diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2021-12-04 13:30:10 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-04 13:30:10 +0100 |
| commit | 7cba34a1e3aef9cb057db2a5f5fab22473aabc48 (patch) | |
| tree | 24c8a1192f90cedf60ba1c8c4ecbb8bc242755ed /src | |
| parent | 6e86e6d924286491055608850e1df2db0c2322ad (diff) | |
Improve IPv6 support, enabling IPv6 traffic on (almost) all dissectors. (#1380)
There are no valid reasons for a (generic) protocol to ignore IPv6
traffic.
Note that:
* I have not found the specifications of "CheckPoint High Availability
Protocol", so I don't know how/if it supports IPv6
* all LRU caches are still IPv4 only
Even if src_id/dst_id stuff is probably useless (see #1279), the right
way to update the protocol classification is via `ndpi_set_detected_protocol()`
Diffstat (limited to 'src')
33 files changed, 73 insertions, 53 deletions
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 190bdc45a..753c2da8c 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -87,10 +87,6 @@ extern "C" { extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter); - extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - u_int16_t upper_detected_protocol, - u_int16_t lower_detected_protocol); extern void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, ndpi_protocol_category_t protocol_category); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b0e8d6905..974df4a95 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -121,6 +121,8 @@ static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_str, ndpi_p static int removeDefaultPort(ndpi_port_range *range, ndpi_proto_defaults_t *def, ndpi_default_ports_tree_node_t **root); static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet); +static void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, + u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); /* ****************************************** */ @@ -4959,7 +4961,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st } *protocol_was_guessed = 1; - ndpi_int_change_protocol(ndpi_str, flow, guessed_host_protocol_id, guessed_protocol_id); + ndpi_set_detected_protocol(ndpi_str, flow, guessed_host_protocol_id, guessed_protocol_id); } } @@ -6191,8 +6193,8 @@ void ndpi_int_change_flow_protocol(struct ndpi_detection_module_struct *ndpi_str * what it does is: * 1.update the flow protocol stack with the new protocol */ -void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, - u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol) { +static void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, + u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol) { if((upper_detected_protocol == NDPI_PROTOCOL_UNKNOWN) && (lower_detected_protocol != NDPI_PROTOCOL_UNKNOWN)) upper_detected_protocol = lower_detected_protocol; diff --git a/src/lib/protocols/avast_securedns.c b/src/lib/protocols/avast_securedns.c index 95bc848b5..95504e5b0 100644 --- a/src/lib/protocols/avast_securedns.c +++ b/src/lib/protocols/avast_securedns.c @@ -60,7 +60,7 @@ void init_avast_securedns_dissector(struct ndpi_detection_module_struct *ndpi_st ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_AVAST_SECUREDNS, ndpi_search_avast_securedns, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c index 441623974..2eb6833d3 100644 --- a/src/lib/protocols/ayiya.c +++ b/src/lib/protocols/ayiya.c @@ -77,7 +77,7 @@ void init_ayiya_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in ndpi_set_bitmask_protocol_detection("Ayiya", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_AYIYA, ndpi_search_ayiya, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index 4f34ba8e3..6f5fd3884 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -122,7 +122,7 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc if(check_hash) ndpi_search_bittorrent_hash(ndpi_struct, flow, bt_offset); - ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_UNKNOWN); if(flow->protos.bittorrent.hash[0] == '\0') { /* This is necessary to inform the core to call this dissector again */ diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c index e7e503989..32ad2e61c 100644 --- a/src/lib/protocols/bjnp.c +++ b/src/lib/protocols/bjnp.c @@ -50,7 +50,7 @@ void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("BJNP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_BJNP, ndpi_search_bjnp, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/capwap.c b/src/lib/protocols/capwap.c index 73ec2b887..5d1831847 100644 --- a/src/lib/protocols/capwap.c +++ b/src/lib/protocols/capwap.c @@ -34,6 +34,30 @@ static void ndpi_int_capwap_add_connection(struct ndpi_detection_module_struct * ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CAPWAP, NDPI_PROTOCOL_UNKNOWN); } +static int is_capwap_multicast(const struct ndpi_packet_struct *packet) +{ + /* RFC 5115 Sec 3.3 + "The WTP MUST send the