aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/nDPI_QuickStartGuide.docxbin0 -> 522646 bytes
-rw-r--r--doc/nDPI_QuickStartGuide.pagesbin157979 -> 119255 bytes
-rw-r--r--doc/nDPI_QuickStartGuide.pdfbin146256 -> 139523 bytes
-rw-r--r--example/ndpiReader.c9
-rw-r--r--example/protos.txt2
-rw-r--r--src/include/ndpi_api.h8
-rw-r--r--src/include/ndpi_protocol_ids.h25
-rw-r--r--src/include/ndpi_protocols.h136
-rw-r--r--src/include/ndpi_typedefs.h80
-rw-r--r--src/lib/Makefile.am1
-rw-r--r--src/lib/ndpi_content_match.c.inc1453
-rw-r--r--src/lib/ndpi_main.c1970
-rw-r--r--src/lib/protocols/afp.c13
-rw-r--r--src/lib/protocols/aimini.c14
-rw-r--r--src/lib/protocols/applejuice.c13
-rw-r--r--src/lib/protocols/armagetron.c17
-rw-r--r--src/lib/protocols/ayiya.c14
-rw-r--r--src/lib/protocols/battlefield.c12
-rw-r--r--src/lib/protocols/bgp.c13
-rw-r--r--src/lib/protocols/bittorrent.c13
-rw-r--r--src/lib/protocols/ciscovpn.c13
-rw-r--r--src/lib/protocols/citrix.c12
-rw-r--r--src/lib/protocols/collectd.c1
-rw-r--r--src/lib/protocols/corba.c12
-rw-r--r--src/lib/protocols/crossfire.c11
-rw-r--r--src/lib/protocols/dcerpc.c12
-rw-r--r--src/lib/protocols/dhcp.c13
-rw-r--r--src/lib/protocols/dhcpv6.c12
-rw-r--r--src/lib/protocols/directconnect.c13
-rw-r--r--src/lib/protocols/directdownloadlink.c12
-rw-r--r--src/lib/protocols/dns.c21
-rw-r--r--src/lib/protocols/dofus.c12
-rw-r--r--src/lib/protocols/dropbox.c14
-rw-r--r--src/lib/protocols/eaq.c14
-rw-r--r--src/lib/protocols/edonkey.c13
-rw-r--r--src/lib/protocols/fasttrack.c14
-rw-r--r--src/lib/protocols/fiesta.c15
-rw-r--r--src/lib/protocols/filetopia.c12
-rw-r--r--src/lib/protocols/florensia.c13
-rw-r--r--src/lib/protocols/ftp_control.c13
-rw-r--r--src/lib/protocols/ftp_data.c63
-rw-r--r--src/lib/protocols/gnutella.c15
-rw-r--r--src/lib/protocols/gtp.c13
-rw-r--r--src/lib/protocols/guildwars.c15
-rw-r--r--src/lib/protocols/h323.c13
-rw-r--r--src/lib/protocols/halflife2_and_mods.c13
-rw-r--r--src/lib/protocols/http.c232
-rw-r--r--src/lib/protocols/http_activesync.c14
-rw-r--r--src/lib/protocols/iax.c15
-rw-r--r--src/lib/protocols/icecast.c14
-rw-r--r--src/lib/protocols/imesh.c14
-rw-r--r--src/lib/protocols/ipp.c14
-rw-r--r--src/lib/protocols/irc.c13
-rw-r--r--src/lib/protocols/jabber.c12
-rw-r--r--src/lib/protocols/kakaotalk_voice.c13
-rw-r--r--src/lib/protocols/kerberos.c24
-rw-r--r--src/lib/protocols/kontiki.c14
-rw-r--r--src/lib/protocols/ldap.c17
-rw-r--r--src/lib/protocols/lotus_notes.c13
-rw-r--r--src/lib/protocols/mail_imap.c15
-rw-r--r--src/lib/protocols/mail_pop.c14
-rw-r--r--src/lib/protocols/mail_smtp.c13
-rw-r--r--src/lib/protocols/maplestory.c16
-rw-r--r--src/lib/protocols/mdns.c17
-rw-r--r--src/lib/protocols/meebo.c19
-rw-r--r--src/lib/protocols/megaco.c12
-rw-r--r--src/lib/protocols/mgcp.c14
-rw-r--r--src/lib/protocols/mms.c14
-rw-r--r--src/lib/protocols/mpegts.c14
-rw-r--r--src/lib/protocols/msn.c21
-rw-r--r--src/lib/protocols/mssql.c18
-rw-r--r--src/lib/protocols/mysql.c14
-rw-r--r--src/lib/protocols/netbios.c14
-rw-r--r--src/lib/protocols/netflow.c13
-rw-r--r--src/lib/protocols/nfs.c14
-rw-r--r--src/lib/protocols/noe.c16
-rw-r--r--src/lib/protocols/non_tcp_udp.c91
-rw-r--r--src/lib/protocols/ntp.c13
-rw-r--r--src/lib/protocols/openft.c14
-rw-r--r--src/lib/protocols/openvpn.c13
-rw-r--r--src/lib/protocols/oracle.c14
-rw-r--r--src/lib/protocols/oscar.c609
-rw-r--r--src/lib/protocols/pando.c13
-rw-r--r--src/lib/protocols/pcanywhere.c13
-rw-r--r--src/lib/protocols/postgres.c13
-rw-r--r--src/lib/protocols/pplive.c13
-rw-r--r--src/lib/protocols/ppstream.c17
-rw-r--r--src/lib/protocols/pptp.c14
-rw-r--r--src/lib/protocols/qq.c13
-rw-r--r--src/lib/protocols/quake.c13
-rw-r--r--src/lib/protocols/quic.c14
-rw-r--r--src/lib/protocols/radius.c13
-rw-r--r--src/lib/protocols/rdp.c13
-rw-r--r--src/lib/protocols/redis_net.c13
-rw-r--r--src/lib/protocols/rsync.c14
-rw-r--r--src/lib/protocols/rtcp.c14
-rw-r--r--src/lib/protocols/rtmp.c13
-rw-r--r--src/lib/protocols/rtp.c16
-rw-r--r--src/lib/protocols/rtsp.c11
-rw-r--r--src/lib/protocols/sflow.c13
-rw-r--r--src/lib/protocols/shoutcast.c13
-rw-r--r--src/lib/protocols/sip.c13
-rw-r--r--src/lib/protocols/skinny.c14
-rw-r--r--src/lib/protocols/skype.c22
-rw-r--r--src/lib/protocols/smb.c13
-rw-r--r--src/lib/protocols/snmp.c13
-rw-r--r--src/lib/protocols/socrates.c13
-rw-r--r--src/lib/protocols/sopcast.c16
-rw-r--r--src/lib/protocols/soulseek.c13
-rw-r--r--src/lib/protocols/spotify.c13
-rw-r--r--src/lib/protocols/ssdp.c13
-rw-r--r--src/lib/protocols/ssh.c12
-rw-r--r--src/lib/protocols/ssl.c18
-rw-r--r--src/lib/protocols/starcraft.c157
-rw-r--r--src/lib/protocols/stealthnet.c15
-rw-r--r--src/lib/protocols/steam.c13
-rw-r--r--src/lib/protocols/stun.c86
-rw-r--r--src/lib/protocols/syslog.c13
-rw-r--r--src/lib/protocols/tcp_udp.c3
-rw-r--r--src/lib/protocols/tds.c13
-rw-r--r--src/lib/protocols/teamspeak.c15
-rw-r--r--src/lib/protocols/teamviewer.c14
-rw-r--r--src/lib/protocols/telegram.c14
-rw-r--r--src/lib/protocols/telnet.c13
-rw-r--r--src/lib/protocols/tftp.c14
-rw-r--r--src/lib/protocols/thunder.c13
-rw-r--r--src/lib/protocols/tor.c15
-rw-r--r--src/lib/protocols/tvants.c14
-rw-r--r--src/lib/protocols/tvuplayer.c14
-rw-r--r--src/lib/protocols/twitter.c17
-rw-r--r--src/lib/protocols/usenet.c13
-rw-r--r--src/lib/protocols/veohtv.c14
-rw-r--r--src/lib/protocols/vhua.c12
-rw-r--r--src/lib/protocols/viber.c14
-rw-r--r--src/lib/protocols/vmware.c14
-rw-r--r--src/lib/protocols/vnc.c14
-rw-r--r--src/lib/protocols/warcraft3.c13
-rw-r--r--src/lib/protocols/whoisdas.c15
-rw-r--r--src/lib/protocols/winmx.c13
-rw-r--r--src/lib/protocols/world_of_kung_fu.c13
-rw-r--r--src/lib/protocols/world_of_warcraft.c45
-rw-r--r--src/lib/protocols/xbox.c13
-rw-r--r--src/lib/protocols/xdmcp.c13
-rw-r--r--src/lib/protocols/yahoo.c15
-rw-r--r--src/lib/protocols/zattoo.c14
-rw-r--r--src/lib/protocols/zeromq.c13
-rw-r--r--tests/pcap/Instagram.pcapbin0 -> 576304 bytes
-rw-r--r--tests/pcap/Oscar.pcapbin0 -> 12016 bytes
-rw-r--r--tests/pcap/starcraft_battle.pcapbin0 -> 373156 bytes
-rw-r--r--tests/pcap/waze.pcapbin0 -> 368569 bytes
-rw-r--r--tests/pcap/whatsapp_voice_and_message.pcapbin0 -> 32255 bytes
-rw-r--r--tests/result/Instagram.pcap.out42
-rw-r--r--tests/result/KakaoTalk_chat.pcap.out48
-rw-r--r--tests/result/KakaoTalk_talk.pcap.out8
-rw-r--r--tests/result/Meu.pcap.out54
-rw-r--r--tests/result/Oscar.pcap.out3
-rw-r--r--tests/result/google_ssl.pcap.out2
-rw-r--r--tests/result/skype.pcap.out68
-rw-r--r--tests/result/skype_no_unknown.pcap.out50
-rw-r--r--tests/result/snapchat.pcap.out4
-rw-r--r--tests/result/starcraft_battle.pcap.out67
-rw-r--r--tests/result/waze.pcap.out44
-rw-r--r--tests/result/whatsapp_login_call.pcap.out44
-rw-r--r--tests/result/whatsapp_login_chat.pcap.out4
-rw-r--r--tests/result/whatsapp_voice_and_message.pcap.out16
165 files changed, 4557 insertions, 2615 deletions
diff --git a/doc/nDPI_QuickStartGuide.docx b/doc/nDPI_QuickStartGuide.docx
new file mode 100644
index 000000000..4ee25fb33
--- /dev/null
+++ b/doc/nDPI_QuickStartGuide.docx
Binary files differ
diff --git a/doc/nDPI_QuickStartGuide.pages b/doc/nDPI_QuickStartGuide.pages
index e2313a184..c813d270d 100644
--- a/doc/nDPI_QuickStartGuide.pages
+++ b/doc/nDPI_QuickStartGuide.pages
Binary files differ
diff --git a/doc/nDPI_QuickStartGuide.pdf b/doc/nDPI_QuickStartGuide.pdf
index f29be2a91..b9c7acf03 100644
--- a/doc/nDPI_QuickStartGuide.pdf
+++ b/doc/nDPI_QuickStartGuide.pdf
Binary files differ
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index adf8b2269..c11c0c50d 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -418,6 +418,9 @@ static char* ipProto2Name(u_short proto_id) {
case IPPROTO_ICMP:
return("ICMP");
break;
+ case IPPROTO_ICMPV6:
+ return("ICMPV6");
+ break;
case 112:
return("VRRP");
break;
@@ -572,6 +575,7 @@ static void free_ndpi_flow(struct ndpi_flow *flow) {
if(flow->ndpi_flow) { ndpi_free_flow(flow->ndpi_flow); flow->ndpi_flow = NULL; }
if(flow->src_id) { ndpi_free(flow->src_id); flow->src_id = NULL; }
if(flow->dst_id) { ndpi_free(flow->dst_id); flow->dst_id = NULL; }
+
}
/* ***************************************************** */
@@ -842,18 +846,21 @@ static struct ndpi_flow *get_ndpi_flow(u_int16_t thread_id,
if((newflow->ndpi_flow = malloc_wrapper(size_flow_struct)) == NULL) {
printf("[NDPI] %s(2): not enough memory\n", __FUNCTION__);
+ free(newflow);
return(NULL);
} else
memset(newflow->ndpi_flow, 0, size_flow_struct);
if((newflow->src_id = malloc_wrapper(size_id_struct)) == NULL) {
printf("[NDPI] %s(3): not enough memory\n", __FUNCTION__);
+ free(newflow);
return(NULL);
} else
memset(newflow->src_id, 0, size_id_struct);
if((newflow->dst_id = malloc_wrapper(size_id_struct)) == NULL) {
printf("[NDPI] %s(4): not enough memory\n", __FUNCTION__);
+ free(newflow);
return(NULL);
} else
memset(newflow->dst_id, 0, size_id_struct);
@@ -865,7 +872,7 @@ static struct ndpi_flow *get_ndpi_flow(u_int16_t thread_id,
// printFlow(thread_id, newflow);
- return(newflow);
+ return newflow ;
}
} else {
struct ndpi_flow *flow = *(struct ndpi_flow**)ret;
diff --git a/example/protos.txt b/example/protos.txt
index de7dc1c40..4c995f543 100644
--- a/example/protos.txt
+++ b/example/protos.txt
@@ -13,7 +13,7 @@ tcp:3000@ntop
host:"googlesyndacation.com"@Google
host:"venere.com"@Venere
host:"kataweb.it",host:"repubblica.it"@Repubblica
-
+host:"ntop"@ntop
# IP based Subprotocols
# Format:
# ip:<value>,ip:<value>,.....@<subproto>
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index d3fff5cfd..30948706b 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -173,11 +173,13 @@ extern "C" {
u_int8_t proto, u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport);
ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
u_int8_t proto, u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport);
- int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len);
+ int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len,
+ u_int16_t master_protocol_id);
int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
- char *string_to_match, u_int string_to_match_len);
+ char *string_to_match, u_int string_to_match_len,
+ u_int16_t master_protocol_id);
int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_automa *automa, char *bigram_to_match);
char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto, char *buf, u_int buf_len);
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 67b6189b7..d1b0792ff 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -166,7 +166,7 @@
#define NDPI_PROTOCOL_WEBEX 141
#define NDPI_PROTOCOL_VIBER 144
#define NDPI_PROTOCOL_RADIUS 146
-#define NDPI_PROTOCOL_WINDOWS_UPDATE 147 /* Thierry Laurion */
+#define NDPI_SERVICE_WINDOWS_UPDATE 147
#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */
#define NDPI_PROTOCOL_LOTUS_NOTES 150
#define NDPI_PROTOCOL_SAP 151
@@ -199,6 +199,7 @@
#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa <g.costa@xplico.org> */
#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu <andrea.buscarinu@gmail.com> - Michele Campus <michelecampus5@gmail.com> */
#define NDPI_PROTOCOL_WHATSAPP_VOICE 189
+#define NDPI_PROTOCOL_STARCRAFT 214 /* Matteo Bracci <matteobracci1@gmail.com> */
#define NDPI_CONTENT_AVI 39
@@ -220,7 +221,7 @@
#define NDPI_SERVICE_GOOGLE 126
#define NDPI_SERVICE_NETFLIX 133
#define NDPI_SERVICE_LASTFM 134
-#define NDPI_SERVICE_GROOVESHARK 135
+#define NDPI_SERVICE_WAZE 135
#define NDPI_SERVICE_APPLE 140
#define NDPI_SERVICE_WHATSAPP 142
#define NDPI_SERVICE_APPLE_ICLOUD 143
@@ -237,7 +238,7 @@
#define NDPI_SERVICE_YAHOO NDPI_PROTOCOL_YAHOO /* Tomasz Bujlow <tomasz@skatnet.dk> */
#define NDPI_SERVICE_PANDORA 187
#define NDPI_PROTOCOL_EAQ 190
-#define NDPI_SERVICE_MEU 191
+#define NDPI_SERVICE_TIMMEU 191
#define NDPI_SERVICE_TORCEDOR 192
#define NDPI_SERVICE_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */
#define NDPI_SERVICE_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */
@@ -246,10 +247,24 @@
#define NDPI_SERVICE_TIM 197 /* Traffic for tim.com.br and tim.it */
#define NDPI_PROTOCOL_MPEGTS 198
#define NDPI_SERVICE_SNAPCHAT 199
+#define NDPI_SERVICE_SIMET 200
+#define NDPI_SERVICE_OPENSIGNAL 201
+#define NDPI_SERVICE_99TAXI 202
+#define NDPI_SERVICE_EASYTAXI 203
+#define NDPI_SERVICE_GLOBOTV 204
+#define NDPI_SERVICE_TIMSOMDECHAMADA 205
+#define NDPI_SERVICE_TIMMENU 206
+#define NDPI_SERVICE_TIMPORTASABERTAS 207
+#define NDPI_SERVICE_TIMRECARGA 208
+#define NDPI_SERVICE_TIMBETA 209
+#define NDPI_SERVICE_DEEZER 210
+#define NDPI_SERVICE_INSTAGRAM 211 /* Andrea Buscarinu <andrea.buscarinu@gmail.com> */
+#define NDPI_SERVICE_MICROSOFT 212
+#define NDPI_SERVICE_BATTLENET 213 /* Matteo Bracci <matteobracci1@gmail.com> */
/* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
-#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_SERVICE_SNAPCHAT
+#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_STARCRAFT
-#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
+#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
#endif
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index e7ac6474e..dd0a9da4e 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -194,6 +194,142 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct n
void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_starcraft2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+
+/* --- INIT FUNCTIONS --- */
+void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_ayiya_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_corba_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_crossfire_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_dcerpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_dhcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_dhcpv6_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_directconnect_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_dns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_directdownloadlink_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_dropbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_eaq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_edonkey_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_fasttrack_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_fiesta_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_filetopia_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_florensia_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_ftp_control_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_ftp_data_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_gnutella_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_gtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_halflife2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_http_activesync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_imesh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_ipp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_jabber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_kerberos_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_ldap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_lotus_notes_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_mail_imap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_mail_pop_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_mail_smtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_maplestory_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_mdns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_meebo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_mgpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_mssql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_mysql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_nfs_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_noe_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_ntp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_openft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_oracle_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_oscar_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_pando_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_pcanywhere_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_postgres_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_pplive_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_ppstream_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_pptp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_qq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_quake_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_quic_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_radius_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_rdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_redis_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_rsync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_rtmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_shoutcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_sip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_skinny_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_socrates_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_sopcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_soulseek_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_ssh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_ssl_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_starcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_stealthnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_syslog_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_ssdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_tds_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_telnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_tftp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_thunder_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_tor_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_tvants_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_twitter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_veohtv_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_vmware_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_vnc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_warcraft3_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_whois_das_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_winmx_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_world_of_warcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_world_of_kung_fu_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_xbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_xdmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_yahoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_zmq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_stracraft2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+
#endif /* __NDPI_PROTOCOLS_INCLUDE_FILE__ */
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 3553df9a3..8ea4650a6 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -44,7 +44,7 @@ typedef enum {
} ndpi_VISIT;
typedef struct node_t {
- char *key;
+ char *key;
struct node_t *left, *right;
} ndpi_node;
@@ -88,7 +88,7 @@ struct ndpi_ipv6hdr {
struct ndpi_ip6_addr saddr;
struct ndpi_ip6_addr daddr;
};
-#endif /* NDPI_DETECTION_SUPPORT_IPV6 */
+#endif
typedef union {
u_int32_t ipv4;
@@ -126,19 +126,19 @@ struct hash_ip4p {
struct hash_ip4p_table {
size_t size;
- int ipv6;
+ int ipv6;
spinlock_t lock;
atomic_t count;
struct hash_ip4p tbl;
};
-struct bt_announce { // 192 bytes
+struct bt_announce { // 192 bytes
u_int32_t hash[5];
u_int32_t ip[4];
u_int32_t time;
u_int16_t port;
u_int8_t name_len,
- name[192 - 4*10 - 2 - 1]; // 149 bytes
+ name[192 - 4*10 - 2 - 1]; // 149 bytes
};
#endif
@@ -288,7 +288,7 @@ struct ndpi_flow_tcp_struct {
u_int32_t irc_0x1000_full:1;
#endif
#ifdef NDPI_PROTOCOL_WINMX
- u_int32_t winmx_stage:1; // 0-1
+ u_int32_t winmx_stage:1; // 0 - 1
#endif
#ifdef NDPI_PROTOCOL_SOULSEEK
u_int32_t soulseek_stage:2;
@@ -310,9 +310,9 @@ struct ndpi_flow_tcp_struct {
u_int32_t http_stage:2;
u_int32_t http_empty_line_seen:1;
u_int32_t http_wait_for_retransmission:1;
-#endif // NDPI_PROTOCOL_HTTP
+#endif
#ifdef NDPI_PROTOCOL_GNUTELLA
- u_int32_t gnutella_stage:2; //0-2
+ u_int32_t gnutella_stage:2; // 0 - 2
#endif
#ifdef NDPI_CONTENT_MMS
u_int32_t mms_stage:2;
@@ -411,10 +411,10 @@ struct ndpi_flow_udp_struct {
u_int32_t snmp_stage:2;
#endif
#ifdef NDPI_PROTOCOL_PPSTREAM
- u_int32_t ppstream_stage:3; // 0-7
+ u_int32_t ppstream_stage:3; // 0 - 7
#endif
#ifdef NDPI_PROTOCOL_HALFLIFE2
- u_int32_t halflife2_stage:2; // 0 - 2
+ u_int32_t halflife2_stage:2; // 0 - 2
#endif
#ifdef NDPI_PROTOCOL_TFTP
u_int32_t tftp_stage:1;
@@ -467,9 +467,6 @@ typedef struct ndpi_packet_struct {
u_int16_t detected_protocol_stack[NDPI_PROTOCOL_HISTORY_SIZE];
u_int8_t detected_subprotocol_stack[NDPI_PROTOCOL_HISTORY_SIZE];
- /* this is for simple read-only access to the real protocol
- * used for the main loop */
- /* u_int16_t real_protocol_read_only; */
#if !defined(WIN32)
__attribute__ ((__packed__))
@@ -532,12 +529,12 @@ typedef struct {
} ndpi_port_range;
typedef enum {
- NDPI_PROTOCOL_SAFE = 0, /* Safe protocol with encryption */
- NDPI_PROTOCOL_ACCEPTABLE, /* Ok but not encrypted */
- NDPI_PROTOCOL_FUN, /* Pure fun protocol */
- NDPI_PROTOCOL_UNSAFE, /* Protocol with a safe version existing what should be used instead */
+ NDPI_PROTOCOL_SAFE = 0, /* Safe protocol with encryption */
+ NDPI_PROTOCOL_ACCEPTABLE, /* Ok but not encrypted */
+ NDPI_PROTOCOL_FUN, /* Pure fun protocol */
+ NDPI_PROTOCOL_UNSAFE, /* Protocol with a safe version existing what should be used instead */
NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Be prepared to troubles */
- NDPI_PROTOCOL_UNRATED /* No idea */
+ NDPI_PROTOCOL_UNRATED /* No idea */
} ndpi_protocol_breed_t;
#define NUM_BREEDS (NDPI_PROTOCOL_UNRATED+1)
@@ -577,6 +574,7 @@ typedef struct ndpi_detection_module_struct {
#ifdef NDPI_ENABLE_DEBUG_MESSAGES
void *user_data;
#endif
+
/* callback function buffer */
struct ndpi_call_function_struct callback_buffer[NDPI_MAX_SUPPORTED_PROTOCOLS + 1];
u_int32_t callback_buffer_size;
@@ -602,6 +600,7 @@ typedef struct ndpi_detection_module_struct {
const char *ndpi_debug_print_function;
u_int32_t ndpi_debug_print_line;
#endif
+
/* misc parameters */
u_int32_t tcp_max_retransmission_window_size;
@@ -614,9 +613,9 @@ typedef struct ndpi_detection_module_struct {
u_int ndpi_num_custom_protocols;
/* HTTP/DNS/HTTPS host matching */
- ndpi_automa host_automa, /* Used for DNS/HTTPS */
- content_automa, /* Used for HTTP subprotocol_detection */
- subprotocol_automa, /* Used for HTTP subprotocol_detection */
+ ndpi_automa host_automa, /* Used for DNS/HTTPS */
+ content_automa, /* Used for HTTP subprotocol_detection */
+ subprotocol_automa, /* Used for HTTP subprotocol_detection */
bigrams_automa, impossible_bigrams_automa; /* TOR */
/* IP-based protocol detection */
void *protocols_ptree;
@@ -635,9 +634,9 @@ typedef struct ndpi_detection_module_struct {
u_int32_t rtsp_connection_timeout;
/* tvants parameters */
u_int32_t tvants_connection_timeout;
+ /* rstp */
u_int32_t orb_rstp_ts_timeout;
/* yahoo */
- // u_int32_t yahoo_http_filetransfer_timeout;
u_int8_t yahoo_detect_http_connections;
u_int32_t yahoo_lan_video_timeout;
u_int32_t zattoo_connection_timeout;
@@ -648,7 +647,6 @@ typedef struct ndpi_detection_module_struct {
char ip_string[NDPI_IP_STRING_SIZE];
#endif
u_int8_t ip_version_limit;
- /* ********************* */
#ifdef NDPI_PROTOCOL_BITTORRENT
struct hash_ip4p_table *bt_ht;
#ifdef NDPI_DETECTION_SUPPORT_IPV6
@@ -742,16 +740,14 @@ typedef struct ndpi_flow_struct {
#ifdef NDPI_PROTOCOL_REDIS
u_int8_t redis_s2d_first_char, redis_d2s_first_char;
#endif
-
- u_int16_t packet_counter; // can be 0-65000
+ u_int16_t packet_counter; // can be 0 - 65000
u_int16_t packet_direction_counter[2];
u_int16_t byte_counter[2];
-
#ifdef NDPI_PROTOCOL_BITTORRENT
- u_int8_t bittorrent_stage; // can be 0-255
+ u_int8_t bittorrent_stage; // can be 0 - 255
#endif
#ifdef NDPI_PROTOCOL_DIRECTCONNECT
- u_int32_t directconnect_stage:2; // 0-1
+ u_int32_t directconnect_stage:2; // 0 - 1
#endif
#ifdef NDPI_PROTOCOL_SIP
#ifdef NDPI_PROTOCOL_YAHOO
@@ -760,12 +756,11 @@ typedef struct ndpi_flow_struct {
#endif
#ifdef NDPI_PROTOCOL_HTTP
u_int32_t http_detected:1;
-#endif // NDPI_PROTOCOL_HTTP
+#endif
#ifdef NDPI_PROTOCOL_RTSP
u_int32_t rtsprdt_stage:2;
u_int32_t rtsp_control_flow:1;
#endif
-
#ifdef NDPI_PROTOCOL_YAHOO
u_int32_t yahoo_detection_finished:2;
#endif
@@ -776,7 +771,7 @@ typedef struct ndpi_flow_struct {
u_int32_t qq_stage:3;
#endif
#ifdef NDPI_PROTOCOL_THUNDER
- u_int32_t thunder_stage:2; // 0-3
+ u_int32_t thunder_stage:2; // 0 - 3
#endif
#ifdef NDPI_PROTOCOL_OSCAR
u_int32_t oscar_ssl_voice_stage:3;
@@ -786,20 +781,17 @@ typedef struct ndpi_flow_struct {
u_int32_t florensia_stage:1;
#endif
#ifdef NDPI_PROTOCOL_SOCKS5
- u_int32_t socks5_stage:2; // 0-3
+ u_int32_t socks5_stage:2; // 0 - 3
#endif
#ifdef NDPI_PROTOCOL_SOCKS4
- u_int32_t socks4_stage:2; // 0-3
+ u_int32_t socks4_stage:2; // 0 - 3
#endif
#ifdef NDPI_PROTOCOL_EDONKEY
- u_int32_t edonkey_stage:2; // 0-3
+ u_int32_t edonkey_stage:2; // 0 - 3
#endif
#ifdef NDPI_PROTOCOL_FTP_CONTROL
u_int32_t ftp_control_stage:2;
#endif
-#ifdef NDPI_PROTOCOL_FTP_DATA
- u_int32_t ftp_data_stage:2;
-#endif
#ifdef NDPI_PROTOCOL_RTMP
u_int32_t rtmp_stage:2;
#endif
@@ -813,9 +805,12 @@ typedef struct ndpi_flow_struct {
u_int32_t steam_stage3:2; // 0 - 2
#endif
#ifdef NDPI_PROTOCOL_PPLIVE
- u_int32_t pplive_stage1:3; // 0-6
- u_int32_t pplive_stage2:2; // 0-2
- u_int32_t pplive_stage3:2; // 0-2
+ u_int32_t pplive_stage1:3; // 0 - 6
+ u_int32_t pplive_stage2:2; // 0 - 2
+ u_int32_t pplive_stage3:2; // 0 - 2
+#endif
+#ifdef NDPI_PROTOCOL_STARCRAFT
+ u_int32_t starcraft_udp_stage : 3; // 0-7
#endif
/* internal structures to save functions calls */
@@ -825,9 +820,4 @@ typedef struct ndpi_flow_struct {
struct ndpi_id_struct *dst;
} ndpi_flow_struct_t;
-/* typedef enum { */
-/* NDPI_REAL_PROTOCOL = 0, */
-/* NDPI_CORRELATED_PROTOCOL = 1 */
-/* } ndpi_protocol_type_t; */
-
#endif/* __NDPI_TYPEDEFS_FILE__ */
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 36341dde5..941b5048c 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -121,6 +121,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \
protocols/ssdp.c \
protocols/ssh.c \
protocols/ssl.c \
+ protocols/starcraft.c \
protocols/stealthnet.c \
protocols/steam.c \
protocols/stun.c \
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 9d4256da8..eb5877289 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -3,9 +3,6 @@
*
* Copyright (C) 2011-15 - ntop.org
*
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
* nDPI is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
@@ -71,11 +68,11 @@ static ndpi_network host_protocol_list[] = {
{ 0xC72FD800 /* 199.47.216.0 */, 22, NDPI_PROTOCOL_DROPBOX },
{ 0x6CA0A000 /* 108.160.160.0 */, 20, NDPI_PROTOCOL_DROPBOX },
- /*
- Skype (Microsoft CDN)
- 157.56.0.0/14, 157.60.0.0/16, 157.54.0.0/15
- 111.221.64.0 - 111.221.127.255
- 91.190.216.0/21 (AS198015 Skype Communications Sarl)
+ /*
+ Skype (Microsoft CDN)
+ 157.56.0.0/14, 157.60.0.0/16, 157.54.0.0/15
+ 111.221.64.0 - 111.221.127.255
+ 91.190.216.0/21 (AS198015 Skype Communications Sarl)
*/
{ 0x9D380000 /* 157.56.0.0 */, 14, NDPI_PROTOCOL_SKYPE },
{ 0x9D3C0000 /* 157.60.0.0 */, 16, NDPI_PROTOCOL_SKYPE },
