First running example. No actual low-level detection.

* logging is now running * included example capture * included example log * skeleton for coap detection
author: Sorin Zamfir <sorin.zamfir@yahoo.com> 2016-02-08 23:01:22 +0200
committer: Sorin Zamfir <sorin.zamfir@yahoo.com> 2016-02-08 23:01:22 +0200
commit: ee5e7449acf33e8c1bb40b86ffe176399cb25b74 (patch)
tree: 7ffdae7ac2fca6a37aae6134e8cfbc749c7c08e8 /src
parent: 278a067d437f8fa4d6492071bcb356f9c1fc8c4f (diff)
7 files changed, 79 insertions, 169 deletions
diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h
index 3fa0b34e6..266c76968 100644
--- a/src/include/ndpi_define.h
+++ b/src/include/ndpi_define.h
@@ -156,6 +156,7 @@
 /* misc definitions */
 #define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000
 
+#define NDPI_ENABLE_DEBUG_MESSAGES 1
 
 /* TODO: rebuild all memory areas to have a more aligned memory block here */
 
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 5132167f7..8084525f2 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -268,9 +268,10 @@
 #define NDPI_SERVICE_HOTSPOT_SHIELD                     215
 #define NDPI_SERVICE_OCS                                218
 #define NDPI_SERVICE_OFFICE_365                         219
+#define NDPI_PROTOCOL_COAP                              221
 
 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
-#define NDPI_LAST_IMPLEMENTED_PROTOCOL			NDPI_PROTOCOL_MS_LYNC
+#define NDPI_LAST_IMPLEMENTED_PROTOCOL			NDPI_PROTOCOL_COAP
 
 #define NDPI_MAX_SUPPORTED_PROTOCOLS                    (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
 #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS                   (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index 240f7b42e..56028c995 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -197,6 +197,7 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struc
 void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_starcraft(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_coap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
 
 
 /* --- INIT FUNCTIONS --- */
@@ -336,5 +337,5 @@ void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
 void init_zmq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_stracraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
-
+void init_coap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 #endif /* __NDPI_PROTOCOLS_H__ */
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index c4f4fdf73..2ae137b74 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -345,6 +345,14 @@ typedef enum {
   HTTP_METHOD_CONNECT
 } ndpi_http_method;
 
+typedef enum {
+  COAP_METHOD_UNKNOWN = 0,
+  COAP_METHOD_GET,
+  COAP_METHOD_POST,
+  COAP_METHOD_PUT,
+  COAP_METHOD_DELETE
+} ndpi_coap_method;
+
 struct ndpi_id_struct {
   /**
      detected_protocol_bitmask:
@@ -625,6 +633,9 @@ struct ndpi_flow_udp_struct {
   u_int8_t eaq_pkt_id;
   u_int32_t eaq_sequence;
 #endif
+#ifdef NDPI_PROTOCOL_COAP
+  u_int32_t coap_stage:2;
+#endif
 }
 #ifndef WIN32
   __attribute__ ((__packed__))
@@ -905,6 +916,11 @@ struct ndpi_flow_struct {
     char *url, *content_type;
   } http;
 
+  struct {
+    ndpi_coap_method method;
+    char *url, *content_type;
+  } coap;
+
   union {
 
     /* the only fields useful for nDPI and ntopng */
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 3c5a69e64..80becd407 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -155,6 +155,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \
 		     protocols/yahoo.c \
 		     protocols/zattoo.c \
 		     protocols/zeromq.c \
+		     protocols/coap.c \
 		     third_party/include/actypes.h \
 		     third_party/include/ahocorasick.h \
 		     third_party/include/node.h \
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 9d9c38edc..572fd4f01 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1498,6 +1498,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    no_master, "Lync",
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),	/* TCP */
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0));	/* UDP */
+    ndpi_set_proto_defaults(ndpi_mod,NDPI_PROTOCOL_ACCEPTABLE,NDPI_PROTOCOL_COAP,
+    		    no_master,
+				no_master, "COAP",
+				ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0),   /* TCP */
+				ndpi_build_default_ports(ports_b, 5683, 0, 0, 0, 0));  /* UDP */
 
     /* calling function for host and content matched protocols */
     init_string_based_protocols(ndpi_mod);
@@ -2462,6 +2467,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
   /* UBNTAC2 */
   init_ubntac2_dissector(ndpi_struct, &a, detection_bitmask);
 
+  /* COAP */
+  init_coap_dissector(ndpi_struct, &a, detection_bitmask);
+
   /* Put false-positive sensitive protocols at the end */
 
   /* SKYPE */
diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c
index bd349b2cd..7047154f9 100644
--- a/src/lib/protocols/coap.c
+++ b/src/lib/protocols/coap.c
@@ -21,18 +21,22 @@
  *
  */
 
-#define NDPI_PROTOCOL_COAP
 
 #include "ndpi_protocols.h"
 #ifdef NDPI_PROTOCOL_COAP
-static void ndpi_int_coap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
-	// not sure if this is accurate but coap runs on top of udp and should be connectionless
-	  if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
-	    /* This is COAP and it is not a sub protocol (e.g. lwm2m) */
-	    ndpi_search_tcp_or_udp(ndpi_struct, flow);
+static void
+ndpi_int_coap_add_connection (struct ndpi_detection_module_struct *ndpi_struct,
+			      struct ndpi_flow_struct *flow)
+{
+  // not sure if this is accurate but coap runs on top of udp and should be connectionless
+  if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
+    {
+      /* This is COAP and it is not a sub protocol (e.g. lwm2m) */
+      ndpi_search_tcp_or_udp (ndpi_struct, flow);
 //
 //	    /* If no custom protocol has been detected */
-	    if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
+      if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
+	{
 //	      if(protocol != NDPI_PROTOCOL_HTTP) {
 //		ndpi_search_tcp_or_udp(ndpi_struct, flow);
 //		ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
@@ -43,172 +47,50 @@ static void ndpi_int_coap_add_connection(struct ndpi_detection_module_struct *nd
 //	    }
 //
 //	    flow->http_detected = 1;
-//	  }
-}
-
-void ndpi_search_coap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
-	struct ndpi_packet_struct *packet = &flow->packet;
-	//TODO
-	if (packet->detected_protocol_stack[0]!= NDPI_PROTOCOL_UNKNOWN){
-		return;
 	}
-	NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "CoAP detected...\n");
-//	if packet->
+    }
 }
 
