diff options
| author | Renan de Souza <renan.souza@setinet.com.br> | 2019-10-29 14:59:18 -0300 |
|---|---|---|
| committer | Renan de Souza <renan.souza@setinet.com.br> | 2019-10-29 14:59:18 -0300 |
| commit | d619ba08572d1404970c04a0e65a39b75a69c78e (patch) | |
| tree | 13af928b2399a0692383fdb3a7417a7b41cf9274 /src | |
| parent | fbea243e563abe0799307afa939514af56e1bff0 (diff) | |
| parent | d2f04f5bdfe986082ca5e5f479a99e4c24a5a898 (diff) | |
Merge remote-tracking branch 'upstream/dev' into dev
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 10 | ||||
| -rw-r--r-- | src/include/ndpi_protocols.h | 1 | ||||
| -rw-r--r-- | src/lib/Makefile.in | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 221 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 86 | ||||
| -rw-r--r-- | src/lib/ndpi_serializer.c | 258 | ||||
| -rw-r--r-- | src/lib/protocols/bittorrent.c | 31 | ||||
| -rw-r--r-- | src/lib/protocols/capwap.c | 123 | ||||
| -rw-r--r-- | src/lib/protocols/kerberos.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/skype.c | 11 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 49 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 31 |
12 files changed, 621 insertions, 206 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 7a4ceb22f..c6d486933 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -1,4 +1,3 @@ - /* * ndpi_protocol_ids.h * @@ -282,8 +281,13 @@ typedef enum { NDPI_PROTOCOL_104 = 245, NDPI_PROTOCOL_BLOOMBERG = 246, NDPI_PROTOCOL_CAPWAP = 247, - -/* + NDPI_PROTOCOL_ZABBIX = 248, + +#ifdef CUSTOM_NDPI_PROTOCOLS +#include "../../../nDPI-custom/custom_ndpi_protocol_ids.h" +#endif + + /* IMPORTANT before allocating a new identifier please fill up one of those named NDPI_PROTOCOL_FREE_XXX and not used diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index ea0abe173..b42eff4c4 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -210,6 +210,7 @@ void init_memcached_dissector(struct ndpi_detection_module_struct *ndpi_struct, void init_nest_log_sink_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_modbus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_capwap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_line_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_wireguard_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_targus_getdata_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 1a884ac9d..0c3f44838 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -14,7 +14,7 @@ prefix = @prefix@ libdir = ${prefix}/lib includedir = ${prefix}/include/ndpi CC = @CC@ -CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -O2 -g -Wall +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -O2 -g -Wall @CUSTOM_NDPI@ RANLIB = ranlib OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) $(patsubst ./%.c, ./%.o, $(wildcard ./*.c)) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 801dcac1f..10058f8c0 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -359,6 +359,7 @@ static ndpi_network host_protocol_list[] = { { 0x1F0D4934 /* 31.13.73.52/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, { 0x1F0D4A34 /* 31.13.74.52/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, { 0x1F0D4F35 /* 31.13.79.53/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, + /* Files */ { 0xB93CD835 /* 185.60.216.53/32 */, 32, NDPI_PROTOCOL_WHATSAPP_FILES }, { 0xB93CD836 /* 185.60.216.54/32 */, 32, NDPI_PROTOCOL_WHATSAPP_FILES }, @@ -8308,6 +8309,222 @@ static ndpi_network host_protocol_list[] = { { 0xA7CEDA82 /* 167.206.218.130/32*/, 32, NDPI_PROTOCOL_PS_VUE }, { 0xA7CEDA8A /* 167.206.218.138/32*/, 32, NDPI_PROTOCOL_PS_VUE }, + /* Bloomberg */ + { 0xD086A100 /* 208.134.161.0/24 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0xCDB7F600 /* 205.183.246.0/24 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0xC769B000 /* 199.105.176.0/21 */, 21, NDPI_PROTOCOL_BLOOMBERG }, + { 0xC769B800 /* 199.105.184.0/23 */, 23, NDPI_PROTOCOL_BLOOMBERG }, + { 0x45B80000 /* 69.184.0.0/13 */, 13, NDPI_PROTOCOL_BLOOMBERG }, + { 0xA02B0000 /* 160.43.0.0/16 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0xCE9C3500 /* 206.156.53.0/24 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0xCDD87000 /* 205.216.112.0/24 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0xD0163800 /* 208.22.56.0/24 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0xD0163900 /* 208.22.57.0/24 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0x45BFC000 /* 69.191.192.0/18 */, 18, NDPI_PROTOCOL_BLOOMBERG }, + + /* Microsoft + https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges + */ + { 0x0D6B0698 /* 13.107.6.152/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B120A /* 13.107.18.10/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B8000 /* 13.107.128.0/22 */, 22, NDPI_PROTOCOL_OFFICE_365 }, + { 0x1767A000 /* 23.103.160.0/20 */, 20, NDPI_PROTOCOL_OFFICE_365 }, + { 0x28600000 /* 40.96.0.0/13 */, 13, NDPI_PROTOCOL_OFFICE_365 }, + { 0x28680000 /* 40.104.0.0/15 */, 15, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34600000 /* 52.96.0.0/14 */, 14, NDPI_PROTOCOL_OFFICE_365 }, + { 0x83FD21D7 /* 131.253.33.215/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x84F50000 /* 132.245.0.0/16 */, 16, NDPI_PROTOCOL_OFFICE_365 }, + { 0x96AB2000 /* 150.171.32.0/22 */, 22, NDPI_PROTOCOL_OFFICE_365 }, + { 0xBFEA8C00 /* 191.234.140.0/22 */, 22, NDPI_PROTOCOL_OFFICE_365 }, + { 0xCC4FC5D7 /* 204.79.197.215/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0698 /* 13.107.6.152/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B120A /* 13.107.18.10/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B8000 /* 13.107.128.0/22 */, 22, NDPI_PROTOCOL_OFFICE_365 }, + { 0x1767A000 /* 23.103.160.0/20 */, 20, NDPI_PROTOCOL_OFFICE_365 }, + { 0x28600000 /* 40.96.0.0/13 */, 13, NDPI_PROTOCOL_OFFICE_365 }, + { 0x28680000 /* 40.104.0.0/15 */, 15, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34600000 /* 52.96.0.0/14 */, 14, NDPI_PROTOCOL_OFFICE_365 }, + { 0x83FD21D7 /* 131.253.33.215/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x84F50000 /* 132.245.0.0/16 */, 16, NDPI_PROTOCOL_OFFICE_365 }, + { 0x96AB2000 /* 150.171.32.0/22 */, 22, NDPI_PROTOCOL_OFFICE_365 }, + { 0xBFEA8C00 /* 191.234.140.0/22 */, 22, NDPI_PROTOCOL_OFFICE_365 }, + { 0xCC4FC5D7 /* 204.79.197.215/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0698 /* 13.107.6.152/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B120A /* 13.107.18.10/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B8000 /* 13.107.128.0/22 */, 22, NDPI_PROTOCOL_OFFICE_365 }, + { 0x1767A000 /* 23.103.160.0/20 */, 20, NDPI_PROTOCOL_OFFICE_365 }, + { 0x28600000 /* 40.96.0.0/13 */, 13, NDPI_PROTOCOL_OFFICE_365 }, + { 0x28680000 /* 40.104.0.0/15 */, 15, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34600000 /* 52.96.0.0/14 */, 14, NDPI_PROTOCOL_OFFICE_365 }, + { 0x83FD21D7 /* 131.253.33.215/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x84F50000 /* 132.245.0.0/16 */, 16, NDPI_PROTOCOL_OFFICE_365 }, + { 0x96AB2000 /* 150.171.32.0/22 */, 22, NDPI_PROTOCOL_OFFICE_365 }, + { 0xBFEA8C00 /* 191.234.140.0/22 */, 22, NDPI_PROTOCOL_OFFICE_365 }, + { 0xCC4FC5D7 /* 204.79.197.215/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0698 /* 13.107.6.152/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B120A /* 13.107.18.10/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B8000 /* 13.107.128.0/22 */, 22, NDPI_PROTOCOL_OFFICE_365 }, + { 0x1767A000 /* 23.103.160.0/20 */, 20, NDPI_PROTOCOL_OFFICE_365 }, + { 0x28600000 /* 40.96.0.0/13 */, 13, NDPI_PROTOCOL_OFFICE_365 }, + { 0x28680000 /* 40.104.0.0/15 */, 15, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34600000 /* 52.96.0.0/14 */, 14, NDPI_PROTOCOL_OFFICE_365 }, + { 0x83FD21D7 /* 131.253.33.215/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x84F50000 /* 132.245.0.0/16 */, 16, NDPI_PROTOCOL_OFFICE_365 }, + { 0x96AB2000 /* 150.171.32.0/22 */, 22, NDPI_PROTOCOL_OFFICE_365 }, + { 0xBFEA8C00 /* 191.234.140.0/22 */, 22, NDPI_PROTOCOL_OFFICE_365 }, + { 0xCC4FC5D7 /* 204.79.197.215/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x285C0000 /* 40.92.0.0/15 */, 15, NDPI_PROTOCOL_OFFICE_365 }, + { 0x286B0000 /* 40.107.0.0/16 */, 16, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34640000 /* 52.100.0.0/14 */, 14, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34EE4E58 /* 52.238.78.88/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x682F0000 /* 104.47.0.0/17 */, 17, NDPI_PROTOCOL_OFFICE_365 }, + { 0x285C0000 /* 40.92.0.0/15 */, 15, NDPI_PROTOCOL_OFFICE_365 }, + { 0x286B0000 /* 40.107.0.0/16 */, 16, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34640000 /* 52.100.0.0/14 */, 14, NDPI_PROTOCOL_OFFICE_365 }, + { 0x682F0000 /* 104.47.0.0/17 */, 17, NDPI_PROTOCOL_OFFICE_365 }, + /* ** */ + { 0x0D6B8800 /* 13.107.136.0/22 */, 22, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x286C8000 /* 40.108.128.0/17 */, 17, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x34680000 /* 52.104.0.0/14 */, 14, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x68928000 /* 104.146.128.0/17 */, 17, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x96AB2800 /* 150.171.40.0/22 */, 22, NDPI_PROTOCOL_MS_ONE_DRIVE }, + /* ** */ + { 0x0D6B4000 /* 13.107.64.0/18 */, 18, NDPI_PROTOCOL_SKYPE }, + { 0x34700000 /* 52.112.0.0/14 */, 14, NDPI_PROTOCOL_SKYPE }, + { 0x0D4697D8 /* 13.70.151.216/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D477FC5 /* 13.71.127.197/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D48F573 /* 13.72.245.115/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D490178 /* 13.73.1.120/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D4B7EA9 /* 13.75.126.169/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D59F071 /* 13.89.240.113/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D6B0300 /* 13.107.3.0/24 */, 24, NDPI_PROTOCOL_SKYPE }, + { 0x0D6B4000 /* 13.107.64.0/18 */, 18, NDPI_PROTOCOL_SKYPE }, + { 0x338C9BEA /* 51.140.155.234/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x338CCBBE /* 51.140.203.190/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x338D334C /* 51.141.51.76/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34700000 /* 52.112.0.0/14 */, 14, NDPI_PROTOCOL_SKYPE }, + { 0x34A37ED7 /* 52.163.126.215/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34AA1543 /* 52.170.21.67/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34ACB912 /* 52.172.185.18/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34B25E02 /* 52.178.94.2/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34B2A18B /* 52.178.161.139/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34E41960 /* 52.228.25.96/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34EE778D /* 52.238.119.141/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34F217BD /* 52.242.23.189/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34F4A0CF /* 52.244.160.207/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x68D70B90 /* 104.215.11.144/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x68D73EC3 /* 104.215.62.195/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x8A5BEDED /* 138.91.237.237/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D4697D8 /* 13.70.151.216/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D477FC5 /* 13.71.127.197/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D48F573 /* 13.72.245.115/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D490178 /* 13.73.1.120/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D4B7EA9 /* 13.75.126.169/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D59F071 /* 13.89.240.113/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D6B0300 /* 13.107.3.0/24 */, 24, NDPI_PROTOCOL_SKYPE }, + { 0x0D6B4000 /* 13.107.64.0/18 */, 18, NDPI_PROTOCOL_SKYPE }, + { 0x338C9BEA /* 51.140.155.234/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x338CCBBE /* 51.140.203.190/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x338D334C /* 51.141.51.76/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34700000 /* 52.112.0.0/14 */, 14, NDPI_PROTOCOL_SKYPE }, + { 0x34A37ED7 /* 52.163.126.215/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34AA1543 /* 52.170.21.67/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34ACB912 /* 52.172.185.18/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34B25E02 /* 52.178.94.2/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34B2A18B /* 52.178.161.139/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34E41960 /* 52.228.25.96/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34EE778D /* 52.238.119.141/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34F217BD /* 52.242.23.189/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34F4A0CF /* 52.244.160.207/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x68D70B90 /* 104.215.11.144/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x68D73EC3 /* 104.215.62.195/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x8A5BEDED /* 138.91.237.237/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D4697D8 /* 13.70.151.216/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D477FC5 /* 13.71.127.197/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D48F573 /* 13.72.245.115/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D490178 /* 13.73.1.120/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D4B7EA9 /* 13.75.126.169/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D59F071 /* 13.89.240.113/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x0D6B0300 /* 13.107.3.0/24 */, 24, NDPI_PROTOCOL_SKYPE }, + { 0x0D6B4000 /* 13.107.64.0/18 */, 18, NDPI_PROTOCOL_SKYPE }, + { 0x338C9BEA /* 51.140.155.234/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x338CCBBE /* 51.140.203.190/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x338D334C /* 51.141.51.76/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34700000 /* 52.112.0.0/14 */, 14, NDPI_PROTOCOL_SKYPE }, + { 0x34A37ED7 /* 52.163.126.215/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34AA1543 /* 52.170.21.67/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34ACB912 /* 52.172.185.18/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34B25E02 /* 52.178.94.2/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34B2A18B /* 52.178.161.139/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34E41960 /* 52.228.25.96/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34EE778D /* 52.238.119.141/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34F217BD /* 52.242.23.189/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x34F4A0CF /* 52.244.160.207/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x68D70B90 /* 104.215.11.144/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x68D73EC3 /* 104.215.62.195/32 */, 32, NDPI_PROTOCOL_SKYPE }, + { 0x8A5BEDED /* 138.91.237.237/32 */, 32, NDPI_PROTOCOL_SKYPE }, + /* ** */ + { 0x0D6B06AB /* 13.107.6.171/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B8C06 /* 13.107.140.6/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x346C0000 /* 52.108.0.0/14 */, 14, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34EE6A74 /* 52.238.106.116/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34F796BF /* 52.247.150.191/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6A0480 /* 13.106.4.128/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6A3800 /* 13.106.56.0/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x14BE8000 /* 20.190.128.0/18 */, 18, NDPI_PROTOCOL_OFFICE_365 }, + { 0x287E0000 /* 40.126.0.0/18 */, 18, NDPI_PROTOCOL_OFFICE_365 }, + { 0x4136AA80 /* 65.54.170.128/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x682CDA80 /* 104.44.218.128/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x682CFE80 /* 104.44.254.128/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x682CFF00 /* 104.44.255.0/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x86AA4300 /* 134.170.67.0/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x86AAAC80 /* 134.170.172.128/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x9D372D80 /* 157.55.45.128/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x9D378200 /* 157.55.130.0/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x9D379100 /* 157.55.145.0/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x9D379B00 /* 157.55.155.0/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x9D37E3C0 /* 157.55.227.192/26 */, 26, NDPI_PROTOCOL_OFFICE_365 }, + { 0xBFE80280 /* 191.232.2.128/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D507D16 /* 13.80.125.22/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D5B5BF3 /* 13.91.91.243/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B069C /* 13.107.6.156/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B07BE /* 13.107.7.190/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B099C /* 13.107.9.156/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x28519C9A /* 40.81.156.154/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x285ADAC6 /* 40.90.218.198/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x346C0000 /* 52.108.0.0/14 */, 14, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34AE38B4 /* 