diff options
| -rw-r--r-- | src/lib/protocols/tencent_games.c | 34 | ||||
| -rw-r--r-- | tests/cfgs/default/pcap/tencent_games.pcap | bin | 1002 -> 2776 bytes | |||
| -rw-r--r-- | tests/cfgs/default/result/tencent_games.pcap.out | 16 |
3 files changed, 40 insertions, 10 deletions
diff --git a/src/lib/protocols/tencent_games.c b/src/lib/protocols/tencent_games.c index df40f5f8d..e10106d57 100644 --- a/src/lib/protocols/tencent_games.c +++ b/src/lib/protocols/tencent_games.c @@ -29,6 +29,14 @@ #include "ndpi_api.h" #include "ndpi_private.h" +static void ndpi_int_tencent_games_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + NDPI_LOG_INFO(ndpi_struct, "found Tencent Games\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TENCENTGAMES, + NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); +} + static void ndpi_search_tencent_games(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -40,9 +48,29 @@ static void ndpi_search_tencent_games(struct ndpi_detection_module_struct *ndpi_ if (ntohl(get_u_int32_t(packet->payload, 0)) == 0x3366000B && ntohs(get_u_int16_t(packet->payload, 4)) == 0xB) { - NDPI_LOG_INFO(ndpi_struct, "found Tencent Games\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TENCENTGAMES, - NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + ndpi_int_tencent_games_add_connection(ndpi_struct, flow); + return; + } + + if (ntohl(get_u_int32_t(packet->payload, 0)) == 0x4366AA00 && + ntohl(get_u_int32_t(packet->payload, 12)) == 0x10E68601) + { + ndpi_int_tencent_games_add_connection(ndpi_struct, flow); + return; + } + + if (ntohl(get_u_int32_t(packet->payload, 0)) == 0xAA000000 && + ntohl(get_u_int32_t(packet->payload, 10)) == 0x10E68601) + { + ndpi_int_tencent_games_add_connection(ndpi_struct, flow); + return; + } + + if (get_u_int16_t(packet->payload, 0) == 0 && + ntohs(get_u_int16_t(packet->payload, 2)) == (u_int16_t)(packet->payload_packet_len-4) && + ntohs(get_u_int16_t(packet->payload, 4)) == 0x7801) + { + ndpi_int_tencent_games_add_connection(ndpi_struct, flow); return; } } diff --git a/tests/cfgs/default/pcap/tencent_games.pcap b/tests/cfgs/default/pcap/tencent_games.pcap Binary files differindex 9db3bd1c0..1a14c48fd 100644 --- a/tests/cfgs/default/pcap/tencent_games.pcap +++ b/tests/cfgs/default/pcap/tencent_games.pcap diff --git a/tests/cfgs/default/result/tencent_games.pcap.out b/tests/cfgs/default/result/tencent_games.pcap.out index 3803ecfa7..67eeeb314 100644 --- a/tests/cfgs/default/result/tencent_games.pcap.out +++ b/tests/cfgs/default/result/tencent_games.pcap.out @@ -1,6 +1,6 @@ -DPI Packets (TCP): 4 (4.00 pkts/flow) -Confidence DPI : 1 (flows) -Num dissector calls: 144 (144.00 diss/flow) +DPI Packets (TCP): 12 (4.00 pkts/flow) +Confidence DPI : 3 (flows) +Num dissector calls: 432 (144.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -18,11 +18,13 @@ Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 1/1 (search/found) +Patricia protocols: 3/3 (search/found) Patricia protocols IPv6: 0/0 (search/found) -TencentGames 10 818 1 +TencentGames 22 2400 3 -Fun 10 818 1 +Fun 22 2400 3 - 1 TCP 10.215.173.1:43300 <-> 43.130.19.227:65010 [proto: 395/TencentGames][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][5 pkts/413 bytes <-> 5 pkts/405 bytes][Goodput ratio: 47/49][0.61 sec][bytes ratio: 0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 103/104 200/200 95/96][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 83/81 157/173 46/52][PLAIN TEXT (9089499565149320430)][Plen Bins: 0,0,50,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 10.215.173.1:42864 <-> 162.62.116.201:20731 [proto: 395/TencentGames][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][4 pkts/951 bytes <-> 2 pkts/88 bytes][Goodput ratio: 81/0][0.23 sec][bytes ratio: 0.831 (Upload)][IAT c2s/s2c min/avg/max/stddev: 32/124 75/124 124/124 38/0][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 238/44 473/48 191/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 10.215.173.1:43300 <-> 43.130.19.227:65010 [proto: 395/TencentGames][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][5 pkts/413 bytes <-> 5 pkts/405 bytes][Goodput ratio: 47/49][0.61 sec][bytes ratio: 0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 103/104 200/200 95/96][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 83/81 157/173 46/52][PLAIN TEXT (9089499565149320430)][Plen Bins: 0,0,50,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 10.215.173.1:46658 <-> 162.62.97.166:8085 [proto: 395/TencentGames][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][3 pkts/290 bytes <-> 3 pkts/253 bytes][Goodput ratio: 52/49][0.17 sec][bytes ratio: 0.068 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/8 51/40 95/71 44/32][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 97/84 190/165 66/57][PLAIN TEXT (gcloud)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |