diff options
| author | Hidde van der Heide <hvanderheide@nexuz.net> | 2018-01-10 10:40:54 +0100 |
|---|---|---|
| committer | Hidde van der Heide <hvanderheide@nexuz.net> | 2018-01-10 10:40:54 +0100 |
| commit | d896ce7469f5cebf08086c6ff2219c9909b02195 (patch) | |
| tree | bd1ef0564669f1c1a105320dcfc5f47c90d2e952 /src | |
| parent | bf8c9c2625928e069266b96cf92a4b493a58ff4b (diff) | |
| parent | 77cb8ccaeace7c83a697f199aa1cdd784423b47c (diff) | |
Merge remote-tracking branch 'upstream/dev' into dev
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_api.h | 4 | ||||
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 5 | ||||
| -rw-r--r-- | src/include/ndpi_protocols.h | 4 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 10 | ||||
| -rw-r--r-- | src/lib/Makefile.am | 1 | ||||
| -rw-r--r-- | src/lib/Makefile.simple | 22 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 44 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 43 | ||||
| -rw-r--r-- | src/lib/protocols/bittorrent.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/btlib.c | 16 | ||||
| -rw-r--r-- | src/lib/protocols/btlib.h | 2 | ||||
| -rw-r--r-- | src/lib/protocols/diameter.c | 132 | ||||
| -rw-r--r-- | src/lib/protocols/quic.c | 2 | ||||
| -rw-r--r-- | src/lib/third_party/src/ndpi_patricia.c | 1 |
14 files changed, 240 insertions, 48 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 9fbabc5f7..25a7612f2 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -736,7 +736,9 @@ extern "C" { void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)); void set_ndpi_flow_free(void (*__ndpi_flow_free)(void *ptr)); void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi_debug_function_ptr ndpi_debug_printf); - + void * ndpi_malloc(size_t size); + void * ndpi_calloc(unsigned long count, size_t size); + void ndpi_free(void *ptr); #ifdef __cplusplus } #endif diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index aaa25a396..30d138d3f 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -2,7 +2,7 @@ /* * ndpi_protocol_ids.h * - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -275,9 +275,10 @@ #define NDPI_PROTOCOL_SOUNDCLOUD 234 #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ #define NDPI_PROTOCOL_LISP 236 +#define NDPI_PROTOCOL_DIAMETER 237 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LISP +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_DIAMETER #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index da7acaef7..2fb105afe 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -1,7 +1,7 @@ /* * ndpi_protocols.h * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -52,6 +52,7 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* Applications and other protocols. */ +void ndpi_search_diameter(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -202,6 +203,7 @@ void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_csgo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ +void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index b28ae23f4..66026dbbb 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -178,7 +178,15 @@ struct ndpi_wifi_header PACK_ON struct ndpi_mpls_header { + /* Before using this strcut to parse an MPLS header, you will need to convert + * the 4-byte data to the correct endianess with ntohl(). */ +#if defined(__LITTLE_ENDIAN__) + u_int32_t ttl:8, s:1, exp:3, label:20; +#elif defined(__BIG_ENDIAN__) u_int32_t label:20, exp:3, s:1, ttl:8; +#else +# error "Byte order must be defined" +#endif } PACK_OFF; /* ++++++++++++++++++++++++ IP header ++++++++++++++++++++++++ */ @@ -777,7 +785,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_NETWORK, /* Network infrastructure protocols */ NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, /* Software for collaborative development, including Webmail */ NDPI_PROTOCOL_CATEGORY_RPC, /* High level network communication protocols */ - NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, /* Network administration and monitor protocols */ + NDPI_PROTOCOL_CATEGORY_STREAMING, /* Streaming protocols */ NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, /* System/Operating System level applications */ NDPI_PROTOCOL_CATEGORY_SW_UPDATE, /* Software update */ /* See #define NUM_CUSTOM_CATEGORIES */ diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index f5d065d1e..749caef35 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -38,6 +38,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/dcerpc.c \ protocols/dhcp.c \ protocols/dhcpv6.c \ + protocols/diameter.c \ protocols/directconnect.c \ protocols/directdownloadlink.c \ protocols/dns.c \ diff --git a/src/lib/Makefile.simple b/src/lib/Makefile.simple new file mode 100644 index 000000000..2a6649131 --- /dev/null +++ b/src/lib/Makefile.simple @@ -0,0 +1,22 @@ +# +# Simple non-autotools dependent makefile +# +# ./autogen.sh +# cd src/lib +# make -f Makefile.simple +# +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include +RANLIB=ranlib + +OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o +HEADERS = $(wildcard ../include/*.h) + +libndpi.a: $(OBJECTS) + ar rc $@ $(OBJECTS) + $(RANLIB) $@ + +%.o: %.c $(HEADERS) Makefile + $(CC) $(CFLAGS) -c $< -o $@ + +clean: + /bin/rm -f libndpi.a $(OBJECTS)