52.174.56.180/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34B74B3E /* 52.183.75.62/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34B8A552 /* 52.184.165.82/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x682AE65B /* 104.42.230.91/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x9D379100 /* 157.55.145.0/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x9D379B00 /* 157.55.155.0/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x9D37E3C0 /* 157.55.227.192/26 */, 26, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D507D16 /* 13.80.125.22/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D5B5BF3 /* 13.91.91.243/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B069C /* 13.107.6.156/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B07BE /* 13.107.7.190/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B099C /* 13.107.9.156/31 */, 31, NDPI_PROTOCOL_OFFICE_365 }, + { 0x28519C9A /* 40.81.156.154/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x285ADAC6 /* 40.90.218.198/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x346C0000 /* 52.108.0.0/14 */, 14, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34AE38B4 /* 52.174.56.180/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34B74B3E /* 52.183.75.62/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34B8A552 /* 52.184.165.82/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x682AE65B /* 104.42.230.91/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x9D379100 /* 157.55.145.0/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x9D379B00 /* 157.55.155.0/25 */, 25, NDPI_PROTOCOL_OFFICE_365 }, + { 0x9D37E3C0 /* 157.55.227.192/26 */, 26, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B06AB /* 13.107.6.171/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B8C06 /* 13.107.140.6/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x346C0000 /* 52.108.0.0/14 */, 14, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34EE6A74 /* 52.238.106.116/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + { 0x34F796BF /* 52.247.150.191/32 */, 32, NDPI_PROTOCOL_OFFICE_365 }, + /* ** */ + { 0x34700000 /* 52.112.0.0/14 */, 14, NDPI_PROTOCOL_MICROSOFT }, + { 0x34600000 /* 52.96.0.0/12 */, 12, NDPI_PROTOCOL_MICROSOFT }, + + /* End */ { 0x0, 0, 0 } }; @@ -8579,7 +8796,8 @@ static ndpi_protocol_match host_match[] = { { "e7768.b.akamaiedge.net", NULL, "e7768\\.b\\.akamaiedge" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "e4593.dspg.akamaiedge.net", NULL, "e4593\\.dspg\\.akamaiedge" TLD,"Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "e4593.g.akamaiedge.net", NULL, "e4593\\.g\\.akamaiedge" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - + { "*.gateway.messenger.live.com", NULL, "\\*\\.gateway\\.messenger\\.live" TLD, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".tuenti.com", NULL, "\\.tuenti" TLD, "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".twttr.com", NULL, "\\.twttr" TLD, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8669,7 +8887,6 @@ static ndpi_protocol_match host_match[] = { { "login.live.com", NULL, "login\\.live" TLD, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "bn1301.storage.live.com", NULL, "bn1301\\.storage\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "*.gateway.messenger.live.com", NULL, "\\*\\.gateway\\.messenger\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "skyapi.live.net", NULL, "skyapi\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "d.docs.live.net", NULL, "d\\.docs\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "onedrive.live.com", NULL, "onedrive\\.live" TLD, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8cf171f19..758a125d1 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -50,7 +50,7 @@ #include "third_party/include/ht_hash.h" /* stun.c */ -extern u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow); +extern u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev); static int _ndpi_debug_callbacks = 0; @@ -1234,7 +1234,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp 0 /* can_have_a_subprotocol */, no_master, no_master, "RDP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 3389, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_build_default_ports(ports_b, 3389, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VNC, 0 /* can_have_a_subprotocol */, no_master, no_master, "VNC", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, @@ -1758,19 +1758,29 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "104", NDPI_PROTOCOL_CATEGORY_NETWORK, /* Perhaps IoT in the future */ ndpi_build_default_ports(ports_a, 2404, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - - ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BLOOMBERG, 1 /* no subprotocol */, no_master, no_master, "Bloomberg", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CAPWAP, 1 /* no subprotocol */, no_master, no_master, "CAPWAP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_build_default_ports(ports_b, 5246, 5247, 0, 0, 0) /* UDP */ + ); + + /* TODO: Needs a pcap file for Zabbix */ + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZABBIX, + 1 /* no subprotocol */, no_master, + no_master, "Zabbix", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 10050, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */ + ); + +#ifdef CUSTOM_NDPI_PROTOCOLS +#include "../../../nDPI-custom/custom_ndpi_main.c" +#endif /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_str); @@ -1780,6 +1790,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp /* ****************************************************** */ +#ifdef CUSTOM_NDPI_PROTOCOLS +#include "../../../nDPI-custom/custom_ndpi_protocols.c" +#endif + +/* ****************************************************** */ + static int ac_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, AC_REP_t *match) { int min_len = (txt->length < m->patterns->length) ? txt->length : m->patterns->length; char buf[64] = { '\0' }; @@ -3242,9 +3258,6 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* TEAMSPEAK */ init_teamspeak_dissector(ndpi_str, &a, detection_bitmask); - /* VIBER */ - init_viber_dissector(ndpi_str, &a, detection_bitmask); - /* TOR */ init_tor_dissector(ndpi_str, &a, detection_bitmask); @@ -3356,8 +3369,14 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* MODBUS */ init_modbus_dissector(ndpi_str, &a, detection_bitmask); + /* CAPWAP */ + init_capwap_dissector(ndpi_str, &a, detection_bitmask); + /*** Put false-positive sensitive protocols at the end ***/ + /* VIBER */ + init_viber_dissector(ndpi_str, &a, detection_bitmask); + /* SKYPE */ init_skype_dissector(ndpi_str, &a, detection_bitmask); @@ -4180,29 +4199,6 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st ret.app_protocol = NDPI_PROTOCOL_HANGOUT_DUO; } } - - if(enable_guess - && (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) - && flow->packet.iph /* Guess only IPv4 */ - && (flow->packet.tcp || flow->packet.udp) - ) { - ndpi_protocol ret1 = ndpi_guess_undetected_protocol(ndpi_str, - flow, - flow->packet.l4_protocol, - ntohl(flow->packet.iph->saddr), - ntohs(flow->packet.udp ? flow->packet.udp->source : flow->packet.tcp->source), - ntohl(flow->packet.iph->daddr), - ntohs(flow->packet.udp ? flow->packet.udp->dest : flow->packet.tcp->dest) - ); - - if(ret1.app_protocol != NDPI_PROTOCOL_UNKNOWN) { - if(ret.master_protocol == NDPI_PROTOCOL_UNKNOWN) ret.master_protocol = ret1.master_protocol; - if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) ret.app_protocol = ret1.app_protocol; - if(ret.category == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) ret.category = ret1.category; - - *protocol_was_guessed = 1; - } - } if(ret.app_protocol != NDPI_PROTOCOL_UNKNOWN) ndpi_fill_protocol_category(ndpi_str, flow, &ret); @@ -4601,6 +4597,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { if(flow->check_extra_packets) { ndpi_process_extra_packet(ndpi_str, flow, packet, packetlen, current_tick_l, src, dst); + /* Update in case of new match */ + ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; return(ret); } else goto ret_protocols; @@ -6078,6 +6076,25 @@ static int hyperscanEventHandler(unsigned int id, unsigned long long from, #endif +/* **************************************** */ + +static u_int8_t ndpi_is_more_generic_protocol(u_int16_t previous_proto, u_int16_t new_proto) { + /* Sometimes certificates are more generic than previously identified protocols */ + + if((previous_proto == NDPI_PROTOCOL_UNKNOWN) + || (previous_proto == new_proto)) + return(0); + + switch(previous_proto) { + case NDPI_PROTOCOL_WHATSAPP_CALL: + case NDPI_PROTOCOL_WHATSAPP_FILES: + if(new_proto == NDPI_PROTOCOL_WHATSAPP) + return(1); + } + + return(0); +} + /* ****************************************************** */ static u_int16_t ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_str, @@ -6134,7 +6151,8 @@ static u_int16_t ndpi_automa_match_string_subprotocol(struct ndpi_detection_modu } #endif - if(matching_protocol_id != NDPI_PROTOCOL_UNKNOWN) { + if((matching_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (!ndpi_is_more_generic_protocol(packet->detected_protocol_stack[0], matching_protocol_id))) { /* Move the protocol on slot 0 down one position */ packet->detected_protocol_stack[1] = master_protocol_id, packet->detected_protocol_stack[0] = matching_protocol_id; diff --git a/src/lib/ndpi_serializer.c b/src/lib/ndpi_serializer.c index 49f29a4e8..945e60b37 100644 --- a/src/lib/ndpi_serializer.c +++ b/src/lib/ndpi_serializer.c @@ -45,26 +45,32 @@ static u_int64_t ndpi_htonll(u_int64_t v) { union { u_int32_t lv[2]; u_int64_t llv; } u; + u.lv[0] = htonl(v >> 32); u.lv[1] = htonl(v & 0xFFFFFFFFULL); - return u.llv; + + return(u.llv); } /* ********************************** */ static u_int64_t ndpi_ntohll(u_int64_t v) { union { u_int32_t lv[2]; u_int64_t llv; } u; + u.llv = v; - return ((u_int64_t)ntohl(u.lv[0]) << 32) | (u_int64_t)ntohl(u.lv[1]); + + return((u_int64_t)ntohl(u.lv[0]) << 32) | (u_int64_t)ntohl(u.lv[1]); } /* ********************************** */ static int ndpi_is_number(const char *str, u_int32_t str_len) { int i; - for (i = 0; i < str_len; i++) - if (!isdigit(str[i])) return 0; - return 1; + + for(i = 0; i < str_len; i++) + if(!isdigit(str[i])) return(0); + + return(1); } /* ********************************** */ @@ -80,7 +86,7 @@ static int ndpi_json_string_escape(const char *src, int src_len, char *dst, int dst[j++] = '"'; - for (i = 0; i < src_len && j < dst_max_len; i++) { + for(i = 0; i < src_len && j < dst_max_len; i++) { c = src[i]; @@ -122,7 +128,7 @@ static int ndpi_json_string_escape(const char *src, int src_len, char *dst, int dst[j++] = '"'; dst[j+1] = '\0'; - return j; + return(j); } /* ********************************** */ @@ -178,7 +184,7 @@ int ndpi_init_serializer_ll(ndpi_serializer *_serializer, int ndpi_init_serializer(ndpi_serializer *_serializer, ndpi_serialization_format fmt) { - return ndpi_init_serializer_ll(_serializer, fmt, NDPI_SERIALIZER_DEFAULT_BUFFER_SIZE); + return(ndpi_init_serializer_ll(_serializer, fmt, NDPI_SERIALIZER_DEFAULT_BUFFER_SIZE)); } /* ********************************** */ @@ -250,9 +256,9 @@ static inline int ndpi_extend_serializer_buffer(ndpi_serializer *_serializer, u_ void *r; ndpi_private_serializer *serializer = (ndpi_private_serializer*)_serializer; - if (min_len < NDPI_SERIALIZER_DEFAULT_BUFFER_INCR) { - if (serializer->initial_buffer_size < NDPI_SERIALIZER_DEFAULT_BUFFER_INCR) { - if (min_len < serializer->initial_buffer_size) + if(min_len < NDPI_SERIALIZER_DEFAULT_BUFFER_INCR) { + if(serializer->initial_buffer_size < NDPI_SERIALIZER_DEFAULT_BUFFER_INCR) { + if(min_len < serializer->initial_buffer_size) min_len = serializer->initial_buffer_size; } else { min_len = NDPI_SERIALIZER_DEFAULT_BUFFER_INCR; @@ -455,7 +461,7 @@ static inline void ndpi_serialize_json_pre(ndpi_serializer *_serializer) { serializer->status.size_used--; /* Remove ']'*/ serializer->status.size_used--; /* Remove '}'*/ - if (serializer->status.flags & NDPI_SERIALIZER_STATUS_SOB) + if(serializer->status.flags & NDPI_SERIALIZER_STATUS_SOB) serializer->status.flags &= ~NDPI_SERIALIZER_STATUS_SOB; else if(serializer->status.flags & NDPI_SERIALIZER_STATUS_COMMA) serializer->buffer[serializer->status.size_used++] = ','; @@ -479,10 +485,10 @@ static inline void ndpi_serialize_json_post(ndpi_serializer *_serializer) { static inline ndpi_serialization_type ndpi_serialize_key_uint32(ndpi_private_serializer *serializer, u_int32_t key) { ndpi_serialization_type kt; - if (key <= 0xff) { + if(key <= 0xff) { ndpi_serialize_single_uint8(serializer, key); kt = ndpi_serialization_uint8; - } else if (key <= 0xffff) { + } else if(key <= 0xffff) { ndpi_serialize_single_uint16(serializer, key); kt = ndpi_serialization_uint16; } else { @@ -490,7 +496,7 @@ static inline ndpi_serialization_type ndpi_serialize_key_uint32(ndpi_private_ser kt = ndpi_serialization_uint32; } - return kt; + return(kt); } /* ********************************** */ @@ -529,10 +535,10 @@ int ndpi_serialize_uint32_uint32(ndpi_serializer *_serializer, kt = ndpi_serialize_key_uint32(serializer, key); type = (kt << 4); - if (value <= 0xff) { + if(value <= 0xff) { ndpi_serialize_single_uint8(serializer, value); type |= ndpi_serialization_uint8; - } else if (value <= 0xffff) { + } else if(value <= 0xffff) { ndpi_serialize_single_uint16(serializer, value); type |= ndpi_serialization_uint16; } else { @@ -577,7 +583,7 @@ int ndpi_serialize_uint32_uint64(ndpi_serializer *_serializer, (serializer->status.size_used > 0) ? serializer->csv_separator : "", (unsigned long long)value); } else { - if (value <= 0xffffffff) { + if(value <= 0xffffffff) { return(ndpi_serialize_uint32_uint32(_serializer, key, value)); } else { ndpi_serialization_type kt; @@ -633,10 +639,10 @@ int ndpi_serialize_uint32_int32(ndpi_serializer *_serializer, kt = ndpi_serialize_key_uint32(serializer, key); type = (kt << 4); - if (value <= 127 && value >= -128) { + if(value <= 127 && value >= -128) { ndpi_serialize_single_uint8(serializer, value); type |= ndpi_serialization_int8; - } else if (value <= 32767 && value >= -32768) { + } else if(value <= 32767 && value >= -32768) { ndpi_serialize_single_uint16(serializer, value); type |= ndpi_serialization_int16; } else { @@ -682,7 +688,7 @@ int ndpi_serialize_uint32_int64(ndpi_serializer *_serializer, (long long int)value); } else { - if (value <= 2147483647 && value >= -2147483648) { + if(value <= 2147483647 && value >= -2147483648) { return(ndpi_serialize_uint32_int32(_serializer, key, value)); } else { ndpi_serialization_type kt; @@ -805,7 +811,7 @@ static int ndpi_serialize_uint32_binary(ndpi_serializer *_serializer, int ndpi_serialize_uint32_string(ndpi_serializer *_serializer, u_int32_t key, const char *_value) { const char *value = _value ? _value : ""; - return ndpi_serialize_uint32_binary(_serializer, key, value, strlen(value)); + return(ndpi_serialize_uint32_binary(_serializer, key, value, strlen(value))); } /* ********************************** */ @@ -817,8 +823,8 @@ static int ndpi_serialize_binary_int32(ndpi_serializer *_serializer, u_int32_t buff_diff = serializer->buffer_size - serializer->status.size_used; u_int32_t needed; - if (ndpi_is_number(key, klen)) - return ndpi_serialize_uint32_int32(_serializer, atoi(key), value); + if(ndpi_is_number(key, klen)) + return(ndpi_serialize_uint32_int32(_serializer, atoi(key), value)); needed = sizeof(u_int8_t) /* type */ + @@ -847,11 +853,11 @@ static int ndpi_serialize_binary_int32(ndpi_serializer *_serializer, serializer->status.size_used += snprintf((char *) &serializer->buffer[serializer->status.size_used], buff_diff, "%s%d", (serializer->status.size_used > 0) ? serializer->csv_separator : "", value); } else { - if (value <= 127 && value >= -128) { + if(value <= 127 && value >= -128) { serializer->buffer[serializer->status.size_used++] = (ndpi_serialization_string << 4) | ndpi_serialization_int8; ndpi_serialize_single_string(serializer, key, klen); ndpi_serialize_single_uint8(serializer, value); - } else if (value <= 32767 && value >= -32768) { + } else if(value <= 32767 && value >= -32768) { serializer->buffer[serializer->status.size_used++] = (ndpi_serialization_string << 4) | ndpi_serialization_int16; ndpi_serialize_single_string(serializer, key, klen); ndpi_serialize_single_uint16(serializer, value); @@ -869,7 +875,7 @@ static int ndpi_serialize_binary_int32(ndpi_serializer *_serializer, int ndpi_serialize_string_int32(ndpi_serializer *_serializer, const char *key, int32_t value) { - return ndpi_serialize_binary_int32(_serializer, key, strlen(key), value); + return(ndpi_serialize_binary_int32(_serializer, key, strlen(key), value)); } /* ********************************** */ @@ -881,8 +887,8 @@ int ndpi_serialize_binary_int64(ndpi_serializer *_serializer, u_int32_t buff_diff = serializer->buffer_size - serializer->status.size_used; u_int32_t needed; - if (ndpi_is_number(key, klen)) - return ndpi_serialize_uint32_int64(_serializer, atoi(key), value); + if(ndpi_is_number(key, klen)) + return(ndpi_serialize_uint32_int64(_serializer, atoi(key), value)); needed = sizeof(u_int8_t) /* type */ + @@ -912,7 +918,7 @@ int ndpi_serialize_binary_int64(ndpi_serializer *_serializer, "%s%lld", (serializer->status.size_used > 0) ? serializer->csv_separator : "", (long long int)value); } else { - if (value <= 2147483647 && value >= -2147483648) { + if(value <= 2147483647 && value >= -2147483648) { return(ndpi_serialize_string_int32(_serializer, key, value)); } else { serializer->buffer[serializer->status.size_used++] = (ndpi_serialization_string << 4) | ndpi_serialization_int64; @@ -928,7 +934,7 @@ int ndpi_serialize_binary_int64(ndpi_serializer *_serializer, int ndpi_serialize_string_int64(ndpi_serializer *_serializer, const char *key, int64_t value) { - return ndpi_serialize_binary_int64(_serializer, key, strlen(key), value); + return(ndpi_serialize_binary_int64(_serializer, key, strlen(key), value)); } /* ********************************** */ @@ -939,8 +945,8 @@ static int ndpi_serialize_binary_uint32(ndpi_serializer *_serializer, u_int32_t buff_diff = serializer->buffer_size - serializer->status.size_used; u_int32_t needed; - if (ndpi_is_number(key, klen)) - return ndpi_serialize_uint32_uint32(_serializer, atoi(key), value); + if(ndpi_is_number(key, klen)) + return(ndpi_serialize_uint32_uint32(_serializer, atoi(key), value)); needed = sizeof(u_int8_t) /* type */ + @@ -969,11 +975,11 @@ static int ndpi_serialize_binary_uint32(ndpi_serializer *_serializer, serializer->status.size_used += snprintf((char *) &serializer->buffer[serializer->status.size_used], buff_diff, "%s%u", (serializer->status.size_used > 0) ? serializer->csv_separator : "", value); } else { - if (value <= 0xff) { + if(value <= 0xff) { serializer->buffer[serializer->status.size_used++] = (ndpi_serialization_string << 4) | ndpi_serialization_uint8; ndpi_serialize_single_string(serializer, key, klen); ndpi_serialize_single_uint8(serializer, value); - } else if (value <= 0xffff) { + } else if(value <= 0xffff) { serializer->buffer[serializer->status.size_used++] = (ndpi_serialization_string << 4) | ndpi_serialization_uint16; ndpi_serialize_single_string(serializer, key, klen); ndpi_serialize_single_uint16(serializer, value); @@ -991,7 +997,7 @@ static int ndpi_serialize_binary_uint32(ndpi_serializer *_serializer, int ndpi_serialize_string_uint32(ndpi_serializer *_serializer, const char *key, u_int32_t value) { - return ndpi_serialize_binary_uint32(_serializer, key, strlen(key), value); + return(ndpi_serialize_binary_uint32(_serializer, key, strlen(key), value)); } /* ********************************** */ @@ -1021,8 +1027,8 @@ static int ndpi_serialize_binary_uint64(ndpi_serializer *_serializer, u_int32_t buff_diff = serializer->buffer_size - serializer->status.size_used; u_int32_t needed; - if (ndpi_is_number(key, klen)) - return ndpi_serialize_uint32_uint64(_serializer, atoi(key), value); + if(ndpi_is_number(key, klen)) + return(ndpi_serialize_uint32_uint64(_serializer, atoi(key), value)); needed = sizeof(u_int8_t) /* type */ + @@ -1052,7 +1058,7 @@ static int ndpi_serialize_binary_uint64(ndpi_serializer *_serializer, "%s%llu", (serializer->status.size_used > 0) ? serializer->csv_separator : "", (unsigned long long)value); } else { - if (value <= 0xffffffff) { + if(value <= 0xffffffff) { return(ndpi_serialize_string_uint32(_serializer, key, value)); } else { serializer->buffer[serializer->status.size_used++] = (ndpi_serialization_string << 4) | ndpi_serialization_uint64; @@ -1068,7 +1074,7 @@ static int ndpi_serialize_binary_uint64(ndpi_serializer *_serializer, int ndpi_serialize_string_uint64(ndpi_serializer *_serializer, const char *key, u_int64_t value) { - return ndpi_serialize_binary_uint64(_serializer, key, strlen(key), value); + return(ndpi_serialize_binary_uint64(_serializer, key, strlen(key), value)); } /* ********************************** */ @@ -1082,8 +1088,8 @@ static int ndpi_serialize_binary_float(ndpi_serializer *_serializer, u_int32_t buff_diff = serializer->buffer_size - serializer->status.size_used; u_int32_t needed; - if (ndpi_is_number(key, klen)) - return ndpi_serialize_uint32_float(_serializer, atoi(key), value, format); + if(ndpi_is_number(key, klen)) + return(ndpi_serialize_uint32_float(_serializer, atoi(key), value, format)); needed = sizeof(u_int8_t) /* type */ + @@ -1133,7 +1139,7 @@ int ndpi_serialize_string_float(ndpi_serializer *_serializer, const char *key, float value, const char *format /* e.f. "%.2f" */) { - return ndpi_serialize_binary_float(_serializer, key, strlen(key), value, format); + return(ndpi_serialize_binary_float(_serializer, key, strlen(key), value, format)); } /* ********************************** */ @@ -1148,8 +1154,8 @@ static int ndpi_serialize_binary_binary(ndpi_serializer *_serializer, u_int32_t buff_diff = serializer->buffer_size - serializer->status.size_used; u_int32_t needed; - if (ndpi_is_number(key, klen)) - return ndpi_serialize_uint32_string(_serializer, atoi(key), _value); + if(ndpi_is_number(key, klen)) + return(ndpi_serialize_uint32_string(_serializer, atoi(key), _value)); needed = sizeof(u_int8_t) /* type */ + @@ -1197,7 +1203,7 @@ static int ndpi_serialize_binary_binary(ndpi_serializer *_serializer, int ndpi_serialize_string_binary(ndpi_serializer *_serializer, const char *key, const char *_value, u_int16_t vlen) { - return ndpi_serialize_binary_binary(_serializer, key, strlen(key), _value, vlen); + return(ndpi_serialize_binary_binary(_serializer, key, strlen(key), _value, vlen)); } /* ********************************** */ @@ -1216,13 +1222,13 @@ int ndpi_serialize_start_of_block(ndpi_serializer *_serializer, u_int32_t buff_diff = serializer->buffer_size - serializer->status.size_used; u_int32_t needed, klen = strlen(key); - if (serializer->fmt != ndpi_serialization_format_json) - return -1; + if(serializer->fmt != ndpi_serialization_format_json) + return(-1); needed = 16 + klen; - if (buff_diff < needed) { - if (ndpi_extend_serializer_buffer(_serializer, needed - buff_diff) < 0) + if(buff_diff < needed) { + if(ndpi_extend_serializer_buffer(_serializer, needed - buff_diff) < 0) return(-1); buff_diff = serializer->buffer_size - serializer->status.size_used; } @@ -1248,18 +1254,18 @@ int ndpi_serialize_end_of_block(ndpi_serializer *_serializer) { u_int32_t buff_diff = serializer->buffer_size - serializer->status.size_used; u_int32_t needed; - if (serializer->fmt != ndpi_serialization_format_json) - return -1; + if(serializer->fmt != ndpi_serialization_format_json) + return(-1); needed = 4; - if (buff_diff < needed) { - if (ndpi_extend_serializer_buffer(_serializer, needed - buff_diff) < 0) + if(buff_diff < needed) { + if(ndpi_extend_serializer_buffer(_serializer, needed - buff_diff) < 0) return(-1); buff_diff = serializer->buffer_size - serializer->status.size_used; } - buff_diff = serializer->buffer_size - serializer->status.size_used; + // buff_diff = serializer->buffer_size - serializer->status.size_used; ndpi_serialize_json_post(_serializer); return(0); @@ -1287,7 +1293,7 @@ void ndpi_serializer_create_snapshot(ndpi_serializer *_serializer) { void ndpi_serializer_rollback_snapshot(ndpi_serializer *_serializer) { ndpi_private_serializer *serializer = (ndpi_private_serializer*)_serializer; - if (serializer->has_snapshot) { + if(serializer->has_snapshot) { memcpy(&serializer->status, &serializer->snapshot, sizeof(ndpi_private_serializer_status)); serializer->has_snapshot = 0; @@ -1340,7 +1346,7 @@ int ndpi_init_deserializer(ndpi_deserializer *deserializer, ndpi_serialization_format ndpi_deserialize_get_format(ndpi_deserializer *_deserializer) { ndpi_private_deserializer *deserializer = (ndpi_private_deserializer*)_deserializer; - return deserializer->fmt; + return(deserializer->fmt); } /* ********************************** */ @@ -1348,12 +1354,12 @@ ndpi_serialization_format ndpi_deserialize_get_format(ndpi_deserializer *_deseri static inline ndpi_serialization_type ndpi_deserialize_get_key_subtype(ndpi_private_deserializer *deserializer) { u_int8_t type; - if (deserializer->status.size_used >= deserializer->buffer_size) - return ndpi_serialization_unknown; + if(deserializer->status.size_used >= deserializer->buffer_size) + return(ndpi_serialization_unknown); type = deserializer->buffer[deserializer->status.size_used]; - return (ndpi_serialization_type) (type >> 4); + return((ndpi_serialization_type) (type >> 4)); } /* ********************************** */ @@ -1361,12 +1367,12 @@ static inline ndpi_serialization_type ndpi_deserialize_get_key_subtype(ndpi_priv static inline ndpi_serialization_type ndpi_deserialize_get_value_subtype(ndpi_private_deserializer *deserializer) { u_int8_t type; - if (deserializer->status.size_used >= deserializer->buffer_size) + if(deserializer->status.size_used >= deserializer->buffer_size) return(ndpi_serialization_unknown); type = deserializer->buffer[deserializer->status.size_used]; - return (ndpi_serialization_type) (type & 0xf); + return(ndpi_serialization_type) (type & 0xf); } /* ********************************** */ @@ -1404,7 +1410,7 @@ ndpi_serialization_type ndpi_deserialize_get_item_type(ndpi_deserializer *_deser } *key_type = kt; - return et; + return(et); } /* ********************************** */ @@ -1414,14 +1420,14 @@ static inline int ndpi_deserialize_get_single_string_size(ndpi_private_deseriali u_int16_t expected, str_len; expected = sizeof(u_int16_t) /* len */; - if (buff_diff < expected) return -2; + if(buff_diff < expected) return(-2); str_len = ntohs(*((u_int16_t *) &deserializer->buffer[offset])); expected += str_len; - if (buff_diff < expected) return -2; + if(buff_diff < expected) return(-2); - return expected; + return(expected); } /* ********************************** */ @@ -1457,11 +1463,11 @@ static inline int ndpi_deserialize_get_single_size(ndpi_private_deserializer *de size = 0; break; default: - return -2; + return(-2); break; } - return size; + return(size); } /* ********************************** */ @@ -1475,25 +1481,25 @@ int ndpi_deserialize_next(ndpi_deserializer *_deserializer) { expected = sizeof(u_int8_t) /* type */; - if (buff_diff < expected) return -2; + if(buff_diff < expected) return(-2); kt = ndpi_deserialize_get_key_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, kt, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); expected += size; et = ndpi_deserialize_get_value_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, et, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); expected += size; deserializer->status.size_used += expected; - return 0; + return(0); } /* ********************************** */ @@ -1509,12 +1515,12 @@ int ndpi_deserialize_key_uint32(ndpi_deserializer *_deserializer, int size; expected = sizeof(u_int8_t) /* type */; - if (buff_diff < expected) return -2; + if(buff_diff < expected) return(-2); kt = ndpi_deserialize_get_key_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, kt, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); offset = deserializer->status.size_used + expected; @@ -1531,11 +1537,11 @@ int ndpi_deserialize_key_uint32(ndpi_deserializer *_deserializer, *key = v8; break; default: - return -1; + return(-1); break; } - return 0; + return(0); } /* ********************************** */ @@ -1549,16 +1555,16 @@ int ndpi_deserialize_key_string(ndpi_deserializer *_deserializer, int size; expected = sizeof(u_int8_t) /* type */; - if (buff_diff < expected) return -2; + if(buff_diff < expected) return(-2); kt = ndpi_deserialize_get_key_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, kt, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); ndpi_deserialize_single_string(deserializer, deserializer->status.size_used + expected, key); - return 0; + return(0); } /* ********************************** */ @@ -1574,17 +1580,17 @@ int ndpi_deserialize_value_uint32(ndpi_deserializer *_deserializer, int size; expected = sizeof(u_int8_t) /* type */; - if (buff_diff < expected) return -2; + if(buff_diff < expected) return(-2); kt = ndpi_deserialize_get_key_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, kt, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); expected += size; et = ndpi_deserialize_get_value_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, et, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); offset = deserializer->status.size_used + expected; @@ -1604,7 +1610,7 @@ int ndpi_deserialize_value_uint32(ndpi_deserializer *_deserializer, break; } - return 0; + return(0); } /* ********************************** */ @@ -1620,28 +1626,28 @@ int ndpi_deserialize_value_uint64(ndpi_deserializer *_deserializer, int rc; expected = sizeof(u_int8_t) /* type */; - if (buff_diff < expected) return -2; + if(buff_diff < expected) return(-2); kt = ndpi_deserialize_get_key_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, kt, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); expected += size; et = ndpi_deserialize_get_value_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, et, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); if(et != ndpi_serialization_uint64) { /* Try with smaller uint types */ rc = ndpi_deserialize_value_uint32(_deserializer, &v32); *value = v32; - return rc; + return(rc); } ndpi_deserialize_single_uint64(deserializer, deserializer->status.size_used + expected, value); - return 0; + return(0); } /* ********************************** */ @@ -1657,17 +1663,17 @@ int ndpi_deserialize_value_int32(ndpi_deserializer *_deserializer, int size; expected = sizeof(u_int8_t) /* type */; - if (buff_diff < expected) return -2; + if(buff_diff < expected) return(-2); kt = ndpi_deserialize_get_key_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, kt, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); expected += size; et = ndpi_deserialize_get_value_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, et, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); offset = deserializer->status.size_used + expected; @@ -1687,7 +1693,7 @@ int ndpi_deserialize_value_int32(ndpi_deserializer *_deserializer, break; } - return 0; + return(0); } /* ********************************** */ @@ -1703,28 +1709,28 @@ int ndpi_deserialize_value_int64(ndpi_deserializer *_deserializer, int rc; expected = sizeof(u_int8_t) /* type */; - if (buff_diff < expected) return(-2); + if(buff_diff < expected) return(-2); kt = ndpi_deserialize_get_key_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, kt, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); expected += size; et = ndpi_deserialize_get_value_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, et, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); if(et != ndpi_serialization_int64) { /* Try with smaller int types */ rc = ndpi_deserialize_value_int32(_deserializer, &v32); *value = v32; - return rc; + return(rc); } ndpi_deserialize_single_int64(deserializer, deserializer->status.size_used + expected, value); - return 0; + return(0); } /* ********************************** */ @@ -1738,24 +1744,24 @@ int ndpi_deserialize_value_float(ndpi_deserializer *_deserializer, int size; expected = sizeof(u_int8_t) /* type */; - if (buff_diff < expected) return(-2); + if(buff_diff < expected) return(-2); kt = ndpi_deserialize_get_key_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, kt, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); expected += size; et = ndpi_deserialize_get_value_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, et, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); if(et != ndpi_serialization_float) - return -1; + return(-1); ndpi_deserialize_single_float(deserializer, deserializer->status.size_used + expected, value); - return 0; + return(0); } /* ********************************** */ @@ -1769,24 +1775,24 @@ int ndpi_deserialize_value_string(ndpi_deserializer *_deserializer, int size; expected = sizeof(u_int8_t) /* type */; - if (buff_diff < expected) return(-2); + if(buff_diff < expected) return(-2); kt = ndpi_deserialize_get_key_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, kt, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); expected += size; et = ndpi_deserialize_get_value_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, et, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); if(et != ndpi_serialization_string) - return -1; + return(-1); ndpi_deserialize_single_string(deserializer, deserializer->status.size_used + expected, value); - return 0; + return(0); } /* ********************************** */ @@ -1801,30 +1807,30 @@ int ndpi_deserialize_clone_item(ndpi_deserializer *_deserializer, ndpi_serialize u_int16_t expected; int size; - if (serializer->fmt != ndpi_serialization_format_tlv) - return -3; + if(serializer->fmt != ndpi_serialization_format_tlv) + return(-3); expected = sizeof(u_int8_t) /* type */; - if (src_buff_diff < expected) return -2; + if(src_buff_diff < expected) return(-2); kt = ndpi_deserialize_get_key_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, kt, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); expected += size; et = ndpi_deserialize_get_value_subtype(deserializer); size = ndpi_deserialize_get_single_size(deserializer, et, deserializer->status.size_used + expected); - if (size < 0) return -2; + if(size < 0) return(-2); expected += size; - if (dst_buff_diff < expected) { - if (ndpi_extend_serializer_buffer(_serializer, expected - dst_buff_diff) < 0) - return -1; + if(dst_buff_diff < expected) { + if(ndpi_extend_serializer_buffer(_serializer, expected - dst_buff_diff) < 0) + return(-1); dst_buff_diff = serializer->buffer_size - serializer->status.size_used; } @@ -1834,7 +1840,7 @@ int ndpi_deserialize_clone_item(ndpi_deserializer *_deserializer, ndpi_serialize serializer->status.size_used += expected; - return 0; + return(0); } /* ********************************** */ @@ -1852,7 +1858,7 @@ int ndpi_deserialize_clone_all(ndpi_deserializer *deserializer, ndpi_serializer while((et = ndpi_deserialize_get_item_type(deserializer, &kt)) != ndpi_serialization_unknown) { - if (et == ndpi_serialization_end_of_record) { + if(et == ndpi_serialization_end_of_record) { ndpi_serialize_end_of_record(serializer); ndpi_deserialize_next(deserializer); continue; @@ -1868,54 +1874,54 @@ int ndpi_deserialize_clone_all(ndpi_deserializer *deserializer, ndpi_serializer key_is_string = 1; break; default: - return -1; + return(-1); } switch(et) { case ndpi_serialization_uint32: ndpi_deserialize_value_uint32(deserializer, &u32); - if (key_is_string) ndpi_serialize_binary_uint32(serializer, ks.str, ks.str_len, u32); + if(key_is_string) ndpi_serialize_binary_uint32(serializer, ks.str, ks.str_len, u32); else ndpi_serialize_uint32_uint32(serializer, k32, u32); break; case ndpi_serialization_uint64: ndpi_deserialize_value_uint64(deserializer, &u64); - if (key_is_string) ndpi_serialize_binary_uint64(serializer, ks.str, ks.str_len, u64); + if(key_is_string) ndpi_serialize_binary_uint64(serializer, ks.str, ks.str_len, u64); else ndpi_serialize_uint32_uint64(serializer, k32, u64); break; case ndpi_serialization_int32: ndpi_deserialize_value_int32(deserializer, &i32); - if (key_is_string) ndpi_serialize_binary_int32(serializer, ks.str, ks.str_len, i32); + if(key_is_string) ndpi_serialize_binary_int32(serializer, ks.str, ks.str_len, i32); else ndpi_serialize_uint32_int32(serializer, k32, i32); break; case ndpi_serialization_int64: ndpi_deserialize_value_int64(deserializer, &i64); - if (key_is_string) ndpi_serialize_binary_int64(serializer, ks.str, ks.str_len, i64); + if(key_is_string) ndpi_serialize_binary_int64(serializer, ks.str, ks.str_len, i64); else ndpi_serialize_uint32_int64(serializer, k32, i64); break; case ndpi_serialization_float: ndpi_deserialize_value_float(deserializer, &f); - if (key_is_string) ndpi_serialize_binary_float(serializer, ks.str, ks.str_len, f, "%.3f"); + if(key_is_string) ndpi_serialize_binary_float(serializer, ks.str, ks.str_len, f, "%.3f"); else ndpi_serialize_uint32_float(serializer, k32, f, "%.3f"); break; case ndpi_serialization_string: ndpi_deserialize_value_string(deserializer, &vs); - if (key_is_string) ndpi_serialize_binary_binary(serializer, ks.str, ks.str_len, vs.str, vs.str_len); + if(key_is_string) ndpi_serialize_binary_binary(serializer, ks.str, ks.str_len, vs.str, vs.str_len); else ndpi_serialize_uint32_binary(serializer, k32, vs.str, vs.str_len); break; default: - return -2; + return(-2); } ndpi_deserialize_next(deserializer); } - return 0; + return(0); } /* ********************************** */ diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index e33f0c7dc..bea7622a0 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -376,19 +376,32 @@ static void ndpi_int_search_bittorrent_tcp(struct ndpi_detection_module_struct * return; } +static u_int8_t is_port(u_int16_t a, u_int16_t b, u_int16_t what) { + return(((what == a) || (what == b)) ? 1 : 0); +} + void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; char *bt_proto = NULL; /* This is broadcast */ - if(packet->iph - && (((packet->iph->saddr == 0xFFFFFFFF) || (packet->iph->daddr == 0xFFFFFFFF)) - || (packet->udp - && ((ntohs(packet->udp->source) == 3544) /* teredo.c */ - || (ntohs(packet->udp->dest) == 3544))))) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - return; + if(packet->iph) { + + if((packet->iph->saddr == 0xFFFFFFFF) || (packet->iph->daddr == 0xFFFFFFFF)) + goto exclude_bt; + + + if(packet->udp) { + u_int16_t sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); + + if(is_port(sport, dport, 3544) /* teredo */ + || is_port(sport, dport, 5246) || is_port(sport, dport, 5247)/* CAPWAP */) { + exclude_bt: + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + } } if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_BITTORRENT) { @@ -397,8 +410,8 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st if((packet->tcp != NULL) && (packet->tcp_retransmission == 0 || packet->num_retried_bytes)) { ndpi_int_search_bittorrent_tcp(ndpi_struct, flow); - } - else if(packet->udp != NULL) { + } else if(packet->udp != NULL) { + /* UDP */ char *bt_search = "BT-SEARCH * HTTP/1.1\r\n"; if((ntohs(packet->udp->source) < 1024) diff --git a/src/lib/protocols/capwap.c b/src/lib/protocols/capwap.c new file mode 100644 index 000000000..bfad1a593 --- /dev/null +++ b/src/lib/protocols/capwap.c @@ -0,0 +1,123 @@ +/* + * capwap.c + * + * Copyright (C) 2019 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CAPWAP + +#include "ndpi_api.h" + +#define NDPI_CAPWAP_CONTROL_PORT 5246 +#define NDPI_CAPWAP_DATA_PORT 5247 + + +static void ndpi_int_capwap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CAPWAP, NDPI_PROTOCOL_UNKNOWN); +} + +/* ************************************************** */ + +static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + u_int16_t sport, dport; + + if(!packet->iph) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); + + if((dport == NDPI_CAPWAP_CONTROL_PORT) + && (packet->iph->daddr == 0xFFFFFFFF) + && (packet->payload_packet_len >= 16) + && (packet->payload[0] == 0x0) + && (packet->payload[8] == 6 /* Mac len */) + ) + goto capwap_found; + + if(((sport == NDPI_CAPWAP_CONTROL_PORT) || (dport == NDPI_CAPWAP_CONTROL_PORT)) + && ((packet->payload[0] == 0x0) || (packet->payload[0] == 0x1)) + ) { + u_int16_t msg_len, offset, to_add; + + if(packet->payload[0] == 0x0) + offset = 13, to_add = 13; + else + offset = 15, to_add = 17; + + msg_len = ntohs(*(u_int16_t*)&packet->payload[offset]); + + if((msg_len+to_add) == packet->payload_packet_len) + goto capwap_found; + } + + if( + (((dport == NDPI_CAPWAP_DATA_PORT) && (packet->iph->daddr != 0xFFFFFFFF)) || (sport == NDPI_CAPWAP_DATA_PORT)) + && (packet->payload_packet_len >= 16) + && (packet->payload[0] == 0x0) + ) { + u_int8_t is_80211_data = (packet->payload[9] & 0x0C) >> 2; + + + if((sport == NDPI_CAPWAP_DATA_PORT) && (is_80211_data == 2 /* IEEE 802.11 Data */)) + goto capwap_found; + else if(dport == NDPI_CAPWAP_DATA_PORT) { + u_int16_t msg_len = ntohs(*(u_int16_t*)&packet->payload[13]); + + if((packet->payload[8] == 1 /* Mac len */) + || (packet->payload[8] == 6 /* Mac len */) + || (packet->payload[8] == 4 /* Wireless len */) + || ((msg_len+15) == packet->payload_packet_len)) + goto capwap_found; + } + } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + + capwap_found: + ndpi_int_capwap_add_connection(ndpi_struct, flow); +} + +void ndpi_search_capwap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + if(packet->udp && (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) + ndpi_search_setup_capwap(ndpi_struct, flow); +} + + +void init_capwap_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("CAPWAP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_CAPWAP, + ndpi_search_capwap, + NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index fa73ab0ae..b7fcfb61d 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -63,8 +63,8 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, u_int realm_len, realm_offset = cname_len + name_offset + 4, i; char cname_str[24]; - if(cname_len >= sizeof(cname_str)) - cname_len = sizeof(cname_str); + if(cname_len > sizeof(cname_str)-1) + cname_len = sizeof(cname_str)-1; strncpy(cname_str, (char*)&packet->payload[name_offset+1], cname_len); cname_str[cname_len] = '\0'; diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 8ada5d997..e758fd5b8 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -32,11 +32,17 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - if(flow->host_server_name[0] != '\0') + /* No need to do ntohl() with 0xFFFFFFFF */ + if(packet->iph && (packet->iph->daddr == 0xFFFFFFFF /* 255.255.255.255 */)) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; + } + if(flow->host_server_name[0] != '\0') + return; + // UDP check - if(packet->udp != NULL) { + if(packet->udp != NULL) { flow->l4.udp.skype_packet_id++; if(flow->l4.udp.skype_packet_id < 5) { @@ -52,6 +58,7 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d)) || ((payload_len >= 16) && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */ + && (packet->payload[0] != 0x0) /* Avoid invalid CAPWAP detection */ && (packet->payload[2] == 0x02))) { if(is_port(sport, dport, 8801)) diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 448062f47..e95965f6b 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -38,7 +38,6 @@ struct stun_packet_header { u_int8_t transaction_id[8]; }; - /* ************************************************************ */ u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) { @@ -147,9 +146,15 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * int rc; /* STUN over TCP does not look good */ - if (flow->packet.tcp) + if(flow->packet.tcp) return(NDPI_IS_NOT_STUN); + /* No need to do ntohl() with 0xFFFFFFFF */ + if(flow->packet.iph && (flow->packet.iph->daddr == 0xFFFFFFFF /* 255.255.255.255 */)) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return(NDPI_IS_NOT_STUN);; + } + if(payload_length >= 512) { return(NDPI_IS_NOT_STUN); } else if(payload_length < sizeof(struct stun_packet_header)) { @@ -174,7 +179,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * return(NDPI_IS_NOT_STUN); /* https://www.iana.org/assignments/stun-parameters/stun-parameters.xhtml */ - if ((msg_type & 0x3EEF) > 0x000B && msg_type != 0x0800) { + if((msg_type & 0x3EEF) > 0x000B && msg_type != 0x0800) { #ifdef DEBUG_STUN printf("[STUN] msg_type = %04X\n", msg_type); #endif @@ -184,7 +189,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * as this was a flow that started as STUN and turned into something else. Let's investigate what is that about */ - if (payload[0] == 0x16) { + if(payload[0] == 0x16) { /* Let's check if this is DTLS used by some socials */ struct ndpi_packet_struct *packet = &flow->packet; u_int16_t total_len, version = htons(*((u_int16_t*) &packet->payload[1])); @@ -194,7 +199,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0xFEFD: /* DTLS 1.2 */ total_len = ntohs(*((u_int16_t*) &packet->payload[11])) + 13; - if (payload_length == total_len) { + if(payload_length == total_len) { /* This is DTLS and the only protocol we know behaves like this is signal */ flow->guessed_host_protocol_id = NDPI_PROTOCOL_SIGNAL; return(NDPI_IS_STUN); @@ -212,7 +217,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * printf("[STUN] Here we go\n");; #endif - if (ndpi_struct->stun_cache) { + if(ndpi_struct->stun_cache) { u_int16_t proto; u_int32_t key = get_stun_lru_key(flow, 0); int rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto, @@ -222,7 +227,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * printf("[LRU] Searching %u\n", key); #endif - if (!rc) { + if(!rc) { key = get_stun_lru_key(flow, 1); rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto, 0 /* Don't remove it as it can be used for other connections */); @@ -232,7 +237,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * #endif } - if (rc) { + if(rc) { #ifdef DEBUG_LRU printf("[LRU] Cache FOUND %u / %u\n", key, proto); #endif @@ -253,18 +258,18 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if(msg_type == 0x01 /* Binding Request */) { flow->protos.stun_ssl.stun.num_binding_requests++; - if (!msg_len && flow->guessed_host_protocol_id == NDPI_PROTOCOL_GOOGLE) + if(!msg_len && flow->guessed_host_protocol_id == NDPI_PROTOCOL_GOOGLE) flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; else flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; - if (!msg_len) { + if(!msg_len) { /* flow->protos.stun_ssl.stun.num_udp_pkts++; */ return(NDPI_IS_NOT_STUN); /* This to keep analyzing STUN instead of giving up */ } } - if (!msg_len && flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) { + if(!msg_len && flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return(NDPI_IS_NOT_STUN); } @@ -280,7 +285,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * return(NDPI_IS_STUN); /* This is WhatsApp Call */ } - if (payload[0] != 0x80 && (msg_len + 20) > payload_length) + if(payload[0] != 0x80 && (msg_len + 20) > payload_length) return(NDPI_IS_NOT_STUN); else { switch(flow->guessed_protocol_id) { @@ -296,8 +301,8 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * } } - if (payload_length == (msg_len+20)) { - if ((msg_type & 0x3EEF) <= 0x000B) /* http://www.3cx.com/blog/voip-howto/stun-details/ */ { + if(payload_length == (msg_len+20)) { + if((msg_type & 0x3EEF) <= 0x000B) /* http://www.3cx.com/blog/voip-howto/stun-details/ */ { u_int offset = 20; /* @@ -314,7 +319,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * u_int16_t len = ntohs(*((u_int16_t*)&payload[offset+2])); u_int16_t x = (len + 4) % 4; - if (x) + if(x) len += 4-x; #ifdef DEBUG_STUN @@ -352,10 +357,10 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * printf("==> [%s]\n", flow->host_server_name); #endif - if (strstr((char*) flow->host_server_name, "google.com") != NULL) { + if(strstr((char*) flow->host_server_name, "google.com") != NULL) { flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; return(NDPI_IS_STUN); - } else if (strstr((char*) flow->host_server_name, "whispersystems.org") != NULL) { + } else if(strstr((char*) flow->host_server_name, "whispersystems.org") != NULL) { flow->guessed_host_protocol_id = NDPI_PROTOCOL_SIGNAL; return(NDPI_IS_STUN); } @@ -364,8 +369,8 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * break; case 0xC057: /* Messeger */ - if (msg_type == 0x0001) { - if ((msg_len == 100) || (msg_len == 104)) { + if(msg_type == 0x0001) { + if((msg_len == 100) || (msg_len == 104)) { flow->guessed_host_protocol_id = NDPI_PROTOCOL_MESSENGER; return(NDPI_IS_STUN); } else if(msg_len == 76) { @@ -416,7 +421,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * break; case 0x8070: /* Implementation Version */ - if (len == 4 && ((offset+7) < payload_length) + if(len == 4 && ((offset+7) < payload_length) && (payload[offset+4] == 0x00) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) && ((payload[offset+7] == 0x02) || (payload[offset+7] == 0x03))) { #ifdef DEBUG_STUN @@ -450,7 +455,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * } } - if ((flow->protos.stun_ssl.stun.num_udp_pkts > 0) && (msg_type <= 0x00FF)) { + if((flow->protos.stun_ssl.stun.num_udp_pkts > 0) && (msg_type <= 0x00FF)) { flow->guessed_host_protocol_id = NDPI_PROTOCOL_WHATSAPP_CALL; return(NDPI_IS_STUN); } else @@ -507,7 +512,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload, packet->payload_packet_len) == NDPI_IS_STUN) { udp_stun_match: - if (flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) + if(flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) { diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 261f2ab28..c65d4fc69 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -67,7 +67,7 @@ static u_int32_t ndpi_tls_refine_master_protocol(struct ndpi_detection_module_st struct ndpi_flow_struct *flow, u_int32_t protocol) { struct ndpi_packet_struct *packet = &flow->packet; - protocol = NDPI_PROTOCOL_TLS; + // protocol = NDPI_PROTOCOL_TLS; if(packet->tcp != NULL) { switch(protocol) { @@ -424,9 +424,25 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, if(num_dots >= 1) { if(!ndpi_struct->disable_metadata_export) { + ndpi_protocol_match_result ret_match; + u_int16_t subproto; + stripCertificateTrailer(buffer, buffer_len); snprintf(flow->protos.stun_ssl.ssl.server_certificate, sizeof(flow->protos.stun_ssl.ssl.server_certificate), "%s", buffer); + +#ifdef DEBUG_TLS + printf("[server_certificate: %s]\n", flow->protos.stun_ssl.ssl.server_certificate); +#endif + + subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, + flow->protos.stun_ssl.ssl.server_certificate, + strlen(flow->protos.stun_ssl.ssl.server_certificate), + &ret_match, + NDPI_PROTOCOL_TLS); + + if(subproto != NDPI_PROTOCOL_UNKNOWN) + ndpi_set_detected_protocol(ndpi_struct, flow, subproto, NDPI_PROTOCOL_TLS); } return(1 /* Server Certificate */); @@ -1111,11 +1127,16 @@ int tlsDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s NDPI_LOG_DBG2(ndpi_struct, "***** [SSL] %s\n", certificate); #endif ndpi_protocol_match_result ret_match; - u_int16_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, - strlen(certificate), - &ret_match, - NDPI_PROTOCOL_TLS); + u_int16_t subproto; + if(certificate[0] == '\0') + subproto = NDPI_PROTOCOL_UNKNOWN; + else + subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, + strlen(certificate), + &ret_match, + NDPI_PROTOCOL_TLS); + if(subproto != NDPI_PROTOCOL_UNKNOWN) { /* If we've detected the subprotocol from client certificate but haven't had a chance * to see the server certificate yet, set up extra packet processing to wait |