diff options
| -rw-r--r-- | src/include/ndpi_main.h | 3 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 255 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 87 |
3 files changed, 275 insertions, 70 deletions
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index cb6d9b629..a9414bfef 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -34,6 +34,7 @@ #endif #include <ctype.h> #include <time.h> +#include <arpa/inet.h> #ifndef WIN32 @@ -50,8 +51,6 @@ #include <limits.h> #endif -#include "ndpi_win32.h" -#include "ndpi_unix.h" #include "ndpi_define.h" #include "ndpi_protocol_ids.h" #include "ndpi_typedefs.h" diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 63013230c..11d2fd0c9 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -22,82 +22,253 @@ * */ -#ifndef __NDPI_TYPEDEFS_FILE__ -#define __NDPI_TYPEDEFS_FILE__ +#ifndef __NDPI_TYPEDEFS_H__ +#define __NDPI_TYPEDEFS_H__ -typedef enum { +#include "ndpi_define.h" + +#define BT_ANNOUNCE +#define _WS2TCPIP_H_ /* Avoid compilation problems */ + + +/* NDPI_LOG_LEVEL */ +typedef enum +{ NDPI_LOG_ERROR, NDPI_LOG_TRACE, NDPI_LOG_DEBUG } ndpi_log_level_t; -typedef void (*ndpi_debug_function_ptr) (u_int32_t protocol, - void *module_struct, ndpi_log_level_t log_level, - const char *format, ...); -#define BT_ANNOUNCE - -typedef enum { +/* NDPI_VISIT */ +typedef enum +{ ndpi_preorder, ndpi_postorder, ndpi_endorder, ndpi_leaf } ndpi_VISIT; -typedef struct node_t { +/* NDPI_NODE */ +typedef struct node_t +{ char *key; struct node_t *left, *right; } ndpi_node; +/* NDPI_MASK_SIZE */ typedef u_int32_t ndpi_ndpi_mask; -typedef struct ndpi_protocol_bitmask_struct { - ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS]; +/* NDPI_PROTO_BITMASK_STRUCT */ +typedef struct ndpi_protocol_bitmask_struct +{ + ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS]; } ndpi_protocol_bitmask_struct_t; -#ifdef NDPI_DETECTION_SUPPORT_IPV6 -struct ndpi_ip6_addr { - union { - u_int8_t u6_addr8[16]; - u_int16_t u6_addr16[8]; - u_int32_t u6_addr32[4]; - u_int64_t u6_addr64[2]; - } ndpi_v6_u; - -#define ndpi_v6_addr ndpi_v6_u.u6_addr8 -#define ndpi_v6_addr16 ndpi_v6_u.u6_addr16 -#define ndpi_v6_addr32 ndpi_v6_u.u6_addr32 -#define ndpi_v6_addr64 ndpi_v6_u.u6_addr64 -}; +/* NDPI_DEBUG_FUNCTION_PTR (cast) */ +typedef void (*ndpi_debug_function_ptr) (u_int32_t protocol, void *module_struct, + ndpi_log_level_t log_level, const char *format, ...); -struct ndpi_ipv6hdr { - /* use userspace and kernelspace compatible compile parameters */ -#if defined(__LITTLE_ENDIAN__) - u_int8_t priority:4, version:4; + +/* ************************************************************ */ +/* ******************* NDPI NETWORKS HEADERS ****************** */ +/* ************************************************************ */ + +/* ++++++++++++++++++++++++ Cisco headers +++++++++++++++++++++ */ + +/* Cisco HDLC */ +struct ndpi_chdlc +{ + u_int8_t addr; /* 0x0F (Unicast) - 0x8F (Broadcast) */ + u_int8_t ctrl; /* always 0x00 */ + u_int16_t proto_code; /* protocol type (e.g. 0x0800 IP) */ +} __attribute__((packed)); + +/* SLARP - Serial Line ARP http://tinyurl.com/qa54e95 */ +struct ndpi_slarp +{ + /* address requests (0x00) + address replies (0x01) + keep-alive (0x02) + */ + u_int32_t slarp_type; + u_int32_t addr_1; + u_int32_t addr_2; +} __attribute__((packed)); + +/* Cisco Discovery Protocol http://tinyurl.com/qa6yw9l */ +struct ndpi_cdp +{ + u_int8_t version; + u_int8_t ttl; + u_int16_t checksum; + u_int16_t type; + u_int16_t length; +} __attribute__((packed)); + + + +/* ++++++++++++++++++ Ethernet II header ++++++++++++++++++++++ */ +struct ndpi_ethhdr_II +{ + u_char h_dest[6]; /* destination eth addr */ + u_char h_source[6]; /* source ether addr */ + u_int16_t type; /* packet type ID field */ +} __attribute__((packed)); + +/* +++++++++++++++ Ethernet header (IEEE 802.3) +++++++++++++++ */ +struct ndpi_ethhdr +{ + u_char h_dest[6]; /* destination eth addr */ + u_char h_source[6]; /* source ether addr */ + u_int16_t h_lt; /* data length (<= 1500) or type ID proto (>=1536) */ +} __attribute__((packed)); + +/* +++++++++++++++++++ LLC header (IEEE 802.2) ++++++++++++++++ */ +struct ndpi_snap_extension +{ + u_int16_t oui; + u_int8_t oui2; + u_int16_t proto_ID; +} __attribute__((packed)); + +struct ndpi_llc_header +{ + u_int8_t dsap; + u_int8_t ssap; + u_int8_t ctrl; + struct ndpi_snap_extension snap; +} __attribute__((packed)); + + +/* ++++++++++ RADIO TAP header (for IEEE 802.11) +++++++++++++ */ +struct ndpi_radiotap_header +{ + u_int8_t version; /* set to 0 */ + u_int8_t pad; + u_int16_t len; + u_int32_t present; + u_int64_t MAC_timestamp; + u_int8_t flags; + +} __attribute__((packed)); + +/* ++++++++++++ Wireless header (IEEE 802.11) ++++++++++++++++ */ +struct ndpi_wifi_header +{ + u_int16_t fc; + u_int16_t duration; + u_char rcvr[6]; + u_char trsm[6]; + u_char dest[6]; + u_int16_t seq_ctrl; + /* u_int64_t ccmp - for data encription only - check fc.flag */ +} __attribute__((packed)); + + + +/* +++++++++++++++++++++++ MPLS header +++++++++++++++++++++++ */ +struct ndpi_mpls_header +{ + u_int32_t label:20, exp:3, s:1, ttl:8; +} __attribute__((packed)); + + + +/* ++++++++++++++++++++++++ IP header ++++++++++++++++++++++++ */ +struct ndpi_iphdr { +#if defined(__LITTLE_ENDIAN__) + u_int8_t ihl:4, version:4; #elif defined(__BIG_ENDIAN__) - u_int8_t version:4, priority:4; + u_int8_t version:4, ihl:4; #else # error "Byte order must be defined" #endif + u_int8_t tos; + u_int16_t tot_len; + u_int16_t id; + u_int16_t frag_off; + u_int8_t ttl; + u_int8_t protocol; + u_int16_t check; + u_int32_t saddr; + u_int32_t daddr; +} __attribute__((packed)); + + +/* +++++++++++++++++++++++ IPv6 header +++++++++++++++++++++++ */ +/* rfc3542 */ + +struct ndpi_in6_addr +{ + union + { + u_int8_t u6_addr8[16]; + u_int16_t u6_addr16[8]; + u_int32_t u6_addr32[4]; + } u6_addr; /* 128-bit IP6 address */ +}; - u_int8_t flow_lbl[3]; +struct ndpi_ipv6hdr +{ + union + { + struct ndpi_ip6_hdrctl + { + u_int32_t ip6_un1_flow; + u_int16_t ip6_un1_plen; + u_int8_t ip6_un1_nxt; + u_int8_t ip6_un1_hlim; + } ip6_un1; + u_int8_t ip6_un2_vfc; + } ip6_ctlun; + struct ndpi_in6_addr ip6_src; + struct ndpi_in6_addr ip6_dst; +} __attribute__((packed)); + + + +/* +++++++++++++++++++++++ TCP header +++++++++++++++++++++++ */ +struct ndpi_tcphdr +{ + u_int16_t source; + u_int16_t dest; + u_int32_t seq; + u_int32_t ack_seq; +#if defined(__LITTLE_ENDIAN__) + u_int16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1; +#elif defined(__BIG_ENDIAN__) + u_int16_t doff:4, res1:4, cwr:1, ece:1, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1; +#else +# error "Byte order must be defined" +#endif + u_int16_t window; + u_int16_t check; + u_int16_t urg_ptr; +} __attribute__((packed)); + +/* +++++++++++++++++++++++ UDP header +++++++++++++++++++++++ */ +struct ndpi_udphdr +{ + u_int16_t source; + u_int16_t dest; + u_int16_t len; + u_int16_t check; +} __attribute__((packed)); - u_int16_t payload_len; - u_int8_t nexthdr; - u_int8_t hop_limit; - struct ndpi_ip6_addr saddr; - struct ndpi_ip6_addr daddr; -}; -#endif -typedef union { +typedef union +{ u_int32_t ipv4; u_int8_t ipv4_u_int8_t[4]; #ifdef NDPI_DETECTION_SUPPORT_IPV6 - struct ndpi_ip6_addr ipv6; + struct ndpi_in6_addr ipv6; #endif } ndpi_ip_addr_t; +/* ************************************************************ */ +/* ******************* ********************* ****************** */ +/* ************************************************************ */ #ifdef NDPI_PROTOCOL_BITTORRENT typedef struct spinlock { @@ -811,4 +982,4 @@ typedef struct ndpi_flow_struct { struct ndpi_id_struct *dst; } ndpi_flow_struct_t; -#endif/* __NDPI_TYPEDEFS_FILE__ */ +#endif/* __NDPI_TYPEDEFS_H__ */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 16a956d4f..eb350bd3a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2652,10 +2652,10 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru l4protocol = iph->protocol; } #ifdef NDPI_DETECTION_SUPPORT_IPV6 - else if(iph_v6 != NULL && (l3_len - sizeof(struct ndpi_ipv6hdr)) >= ntohs(iph_v6->payload_len)) { + else if(iph_v6 != NULL && (l3_len - sizeof(struct ndpi_ipv6hdr)) >= ntohs(iph_v6->ip6_ctlun.ip6_un1.ip6_un1_plen)) { l4ptr = (((const u_int8_t *) iph_v6) + sizeof(struct ndpi_ipv6hdr)); - l4len = ntohs(iph_v6->payload_len); - l4protocol = iph_v6->nexthdr; + l4len = ntohs(iph_v6->ip6_ctlun.ip6_un1.ip6_un1_plen); + l4protocol = iph_v6->ip6_ctlun.ip6_un1.ip6_un1_nxt; // we need to handle IPv6 extension headers if present if(ndpi_handle_ipv6_extension_headers(ndpi_struct, &l4ptr, &l4len, &l4protocol) != 0) { @@ -2845,7 +2845,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, packet->packet_direction = 1; #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->saddr, &iphv6->daddr) != 0) + if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->ip6_src, &iphv6->ip6_dst) != 0) packet->packet_direction = 1; #endif } @@ -3196,7 +3196,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct #ifdef NDPI_DETECTION_SUPPORT_IPV6 if(flow->packet.iphv6 != NULL) { - protocol = flow->packet.iphv6->nexthdr, saddr = 0, daddr = 0; + protocol = flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt, saddr = 0, daddr = 0; } else #endif { @@ -3885,39 +3885,50 @@ int NDPI_PROTOCOL_IP_is_set(const ndpi_ip_addr_t * ip) /* NTOP */ int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip) { + #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if(packet->iphv6 != NULL) { - if(packet->iphv6->saddr.ndpi_v6_u.u6_addr64[0] == ip->ipv6.ndpi_v6_u.u6_addr64[0] && - packet->iphv6->saddr.ndpi_v6_u.u6_addr64[1] == ip->ipv6.ndpi_v6_u.u6_addr64[1]) { + /* IPv6 */ + if(packet->iphv6 != NULL) { + + if(packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ip->ipv6.u6_addr.u6_addr32[0] && + packet->iphv6->ip6_src.u6_addr.u6_addr32[1] == ip->ipv6.u6_addr.u6_addr32[1] && + packet->iphv6->ip6_src.u6_addr.u6_addr32[2] == ip->ipv6.u6_addr.u6_addr32[2] && + packet->iphv6->ip6_src.u6_addr.u6_addr32[3] == ip->ipv6.u6_addr.u6_addr32[3]) return 1; - } else { - return 0; - } + //else + return 0; } #endif - if(packet->iph->saddr == ip->ipv4) { + + /* IPv4 */ + if(packet->iph->saddr == ip->ipv4) return 1; - } return 