diff options
| author | Luca <deri@ntop.org> | 2019-09-05 10:45:08 +0200 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2019-09-05 10:45:08 +0200 |
| commit | 241cfb319b0a1c8650c6ccd2574fade467036297 (patch) | |
| tree | 7703eecb99724945f2ccab9560df6b27a90acc0d /src | |
| parent | 9b80c6314d9862c716f77bc2814bd28e8ede2f54 (diff) | |
Enhanced Signal detection
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/stun.c | 15 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 26 |
2 files changed, 30 insertions, 11 deletions
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 44c7ada3f..5a2156e71 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -30,10 +30,11 @@ #define MAX_NUM_STUN_PKTS 8 -/* +#if 0 #define DEBUG_STUN 1 #define DEBUG_LRU 1 -*/ +#endif + struct stun_packet_header { u_int16_t msg_type, msg_len; @@ -167,9 +168,17 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * u_int32_t key = get_stun_lru_key(flow, 0); int rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto, 0 /* Don't remove it as it can be used for other connections */); +#ifdef DEBUG_LRU + printf("[LRU] Searching %u\n", key); +#endif + if(!rc) { key = get_stun_lru_key(flow, 1); rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto, 0 /* Don't remove it as it can be used for other connections */); + +#ifdef DEBUG_LRU + printf("[LRU] Searching %u\n", key); +#endif } if(rc) { @@ -184,7 +193,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * *is_whatsapp = 1; break; case NDPI_PROTOCOL_MESSENGER: - *is_messenger; + *is_messenger = 1; break; case NDPI_PROTOCOL_HANGOUT_DUO: *is_duo = 1; diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 557768c03..185706457 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -32,10 +32,13 @@ #define NDPI_MAX_TLS_REQUEST_SIZE 10000 -/* Skype.c */ +/* skype.c */ extern u_int8_t is_skype_flow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +/* stun.c */ +extern u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev); + /* **************************************** */ static u_int32_t ndpi_tls_refine_master_protocol(struct ndpi_detection_module_struct *ndpi_struct, @@ -81,13 +84,12 @@ static u_int32_t ndpi_tls_refine_master_protocol(struct ndpi_detection_module_st static void ndpi_int_tls_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int32_t protocol) { - if((protocol != NDPI_PROTOCOL_TLS) - && (protocol != NDPI_PROTOCOL_TLS_NO_CERT)) { - ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN); - } else { - protocol = ndpi_tls_refine_master_protocol(ndpi_struct, flow, protocol); - ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN); - } + if((protocol != NDPI_PROTOCOL_TLS) && (protocol != NDPI_PROTOCOL_TLS_NO_CERT)) { + ; + } else + protocol = ndpi_tls_refine_master_protocol(ndpi_struct, flow, protocol); + + ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_TLS); } /* **************************************** */ @@ -1063,6 +1065,14 @@ void ndpi_search_tls_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, flow->guessed_protocol_id = NDPI_PROTOCOL_TLS; if(flow->protos.stun_ssl.stun.num_udp_pkts > 0) { + u_int32_t key = get_stun_lru_key(flow, 1); + + if(ndpi_struct->stun_cache == NULL) + ndpi_struct->stun_cache = ndpi_lru_cache_init(1024); + ndpi_lru_add_to_cache(ndpi_struct->stun_cache, key, NDPI_PROTOCOL_SIGNAL); + + printf("[LRU] Adding Signal cached key %u\n", key); + /* In Signal protocol STUN turns into DTLS... */ ndpi_int_tls_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SIGNAL); } else if(flow->protos.stun_ssl.ssl.ja3_server[0] != '\0') { |