@@ -84,6 +81,13 @@ static ndpi_network host_protocol_list[] = {
{ 0x5BBED800 /* 91.190.216.0 */, 21, NDPI_PROTOCOL_SKYPE },
/*
+ route: 5.42.160.0/19
+ descr: Blizzard Entertainment, Inc
+ origin: AS57976
+ */
+ { 0x052AA000 /* 5.42.160.0 */, 19, NDPI_PROTOCOL_STARCRAFT },
+
+ /*
Google
173.194.0.0/16
*/
@@ -108,7 +112,7 @@ static ndpi_network host_protocol_list[] = {
origin: AS62014
mnt-by: MNT-TELEGRAM
source: RIPE # Filtered
-
+
http://myip.ms/view/web_hosting/363906/Telegram_Messenger_Network.html
*/
{ 0x959AA400 /* 149.154.164.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM},
@@ -6643,646 +6647,649 @@ static ndpi_network host_protocol_list[] = {
{ 0xC6493247, 32, NDPI_PROTOCOL_TOR },
{ 0xC64A38BF, 32, NDPI_PROTOCOL_TOR },
{ 0xC64A3A10, 32, NDPI_PROTOCOL_TOR },
-{ 0xC64A3ACE, 32, NDPI_PROTOCOL_TOR },
-{ 0xC64A3C1A, 32, NDPI_PROTOCOL_TOR },
-{ 0xC64A3E6B, 32, NDPI_PROTOCOL_TOR },
-{ 0xC654A10C, 32, NDPI_PROTOCOL_TOR },
-{ 0xC654F0E5, 32, NDPI_PROTOCOL_TOR },
-{ 0xC654F96A, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6609B03, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6623103, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6623495, 32, NDPI_PROTOCOL_TOR },
-{ 0xC662358D, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6649014, 32, NDPI_PROTOCOL_TOR },
-{ 0xC664904B, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6649470, 32, NDPI_PROTOCOL_TOR },
-{ 0xC664947B, 32, NDPI_PROTOCOL_TOR },
-{ 0xC664959F, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6649B36, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6649BC2, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6697D25, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6697DB2, 32, NDPI_PROTOCOL_TOR },
-{ 0xC669D0A4, 32, NDPI_PROTOCOL_TOR },
-{ 0xC669DF92, 32, NDPI_PROTOCOL_TOR },
-{ 0xC68F88ED, 32, NDPI_PROTOCOL_TOR },
-{ 0xC693141D, 32, NDPI_PROTOCOL_TOR },
-{ 0xC693174D, 32, NDPI_PROTOCOL_TOR },
-{ 0xC69451A7, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6A7895C, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6A78F95, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6B49609, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6C74845, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6C76BDC, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6C77079, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6C77231, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6C775A4, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6C77A11, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6CD713B, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6D36392, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6D37ABF, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6D37B5C, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6D37CD6, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6D37DF2, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6D37E53, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6F464C8, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6F46963, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6F53294, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6F53C28, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6F53C93, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6F53CC2, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6F53E68, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6F53FE4, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6FC9957, 32, NDPI_PROTOCOL_TOR },
-{ 0xC6FC996B, 32, NDPI_PROTOCOL_TOR },
-{ 0xC710BF3A, 32, NDPI_PROTOCOL_TOR },
-{ 0xC71355FC, 32, NDPI_PROTOCOL_TOR },
-{ 0xC713D5B0, 32, NDPI_PROTOCOL_TOR },
-{ 0xC726567A, 32, NDPI_PROTOCOL_TOR },
-{ 0xC73A530A, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7579AFF, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7737387, 32, NDPI_PROTOCOL_TOR },
-{ 0xC773CDF1, 32, NDPI_PROTOCOL_TOR },
-{ 0xC773CDF2, 32, NDPI_PROTOCOL_TOR },
-{ 0xC773CDF3, 32, NDPI_PROTOCOL_TOR },
-{ 0xC773CDF5, 32, NDPI_PROTOCOL_TOR },
-{ 0xC773CDF8, 32, NDPI_PROTOCOL_TOR },
-{ 0xC77FE240, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7A78088, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7A7A1C3, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7A7C679, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7BC649A, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7BCC235, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7C173D1, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7C1FD31, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7C3C116, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7C3F83C, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7C3F890, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7C3F9D4, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7CA151D, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7FEEE2C, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7FEEE34, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7FEEE34, 32, NDPI_PROTOCOL_TOR },
-{ 0xC7FFDF58, 32, NDPI_PROTOCOL_TOR },
-{ 0xC811D20C, 32, NDPI_PROTOCOL_TOR },
-{ 0xC8628B17, 32, NDPI_PROTOCOL_TOR },
-{ 0xC86CEC4B, 32, NDPI_PROTOCOL_TOR },
-{ 0xC8B55A41, 32, NDPI_PROTOCOL_TOR },
-{ 0xC8DFD4D2, 32, NDPI_PROTOCOL_TOR },
-{ 0xC906897F, 32, NDPI_PROTOCOL_TOR },
-{ 0xC91BEB7F, 32, NDPI_PROTOCOL_TOR },
-{ 0xC9AA12B7, 32, NDPI_PROTOCOL_TOR },
-{ 0xC9D46CB8, 32, NDPI_PROTOCOL_TOR },
-{ 0xC9DA72A2, 32, NDPI_PROTOCOL_TOR },
-{ 0xCA07F408, 32, NDPI_PROTOCOL_TOR },
-{ 0xCA3C4220, 32, NDPI_PROTOCOL_TOR },
-{ 0xCA4A2C0F, 32, NDPI_PROTOCOL_TOR },
-{ 0xCA536AB3, 32, NDPI_PROTOCOL_TOR },
-{ 0xCA55E922, 32, NDPI_PROTOCOL_TOR },
-{ 0xCAAB9C54, 32, NDPI_PROTOCOL_TOR },
-{ 0xCAAC1039, 32, NDPI_PROTOCOL_TOR },
-{ 0xCB56CAA7, 32, NDPI_PROTOCOL_TOR },
-{ 0xCB56CD2E, 32, NDPI_PROTOCOL_TOR },
-{ 0xCB6DE90F, 32, NDPI_PROTOCOL_TOR },
-{ 0xCB71AC95, 32, NDPI_PROTOCOL_TOR },
-{ 0xCB71AC98, 32, NDPI_PROTOCOL_TOR },
-{ 0xCB71AC9A, 32, NDPI_PROTOCOL_TOR },
-{ 0xCB7B3001, 32, NDPI_PROTOCOL_TOR },
-{ 0xCB7E7B52, 32, NDPI_PROTOCOL_TOR },
-{ 0xCB8A63DA, 32, NDPI_PROTOCOL_TOR },
-{ 0xCB98C302, 32, NDPI_PROTOCOL_TOR },
-{ 0xCB99CEA6, 32, NDPI_PROTOCOL_TOR },
-{ 0xCBA16711, 32, NDPI_PROTOCOL_TOR },
-{ 0xCBB2850B, 32, NDPI_PROTOCOL_TOR },
-{ 0xCBCEEDC5, 32, NDPI_PROTOCOL_TOR },
-{ 0xCBD9AD92, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC089C8E, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC093747, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC0B3283, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC1025F4, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC11382A, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC11382A, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC1B382D, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC1B382D, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC1B3ACA, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC2D1E7A, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC2D1E7D, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC2DB6E2, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC534638, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC55BF1E, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC59C10A, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC7C5382, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC7C5382, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC7C5386, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC7C5386, 32, NDPI_PROTOCOL_TOR },
-{ 0xCC91512D, 32, NDPI_PROTOCOL_TOR },
-{ 0xCCC21D04, 32, NDPI_PROTOCOL_TOR },
-{ 0xCCF67A48, 32, NDPI_PROTOCOL_TOR },
-{ 0xCDA85485, 32, NDPI_PROTOCOL_TOR },
-{ 0xCDB973EA, 32, NDPI_PROTOCOL_TOR },
-{ 0xCDB97A98, 32, NDPI_PROTOCOL_TOR },
-{ 0xCE2876E5, 32, NDPI_PROTOCOL_TOR },
-{ 0xCE374A00, 32, NDPI_PROTOCOL_TOR },
-{ 0xCE374A01, 32, NDPI_PROTOCOL_TOR },
-{ 0xCE48C698, 32, NDPI_PROTOCOL_TOR },
-{ 0xCEAE7054, 32, NDPI_PROTOCOL_TOR },
-{ 0xCEBE9906, 32, NDPI_PROTOCOL_TOR },
-{ 0xCF268613, 32, NDPI_PROTOCOL_TOR },
-{ 0xCF6CDABA, 32, NDPI_PROTOCOL_TOR },
-{ 0xCF9E0F72, 32, NDPI_PROTOCOL_TOR },
-{ 0xCFACD159, 32, NDPI_PROTOCOL_TOR },
-{ 0xCFBD72D7, 32, NDPI_PROTOCOL_TOR },
-{ 0xCFC046FA, 32, NDPI_PROTOCOL_TOR },
-{ 0xCFC9DFC3, 32, NDPI_PROTOCOL_TOR },
-{ 0xCFC9DFC4, 32, NDPI_PROTOCOL_TOR },
-{ 0xCFC9DFC5, 32, NDPI_PROTOCOL_TOR },
-{ 0xCFE54199, 32, NDPI_PROTOCOL_TOR },
-{ 0xCFF44B8E, 32, NDPI_PROTOCOL_TOR },
-{ 0xCFF4526D, 32, NDPI_PROTOCOL_TOR },
-{ 0xCFF4526D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD041B5BD, 32, NDPI_PROTOCOL_TOR },
-{ 0xD0421E1B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD049CCE4, 32, NDPI_PROTOCOL_TOR },
-{ 0xD04FD17C, 32, NDPI_PROTOCOL_TOR },
-{ 0xD04FD34D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD0509A27, 32, NDPI_PROTOCOL_TOR },
-{ 0xD0526625, 32, NDPI_PROTOCOL_TOR },
-{ 0xD053DF22, 32, NDPI_PROTOCOL_TOR },
-{ 0xD053DFE5, 32, NDPI_PROTOCOL_TOR },
-{ 0xD0549BCD, 32, NDPI_PROTOCOL_TOR },
-{ 0xD0549BF3, 32, NDPI_PROTOCOL_TOR },
-{ 0xD0549BF7, 32, NDPI_PROTOCOL_TOR },
-{ 0xD056FB58, 32, NDPI_PROTOCOL_TOR },
-{ 0xD05B798E, 32, NDPI_PROTOCOL_TOR },
-{ 0xD065161A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD06F2350, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1063507, 32, NDPI_PROTOCOL_TOR },
-{ 0xD106441D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD10685EE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD111BF75, 32, NDPI_PROTOCOL_TOR },
-{ 0xD12C72B2, 32, NDPI_PROTOCOL_TOR },
-{ 0xD133A319, 32, NDPI_PROTOCOL_TOR },
-{ 0xD133BFBE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1709F3C, 32, NDPI_PROTOCOL_TOR },
-{ 0xD177BC25, 32, NDPI_PROTOCOL_TOR },
-{ 0xD177BC25, 32, NDPI_PROTOCOL_TOR },
-{ 0xD177BC26, 32, NDPI_PROTOCOL_TOR },
-{ 0xD177BC26, 32, NDPI_PROTOCOL_TOR },
-{ 0xD177BC27, 32, NDPI_PROTOCOL_TOR },
-{ 0xD177BC27, 32, NDPI_PROTOCOL_TOR },
-{ 0xD177BC28, 32, NDPI_PROTOCOL_TOR },
-{ 0xD177BC28, 32, NDPI_PROTOCOL_TOR },
-{ 0xD177BC29, 32, NDPI_PROTOCOL_TOR },
-{ 0xD177BC29, 32, NDPI_PROTOCOL_TOR },
-{ 0xD177BC2A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD177BC2A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD17BA242, 32, NDPI_PROTOCOL_TOR },
-{ 0xD17E47E9, 32, NDPI_PROTOCOL_TOR },
-{ 0xD17E4854, 32, NDPI_PROTOCOL_TOR },
-{ 0xD17E6907, 32, NDPI_PROTOCOL_TOR },
-{ 0xD18D23E8, 32, NDPI_PROTOCOL_TOR },
-{ 0xD18D242A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD18D2ECC, 32, NDPI_PROTOCOL_TOR },
-{ 0xD18D328A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD18D34EF, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1942E81, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1942E82, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1942E82, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1945576, 32, NDPI_PROTOCOL_TOR },
-{ 0xD19F8A13, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1A221CF, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1B5E383, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1D01A29, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1D04F05, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1D2D215, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1DE08C4, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1DE1EF1, 32, NDPI_PROTOCOL_TOR },
-{ 0xD1FA02FE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD217021E, 32, NDPI_PROTOCOL_TOR },
-{ 0xD23625E2, 32, NDPI_PROTOCOL_TOR },
-{ 0xD2A6194E, 32, NDPI_PROTOCOL_TOR },
-{ 0xD2C33DFC, 32, NDPI_PROTOCOL_TOR },
-{ 0xD2D37ACC, 32, NDPI_PROTOCOL_TOR },
-{ 0xD2FBD989, 32, NDPI_PROTOCOL_TOR },
-{ 0xD31AF36D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD31C8EEF, 32, NDPI_PROTOCOL_TOR },
-{ 0xD31FC4F8, 32, NDPI_PROTOCOL_TOR },
-{ 0xD3CA291F, 32, NDPI_PROTOCOL_TOR },
-{ 0xD407C247, 32, NDPI_PROTOCOL_TOR },
-{ 0xD407DC06, 32, NDPI_PROTOCOL_TOR },
-{ 0xD40A5604, 32, NDPI_PROTOCOL_TOR },
-{ 0xD40CCB27, 32, NDPI_PROTOCOL_TOR },
-{ 0xD41010B8, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4106821, 32, NDPI_PROTOCOL_TOR },
-{ 0xD411664D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD41824CD, 32, NDPI_PROTOCOL_TOR },
-{ 0xD41890BC, 32, NDPI_PROTOCOL_TOR },
-{ 0xD421F581, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FE209, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FE3AC, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FE3AC, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FE445, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FE459, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FE5D1, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FE5D1, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FE745, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FE784, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FE80D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FE8F6, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FE97E, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FEA54, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FEB57, 32, NDPI_PROTOCOL_TOR },
-{ 0xD42FECDB, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4305435, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4339C5A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4339C8F, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4339C9E, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4339C9E, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4339F4E, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4339F72, 32, NDPI_PROTOCOL_TOR },
-{ 0xD438D698, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4402044, 32, NDPI_PROTOCOL_TOR },
-{ 0xD447EECB, 32, NDPI_PROTOCOL_TOR },
-{ 0xD447F805, 32, NDPI_PROTOCOL_TOR },
-{ 0xD447F945, 32, NDPI_PROTOCOL_TOR },
-{ 0xD447F945, 32, NDPI_PROTOCOL_TOR },
-{ 0xD447F981, 32, NDPI_PROTOCOL_TOR },
-{ 0xD447FC6D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD447FC74, 32, NDPI_PROTOCOL_TOR },
-{ 0xD447FDE2, 32, NDPI_PROTOCOL_TOR },
-{ 0xD44AFEF3, 32, NDPI_PROTOCOL_TOR },
-{ 0xD44DE210, 32, NDPI_PROTOCOL_TOR },
-{ 0xD44DE2F5, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4532F5B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD45394CD, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4539A21, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4539A21, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4539E05, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4539E14, 32, NDPI_PROTOCOL_TOR },
-{ 0xD453A298, 32, NDPI_PROTOCOL_TOR },
-{ 0xD453A7AF, 32, NDPI_PROTOCOL_TOR },
-{ 0xD453AAFC, 32, NDPI_PROTOCOL_TOR },
-{ 0xD453B07A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD453B07D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD453BECB, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4554F44, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4554F47, 32, NDPI_PROTOCOL_TOR },
-{ 0xD45CDB0F, 32, NDPI_PROTOCOL_TOR },
-{ 0xD467903A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD46A09CE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD46B9591, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4722F34, 32, NDPI_PROTOCOL_TOR },
-{ 0xD472303A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4726D21, 32, NDPI_PROTOCOL_TOR },
-{ 0xD472FA12, 32, NDPI_PROTOCOL_TOR },
-{ 0xD472FE5B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4758F4A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD475B46B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4763E03, 32, NDPI_PROTOCOL_TOR },
-{ 0xD47CB453, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4810454, 32, NDPI_PROTOCOL_TOR },
-{ 0xD48110B6, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4811AF6, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4812A09, 32, NDPI_PROTOCOL_TOR },
-{ 0xD48132F6, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4813431, 32, NDPI_PROTOCOL_TOR },
-{ 0xD495D15B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD49F5B16, 32, NDPI_PROTOCOL_TOR },
-{ 0xD49F70C4, 32, NDPI_PROTOCOL_TOR },
-{ 0xD49F8F53, 32, NDPI_PROTOCOL_TOR },
-{ 0xD49FB1C6, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4A4EF79, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4B733DE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4BA59A2, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4BBC8AA, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4C04A64, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4C04A65, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4C63318, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4C6C924, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4C6E391, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4E054E3, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4E059FD, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4E326F7, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4E38BC3, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4E3F876, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4E81D65, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4FAA0B2, 32, NDPI_PROTOCOL_TOR },
-{ 0xD4FAA0BB, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5095DAE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD52C58EA, 32, NDPI_PROTOCOL_TOR },
-{ 0xD52F2397, 32, NDPI_PROTOCOL_TOR },
-{ 0xD52F4B43, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5317328, 32, NDPI_PROTOCOL_TOR },
-{ 0xD53D957D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD53D957E, 32, NDPI_PROTOCOL_TOR },
-{ 0xD540E2E6, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5430E91, 32, NDPI_PROTOCOL_TOR },
-{ 0xD54951D2, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5497087, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5582A31, 32, NDPI_PROTOCOL_TOR },
-{ 0xD55F1536, 32, NDPI_PROTOCOL_TOR },
-{ 0xD55F153B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD56B4D04, 32, NDPI_PROTOCOL_TOR },
-{ 0xD56C6947, 32, NDPI_PROTOCOL_TOR },
-{ 0xD56C69FD, 32, NDPI_PROTOCOL_TOR },
-{ 0xD56CD7EE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD56FF097, 32, NDPI_PROTOCOL_TOR },
-{ 0xD57086D3, 32, NDPI_PROTOCOL_TOR },
-{ 0xD570C73F, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5713D6A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5717790, 32, NDPI_PROTOCOL_TOR },
-{ 0xD571D5BE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5724869, 32, NDPI_PROTOCOL_TOR },
-{ 0xD57293E0, 32, NDPI_PROTOCOL_TOR },
-{ 0xD572966F, 32, NDPI_PROTOCOL_TOR },
-{ 0xD572E864, 32, NDPI_PROTOCOL_TOR },
-{ 0xD57F85A7, 32, NDPI_PROTOCOL_TOR },
-{ 0xD57F921B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD585639C, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5856D29, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5856DA5, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5857B97, 32, NDPI_PROTOCOL_TOR },
-{ 0xD58845ED, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5884715, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5884B2A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5885261, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5885674, 32, NDPI_PROTOCOL_TOR },
-{ 0xD58857F5, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5885A9B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5885CA9, 32, NDPI_PROTOCOL_TOR },
-{ 0xD58A653C, 32, NDPI_PROTOCOL_TOR },
-{ 0xD58A66D1, 32, NDPI_PROTOCOL_TOR },
-{ 0xD58A6E58, 32, NDPI_PROTOCOL_TOR },
-{ 0xD58A71E8, 32, NDPI_PROTOCOL_TOR },
-{ 0xD58D8818, 32, NDPI_PROTOCOL_TOR },
-{ 0xD58D8D93, 32, NDPI_PROTOCOL_TOR },
-{ 0xD58D95E3, 32, NDPI_PROTOCOL_TOR },
-{ 0xD58D9EED, 32, NDPI_PROTOCOL_TOR },
-{ 0xD58E2E79, 32, NDPI_PROTOCOL_TOR },
-{ 0xD58F7A02, 32, NDPI_PROTOCOL_TOR },
-{ 0xD59B0490, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5A3482F, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5A348A2, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5A54610, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5A54F22, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5A54FF3, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5A55106, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5A5551E, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5A55546, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5A555F9, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5AFD83B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5B39EF1, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5B73821, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5B7388C, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5B9E355, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5BA07E8, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5BB54BE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5BB6FFE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5BC77C9, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5C489E3, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5C5167C, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5C52469, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5D0BCCB, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5D3FC58, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5DE7461, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5E3FAF5, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5EFC519, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5EFD329, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5EFD414, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5EFD6AF, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5EFD8DE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5EFD912, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5EFDA14, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5EFDA93, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5EFF9DB, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5F05E3A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5F06C19, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5F53D3D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5FBBB37, 32, NDPI_PROTOCOL_TOR },
-{ 0xD5FBC7AE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD80CC652, 32, NDPI_PROTOCOL_TOR },
-{ 0xD80CC653, 32, NDPI_PROTOCOL_TOR },
-{ 0xD80F0122, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8116382, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8116390, 32, NDPI_PROTOCOL_TOR },
-{ 0xD811654F, 32, NDPI_PROTOCOL_TOR },
-{ 0xD81169CB, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8116EE7, 32, NDPI_PROTOCOL_TOR },
-{ 0xD818AEF5, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8425592, 32, NDPI_PROTOCOL_TOR },
-{ 0xD873031A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD873063A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD892E107, 32, NDPI_PROTOCOL_TOR },
-{ 0xD89A71F4, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8A13759, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8BAC1C9, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8BD9264, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8BD9575, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8BD9666, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8BD9718, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8C3851B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8DA860C, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8DAD8C2, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8DD24F4, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8E6E69C, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8E6E6F7, 32, NDPI_PROTOCOL_TOR },
-{ 0xD8F455D3, 32, NDPI_PROTOCOL_TOR },
-{ 0xD90833AD, 32, NDPI_PROTOCOL_TOR },
-{ 0xD90B39E2, 32, NDPI_PROTOCOL_TOR },
-{ 0xD90B7727, 32, NDPI_PROTOCOL_TOR },
-{ 0xD90CC7BE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD90CC7D1, 32, NDPI_PROTOCOL_TOR },
-{ 0xD90CCB2E, 32, NDPI_PROTOCOL_TOR },
-{ 0xD90CCC59, 32, NDPI_PROTOCOL_TOR },
-{ 0xD90CCC68, 32, NDPI_PROTOCOL_TOR },
-{ 0xD90CCC93, 32, NDPI_PROTOCOL_TOR },
-{ 0xD90CD075, 32, NDPI_PROTOCOL_TOR },
-{ 0xD90D4A29, 32, NDPI_PROTOCOL_TOR },
-{ 0xD90DC505, 32, NDPI_PROTOCOL_TOR },
-{ 0xD910B514, 32, NDPI_PROTOCOL_TOR },
-{ 0xD910B614, 32, NDPI_PROTOCOL_TOR },
-{ 0xD91318D8, 32, NDPI_PROTOCOL_TOR },
-{ 0xD91318E9, 32, NDPI_PROTOCOL_TOR },
-{ 0xD917011B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD91A1259, 32, NDPI_PROTOCOL_TOR },
-{ 0xD91BB67D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD92287E1, 32, NDPI_PROTOCOL_TOR },
-{ 0xD92287E7, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9251373, 32, NDPI_PROTOCOL_TOR },
-{ 0xD92855C2, 32, NDPI_PROTOCOL_TOR },
-{ 0xD928FEB1, 32, NDPI_PROTOCOL_TOR },
-{ 0xD943154D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD945FE58, 32, NDPI_PROTOCOL_TOR },
-{ 0xD946BD91, 32, NDPI_PROTOCOL_TOR },
-{ 0xD946BF0D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD948141E, 32, NDPI_PROTOCOL_TOR },
-{ 0xD94FB23C, 32, NDPI_PROTOCOL_TOR },
-{ 0xD94FB532, 32, NDPI_PROTOCOL_TOR },
-{ 0xD94FB538, 32, NDPI_PROTOCOL_TOR },
-{ 0xD94FB65F, 32, NDPI_PROTOCOL_TOR },
-{ 0xD94FBE19, 32, NDPI_PROTOCOL_TOR },
-{ 0xD954FBD5, 32, NDPI_PROTOCOL_TOR },
-{ 0xD95597B5, 32, NDPI_PROTOCOL_TOR },
-{ 0xD95EEEF5, 32, NDPI_PROTOCOL_TOR },
-{ 0xD970833A, 32, NDPI_PROTOCOL_TOR },
-{ 0xD97293F5, 32, NDPI_PROTOCOL_TOR },
-{ 0xD972DA12, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9730A85, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9730A86, 32, NDPI_PROTOCOL_TOR },
-{ 0xD97729D5, 32, NDPI_PROTOCOL_TOR },
-{ 0xD97BFEEE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD98090A0, 32, NDPI_PROTOCOL_TOR },
-{ 0xD991C735, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9924B24, 32, NDPI_PROTOCOL_TOR },
-{ 0xD99454B4, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9A0122D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9A013EC, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9A05C43, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9A07E32, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9A083B0, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9A276FE, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9AACD71, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9ACB392, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9ACBE13, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9ACBE13, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9ACFFE5, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9AD4A5B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9BCEA09, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9BDC5F4, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9BF49C3, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9BF6813, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9BFF274, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9C3AA91, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9C504DC, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9C553A2, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9C556AD, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9C55B91, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9C55B91, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9C55BA4, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9C5B52D, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9D075D3, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9D11257, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9D27158, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9D28C5F, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9D2A52B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9D39FA1, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9E40B41, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9E46874, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9E76B72, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9E94FC8, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9E94FC8, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9EA6B0B, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9F595B7, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9F63320, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9F76904, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9F7DE9C, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9F7E61F, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9F9203E, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9FBD765, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9FD96F6, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9FD9F48, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9FE3DAC, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9FE47CC, 32, NDPI_PROTOCOL_TOR },
