Added MPEG TS protocol

Fixed possible decoding loop in RTCP dissector
Added test pcap for mpegts

7 files changed, 75 insertions, 5 deletions

diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index b1ad06a2f..c1e460565 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -244,10 +244,10 @@
 #define NDPI_SERVICE_TWITCH                             195 /* Edoardo Dominici <edoaramis@gmail.com>  */
 #define NDPI_SERVICE_QUICKPLAY                          196 /* Streaming service used by various services such as hooq.tv  */
 #define NDPI_SERVICE_TIM                                197 /* Traffic for tim.com.br and tim.it */
-
+#define NDPI_PROTOCOL_MPEGTS        			198
 
 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
-#define NDPI_LAST_IMPLEMENTED_PROTOCOL			NDPI_SERVICE_TIM
+#define NDPI_LAST_IMPLEMENTED_PROTOCOL			NDPI_PROTOCOL_MPEGTS
 
 #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
 #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS                   (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index 691118309..054f3f366 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -180,5 +180,6 @@ void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, stru
 void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 
 #endif /* __NDPI_PROTOCOLS_INCLUDE_FILE__ */
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 5cebcdff1..36341dde5 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -74,6 +74,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \
 		     protocols/megaco.c \
 		     protocols/mgcp.c \
 		     protocols/mms.c \
+		     protocols/mpegts.c \
 		     protocols/msn.c \
 		     protocols/mssql.c \
 		     protocols/mysql.c \
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index a8d5dfc5f..c800377dc 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1476,6 +1476,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    no_master, "KakaoTalk_Voice",
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MPEGTS,
+			    no_master,
+			    no_master, "MPEG_TS",
+			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
 
     custom_master[0] = NDPI_PROTOCOL_HTTP, custom_master[1] = NDPI_PROTOCOL_UNKNOWN;
     custom_master1[0] = NDPI_PROTOCOL_DNS, custom_master1[1] = NDPI_PROTOCOL_UNKNOWN;
@@ -3284,7 +3289,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
 #endif
 
 #ifdef NDPI_PROTOCOL_SKYPE
-  ndpi_set_bitmask_protocol_detection("SKYPE", ndpi_struct, detection_bitmask, a++,
+  ndpi_set_bitmask_protocol_detection("Skype", ndpi_struct, detection_bitmask, a++,
 				      NDPI_PROTOCOL_SKYPE,
 				      ndpi_search_skype,
 				      NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
@@ -3590,6 +3595,15 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
 				      ADD_TO_DETECTION_BITMASK);
 #endif
 
+#ifdef NDPI_PROTOCOL_MPEGTS
+  ndpi_set_bitmask_protocol_detection("MPEG_TS", ndpi_struct, detection_bitmask, a++,
+				      NDPI_PROTOCOL_MPEGTS,
+				      ndpi_search_mpegts,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+				      ADD_TO_DETECTION_BITMASK);
+#endif
+
   ndpi_struct->callback_buffer_size = a;
 
   NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG,
diff --git a/src/lib/protocols/mpegts.c b/src/lib/protocols/mpegts.c
new file mode 100644
index 000000000..f0e81ac5b
--- /dev/null
+++ b/src/lib/protocols/mpegts.c
@@ -0,0 +1,53 @@
+/*
+ * mpegts.c (MPEG Transport Stream)
+ *          https://en.wikipedia.org/wiki/MPEG_transport_stream
+ *
+ * Copyright (C) 2015 - ntop.org
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#include "ndpi_api.h"
+
+#ifdef NDPI_PROTOCOL_MPEGTS
+
+void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+  struct ndpi_packet_struct *packet = &flow->packet;
+  u_int16_t dport = 0, sport = 0;
+
+  NDPI_LOG(NDPI_PROTOCOL_MPEGTS, ndpi_struct, NDPI_LOG_DEBUG, "search for MPEGTS.\n");
+
+  if((packet->udp != NULL) && ((packet->payload_packet_len % 188) == 0)) {
+    u_int i, num_chunks = packet->payload_packet_len / 188;
+    u_int32_t pkt_id;
+    
+    for(i=0; i<num_chunks; i++) {
+      u_int offset = 188 * i;
+
+      if(packet->payload[offset] != 0x47) goto no_mpegts;
+    }
+
+    /* This looks MPEG TS */
+    ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_MPEGTS, NDPI_REAL_PROTOCOL);
+    return;
+  }    
+
+ no_mpegts:
+  NDPI_LOG(NDPI_PROTOCOL_MPEGTS, ndpi_struct, NDPI_LOG_DEBUG, "Excluded MPEGTS.\n");
+  NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MPEGTS);
+}
+#endif
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index 57cfa0cc0..085ce36b6 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -2,7 +2,8 @@
  * quic.c
  *
  * Andrea Buscarinu - <andrea.buscarinu@gmail.com>
- * Michele Campus - <michelecampus5@gmail.com>
+ * Michele Campus - <campus@ntop.org>
+ *
  * Copyright (C) 2012-15 - ntop.org
  *
  * This module is free software: you can redistribute it and/or modify
diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c
index f618261dd..0c84c085f 100644
--- a/src/lib/protocols/rtcp.c
+++ b/src/lib/protocols/rtcp.c
@@ -42,7 +42,7 @@ void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct n
       len = packet->payload[2+offset] * 256 + packet->payload[2+offset+1];
       rtcp_section_len = (len + 1) * 4;
       
-      if((offset+rtcp_section_len) > packet->payload_packet_len)
+      if(((offset+rtcp_section_len) > packet->payload_packet_len) || (rtcp_section_len == 0))
 	goto exclude_rtcp;
       else
 	offset += rtcp_section_len;