Discovery Request + message to either the limited broadcast IP address (255.255.255.255), + the well-known CAPWAP multicast address (224.0.1.140), or to the + unicast IP address of the AC. For IPv6 networks, since broadcast + does not exist, the use of "All ACs multicast address" (FF0X:0:0:0:0: + 0:0:18C) is used instead. + */ + if(packet->iph) { + if((packet->iph->daddr == 0xFFFFFFFF) || + (ntohl(packet->iph->daddr) == 0XE000018C)) + return 1; + } else if(packet->iphv6) { + if(((ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] & 0xFFF0FFFF) == 0xFF000000)) && + (packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] == 0) && + (packet->iphv6->ip6_dst.u6_addr.u6_addr32[2] == 0) && + (ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[3] == 0x0000018C))) + return 1; + } + return 0; +} + /* ************************************************** */ static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_struct, @@ -41,15 +65,10 @@ static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_s struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int16_t sport, dport; - if(!packet->iph) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - return; - } - sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); if((dport == NDPI_CAPWAP_CONTROL_PORT) - && (packet->iph->daddr == 0xFFFFFFFF) + && (is_capwap_multicast(packet)) && (packet->payload_packet_len >= 16) && (packet->payload[0] == 0x0) && (packet->payload[8] == 6 /* Mac len */) @@ -75,7 +94,7 @@ static void ndpi_search_setup_capwap(struct ndpi_detection_module_struct *ndpi_s } if( - (((dport == NDPI_CAPWAP_DATA_PORT) && (packet->iph->daddr != 0xFFFFFFFF)) || (sport == NDPI_CAPWAP_DATA_PORT)) + (((dport == NDPI_CAPWAP_DATA_PORT) && (!is_capwap_multicast(packet))) || (sport == NDPI_CAPWAP_DATA_PORT)) && (packet->payload_packet_len >= 16) && (packet->payload[0] == 0x0) ) { @@ -117,7 +136,7 @@ void init_capwap_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("CAPWAP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_CAPWAP, ndpi_search_capwap, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/cpha.c b/src/lib/protocols/cpha.c index 099285312..0b96dec1a 100644 --- a/src/lib/protocols/cpha.c +++ b/src/lib/protocols/cpha.c @@ -56,7 +56,7 @@ void init_cpha_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("CPHA", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_CPHA, ndpi_search_cpha, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, /* TODO: ipv6 support? */ SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c index 9a3606510..47b32658c 100644 --- a/src/lib/protocols/csgo.c +++ b/src/lib/protocols/csgo.c @@ -134,7 +134,7 @@ void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("CSGO", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_CSGO, ndpi_search_csgo, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index fef0c8282..c6ad87b5f 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -166,7 +166,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { src->directconnect_last_safe_access_time = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(src->detected_directconnect_port)); - ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; } else { src->detected_directconnect_port = 0; @@ -180,7 +180,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { src->directconnect_last_safe_access_time = packet->current_time_ms; NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(src->detected_directconnect_ssl_port)); - ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; } else { src->detected_directconnect_ssl_port = 0; diff --git a/src/lib/protocols/drda.c b/src/lib/protocols/drda.c index 06d9a9855..a84fa047e 100644 --- a/src/lib/protocols/drda.c +++ b/src/lib/protocols/drda.c @@ -95,7 +95,7 @@ void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("DRDA", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_DRDA, ndpi_search_drda, - NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index d515bbd2b..5e737a1f4 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -86,7 +86,7 @@ void init_dropbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ndpi_set_bitmask_protocol_detection("DROPBOX", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_DROPBOX, ndpi_search_dropbox, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/genshin_impact.c b/src/lib/protocols/genshin_impact.c index 7ed0e7fa3..c332dd213 100644 --- a/src/lib/protocols/genshin_impact.c +++ b/src/lib/protocols/genshin_impact.c @@ -65,7 +65,7 @@ void init_genshin_impact_dissector(struct ndpi_detection_module_struct *ndpi_str ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_GENSHIN_IMPACT, ndpi_search_genshin_impact, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/git.c b/src/lib/protocols/git.c index 2d194be81..7cbbca99d 100644 --- a/src/lib/protocols/git.c +++ b/src/lib/protocols/git.c @@ -79,7 +79,7 @@ void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 ndpi_set_bitmask_protocol_detection("Git", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_GIT, ndpi_search_git, - NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/hpvirtgrp.c b/src/lib/protocols/hpvirtgrp.c index 8ba9d9b8d..2ee9773d6 100644 --- a/src/lib/protocols/hpvirtgrp.c +++ b/src/lib/protocols/hpvirtgrp.c @@ -63,7 +63,7 @@ void init_hpvirtgrp_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_HPVIRTGRP, ndpi_search_hpvirtgrp, - NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index df9f0ef60..4817ac495 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -78,7 +78,7 @@ void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("LISP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_LISP, ndpi_search_lisp, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/megaco.c b/src/lib/protocols/megaco.c index b729bfed1..a2e42b487 100644 --- a/src/lib/protocols/megaco.c +++ b/src/lib/protocols/megaco.c @@ -54,7 +54,7 @@ void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ndpi_set_bitmask_protocol_detection("Megaco", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_MEGACO, ndpi_search_megaco, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/mpegts.c b/src/lib/protocols/mpegts.c index a0feed111..f86cbd0b9 100644 --- a/src/lib/protocols/mpegts.c +++ b/src/lib/protocols/mpegts.c @@ -56,7 +56,7 @@ void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ndpi_set_bitmask_protocol_detection("MPEG_TS", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_MPEGTS, ndpi_search_mpegts, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c index 0cb9cd163..18301e732 100644 --- a/src/lib/protocols/netflow.c +++ b/src/lib/protocols/netflow.c @@ -186,7 +186,7 @@ void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ndpi_set_bitmask_protocol_detection("NetFlow", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_NETFLOW, ndpi_search_netflow, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/nintendo.c b/src/lib/protocols/nintendo.c index 963087909..a859b47df 100644 --- a/src/lib/protocols/nintendo.c +++ b/src/lib/protocols/nintendo.c @@ -59,7 +59,7 @@ void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("Nintendo", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_NINTENDO, ndpi_search_nintendo, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 7d218efe9..f1a596550 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1342,7 +1342,7 @@ static void process_tls(struct ndpi_detection_module_struct *ndpi_struct, if(flow->protos.tls_quic.alpn && strncmp(flow->protos.tls_quic.alpn, "doq", 3) == 0) { NDPI_LOG_DBG(ndpi_struct, "Found DOQ (ALPN: [%s])\n", flow->protos.tls_quic.alpn); - ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_QUIC); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_QUIC); } } static void process_chlo(struct ndpi_detection_module_struct *ndpi_struct, @@ -1594,7 +1594,7 @@ static int ndpi_search_quic_extra(struct ndpi_detection_module_struct *ndpi_stru packet->payload[1] == 200 || /* RTCP, Sender Report */ is_valid_rtp_payload_type(packet->payload[1] & 0x7F)) /* RTP */) { NDPI_LOG_DBG(ndpi_struct, "Found RTP/RTCP over QUIC\n"); - ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNAPCHAT_CALL, NDPI_PROTOCOL_QUIC); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNAPCHAT_CALL, NDPI_PROTOCOL_QUIC); } else { /* Unexpected traffic pattern: we should investigate it... */ NDPI_LOG_INFO(ndpi_struct, "To investigate...\n"); diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c index ffc7ffc13..97806c68e 100644 --- a/src/lib/protocols/radius.c +++ b/src/lib/protocols/radius.c @@ -74,7 +74,7 @@ void init_radius_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ndpi_set_bitmask_protocol_detection("Radius", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_RADIUS, ndpi_search_radius, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 2d5ad5981..3ea6e670c 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -403,7 +403,7 @@ void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("RTP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_RTP, ndpi_search_rtp, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index a20594c05..4871a524b 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -221,7 +221,7 @@ void init_rx_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("RX", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_RX, ndpi_search_rx, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/sflow.c b/src/lib/protocols/sflow.c index 01ab1e226..0c94fd450 100644 --- a/src/lib/protocols/sflow.c +++ b/src/lib/protocols/sflow.c @@ -50,7 +50,7 @@ void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in ndpi_set_bitmask_protocol_detection("sFlow", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_SFLOW, ndpi_search_sflow, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 