-{ 0xD9FEB60F, 32, NDPI_PROTOCOL_TOR },
-{ 0xDAA1200E, 32, NDPI_PROTOCOL_TOR },
-{ 0xDAE7EBDB, 32, NDPI_PROTOCOL_TOR },
-{ 0xDAE868DC, 32, NDPI_PROTOCOL_TOR },
-{ 0xDAE868DD, 32, NDPI_PROTOCOL_TOR },
-{ 0xDAFAF536, 32, NDPI_PROTOCOL_TOR },
-{ 0xDB4F067A, 32, NDPI_PROTOCOL_TOR },
-{ 0xDB59C4CA, 32, NDPI_PROTOCOL_TOR },
-{ 0xDB6DCB40, 32, NDPI_PROTOCOL_TOR },
-{ 0xDB75CE2E, 32, NDPI_PROTOCOL_TOR },
-{ 0xDB791014, 32, NDPI_PROTOCOL_TOR },
-{ 0xDBA189F3, 32, NDPI_PROTOCOL_TOR },
-{ 0xDBA4C22E, 32, NDPI_PROTOCOL_TOR },
-{ 0xDBAD0E54, 32, NDPI_PROTOCOL_TOR },
-{ 0xDC39428E, 32, NDPI_PROTOCOL_TOR },
-{ 0xDC87FE3F, 32, NDPI_PROTOCOL_TOR },
-{ 0xDC898752, 32, NDPI_PROTOCOL_TOR },
-{ 0xDC9387F3, 32, NDPI_PROTOCOL_TOR },
-{ 0xDC9DC3F3, 32, NDPI_PROTOCOL_TOR },
-{ 0xDCE97BAC, 32, NDPI_PROTOCOL_TOR },
-{ 0xDCE9AF0E, 32, NDPI_PROTOCOL_TOR },
-{ 0xDCFD1CE1, 32, NDPI_PROTOCOL_TOR },
-{ 0xDCFF85C3, 32, NDPI_PROTOCOL_TOR },
-{ 0xDD7132CB, 32, NDPI_PROTOCOL_TOR },
-{ 0xDD9E95C5, 32, NDPI_PROTOCOL_TOR },
-{ 0xDE047C92, 32, NDPI_PROTOCOL_TOR },
-{ 0xDE0C7C9A, 32, NDPI_PROTOCOL_TOR },
-{ 0xDE7294F8, 32, NDPI_PROTOCOL_TOR },
-{ 0xDEEB761A, 32, NDPI_PROTOCOL_TOR },
-{ 0xDF1273E5, 32, NDPI_PROTOCOL_TOR },
-{ 0xDF85F4CA, 32, NDPI_PROTOCOL_TOR },
-{ 0xDFE57B41, 32, NDPI_PROTOCOL_TOR },
+ { 0xC64A3ACE, 32, NDPI_PROTOCOL_TOR },
+ { 0xC64A3C1A, 32, NDPI_PROTOCOL_TOR },
+ { 0xC64A3E6B, 32, NDPI_PROTOCOL_TOR },
+ { 0xC654A10C, 32, NDPI_PROTOCOL_TOR },
+ { 0xC654F0E5, 32, NDPI_PROTOCOL_TOR },
+ { 0xC654F96A, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6609B03, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6623103, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6623495, 32, NDPI_PROTOCOL_TOR },
+ { 0xC662358D, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6649014, 32, NDPI_PROTOCOL_TOR },
+ { 0xC664904B, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6649470, 32, NDPI_PROTOCOL_TOR },
+ { 0xC664947B, 32, NDPI_PROTOCOL_TOR },
+ { 0xC664959F, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6649B36, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6649BC2, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6697D25, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6697DB2, 32, NDPI_PROTOCOL_TOR },
+ { 0xC669D0A4, 32, NDPI_PROTOCOL_TOR },
+ { 0xC669DF92, 32, NDPI_PROTOCOL_TOR },
+ { 0xC68F88ED, 32, NDPI_PROTOCOL_TOR },
+ { 0xC693141D, 32, NDPI_PROTOCOL_TOR },
+ { 0xC693174D, 32, NDPI_PROTOCOL_TOR },
+ { 0xC69451A7, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6A7895C, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6A78F95, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6B49609, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6C74845, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6C76BDC, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6C77079, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6C77231, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6C775A4, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6C77A11, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6CD713B, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6D36392, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6D37ABF, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6D37B5C, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6D37CD6, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6D37DF2, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6D37E53, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6F464C8, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6F46963, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6F53294, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6F53C28, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6F53C93, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6F53CC2, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6F53E68, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6F53FE4, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6FC9957, 32, NDPI_PROTOCOL_TOR },
+ { 0xC6FC996B, 32, NDPI_PROTOCOL_TOR },
+ { 0xC710BF3A, 32, NDPI_PROTOCOL_TOR },
+ { 0xC71355FC, 32, NDPI_PROTOCOL_TOR },
+ { 0xC713D5B0, 32, NDPI_PROTOCOL_TOR },
+ { 0xC726567A, 32, NDPI_PROTOCOL_TOR },
+ { 0xC73A530A, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7579AFF, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7737387, 32, NDPI_PROTOCOL_TOR },
+ { 0xC773CDF1, 32, NDPI_PROTOCOL_TOR },
+ { 0xC773CDF2, 32, NDPI_PROTOCOL_TOR },
+ { 0xC773CDF3, 32, NDPI_PROTOCOL_TOR },
+ { 0xC773CDF5, 32, NDPI_PROTOCOL_TOR },
+ { 0xC773CDF8, 32, NDPI_PROTOCOL_TOR },
+ { 0xC77FE240, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7A78088, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7A7A1C3, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7A7C679, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7BC649A, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7BCC235, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7C173D1, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7C1FD31, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7C3C116, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7C3F83C, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7C3F890, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7C3F9D4, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7CA151D, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7FEEE2C, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7FEEE34, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7FEEE34, 32, NDPI_PROTOCOL_TOR },
+ { 0xC7FFDF58, 32, NDPI_PROTOCOL_TOR },
+ { 0xC811D20C, 32, NDPI_PROTOCOL_TOR },
+ { 0xC8628B17, 32, NDPI_PROTOCOL_TOR },
+ { 0xC86CEC4B, 32, NDPI_PROTOCOL_TOR },
+ { 0xC8B55A41, 32, NDPI_PROTOCOL_TOR },
+ { 0xC8DFD4D2, 32, NDPI_PROTOCOL_TOR },
+ { 0xC906897F, 32, NDPI_PROTOCOL_TOR },
+ { 0xC91BEB7F, 32, NDPI_PROTOCOL_TOR },
+ { 0xC9AA12B7, 32, NDPI_PROTOCOL_TOR },
+ { 0xC9D46CB8, 32, NDPI_PROTOCOL_TOR },
+ { 0xC9DA72A2, 32, NDPI_PROTOCOL_TOR },
+ { 0xCA07F408, 32, NDPI_PROTOCOL_TOR },
+ { 0xCA3C4220, 32, NDPI_PROTOCOL_TOR },
+ { 0xCA4A2C0F, 32, NDPI_PROTOCOL_TOR },
+ { 0xCA536AB3, 32, NDPI_PROTOCOL_TOR },
+ { 0xCA55E922, 32, NDPI_PROTOCOL_TOR },
+ { 0xCAAB9C54, 32, NDPI_PROTOCOL_TOR },
+ { 0xCAAC1039, 32, NDPI_PROTOCOL_TOR },
+ { 0xCB56CAA7, 32, NDPI_PROTOCOL_TOR },
+ { 0xCB56CD2E, 32, NDPI_PROTOCOL_TOR },
+ { 0xCB6DE90F, 32, NDPI_PROTOCOL_TOR },
+ { 0xCB71AC95, 32, NDPI_PROTOCOL_TOR },
+ { 0xCB71AC98, 32, NDPI_PROTOCOL_TOR },
+ { 0xCB71AC9A, 32, NDPI_PROTOCOL_TOR },
+ { 0xCB7B3001, 32, NDPI_PROTOCOL_TOR },
+ { 0xCB7E7B52, 32, NDPI_PROTOCOL_TOR },
+ { 0xCB8A63DA, 32, NDPI_PROTOCOL_TOR },
+ { 0xCB98C302, 32, NDPI_PROTOCOL_TOR },
+ { 0xCB99CEA6, 32, NDPI_PROTOCOL_TOR },
+ { 0xCBA16711, 32, NDPI_PROTOCOL_TOR },
+ { 0xCBB2850B, 32, NDPI_PROTOCOL_TOR },
+ { 0xCBCEEDC5, 32, NDPI_PROTOCOL_TOR },
+ { 0xCBD9AD92, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC089C8E, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC093747, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC0B3283, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC1025F4, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC11382A, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC11382A, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC1B382D, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC1B382D, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC1B3ACA, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC2D1E7A, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC2D1E7D, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC2DB6E2, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC534638, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC55BF1E, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC59C10A, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC7C5382, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC7C5382, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC7C5386, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC7C5386, 32, NDPI_PROTOCOL_TOR },
+ { 0xCC91512D, 32, NDPI_PROTOCOL_TOR },
+ { 0xCCC21D04, 32, NDPI_PROTOCOL_TOR },
+ { 0xCCF67A48, 32, NDPI_PROTOCOL_TOR },
+ { 0xCDA85485, 32, NDPI_PROTOCOL_TOR },
+ { 0xCDB973EA, 32, NDPI_PROTOCOL_TOR },
+ { 0xCDB97A98, 32, NDPI_PROTOCOL_TOR },
+ { 0xCE2876E5, 32, NDPI_PROTOCOL_TOR },
+ { 0xCE374A00, 32, NDPI_PROTOCOL_TOR },
+ { 0xCE374A01, 32, NDPI_PROTOCOL_TOR },
+ { 0xCE48C698, 32, NDPI_PROTOCOL_TOR },
+ { 0xCEAE7054, 32, NDPI_PROTOCOL_TOR },
+ { 0xCEBE9906, 32, NDPI_PROTOCOL_TOR },
+ { 0xCF268613, 32, NDPI_PROTOCOL_TOR },
+ { 0xCF6CDABA, 32, NDPI_PROTOCOL_TOR },
+ { 0xCF9E0F72, 32, NDPI_PROTOCOL_TOR },
+ { 0xCFACD159, 32, NDPI_PROTOCOL_TOR },
+ { 0xCFBD72D7, 32, NDPI_PROTOCOL_TOR },
+ { 0xCFC046FA, 32, NDPI_PROTOCOL_TOR },
+ { 0xCFC9DFC3, 32, NDPI_PROTOCOL_TOR },
+ { 0xCFC9DFC4, 32, NDPI_PROTOCOL_TOR },
+ { 0xCFC9DFC5, 32, NDPI_PROTOCOL_TOR },
+ { 0xCFE54199, 32, NDPI_PROTOCOL_TOR },
+ { 0xCFF44B8E, 32, NDPI_PROTOCOL_TOR },
+ { 0xCFF4526D, 32, NDPI_PROTOCOL_TOR },
+ { 0xCFF4526D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD041B5BD, 32, NDPI_PROTOCOL_TOR },
+ { 0xD0421E1B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD049CCE4, 32, NDPI_PROTOCOL_TOR },
+ { 0xD04FD17C, 32, NDPI_PROTOCOL_TOR },
+ { 0xD04FD34D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD0509A27, 32, NDPI_PROTOCOL_TOR },
+ { 0xD0526625, 32, NDPI_PROTOCOL_TOR },
+ { 0xD053DF22, 32, NDPI_PROTOCOL_TOR },
+ { 0xD053DFE5, 32, NDPI_PROTOCOL_TOR },
+ { 0xD0549BCD, 32, NDPI_PROTOCOL_TOR },
+ { 0xD0549BF3, 32, NDPI_PROTOCOL_TOR },
+ { 0xD0549BF7, 32, NDPI_PROTOCOL_TOR },
+ { 0xD056FB58, 32, NDPI_PROTOCOL_TOR },
+ { 0xD05B798E, 32, NDPI_PROTOCOL_TOR },
+ { 0xD065161A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD06F2350, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1063507, 32, NDPI_PROTOCOL_TOR },
+ { 0xD106441D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD10685EE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD111BF75, 32, NDPI_PROTOCOL_TOR },
+ { 0xD12C72B2, 32, NDPI_PROTOCOL_TOR },
+ { 0xD133A319, 32, NDPI_PROTOCOL_TOR },
+ { 0xD133BFBE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1709F3C, 32, NDPI_PROTOCOL_TOR },
+ { 0xD177BC25, 32, NDPI_PROTOCOL_TOR },
+ { 0xD177BC25, 32, NDPI_PROTOCOL_TOR },
+ { 0xD177BC26, 32, NDPI_PROTOCOL_TOR },
+ { 0xD177BC26, 32, NDPI_PROTOCOL_TOR },
+ { 0xD177BC27, 32, NDPI_PROTOCOL_TOR },
+ { 0xD177BC27, 32, NDPI_PROTOCOL_TOR },
+ { 0xD177BC28, 32, NDPI_PROTOCOL_TOR },
+ { 0xD177BC28, 32, NDPI_PROTOCOL_TOR },
+ { 0xD177BC29, 32, NDPI_PROTOCOL_TOR },
+ { 0xD177BC29, 32, NDPI_PROTOCOL_TOR },
+ { 0xD177BC2A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD177BC2A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD17BA242, 32, NDPI_PROTOCOL_TOR },
+ { 0xD17E47E9, 32, NDPI_PROTOCOL_TOR },
+ { 0xD17E4854, 32, NDPI_PROTOCOL_TOR },
+ { 0xD17E6907, 32, NDPI_PROTOCOL_TOR },
+ { 0xD18D23E8, 32, NDPI_PROTOCOL_TOR },
+ { 0xD18D242A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD18D2ECC, 32, NDPI_PROTOCOL_TOR },
+ { 0xD18D328A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD18D34EF, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1942E81, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1942E82, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1942E82, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1945576, 32, NDPI_PROTOCOL_TOR },
+ { 0xD19F8A13, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1A221CF, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1B5E383, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1D01A29, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1D04F05, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1D2D215, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1DE08C4, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1DE1EF1, 32, NDPI_PROTOCOL_TOR },
+ { 0xD1FA02FE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD217021E, 32, NDPI_PROTOCOL_TOR },
+ { 0xD23625E2, 32, NDPI_PROTOCOL_TOR },
+ { 0xD2A6194E, 32, NDPI_PROTOCOL_TOR },
+ { 0xD2C33DFC, 32, NDPI_PROTOCOL_TOR },
+ { 0xD2D37ACC, 32, NDPI_PROTOCOL_TOR },
+ { 0xD2FBD989, 32, NDPI_PROTOCOL_TOR },
+ { 0xD31AF36D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD31C8EEF, 32, NDPI_PROTOCOL_TOR },
+ { 0xD31FC4F8, 32, NDPI_PROTOCOL_TOR },
+ { 0xD3CA291F, 32, NDPI_PROTOCOL_TOR },
+ { 0xD407C247, 32, NDPI_PROTOCOL_TOR },
+ { 0xD407DC06, 32, NDPI_PROTOCOL_TOR },
+ { 0xD40A5604, 32, NDPI_PROTOCOL_TOR },
+ { 0xD40CCB27, 32, NDPI_PROTOCOL_TOR },
+ { 0xD41010B8, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4106821, 32, NDPI_PROTOCOL_TOR },
+ { 0xD411664D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD41824CD, 32, NDPI_PROTOCOL_TOR },
+ { 0xD41890BC, 32, NDPI_PROTOCOL_TOR },
+ { 0xD421F581, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FE209, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FE3AC, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FE3AC, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FE445, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FE459, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FE5D1, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FE5D1, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FE745, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FE784, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FE80D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FE8F6, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FE97E, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FEA54, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FEB57, 32, NDPI_PROTOCOL_TOR },
+ { 0xD42FECDB, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4305435, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4339C5A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4339C8F, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4339C9E, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4339C9E, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4339F4E, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4339F72, 32, NDPI_PROTOCOL_TOR },
+ { 0xD438D698, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4402044, 32, NDPI_PROTOCOL_TOR },
+ { 0xD447EECB, 32, NDPI_PROTOCOL_TOR },
+ { 0xD447F805, 32, NDPI_PROTOCOL_TOR },
+ { 0xD447F945, 32, NDPI_PROTOCOL_TOR },
+ { 0xD447F945, 32, NDPI_PROTOCOL_TOR },
+ { 0xD447F981, 32, NDPI_PROTOCOL_TOR },
+ { 0xD447FC6D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD447FC74, 32, NDPI_PROTOCOL_TOR },
+ { 0xD447FDE2, 32, NDPI_PROTOCOL_TOR },
+ { 0xD44AFEF3, 32, NDPI_PROTOCOL_TOR },
+ { 0xD44DE210, 32, NDPI_PROTOCOL_TOR },
+ { 0xD44DE2F5, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4532F5B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD45394CD, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4539A21, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4539A21, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4539E05, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4539E14, 32, NDPI_PROTOCOL_TOR },
+ { 0xD453A298, 32, NDPI_PROTOCOL_TOR },
+ { 0xD453A7AF, 32, NDPI_PROTOCOL_TOR },
+ { 0xD453AAFC, 32, NDPI_PROTOCOL_TOR },
+ { 0xD453B07A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD453B07D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD453BECB, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4554F44, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4554F47, 32, NDPI_PROTOCOL_TOR },
+ { 0xD45CDB0F, 32, NDPI_PROTOCOL_TOR },
+ { 0xD467903A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD46A09CE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD46B9591, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4722F34, 32, NDPI_PROTOCOL_TOR },
+ { 0xD472303A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4726D21, 32, NDPI_PROTOCOL_TOR },
+ { 0xD472FA12, 32, NDPI_PROTOCOL_TOR },
+ { 0xD472FE5B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4758F4A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD475B46B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4763E03, 32, NDPI_PROTOCOL_TOR },
+ { 0xD47CB453, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4810454, 32, NDPI_PROTOCOL_TOR },
+ { 0xD48110B6, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4811AF6, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4812A09, 32, NDPI_PROTOCOL_TOR },
+ { 0xD48132F6, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4813431, 32, NDPI_PROTOCOL_TOR },
+ { 0xD495D15B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD49F5B16, 32, NDPI_PROTOCOL_TOR },
+ { 0xD49F70C4, 32, NDPI_PROTOCOL_TOR },
+ { 0xD49F8F53, 32, NDPI_PROTOCOL_TOR },
+ { 0xD49FB1C6, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4A4EF79, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4B733DE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4BA59A2, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4BBC8AA, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4C04A64, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4C04A65, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4C63318, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4C6C924, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4C6E391, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4E054E3, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4E059FD, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4E326F7, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4E38BC3, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4E3F876, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4E81D65, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4FAA0B2, 32, NDPI_PROTOCOL_TOR },
+ { 0xD4FAA0BB, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5095DAE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD52C58EA, 32, NDPI_PROTOCOL_TOR },
+ { 0xD52F2397, 32, NDPI_PROTOCOL_TOR },
+ { 0xD52F4B43, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5317328, 32, NDPI_PROTOCOL_TOR },
+ { 0xD53D957D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD53D957E, 32, NDPI_PROTOCOL_TOR },
+ { 0xD540E2E6, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5430E91, 32, NDPI_PROTOCOL_TOR },
+ { 0xD54951D2, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5497087, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5582A31, 32, NDPI_PROTOCOL_TOR },
+ { 0xD55F1536, 32, NDPI_PROTOCOL_TOR },
+ { 0xD55F153B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD56B4D04, 32, NDPI_PROTOCOL_TOR },
+ { 0xD56C6947, 32, NDPI_PROTOCOL_TOR },
+ { 0xD56C69FD, 32, NDPI_PROTOCOL_TOR },
+ { 0xD56CD7EE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD56FF097, 32, NDPI_PROTOCOL_TOR },
+ { 0xD57086D3, 32, NDPI_PROTOCOL_TOR },
+ { 0xD570C73F, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5713D6A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5717790, 32, NDPI_PROTOCOL_TOR },
+ { 0xD571D5BE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5724869, 32, NDPI_PROTOCOL_TOR },
+ { 0xD57293E0, 32, NDPI_PROTOCOL_TOR },
+ { 0xD572966F, 32, NDPI_PROTOCOL_TOR },
+ { 0xD572E864, 32, NDPI_PROTOCOL_TOR },
+ { 0xD57F85A7, 32, NDPI_PROTOCOL_TOR },
+ { 0xD57F921B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD585639C, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5856D29, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5856DA5, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5857B97, 32, NDPI_PROTOCOL_TOR },
+ { 0xD58845ED, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5884715, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5884B2A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5885261, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5885674, 32, NDPI_PROTOCOL_TOR },
+ { 0xD58857F5, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5885A9B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5885CA9, 32, NDPI_PROTOCOL_TOR },
+ { 0xD58A653C, 32, NDPI_PROTOCOL_TOR },
+ { 0xD58A66D1, 32, NDPI_PROTOCOL_TOR },
+ { 0xD58A6E58, 32, NDPI_PROTOCOL_TOR },
+ { 0xD58A71E8, 32, NDPI_PROTOCOL_TOR },
+ { 0xD58D8818, 32, NDPI_PROTOCOL_TOR },
+ { 0xD58D8D93, 32, NDPI_PROTOCOL_TOR },
+ { 0xD58D95E3, 32, NDPI_PROTOCOL_TOR },
+ { 0xD58D9EED, 32, NDPI_PROTOCOL_TOR },
+ { 0xD58E2E79, 32, NDPI_PROTOCOL_TOR },
+ { 0xD58F7A02, 32, NDPI_PROTOCOL_TOR },
+ { 0xD59B0490, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5A3482F, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5A348A2, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5A54610, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5A54F22, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5A54FF3, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5A55106, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5A5551E, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5A55546, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5A555F9, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5AFD83B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5B39EF1, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5B73821, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5B7388C, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5B9E355, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5BA07E8, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5BB54BE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5BB6FFE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5BC77C9, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5C489E3, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5C5167C, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5C52469, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5D0BCCB, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5D3FC58, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5DE7461, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5E3FAF5, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5EFC519, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5EFD329, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5EFD414, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5EFD6AF, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5EFD8DE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5EFD912, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5EFDA14, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5EFDA93, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5EFF9DB, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5F05E3A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5F06C19, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5F53D3D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5FBBB37, 32, NDPI_PROTOCOL_TOR },
+ { 0xD5FBC7AE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD80CC652, 32, NDPI_PROTOCOL_TOR },
+ { 0xD80CC653, 32, NDPI_PROTOCOL_TOR },
+ { 0xD80F0122, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8116382, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8116390, 32, NDPI_PROTOCOL_TOR },
+ { 0xD811654F, 32, NDPI_PROTOCOL_TOR },
+ { 0xD81169CB, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8116EE7, 32, NDPI_PROTOCOL_TOR },
+ { 0xD818AEF5, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8425592, 32, NDPI_PROTOCOL_TOR },
+ { 0xD873031A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD873063A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD892E107, 32, NDPI_PROTOCOL_TOR },
+ { 0xD89A71F4, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8A13759, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8BAC1C9, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8BD9264, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8BD9575, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8BD9666, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8BD9718, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8C3851B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8DA860C, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8DAD8C2, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8DD24F4, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8E6E69C, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8E6E6F7, 32, NDPI_PROTOCOL_TOR },
+ { 0xD8F455D3, 32, NDPI_PROTOCOL_TOR },
+ { 0xD90833AD, 32, NDPI_PROTOCOL_TOR },
+ { 0xD90B39E2, 32, NDPI_PROTOCOL_TOR },
+ { 0xD90B7727, 32, NDPI_PROTOCOL_TOR },
+ { 0xD90CC7BE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD90CC7D1, 32, NDPI_PROTOCOL_TOR },
+ { 0xD90CCB2E, 32, NDPI_PROTOCOL_TOR },
+ { 0xD90CCC59, 32, NDPI_PROTOCOL_TOR },
+ { 0xD90CCC68, 32, NDPI_PROTOCOL_TOR },
+ { 0xD90CCC93, 32, NDPI_PROTOCOL_TOR },
+ { 0xD90CD075, 32, NDPI_PROTOCOL_TOR },
+ { 0xD90D4A29, 32, NDPI_PROTOCOL_TOR },
+ { 0xD90DC505, 32, NDPI_PROTOCOL_TOR },
+ { 0xD910B514, 32, NDPI_PROTOCOL_TOR },
+ { 0xD910B614, 32, NDPI_PROTOCOL_TOR },
+ { 0xD91318D8, 32, NDPI_PROTOCOL_TOR },
+ { 0xD91318E9, 32, NDPI_PROTOCOL_TOR },
+ { 0xD917011B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD91A1259, 32, NDPI_PROTOCOL_TOR },
+ { 0xD91BB67D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD92287E1, 32, NDPI_PROTOCOL_TOR },
+ { 0xD92287E7, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9251373, 32, NDPI_PROTOCOL_TOR },
+ { 0xD92855C2, 32, NDPI_PROTOCOL_TOR },
+ { 0xD928FEB1, 32, NDPI_PROTOCOL_TOR },
+ { 0xD943154D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD945FE58, 32, NDPI_PROTOCOL_TOR },
+ { 0xD946BD91, 32, NDPI_PROTOCOL_TOR },
+ { 0xD946BF0D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD948141E, 32, NDPI_PROTOCOL_TOR },
+ { 0xD94FB23C, 32, NDPI_PROTOCOL_TOR },
+ { 0xD94FB532, 32, NDPI_PROTOCOL_TOR },
+ { 0xD94FB538, 32, NDPI_PROTOCOL_TOR },
+ { 0xD94FB65F, 32, NDPI_PROTOCOL_TOR },
+ { 0xD94FBE19, 32, NDPI_PROTOCOL_TOR },
+ { 0xD954FBD5, 32, NDPI_PROTOCOL_TOR },
+ { 0xD95597B5, 32, NDPI_PROTOCOL_TOR },
+ { 0xD95EEEF5, 32, NDPI_PROTOCOL_TOR },
+ { 0xD970833A, 32, NDPI_PROTOCOL_TOR },
+ { 0xD97293F5, 32, NDPI_PROTOCOL_TOR },
+ { 0xD972DA12, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9730A85, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9730A86, 32, NDPI_PROTOCOL_TOR },
+ { 0xD97729D5, 32, NDPI_PROTOCOL_TOR },
+ { 0xD97BFEEE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD98090A0, 32, NDPI_PROTOCOL_TOR },
+ { 0xD991C735, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9924B24, 32, NDPI_PROTOCOL_TOR },