-void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id,
-			 NDPI_PROTOCOL_BITMASK *detection_bitmask)
+//static u_int16_t coap_request_url_offset(struct ndpi_detection_module_struct * ndpi_struct,
+//					 struct ndpi_flow_struct *flow)
+//{
+//  struct ndpi_packet_struct* packet = &flow->packet;
+//  if (packet->payload_packet_len >=4 )
+//}
+
+void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct,
+		       struct ndpi_flow_struct *flow)
 {
-//TODO
+  struct ndpi_packet_struct *packet = &flow->packet;
+  if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN)
+  {
+      return;
+  }
+  NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "CoAP detection...\n");
 
-	//  ndpi_set_bitmask_protocol_detection("HTTP",ndpi_struct, detection_bitmask, *id,
-//				      NDPI_PROTOCOL_HTTP,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//
-//#if 0
-//  ndpi_set_bitmask_protocol_detection("HTTP_Proxy", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_PROTOCOL_HTTP_PROXY,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//
-//#ifdef NDPI_CONTENT_MPEG
-//  ndpi_set_bitmask_protocol_detection("MPEG", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_MPEG,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_FLASH
-//  ndpi_set_bitmask_protocol_detection("Flash", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_FLASH,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_QUICKTIME
-//  ndpi_set_bitmask_protocol_detection("QuickTime", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_QUICKTIME,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_REALMEDIA
-//  ndpi_set_bitmask_protocol_detection("RealMedia", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_REALMEDIA,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_WINDOWSMEDIA
-//  ndpi_set_bitmask_protocol_detection("WindowsMedia", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_WINDOWSMEDIA,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_MMS
-//  ndpi_set_bitmask_protocol_detection("MMS", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_MMS,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_PROTOCOL_XBOX
-//  ndpi_set_bitmask_protocol_detection("Xbox", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_PROTOCOL_XBOX,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_PROTOCOL_QQ
-//  ndpi_set_bitmask_protocol_detection("QQ", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_PROTOCOL_QQ,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_AVI
-//  ndpi_set_bitmask_protocol_detection("AVI", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_AVI,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_CONTENT_OGG
-//  ndpi_set_bitmask_protocol_detection("OggVorbis", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_CONTENT_OGG,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//#ifdef NDPI_PROTOCOL_MOVE
-//  ndpi_set_bitmask_protocol_detection("Move", ndpi_struct, detection_bitmask, *id,
-//				      NDPI_PROTOCOL_MOVE,
-//				      ndpi_search_http_tcp,
-//				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
-//				      NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-//				      ADD_TO_DETECTION_BITMASK);
-//  *id += 1;
-//#endif
-//
-//  /* Update excluded protocol bitmask */
-//  NDPI_BITMASK_SET(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,
-//  		   ndpi_struct->callback_buffer[a].detection_bitmask);
-//
-//  /*Delete protocol from exluded protocol bitmask*/
-//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_UNKNOWN);
-//
-//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_QQ);
-//
-//#ifdef NDPI_CONTENT_FLASH
-//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_CONTENT_FLASH);
-//#endif
-//
-//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,  NDPI_CONTENT_MMS);
-//  /* #ifdef NDPI_PROTOCOL_RTSP */
-//  /*   NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, */
-//  /* 				 NDPI_PROTOCOL_RTSP); */
-//  /* #endif */
-//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_XBOX);
-//
-//  NDPI_BITMASK_SET(ndpi_struct->generic_http_packet_bitmask, ndpi_struct->callback_buffer[a].detection_bitmask);
-//
-//  NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->generic_http_packet_bitmask, NDPI_PROTOCOL_UNKNOWN);
-//
-//  /* Update callback_buffer index */
-//  a++;
-//
-//#endif
+  if (flow->l4.udp.coap_stage == 0) {
+  // we must set something here
+      NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> COAP: %c%c%c%c [len: %u]\n",
+      	   packet->payload[0], packet->payload[1], packet->payload[2], packet->payload[3],
+      	   packet->payload_packet_len);
 
+  } else if (flow->l4.udp.coap_stage == 1 + packet->packet_direction )
+    {
+
+    }
+  //	packet->
 }
 
+void init_coap_dissector (struct ndpi_detection_module_struct *ndpi_struct,
+		     u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+  ndpi_set_bitmask_protocol_detection ("COAP", ndpi_struct, detection_bitmask, *id,
+				       NDPI_PROTOCOL_COAP,
+				       ndpi_search_coap,
+				       NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+				       SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK);
+  *id +=1;
+}
+
+
 #endif // NDPI_PROTOCOL_COAP
author	Sorin Zamfir <sorin.zamfir@yahoo.com>	2016-02-08 23:01:22 +0200
committer	Sorin Zamfir <sorin.zamfir@yahoo.com>	2016-02-08 23:01:22 +0200
commit	ee5e7449acf33e8c1bb40b86ffe176399cb25b74 (patch)
tree	7ffdae7ac2fca6a37aae6134e8cfbc749c7c08e8 /src
parent	278a067d437f8fa4d6492071bcb356f9c1fc8c4f (diff)