Refreshed DNS implementation

author: Luca Deri <deri@ntop.org> 2016-06-27 11:19:47 +0200
committer: Luca Deri <deri@ntop.org> 2016-06-27 11:19:47 +0200
commit: 6fb81f146e2542cfbf7fab7d53678339c7747b35 (patch)
tree: eb02da320348eb54aadb92e76689e3306a96eccd /src
parent: 539ab241cd499d2cd0d4dea758ca4769abe7e9d6 (diff)
4 files changed, 22 insertions, 17 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 4e06da989..adc56fc11 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -273,8 +273,9 @@
 #define NDPI_PROTOCOL_RX 			        223
 #define NDPI_SERVICE_WEIBO                              224
 #define NDPI_SERVICE_OPENDNS                            225
+#define NDPI_PROTOCOL_GIT                               226
 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
-#define NDPI_LAST_IMPLEMENTED_PROTOCOL			NDPI_SERVICE_OPENDNS
+#define NDPI_LAST_IMPLEMENTED_PROTOCOL			NDPI_PROTOCOL_GIT
 
 #define NDPI_MAX_SUPPORTED_PROTOCOLS                    (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
 #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS                   (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index 9298bf22a..04121347f 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -194,6 +194,7 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc
 void ndpi_search_coap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_rx(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 /* --- INIT FUNCTIONS --- */
 void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
@@ -334,4 +335,5 @@ void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
 void init_coap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_rx_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 #endif /* __NDPI_PROTOCOLS_H__ */
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 62a4f3083..8ec1453fc 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -849,8 +849,8 @@ struct ndpi_detection_module_struct {
 
   ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS];
 
-  u_int8_t http_dont_dissect_response:1;
-  u_int8_t direction_detect_disable:1; /* disable internal detection of packet direction */
+  u_int8_t http_dont_dissect_response:1, dns_dissect_response:1, 
+    direction_detect_disable:1; /* disable internal detection of packet direction */
 };
 
 struct ndpi_flow_struct {
@@ -911,8 +911,8 @@ struct ndpi_flow_struct {
 
     /* the only fields useful for nDPI and ntopng */
     struct {
-      u_int8_t num_answers, ret_code;
-      u_int16_t query_type;
+      u_int8_t num_queries, num_answers, reply_code;
+      u_int16_t query_type, query_class, rsp_type;
     } dns;
     
     struct {
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index bee277752..7ee114579 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -126,12 +126,10 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	} else
 	  invalid = 1;
 	
-	/* if(ndpi_struct->dns_dissect_response) */
-	  return; /* The response will set the verdict */
       } else {
 	/* DNS Reply */
 
-	/* flow->protos.dns.reply_code = dns_header.flags & 0x0F; */
+	flow->protos.dns.reply_code = dns_header.flags & 0x0F;
 
 	if((dns_header.num_queries > 0) && (dns_header.num_queries <= NDPI_MAX_DNS_REQUESTS) /* Don't assume that num_queries must be zero */
 	   && (((dns_header.num_answers > 0) && (dns_header.num_answers <= NDPI_MAX_DNS_REQUESTS))
@@ -139,7 +137,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	       || ((dns_header.additional_rrs > 0) && (dns_header.additional_rrs <= NDPI_MAX_DNS_REQUESTS)))
 	   ) {
 	  /* This is a good reply */
-	  /* if(ndpi_struct->dns_dissect_response) */ {
+	  if(ndpi_struct->dns_dissect_response) {
 	    x++;
 	  
 	    if(flow->packet.payload[x] != '\0') {
@@ -170,7 +168,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 		  x += data_len;
  
 		rsp_type = get16(&x, flow->packet.payload);
-		/* flow->protos.dns.rsp_type = rsp_type; */
+		flow->protos.dns.rsp_type = rsp_type;
 		break;
 	      }
 	    }
@@ -198,11 +196,18 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 
 	off++;
       }
+
       flow->host_server_name[j] = '\0';
 
-      /* flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries, */
+      flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries,
 	flow->protos.dns.num_answers = (u_int8_t) (dns_header.num_answers + dns_header.authority_rrs + dns_header.additional_rrs);
 
+      if(j > 0)
+	ndpi_match_host_subprotocol(ndpi_struct, flow, 
+				    (char *)flow->host_server_name,
+				    strlen((const char*)flow->host_server_name),
+				    NDPI_PROTOCOL_DNS);
+
 #ifdef DNS_DEBUG		
       printf("[%s:%d] [num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n",
 	     __FILE__, __LINE__,
@@ -210,14 +215,11 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
 	     flow->protos.dns.reply_code, flow->protos.dns.rsp_type, flow->host_server_name
 	     );
 #endif
-
-      if(j > 0)
-	ndpi_match_host_subprotocol(ndpi_struct, flow, 
-				    (char *)flow->host_server_name,
-				    strlen((const char*)flow->host_server_name),
-				    NDPI_PROTOCOL_DNS);
     
       if(flow->packet.detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
+	if(is_query && ndpi_struct->dns_dissect_response)
+	  return; /* The response will set the verdict */
+	
 	/**
 	   Do not set the protocol with DNS if ndpi_match_host_subprotocol() has
 	   matched a subprotocol
author	Luca Deri <deri@ntop.org>	2016-06-27 11:19:47 +0200
committer	Luca Deri <deri@ntop.org>	2016-06-27 11:19:47 +0200
commit	6fb81f146e2542cfbf7fab7d53678339c7747b35 (patch)
tree	eb02da320348eb54aadb92e76689e3306a96eccd /src
parent	539ab241cd499d2cd0d4dea758ca4769abe7e9d6 (diff)