+ { 0xD99454B4, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9A0122D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9A013EC, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9A05C43, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9A07E32, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9A083B0, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9A276FE, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9AACD71, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9ACB392, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9ACBE13, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9ACBE13, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9ACFFE5, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9AD4A5B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9BCEA09, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9BDC5F4, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9BF49C3, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9BF6813, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9BFF274, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9C3AA91, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9C504DC, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9C553A2, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9C556AD, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9C55B91, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9C55B91, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9C55BA4, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9C5B52D, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9D075D3, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9D11257, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9D27158, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9D28C5F, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9D2A52B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9D39FA1, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9E40B41, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9E46874, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9E76B72, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9E94FC8, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9E94FC8, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9EA6B0B, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9F595B7, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9F63320, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9F76904, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9F7DE9C, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9F7E61F, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9F9203E, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9FBD765, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9FD96F6, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9FD9F48, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9FE3DAC, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9FE47CC, 32, NDPI_PROTOCOL_TOR },
+ { 0xD9FEB60F, 32, NDPI_PROTOCOL_TOR },
+ { 0xDAA1200E, 32, NDPI_PROTOCOL_TOR },
+ { 0xDAE7EBDB, 32, NDPI_PROTOCOL_TOR },
+ { 0xDAE868DC, 32, NDPI_PROTOCOL_TOR },
+ { 0xDAE868DD, 32, NDPI_PROTOCOL_TOR },
+ { 0xDAFAF536, 32, NDPI_PROTOCOL_TOR },
+ { 0xDB4F067A, 32, NDPI_PROTOCOL_TOR },
+ { 0xDB59C4CA, 32, NDPI_PROTOCOL_TOR },
+ { 0xDB6DCB40, 32, NDPI_PROTOCOL_TOR },
+ { 0xDB75CE2E, 32, NDPI_PROTOCOL_TOR },
+ { 0xDB791014, 32, NDPI_PROTOCOL_TOR },
+ { 0xDBA189F3, 32, NDPI_PROTOCOL_TOR },
+ { 0xDBA4C22E, 32, NDPI_PROTOCOL_TOR },
+ { 0xDBAD0E54, 32, NDPI_PROTOCOL_TOR },
+ { 0xDC39428E, 32, NDPI_PROTOCOL_TOR },
+ { 0xDC87FE3F, 32, NDPI_PROTOCOL_TOR },
+ { 0xDC898752, 32, NDPI_PROTOCOL_TOR },
+ { 0xDC9387F3, 32, NDPI_PROTOCOL_TOR },
+ { 0xDC9DC3F3, 32, NDPI_PROTOCOL_TOR },
+ { 0xDCE97BAC, 32, NDPI_PROTOCOL_TOR },
+ { 0xDCE9AF0E, 32, NDPI_PROTOCOL_TOR },
+ { 0xDCFD1CE1, 32, NDPI_PROTOCOL_TOR },
+ { 0xDCFF85C3, 32, NDPI_PROTOCOL_TOR },
+ { 0xDD7132CB, 32, NDPI_PROTOCOL_TOR },
+ { 0xDD9E95C5, 32, NDPI_PROTOCOL_TOR },
+ { 0xDE047C92, 32, NDPI_PROTOCOL_TOR },
+ { 0xDE0C7C9A, 32, NDPI_PROTOCOL_TOR },
+ { 0xDE7294F8, 32, NDPI_PROTOCOL_TOR },
+ { 0xDEEB761A, 32, NDPI_PROTOCOL_TOR },
+ { 0xDF1273E5, 32, NDPI_PROTOCOL_TOR },
+ { 0xDF85F4CA, 32, NDPI_PROTOCOL_TOR },
+ { 0xDFE57B41, 32, NDPI_PROTOCOL_TOR },
-/*
- Twitch ingestion servers :
+ /*
+ Twitch ingestion servers :
https://api.twitch.tv/kraken/ingests
- Edoardo Dominici edoaramis@gmail.com
-*/
-{ 0xB92ACC5D, 32, NDPI_SERVICE_TWITCH },
-{ 0xB92ACC92, 32, NDPI_SERVICE_TWITCH },
-{ 0xB92ACCA4, 32, NDPI_SERVICE_TWITCH },
-{ 0xB92ACCCD, 32, NDPI_SERVICE_TWITCH },
-{ 0xB92ACC30, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FE15, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FE19, 32, NDPI_SERVICE_TWITCH },
-{ 0xBCACD305, 32, NDPI_SERVICE_TWITCH },
-{ 0xC0104616, 32, NDPI_SERVICE_TWITCH },
-{ 0xC010461D, 32, NDPI_SERVICE_TWITCH },
-{ 0xC0104650, 32, NDPI_SERVICE_TWITCH },
-{ 0xC0104651, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FEA3, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FE87, 32, NDPI_SERVICE_TWITCH },
-{ 0xB92ACD85, 32, NDPI_SERVICE_TWITCH },
-{ 0xB92ACDA4, 32, NDPI_SERVICE_TWITCH },
-{ 0xC010419A, 32, NDPI_SERVICE_TWITCH },
-{ 0xC01041AD, 32, NDPI_SERVICE_TWITCH },
-{ 0xC0104172, 32, NDPI_SERVICE_TWITCH },
-{ 0xB92ACD68, 32, NDPI_SERVICE_TWITCH },
-{ 0xB92ACD55, 32, NDPI_SERVICE_TWITCH },
-{ 0xC0104219, 32, NDPI_SERVICE_TWITCH },
-{ 0xC010421A, 32, NDPI_SERVICE_TWITCH },
-{ 0xC010421B, 32, NDPI_SERVICE_TWITCH },
-{ 0xBCACD205, 32, NDPI_SERVICE_TWITCH },
-{ 0xBCACCB05, 32, NDPI_SERVICE_TWITCH },
-{ 0xC010413C, 32, NDPI_SERVICE_TWITCH },
-{ 0xC010413D, 32, NDPI_SERVICE_TWITCH },
-{ 0xC010413E, 32, NDPI_SERVICE_TWITCH },
-{ 0xBCACD105, 32, NDPI_SERVICE_TWITCH },
-{ 0xBCACD005, 32, NDPI_SERVICE_TWITCH },
-{ 0xBCACCA05, 32, NDPI_SERVICE_TWITCH },
-{ 0xB92ACD06, 32, NDPI_SERVICE_TWITCH },
-{ 0xB92ACD14, 32, NDPI_SERVICE_TWITCH },
-{ 0xB92ACCF3, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709F9C7, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709F9C9, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709F9CB, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FBA4, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FBA6, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FBAA, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FBB1, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FBE8, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FBE9, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FBEA, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FBEB, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FBFB, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FBFC, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FBFD, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FBFE, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FF4B, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709FF4C, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709F974, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709F976, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709F978, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709F97D, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709F985, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709F986, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709F987, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709F98C, 32, NDPI_SERVICE_TWITCH },
-{ 0xC709F9C5, 32, NDPI_SERVICE_TWITCH },
+ Edoardo Dominici edoaramis@gmail.com
+ */
+ { 0xB92ACC5D, 32, NDPI_SERVICE_TWITCH },
+ { 0xB92ACC92, 32, NDPI_SERVICE_TWITCH },
+ { 0xB92ACCA4, 32, NDPI_SERVICE_TWITCH },
+ { 0xB92ACCCD, 32, NDPI_SERVICE_TWITCH },
+ { 0xB92ACC30, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FE15, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FE19, 32, NDPI_SERVICE_TWITCH },
+ { 0xBCACD305, 32, NDPI_SERVICE_TWITCH },
+ { 0xC0104616, 32, NDPI_SERVICE_TWITCH },
+ { 0xC010461D, 32, NDPI_SERVICE_TWITCH },
+ { 0xC0104650, 32, NDPI_SERVICE_TWITCH },
+ { 0xC0104651, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FEA3, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FE87, 32, NDPI_SERVICE_TWITCH },
+ { 0xB92ACD85, 32, NDPI_SERVICE_TWITCH },
+ { 0xB92ACDA4, 32, NDPI_SERVICE_TWITCH },
+ { 0xC010419A, 32, NDPI_SERVICE_TWITCH },
+ { 0xC01041AD, 32, NDPI_SERVICE_TWITCH },
+ { 0xC0104172, 32, NDPI_SERVICE_TWITCH },
+ { 0xB92ACD68, 32, NDPI_SERVICE_TWITCH },
+ { 0xB92ACD55, 32, NDPI_SERVICE_TWITCH },
+ { 0xC0104219, 32, NDPI_SERVICE_TWITCH },
+ { 0xC010421A, 32, NDPI_SERVICE_TWITCH },
+ { 0xC010421B, 32, NDPI_SERVICE_TWITCH },
+ { 0xBCACD205, 32, NDPI_SERVICE_TWITCH },
+ { 0xBCACCB05, 32, NDPI_SERVICE_TWITCH },
+ { 0xC010413C, 32, NDPI_SERVICE_TWITCH },
+ { 0xC010413D, 32, NDPI_SERVICE_TWITCH },
+ { 0xC010413E, 32, NDPI_SERVICE_TWITCH },
+ { 0xBCACD105, 32, NDPI_SERVICE_TWITCH },
+ { 0xBCACD005, 32, NDPI_SERVICE_TWITCH },
+ { 0xBCACCA05, 32, NDPI_SERVICE_TWITCH },
+ { 0xB92ACD06, 32, NDPI_SERVICE_TWITCH },
+ { 0xB92ACD14, 32, NDPI_SERVICE_TWITCH },
+ { 0xB92ACCF3, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709F9C7, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709F9C9, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709F9CB, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FBA4, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FBA6, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FBAA, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FBB1, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FBE8, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FBE9, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FBEA, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FBEB, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FBFB, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FBFC, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FBFD, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FBFE, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FF4B, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709FF4C, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709F974, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709F976, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709F978, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709F97D, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709F985, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709F986, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709F987, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709F98C, 32, NDPI_SERVICE_TWITCH },
+ { 0xC709F9C5, 32, NDPI_SERVICE_TWITCH },
+
+ /* Simet - 200.160.4.0/24 */
+ { 0xC8A00400, 24, NDPI_SERVICE_SIMET },
-{ 0x0, 0, 0 }
+ { 0x0, 0, 0 }
};
/* ****************************************************** */
@@ -7292,7 +7299,7 @@ static ndpi_network host_protocol_list[] = {
HTTP: Server: field
HTTPS: Server certificate name
- */
+*/
ndpi_protocol_match host_match[] = {
{ "amazon.", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_ACCEPTABLE },
@@ -7314,6 +7321,7 @@ ndpi_protocol_match host_match[] = {
{ ".facebook.com", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_FUN },
{ ".fbcdn.net", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_FUN },
{ "fbcdn-", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */
+ { ".google.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_ACCEPTABLE },
{ ".gstatic.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_ACCEPTABLE },
{ ".googlesyndication.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_ACCEPTABLE },
{ ".googletagservices.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_ACCEPTABLE },
@@ -7329,7 +7337,6 @@ ndpi_protocol_match host_match[] = {
{ "maps.gstatic.com", "GoogleMaps", NDPI_SERVICE_GOOGLE_MAPS, NDPI_PROTOCOL_ACCEPTABLE },
{ ".gmail.", "GMail", NDPI_SERVICE_GMAIL, NDPI_PROTOCOL_SAFE },
{ "mail.google.", "GMail", NDPI_SERVICE_GMAIL, NDPI_PROTOCOL_SAFE },
- { ".grooveshark.com", "GrooveShark", NDPI_SERVICE_GROOVESHARK, NDPI_PROTOCOL_FUN },
{ ".last.fm", "LastFM", NDPI_SERVICE_LASTFM, NDPI_PROTOCOL_FUN },
{ "msn.com", "MSN", NDPI_SERVICE_MSN, NDPI_PROTOCOL_FUN },
{ "netflix.com", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_FUN },
@@ -7359,11 +7366,10 @@ ndpi_protocol_match host_match[] = {
{ ".ytimg.com", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_FUN },
{ "youtube-nocookie.", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_FUN },
{ ".vevo.com", "Vevo", NDPI_SERVICE_VEVO, NDPI_PROTOCOL_FUN },
- { ".google.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_ACCEPTABLE },
{ ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_FUN },
{ ".pandora.com", "Pandora", NDPI_SERVICE_PANDORA, NDPI_PROTOCOL_FUN },
{ ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS },
- { "appmeutim.tim.com.br", "Meu", NDPI_SERVICE_MEU, NDPI_PROTOCOL_ACCEPTABLE },
+ { "appmeutim.tim.com.br", "TIM_Meu", NDPI_SERVICE_TIMMEU, NDPI_PROTOCOL_ACCEPTABLE },
{ ".timtorcedor.com.br", "Torcedor", NDPI_SERVICE_TORCEDOR, NDPI_PROTOCOL_ACCEPTABLE },
{ ".kakao.com", "KakaoTalk", NDPI_SERVICE_KAKAOTALK, NDPI_PROTOCOL_FUN },
{ "ttvnw.net", "Twitch", NDPI_SERVICE_TWITCH, NDPI_PROTOCOL_FUN },
@@ -7378,6 +7384,33 @@ ndpi_protocol_match host_match[] = {
{ "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_SERVICE_SNAPCHAT, NDPI_PROTOCOL_FUN },
{ "feelinsonice.com", "Snapchat", NDPI_SERVICE_SNAPCHAT, NDPI_PROTOCOL_FUN },
+ /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */
+ { ".cdninstagram.com", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_FUN },
+ { "instagram.", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_FUN },
+ { ".instagram.", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_FUN },
+ { "igcdn-photos-", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_FUN },
+ { "instagramimages-", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_FUN },
+ { "instagramstatic-", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_FUN },
+
+ { ".waze.com", "Waze", NDPI_SERVICE_WAZE, NDPI_PROTOCOL_ACCEPTABLE },
+ { "simet-", "Simet", NDPI_SERVICE_SIMET, NDPI_PROTOCOL_ACCEPTABLE },
+ { "opensignal.com", "OpenSignal", NDPI_SERVICE_OPENSIGNAL, NDPI_PROTOCOL_ACCEPTABLE },
+ { "99taxis.com", "99Taxi", NDPI_SERVICE_99TAXI, NDPI_PROTOCOL_ACCEPTABLE },
+ { "easytaxis.com", "EasyTaxi", NDPI_SERVICE_EASYTAXI, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".globo.com", "GloboTV", NDPI_SERVICE_GLOBOTV, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".glbimg.com", "GloboTV", NDPI_SERVICE_GLOBOTV, NDPI_PROTOCOL_ACCEPTABLE },
+ { "timsomdechamada.com.br", "SomDeChamada", NDPI_SERVICE_TIMSOMDECHAMADA, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".tim.acotelbr.com.br", "TIM_Menu", NDPI_SERVICE_TIMMENU, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".timbeta.com.br", "TIM_Beta", NDPI_SERVICE_TIMBETA, NDPI_PROTOCOL_ACCEPTABLE },
+ { "tim-geoportal.geoportal3d.com.br", "TIM_PortasAbertas", NDPI_SERVICE_TIMPORTASABERTAS, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".m4u.com.br", "TIM_Recarga", NDPI_SERVICE_TIMRECARGA, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".deezer.com", "Deezer", NDPI_SERVICE_DEEZER, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".microsoft.com", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_ACCEPTABLE },
+ { "update.microsoft.com", "WindowsUpdate", NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".windowsupdate.com", "WindowsUpdate", NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_ACCEPTABLE },
+ { ".battle.net", "Battle.net", NDPI_SERVICE_BATTLENET, NDPI_PROTOCOL_FUN },
+ { "bnetcmsus-a.akamaihd.net", "Battle.net", NDPI_SERVICE_BATTLENET, NDPI_PROTOCOL_FUN },
+ { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_FUN },
{ NULL, 0 }
};
@@ -7418,7 +7451,7 @@ ndpi_protocol_match content_match[] = {
{ "NSPlayer/", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_FUN },
{ "application/x-mms-framed", NULL, NDPI_CONTENT_MMS, NDPI_PROTOCOL_FUN },
{ "Xbox Live Client/", NULL, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_FUN },
- { "Windows-Update-Agent", NULL, NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_FUN },
+ { "Windows-Update-Agent", NULL, NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_ACCEPTABLE },
{ "audio/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_FUN },
{ "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_FUN },
{ "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_FUN },
@@ -7429,71 +7462,71 @@ ndpi_protocol_match content_match[] = {
/* ****************************************************** */
/*
- Tor
- The tor protocol uses SSL to contact peers so it could be exchanged with
- standard SSL. However the host names such as
+ Tor
+ The tor protocol uses SSL to contact peers so it could be exchanged with
+ standard SSL. However the host names such as
- - www.fgd2iwya7vinfutj5wq5we.com
- - www.qbtxzhetq4s2f.com
- - www.fgd2iwya7vinfutj5wq5we.net
+ - www.fgd2iwya7vinfutj5wq5we.com
+ - www.qbtxzhetq4s2f.com
+ - www.fgd2iwya7vinfutj5wq5we.net
- In essence www.<name>.com|net
+ In essence www.<name>.com|net
- To do things properly we should check if host name in the certificate
- exists or if the IP address of the SSL peer resolves to a name. Unfortunately
- for performance reasons we can't afford to do a DNS lookup in nDPI (however apps
- can do it if possible) and thus we have created a heuristic algorithm that tries
- to check the host name (in the SSL certificate) to see if it looks like a
- random name or a real name. We cannot use a dictionary (how can the kernel read a file?)
- and this we use bigrams distribution to decide if the string looks like a
- word or just random chars.
+ To do things properly we should check if host name in the certificate
+ exists or if the IP address of the SSL peer resolves to a name. Unfortunately
+ for performance reasons we can't afford to do a DNS lookup in nDPI (however apps
+ can do it if possible) and thus we have created a heuristic algorithm that tries
+ to check the host name (in the SSL certificate) to see if it looks like a
+ random name or a real name. We cannot use a dictionary (how can the kernel read a file?)
+ and this we use bigrams distribution to decide if the string looks like a
+ word or just random chars.
- http://www3.nd.edu/~busiforc/handouts/cryptography/Letter%20Frequencies.html
+ http://www3.nd.edu/~busiforc/handouts/cryptography/Letter%20Frequencies.html
*/
static const char *ndpi_en_bigrams[] = {
- "aa", "ba", "ca", "da", "ea", "fa", "ga", "ha", "ia", "ja", "ka", "la", "ma", "na", "oa", "pa", "qa",
- "ra", "sa", "ta", "ua", "va", "wa", "xa", "ya", "za", "ab", "bb", "db", "eb", "fb", "gb", "hb", "ib",
- "kb", "lb", "mb", "nb", "ob", "pb", "rb", "sb", "tb", "ub", "wb", "yb", "ac", "bc", "cc", "dc", "ec",
- "fc", "gc", "hc", "ic", "kc", "lc", "mc", "nc", "oc", "pc", "rc", "sc", "tc", "uc", "wc", "xc", "yc",
- "ad", "bd", "cd", "dd", "ed", "fd", "gd", "hd", "id", "kd", "ld", "md", "nd", "od", "pd", "rd", "sd",
- "td", "ud", "wd", "xd", "yd", "zd", "ae", "be", "ce", "de", "ee", "fe", "ge", "he", "ie", "je", "ke",
- "le", "me", "ne", "oe", "pe", "re", "se", "te", "ue", "ve", "we", "xe", "ye", "ze", "af", "bf", "df",
- "ef", "ff", "gf", "hf", "if", "kf", "lf", "mf", "nf", "of", "pf", "rf", "sf", "tf", "uf", "wf", "xf",
- "yf", "zf", "ag", "bg", "dg", "eg", "fg", "gg", "hg", "ig", "kg", "lg", "ng", "og", "pg", "rg", "sg",
- "tg", "ug", "wg", "yg", "ah", "bh", "ch", "dh", "eh", "fh", "gh", "hh", "ih", "kh", "lh", "mh", "nh",
- "oh", "ph", "rh", "sh", "th", "uh", "wh", "xh", "yh", "ai", "bi", "ci", "di", "ei", "fi", "gi", "hi",
- "ii", "ji", "ki", "li", "mi", "ni", "oi", "pi", "qi", "ri", "si", "ti", "ui", "vi", "wi", "xi", "yi",
- "zi", "aj", "bj", "dj", "ej", "fj", "gj", "hj", "ij", "jj", "kj", "lj", "nj", "oj", "pj", "rj", "sj",
- "tj", "uj", "wj", "yj", "ak", "ck", "dk", "ek", "gk", "ik", "kk", "lk", "mk", "nk", "ok", "pk", "rk",
- "sk", "tk", "uk", "wk", "yk", "zk", "al", "bl", "cl", "dl", "el", "fl", "gl", "hl", "il", "kl", "ll",
- "ml", "nl", "ol", "pl", "rl", "sl", "tl", "ul", "vl", "wl", "xl", "yl", "zl", "am", "bm", "cm", "dm",
- "em", "fm", "gm", "hm", "im", "km", "lm", "mm", "nm", "om", "pm", "rm", "sm", "tm", "um", "wm", "xm",
- "ym", "zm", "an", "bn", "cn", "dn", "en", "fn", "gn", "hn", "in", "kn", "ln", "mn", "nn", "on", "pn",
- "rn", "sn", "tn", "un", "wn", "xn", "yn", "ao", "bo", "co", "do", "eo", "fo", "go", "ho", "io", "jo",
- "ko", "lo", "mo", "no", "oo", "po", "ro", "so", "to", "uo", "vo", "wo", "xo", "yo", "zo", "ap", "bp",
- "dp", "ep", "fp", "gp", "hp", "ip", "kp", "lp", "mp", "np", "op", "pp", "rp", "sp", "tp", "up", "wp",
- "xp", "yp", "zp", "aq", "cq", "dq", "eq", "hq", "iq", "nq", "oq", "qq", "rq", "sq", "uq", "xq", "ar",
- "br", "cr", "dr", "er", "fr", "gr", "hr", "ir", "kr", "lr", "mr", "nr", "or", "pr", "rr", "sr", "tr",
- "ur", "vr", "wr", "xr", "yr", "as", "bs", "cs", "ds", "es", "fs", "gs", "hs", "is", "ks", "ls", "ms",
- "ns", "os", "ps", "rs", "ss", "ts", "us", "vs", "ws", "xs", "ys", "at", "bt", "ct", "dt", "et", "ft",
- "gt", "ht", "it", "kt", "lt", "mt", "nt", "ot", "pt", "rt", "st", "tt", "ut", "wt", "xt", "yt", "zt",
- "au", "bu", "cu", "du", "eu", "fu", "gu", "hu", "iu", "ju", "ku", "lu", "mu", "nu", "ou", "pu", "qu",
- "ru", "su", "tu", "uu", "vu", "wu", "xu", "yu", "zu", "av", "bv", "dv", "ev", "iv", "lv", "mv", "nv",
- "ov", "rv", "sv", "tv", "uv", "vv", "zv", "aw", "bw", "dw", "ew", "fw", "gw", "hw", "iw", "kw", "lw",
- "mw", "nw", "ow", "pw", "rw", "sw", "tw", "uw", "ww", "xw", "yw", "zw", "ax", "ex", "ix", "nx", "ox",
- "rx", "ux", "xx", "yx", "ay", "by", "cy", "dy", "ey", "fy", "gy", "hy", "ky", "ly", "my", "ny", "oy",
- "py", "ry", "sy", "ty", "uy", "vy", "wy", "xy", "yy", "zy", "az", "bz", "cz", "dz", "ez", "gz", "iz",
- "lz", "nz", "oz", "pz", "rz", "tz", "uz", "zz", NULL };
+ "aa", "ba", "ca", "da", "ea", "fa", "ga", "ha", "ia", "ja", "ka", "la", "ma", "na", "oa", "pa", "qa",
+ "ra", "sa", "ta", "ua", "va", "wa", "xa", "ya", "za", "ab", "bb", "db", "eb", "fb", "gb", "hb", "ib",
+ "kb", "lb", "mb", "nb", "ob", "pb", "rb", "sb", "tb", "ub", "wb", "yb", "ac", "bc", "cc", "dc", "ec",
+ "fc", "gc", "hc", "ic", "kc", "lc", "mc", "nc", "oc", "pc", "rc", "sc", "tc", "uc", "wc", "xc", "yc",
+ "ad", "bd", "cd", "dd", "ed", "fd", "gd", "hd", "id", "kd", "ld", "md", "nd", "od", "pd", "rd", "sd",
+ "td", "ud", "wd", "xd", "yd", "zd", "ae", "be", "ce", "de", "ee", "fe", "ge", "he", "ie", "je", "ke",
+ "le", "me", "ne", "oe", "pe", "re", "se", "te", "ue", "ve", "we", "xe", "ye", "ze", "af", "bf", "df",
+ "ef", "ff", "gf", "hf", "if", "kf", "lf", "mf", "nf", "of", "pf", "rf", "sf", "tf", "uf", "wf", "xf",
+ "yf", "zf", "ag", "bg", "dg", "eg", "fg", "gg", "hg", "ig", "kg", "lg", "ng", "og", "pg", "rg", "sg",
+ "tg", "ug", "wg", "yg", "ah", "bh", "ch", "dh", "eh", "fh", "gh", "hh", "ih", "kh", "lh", "mh", "nh",
+ "oh", "ph", "rh", "sh", "th", "uh", "wh", "xh", "yh", "ai", "bi", "ci", "di", "ei", "fi", "gi", "hi",
+ "ii", "ji", "ki", "li", "mi", "ni", "oi", "pi", "qi", "ri", "si", "ti", "ui", "vi", "wi", "xi", "yi",
+ "zi", "aj", "bj", "dj", "ej", "fj", "gj", "hj", "ij", "jj", "kj", "lj", "nj", "oj", "pj", "rj", "sj",
+ "tj", "uj", "wj", "yj", "ak", "ck", "dk", "ek", "gk", "ik", "kk", "lk", "mk", "nk", "ok", "pk", "rk",
+ "sk", "tk", "uk", "wk", "yk", "zk", "al", "bl", "cl", "dl", "el", "fl", "gl", "hl", "il", "kl", "ll",
+ "ml", "nl", "ol", "pl", "rl", "sl", "tl", "ul", "vl", "wl", "xl", "yl", "zl", "am", "bm", "cm", "dm",
+ "em", "fm", "gm", "hm", "im", "km", "lm", "mm", "nm", "om", "pm", "rm", "sm", "tm", "um", "wm", "xm",
+ "ym", "zm", "an", "bn", "cn", "dn", "en", "fn", "gn", "hn", "in", "kn", "ln", "mn", "nn", "on", "pn",
+ "rn", "sn", "tn", "un", "wn", "xn", "yn", "ao", "bo", "co", "do", "eo", "fo", "go", "ho", "io", "jo",
+ "ko", "lo", "mo", "no", "oo", "po", "ro", "so", "to", "uo", "vo", "wo", "xo", "yo", "zo", "ap", "bp",
+ "dp", "ep", "fp", "gp", "hp", "ip", "kp", "lp", "mp", "np", "op", "pp", "rp", "sp", "tp", "up", "wp",
+ "xp", "yp", "zp", "aq", "cq", "dq", "eq", "hq", "iq", "nq", "oq", "qq", "rq", "sq", "uq", "xq", "ar",
+ "br", "cr", "dr", "er", "fr", "gr", "hr", "ir", "kr", "lr", "mr", "nr", "or", "pr", "rr", "sr", "tr",
+ "ur", "vr", "wr", "xr", "yr", "as", "bs", "cs", "ds", "es", "fs", "gs", "hs", "is", "ks", "ls", "ms",
+ "ns", "os", "ps", "rs", "ss", "ts", "us", "vs", "ws", "xs", "ys", "at", "bt", "ct", "dt", "et", "ft",
+ "gt", "ht", "it", "kt", "lt", "mt", "nt", "ot", "pt", "rt", "st", "tt", "ut", "wt", "xt", "yt", "zt",
+ "au", "bu", "cu", "du", "eu", "fu", "gu", "hu", "iu", "ju", "ku", "lu", "mu", "nu", "ou", "pu", "qu",
+ "ru", "su", "tu", "uu", "vu", "wu", "xu", "yu", "zu", "av", "bv", "dv", "ev", "iv", "lv", "mv", "nv",
+ "ov", "rv", "sv", "tv", "uv", "vv", "zv", "aw", "bw", "dw", "ew", "fw", "gw", "hw", "iw", "kw", "lw",
+ "mw", "nw", "ow", "pw", "rw", "sw", "tw", "uw", "ww", "xw", "yw", "zw", "ax", "ex", "ix", "nx", "ox",
+ "rx", "ux", "xx", "yx", "ay", "by", "cy", "dy", "ey", "fy", "gy", "hy", "ky", "ly", "my", "ny", "oy",
+ "py", "ry", "sy", "ty", "uy", "vy", "wy", "xy", "yy", "zy", "az", "bz", "cz", "dz", "ez", "gz", "iz",
+ "lz", "nz", "oz", "pz", "rz", "tz", "uz", "zz", NULL };
static const char *ndpi_en_impossible_bigrams[] = {
- "bk", "bq", "bx", "cb", "cf", "cg", "cj", "cp", "cv", "cw", "cx", "dx", "fk", "fq", "fv", "fx", "ee",
- "fz", "gq", "gv", "gx", "hh", "hk", "hv", "hx", "hz", "iy", "jb", "jc", "jd", "jf", "jg", "jh", "jk",
- "jl", "jm", "jn", "jp", "jq", "jr", "js", "jt", "jv", "jw", "jx", "jy", "jz", "kg", "kq", "kv", "kx",
- "kz", "lq", "lx", "mg", "mj", "mq", "mx", "mz", "pq", "pv", "px", "qb", "qc", "qd", "qe", "qf", "ii",
- "qg", "qh", "qj", "qk", "ql", "qm", "qn", "qo", "qp", "qr", "qs", "qt", "qv", "qw", "qx", "qy", "uu",
- "qz", "sx", "sz", "tq", "tx", "vb", "vc", "vd", "vf", "vg", "vh", "vj", "vk", "vm", "vn", "vp", "bw",
- "vq", "vt", "vw", "vx", "vz", "wq", "wv", "wx", "wz", "xb", "xg", "xj", "xk", "xv", "xz", "xw", "yd", "yp",
- "yj", "yq", "yv", "yz", "yw", "zb", "zc", "zg", "zh", "zj", "zn", "zq", "zr", "zs", "zx", "wh", "wk",
- "wb", "zk", "kp", "zk", "xy",
- NULL };
+ "bk", "bq", "bx", "cb", "cf", "cg", "cj", "cp", "cv", "cw", "cx", "dx", "fk", "fq", "fv", "fx", "ee",
+ "fz", "gq", "gv", "gx", "hh", "hk", "hv", "hx", "hz", "iy", "jb", "jc", "jd", "jf", "jg", "jh", "jk",
+ "jl", "jm", "jn", "jp", "jq", "jr", "js", "jt", "jv", "jw", "jx", "jy", "jz", "kg", "kq", "kv", "kx",
+ "kz", "lq", "lx", "mg", "mj", "mq", "mx", "mz", "pq", "pv", "px", "qb", "qc", "qd", "qe", "qf", "ii",
+ "qg", "qh", "qj", "qk", "ql", "qm", "qn", "qo", "qp", "qr", "qs", "qt", "qv", "qw", "qx", "qy", "uu",
+ "qz", "sx", "sz", "tq", "tx", "vb", "vc", "vd", "vf", "vg", "vh", "vj", "vk", "vm", "vn", "vp", "bw",
+ "vq", "vt", "vw", "vx", "vz", "wq", "wv", "wx", "wz", "xb", "xg", "xj", "xk", "xv", "xz", "xw", "yd", "yp",
+ "yj", "yq", "yv", "yz", "yw", "zb", "zc", "zg", "zh", "zj", "zn", "zq", "zr", "zs", "zx", "wh", "wk",
+ "wb", "zk", "kp", "zk", "xy",
+ NULL };
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 9496545cd..f36537b49 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -769,6 +769,7 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp
Do NOT add web services (NDPI_SERVICE_xxx) here.
*/
static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_mod) {
+
int i;
ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS];
u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO },
@@ -823,10 +824,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 993, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS,
- no_master,
- no_master, "DNS",
- ndpi_build_default_ports(ports_a, 53, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 53, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "DNS",
+ ndpi_build_default_ports(ports_a, 53, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 53, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IPP,
no_master,
no_master, "IPP",
@@ -863,10 +864,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP,
- no_master,
- no_master, "BGP",
- ndpi_build_default_ports(ports_a, 2605, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "BGP",
+ ndpi_build_default_ports(ports_a, 2605, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP,
no_master,
no_master, "SNMP",
@@ -888,10 +889,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 514, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 514, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP,
- no_master,
- no_master, "DHCP",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 67, 68, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "DHCP",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 67, 68, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_POSTGRES,
no_master,
no_master, "PostgreSQL",
@@ -913,10 +914,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE,
- no_master,
- no_master, "AppleJuice",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "AppleJuice",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT,
no_master,
no_master, "DirectConnect",
@@ -938,10 +939,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 903, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FILETOPIA,
- no_master,
- no_master, "Filetopia",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "Filetopia",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_IMESH,
no_master,
no_master, "iMESH",
@@ -973,10 +974,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT,
- no_master,
- no_master, "BitTorrent",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 6771, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "BitTorrent",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 6771, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EPP,
no_master,
no_master, "EPP",
@@ -998,40 +999,40 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_MPEG,
- no_master,
- no_master, "MPEG",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "MPEG",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_QUICKTIME,
no_master,
no_master, "QuickTime",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_REALMEDIA,
- no_master,
- no_master, "RealMedia",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "RealMedia",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_WINDOWSMEDIA,
no_master,
no_master, "WindowsMedia",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_MMS,
- no_master,
- no_master, "MMS",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "MMS",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_XBOX,
no_master,
no_master, "Xbox",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQ,
- no_master,
- no_master, "QQ",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "QQ",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MOVE,
no_master,
no_master, "Move",
@@ -1119,30 +1120,20 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 5072, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPED_JABBER,
- no_master,
- no_master, "Unencryped_Jabber",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MSN,
- no_master,
- no_master, "MSN",
- ndpi_build_default_ports(ports_a, 1863, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "Unencryped_Jabber",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OSCAR,
- no_master,
- no_master, "Oscar",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_YAHOO,
- no_master,
- no_master, "Yahoo",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "Oscar",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_BATTLEFIELD,
- no_master,
- no_master, "BattleField",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "BattleField",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QUAKE,
no_master,
no_master, "Quake",
@@ -1176,9 +1167,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323;
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN,
- no_master, custom_master, "STUN",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 3478, 0, 0, 0, 0) /* UDP */);
+ no_master, custom_master, "STUN",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 3478, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_IP_IPSEC,
no_master,
no_master, "IPsec",
@@ -1220,10 +1211,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTP,
- no_master,
- no_master, "RTP",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "RTP",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RDP,
no_master,
no_master, "RDP",
@@ -1240,10 +1231,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_VOICE,
- no_master,
- no_master, "WhatsAppVoice",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "WhatsAppVoice",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
custom_master[0] = NDPI_PROTOCOL_SSL_NO_CERT, custom_master[1] = NDPI_PROTOCOL_UNKNOWN;
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_SSL,
@@ -1266,34 +1257,33 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IAX,
- no_master,
- no_master, "IAX",
- ndpi_build_default_ports(ports_a, 4569, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "IAX",
+ ndpi_build_default_ports(ports_a, 4569, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP,
no_master,
no_master, "TFTP",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP,
- no_master,
- no_master, "AFP",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "AFP",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET,
no_master,
no_master, "Stealthnet",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI,
- no_master,
- no_master, "Aimini",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "Aimini",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP,
no_master,
- no_master,
- "SIP",
+ no_master, "SIP",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 5060, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE,
@@ -1312,30 +1302,30 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ARMAGETRON,
- no_master,
- no_master, "Armagetron",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "Armagetron",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CROSSFIRE,
no_master,
no_master, "Crossfire",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DOFUS,
- no_master,
- no_master, "Dofus",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "Dofus",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_FIESTA,
no_master,
no_master, "Fiesta",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FLORENSIA,
- no_master,
- no_master, "Florensia",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "Florensia",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS,
no_master,
no_master, "Guildwars",
@@ -1382,20 +1372,15 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEEBO,
- no_master,
- no_master, "Meebo", /* Remove */
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX,
- no_master,
- no_master, "DropBox",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "Meebo",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DCERPC,
- no_master,
- no_master, "DCE_RPC",
- ndpi_build_default_ports(ports_a, 135, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "DCE_RPC",
+ ndpi_build_default_ports(ports_a, 135, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW,
no_master,
no_master, "NetFlow",
@@ -1417,10 +1402,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 8080, 3128, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX,
- no_master,
- no_master, "Citrix",
- ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "Citrix",
+ ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_PREPAID,
no_master,
no_master, "SkyFile_PrePaid",
@@ -1451,32 +1436,26 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
no_master, "Radius",
ndpi_build_default_ports(ports_a, 1812, 1813, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 1812, 1813, 0, 0, 0) /* UDP */);
-
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WINDOWS_UPDATE,
- no_master,
- no_master, "WindowsUpdate",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER,
- no_master,
- no_master, "TeamViewer",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "TeamViewer",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LOTUS_NOTES,
- no_master,
- no_master, "LotusNotes",
- ndpi_build_default_ports(ports_a, 1352, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "LotusNotes",
+ ndpi_build_default_ports(ports_a, 1352, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SAP,
no_master,
no_master, "SAP",
ndpi_build_default_ports(ports_a, 3201, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP,
- no_master,
- no_master, "GTP",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 2152, 2123, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "GTP",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 2152, 2123, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UPNP,
no_master,
no_master, "UPnP",
@@ -1498,52 +1477,15 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 6000, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_SERVICE_KAKAOTALK_VOICE,
- no_master,
- no_master, "KakaoTalk_Voice",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "KakaoTalk_Voice",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MPEGTS,
no_master,
no_master, "MPEG_TS",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-
- custom_master[0] = NDPI_PROTOCOL_HTTP, custom_master[1] = NDPI_PROTOCOL_UNKNOWN;
- custom_master1[0] = NDPI_PROTOCOL_DNS, custom_master1[1] = NDPI_PROTOCOL_UNKNOWN;
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE,
- NDPI_SERVICE_GOOGLE,
- custom_master, custom_master1,
- "Google",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-
- custom_master[0] = NDPI_PROTOCOL_HTTP, custom_master[1] = NDPI_PROTOCOL_UNKNOWN;
- custom_master1[0] = NDPI_PROTOCOL_DNS, custom_master1[1] = NDPI_PROTOCOL_UNKNOWN;
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE,
- NDPI_SERVICE_APPLE,
- custom_master, custom_master1,
- "Apple",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-
- custom_master[0] = NDPI_PROTOCOL_HTTP, custom_master[1] = NDPI_PROTOCOL_UNKNOWN;
- custom_master1[0] = NDPI_PROTOCOL_DNS, custom_master1[1] = NDPI_PROTOCOL_UNKNOWN;
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE,
- NDPI_SERVICE_APPLE_ICLOUD,
- custom_master, custom_master1,
- "AppleiCloud",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-
- custom_master[0] = NDPI_PROTOCOL_HTTP, custom_master[1] = NDPI_PROTOCOL_UNKNOWN;
- custom_master1[0] = NDPI_PROTOCOL_DNS, custom_master1[1] = NDPI_PROTOCOL_UNKNOWN;
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN,
- NDPI_SERVICE_APPLE_ITUNES,
- custom_master, custom_master1,
- "AppleiTunes",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-
/* http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution */
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LLMNR,
no_master,
@@ -1555,12 +1497,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
no_master, "RemoteScan",
ndpi_build_default_ports(ports_a, 6077, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 6078, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */
-
- custom_master[0] = NDPI_PROTOCOL_HTTP, custom_master[1] = NDPI_PROTOCOL_UNKNOWN;
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SPOTIFY,
- custom_master, no_master, "Spotify",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 57621, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_WEBM,
no_master,
no_master, "WebM", /* Courtesy of Shreeram Ramamoorthy Swaminathan <shreeram <shreeram1985@yahoo.co.in> */
@@ -1568,8 +1504,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_H323,
no_master,
- no_master,
- "H323",
+ no_master,"H323",
ndpi_build_default_ports(ports_a, 1719, 1720, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 1719, 1720, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OPENVPN,
@@ -1583,20 +1518,15 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_CISCOVPN,
- no_master,
- no_master, "CiscoVPN",
- ndpi_build_default_ports(ports_a, 10000, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "CiscoVPN",
+ ndpi_build_default_ports(ports_a, 10000, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMSPEAK,
no_master,
no_master, "TeamSpeak",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_TOR,
- no_master,
- no_master, "TOR",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKINNY,
no_master,
no_master, "CiscoSkinny",
@@ -1618,10 +1548,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 1521, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CORBA,
- no_master,
- no_master, "Corba",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "Corba",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UBUNTUONE,
no_master,
no_master, "UbuntuONE",
@@ -1633,20 +1563,20 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 43, 4343, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD,
- no_master,
- no_master, "Collectd",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "Collectd",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS5,
no_master,
no_master, "SOCKS5",
ndpi_build_default_ports(ports_a, 1080, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 1080, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS4,
- no_master,
- no_master, "SOCKS4",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ no_master,
+ no_master, "SOCKS4",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP,
no_master,
no_master, "RTMP",
@@ -1657,11 +1587,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
no_master, "Pando_Media_Booster",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER,
- no_master,
- no_master, "Viber",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEGACO,
no_master,
no_master, "Megaco",
@@ -1677,27 +1602,18 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
no_master, "ZeroMQ",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_SERVICE_TWITTER,
- no_master,
- no_master, "Twitter",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VHUA,
no_master,
no_master, "VHUA",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 58267, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_SERVICE_FACEBOOK,
- no_master,
- no_master, "Facebook",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_SERVICE_PANDORA,
- no_master,
- no_master, "Pandora",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STARCRAFT,
+ no_master,
+ no_master, "Starcraft",
+ ndpi_build_default_ports(ports_a, 1119, 0, 0, 0, 0), /* TCP */
+ ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */
+
+ /* calling function for host and content matched protocols */
init_string_based_protocols(ndpi_mod);
for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) {
@@ -2089,6 +2005,21 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule,
} else
at[0] = 0, proto = &at[1];
+ for(i=0; proto[i] != '\0'; i++) {
+ switch(proto[i]) {
+ case '/':
+ case '&':
+ case '^':
+ case ':':
+ case ';':
+ case '\'':
+ case '"':
+ case ' ':
+ proto[i] = '_';
+ break;
+ }
+ }
+
for(i=0, def = NULL; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) {
if(strcasecmp(ndpi_mod->proto_defaults[i].protoName, proto) == 0) {
def = &ndpi_mod->proto_defaults[i];
@@ -2230,17 +2161,25 @@ void ndpi_set_bitmask_protocol_detection( char * label,
Compare specify protocol bitmask with main detection bitmask
*/
if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, ndpi_protocol_id) != 0) {
- // #ifdef DEBUG
+#ifdef DEBUG
NDPI_LOG(0, ndpi_struct, NDPI_LOG_DEBUG,"[NDPI] ndpi_set_bitmask_protocol_detection: %s : [callback_buffer] idx= %u, [proto_defaults] protocol_id=%u\n", label, idx, ndpi_protocol_id);
- // #endif
+#endif
+
+ if(ndpi_struct->proto_defaults[ndpi_protocol_id].protoIdx != 0)
+ printf("[NDPI] Internal error: protocol %s/%u has been already registered\n", label, ndpi_protocol_id);
+ else {
+#ifdef DEBUG
+ printf("[NDPI] Adding %s with protocol id %d\n", label, ndpi_protocol_id);
+#endif
+ }
+
/*
Set funcition and index protocol within proto_default strcuture for port protocol detection
and callback_buffer function for DPI protocol detection
*/
ndpi_struct->proto_defaults[ndpi_protocol_id].protoIdx = idx;
+ ndpi_struct->proto_defaults[ndpi_protocol_id].func = ndpi_struct->callback_buffer[idx].func = func;
- ndpi_struct->proto_defaults[ndpi_protocol_id].func =
- ndpi_struct->callback_buffer[idx].func = func;
/*
Set ndpi_selection_bitmask for protocol
*/
@@ -2272,1358 +2211,405 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
/* set this here to zero to be interrupt safe */
ndpi_struct->callback_buffer_size = 0;
+ /* HTTP */
+ init_http_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_HTTP
- ndpi_set_bitmask_protocol_detection("HTTP",ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_HTTP,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- ndpi_set_bitmask_protocol_detection("HTTP_PROXY", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_HTTP_PROXY,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
-#ifdef NDPI_CONTENT_MPEG
- ndpi_set_bitmask_protocol_detection("MPEG", ndpi_struct, detection_bitmask, a++,
- NDPI_CONTENT_MPEG,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_CONTENT_FLASH
- ndpi_set_bitmask_protocol_detection("FLASH", ndpi_struct, detection_bitmask, a++,
- NDPI_CONTENT_FLASH,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_CONTENT_QUICKTIME
- ndpi_set_bitmask_protocol_detection("QUICKTIME", ndpi_struct, detection_bitmask, a++,
- NDPI_CONTENT_QUICKTIME,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_CONTENT_REALMEDIA
- ndpi_set_bitmask_protocol_detection("REALMEDIA", ndpi_struct, detection_bitmask, a++,
- NDPI_CONTENT_REALMEDIA,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_CONTENT_WINDOWSMEDIA
- ndpi_set_bitmask_protocol_detection("WINDOWSMEDIA", ndpi_struct, detection_bitmask, a++,
- NDPI_CONTENT_WINDOWSMEDIA,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_CONTENT_MMS
- ndpi_set_bitmask_protocol_detection("MMS", ndpi_struct, detection_bitmask, a++,
- NDPI_CONTENT_MMS,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_XBOX
- ndpi_set_bitmask_protocol_detection("XBOX", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_XBOX,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_WINDOWS_UPDATE
- ndpi_set_bitmask_protocol_detection("WINDOWS_UPDATE", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_WINDOWS_UPDATE,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_QQ
- ndpi_set_bitmask_protocol_detection("QQ", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_QQ,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_CONTENT_AVI
- ndpi_set_bitmask_protocol_detection("AVI", ndpi_struct, detection_bitmask, a++,
- NDPI_CONTENT_AVI,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_CONTENT_OGG
- ndpi_set_bitmask_protocol_detection("OGG", ndpi_struct, detection_bitmask, a++,
- NDPI_CONTENT_OGG,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_MOVE
- ndpi_set_bitmask_protocol_detection("MOVE", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_MOVE,
- ndpi_search_http_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-
+ /* SKYPE */
init_skype_dissector(ndpi_struct, &a, detection_bitmask);
- /*Update excluded protocol bitmask*/
- NDPI_BITMASK_SET(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,
- ndpi_struct->callback_buffer[a].detection_bitmask);
+ /* Stracraft */
+ init_starcraft_dissector(ndpi_struct, &a, detection_bitmask);
- /*Delete protocol from exluded protocol bitmask*/
- NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,
- NDPI_PROTOCOL_UNKNOWN);
+ /* SSL */
+ init_ssl_dissector(ndpi_struct, &a, detection_bitmask);
- NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,
- NDPI_PROTOCOL_QQ);
+ /* STUN */
+ init_stun_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_CONTENT_FLASH
- NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,
- NDPI_CONTENT_FLASH);
-#endif
+ /* RTP */
+ init_rtp_dissector(ndpi_struct, &a, detection_bitmask);
- NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,
- NDPI_CONTENT_MMS);
- // #ifdef NDPI_PROTOCOL_RTSP
- // NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,
- // NDPI_PROTOCOL_RTSP);
- // #endif
- NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,
- NDPI_PROTOCOL_XBOX);
+ /* RTSP */
+ init_rtsp_dissector(ndpi_struct, &a, detection_bitmask);
- NDPI_BITMASK_SET(ndpi_struct->generic_http_packet_bitmask,
- ndpi_struct->callback_buffer[a].detection_bitmask);
+ /* RDP */
+ init_rdp_dissector(ndpi_struct, &a, detection_bitmask);
- NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->generic_http_packet_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ /* SIP */
+ init_sip_dissector(ndpi_struct, &a, detection_bitmask);
- /* Update callback_buffer index */
- a++;
-#endif
+ /* BITTORRENT */
+ init_bittorrent_dissector(ndpi_struct, &a, detection_bitmask);
+ /* EDONKEY */
+ init_edonkey_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_SSL
- ndpi_set_bitmask_protocol_detection("SSL", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_SSL,
- ndpi_search_ssl_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* FASTTRACK */
+ init_fasttrack_dissector(ndpi_struct, &a, detection_bitmask);
+ /* GNUTELLA */
+ init_gnutella_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_STUN
- ndpi_set_bitmask_protocol_detection("STUN", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_STUN,
- ndpi_search_stun,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* WINMX */
+ init_winmx_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_RTP
- ndpi_set_bitmask_protocol_detection("RTP", ndpi_struct, detection_bitmask,a,
- NDPI_PROTOCOL_RTP,
- ndpi_search_rtp,
- NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
- /* consider also real protocol for detection select in main loop */
- /* ndpi_struct->callback_buffer[a].detection_feature = NDPI_SELECT_DETECTION_WITH_REAL_PROTOCOL; */
- /* Update callback_buffer index */
- a++;
-#endif
+ /* DIRECTCONNECT */
+ init_directconnect_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_RTSP
- ndpi_set_bitmask_protocol_detection("RTSP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_RTSP,
- ndpi_search_rtsp_tcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* MSN */
+ init_msn_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_RDP
- ndpi_set_bitmask_protocol_detection("RDP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_RDP,
- ndpi_search_rdp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* YAHOO */
+ init_yahoo_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_SIP
- ndpi_set_bitmask_protocol_detection("SIP", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_SIP,
- ndpi_search_sip,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,/* Fix courtesy of Miguel Quesada <mquesadab@gmail.com> */
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* OSCAR */
+ init_oscar_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_BITTORRENT
- ndpi_set_bitmask_protocol_detection("BITTORRENT", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_BITTORRENT,
- ndpi_search_bittorrent,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* APPLEJUICE */
+ init_applejuice_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_EDONKEY
- ndpi_set_bitmask_protocol_detection("EDONKEY", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_EDONKEY,
- ndpi_search_edonkey,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_FASTTRACK
- ndpi_set_bitmask_protocol_detection("FASTTRACK", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_FASTTRACK,
- ndpi_search_fasttrack_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_GNUTELLA
- ndpi_set_bitmask_protocol_detection("GNUTELLA", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_GNUTELLA,
- ndpi_search_gnutella,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* SOULSEEK */
+ init_soulseek_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_WINMX
- ndpi_set_bitmask_protocol_detection("WINMX", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_WINMX,
- ndpi_search_winmx_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* IRC */
+ init_irc_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_DIRECTCONNECT
- ndpi_set_bitmask_protocol_detection("DIRECTCONNECT", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_DIRECTCONNECT,
- ndpi_search_directconnect,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_MSN
+ /* JABBER */
+ init_jabber_dissector(ndpi_struct, &a, detection_bitmask);
- NDPI_BITMASK_RESET(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask);
+ /* MAIL_POP */
+ init_mail_pop_dissector(ndpi_struct, &a, detection_bitmask);
- ndpi_set_bitmask_protocol_detection("MSN", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_MSN,
- ndpi_search_msn,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* MAIL_IMAP */
+ init_mail_imap_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_YAHOO
- ndpi_set_bitmask_protocol_detection("YAHOO", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_YAHOO,
- ndpi_search_yahoo,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* MAIL_SMTP */
+ init_mail_smtp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_OSCAR
- ndpi_set_bitmask_protocol_detection("OSCAR", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_OSCAR,
- ndpi_search_oscar,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* USENET */
+ init_usenet_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_APPLEJUICE
- ndpi_set_bitmask_protocol_detection("APPLEJUICE", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_APPLEJUICE,
- ndpi_search_applejuice_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* DNS */
+ init_dns_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_SOULSEEK
- ndpi_set_bitmask_protocol_detection("SOULSEEK", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_SOULSEEK,
- ndpi_search_soulseek_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* FILETOPIA */
+ init_filetopia_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_IRC
- ndpi_set_bitmask_protocol_detection("IRC", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_IRC,
- ndpi_search_irc_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* VMWARE */
+ init_vmware_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER
- ndpi_set_bitmask_protocol_detection("UNENCRYPED_JABBER", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_UNENCRYPED_JABBER,
- ndpi_search_jabber_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* IMESH */
+ init_imesh_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_MAIL_POP
- ndpi_set_bitmask_protocol_detection("MAIL_POP", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_MAIL_POP,
- ndpi_search_mail_pop_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* MMS */
+ init_mms_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_MAIL_IMAP
- ndpi_set_bitmask_protocol_detection("MAIL_IMAP", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_MAIL_IMAP,
- ndpi_search_mail_imap_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* NON_TCP_UDP */
+ init_non_tcp_udp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_MAIL_SMTP
- ndpi_set_bitmask_protocol_detection("MAIL_SMTP", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_MAIL_SMTP,
- ndpi_search_mail_smtp_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* TVANTS */
+ init_tvants_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_USENET
- ndpi_set_bitmask_protocol_detection("USENET", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_USENET,
- ndpi_search_usenet_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* SOPCAST */
+ init_sopcast_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_DNS
- ndpi_set_bitmask_protocol_detection("DNS", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_DNS,
- ndpi_search_dns,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* TVUPLAYER */
+ init_tvuplayer_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_FILETOPIA
- ndpi_set_bitmask_protocol_detection("FILETOPIA", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_FILETOPIA,
- ndpi_search_filetopia_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* PPSTREAM */
+ init_ppstream_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_VMWARE
- ndpi_set_bitmask_protocol_detection("VMWARE", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_VMWARE,
- ndpi_search_vmware,
- NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* PPLIVE */
+ init_pplive_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_IMESH
- ndpi_set_bitmask_protocol_detection("IMESH", ndpi_struct, detection_bitmask,a++,
- NDPI_PROTOCOL_IMESH,
- ndpi_search_imesh_tcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_CONTENT_MMS
- ndpi_set_bitmask_protocol_detection("NDPI_CONTENT_MMS", ndpi_struct, detection_bitmask,a++,
- NDPI_CONTENT_MMS,
- ndpi_search_mms_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* IAX */
+ init_iax_dissector(ndpi_struct, &a, detection_bitmask);
-#if defined(NDPI_PROTOCOL_IP_IPSEC) || defined(NDPI_PROTOCOL_IP_GRE) || defined(NDPI_PROTOCOL_IP_ICMP) || defined(NDPI_PROTOCOL_IP_IGMP) || defined(NDPI_PROTOCOL_IP_EGP) || defined(NDPI_PROTOCOL_IP_SCTP) || defined(NDPI_PROTOCOL_IP_OSPF) || defined(NDPI_PROTOCOL_IP_IP_IN_IP) || defined(NDPI_PROTOCOL_IP_ICMPV6)
-
- /* always add non tcp/udp if one protocol is compiled in */
- NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
-
- ndpi_set_bitmask_protocol_detection("IP_IPSEC", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_IP_IPSEC,
- ndpi_search_in_non_tcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- ndpi_set_bitmask_protocol_detection("IP_GRE", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_IP_GRE,
- ndpi_search_in_non_tcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- ndpi_set_bitmask_protocol_detection("IP_ICMP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_IP_ICMP,
- ndpi_search_in_non_tcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- ndpi_set_bitmask_protocol_detection("IP_IGMP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_IP_IGMP,
- ndpi_search_in_non_tcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- ndpi_set_bitmask_protocol_detection("IP_EGP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_IP_EGP,
- ndpi_search_in_non_tcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- ndpi_set_bitmask_protocol_detection("IP_SCTP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_IP_SCTP,
- ndpi_search_in_non_tcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- ndpi_set_bitmask_protocol_detection("IP_OSPF", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_IP_OSPF,
- ndpi_search_in_non_tcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- ndpi_set_bitmask_protocol_detection("IP_IP_IN_IP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_IP_IP_IN_IP,
- ndpi_search_in_non_tcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- ndpi_set_bitmask_protocol_detection("IP_ICMPV6", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_IP_ICMPV6,
