Improvements for exporting info in MDNS and UBNTAC2 protocols

Added test pcap file for UBNTAC2

3 files changed, 54 insertions, 10 deletions

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 801f1e768..68e332c23 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -960,6 +960,14 @@ struct ndpi_flow_struct {
     struct {
       char client_signature[48], server_signature[48];
     } ssh;
+
+    struct {
+      char answer[96];
+    } mdns;
+
+    struct {
+      char version[96];
+    } ubntac2;
   } protos;
 
   /*** ALL protocol specific 64 bit variables here ***/
diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c
index b3184c26f..0692b3252 100644
--- a/src/lib/protocols/mdns.c
+++ b/src/lib/protocols/mdns.c
@@ -63,13 +63,26 @@ static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct
      ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS) {
     
     NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n");
-    return 1;
-    
+    return 1;    
   }
   else if((packet->payload[2] & 0x80) != 0 &&
 	  ntohs(get_u_int16_t(packet->payload, 4)) == 0 &&
 	  ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS &&
 	  ntohs(get_u_int16_t(packet->payload, 6)) != 0) {
+    char answer[256];
+    int i, j, len;
+
+    for(i=13, j=0; (packet->payload[i] != 0) && (i < packet->payload_packet_len) && (i < (sizeof(answer)-1)); i++)
+      answer[j++] = (packet->payload[i] < 13) ? '.' : packet->payload[i];
+	
+    answer[j] = '\0';
+
+    /* printf("==> [%d] %s\n", j, answer); */
+
+    len = ndpi_min(sizeof(flow->protos.mdns.answer)-1, j);
+    strncpy(flow->protos.mdns.answer, (const char *)answer, len);
+    flow->protos.mdns.answer[len] = '\0';
+
     NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with answer query.\n");
     return 1;
   }
@@ -87,14 +100,12 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n
   */
   
   /* check if UDP packet */
-  if(packet->udp != NULL) {
-    
+  if(packet->udp != NULL) {   
     /* read destination port */
     dport = ntohs(packet->udp->dest);
 
     /* check standard MDNS ON port 5353 */
     if(dport == 5353 && packet->payload_packet_len >= 12) {
-
       /* mdns protocol must have destination address 224.0.0.251 */
       if(packet->iph != NULL && ntohl(packet->iph->daddr) == 0xe00000fb) {
 
diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c
index b465e0a30..7196ee884 100644
--- a/src/lib/protocols/ubntac2.c
+++ b/src/lib/protocols/ubntac2.c
@@ -37,12 +37,37 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc
 
   if(packet->udp) {
     if(packet->payload_packet_len >= 135 &&
-       (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001)) &&
-       memcmp(&(packet->payload[36]), "UBNT", 4) == 0) {
+       (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001))) {
+      int found = 0;
       
-      NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n");
-      
-      ndpi_int_ubntac2_add_connection(ndpi_struct, flow);
+      if(memcmp(&(packet->payload[36]), "UBNT", 4) == 0) {
+	found = 36+5;
+      } else if(memcmp(&(packet->payload[49]), "ubnt", 4) == 0) {
+	found = 49+5;
+      }
+
+      if(found) {
+	char version[256];
+	int i, j, len;
+	
+	found += packet->payload[found+1] + 4; /* Skip model name */
+	found++; /* Skip len*/
+	
+	if(found < packet->payload_packet_len) {
+	  for(i=found, j=0; (packet->payload[i] != 0) && (i < packet->payload_packet_len) && (i < (sizeof(version)-1)); i++)
+	    version[j++] = packet->payload[i];
+	  
+	  version[j] = '\0';
+	  
+	  len = ndpi_min(sizeof(flow->protos.ubntac2.version)-1, j);
+	  strncpy(flow->protos.ubntac2.version, (const char *)version, len);
+	  flow->protos.ubntac2.version[len] = '\0';
+	}
+	
+	NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n");
+	
+	ndpi_int_ubntac2_add_connection(ndpi_struct, flow);
+      }
       return;
     }
   }