0; } /* check if the destination ip address in packet and ip are equal */ int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip) { + #ifdef NDPI_DETECTION_SUPPORT_IPV6 + + /* IPv6 */ if(packet->iphv6 != NULL) { - if(packet->iphv6->daddr.ndpi_v6_u.u6_addr64[0] == ip->ipv6.ndpi_v6_u.u6_addr64[0] && - packet->iphv6->daddr.ndpi_v6_u.u6_addr64[1] == ip->ipv6.ndpi_v6_u.u6_addr64[1]) { + + if(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ip->ipv6.u6_addr.u6_addr32[0] && + packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] == ip->ipv6.u6_addr.u6_addr32[1] && + packet->iphv6->ip6_dst.u6_addr.u6_addr32[2] == ip->ipv6.u6_addr.u6_addr32[2] && + packet->iphv6->ip6_dst.u6_addr.u6_addr32[3] == ip->ipv6.u6_addr.u6_addr32[3]) return 1; - } else { - return 0; - } + //else + return 0; } #endif - if(packet->iph->daddr == ip->ipv4) { + + /* IPv4 */ + if(packet->iph->saddr == ip->ipv4) return 1; - } return 0; } @@ -3926,12 +3937,21 @@ int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_i void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip) { NDPI_PROTOCOL_IP_clear(ip); + #ifdef NDPI_DETECTION_SUPPORT_IPV6 + + /* IPv6 */ if(packet->iphv6 != NULL) { - ip->ipv6.ndpi_v6_u.u6_addr64[0] = packet->iphv6->saddr.ndpi_v6_u.u6_addr64[0]; - ip->ipv6.ndpi_v6_u.u6_addr64[1] = packet->iphv6->saddr.ndpi_v6_u.u6_addr64[1]; + + ip->ipv6.u6_addr.u6_addr32[0] = packet->iphv6->ip6_src.u6_addr.u6_addr32[0]; + ip->ipv6.u6_addr.u6_addr32[1] = packet->iphv6->ip6_src.u6_addr.u6_addr32[1]; + ip->ipv6.u6_addr.u6_addr32[2] = packet->iphv6->ip6_src.u6_addr.u6_addr32[2]; + ip->ipv6.u6_addr.u6_addr32[3] = packet->iphv6->ip6_src.u6_addr.u6_addr32[3]; + } else #endif + + /* IPv4 */ ip->ipv4 = packet->iph->saddr; } @@ -3940,12 +3960,20 @@ void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_add void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip) { NDPI_PROTOCOL_IP_clear(ip); + #ifdef NDPI_DETECTION_SUPPORT_IPV6 + if(packet->iphv6 != NULL) { - ip->ipv6.ndpi_v6_u.u6_addr64[0] = packet->iphv6->daddr.ndpi_v6_u.u6_addr64[0]; - ip->ipv6.ndpi_v6_u.u6_addr64[1] = packet->iphv6->daddr.ndpi_v6_u.u6_addr64[1]; + + ip->ipv6.u6_addr.u6_addr32[0] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[0]; + ip->ipv6.u6_addr.u6_addr32[1] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[1]; + ip->ipv6.u6_addr.u6_addr32[2] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[2]; + ip->ipv6.u6_addr.u6_addr32[3] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[3]; + } else + #endif + ip->ipv4 = packet->iph->daddr; } @@ -3959,15 +3987,22 @@ char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const u_int8_t *a = (const u_int8_t *) &ip->ipv4; #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if(ip->ipv6.ndpi_v6_u.u6_addr32[1] != 0 || ip->ipv6.ndpi_v6_u.u6_addr64[1] != 0) { - const u_int16_t *b = ip->ipv6.ndpi_v6_u.u6_addr16; + if(ip->ipv6.u6_addr.u6_addr32[0] != 0 || + ip->ipv6.u6_addr.u6_addr32[1] != 0 || + ip->ipv6.u6_addr.u6_addr32[1] != 0 || + ip->ipv6.u6_addr.u6_addr32[1] != 0) { + + const u_int16_t *b = ip->ipv6.u6_addr.u6_addr16; snprintf(ndpi_struct->ip_string, 32, "%x:%x:%x:%x:%x:%x:%x:%x", ntohs(b[0]), ntohs(b[1]), ntohs(b[2]), ntohs(b[3]), ntohs(b[4]), ntohs(b[5]), ntohs(b[6]), ntohs(b[7])); + return ndpi_struct->ip_string; } #endif + snprintf(ndpi_struct->ip_string, 32, "%u.%u.%u.%u", a[0], a[1], a[2], a[3]); + return ndpi_struct->ip_string; } |