- ndpi_search_in_non_tcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
- NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- // NDPI_BITMASK_RESET(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask);
-#endif
+ /* MGPC */
+ init_mgpc_dissector(ndpi_struct, &a, detection_bitmask);
+ /* ZATTOO */
+ init_zattoo_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_TVANTS
- ndpi_set_bitmask_protocol_detection("TVANTS", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_TVANTS,
- ndpi_search_tvants_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* QQ */
+ init_qq_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_SOPCAST
- ndpi_set_bitmask_protocol_detection("SOPCAST", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_SOPCAST,
- ndpi_search_sopcast,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_TVUPLAYER
- ndpi_set_bitmask_protocol_detection("TVUPLAYER", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_TVUPLAYER,
- ndpi_search_tvuplayer,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_PPSTREAM
- ndpi_set_bitmask_protocol_detection("PPSTREAM", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_PPSTREAM,
- ndpi_search_ppstream,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_PPLIVE
- ndpi_set_bitmask_protocol_detection("PPLIVE", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_PPLIVE,
- ndpi_search_pplive,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_IAX
- ndpi_set_bitmask_protocol_detection("IAX", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_IAX,
- ndpi_search_iax,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_MGCP
- ndpi_set_bitmask_protocol_detection("MGCP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_MGCP,
- ndpi_search_mgcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_ZATTOO
- ndpi_set_bitmask_protocol_detection("ZATTOO", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_ZATTOO,
- ndpi_search_zattoo,
- NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_QQ
- ndpi_set_bitmask_protocol_detection("QQ", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_QQ,
- ndpi_search_qq,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_SSH
- ndpi_set_bitmask_protocol_detection("SSH", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_SSH,
- ndpi_search_ssh_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_AYIYA
- ndpi_set_bitmask_protocol_detection("AYIYA", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_AYIYA,
- ndpi_search_ayiya,
- NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_THUNDER
- ndpi_set_bitmask_protocol_detection("THUNDER", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_THUNDER,
- ndpi_search_thunder,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_VNC
- ndpi_set_bitmask_protocol_detection("VNC", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_VNC,
- ndpi_search_vnc_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* SSH */
+ init_ssh_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_TEAMVIEWER
- ndpi_set_bitmask_protocol_detection("TEAMVIEWER", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_TEAMVIEWER,
- ndpi_search_teamview,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* AYIYA */
+ init_ayiya_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_DHCP
- ndpi_set_bitmask_protocol_detection("DHCP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_DHCP,
- ndpi_search_dhcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_SOCRATES
- ndpi_set_bitmask_protocol_detection("SOCRATES", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_SOCRATES,
- ndpi_search_socrates,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* THUNDER */
+ init_thunder_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_STEAM
- ndpi_set_bitmask_protocol_detection("STEAM", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_STEAM,
- ndpi_search_steam,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* VNC */
+ init_vnc_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_HALFLIFE2
- ndpi_set_bitmask_protocol_detection("HALFLIFE2", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_HALFLIFE2,
- ndpi_search_halflife2,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* TEAMVIEWER */
+ init_teamviewer_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_XBOX
- ndpi_set_bitmask_protocol_detection("XBOX", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_XBOX,
- ndpi_search_xbox,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC
- ndpi_set_bitmask_protocol_detection("HTTP_APPLICATION_ACTIVESYNC", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC,
- ndpi_search_activesync,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_SMB
- ndpi_set_bitmask_protocol_detection("SMB", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_SMB,
- ndpi_search_smb_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* DHCP */
+ init_dhcp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_TELNET
- ndpi_set_bitmask_protocol_detection("TELNET", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_TELNET,
- ndpi_search_telnet_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* SOCRATES */
+ init_socrates_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_NTP
- ndpi_set_bitmask_protocol_detection("NTP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_NTP,
- ndpi_search_ntp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* STEAM */
+ init_steam_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_NFS
- ndpi_set_bitmask_protocol_detection("NFS", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_NFS,
- ndpi_search_nfs,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* HALFLIFE2 */
+ init_halflife2_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_SSDP
- ndpi_set_bitmask_protocol_detection("SSDP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_SSDP,
- ndpi_search_ssdp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* XBOX */
+ init_xbox_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_WORLDOFWARCRAFT
- ndpi_set_bitmask_protocol_detection("WORLDOFWARCRAFT", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_WORLDOFWARCRAFT,
- ndpi_search_worldofwarcraft,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_POSTGRES
- ndpi_set_bitmask_protocol_detection("POSTGRES", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_POSTGRES,
- ndpi_search_postgres_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* HTTP_APPLICATION_ACTIVESYNC */
+ init_http_activesync_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_MYSQL
- ndpi_set_bitmask_protocol_detection("MYSQL", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_MYSQL,
- ndpi_search_mysql_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* SMB */
+ init_smb_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_BGP
- ndpi_set_bitmask_protocol_detection("BGP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_BGP,
- ndpi_search_bgp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* TELNET */
+ init_telnet_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_QUAKE
- ndpi_set_bitmask_protocol_detection("QUAKE", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_QUAKE,
- ndpi_search_quake,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* NTP */
+ init_ntp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_BATTLEFIELD
- ndpi_set_bitmask_protocol_detection("BATTLEFIELD", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_BATTLEFIELD,
- ndpi_search_battlefield,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* NFS */
+ init_nfs_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_PCANYWHERE
- ndpi_set_bitmask_protocol_detection("PCANYWHERE", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_PCANYWHERE,
- ndpi_search_pcanywhere,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_SNMP
- ndpi_set_bitmask_protocol_detection("SNMP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_SNMP,
- ndpi_search_snmp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_KONTIKI
- ndpi_set_bitmask_protocol_detection("KONTIKI", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_KONTIKI,
- ndpi_search_kontiki,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* SSDP */
+ init_ssdp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_ICECAST
- ndpi_set_bitmask_protocol_detection("ICECAST", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_ICECAST,
- ndpi_search_icecast_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+/* WORLD_OF_WARCRAFT */
+ init_world_of_warcraft_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_SHOUTCAST
- ndpi_set_bitmask_protocol_detection("SHOUTCAST", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_SHOUTCAST,
- ndpi_search_shoutcast_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* POSTGRES */
+ init_postgres_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV
- ndpi_set_bitmask_protocol_detection("HTTP_APPLICATION_VEOHTV", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV,
- ndpi_search_veohtv_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* MYSQL */
+ init_mysql_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_KERBEROS
- ndpi_set_bitmask_protocol_detection("KERBEROS", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_KERBEROS,
- ndpi_search_kerberos,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_OPENFT
- ndpi_set_bitmask_protocol_detection("OPENFT", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_OPENFT,
- ndpi_search_openft_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_SYSLOG
- ndpi_set_bitmask_protocol_detection("SYSLOG", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_SYSLOG,
- ndpi_search_syslog,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* BGP */
+ init_bgp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_TDS
- ndpi_set_bitmask_protocol_detection("TDS", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_TDS,
- ndpi_search_tds_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* QUAKE */
+ init_quake_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK
- ndpi_set_bitmask_protocol_detection("DIRECT_DOWNLOAD_LINK", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK,
- ndpi_search_direct_download_link_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* BATTLEFIELD */
+ init_battlefield_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_NETBIOS
- ndpi_set_bitmask_protocol_detection("NETBIOS", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_NETBIOS,
- ndpi_search_netbios,
- NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* PCANYWHERE */
+ init_pcanywhere_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_MDNS
- ndpi_set_bitmask_protocol_detection("MDNS", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_MDNS,
- ndpi_search_mdns,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* SNMP */
+ init_snmp_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* KONTIKI */
+ init_kontiki_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_IPP
- ndpi_set_bitmask_protocol_detection("IPP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_IPP,
- ndpi_search_ipp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* ICECAST */
+ init_icecast_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_LDAP
- ndpi_set_bitmask_protocol_detection("LDAP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_LDAP,
- ndpi_search_ldap,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* SHOUTCAST */
+ init_shoutcast_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_WARCRAFT3
- ndpi_set_bitmask_protocol_detection("WARCRAFT3", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_WARCRAFT3,
- ndpi_search_warcraft3,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* VEOHTV */
+ init_veohtv_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_XDMCP
- ndpi_set_bitmask_protocol_detection("XDMCP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_XDMCP,
- ndpi_search_xdmcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* KERBEROS */
+ init_kerberos_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_TFTP
- ndpi_set_bitmask_protocol_detection("TFTP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_TFTP,
- ndpi_search_tftp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_MSSQL
- ndpi_set_bitmask_protocol_detection("MSSQL", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_MSSQL,
- ndpi_search_mssql,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* OPENFT */
+ init_openft_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_PPTP
- ndpi_set_bitmask_protocol_detection("PPTP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_PPTP,
- ndpi_search_pptp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_STEALTHNET
- ndpi_set_bitmask_protocol_detection("STEALTHNET", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_STEALTHNET,
- ndpi_search_stealthnet,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_DHCPV6
- ndpi_set_bitmask_protocol_detection("DHCPV6", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_DHCPV6,
- ndpi_search_dhcpv6_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_MEEBO
- ndpi_set_bitmask_protocol_detection("Meebo", ndpi_struct, detection_bitmask, a,
- NDPI_PROTOCOL_MEEBO,
- ndpi_search_meebo,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
- /* Add protocol bitmask dependencies to detected bitmask*/
-#ifdef NDPI_CONTENT_FLASH
- NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_CONTENT_FLASH);
-#endif
- a++;
-#endif
+ /* SYSLOG */
+ init_syslog_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_AFP
- ndpi_set_bitmask_protocol_detection("AFP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_AFP,
- ndpi_search_afp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_AIMINI
- ndpi_set_bitmask_protocol_detection("AIMINI", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_AIMINI,
- ndpi_search_aimini,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_FLORENSIA
- ndpi_set_bitmask_protocol_detection("FLORENSIA", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_FLORENSIA,
- ndpi_search_florensia,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_MAPLESTORY
- ndpi_set_bitmask_protocol_detection("MAPLESTORY", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_MAPLESTORY,
- ndpi_search_maplestory,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_DOFUS
- ndpi_set_bitmask_protocol_detection("DOFUS", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_DOFUS,
- ndpi_search_dofus,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_WORLD_OF_KUNG_FU
- ndpi_set_bitmask_protocol_detection("WORLD_OF_KUNG_FU", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_WORLD_OF_KUNG_FU,
- ndpi_search_world_of_kung_fu,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_FIESTA
- ndpi_set_bitmask_protocol_detection("FIESTA", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_FIESTA,
- ndpi_search_fiesta,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_CROSSFIRE
- ndpi_set_bitmask_protocol_detection("CROSSFIRE", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_CROSSFIRE,
- ndpi_search_crossfire_tcp_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_GUILDWARS
- ndpi_set_bitmask_protocol_detection("GUILDWARS", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_GUILDWARS,
- ndpi_search_guildwars_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
-#ifdef NDPI_PROTOCOL_ARMAGETRON
- ndpi_set_bitmask_protocol_detection("ARMAGETRON", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_ARMAGETRON,
- ndpi_search_armagetron_udp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* TDS */
+ init_tds_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_DROPBOX
- ndpi_set_bitmask_protocol_detection("DROPBOX", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_DROPBOX,
- ndpi_search_dropbox,
- NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* DIRECT_DOWNLOAD_LINK */
+ init_directdownloadlink_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_SPOTIFY
- ndpi_set_bitmask_protocol_detection("SPOTIFY", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_SPOTIFY,
- ndpi_search_spotify,
- NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* NETBIOS */
+ init_netbios_dissector(ndpi_struct, &a, detection_bitmask);
+ /* MDNS */
+ init_mdns_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_RADIUS
- ndpi_set_bitmask_protocol_detection("RADIUS", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_RADIUS,
- ndpi_search_radius,
- NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* IPP */
+ init_ipp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_CITRIX
- ndpi_set_bitmask_protocol_detection("CITRIX", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_CITRIX,
- ndpi_search_citrix,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* LDAP */
+ init_ldap_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_LOTUS_NOTES
- ndpi_set_bitmask_protocol_detection("LOTUS_NOTES", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_LOTUS_NOTES,
- ndpi_search_lotus_notes,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* WARCRAFT3 */
+ init_warcraft3_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_GTP
- ndpi_set_bitmask_protocol_detection("GTP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_GTP,
- ndpi_search_gtp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* XDMCP */
+ init_xdmcp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_DCERPC
- ndpi_set_bitmask_protocol_detection("DCERPC", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_DCERPC,
- ndpi_search_dcerpc,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* TFTP */
+ init_tftp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_NETFLOW
- ndpi_set_bitmask_protocol_detection("NETFLOW", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_NETFLOW,
- ndpi_search_netflow,
- NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* MSSQL */
+ init_mssql_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_SFLOW
- ndpi_set_bitmask_protocol_detection("SFLOW", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_SFLOW,
- ndpi_search_sflow,
- NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* PPTP */
+ init_pptp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_H323
- ndpi_set_bitmask_protocol_detection("H323", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_H323,
- ndpi_search_h323,
- NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* STEALTHNET */
+ init_stealthnet_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_OPENVPN
- ndpi_set_bitmask_protocol_detection("OPENVPN", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_OPENVPN,
- ndpi_search_openvpn,
- NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* DHCPV6 */
+ init_dhcpv6_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_NOE
- ndpi_set_bitmask_protocol_detection("NOE", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_NOE,
- ndpi_search_noe,
- NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* MEEBO */
+ init_meebo_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_CISCOVPN
- ndpi_set_bitmask_protocol_detection("CISCOVPN", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_CISCOVPN,
- ndpi_search_ciscovpn,
- NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* AFP */
+ init_afp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_TEAMSPEAK
- ndpi_set_bitmask_protocol_detection("TEAMSPEAK", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_TEAMSPEAK,
- ndpi_search_teamspeak,
- NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* AIMINI */
+ init_aimini_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* FLORENSIA */
+ init_florensia_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_VIBER
- ndpi_set_bitmask_protocol_detection("VIBER", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_VIBER,
- ndpi_search_viber,
- NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* MAPLESTORY */
+ init_maplestory_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* DOFUS */
+ init_dofus_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_TOR
- ndpi_set_bitmask_protocol_detection("TOR", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_TOR,
- ndpi_search_tor,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* WORLD_OF_KUNG_FU */
+ init_world_of_kung_fu_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_SKINNY
- ndpi_set_bitmask_protocol_detection("SKINNY", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_SKINNY,
- ndpi_search_skinny,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* FIESTA */
+ init_fiesta_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_RTCP
- ndpi_set_bitmask_protocol_detection("RTCP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_RTCP,
- ndpi_search_rtcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* CROSSIFIRE */
+ init_crossfire_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* GUILDWARS */
+ init_guildwars_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* ARMAGETRON */
+ init_armagetron_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_RSYNC
- ndpi_set_bitmask_protocol_detection("RSYNC", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_RSYNC,
- ndpi_search_rsync,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* DROPBOX */
+ init_dropbox_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_WHOIS_DAS
- ndpi_set_bitmask_protocol_detection("WHOIS_DAS", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_WHOIS_DAS,
- ndpi_search_whois_das,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* SPOTIFY */
+ init_spotify_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_ORACLE
- ndpi_set_bitmask_protocol_detection("ORACLE", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_ORACLE,
- ndpi_search_oracle,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* RADIUS */
+ init_radius_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_CORBA
- ndpi_set_bitmask_protocol_detection("CORBA", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_CORBA,
- ndpi_search_corba,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* CITRIX */
+ init_citrix_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_RTMP
- ndpi_set_bitmask_protocol_detection("RTMP", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_RTMP,
- ndpi_search_rtmp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* LOTUS_NOTES */
+ init_lotus_notes_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_FTP_CONTROL
- ndpi_set_bitmask_protocol_detection("FTP_CONTROL", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_FTP_CONTROL,
- ndpi_search_ftp_control,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* GTP */
+ init_gtp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_FTP_DATA
- ndpi_set_bitmask_protocol_detection("FTP_DATA", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_FTP_DATA,
- ndpi_search_ftp_data,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* DCERPC */
+ init_dcerpc_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_PANDO
- ndpi_set_bitmask_protocol_detection("PANDO", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_PANDO,
- ndpi_search_pando,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* NETFLOW */
+ init_netflow_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_MEGACO
- ndpi_set_bitmask_protocol_detection("MEGACO", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_MEGACO,
- ndpi_search_megaco,
- NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* SFLOW */
+ init_sflow_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_REDIS
- ndpi_set_bitmask_protocol_detection("REDIS", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_REDIS,
- ndpi_search_redis,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* H323 */
+ init_h323_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_VHUA
- ndpi_set_bitmask_protocol_detection("VHUA", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_VHUA,
- ndpi_search_vhua,
- NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* OPENVPN */
+ init_openvpn_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_ZMQ
- ndpi_set_bitmask_protocol_detection("ZMQ", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_ZMQ,
- ndpi_search_zmq, /* TODO: add UDP support */
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* NOE */
+ init_noe_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* CISCOVPN */
+ init_ciscovpn_dissector(ndpi_struct, &a, detection_bitmask);
+ /* TEAMSPEAK */
+ init_teamspeak_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_SERVICE_TWITTER
- ndpi_set_bitmask_protocol_detection("TWITTER", ndpi_struct, detection_bitmask, a++,
- NDPI_SERVICE_TWITTER,
- ndpi_search_twitter,
- NDPI_SELECTION_BITMASK_PROTOCOL_TCP,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* VIBER */
+ init_viber_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_TELEGRAM
- ndpi_set_bitmask_protocol_detection("TELEGRAM", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_TELEGRAM,
- ndpi_search_telegram,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* TOR */
+ init_tor_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_QUIC
- ndpi_set_bitmask_protocol_detection("QUIC", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_QUIC,
- ndpi_search_quic,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* SKINNY */
+ init_skinny_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_PROTOCOL_EAQ
- ndpi_set_bitmask_protocol_detection("EAQ", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_EAQ,
- ndpi_search_eaq,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* RTCP */
+ init_rtcp_dissector(ndpi_struct, &a, detection_bitmask);
-#ifdef NDPI_SERVICE_KAKAOTALK_VOICE
- ndpi_set_bitmask_protocol_detection("KakaoTalk_Voice", ndpi_struct, detection_bitmask, a++,
- NDPI_SERVICE_KAKAOTALK_VOICE,
- ndpi_search_kakaotalk_voice,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
+ /* RSYNC */
+ init_rsync_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* WHOIS_DAS */
+ init_whois_das_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* ORACLE */
+ init_oracle_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* CORBA */
+ init_corba_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* RTMP */
+ init_rtmp_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* FTP_CONTROL */
+ init_ftp_control_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* FTP_DATA */
+ init_ftp_data_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* PANDO */
+ init_pando_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* MEGACO */
+ init_megaco_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* REDIS */
+ init_redis_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* VHUA */
+ init_vhua_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* ZMQ */
+ init_zmq_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* TWITTER */
+ init_twitter_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* TELEGRAM */
+ init_telegram_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* QUIC */
+ init_quic_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* EAQ */
+ init_eaq_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* KAKAOTALK_VOICE */
+ init_kakaotalk_voice_dissector(ndpi_struct, &a, detection_bitmask);
+
+ /* MPEGTS */
+ init_mpegts_dissector(ndpi_struct, &a, detection_bitmask);
+
+
+ /* ----------------------------------------------------------------- */
-#ifdef NDPI_PROTOCOL_MPEGTS
- ndpi_set_bitmask_protocol_detection("MPEG_TS", ndpi_struct, detection_bitmask, a++,
- NDPI_PROTOCOL_MPEGTS,
- ndpi_search_mpegts,
- NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-#endif
ndpi_struct->callback_buffer_size = a;
@@ -4377,6 +3363,11 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport);
flow->protocol_id_already_guessed = 1;
+
+ if((protocol != IPPROTO_TCP) && (protocol != IPPROTO_UDP)) {
+ flow->detected_protocol_stack[0] = flow->guessed_protocol_id;
+ goto ret_protocols;
+ }
}
#if 0
@@ -4404,9 +3395,12 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
}
ret_protocols:
- if(flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN)
+ if(flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) {
ret.master_protocol = flow->detected_protocol_stack[1], ret.protocol = flow->detected_protocol_stack[0];
- else
+
+ if(ret.protocol == ret.master_protocol)
+ ret.master_protocol = NDPI_PROTOCOL_UNKNOWN;
+ } else
ret.protocol = flow->detected_protocol_stack[0];
return(ret);
@@ -5188,7 +4182,12 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct
if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) {
rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, proto, shost, dhost, sport, dport);
if(rc != NDPI_PROTOCOL_UNKNOWN) {
- ret.protocol = rc;
+ ret.protocol = rc,
+ ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport);
+
+ if(ret.protocol == ret.master_protocol)
+ ret.master_protocol = NDPI_PROTOCOL_UNKNOWN;
+
return(ret);
}
@@ -5338,7 +4337,8 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) {
static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_automa *automa,
struct ndpi_flow_struct *flow,
- char *string_to_match, u_int string_to_match_len) {
+ char *string_to_match, u_int string_to_match_len,
+ u_int16_t master_protocol_id) {
int matching_protocol_id;
struct ndpi_packet_struct *packet = &flow->packet;
AC_TEXT_t ac_input_text;
@@ -5365,14 +4365,14 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str
strncpy(m, string_to_match, len);
m[len] = '\0';
- printf("[NDPI] ndpi_match_string_subprotocol(%s): %s\n", m, ndpi_struct->proto_defaults[matching_protocol_id].protoName);
+ printf("[NDPI] ndpi_match_host_subprotocol(%s): %s\n", m, ndpi_struct->proto_defaults[matching_protocol_id].protoName);
}
#endif
if(matching_protocol_id != NDPI_PROTOCOL_UNKNOWN) {
/* Move the protocol on slot 0 down one position */
- packet->detected_protocol_stack[1] = packet->detected_protocol_stack[0];
- packet->detected_protocol_stack[0] = matching_protocol_id;
+ packet->detected_protocol_stack[1] = master_protocol_id,
+ packet->detected_protocol_stack[0] = matching_protocol_id;
flow->detected_protocol_stack[0] = packet->detected_protocol_stack[0],
flow->detected_protocol_stack[1] = packet->detected_protocol_stack[1];
@@ -5390,20 +4390,24 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str
/* ****************************************************** */
-int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
+int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
- char *string_to_match, u_int string_to_match_len) {
+ char *string_to_match, u_int string_to_match_len,
+ u_int16_t master_protocol_id) {
return(ndpi_automa_match_string_subprotocol(ndpi_struct, &ndpi_struct->host_automa,
- flow, string_to_match, string_to_match_len));
+ flow, string_to_match, string_to_match_len,
+ master_protocol_id));
}
/* ****************************************************** */
int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
- char *string_to_match, u_int string_to_match_len) {
+ char *string_to_match, u_int string_to_match_len,
+ u_int16_t master_protocol_id) {
return(ndpi_automa_match_string_subprotocol(ndpi_struct, &ndpi_struct->content_automa,
- flow, string_to_match, string_to_match_len));
+ flow, string_to_match, string_to_match_len,
+ master_protocol_id));
}
/* ****************************************************** */
diff --git a/src/lib/protocols/afp.c b/src/lib/protocols/afp.c
index 2ed7b5ccc..1b5232494 100644
--- a/src/lib/protocols/afp.c
+++ b/src/lib/protocols/afp.c