\ No newline at end of file diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index e306efae9..e1f46c110 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8043,7 +8043,7 @@ ndpi_protocol_match host_match[] = { { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8068,7 +8068,7 @@ ndpi_protocol_match host_match[] = { { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8102,15 +8102,15 @@ ndpi_protocol_match host_match[] = { { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /*News site*/ - { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8159,7 +8159,7 @@ ndpi_protocol_match host_match[] = { { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, @@ -8169,7 +8169,7 @@ ndpi_protocol_match host_match[] = { { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, @@ -8197,7 +8197,7 @@ ndpi_protocol_match host_match[] = { { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8268,16 +8268,16 @@ ndpi_protocol_match host_match[] = { { "githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -8310,9 +8310,9 @@ ndpi_protocol_match host_match[] = { { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sndcdn.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".sndcdn.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { "tdesktop.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5d9061465..e1979fbb2 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1,7 +1,7 @@ /* * ndpi_main.c * - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -872,7 +872,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, no_master, - no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 161, 162, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XDMCP, @@ -922,7 +922,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_SOCRATES, no_master, - no_master, "Socrates", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "Socrates", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VMWARE, @@ -1288,7 +1288,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 5060, 5061, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE, no_master, - no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_CHAT, + no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMPV6, @@ -1378,12 +1378,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW, no_master, - no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 2055, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SFLOW, no_master, - no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6343, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_CONNECT, @@ -1413,7 +1413,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS, no_master, - no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1812, 1813, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1812, 1813, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER, @@ -1451,11 +1451,21 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "QUIC", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DIAMETER, + no_master, + no_master, "Diameter", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 3868, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX, no_master, no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SPOTIFY, + no_master, + no_master, "Spotify", NDPI_PROTOCOL_CATEGORY_STREAMING, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LISP, no_master, no_master, "LISP", NDPI_PROTOCOL_CATEGORY_CLOUD, @@ -1484,7 +1494,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 5355, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_REMOTE_SCAN, no_master, - no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 6077, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6078, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_WEBM, @@ -1549,7 +1559,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHOIS_DAS, no_master, - no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 43, 4343, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD, @@ -1604,7 +1614,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2, no_master, - no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER, @@ -1659,7 +1669,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA, no_master, - no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMQP, @@ -2031,8 +2041,10 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct if(ndpi_struct->protocols_ptree) ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, free_ptree_data); - ndpi_tdestroy(ndpi_struct->udpRoot, ndpi_free); - ndpi_tdestroy(ndpi_struct->tcpRoot, ndpi_free); + if (ndpi_struct->udpRoot != NULL) + ndpi_tdestroy(ndpi_struct->udpRoot, ndpi_free); + if (ndpi_struct->tcpRoot != NULL) + ndpi_tdestroy(ndpi_struct->tcpRoot, ndpi_free); if(ndpi_struct->host_automa.ac_automa != NULL) ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->host_automa.ac_automa); @@ -2762,6 +2774,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* QUIC */ init_quic_dissector(ndpi_struct, &a, detection_bitmask); + /* DIAMETER */ + init_diameter_dissector(ndpi_struct, &a, detection_bitmask); + /* EAQ */ init_eaq_dissector(ndpi_struct, &a, detection_bitmask); @@ -4687,7 +4702,7 @@ static const char* categories[] = { "Network", "Collaborative", "RPC", - "NetworkTool", + "Streaming", "System", "SoftwareUpdate", "", diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index 727992702..81fc3baf6 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -2,7 +2,7 @@ * bittorrent.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index 66d9654bc..ac456f364 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -29,17 +29,17 @@ #include <string.h> #include <strings.h> +/* typedef unsigned char u_int8_t; typedef unsigned short int u_int16_t; typedef unsigned long long int u_int64_t; +*/ #include <stdint.h> #include <stdlib.h> #include <arpa/inet.h> #endif -typedef signed long long int i_int64_t; - #include "btlib.h" int bt_parse_debug = 0; @@ -90,6 +90,7 @@ static char *print_id_ip6_p(char *s,const struct bt_nodes6_data *b) { } +#if 0 void dump_bt_proto_struct(struct bt_parse_protocol *p) { char b20h[128]; int i; @@ -155,7 +156,9 @@ void dump_bt_proto_struct(struct bt_parse_protocol *p) { if(p->interval) printf("\tinterval\t%d\n",p->interval); if(p->min_interval) printf("\tmin interval\t%d\n",p->min_interval); } +#endif +#ifdef BTLIB_DEBUG static void _print_safe_str(char *msg,char *k,const u_int8_t *s,size_t l) { static const char *th="0123456789abcdef?"; char *buf = (char*)ndpi_malloc((size_t)(l*3+2)); @@ -183,6 +186,11 @@ static void print_safe_str(char *msg,bt_parse_data_cb_t *cbd) { } #define DEBUG_TRACE(cmd) { if(bt_parse_debug) cmd; } +#else +#define DEBUG_TRACE(cmd) ; +#endif + + #define STREQ(a,b) !strcmp(a,b) @@ -408,8 +416,8 @@ void cb_data(bt_parse_data_cb_t *cbd,int *ret) { const u_int8_t *bt_decode(const u_int8_t *b, size_t *l, int *ret, bt_parse_data_cb_t *cbd) { unsigned int n=0,neg=0; - i_int64_t d = 0; - register u_int8_t c; + int64_t d = 0; + u_int8_t c; if(*l == 0) return NULL; if(cbd->level > BDEC_MAXDEPT) goto bad_data; diff --git a/src/lib/protocols/btlib.h b/src/lib/protocols/btlib.h index a9ca53786..cc8b52b65 100644 --- a/src/lib/protocols/btlib.h +++ b/src/lib/protocols/btlib.h @@ -171,7 +171,7 @@ typedef struct bt_parse_data_cb { int level; int t; union { - i_int64_t i; + int64_t i; b_elem_s_t s; } v; } bt_parse_data_cb_t; diff --git a/src/lib/protocols/diameter.c b/src/lib/protocols/diameter.c new file mode 100644 index 000000000..24317f498 --- /dev/null +++ b/src/lib/protocols/diameter.c @@ -0,0 +1,132 @@ +/* + * aimini.c + * + * Copyright (C) 2018 - ntop.org + * Written by Michele Campus - <campus@ntop.org> + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_DIAMETER + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIAMETER + +#include "ndpi_api.h" + + +// Header Flags possibile values +#define REQUEST 0X80 +#define PROXYABLE 0X40 +#define ERROR 0X20 +#define RETRASM 0X10 + +typedef enum { + AC = 271, + AS = 274, + CC = 272, + CE = 257, + DW = 280, + DP = 282, + RA = 258, + ST = 275 +} com_type_t; + +#define DIAM_HEADER_LEN 20 + +// DIAMETER header +struct diameter_header_t +{ + u_int8_t version; + u_int8_t length[3]; + u_int8_t flags; + u_int8_t com_code[3]; + u_int32_t app_id; + u_int32_t hop_id; + u_int32_t end_id; +}; + + +// Check packet +int is_diameter(struct ndpi_packet_struct *packet, int size_payload) +{ + // check param + if(!packet || size_payload == 0) return -1; + + // cast to diameter header + struct diameter_header_t *diameter = (struct diameter_header_t *) packet; + + // check if the packet is diameter + if(diameter->version == 0x01 && + (diameter->flags == REQUEST || + diameter->flags == PROXYABLE || + diameter->flags == ERROR || + diameter->flags == RETRASM)) { + + u_int16_t com_code = diameter->com_code[2] + (diameter->com_code[1] << 8) + (diameter->com_code[0] << 8); + + if(com_code == AC || com_code == AS || + com_code == CC || com_code == CE || + com_code == DW || com_code == DP || + com_code == RA || com_code == ST) + return 0; // OK + } + // wrong packet + return -2; +} + + +void ndpi_search_diameter(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + // Diameter is on TCP + if(packet->tcp) { + + /* Check if it's diameter */ + int ret = is_diameter(packet, packet->payload_packet_len); + if(ret != 0) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + else { + NDPI_LOG_INFO(ndpi_struct, "found Diameter\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIAMETER, NDPI_PROTOCOL_UNKNOWN); + } + } + else { // UDP + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } +} + + +void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, + NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("Diameter", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_DIAMETER, ndpi_search_diameter, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + +#endif /* NDPI_PROTOCOL_DIAMETER */ + diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 24a2b8f12..203aead36 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1,7 +1,7 @@ /* * quic.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * Based on code of: * Andrea Buscarinu - <andrea.buscarinu@gmail.com> diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index fe63b21b1..2bc4f869c 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -54,6 +54,7 @@ #include <arpa/inet.h> /* BSD, Linux, Solaris: for inet_addr */ #endif #include "ndpi_patricia.h" +#include "ndpi_api.h" void ndpi_DeleteEntry(void *a) { ndpi_free(a); |