diff options
| -rw-r--r-- | configure.ac | 116 | ||||
| -rw-r--r-- | src/include/ndpi_define.h | 297 | ||||
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 3 | ||||
| -rw-r--r-- | src/include/ndpi_protocols.h | 2 | ||||
| -rw-r--r-- | src/lib/Makefile.am | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/lisp.c | 68 |
7 files changed, 494 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac new file mode 100644 index 000000000..5e54d7813 --- /dev/null +++ b/configure.ac @@ -0,0 +1,116 @@ +AC_INIT([libndpi], [2.1.0]) + +AC_CONFIG_MACRO_DIR([m4]) + +AM_INIT_AUTOMAKE([foreign subdir-objects]) + +LT_INIT + +AC_PROG_CC +AM_PROG_CC_C_O +AX_PTHREAD + +NDPI_MAJOR="2" +NDPI_MINOR="1" +NDPI_PATCH="0" + +AC_DEFINE_UNQUOTED(NDPI_MAJOR_RELEASE, "${NDPI_MAJOR}", [nDPI major release]) +AC_DEFINE_UNQUOTED(NDPI_MINOR_RELEASE, "${NDPI_MINOR}", [nDPI minor release]) +AC_DEFINE_UNQUOTED(NDPI_PATCH_LEVEL, "${NDPI_PATCH}", [nDPI patch level]) + +if test -d ".git"; then : + GIT_TAG=`git log -1 --format=%h` + GIT_DATE=`git log -1 --format=%cd` + # + # On CentOS 6 `git rev-list HEAD --count` does not work + # + # + GIT_NUM=`git log --pretty=oneline | wc -l | tr -d '[[:space:]]'` + GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}" +else + GIT_RELEASE="${PACKAGE_VERSION}" + GIT_DATE=`date` +fi + +AC_DEFINE_UNQUOTED(NDPI_GIT_RELEASE, "${GIT_RELEASE}", [GIT Release]) +AC_DEFINE_UNQUOTED(NDPI_GIT_DATE, "${GIT_DATE}", [Last GIT change]) + +AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) + +PCAP_HOME=$HOME/PF_RING/userland + +if test -d $PCAP_HOME; then : + echo -n "" +else + PCAP_HOME=`pwd`/../../PF_RING/userland +fi +SHORT_MACHINE=`uname -m | cut -b1-3` +if test $SHORT_MACHINE = "arm"; then + LIBNUMA="" +else + AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) +fi + +if test -f $PCAP_HOME/libpcap/libpcap.a; then : + echo "Using libpcap from $PCAP_HOME" + PCAP_INC="-I $PCAP_HOME/libpcap" + PCAP_LIB="$PCAP_HOME/libpcap/libpcap.a $PCAP_HOME/lib/libpfring.a $LIBNUMA `$PCAP_HOME/lib/pfring_config --libs`" + + AC_CHECK_LIB([rt], [clock_gettime], [PCAP_LIB="$PCAP_LIB -lrt"]) + AC_CHECK_LIB([nl], [nl_handle_alloc], [PCAP_LIB="$PCAP_LIB -lnl"]) + # The dlopen() function is in libdl on GLIBC-based systems + # and in the C library for *BSD systems + AC_CHECK_LIB([dl], [dlopen, dlsym], [DL_LIB="-ldl"], + [AC_CHECK_LIB([c], [dlopen, dlsym], [DL_LIB="-lc"], + [AC_MSG_ERROR([unable to find the dlopen(), dlsym() functions]) ]) ]) +else + AC_CHECK_LIB([pcap], [pcap_open_live], [PCAP_LIB="-lpcap"]) + + if test $ac_cv_lib_pcap_pcap_open_live = "no"; then : + echo "" + echo "ERROR: Missing libpcap(-dev) library required to compile the example application" + echo "ERROR: Please install it and try again" + exit + fi +fi + +dnl> https://github.com/json-c/json-c +AC_ARG_ENABLE([json-c], + AS_HELP_STRING([--disable-json-c], [Disable json-c support])) + +AS_IF([test "x$enable_json_c" != "xno"], [ + PKG_CONFIG_PATH=/usr/local/share/pkgconfig:$PKG_CONFIG_PATH + pkg-config --exists json-c + AS_IF([test "$?" == "0"], + [ + CFLAGS="$CFLAGS $(pkg-config --cflags json-c)" + LDFLAGS="$LDFLAGS $(pkg-config --libs json-c)" + AC_CHECK_LIB(json-c, json_object_new_object, AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present])) + ], + [ + JSONC_HOME="$HOME/json-c" + if test -d "$JSONC_HOME"; then : + CFLAGS="$CFLAGS -I $JSONC_HOME" + LDFLAGS="$LDFLAGS $JSONC_HOME/.libs/libjson-c.a" + AC_MSG_RESULT([Found json-c in $JSONC_HOME]) + AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present]) + fi + ]) + ]) + +AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) + +AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) +AC_CONFIG_HEADERS(config.h) +AC_SUBST(GIT_RELEASE) +AC_SUBST(NDPI_MAJOR) +AC_SUBST(NDPI_MINOR) +AC_SUBST(NDPI_PATCH) +AC_SUBST(SVN_DATE) +AC_SUBST(JSON_C_LIB) +AC_SUBST(PCAP_INC) +AC_SUBST(PCAP_LIB) +AC_SUBST(DL_LIB) +AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) + +AC_OUTPUT diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h new file mode 100644 index 000000000..84155d027 --- /dev/null +++ b/src/include/ndpi_define.h @@ -0,0 +1,297 @@ +/* + * + * Copyright (C) 2011-17 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + +#ifndef __NDPI_DEFINE_INCLUDE_FILE__ +#define __NDPI_DEFINE_INCLUDE_FILE__ + +/* + gcc -E -dM - < /dev/null |grep ENDIAN +*/ + +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) +#include <machine/endian.h> +#endif + +#ifdef __OpenBSD__ +#include <endian.h> +#define __BYTE_ORDER BYTE_ORDER +#if BYTE_ORDER == LITTLE_ENDIAN +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif/* BYTE_ORDER */ +#endif/* __OPENBSD__ */ + + +#if __BYTE_ORDER == __LITTLE_ENDIAN +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#endif +#else +#ifndef __BIG_ENDIAN__ +#define __BIG_ENDIAN__ +#endif +#endif + +#ifdef WIN32 +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ 1 +#endif +#endif + +#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) +#if defined(__mips__) +#undef __LITTLE_ENDIAN__ +#undef __LITTLE_ENDIAN +#define __BIG_ENDIAN__ +#endif + +/* Everything else */ +#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) +#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif +#endif + +#endif + +#define NDPI_USE_ASYMMETRIC_DETECTION 0 +#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t + +#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3) +#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4) +#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5) +#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6) +#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7) +#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8) +/* now combined detections */ + +/* v4 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + +/* v6 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + +/* v4 or v6 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +/* safe src/dst protocol check macros... */ + +#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0) + +#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0) + +#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol)) + +/** + * convenience macro to check for excluded protocol + * a protocol is excluded if the flow is known and either the protocol is not detected at all + * or the excluded bitmask contains the protocol + */ +#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \ + ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \ + NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) ) + +/* misc definitions */ +#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 + + +/* TODO: rebuild all memory areas to have a more aligned memory block here */ + +/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */ +#define NDPI_MAX_PARSE_LINES_PER_PACKET 64 + +#define MAX_PACKET_COUNTER 65000 +#define MAX_DEFAULT_PORTS 5 + +#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 +#define NDPI_IRC_CONNECTION_TIMEOUT 120 +#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 +#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 +#define NDPI_THUNDER_CONNECTION_TIMEOUT 30 +#define NDPI_RTSP_CONNECTION_TIMEOUT 5 +#define NDPI_TVANTS_CONNECTION_TIMEOUT 5 +#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 +#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 +#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 +#define NDPI_ZATTOO_FLASH_TIMEOUT 5 +#define NDPI_JABBER_STUN_TIMEOUT 30 +#define NDPI_JABBER_FT_TIMEOUT 5 +#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 + +#ifdef NDPI_ENABLE_DEBUG_MESSAGES +#define NDPI_LOG(proto, m, log_level, args...) \ + { \ + struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ + if(mod != NULL) { \ + mod->ndpi_debug_print_file=__FILE__; \ + mod->ndpi_debug_print_function=__FUNCTION__; \ + mod->ndpi_debug_print_line=__LINE__; \ + (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ + } \ + } +#else /* NDPI_ENABLE_DEBUG_MESSAGES */ +#ifdef WIN32 +#define NDPI_LOG(...) {} +#else +#define NDPI_LOG(proto, mod, log_level, args...) {} +#endif +#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ + +/** + * macro for getting the string len of a static string + * + * use it instead of strlen to avoid runtime calculations + */ +#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) + +/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ +#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ + ((((u_int64_t *)(x))[0]) < (((u_int64_t *)(y))[0]) || ( (((u_int64_t *)(x))[0]) == (((u_int64_t *)(y))[0]) && (((u_int64_t *)(x))[1]) < (((u_int64_t *)(y))[1])) ) + +#define NDPI_NUM_BITS 256 + +#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */ +#define howmanybits(x, y) (((x)+((y)-1))/(y)) + + +#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) +#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) + +#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS) + +#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t + +#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b) +#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b) +#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a) +#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a) +#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); } + +/* this is a very very tricky macro *g*, + * the compiler will remove all shifts here if the protocol is static... + */ +#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask,value) +#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask,value) +#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask,value) + +#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); } + + +#define ndpi_min(a,b) ((a < b) ? a : b) +#define ndpi_max(a,b) ((a > b) ? a : b) + +#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \ + if (packet->packet_lines_parsed_complete != 1) { \ + ndpi_parse_packet_line_info(ndpi_struct,flow); \ + } \ + +#define NDPI_IPSEC_PROTOCOL_ESP 50 +#define NDPI_IPSEC_PROTOCOL_AH 51 +#define NDPI_GRE_PROTOCOL_TYPE 0x2F +#define NDPI_ICMP_PROTOCOL_TYPE 0x01 +#define NDPI_IGMP_PROTOCOL_TYPE 0x02 +#define NDPI_EGP_PROTOCOL_TYPE 0x08 +#define NDPI_OSPF_PROTOCOL_TYPE 0x59 +#define NDPI_SCTP_PROTOCOL_TYPE 132 +#define NDPI_IPIP_PROTOCOL_TYPE 0x04 +#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a + +/* the get_uXX will return raw network packet bytes !! */ +#define get_u_int8_t(X,O) (*(u_int8_t *)(((u_int8_t *)X) + O)) +#define get_u_int16_t(X,O) (*(u_int16_t *)(((u_int8_t *)X) + O)) +#define get_u_int32_t(X,O) (*(u_int32_t *)(((u_int8_t *)X) + O)) +#define get_u_int64_t(X,O) (*(u_int64_t *)(((u_int8_t *)X) + O)) + +/* new definitions to get little endian from network bytes */ +#define get_ul8(X,O) get_u_int8_t(X,O) + + +#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) +#define get_l16(X,O) get_u_int16_t(X,O) +#define get_l32(X,O) get_u_int32_t(X,O) +#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN) +/* convert the bytes from big to little endian */ +# define get_l16(X,O) bswap_16(get_u_int16_t(X,O)) +# define get_l32(X,O) bswap_32(get_u_int32_t(X,O)) +#else +#error "__BYTE_ORDER MUST BE DEFINED !" +#endif /* __BYTE_ORDER */ + +/* define memory callback function */ +#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0) + +#if defined(WIN32) && !defined(snprintf) +#define snprintf _snprintf +#endif + +#define NDPI_MAX_DNS_REQUESTS 16 + +#define NDPI_MAJOR 2 +#define NDPI_MINOR 1 +#define NDPI_PATCH 0 + +#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 1ba8d3b89..bd0c8e999 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -273,9 +273,10 @@ #define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo <pa@pauloangelo.com> */ #define NDPI_PROTOCOL_SOUNDCLOUD 234 #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ +#define NDPI_PROTOCOL_LISP 236 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_CSGO +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LISP #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index adfd19b17..ef248027a 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -53,6 +53,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st /* Applications and other protocols. */ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -209,6 +210,7 @@ void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_teredo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 740e3ee48..c2b4e4b13 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -71,6 +71,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/kontiki.c \ protocols/ldap.c \ protocols/lotus_notes.c \ + protocols/lisp.c \ protocols/mail_imap.c \ protocols/mail_pop.c \ protocols/mail_smtp.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ffb4ed909..f0b0407bb 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1390,6 +1390,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LISP, + no_master, + no_master, "LISP", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 4342, 4341, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ, no_master, no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK, @@ -2735,6 +2740,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* CSGO */ init_csgo_dissector(ndpi_struct, &a, detection_bitmask); + /* LISP */ + init_my_lisp_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ ndpi_struct->callback_buffer_size = a; diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c new file mode 100644 index 000000000..37077029c --- /dev/null +++ b/src/lib/protocols/lisp.c @@ -0,0 +1,68 @@ +#include "ndpi_api.h" +#ifdef NDPI_PROTOCOL_LISP + +#define LISP_PORT 4341 +#define LISP_PORT1 4342 + +static void ndpi_int_lisp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int8_t due_to_correlation) +{ + + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LISP, NDPI_PROTOCOL_UNKNOWN); +} + +static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + + struct ndpi_packet_struct *packet = &flow->packet; + u_int32_t payload_len = packet->payload_packet_len; + + if(packet->udp != NULL) { + + u_int16_t lisp_port = htons(LISP_PORT); + u_int16_t lisp_port1 = htons(LISP_PORT1); + + if(((packet->udp->source == lisp_port) + && (packet->udp->dest == lisp_port)) || + ((packet->udp->source == lisp_port1) + && (packet->udp->dest == lisp_port1)) ) { + + NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "Found lisp.\n"); + ndpi_int_lisp_add_connection(ndpi_struct, flow, 0); + return; + + } + } + + NDPI_LOG(NDPI_PROTOCOL_lisp, ndpi_struct, NDPI_LOG_DEBUG, "exclude lisp.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LISP); +} + +void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "lisp detection...\n"); + + /* skip marked packets */ + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_LISP) { + + ndpi_check_lisp(ndpi_struct, flow); + + } +} + + +void init_my_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("LISP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_LISP, + ndpi_search_lisp, + NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} + +#endif |