diff options
| author | Luca Deri <deri@ntop.org> | 2019-10-20 21:49:45 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2019-10-20 21:49:45 +0200 |
| commit | 1a5c7daaf67b316ad9cdcf5bba911db1a7e58f12 (patch) | |
| tree | 3a7e797f3ac1979bcdbea70a755b7148a042117c /src | |
| parent | c1ba4764b54be167459e5647efe1c8d57310f151 (diff) | |
Implemented FTP user/pwd extraction
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 4 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 9 | ||||
| -rw-r--r-- | src/lib/protocols/ftp_control.c | 587 |
3 files changed, 341 insertions, 259 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 8eb481f47..9535136e1 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1235,6 +1235,10 @@ struct ndpi_flow_struct { } http; struct { + char username[16], password[16]; + } ftp; + + struct { /* Bittorrent hash */ u_char hash[20]; } bittorrent; diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index bda7f15ad..4d98aa6d2 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -881,6 +881,13 @@ int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct, ndpi_serialize_end_of_block(serializer); break; + case NDPI_PROTOCOL_FTP_CONTROL: + ndpi_serialize_start_of_block(serializer, "ftp"); + ndpi_serialize_string_string(serializer, "user", flow->protos.ftp.username); + ndpi_serialize_string_string(serializer, "password", flow->protos.ftp.password); + ndpi_serialize_end_of_block(serializer); + break; + case NDPI_PROTOCOL_SSH: ndpi_serialize_start_of_block(serializer, "ssh"); ndpi_serialize_string_string(serializer, "client_signature", flow->protos.ssh.client_signature); @@ -909,10 +916,12 @@ int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct, ndpi_serialize_string_string(serializer, "client_cert", flow->protos.stun_ssl.ssl.client_certificate); ndpi_serialize_string_string(serializer, "server_cert", flow->protos.stun_ssl.ssl.server_certificate); ndpi_serialize_string_string(serializer, "issuer", flow->protos.stun_ssl.ssl.server_organization); + if(before) { strftime(notBefore, sizeof(notBefore), "%F %T", before); ndpi_serialize_string_string(serializer, "notbefore", notBefore); } + if(after) { strftime(notAfter, sizeof(notAfter), "%F %T", after); ndpi_serialize_string_string(serializer, "notafter", notAfter); diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index 7a3250b8c..e33a802da 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -18,7 +18,7 @@ * * You should have received a copy of the GNU Lesser General Public License * along with nDPI. If not, see <http://www.gnu.org/licenses/>. - * + * */ #include "ndpi_protocol_ids.h" @@ -27,982 +27,1051 @@ #include "ndpi_api.h" +// #define FTP_DEBUG + +/* *************************************************************** */ -static void ndpi_int_ftp_control_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FTP_CONTROL, NDPI_PROTOCOL_UNKNOWN); +static void ndpi_int_ftp_control_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + ndpi_set_detected_protocol(ndpi_struct, flow, + NDPI_PROTOCOL_FTP_CONTROL, NDPI_PROTOCOL_UNKNOWN); } -static int ndpi_ftp_control_check_request(const u_int8_t *payload, size_t payload_len) { +/* *************************************************************** */ + +static void ftp_payload_copy(u_int8_t *dest, u_int dest_len, + const u_int8_t *src, u_int src_len) { + u_int i, j, k = dest_len-1; - if (ndpi_match_strprefix(payload, payload_len, "ABOR")) { - return 1; + for(i=5, j=0; i<src_len; i++) { + if((j == k) || ((src[i] == '\r') + || (src[i] == '\n') + || (src[i] == ' ') + )) + break; + + dest[j++] = src[i]; } - - if (ndpi_match_strprefix(payload, payload_len, "ACCT")) { + + dest[k] = '\0'; +} + +/* *************************************************************** */ + +static int ndpi_ftp_control_check_request(struct ndpi_flow_struct *flow, + const u_int8_t *payload, + size_t payload_len) { +#ifdef FTP_DEBUG + printf("%s() [%s]\n", __FUNCTION__, payload); +#endif + + if(ndpi_match_strprefix(payload, payload_len, "USER")) { + ftp_payload_copy((u_int8_t*)flow->protos.ftp.username, + sizeof(flow->protos.ftp.username), + payload, payload_len); return 1; } - if (ndpi_match_strprefix(payload, payload_len, "ADAT")) { + if(ndpi_match_strprefix(payload, payload_len, "PASS")) { + ftp_payload_copy((u_int8_t*)flow->protos.ftp.password, + sizeof(flow->protos.ftp.password), + payload, payload_len); return 1; } - if (ndpi_match_strprefix(payload, payload_len, "ALLO")) { + /* ***************************************************** */ + + if(ndpi_match_strprefix(payload, payload_len, "ABOR")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "APPE")) { + if(ndpi_match_strprefix(payload, payload_len, "ACCT")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "AUTH")) { + if(ndpi_match_strprefix(payload, payload_len, "ADAT")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "CCC")) { + + if(ndpi_match_strprefix(payload, payload_len, "ALLO")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "CDUP")) { + if(ndpi_match_strprefix(payload, payload_len, "APPE")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "CONF")) { + if(ndpi_match_strprefix(payload, payload_len, "AUTH")) { + return 1; + } + if(ndpi_match_strprefix(payload, payload_len, "CCC")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "CWD")) { + if(ndpi_match_strprefix(payload, payload_len, "CDUP")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "DELE")) { + if(ndpi_match_strprefix(payload, payload_len, "CONF")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "ENC")) { + if(ndpi_match_strprefix(payload, payload_len, "CWD")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "EPRT")) { + if(ndpi_match_strprefix(payload, payload_len, "DELE")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "EPSV")) { + if(ndpi_match_strprefix(payload, payload_len, "ENC")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "FEAT")) { + if(ndpi_match_strprefix(payload, payload_len, "EPRT")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "HELP")) { + if(ndpi_match_strprefix(payload, payload_len, "EPSV")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "LANG")) { + if(ndpi_match_strprefix(payload, payload_len, "FEAT")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "LIST")) { + if(ndpi_match_strprefix(payload, payload_len, "HELP")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "LPRT")) { + if(ndpi_match_strprefix(payload, payload_len, "LANG")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "LPSV")) { + if(ndpi_match_strprefix(payload, payload_len, "LIST")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "MDTM")) { + if(ndpi_match_strprefix(payload, payload_len, "LPRT")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "MIC")) { + if(ndpi_match_strprefix(payload, payload_len, "LPSV")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "MKD")) { + if(ndpi_match_strprefix(payload, payload_len, "MDTM")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "MLSD")) { + if(ndpi_match_strprefix(payload, payload_len, "MIC")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "MLST")) { + if(ndpi_match_strprefix(payload, payload_len, "MKD")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "MODE")) { + if(ndpi_match_strprefix(payload, payload_len, "MLSD")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "NLST")) { + if(ndpi_match_strprefix(payload, payload_len, "MLST")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "NOOP")) { + if(ndpi_match_strprefix(payload, payload_len, "MODE")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "OPTS")) { + if(ndpi_match_strprefix(payload, payload_len, "NLST")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "PASS")) { + if(ndpi_match_strprefix(payload, payload_len, "NOOP")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "PASV")) { + if(ndpi_match_strprefix(payload, payload_len, "OPTS")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "PBSZ")) { + if(ndpi_match_strprefix(payload, payload_len, "PASV")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "PORT")) { + if(ndpi_match_strprefix(payload, payload_len, "PBSZ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "PROT")) { + if(ndpi_match_strprefix(payload, payload_len, "PORT")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "PWD")) { + if(ndpi_match_strprefix(payload, payload_len, "PROT")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "QUIT")) { + if(ndpi_match_strprefix(payload, payload_len, "PWD")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "REIN")) { + if(ndpi_match_strprefix(payload, payload_len, "QUIT")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "REST")) { + if(ndpi_match_strprefix(payload, payload_len, "REIN")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "RETR")) { + if(ndpi_match_strprefix(payload, payload_len, "REST")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "RMD")) { + if(ndpi_match_strprefix(payload, payload_len, "RETR")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "RNFR")) { + if(ndpi_match_strprefix(payload, payload_len, "RMD")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "RNTO")) { + if(ndpi_match_strprefix(payload, payload_len, "RNFR")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "SITE")) { + if(ndpi_match_strprefix(payload, payload_len, "RNTO")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "SIZE")) { + if(ndpi_match_strprefix(payload, payload_len, "SITE")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "SMNT")) { + if(ndpi_match_strprefix(payload, payload_len, "SIZE")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "STAT")) { + if(ndpi_match_strprefix(payload, payload_len, "SMNT")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "STOR")) { + if(ndpi_match_strprefix(payload, payload_len, "STAT")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "STOU")) { + if(ndpi_match_strprefix(payload, payload_len, "STOR")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "STRU")) { + if(ndpi_match_strprefix(payload, payload_len, "STOU")