@@ -71,4 +71,17 @@ void ndpi_search_afp(struct ndpi_detection_module_struct *ndpi_struct, struct nd
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_AFP);
}
+
+void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("AFP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_AFP,
+ ndpi_search_afp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
+
#endif
diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c
index 9fd5172cb..147762815 100644
--- a/src/lib/protocols/aimini.c
+++ b/src/lib/protocols/aimini.c
@@ -280,4 +280,18 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_AIMINI);
}
+
+
+void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Aimini", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_AIMINI,
+ ndpi_search_aimini,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/applejuice.c b/src/lib/protocols/applejuice.c
index 3ca4985a6..a7ef0ce65 100644
--- a/src/lib/protocols/applejuice.c
+++ b/src/lib/protocols/applejuice.c
@@ -54,4 +54,17 @@ void ndpi_search_applejuice_tcp(struct ndpi_detection_module_struct *ndpi_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_APPLEJUICE);
}
+
+void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("AppleJuice", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_APPLEJUICE,
+ ndpi_search_applejuice_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/armagetron.c b/src/lib/protocols/armagetron.c
index d97927b2e..c93c2a6df 100644
--- a/src/lib/protocols/armagetron.c
+++ b/src/lib/protocols/armagetron.c
@@ -22,8 +22,6 @@
*
*/
-
-
/* include files */
#include "ndpi_protocols.h"
#ifdef NDPI_PROTOCOL_ARMAGETRON
@@ -99,4 +97,19 @@ void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ARMAGETRON);
}
+
+
+void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Armagetron", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_ARMAGETRON,
+ ndpi_search_armagetron_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
+
#endif
diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c
index ea190ed47..59f319f9c 100644
--- a/src/lib/protocols/ayiya.c
+++ b/src/lib/protocols/ayiya.c
@@ -64,4 +64,18 @@ void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_AYIYA);
}
}
+
+
+void init_ayiya_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Ayiya", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_AYIYA,
+ ndpi_search_ayiya,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/battlefield.c b/src/lib/protocols/battlefield.c
index eef89afd1..6087e67a4 100644
--- a/src/lib/protocols/battlefield.c
+++ b/src/lib/protocols/battlefield.c
@@ -115,4 +115,16 @@ void ndpi_search_battlefield(struct ndpi_detection_module_struct *ndpi_struct, s
return;
}
+
+void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("BattleField", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_BATTLEFIELD,
+ ndpi_search_battlefield,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/bgp.c b/src/lib/protocols/bgp.c
index 6b937a453..8f293b611 100644
--- a/src/lib/protocols/bgp.c
+++ b/src/lib/protocols/bgp.c
@@ -54,4 +54,17 @@ void ndpi_search_bgp(struct ndpi_detection_module_struct *ndpi_struct, struct nd
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BGP);
}
+
+void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("BGP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_BGP,
+ ndpi_search_bgp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
+
#endif
diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c
index 358ad7523..5fa7c11b2 100644
--- a/src/lib/protocols/bittorrent.c
+++ b/src/lib/protocols/bittorrent.c
@@ -475,4 +475,17 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st
}
}
}
+
+
+void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("BitTorrent", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_BITTORRENT,
+ ndpi_search_bittorrent,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c
index 7d35a0cca..6c2fc1829 100644
--- a/src/lib/protocols/ciscovpn.c
+++ b/src/lib/protocols/ciscovpn.c
@@ -67,4 +67,17 @@ void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, stru
}
}
+
+
+void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("CiscoVPN", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_CISCOVPN,
+ ndpi_search_ciscovpn,
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c
index a5e6ef9de..d03c0cbe6 100644
--- a/src/lib/protocols/citrix.c
+++ b/src/lib/protocols/citrix.c
@@ -90,4 +90,16 @@ void ndpi_search_citrix(struct ndpi_detection_module_struct *ndpi_struct, struct
ndpi_check_citrix(ndpi_struct, flow);
}
+
+void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Citrix", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_CITRIX,
+ ndpi_search_citrix,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/collectd.c b/src/lib/protocols/collectd.c
index 61ed95327..7e6227980 100644
--- a/src/lib/protocols/collectd.c
+++ b/src/lib/protocols/collectd.c
@@ -50,4 +50,5 @@ void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, stru
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_COLLECTD);
}
}
+
#endif
diff --git a/src/lib/protocols/corba.c b/src/lib/protocols/corba.c
index c694d60a7..c16accc59 100644
--- a/src/lib/protocols/corba.c
+++ b/src/lib/protocols/corba.c
@@ -45,4 +45,16 @@ void ndpi_search_corba(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CORBA);
}
}
+
+
+void init_corba_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Corba", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_CORBA,
+ ndpi_search_corba,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
#endif
diff --git a/src/lib/protocols/crossfire.c b/src/lib/protocols/crossfire.c
index b70c7fceb..5dfddf5c3 100644
--- a/src/lib/protocols/crossfire.c
+++ b/src/lib/protocols/crossfire.c
@@ -22,7 +22,6 @@
*/
-
/* include files */
#include "ndpi_protocols.h"
#ifdef NDPI_PROTOCOL_CROSSFIRE
@@ -81,5 +80,15 @@ void ndpi_search_crossfire_tcp_udp(struct ndpi_detection_module_struct *ndpi_str
}
+void init_crossfire_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Crossfire", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_CROSSFIRE,
+ ndpi_search_crossfire_tcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
#endif
diff --git a/src/lib/protocols/dcerpc.c b/src/lib/protocols/dcerpc.c
index 4ae4a5d42..2537afd56 100644
--- a/src/lib/protocols/dcerpc.c
+++ b/src/lib/protocols/dcerpc.c
@@ -51,4 +51,16 @@ void ndpi_search_dcerpc(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DCERPC);
}
+
+void init_dcerpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("DCE_RPC", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_DCERPC,
+ ndpi_search_dcerpc,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c
index 4ae48cffb..cb78c9429 100644
--- a/src/lib/protocols/dhcp.c
+++ b/src/lib/protocols/dhcp.c
@@ -57,4 +57,17 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DHCP);
}
+
+
+void init_dhcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("DHCP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_DHCP,
+ ndpi_search_dhcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/dhcpv6.c b/src/lib/protocols/dhcpv6.c
index dcae86690..31d912b39 100644
--- a/src/lib/protocols/dhcpv6.c
+++ b/src/lib/protocols/dhcpv6.c
@@ -57,4 +57,16 @@ void ndpi_search_dhcpv6_udp(struct ndpi_detection_module_struct *ndpi_struct, st
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DHCPV6);
}
+
+void init_dhcpv6_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("DHCPV6", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_DHCPV6,
+ ndpi_search_dhcpv6_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c
index 67b09b501..e712df626 100644
--- a/src/lib/protocols/directconnect.c
+++ b/src/lib/protocols/directconnect.c
@@ -471,4 +471,17 @@ void ndpi_search_directconnect(struct ndpi_detection_module_struct
}
}
+
+void init_directconnect_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("DirectConnect", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_DIRECTCONNECT,
+ ndpi_search_directconnect,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c
index 1d79eac6a..846c60170 100644
--- a/src/lib/protocols/directdownloadlink.c
+++ b/src/lib/protocols/directdownloadlink.c
@@ -734,4 +734,16 @@ void ndpi_search_direct_download_link_tcp(struct ndpi_detection_module_struct *n
}
}
+
+void init_directdownloadlink_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Direct_Download_Link", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK,
+ ndpi_search_direct_download_link_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
#endif
diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 9db7c8c7a..787f9f4d7 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -265,9 +265,10 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
#endif
if(ndpi_struct->match_dns_host_names)
- ndpi_match_string_subprotocol(ndpi_struct, flow,
+ ndpi_match_host_subprotocol(ndpi_struct, flow,
(char *)flow->host_server_name,
- strlen((const char*)flow->host_server_name));
+ strlen((const char*)flow->host_server_name),
+ NDPI_PROTOCOL_DNS);
}
i++;
@@ -284,7 +285,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
/*
- Do not set the protocol with DNS if ndpi_match_string_subprotocol() has
+ Do not set the protocol with DNS if ndpi_match_host_subprotocol() has
matched a subprotocol
*/
NDPI_LOG(NDPI_PROTOCOL_DNS, ndpi_struct, NDPI_LOG_DEBUG, "found DNS.\n");
@@ -297,4 +298,18 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd
}
}
}
+
+
+void init_dns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("DNS", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_DNS,
+ ndpi_search_dns,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/dofus.c b/src/lib/protocols/dofus.c
index f514b8f6f..26ccdb444 100644
--- a/src/lib/protocols/dofus.c
+++ b/src/lib/protocols/dofus.c
@@ -145,4 +145,16 @@ void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DOFUS);
}
+
+void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Dofus", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_DOFUS,
+ ndpi_search_dofus,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
#endif
diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c
index c0104ccde..ec546d356 100644
--- a/src/lib/protocols/dropbox.c
+++ b/src/lib/protocols/dropbox.c
@@ -72,4 +72,18 @@ void ndpi_search_dropbox(struct ndpi_detection_module_struct *ndpi_struct, struc
}
}
+
+void init_dropbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("DROPBOX", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_DROPBOX,
+ ndpi_search_dropbox,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
+
+
#endif
diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c
index 9b610db14..7dfc5f778 100644
--- a/src/lib/protocols/eaq.c
+++ b/src/lib/protocols/eaq.c
@@ -70,4 +70,18 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd
} else
goto exclude_eaq;
}
+
+
+void init_eaq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("EAQ", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_EAQ,
+ ndpi_search_eaq,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c
index 51c4ed994..5196cc9e5 100644
--- a/src/lib/protocols/edonkey.c
+++ b/src/lib/protocols/edonkey.c
@@ -208,4 +208,17 @@ void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struc
}
}
+
+void init_edonkey_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("eDonkey", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_EDONKEY,
+ ndpi_search_edonkey,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c
index 2b998bda9..cb2f20343 100644
--- a/src/lib/protocols/fasttrack.c
+++ b/src/lib/protocols/fasttrack.c
@@ -79,4 +79,18 @@ void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct,
NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, "fasttrack/kazaa excluded.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FASTTRACK);
}
+
+
+void init_fasttrack_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("FastTrack", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_FASTTRACK,
+ ndpi_search_fasttrack_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/fiesta.c b/src/lib/protocols/fiesta.c
index c312d107f..a3e89af8f 100644
--- a/src/lib/protocols/fiesta.c
+++ b/src/lib/protocols/fiesta.c
@@ -22,8 +22,6 @@
*
*/
-
-
/* include files */
#include "ndpi_protocols.h"
#ifdef NDPI_PROTOCOL_FIESTA
@@ -94,4 +92,17 @@ void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct
ndpi_int_fiesta_add_connection(ndpi_struct, flow);
return;
}
+
+
+void init_fiesta_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Fiesta", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_FIESTA,
+ ndpi_search_fiesta,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
#endif
diff --git a/src/lib/protocols/filetopia.c b/src/lib/protocols/filetopia.c
index f6cf7bef5..167b63a8e 100644
--- a/src/lib/protocols/filetopia.c
+++ b/src/lib/protocols/filetopia.c
@@ -80,4 +80,16 @@ void ndpi_search_filetopia_tcp(struct ndpi_detection_module_struct *ndpi_struct,
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FILETOPIA);
}
+
+void init_filetopia_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Filetopia", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_FILETOPIA,
+ ndpi_search_filetopia_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/florensia.c b/src/lib/protocols/florensia.c
index b82265b00..c694a2939 100644
--- a/src/lib/protocols/florensia.c
+++ b/src/lib/protocols/florensia.c
@@ -119,4 +119,17 @@ void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, str
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FLORENSIA);
}
+
+void init_florensia_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Florensia", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_FLORENSIA,
+ ndpi_search_florensia,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c
index 9e9eb1761..8710096be 100644
--- a/src/lib/protocols/ftp_control.c
+++ b/src/lib/protocols/ftp_control.c
@@ -996,4 +996,17 @@ void ndpi_search_ftp_control(struct ndpi_detection_module_struct *ndpi_struct, s
}
}
+
+void init_ftp_control_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("FTP_CONTROL", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_FTP_CONTROL,
+ ndpi_search_ftp_control,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c
index 4eb28a908..e87b4402f 100644
--- a/src/lib/protocols/ftp_data.c
+++ b/src/lib/protocols/ftp_data.c
@@ -56,7 +56,6 @@ static int ndpi_match_ftp_data_directory(struct ndpi_detection_module_struct *nd
}
return 0;
-
}
static int ndpi_match_file_header(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
@@ -216,37 +215,17 @@ static int ndpi_match_file_header(struct ndpi_detection_module_struct *ndpi_stru
static void ndpi_check_ftp_data(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
- u_int32_t payload_len = packet->payload_packet_len;
-
- /* Check if we so far detected the protocol in the request or not. */
- if(flow->ftp_data_stage == 0) {
- NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "FTP_DATA stage 0: \n");
-
- if((payload_len > 0) && (ndpi_match_file_header(ndpi_struct, flow) || ndpi_match_ftp_data_directory(ndpi_struct, flow) || ndpi_match_ftp_data_port(ndpi_struct, flow))) {
- NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "Possible FTP_DATA request detected, we will look further for the response...\n");
-
- /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */
- flow->ftp_data_stage = packet->packet_direction + 1;
- }
- } else {
- NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "FTP_DATA stage %u: \n", flow->ftp_data_stage);
-
- /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */
- if((flow->ftp_data_stage - packet->packet_direction) == 1) {
- return;
- }
-
- /* This is a packet in another direction. Check if we find the proper response. */
- if(payload_len == 0) {
- NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "Found FTP_DATA.\n");
- ndpi_int_ftp_data_add_connection(ndpi_struct, flow);
- } else {
- NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to FTP_DATA, resetting the stage to 0...\n");
- flow->ftp_data_stage = 0;
- }
-
- }
+ if((packet->payload_packet_len > 0)
+ && (ndpi_match_file_header(ndpi_struct, flow)
+ || ndpi_match_ftp_data_directory(ndpi_struct, flow)
+ || ndpi_match_ftp_data_port(ndpi_struct, flow)
+ )
+ ) {
+ NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "Possible FTP_DATA request detected...\n");
+ ndpi_int_ftp_data_add_connection(ndpi_struct, flow);
+ } else
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_DATA);
}
void ndpi_search_ftp_data(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
@@ -259,17 +238,21 @@ void ndpi_search_ftp_data(struct ndpi_detection_module_struct *ndpi_struct, stru
return;
}
- /* skip marked or retransmitted packets */
- if(packet->tcp_retransmission != 0) {
- return;
- }
-
- if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_FTP_DATA) {
- return;
- }
-
NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "FTP_DATA detection...\n");
ndpi_check_ftp_data(ndpi_struct, flow);
}
+
+void init_ftp_data_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("FTP_DATA", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_FTP_DATA,
+ ndpi_search_ftp_data,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c
index cfd6ea74b..09d4d0852 100644
--- a/src/lib/protocols/gnutella.c
+++ b/src/lib/protocols/gnutella.c
@@ -371,4 +371,19 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_GNUTELLA);
}
+
+
+void init_gnutella_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Gnutella", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_GNUTELLA,
+ ndpi_search_gnutella,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
+
#endif
diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c
index eb5dd1f0d..ec2c1099e 100644
--- a/src/lib/protocols/gtp.c
+++ b/src/lib/protocols/gtp.c
@@ -82,4 +82,17 @@ void ndpi_search_gtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd
ndpi_check_gtp(ndpi_struct, flow);
}
+
+void init_gtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("GTP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_GTP,
+ ndpi_search_gtp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/guildwars.c b/src/lib/protocols/guildwars.c
index 34159d4be..108e5ee05 100644
--- a/src/lib/protocols/guildwars.c
+++ b/src/lib/protocols/guildwars.c
@@ -23,8 +23,6 @@
*/
-
-/* include files */
#include "ndpi_protocols.h"
#ifdef NDPI_PROTOCOL_GUILDWARS
@@ -68,4 +66,17 @@ void ndpi_search_guildwars_tcp(struct ndpi_detection_module_struct *ndpi_struct,
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_GUILDWARS);
}
+
+void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Guildwars", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_GUILDWARS,
+ ndpi_search_guildwars_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c
index 65d30bf67..1d503a747 100644
--- a/src/lib/protocols/h323.c
+++ b/src/lib/protocols/h323.c
@@ -94,4 +94,17 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n
}
}
+
+void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("H323", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_H323,
+ ndpi_search_h323,
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/halflife2_and_mods.c b/src/lib/protocols/halflife2_and_mods.c
index eb6ca3585..365ea21b5 100644
--- a/src/lib/protocols/halflife2_and_mods.c
+++ b/src/lib/protocols/halflife2_and_mods.c
@@ -62,4 +62,17 @@ void ndpi_search_halflife2(struct ndpi_detection_module_struct *ndpi_struct, str
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HALFLIFE2);
}
+
+void init_halflife2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("HalfLife2", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_HALFLIFE2,
+ ndpi_search_halflife2,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 1bebc3553..583adb341 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -177,7 +177,8 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc
*/
if(((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC73B9400 /* 199.59.148.0 */)
|| ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC73B9400 /* 199.59.148.0 */)) {
- packet->detected_protocol_stack[0] = NDPI_SERVICE_TWITTER;
+ packet->detected_protocol_stack[0] = NDPI_SERVICE_TWITTER,
+ packet->detected_protocol_stack[1] = NDPI_PROTOCOL_HTTP;
return;
}
@@ -188,7 +189,8 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc
*/
if(((ntohl(packet->iph->saddr) & 0xFFFFE000 /* 255.255.224.0 */) == 0x4535E000 /* 69.53.224.0 */)
|| ((ntohl(packet->iph->daddr) & 0xFFFFE000 /* 255.255.224.0 */) == 0x4535E000 /* 69.53.224.0 */)) {
- packet->detected_protocol_stack[0] = NDPI_SERVICE_NETFLIX;
+ packet->detected_protocol_stack[0] = NDPI_SERVICE_NETFLIX,
+ packet->detected_protocol_stack[1] = NDPI_PROTOCOL_HTTP;
return;
}
}
@@ -196,7 +198,7 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc
if((flow->l4.tcp.http_stage == 0)
|| (flow->http.url && flow->http_detected)) {
/* Try matching subprotocols */
- // ndpi_match_string_subprotocol(ndpi_struct, flow, (char*)packet->host_line.ptr, packet->host_line.len);
+ // ndpi_match_host_subprotocol(ndpi_struct, flow, (char*)packet->host_line.ptr, packet->host_line.len);
/*
NOTE
@@ -207,9 +209,13 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc
if(!ndpi_struct->http_dont_dissect_response) {
if(flow->http.url && flow->http_detected)
- ndpi_match_string_subprotocol(ndpi_struct, flow, (char *)&flow->http.url[7], strlen((const char *)&flow->http.url[7]));
+ ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)&flow->http.url[7],
+ strlen((const char *)&flow->http.url[7]),
+ NDPI_PROTOCOL_HTTP);
} else
- ndpi_match_string_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char *)flow->host_server_name));
+ ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name,
+ strlen((const char *)flow->host_server_name),
+ NDPI_PROTOCOL_HTTP);
}
}
@@ -344,10 +350,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type Line found %.*s\n",
packet->user_agent_line.len, packet->user_agent_line.ptr);
+#if 0
if((ndpi_struct->http_dont_dissect_response) || flow->http_detected)
ndpi_match_content_subprotocol(ndpi_struct, flow,
(char*)packet->user_agent_line.ptr,
- packet->user_agent_line.len);
+ packet->user_agent_line.len,
+ NDPI_PROTOCOL_HTTP);
+#endif
}
/* check for host line */
@@ -358,10 +367,11 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
packet->host_line.len, packet->host_line.ptr);
if((ndpi_struct->http_dont_dissect_response) || flow->http_detected)
- ndpi_match_content_subprotocol(ndpi_struct, flow,
- (char*)packet->host_line.ptr,
- packet->host_line.len);
-
+ ndpi_match_host_subprotocol(ndpi_struct, flow,
+ (char*)packet->host_line.ptr,
+ packet->host_line.len,
+ NDPI_PROTOCOL_HTTP);
+
/* Copy result for nDPI apps */
len = ndpi_min(packet->host_line.len, sizeof(flow->host_server_name)-1);
strncpy((char*)flow->host_server_name, (char*)packet->host_line.ptr, len);
@@ -376,16 +386,18 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
&& ((ndpi_struct->http_dont_dissect_response) || flow->http_detected))
- ndpi_match_string_subprotocol(ndpi_struct, flow,
+ ndpi_match_host_subprotocol(ndpi_struct, flow,
(char *)flow->host_server_name,
- strlen((const char *)flow->host_server_name));
+ strlen((const char *)flow->host_server_name),
+ NDPI_PROTOCOL_HTTP);
if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
&& ((ndpi_struct->http_dont_dissect_response) || flow->http_detected)
&& (packet->http_origin.len > 0))
- ndpi_match_string_subprotocol(ndpi_struct, flow,
+ ndpi_match_host_subprotocol(ndpi_struct, flow,
(char *)packet->http_origin.ptr,
- packet->http_origin.len);
+ packet->http_origin.len,
+ NDPI_PROTOCOL_HTTP);
if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) {
if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) {
@@ -427,7 +439,9 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_
packet->content_line.len, packet->content_line.ptr);
if((ndpi_struct->http_dont_dissect_response) || flow->http_detected)
- ndpi_match_content_subprotocol(ndpi_struct, flow, (char*)packet->content_line.ptr, packet->content_line.len);
+ ndpi_match_content_subprotocol(ndpi_struct, flow,
+ (char*)packet->content_line.ptr, packet->content_line.len,
+ NDPI_PROTOCOL_HTTP);
}
/* check user agent here too */
@@ -502,9 +516,6 @@ static u_int16_t http_request_url_offset(struct ndpi_detection_module_struct *nd
static void http_bitmask_exclude(struct ndpi_flow_struct *flow)
{
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP);
-#ifdef NDPI_PROTOCOL_WINDOWS_UPDATE
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WINDOWS_UPDATE);
-#endif
#ifdef NDPI_CONTENT_MPEG
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_MPEG);
#endif
@@ -761,7 +772,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
u_int16_t filename_start;
/* Check if we so far detected the protocol in the request or not. */
- if (flow->l4.tcp.http_stage == 0) {
+ if(flow->l4.tcp.http_stage == 0) {
flow->http_detected = 0;
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %d: \n",
@@ -770,10 +781,10 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
filename_start = http_request_url_offset(ndpi_struct, flow);
- if (filename_start == 0) {
+ if(filename_start == 0) {
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG,
"Filename HTTP not found, we look for possible truncate flow...\n");
- if (packet->payload_packet_len >= 7 && memcmp(packet->payload, "HTTP/1.", 7) == 0) {
+ if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "HTTP/1.", 7) == 0) {
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG,
"HTTP response found (truncated flow ?)\n");
ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP);
@@ -791,7 +802,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
ndpi_parse_packet_line_info(ndpi_struct, flow);
- if (packet->parsed_lines <= 1) {
+ if(packet->parsed_lines <= 1) {
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG,
"Found just one line, we will look further for the next packet...\n");
@@ -832,8 +843,6 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG,
"HTTP START Found, we will look for sub-protocols (content and host)...\n");
- check_content_type_and_change_protocol(ndpi_struct, flow);
-
if(packet->host_line.ptr != NULL) {
/*
nDPI is pretty scrupoulous about HTTP so it waits until the
@@ -852,21 +861,23 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2
}
+ check_content_type_and_change_protocol(ndpi_struct, flow);
+
return;
}
}
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: REQUEST NOT HTTP CONFORM\n");
http_bitmask_exclude(flow);
- } else if ((flow->l4.tcp.http_stage == 1) || (flow->l4.tcp.http_stage == 2)) {
+ } else if((flow->l4.tcp.http_stage == 1) || (flow->l4.tcp.http_stage == 2)) {
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %u: \n",
flow->l4.tcp.http_stage);
/* At first check, if this is for sure a response packet (in another direction. If not, if http is detected do nothing now and return,
* otherwise check the second packet for the http request . */
- if ((flow->l4.tcp.http_stage - packet->packet_direction) == 1) {
+ if((flow->l4.tcp.http_stage - packet->packet_direction) == 1) {
- if (flow->http_detected)
+ if(flow->http_detected)
return;
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG,
@@ -874,9 +885,9 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
ndpi_parse_packet_line_info(ndpi_struct, flow);
- if (packet->parsed_lines <= 1) {
+ if(packet->parsed_lines <= 1) {
/* wait some packets in case request is split over more than 2 packets */
- if (flow->packet_counter < 5) {
+ if(flow->packet_counter < 5) {
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG,
"line still not finished, search next packet\n");
return;
@@ -889,7 +900,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
}
}
// http://www.slideshare.net/DSPIP/rtsp-analysis-wireshark
- if (packet->line[0].len >= 9
+ if(packet->line[0].len >= 9
&& memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) {
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Found HTTP.\n");
@@ -906,7 +917,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
/* This is a packet in another direction. Check if we find the proper response. */
/* We have received a response for a previously identified partial HTTP request */
- if ((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) {
+ if((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) {
/*
In apache if you do "GET /\n\n" the response comes without any header so we can assume that
this can be the case
@@ -918,14 +929,14 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
}
/* If we already detected the http request, we can add the connection and then check for the sub-protocol*/
- if (flow->http_detected)
+ if(flow->http_detected)
ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP);
/* Parse packet line and we look for the subprotocols */
ndpi_parse_packet_line_info(ndpi_struct, flow);
check_content_type_and_change_protocol(ndpi_struct, flow);
- if (packet->empty_line_position_set != 0 || flow->l4.tcp.http_empty_line_seen == 1) {
+ if(packet->empty_line_position_set != 0 || flow->l4.tcp.http_empty_line_seen == 1) {
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "empty line. check_http_payload.\n");
check_http_payload(ndpi_struct, flow);
}
@@ -941,7 +952,7 @@ void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_packet_struct *packet = &flow->packet;
/* Break after 20 packets. */
- if (flow->packet_counter > 20) {
+ if(flow->packet_counter > 20) {
NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude HTTP.\n");
http_bitmask_exclude(flow);
return;
@@ -985,4 +996,157 @@ char* ndpi_get_http_content_type(struct ndpi_detection_module_struct *ndpi_mod,
return(flow->http.content_type);
}
+
+void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id,
+ NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("HTTP",ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_HTTP,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+
+#if 0
+ ndpi_set_bitmask_protocol_detection("HTTP_Proxy", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_HTTP_PROXY,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+
+#ifdef NDPI_CONTENT_MPEG
+ ndpi_set_bitmask_protocol_detection("MPEG", ndpi_struct, detection_bitmask, *id,
+ NDPI_CONTENT_MPEG,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_FLASH
+ ndpi_set_bitmask_protocol_detection("Flash", ndpi_struct, detection_bitmask, *id,
+ NDPI_CONTENT_FLASH,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_QUICKTIME
+ ndpi_set_bitmask_protocol_detection("QuickTime", ndpi_struct, detection_bitmask, *id,
+ NDPI_CONTENT_QUICKTIME,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_REALMEDIA
+ ndpi_set_bitmask_protocol_detection("RealMedia", ndpi_struct, detection_bitmask, *id,
+ NDPI_CONTENT_REALMEDIA,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_WINDOWSMEDIA
+ ndpi_set_bitmask_protocol_detection("WindowsMedia", ndpi_struct, detection_bitmask, *id,
+ NDPI_CONTENT_WINDOWSMEDIA,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_MMS
+ ndpi_set_bitmask_protocol_detection("MMS", ndpi_struct, detection_bitmask, *id,
+ NDPI_CONTENT_MMS,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_PROTOCOL_XBOX
+ ndpi_set_bitmask_protocol_detection("Xbox", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_XBOX,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_PROTOCOL_QQ
+ ndpi_set_bitmask_protocol_detection("QQ", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_QQ,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_AVI
+ ndpi_set_bitmask_protocol_detection("AVI", ndpi_struct, detection_bitmask, *id,
