diff options
| -rw-r--r-- | src/lib/protocols/ftp_control.c | 73 | ||||
| -rw-r--r-- | src/lib/protocols/ftp_data.c | 12 |
2 files changed, 44 insertions, 41 deletions
diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index 9bc2bf904..7576f7567 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -1,7 +1,7 @@ /* * ftp_control.c * - * Copyright (C) 2014 Tomasz Bujlow <tomasz@skatnet.dk> + * Copyright (C) 2016 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -937,49 +937,52 @@ static int ndpi_ftp_control_check_response(const u_int8_t *payload, size_t paylo static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int32_t payload_len = packet->payload_packet_len; + + /* Check connection over TCP */ + if(packet->tcp) { - /* Exclude SMTP, which uses similar commands. */ - if (packet->tcp->dest == htons(25) || packet->tcp->source == htons(25)) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Exclude FTP_CONTROL.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_CONTROL); - return; - } + /* Exclude SMTP, which uses similar commands. */ + if (packet->tcp->dest == htons(25) || packet->tcp->source == htons(25)) { + NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Exclude FTP_CONTROL.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_CONTROL); + return; + } - /* Break after 20 packets. */ - if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Exclude FTP_CONTROL.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_CONTROL); - return; - } + /* Break after 20 packets. */ + if (flow->packet_counter > 20) { + NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Exclude FTP_CONTROL.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_CONTROL); + return; + } - /* Check if we so far detected the protocol in the request or not. */ - if (flow->ftp_control_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "FTP_CONTROL stage 0: \n"); + /* Check if we so far detected the protocol in the request or not. */ + if (flow->ftp_control_stage == 0) { + NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "FTP_CONTROL stage 0: \n"); - if ((payload_len > 0) && ndpi_ftp_control_check_request(packet->payload, payload_len)) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Possible FTP_CONTROL request detected, we will look further for the response...\n"); + if ((payload_len > 0) && ndpi_ftp_control_check_request(packet->payload, payload_len)) { + NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Possible FTP_CONTROL request detected, we will look further for the response...\n"); - /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ - flow->ftp_control_stage = packet->packet_direction + 1; - } + /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ + flow->ftp_control_stage = packet->packet_direction + 1; + } - } else { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "FTP_CONTROL stage %u: \n", flow->ftp_control_stage); + } else { + NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "FTP_CONTROL stage %u: \n", flow->ftp_control_stage); - /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ - if ((flow->ftp_control_stage - packet->packet_direction) == 1) { - return; - } + /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ + if ((flow->ftp_control_stage - packet->packet_direction) == 1) { + return; + } - /* This is a packet in another direction. Check if we find the proper response. */ - if ((payload_len > 0) && ndpi_ftp_control_check_response(packet->payload, payload_len)) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Found FTP_CONTROL.\n"); - ndpi_int_ftp_control_add_connection(ndpi_struct, flow); - } else { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to FTP_CONTROL, resetting the stage to 0...\n"); - flow->ftp_control_stage = 0; + /* This is a packet in another direction. Check if we find the proper response. */ + if ((payload_len > 0) && ndpi_ftp_control_check_response(packet->payload, payload_len)) { + NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Found FTP_CONTROL.\n"); + ndpi_int_ftp_control_add_connection(ndpi_struct, flow); + } else { + NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to FTP_CONTROL, resetting the stage to 0...\n"); + flow->ftp_control_stage = 0; + } } - } } diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c index 7daf9190d..47b45ec4c 100644 --- a/src/lib/protocols/ftp_data.c +++ b/src/lib/protocols/ftp_data.c @@ -1,8 +1,7 @@ /* * ftp_data.c * - * Copyright (C) 2014 Tomasz Bujlow <tomasz@skatnet.dk> - * Copyright (C) 2014 - ntop.org + * Copyright (C) 2016 - ntop.org * * The signature is based on the Libprotoident library. * @@ -34,12 +33,13 @@ static void ndpi_int_ftp_data_add_connection(struct ndpi_detection_module_struct static int ndpi_match_ftp_data_port(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - if(packet->tcp->dest == htons(20) || packet->tcp->source == htons(20)) { - return 1; + /* Check connection over TCP */ + if(packet->tcp) { + if(packet->tcp->dest == htons(20) || packet->tcp->source == htons(20)) { + return 1; + } } - return 0; - } static int ndpi_match_ftp_data_directory(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { |