcp) {
+
+ if(flow->l4.tcp.vnc_stage == 0) {
+
+ if(packet->payload_packet_len == 12 &&
+ (memcmp(packet->payload, "RFB 003.003", 11) == 0 && packet->payload[11] == 0x0a) ||
+ (memcmp(packet->payload, "RFB 003.007", 11) == 0 && packet->payload[11] == 0x0a) ||
+ (memcmp(packet->payload, "RFB 003.008", 11) == 0 && packet->payload[11] == 0x0a) ||
+ (memcmp(packet->payload, "RFB 004.001", 11) == 0 && packet->payload[11] == 0x0a)) {
+
+ NDPI_LOG(NDPI_PROTOCOL_VNC, ndpi_struct, NDPI_LOG_DEBUG, "reached vnc stage one\n");
+ flow->l4.tcp.vnc_stage = 1 + packet->packet_direction;
+ return;
+ }
+ } else if(flow->l4.tcp.vnc_stage == 2 - packet->packet_direction) {
+
+ if(packet->payload_packet_len == 12 &&
+ (memcmp(packet->payload, "RFB 003.003", 11) == 0 && packet->payload[11] == 0x0a) ||
+ (memcmp(packet->payload, "RFB 003.007", 11) == 0 && packet->payload[11] == 0x0a) ||
+ (memcmp(packet->payload, "RFB 003.008", 11) == 0 && packet->payload[11] == 0x0a) ||
+ (memcmp(packet->payload, "RFB 004.001", 11) == 0 && packet->payload[11] == 0x0a)) {
+
+ NDPI_LOG(NDPI_PROTOCOL_VNC, ndpi_struct, NDPI_LOG_DEBUG, "found vnc\n");
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VNC, NDPI_PROTOCOL_UNKNOWN);
+ return;
+ }
}
}
+ /* exclude VNC */
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VNC);
-
}
@@ -74,7 +71,7 @@ void init_vnc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);
-
+
*id += 1;
}
Powered by cgit, Themed by Ted Yin.