Added DNScrypt detection

3 files changed, 13 insertions, 8 deletions

diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 2c318b341..726736a06 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -233,8 +233,6 @@
 #define NDPI_PROTOCOL_KAKAOTALK_VOICE 	 194 /* KakaoTalk Voice */
 #define NDPI_PROTOCOL_TWITCH 	         195 /* Edoardo Dominici <edoaramis@gmail.com> */
 #define NDPI_PROTOCOL_QUICKPLAY 	 196 /* Streaming service used by various services such as hooq.tv */
-
-/* 197 is free */
 #define NDPI_PROTOCOL_WECHAT             197
 
 #define NDPI_PROTOCOL_MPEGTS 	         198
@@ -248,8 +246,9 @@
 #define NDPI_PROTOCOL_IQIYI 	         206
 #define NDPI_PROTOCOL_SMPP 	         207 /* Damir Franusic <df@release14.org> */
 
-/* 208 - 209 free */
-#define NDPI_PROTOCOL_FREE_208           208
+#define NDPI_PROTOCOL_DNSCRYPT           208
+
+/* 209 free */
 #define NDPI_PROTOCOL_FREE_209           209
 
 #define NDPI_PROTOCOL_DEEZER 	         210
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index d9ceb77a4..6bf18ffbc 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -8144,7 +8144,7 @@ ndpi_protocol_match host_match[] = {
   { ".wx.",				"WeChat",          	NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
   { ".weixin.",				"WeChat",          	NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
   { ".mmsns.qpic.cn",			"WeChat",          	NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN },
-    
+  { "dnscrypt.org",			"DNScrypt",          	NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE },    
   { NULL, 0 }
 };
 
@@ -8217,6 +8217,8 @@ ndpi_protocol_match content_match[] = {
   - www.qbtxzhetq4s2f.com
   - www.fgd2iwya7vinfutj5wq5we.net
 
+  See also DGA (Domain Generation Algorithm)
+  
   In essence www.<name>.com|net
 
   To do things properly we should check if host name in the certificate
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index b07557b5a..5e864383a 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1616,9 +1616,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),   /* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));  /* UDP */
-
-    /* To be removed as soon as we define new protocols */
-    ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208);
+    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNSCRYPT,
+			    no_master,
+			    no_master, "DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK,
+			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),   /* TCP */
+			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));  /* UDP */
+    
+/* To be removed as soon as we define new protocols */
     ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209);
     ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217);
     ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224);