diff options
| author | Luca Deri <deri@ntop.org> | 2015-05-13 23:37:31 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2015-05-13 23:37:31 +0200 |
| commit | bcd83807040f8f00599751274de4efedfa59785d (patch) | |
| tree | 5ba5b2330c42b767d0ef816d181ea7b4826bb64f /src | |
| parent | 08c8fe741194079e9d30d40678e2ebc5cf6b42d6 (diff) | |
Added improvement for handling bit-torrent search on UDP
Added quic protocol sample
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/ndpi_main.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/bittorrent.c | 73 |
2 files changed, 42 insertions, 33 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 379cd034b..b175ffe1b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -946,7 +946,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, no_master, "BitTorrent", ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_build_default_ports(ports_b, 6771, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EPP, no_master, no_master, "EPP", diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index 4be42548f..5fe371a33 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -384,6 +384,8 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st ndpi_int_search_bittorrent_tcp(ndpi_struct, flow); } else if(packet->udp != NULL) { + char *bt_search = "BT-SEARCH * HTTP/1.1\r\n"; + if((ntohs(packet->udp->source) < 1024) || (ntohs(packet->udp->dest) < 1024) /* High ports only */) return; @@ -395,44 +397,51 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st */ if(packet->payload_packet_len >= 23 /* min header size */) { - /* Check if this is protocol v0 */ - u_int8_t v0_extension = packet->payload[17]; - u_int8_t v0_flags = packet->payload[18]; - - /* Check if this is protocol v1 */ - u_int8_t v1_version = packet->payload[0]; - u_int8_t v1_extension = packet->payload[1]; - u_int32_t v1_window_size = *((u_int32_t*)&packet->payload[12]); - - if((packet->payload[0]== 0x60) - && (packet->payload[1]== 0x0) - && (packet->payload[2]== 0x0) - && (packet->payload[3]== 0x0) - && (packet->payload[4]== 0x0)) { - /* Heuristic */ - goto bittorrent_found; - } else if(((v1_version & 0x0f) == 1) - && ((v1_version >> 4) < 5 /* ST_NUM_STATES */) - && (v1_extension < 3 /* EXT_NUM_EXT */) - && (v1_window_size < 32768 /* 32k */) - ) { - goto bittorrent_found; - } else if((v0_flags < 6 /* ST_NUM_STATES */) - && (v0_extension < 3 /* EXT_NUM_EXT */)) { - u_int32_t ts = ntohl(*((u_int32_t*)&(packet->payload[4]))); - u_int32_t now; + if(strncmp((const char*)packet->payload, bt_search, strlen(bt_search)) == 0) { + ndpi_add_connection_as_bittorrent(ndpi_struct, flow, + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION, + NDPI_REAL_PROTOCOL); + return; + } else { + /* Check if this is protocol v0 */ + u_int8_t v0_extension = packet->payload[17]; + u_int8_t v0_flags = packet->payload[18]; + + /* Check if this is protocol v1 */ + u_int8_t v1_version = packet->payload[0]; + u_int8_t v1_extension = packet->payload[1]; + u_int32_t v1_window_size = *((u_int32_t*)&packet->payload[12]); + + if((packet->payload[0]== 0x60) + && (packet->payload[1]== 0x0) + && (packet->payload[2]== 0x0) + && (packet->payload[3]== 0x0) + && (packet->payload[4]== 0x0)) { + /* Heuristic */ + goto bittorrent_found; + } else if(((v1_version & 0x0f) == 1) + && ((v1_version >> 4) < 5 /* ST_NUM_STATES */) + && (v1_extension < 3 /* EXT_NUM_EXT */) + && (v1_window_size < 32768 /* 32k */) + ) { + goto bittorrent_found; + } else if((v0_flags < 6 /* ST_NUM_STATES */) + && (v0_extension < 3 /* EXT_NUM_EXT */)) { + u_int32_t ts = ntohl(*((u_int32_t*)&(packet->payload[4]))); + u_int32_t now; #ifndef __KERNEL__ - now = (u_int32_t)time(NULL); + now = (u_int32_t)time(NULL); #else - struct timespec t; + struct timespec t; - getnstimeofday(&t); - now = t.tv_sec; + getnstimeofday(&t); + now = t.tv_sec; #endif - if((ts < (now+86400)) && (ts > (now-86400))) { - goto bittorrent_found; + if((ts < (now+86400)) && (ts > (now-86400))) { + goto bittorrent_found; + } } } } |