1ffa8afef..eb1bc4292 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -221,7 +221,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * printf("[STUN] Here we go\n");; #endif - if(ndpi_struct->stun_cache) { + if(ndpi_struct->stun_cache && packet->iph) { /* TODO: ipv6 */ u_int16_t proto; u_int32_t key = get_stun_lru_key(packet, 0); int rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto, @@ -471,10 +471,12 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * printf("==>> NDPI_PROTOCOL_WHATSAPP_CALL\n"); #endif - if(is_messenger_ip_address(ntohl(packet->iph->saddr)) || is_messenger_ip_address(ntohl(packet->iph->daddr))) - flow->guessed_host_protocol_id = NDPI_PROTOCOL_MESSENGER; - else if(is_google_ip_address(ntohl(packet->iph->saddr)) || is_google_ip_address(ntohl(packet->iph->daddr))) - flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; + if(packet->iph) { /* TODO: ipv6 */ + if(is_messenger_ip_address(ntohl(packet->iph->saddr)) || is_messenger_ip_address(ntohl(packet->iph->daddr))) + flow->guessed_host_protocol_id = NDPI_PROTOCOL_MESSENGER; + else if(is_google_ip_address(ntohl(packet->iph->saddr)) || is_google_ip_address(ntohl(packet->iph->daddr))) + flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; + } rc = (flow->stun.num_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN; @@ -543,7 +545,7 @@ void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("STUN", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_STUN, ndpi_search_stun, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c index 3a81b1b4b..830921603 100644 --- a/src/lib/protocols/teredo.c +++ b/src/lib/protocols/teredo.c @@ -36,7 +36,7 @@ void ndpi_search_teredo(struct ndpi_detection_module_struct *ndpi_struct, struct && ((ntohs(packet->udp->source) == 3544) || (ntohs(packet->udp->dest) == 3544)) && (packet->payload_packet_len >= 40 /* IPv6 header */)) { NDPI_LOG_INFO(ndpi_struct,"found teredo\n"); - ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEREDO, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEREDO, NDPI_PROTOCOL_UNKNOWN); } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -48,6 +48,7 @@ void init_teredo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ndpi_set_bitmask_protocol_detection("TEREDO", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_TEREDO, ndpi_search_teredo, + /* Teredo is inherently IPV4 only */ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index 0f3aaa9bd..0a1674cb7 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -87,7 +87,7 @@ void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ndpi_set_bitmask_protocol_detection("UBNTAC2", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_UBNTAC2, ndpi_search_ubntac2, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/vhua.c b/src/lib/protocols/vhua.c index 36e9f3a37..0c5471798 100644 --- a/src/lib/protocols/vhua.c +++ b/src/lib/protocols/vhua.c @@ -69,7 +69,7 @@ void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("VHUA", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_VHUA, ndpi_search_vhua, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c index 4a09a07f6..929a8589f 100644 --- a/src/lib/protocols/viber.c +++ b/src/lib/protocols/viber.c @@ -55,7 +55,7 @@ void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in ndpi_set_bitmask_protocol_detection("VIBER", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_VIBER, ndpi_search_viber, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/vmware.c b/src/lib/protocols/vmware.c index 4c161867e..c9bfef6ea 100644 --- a/src/lib/protocols/vmware.c +++ b/src/lib/protocols/vmware.c @@ -48,7 +48,7 @@ void init_vmware_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ndpi_set_bitmask_protocol_detection("VMWARE", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_VMWARE, ndpi_search_vmware, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/wsd.c b/src/lib/protocols/wsd.c index f428eaa35..48d35a9dd 100644 --- a/src/lib/protocols/wsd.c +++ b/src/lib/protocols/wsd.c @@ -44,8 +44,8 @@ void ndpi_search_wsd(struct ndpi_detection_module_struct *ndpi_struct, && (packet->payload_packet_len >= 40) && (strncmp((char*)packet->payload, "<?xml", 5) == 0) ) { - NDPI_LOG_INFO(ndpi_struct,"found teredo\n"); - ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WSD, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct,"found wsd\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WSD, NDPI_PROTOCOL_UNKNOWN); } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/z3950.c b/src/lib/protocols/z3950.c index fe168ea9b..71fda55b3 100644 --- a/src/lib/protocols/z3950.c +++ b/src/lib/protocols/z3950.c @@ -128,7 +128,7 @@ void init_z3950_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_Z3950, ndpi_search_z3950, - NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); |