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "SYST")) { + if(ndpi_match_strprefix(payload, payload_len, "STRU")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "TYPE")) { + if(ndpi_match_strprefix(payload, payload_len, "SYST")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "USER")) { + if(ndpi_match_strprefix(payload, payload_len, "TYPE")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "XCUP")) { + if(ndpi_match_strprefix(payload, payload_len, "XCUP")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "XMKD")) { + if(ndpi_match_strprefix(payload, payload_len, "XMKD")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "XPWD")) { + if(ndpi_match_strprefix(payload, payload_len, "XPWD")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "XRCP")) { + if(ndpi_match_strprefix(payload, payload_len, "XRCP")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "XRMD")) { + if(ndpi_match_strprefix(payload, payload_len, "XRMD")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "XRSQ")) { + if(ndpi_match_strprefix(payload, payload_len, "XRSQ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "XSEM")) { + if(ndpi_match_strprefix(payload, payload_len, "XSEM")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "XSEN")) { + if(ndpi_match_strprefix(payload, payload_len, "XSEN")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "HOST")) { + if(ndpi_match_strprefix(payload, payload_len, "HOST")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "abor")) { + if(ndpi_match_strprefix(payload, payload_len, "abor")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "acct")) { + if(ndpi_match_strprefix(payload, payload_len, "acct")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "adat")) { + if(ndpi_match_strprefix(payload, payload_len, "adat")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "allo")) { + if(ndpi_match_strprefix(payload, payload_len, "allo")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "appe")) { + if(ndpi_match_strprefix(payload, payload_len, "appe")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "auth")) { + if(ndpi_match_strprefix(payload, payload_len, "auth")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "ccc")) { + if(ndpi_match_strprefix(payload, payload_len, "ccc")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "cdup")) { + if(ndpi_match_strprefix(payload, payload_len, "cdup")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "conf")) { + if(ndpi_match_strprefix(payload, payload_len, "conf")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "cwd")) { + if(ndpi_match_strprefix(payload, payload_len, "cwd")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "dele")) { + if(ndpi_match_strprefix(payload, payload_len, "dele")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "enc")) { + if(ndpi_match_strprefix(payload, payload_len, "enc")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "eprt")) { + if(ndpi_match_strprefix(payload, payload_len, "eprt")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "epsv")) { + if(ndpi_match_strprefix(payload, payload_len, "epsv")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "feat")) { + if(ndpi_match_strprefix(payload, payload_len, "feat")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "help")) { + if(ndpi_match_strprefix(payload, payload_len, "help")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "lang")) { + if(ndpi_match_strprefix(payload, payload_len, "lang")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "list")) { + if(ndpi_match_strprefix(payload, payload_len, "list")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "lprt")) { + if(ndpi_match_strprefix(payload, payload_len, "lprt")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "lpsv")) { + if(ndpi_match_strprefix(payload, payload_len, "lpsv")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "mdtm")) { + if(ndpi_match_strprefix(payload, payload_len, "mdtm")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "mic")) { + if(ndpi_match_strprefix(payload, payload_len, "mic")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "mkd")) { + if(ndpi_match_strprefix(payload, payload_len, "mkd")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "mlsd")) { + if(ndpi_match_strprefix(payload, payload_len, "mlsd")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "mlst")) { + if(ndpi_match_strprefix(payload, payload_len, "mlst")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "mode")) { + if(ndpi_match_strprefix(payload, payload_len, "mode")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "nlst")) { + if(ndpi_match_strprefix(payload, payload_len, "nlst")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "noop")) { + if(ndpi_match_strprefix(payload, payload_len, "noop")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "opts")) { + if(ndpi_match_strprefix(payload, payload_len, "opts")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "pass")) { + if(ndpi_match_strprefix(payload, payload_len, "pass")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "pasv")) { + if(ndpi_match_strprefix(payload, payload_len, "pasv")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "pbsz")) { + if(ndpi_match_strprefix(payload, payload_len, "pbsz")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "port")) { + if(ndpi_match_strprefix(payload, payload_len, "port")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "prot")) { + if(ndpi_match_strprefix(payload, payload_len, "prot")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "pwd")) { + if(ndpi_match_strprefix(payload, payload_len, "pwd")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "quit")) { + if(ndpi_match_strprefix(payload, payload_len, "quit")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "rein")) { + if(ndpi_match_strprefix(payload, payload_len, "rein")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "rest")) { + if(ndpi_match_strprefix(payload, payload_len, "rest")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "retr")) { + if(ndpi_match_strprefix(payload, payload_len, "retr")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "rmd")) { + if(ndpi_match_strprefix(payload, payload_len, "rmd")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "rnfr")) { + if(ndpi_match_strprefix(payload, payload_len, "rnfr")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "rnto")) { + if(ndpi_match_strprefix(payload, payload_len, "rnto")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "site")) { + if(ndpi_match_strprefix(payload, payload_len, "site")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "size")) { + if(ndpi_match_strprefix(payload, payload_len, "size")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "smnt")) { + if(ndpi_match_strprefix(payload, payload_len, "smnt")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "stat")) { + if(ndpi_match_strprefix(payload, payload_len, "stat")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "stor")) { + if(ndpi_match_strprefix(payload, payload_len, "stor")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "stou")) { + if(ndpi_match_strprefix(payload, payload_len, "stou")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "stru")) { + if(ndpi_match_strprefix(payload, payload_len, "stru")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "syst")) { + if(ndpi_match_strprefix(payload, payload_len, "syst")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "type")) { + if(ndpi_match_strprefix(payload, payload_len, "type")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "user")) { + if(ndpi_match_strprefix(payload, payload_len, "user")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "xcup")) { + if(ndpi_match_strprefix(payload, payload_len, "xcup")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "xmkd")) { + if(ndpi_match_strprefix(payload, payload_len, "xmkd")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "xpwd")) { + if(ndpi_match_strprefix(payload, payload_len, "xpwd")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "xrcp")) { + if(ndpi_match_strprefix(payload, payload_len, "xrcp")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "xrmd")) { + if(ndpi_match_strprefix(payload, payload_len, "xrmd")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "xrsq")) { + if(ndpi_match_strprefix(payload, payload_len, "xrsq")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "xsem")) { + if(ndpi_match_strprefix(payload, payload_len, "xsem")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "xsen")) { + if(ndpi_match_strprefix(payload, payload_len, "xsen")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "host")) { + if(ndpi_match_strprefix(payload, payload_len, "host")) { return 1; } - + return 0; } -static int ndpi_ftp_control_check_response(const u_int8_t *payload, size_t payload_len) { - - if (ndpi_match_strprefix(payload, payload_len, "110-")) { +/* *************************************************************** */ + +static int ndpi_ftp_control_check_response(struct ndpi_flow_struct *flow, + const u_int8_t *payload, + size_t payload_len) { +#ifdef FTP_DEBUG + printf("%s() [%s]\n", __FUNCTION__, payload); +#endif + + if(ndpi_match_strprefix(payload, payload_len, "110-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "120-")) { + if(ndpi_match_strprefix(payload, payload_len, "120-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "125-")) { + if(ndpi_match_strprefix(payload, payload_len, "125-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "150-")) { + if(ndpi_match_strprefix(payload, payload_len, "150-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "202-")) { + if(ndpi_match_strprefix(payload, payload_len, "202-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "211-")) { + if(ndpi_match_strprefix(payload, payload_len, "211-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "212-")) { + if(ndpi_match_strprefix(payload, payload_len, "212-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "213-")) { + if(ndpi_match_strprefix(payload, payload_len, "213-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "214-")) { + if(ndpi_match_strprefix(payload, payload_len, "214-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "215-")) { + if(ndpi_match_strprefix(payload, payload_len, "215-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "220-")) { + if(ndpi_match_strprefix(payload, payload_len, "220-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "221-")) { + if(ndpi_match_strprefix(payload, payload_len, "221-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "225-")) { + if(ndpi_match_strprefix(payload, payload_len, "225-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "226-")) { + if(ndpi_match_strprefix(payload, payload_len, "226-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "227-")) { + if(ndpi_match_strprefix(payload, payload_len, "227-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "228-")) { + if(ndpi_match_strprefix(payload, payload_len, "228-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "229-")) { + if(ndpi_match_strprefix(payload, payload_len, "229-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "230-")) { + if(ndpi_match_strprefix(payload, payload_len, "230-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "231-")) { + if(ndpi_match_strprefix(payload, payload_len, "231-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "232-")) { + if(ndpi_match_strprefix(payload, payload_len, "232-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "250-")) { + if(ndpi_match_strprefix(payload, payload_len, "250-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "257-")) { + if(ndpi_match_strprefix(payload, payload_len, "257-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "331-")) { + if(ndpi_match_strprefix(payload, payload_len, "331-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "332-")) { + if(ndpi_match_strprefix(payload, payload_len, "332-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "350-")) { + if(ndpi_match_strprefix(payload, payload_len, "350-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "421-")) { + if(ndpi_match_strprefix(payload, payload_len, "421-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "425-")) { + if(ndpi_match_strprefix(payload, payload_len, "425-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "426-")) { + if(ndpi_match_strprefix(payload, payload_len, "426-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "430-")) { + if(ndpi_match_strprefix(payload, payload_len, "430-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "434-")) { + if(ndpi_match_strprefix(payload, payload_len, "434-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "450-")) { + if(ndpi_match_strprefix(payload, payload_len, "450-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "451-")) { + if(ndpi_match_strprefix(payload, payload_len, "451-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "452-")) { + if(ndpi_match_strprefix(payload, payload_len, "452-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "501-")) { + if(ndpi_match_strprefix(payload, payload_len, "501-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "502-")) { + if(ndpi_match_strprefix(payload, payload_len, "502-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "503-")) { + if(ndpi_match_strprefix(payload, payload_len, "503-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "504-")) { + if(ndpi_match_strprefix(payload, payload_len, "504-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "530-")) { + if(ndpi_match_strprefix(payload, payload_len, "530-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "532-")) { + if(ndpi_match_strprefix(payload, payload_len, "532-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "550-")) { + if(ndpi_match_strprefix(payload, payload_len, "550-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "551-")) { + if(ndpi_match_strprefix(payload, payload_len, "551-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "552-")) { + if(ndpi_match_strprefix(payload, payload_len, "552-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "553-")) { + if(ndpi_match_strprefix(payload, payload_len, "553-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "631-")) { + if(ndpi_match_strprefix(payload, payload_len, "631-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "632-")) { + if(ndpi_match_strprefix(payload, payload_len, "632-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "633-")) { + if(ndpi_match_strprefix(payload, payload_len, "633-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "10054-")) { + if(ndpi_match_strprefix(payload, payload_len, "10054-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "10060-")) { + if(ndpi_match_strprefix(payload, payload_len, "10060-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "10061-")) { + if(ndpi_match_strprefix(payload, payload_len, "10061-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "10066-")) { + if(ndpi_match_strprefix(payload, payload_len, "10066-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "10068-")) { + if(ndpi_match_strprefix(payload, payload_len, "10068-")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "110 ")) { + if(ndpi_match_strprefix(payload, payload_len, "110 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "120 ")) { + if(ndpi_match_strprefix(payload, payload_len, "120 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "125 ")) { + if(ndpi_match_strprefix(payload, payload_len, "125 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "150 ")) { + if(ndpi_match_strprefix(payload, payload_len, "150 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "202 ")) { + if(ndpi_match_strprefix(payload, payload_len, "202 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "211 ")) { + if(ndpi_match_strprefix(payload, payload_len, "211 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "212 ")) { + if(ndpi_match_strprefix(payload, payload_len, "212 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "213 ")) { + if(ndpi_match_strprefix(payload, payload_len, "213 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "214 ")) { + if(ndpi_match_strprefix(payload, payload_len, "214 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "215 ")) { + if(ndpi_match_strprefix(payload, payload_len, "215 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "220 ")) { + if(ndpi_match_strprefix(payload, payload_len, "220 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "221 ")) { + if(ndpi_match_strprefix(payload, payload_len, "221 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "225 ")) { + if(ndpi_match_strprefix(payload, payload_len, "225 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "226 ")) { + if(ndpi_match_strprefix(payload, payload_len, "226 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "227 ")) { + if(ndpi_match_strprefix(payload, payload_len, "227 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "228 ")) { + if(ndpi_match_strprefix(payload, payload_len, "228 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "229 ")) { + if(ndpi_match_strprefix(payload, payload_len, "229 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "230 ")) { + if(ndpi_match_strprefix(payload, payload_len, "230 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "231 ")) { + if(ndpi_match_strprefix(payload, payload_len, "231 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "232 ")) { + if(ndpi_match_strprefix(payload, payload_len, "232 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "250 ")) { + if(ndpi_match_strprefix(payload, payload_len, "250 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "257 ")) { + if(ndpi_match_strprefix(payload, payload_len, "257 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "331 ")) { + if(ndpi_match_strprefix(payload, payload_len, "331 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "332 ")) { + if(ndpi_match_strprefix(payload, payload_len, "332 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "350 ")) { + if(ndpi_match_strprefix(payload, payload_len, "350 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "421 ")) { + if(ndpi_match_strprefix(payload, payload_len, "421 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "425 ")) { + if(ndpi_match_strprefix(payload, payload_len, "425 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "426 ")) { + if(ndpi_match_strprefix(payload, payload_len, "426 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "430 ")) { + if(ndpi_match_strprefix(payload, payload_len, "430 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "434 ")) { + if(ndpi_match_strprefix(payload, payload_len, "434 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "450 ")) { + if(ndpi_match_strprefix(payload, payload_len, "450 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "451 ")) { + if(ndpi_match_strprefix(payload, payload_len, "451 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "452 ")) { + if(ndpi_match_strprefix(payload, payload_len, "452 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "501 ")) { + if(ndpi_match_strprefix(payload, payload_len, "501 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "502 ")) { + if(ndpi_match_strprefix(payload, payload_len, "502 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "503 ")) { + if(ndpi_match_strprefix(payload, payload_len, "503 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "504 ")) { + if(ndpi_match_strprefix(payload, payload_len, "504 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "530 ")) { + if(ndpi_match_strprefix(payload, payload_len, "530 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "532 ")) { + if(ndpi_match_strprefix(payload, payload_len, "532 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "550 ")) { + if(ndpi_match_strprefix(payload, payload_len, "550 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "551 ")) { + if(ndpi_match_strprefix(payload, payload_len, "551 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "552 ")) { + if(ndpi_match_strprefix(payload, payload_len, "552 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "553 ")) { + if(ndpi_match_strprefix(payload, payload_len, "553 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "631 ")) { + if(ndpi_match_strprefix(payload, payload_len, "631 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "632 ")) { + if(ndpi_match_strprefix(payload, payload_len, "632 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "633 ")) { + if(ndpi_match_strprefix(payload, payload_len, "633 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "10054 ")) { + if(ndpi_match_strprefix(payload, payload_len, "10054 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "10060 ")) { + if(ndpi_match_strprefix(payload, payload_len, "10060 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "10061 ")) { + if(ndpi_match_strprefix(payload, payload_len, "10061 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "10066 ")) { + if(ndpi_match_strprefix(payload, payload_len, "10066 ")) { return 1; } - if (ndpi_match_strprefix(payload, payload_len, "10068 ")) { + if(ndpi_match_strprefix(payload, payload_len, "10068 ")) { return 1; } return 0; } -static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { +/* *************************************************************** */ - struct ndpi_packet_struct *packet = &flow->packet; +static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; u_int32_t payload_len = packet->payload_packet_len; /* Check connection over TCP */ if(packet->tcp) { - /* Exclude SMTP, which uses similar commands. */ - if (packet->tcp->dest == htons(25) || packet->tcp->source == htons(25)) { + if(packet->tcp->dest == htons(25) || packet->tcp->source == htons(25)) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } - + /* Break after 20 packets. */ - if (flow->packet_counter > 20) { + if(flow->packet_counter > 20) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } - + /* Check if we so far detected the protocol in the request or not. */ - if (flow->ftp_control_stage == 0) { + if(flow->ftp_control_stage == 0) { NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage 0: \n"); - - if ((payload_len > 0) && ndpi_ftp_control_check_request(packet->payload, payload_len)) { - NDPI_LOG_DBG2(ndpi_struct, "Possible FTP_CONTROL request detected, we will look further for the response..\n"); - - /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ + + if((payload_len > 0) + && ndpi_ftp_control_check_request(flow, packet->payload, payload_len)) { + NDPI_LOG_DBG2(ndpi_struct, + "Possible FTP_CONTROL request detected, we will look further for the response..\n"); + + /* + Encode the direction of the packet in the stage, so we will know when we need + to look for the response packet. + */ flow->ftp_control_stage = packet->packet_direction + 1; } - } else { NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage %u: \n", flow->ftp_control_stage); - - /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ - if ((flow->ftp_control_stage - packet->packet_direction) == 1) { + + /* + At first check, if this is for sure a response packet (in another direction. + If not, do nothing now and return. + */ + if((flow->ftp_control_stage - packet->packet_direction) == 1) { return; } - + /* This is a packet in another direction. Check if we find the proper response. */ - if ((payload_len > 0) && ndpi_ftp_control_check_response(packet->payload, payload_len)) { + if((payload_len > 0) + && ndpi_ftp_control_check_response(flow, packet->payload, payload_len)) { NDPI_LOG_INFO(ndpi_struct, "found FTP_CONTROL\n"); - ndpi_int_ftp_control_add_connection(ndpi_struct, flow); + +#ifdef FTP_DEBUG + printf("%s() [user: %s][pwd: %s]\n", __FUNCTION__, + flow->protos.ftp.username, flow->protos.ftp.password); +#endif + + if(flow->protos.ftp.password[0] == '\0') + flow->ftp_control_stage = 0; + else + ndpi_int_ftp_control_add_connection(ndpi_struct, flow); } else { - NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to FTP_CONTROL, resetting the stage to 0\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to FTP_CONTROL, " + "resetting the stage to 0\n"); flow->ftp_control_stage = 0; } } } } -void ndpi_search_ftp_control(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { +/* *************************************************************** */ + +void ndpi_search_ftp_control(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; NDPI_LOG_DBG(ndpi_struct, "search FTP_CONTROL\n"); /* skip marked packets */ - if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_FTP_CONTROL) { - if (packet->tcp_retransmission == 0) { + if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_FTP_CONTROL) { + if(packet->tcp_retransmission == 0) { ndpi_check_ftp_control(ndpi_struct, flow); } } } +/* *************************************************************** */ -void init_ftp_control_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ +void init_ftp_control_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("FTP_CONTROL", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_FTP_CONTROL, ndpi_search_ftp_control, |