+ NDPI_CONTENT_AVI,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_OGG
+ ndpi_set_bitmask_protocol_detection("OggVorbis", ndpi_struct, detection_bitmask, *id,
+ NDPI_CONTENT_OGG,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_PROTOCOL_MOVE
+ ndpi_set_bitmask_protocol_detection("Move", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MOVE,
+ ndpi_search_http_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+
+ /* Update excluded protocol bitmask */
+ NDPI_BITMASK_SET(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask,
+ ndpi_struct->callback_buffer[a].detection_bitmask);
+
+ /*Delete protocol from exluded protocol bitmask*/
+ NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_UNKNOWN);
+
+ NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_QQ);
+
+#ifdef NDPI_CONTENT_FLASH
+ NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_CONTENT_FLASH);
+#endif
+
+ NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_CONTENT_MMS);
+ /* #ifdef NDPI_PROTOCOL_RTSP */
+ /* NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, */
+ /* NDPI_PROTOCOL_RTSP); */
+ /* #endif */
+ NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_XBOX);
+
+ NDPI_BITMASK_SET(ndpi_struct->generic_http_packet_bitmask, ndpi_struct->callback_buffer[a].detection_bitmask);
+
+ NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->generic_http_packet_bitmask, NDPI_PROTOCOL_UNKNOWN);
+
+ /* Update callback_buffer index */
+ a++;
+
+#endif
+
+}
+
#endif
diff --git a/src/lib/protocols/http_activesync.c b/src/lib/protocols/http_activesync.c
index b3d44c67e..8f17af8d6 100644
--- a/src/lib/protocols/http_activesync.c
+++ b/src/lib/protocols/http_activesync.c
@@ -51,4 +51,18 @@ void ndpi_search_activesync(struct ndpi_detection_module_struct *ndpi_struct, st
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC);
}
+
+
+void init_http_activesync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("HTTP_Application_ActiveSync", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC,
+ ndpi_search_activesync,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/iax.c b/src/lib/protocols/iax.c
index 79f4df8bf..84e039c2b 100644
--- a/src/lib/protocols/iax.c
+++ b/src/lib/protocols/iax.c
@@ -24,6 +24,7 @@
#include "ndpi_protocols.h"
+
#ifdef NDPI_PROTOCOL_IAX
#define NDPI_IAX_MAX_INFORMATION_ELEMENTS 15
@@ -91,4 +92,18 @@ void ndpi_search_iax(struct ndpi_detection_module_struct *ndpi_struct, struct nd
&& (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN))
ndpi_search_setup_iax(ndpi_struct, flow);
}
+
+
+void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("IAX", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IAX,
+ ndpi_search_iax,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/icecast.c b/src/lib/protocols/icecast.c
index b44dfd6cf..3e89cc043 100644
--- a/src/lib/protocols/icecast.c
+++ b/src/lib/protocols/icecast.c
@@ -88,4 +88,18 @@ void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, s
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ICECAST);
NDPI_LOG(NDPI_PROTOCOL_ICECAST, ndpi_struct, NDPI_LOG_DEBUG, "Icecast excluded.\n");
}
+
+
+void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("IceCast", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_ICECAST,
+ ndpi_search_icecast_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/imesh.c b/src/lib/protocols/imesh.c
index 463e4c0cd..e67019a43 100644
--- a/src/lib/protocols/imesh.c
+++ b/src/lib/protocols/imesh.c
@@ -291,4 +291,18 @@ void ndpi_search_imesh_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct,
packet->tcp != NULL ? flow->l4.tcp.imesh_stage : 0);
}
+
+
+void init_imesh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("iMESH", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IMESH,
+ ndpi_search_imesh_tcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/ipp.c b/src/lib/protocols/ipp.c
index ee11f0fb4..2135f297f 100644
--- a/src/lib/protocols/ipp.c
+++ b/src/lib/protocols/ipp.c
@@ -24,6 +24,7 @@
#include "ndpi_protocols.h"
+
#ifdef NDPI_PROTOCOL_IPP
static void ndpi_int_ipp_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
@@ -109,4 +110,17 @@ void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct nd
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_IPP);
}
+
+void init_ipp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("IPP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IPP,
+ ndpi_search_ipp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c
index 9f2d87a45..57c9f52bc 100644
--- a/src/lib/protocols/irc.c
+++ b/src/lib/protocols/irc.c
@@ -801,4 +801,17 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
}
}
+
+void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("IRC", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IRC,
+ ndpi_search_irc_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/jabber.c b/src/lib/protocols/jabber.c
index aea5db715..8457df7dd 100644
--- a/src/lib/protocols/jabber.c
+++ b/src/lib/protocols/jabber.c
@@ -304,4 +304,16 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st
#endif
}
+
+void init_jabber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Unencryped_Jabber", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_UNENCRYPED_JABBER,
+ ndpi_search_jabber_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
#endif
diff --git a/src/lib/protocols/kakaotalk_voice.c b/src/lib/protocols/kakaotalk_voice.c
index 3fd89bafc..38596e41d 100644
--- a/src/lib/protocols/kakaotalk_voice.c
+++ b/src/lib/protocols/kakaotalk_voice.c
@@ -59,4 +59,17 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struc
NDPI_LOG(NDPI_PROTOCOL_KAKAOTALK_VOICE, ndpi_struct, NDPI_LOG_DEBUG, "Exclude kakaotalk_voice.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_SERVICE_KAKAOTALK_VOICE);
}
+
+
+void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("KakaoTalk_Voice", ndpi_struct, detection_bitmask, *id,
+ NDPI_SERVICE_KAKAOTALK_VOICE,
+ ndpi_search_kakaotalk_voice,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c
index 137d6f102..b86b58a20 100644
--- a/src/lib/protocols/kerberos.c
+++ b/src/lib/protocols/kerberos.c
@@ -23,10 +23,8 @@
*/
-
-/* include files */
-
#include "ndpi_protocols.h"
+
#ifdef NDPI_PROTOCOL_KERBEROS
static void ndpi_int_kerberos_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
@@ -68,15 +66,21 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, stru
}
-
-
-
-
-
-
-
NDPI_LOG(NDPI_PROTOCOL_KERBEROS, ndpi_struct, NDPI_LOG_DEBUG, "no KERBEROS detected.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_KERBEROS);
}
+
+void init_kerberos_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Kerberos", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_KERBEROS,
+ ndpi_search_kerberos,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/kontiki.c b/src/lib/protocols/kontiki.c
index cd52abb00..6bd55cdc5 100644
--- a/src/lib/protocols/kontiki.c
+++ b/src/lib/protocols/kontiki.c
@@ -24,6 +24,7 @@
#include "ndpi_protocols.h"
+
#ifdef NDPI_PROTOCOL_KONTIKI
static void ndpi_int_kontiki_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
@@ -62,4 +63,17 @@ void ndpi_search_kontiki(struct ndpi_detection_module_struct *ndpi_struct, struc
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_KONTIKI);
}
+
+void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Kontiki", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_KONTIKI,
+ ndpi_search_kontiki,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/ldap.c b/src/lib/protocols/ldap.c
index e2c08d338..fee99a92d 100644
--- a/src/lib/protocols/ldap.c
+++ b/src/lib/protocols/ldap.c
@@ -23,10 +23,8 @@
*/
-
-/* include files */
-
#include "ndpi_protocols.h"
+
#ifdef NDPI_PROTOCOL_LDAP
static void ndpi_int_ldap_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
@@ -98,4 +96,17 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LDAP);
}
+
+void init_ldap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("LDAP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_LDAP,
+ ndpi_search_ldap,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/lotus_notes.c b/src/lib/protocols/lotus_notes.c
index 0d3ea0efe..d0b3aa50f 100644
--- a/src/lib/protocols/lotus_notes.c
+++ b/src/lib/protocols/lotus_notes.c
@@ -84,4 +84,17 @@ void ndpi_search_lotus_notes(struct ndpi_detection_module_struct *ndpi_struct, s
ndpi_check_lotus_notes(ndpi_struct, flow);
}
+
+void init_lotus_notes_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("LotusNotes", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_LOTUS_NOTES,
+ ndpi_search_lotus_notes,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c
index 0d53770d5..c62c1d366 100644
--- a/src/lib/protocols/mail_imap.c
+++ b/src/lib/protocols/mail_imap.c
@@ -24,6 +24,7 @@
#include "ndpi_protocols.h"
+
#ifdef NDPI_PROTOCOL_MAIL_IMAP
static void ndpi_int_mail_imap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
@@ -290,4 +291,18 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct,
NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, "exclude IMAP.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_IMAP);
}
+
+
+void init_mail_imap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("MAIL_IMAP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MAIL_IMAP,
+ ndpi_search_mail_imap_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c
index 1f7fa41f2..0e487c4a5 100644
--- a/src/lib/protocols/mail_pop.c
+++ b/src/lib/protocols/mail_pop.c
@@ -201,4 +201,18 @@ void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct
NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, "exclude mail_pop\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_POP);
}
+
+
+void init_mail_pop_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("MAIL_POP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MAIL_POP,
+ ndpi_search_mail_pop_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c
index f18c72ec5..37846930e 100644
--- a/src/lib/protocols/mail_smtp.c
+++ b/src/lib/protocols/mail_smtp.c
@@ -177,4 +177,17 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_SMTP);
}
+
+void init_mail_smtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("MAIL_SMTP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MAIL_SMTP,
+ ndpi_search_mail_smtp_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/maplestory.c b/src/lib/protocols/maplestory.c
index a49c39108..fa6feffd0 100644
--- a/src/lib/protocols/maplestory.c
+++ b/src/lib/protocols/maplestory.c
@@ -22,8 +22,6 @@
*
*/
-
-
#include "ndpi_api.h"
#ifdef NDPI_PROTOCOL_MAPLESTORY
@@ -83,4 +81,18 @@ void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, st
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAPLESTORY);
}
+
+
+void init_maplestory_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("MapleStory", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MAPLESTORY,
+ ndpi_search_maplestory,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c
index 22a2bc36a..8226ab93c 100644
--- a/src/lib/protocols/mdns.c
+++ b/src/lib/protocols/mdns.c
@@ -29,9 +29,6 @@
#define NDPI_MAX_MDNS_REQUESTS 128
-/*
-This module should detect MDNS
-*/
static void ndpi_int_mdns_add_connection(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
@@ -143,4 +140,18 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MDNS);
}
+
+
+void init_mdns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("MDNS", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MDNS,
+ ndpi_search_mdns,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/meebo.c b/src/lib/protocols/meebo.c
index dda7f2c7c..a31f45a34 100644
--- a/src/lib/protocols/meebo.c
+++ b/src/lib/protocols/meebo.c
@@ -159,4 +159,23 @@ void ndpi_search_meebo(struct ndpi_detection_module_struct
NDPI_LOG(NDPI_PROTOCOL_MEEBO, ndpi_struct, NDPI_LOG_DEBUG, "exclude meebo.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MEEBO);
}
+
+
+void init_meebo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Meebo", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MEEBO,
+ ndpi_search_meebo,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ /* Add protocol bitmask dependencies to detected bitmask*/
+#ifdef NDPI_CONTENT_FLASH
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[*id].detection_bitmask, NDPI_CONTENT_FLASH);
+#endif
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/megaco.c b/src/lib/protocols/megaco.c
index 151210c9c..7b7d910de 100644
--- a/src/lib/protocols/megaco.c
+++ b/src/lib/protocols/megaco.c
@@ -46,4 +46,16 @@ void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MEGACO);
}
+
+void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Megaco", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MEGACO,
+ ndpi_search_megaco,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
#endif
diff --git a/src/lib/protocols/mgcp.c b/src/lib/protocols/mgcp.c
index 56e60e18c..f33ffd8ad 100644
--- a/src/lib/protocols/mgcp.c
+++ b/src/lib/protocols/mgcp.c
@@ -95,8 +95,20 @@ __forceinline static
void ndpi_search_mgcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
+ ndpi_search_mgcp_connection(ndpi_struct, flow);
+}
- ndpi_search_mgcp_connection(ndpi_struct, flow);
+void init_mgpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("MGCP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MGCP,
+ ndpi_search_mgcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
}
+
#endif
diff --git a/src/lib/protocols/mms.c b/src/lib/protocols/mms.c
index 67d4002db..d6b4edbca 100644
--- a/src/lib/protocols/mms.c
+++ b/src/lib/protocols/mms.c
@@ -77,4 +77,18 @@ void ndpi_search_mms_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
#endif /* NDPI_PROTOCOL_HTTP */
}
+
+
+void init_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("MMS", ndpi_struct, detection_bitmask, *id,
+ NDPI_CONTENT_MMS,
+ ndpi_search_mms_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/mpegts.c b/src/lib/protocols/mpegts.c
index a6ea4b81f..e351eade4 100644
--- a/src/lib/protocols/mpegts.c
+++ b/src/lib/protocols/mpegts.c
@@ -50,4 +50,18 @@ void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_LOG(NDPI_PROTOCOL_MPEGTS, ndpi_struct, NDPI_LOG_DEBUG, "Excluded MPEGTS.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MPEGTS);
}
+
+
+void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("MPEG_TS", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MPEGTS,
+ ndpi_search_mpegts,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c
index 24baf653f..af537d7ff 100644
--- a/src/lib/protocols/msn.c
+++ b/src/lib/protocols/msn.c
@@ -92,8 +92,6 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
}
#endif
-
-
/* we detect the initial connection only ! */
/* match: "VER " ..... "CVR" x 0x0d 0x0a
* len should be small, lets say less than 100 bytes
@@ -396,9 +394,6 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct
}
}
-
-
-
/* finished examining the secone packet only */
/* direct user connection (file transfer,...) */
@@ -560,4 +555,20 @@ void ndpi_search_msn(struct ndpi_detection_module_struct *ndpi_struct, struct nd
}
}
+
+void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+
+ NDPI_BITMASK_RESET(ndpi_struct->callback_buffer[*id].excluded_protocol_bitmask);
+
+ ndpi_set_bitmask_protocol_detection("MSN", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MSN,
+ ndpi_search_msn,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/mssql.c b/src/lib/protocols/mssql.c
index d270cd6fd..51f44df6d 100644
--- a/src/lib/protocols/mssql.c
+++ b/src/lib/protocols/mssql.c
@@ -23,10 +23,8 @@
*/
-
-/* include files */
-
#include "ndpi_protocols.h"
+
#ifdef NDPI_PROTOCOL_MSSQL
static void ndpi_int_mssql_add_connection(struct ndpi_detection_module_struct
@@ -53,4 +51,18 @@ void ndpi_search_mssql(struct ndpi_detection_module_struct
NDPI_LOG(NDPI_PROTOCOL_MSSQL, ndpi_struct, NDPI_LOG_DEBUG, "exclude mssql.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSSQL);
}
+
+
+void init_mssql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("MsSQL", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MSSQL,
+ ndpi_search_mssql,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/mysql.c b/src/lib/protocols/mysql.c
index d23ce29f5..c1714da3c 100644
--- a/src/lib/protocols/mysql.c
+++ b/src/lib/protocols/mysql.c
@@ -24,6 +24,7 @@
#include "ndpi_protocols.h"
+
#ifdef NDPI_PROTOCOL_MYSQL
static void ndpi_int_mysql_add_connection(struct ndpi_detection_module_struct
@@ -66,4 +67,17 @@ void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, str
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MYSQL);
}
+
+void init_mysql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("MySQL", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_MYSQL,
+ ndpi_search_mysql_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c
index 556142237..a651f9219 100644
--- a/src/lib/protocols/netbios.c
+++ b/src/lib/protocols/netbios.c
@@ -365,4 +365,18 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NETBIOS);
}
+
+
+void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("NETBIOS", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_NETBIOS,
+ ndpi_search_netbios,
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c
index 0f059b582..31d679765 100644
--- a/src/lib/protocols/netflow.c
+++ b/src/lib/protocols/netflow.c
@@ -90,4 +90,17 @@ void ndpi_search_netflow(struct ndpi_detection_module_struct *ndpi_struct, struc
ndpi_check_netflow(ndpi_struct, flow);
}
+
+void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("NetFlow", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_NETFLOW,
+ ndpi_search_netflow,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/nfs.c b/src/lib/protocols/nfs.c
index c411902fc..36fc007d6 100644
--- a/src/lib/protocols/nfs.c
+++ b/src/lib/protocols/nfs.c
@@ -24,6 +24,7 @@
#include "ndpi_protocols.h"
+
#ifdef NDPI_PROTOCOL_NFS
static void ndpi_int_nfs_add_connection(struct ndpi_detection_module_struct
@@ -83,4 +84,17 @@ void ndpi_search_nfs(struct ndpi_detection_module_struct *ndpi_struct, struct nd
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NFS);
}
+
+void init_nfs_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("NFS", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_NFS,
+ ndpi_search_nfs,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/noe.c b/src/lib/protocols/noe.c
index d9cd11e51..814cfc4a0 100644
--- a/src/lib/protocols/noe.c
+++ b/src/lib/protocols/noe.c
@@ -8,8 +8,8 @@
#include "ndpi_api.h"
-
#ifdef NDPI_PROTOCOL_NOE
+
static void ndpi_int_noe_add_connection(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
@@ -49,4 +49,18 @@ void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct nd
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NOE);
}
}
+
+
+void init_noe_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("NOE", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_NOE,
+ ndpi_search_noe,
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c
index 753ece393..fa3163e74 100644
--- a/src/lib/protocols/non_tcp_udp.c
+++ b/src/lib/protocols/non_tcp_udp.c
@@ -104,4 +104,95 @@ void ndpi_search_in_non_tcp_udp(struct ndpi_detection_module_struct
}
}
+
+void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+
+ /* always add non tcp/udp if one protocol is compiled in */
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[*id].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+
+#ifdef NDPI_CONTENT_IP_IPSEC
+ ndpi_set_bitmask_protocol_detection("IP_IPSEC", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IP_IPSEC,
+ ndpi_search_in_non_tcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_IP_GRE
+ ndpi_set_bitmask_protocol_detection("IP_GRE", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IP_GRE,
+ ndpi_search_in_non_tcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_IP_ICMP
+ ndpi_set_bitmask_protocol_detection("IP_ICMP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IP_ICMP,
+ ndpi_search_in_non_tcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_IP_IGMP
+ ndpi_set_bitmask_protocol_detection("IP_IGMP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IP_IGMP,
+ ndpi_search_in_non_tcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_IP_EGP
+ ndpi_set_bitmask_protocol_detection("IP_EGP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IP_EGP,
+ ndpi_search_in_non_tcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_IP_SCTP
+ ndpi_set_bitmask_protocol_detection("IP_SCTP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IP_SCTP,
+ ndpi_search_in_non_tcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_IP_OSPF
+ ndpi_set_bitmask_protocol_detection("IP_OSPF", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IP_OSPF,
+ ndpi_search_in_non_tcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_IP_IP_IN_IP
+ ndpi_set_bitmask_protocol_detection("IP_IP_IN_IP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IP_IP_IN_IP,
+ ndpi_search_in_non_tcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+#ifdef NDPI_CONTENT_IP_ICMPV6
+ ndpi_set_bitmask_protocol_detection("IP_ICMPV6", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_IP_ICMPV6,
+ ndpi_search_in_non_tcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+#endif
+
+}
+
#endif
diff --git a/src/lib/protocols/ntp.c b/src/lib/protocols/ntp.c
index 233317a57..a0fa92a20 100644
--- a/src/lib/protocols/ntp.c
+++ b/src/lib/protocols/ntp.c
@@ -74,4 +74,17 @@ void ndpi_search_ntp_udp(struct ndpi_detection_module_struct *ndpi_struct, struc
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NTP);
}
+
+void init_ntp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("NTP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_NTP,
+ ndpi_search_ntp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/openft.c b/src/lib/protocols/openft.c
index 8402263d3..c4a10645b 100644
--- a/src/lib/protocols/openft.c
+++ b/src/lib/protocols/openft.c
@@ -53,4 +53,18 @@ void ndpi_search_openft_tcp(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OPENFT);
}
+
+
+void init_openft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("OpenFT", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_OPENFT,
+ ndpi_search_openft_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/openvpn.c b/src/lib/protocols/openvpn.c
index 4b9f725d3..9005dc3ff 100644
--- a/src/lib/protocols/openvpn.c
+++ b/src/lib/protocols/openvpn.c
@@ -62,4 +62,17 @@ void ndpi_search_openvpn(struct ndpi_detection_module_struct* ndpi_struct,
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OPENVPN);
}
+
+void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("OpenVPN", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_OPENVPN,
+ ndpi_search_openvpn,
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/oracle.c b/src/lib/protocols/oracle.c
index daeb76e7c..0a12b8676 100644
--- a/src/lib/protocols/oracle.c
+++ b/src/lib/protocols/oracle.c
@@ -59,4 +59,18 @@ void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ORACLE);
}
}
+
+
+void init_oracle_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Oracle", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_ORACLE,
+ ndpi_search_oracle,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/oscar.c b/src/lib/protocols/oscar.c
index e287f4de7..7222768c3 100644
--- a/src/lib/protocols/oscar.c
+++ b/src/lib/protocols/oscar.c
@@ -19,17 +19,60 @@
*
* You should have received a copy of the GNU Lesser General Public License
* along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
+ *
*/
#include "ndpi_api.h"
+#define FLAPVERSION 0x00000001
+
+/* Flap channels */
+#define SIGNON 0x01
+#define DATA 0x02
+#define ERROR 0x03
+#define SIGNOFF 0x04
+#define KEEP_ALIVE 0x05
+
+/* Signon tags */
+#define SCREEN_NAME 0x0001
+#define PASSWD 0x0002
+#define CLIENT_NAME 0x0003
+#define BOS 0x0005
+#define LOGIN_COOKIE 0x0006
+#define MAJOR_VERSION 0x0017
+#define MINOR_VERSION 0x0018
+#define POINT_VERSION 0x0019
+#define BUILD_NUM 0x001a
+#define MULTICONN_FLAGS 0x004a
+#define CLIENT_LANG 0x00OF
+#define CLIENT_CNTRY 0x00OE
+#define CLIENT_RECONNECT 0x0094
+
+/* Family */
+#define GE_SE_CTL 0x0001
+#define LOC_SRV 0x0002
+#define BUDDY_LIST 0x0003
+#define IM 0x0004
+#define IS 0x0006
+#define ACC_ADM 0x0007
+#define POPUP 0x0008
+#define PMS 0x0009
+#define USS 0x000b
+#define CHAT_ROOM_SETUP 0x000d
+#define CHAT_ROOM_ACT 0x000e
+#define USER_SRCH 0x000f
+#define BUDDY_ICON_SERVER 0x0010
+#define SERVER_STORED_INFO 0x0013
+#define ICQ 0x0015
+#define INIT_AUTH 0x0017
+#define EMAIL 0x0018
+#define IS_EXT 0x0085
#ifdef NDPI_PROTOCOL_OSCAR
static void ndpi_int_oscar_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */)
+ struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
@@ -46,50 +89,520 @@ static void ndpi_int_oscar_add_connection(struct ndpi_detection_module_struct *n
}
}
+/**
+ Oscar connection work on FLAP protocol.
+
+ FLAP is a low-level communications protocol that facilitates the development of higher-level, datagram-oriented, communications layers.
+ It is used on the TCP connection between all clients and servers.
+ Here is format of FLAP datagram
+**/
static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
- struct ndpi_packet_struct *packet = &flow->packet;
-
- struct ndpi_id_struct *src = flow->src;
- struct ndpi_id_struct *dst = flow->dst;
- if (packet->payload_packet_len >= 10 && packet->payload[0] == 0x2a) {
-
- /* if is a oscar connection, 10 bytes long */
-
- /* OSCAR Connection :: Connection detected at initial packets only
- * +----+----+------+------+---------------+
- * |0x2a|Code|SeqNum|PktLen|ProtcolVersion |
- * +----+----+------+------+---------------+
- * Code 1 Byte : 0x01 Oscar Connection
- * SeqNum and PktLen are 2 Bytes each and ProtcolVersion: 0x00000001
- * */
- if (get_u_int8_t(packet->payload, 1) == 0x01 && get_u_int16_t(packet->payload, 4) == htons(packet->payload_packet_len - 6)
- && get_u_int32_t(packet->payload, 6) == htonl(0x0000000001)) {
- NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Connection FOUND \n");
- ndpi_int_oscar_add_connection(ndpi_struct, flow);
- return;
- }
- /* OSCAR IM
- * +----+----+------+------+----------+-----------+
- * |0x2a|Code|SeqNum|PktLen|FNACfamily|FNACsubtype|
- * +----+----+------+------+----------+-----------+
- * Code 1 Byte : 0x02 SNAC Header Code;
- * SeqNum and PktLen are 2 Bytes each
- * FNACfamily 2 Byte : 0x0004 IM Messaging
- * FNACEsubtype 2 Byte : 0x0006 IM Outgoing Message, 0x000c IM Message Acknowledgment
- * */
- if (packet->payload[1] == 0x02
- && ntohs(get_u_int16_t(packet->payload, 4)) >=
- packet->payload_packet_len - 6 && get_u_int16_t(packet->payload, 6) == htons(0x0004)
- && (get_u_int16_t(packet->payload, 8) == htons(0x0006)
- || get_u_int16_t(packet->payload, 8) == htons(0x000c))) {
- NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR IM Detected \n");
- ndpi_int_oscar_add_connection(ndpi_struct, flow);
- return;
+ int excluded = 0;
+ u_int8_t channel;
+ u_int16_t family;
+ u_int16_t type;
+ u_int16_t flag;
+ u_int32_t req_ID;
+
+ struct ndpi_packet_struct * packet = &flow->packet;
+
+ struct ndpi_id_struct * src = flow->src;
+ struct ndpi_id_struct * dst = flow->dst;
+
+ /* FLAP__Header
+ *
+ * [ 6 byte FLAP header ]
+ * +-----------+--------------+-------------+--------------+
+ * | 0x2a (1B) | Channel (1B) | SeqNum (2B) | PyldLen (2B) |
+ * +-----------+--------------+-------------+--------------+
+ *
+ * [ 4 byte of data ]
+ *
+ * */
+ if (packet->payload_packet_len >= 6 && packet->payload[0] == 0x2a)
+ {
+
+ /* FLAP__FRAME_TYPE (Channel)*/
+ u_int8_t channel = get_u_int8_t(packet->payload, 1);
+
+ /*
+ Initialize the FLAP connection.
+
+ SIGNON -> FLAP__SIGNON_FRAME
+ +--------------------------------------------------+
+ + FLAP__Header | 6 byte +
+ + FlapVersion | 4 byte (Always 1 = 0x00000001) +
+ + TLVs | [Class: FLAP__SIGNON_TAGS] TLVs +
+ +--------------------------------------------------+
+ */
+ if (channel == SIGNON &&
+ get_u_int16_t(packet->payload, 4) == htons(packet->payload_packet_len - 6) &&
+ get_u_int32_t(packet->payload, 6) == htonl(FLAPVERSION))
+ {
+
+ /* No TLVs */
+ if(packet->payload_packet_len == 10)
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Sign In \n");
+ ndpi_int_oscar_add_connection(ndpi_struct, flow);
+ return;
+ }
+ /* /\* SCREEN_NAME *\/ */
+ /* if (get_u_int16_t(packet->payload, 10) == htons(SCREEN_NAME)) /\* packet->payload[10] == 0x00 && packet->payload[11] == 0x01 *\/ */
+ /* { */
+ /* NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Screen Name \n"); */
+ /* ndpi_int_oscar_add_connection(ndpi_struct, flow); */
+ /* return; */
+ /* } */
+ /* /\* PASSWD *\/ */
+ /* if (get_u_int16_t(packet->payload, 10) == htons(PASSWD)) /\* packet->payload[10] == 0x00 && packet->payload[11] == 0x02 *\/ */
+ /* { */
+ /* NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Password (roasted) \n"); */
+ /* ndpi_int_oscar_add_connection(ndpi_struct, flow); */
+ /* return; */
+ /* } */
+ /* CLIENT_NAME */
+ if (get_u_int16_t(packet->payload, 10) == htons(CLIENT_NAME)) /* packet->payload[10] == 0x00 && packet->payload[11] == 0x03 */
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Client Name \n");
+ ndpi_int_oscar_add_connection(ndpi_struct, flow);
+ return;
+ }
+ /* LOGIN_COOKIE */
+ if (get_u_int16_t(packet->payload, 10) == htons(LOGIN_COOKIE) &&
+ get_u_int16_t(packet->payload, 12) == htons(0x0100))
+ {
+ if(get_u_int16_t(packet->payload, packet->payload_packet_len - 5) == htons(MULTICONN_FLAGS)) /* MULTICONN_FLAGS */
+ {
+ if(get_u_int16_t(packet->payload, packet->payload_packet_len - 3) == htons(0x0001))
+ if((get_u_int8_t(packet->payload, packet->payload_packet_len - 1) == 0x00) ||
+ (get_u_int8_t(packet->payload, packet->payload_packet_len - 1) == 0x01) ||
+ (get_u_int8_t(packet->payload, packet->payload_packet_len - 1) == 0x03))
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Login \n");
+ ndpi_int_oscar_add_connection(ndpi_struct, flow);
+ return;
+ }
+ }
+ }
+ /* MAJOR_VERSION */
+ if (get_u_int16_t(packet->payload, 10) == htons(MAJOR_VERSION))
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Major_Version \n");
+ ndpi_int_oscar_add_connection(ndpi_struct, flow);
+ return;
+ }
+ /* MINOR_VERSION */
+ if (get_u_int16_t(packet->payload, 10) == htons(MINOR_VERSION))
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Minor_Version \n");
+ ndpi_int_oscar_add_connection(ndpi_struct, flow);
+ return;
+ }
+ /* POINT_VERSION */
+ if (get_u_int16_t(packet->payload, 10) == htons(POINT_VERSION))
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Point_Version \n");
+ ndpi_int_oscar_add_connection(ndpi_struct, flow);
+ return;
+ }
+ /* BUILD_NUM */
+ if (get_u_int16_t(packet->payload, 10) == htons(BUILD_NUM))
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Build_Num \n");
+ ndpi_int_oscar_add_connection(ndpi_struct, flow);
+ return;
+ }
+ /* CLIENT_RECONNECT */
+ if (get_u_int16_t(packet->payload, 10) == htons(CLIENT_RECONNECT))
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Client_Reconnect \n");
+ ndpi_int_oscar_add_connection(ndpi_struct, flow);
+ return;
+ }
+ }
+
+ /*
+ Messages using the FLAP connection, usually a SNAC message.
+
+ DATA -> FLAP__DATA_FRAME
+ +-------------------------+
+ + FLAP__Header | 6 byte +
+ + SNAC__Header | 10 byte +
+ + snac | +
+ +-------------------------+
+
+ SNAC__Header
+ +----------------------------------------------+
+ + ID | 4 byte (2 foodgroup + 2 type) +
+ + FLAGS | 2 byte +
+ + requestId | 4 byte +
+ +----------------------------------------------+
+ */
+ if (channel == DATA)
+ {
+ family = get_u_int16_t(packet->payload, 6);
+ type = get_u_int16_t(packet->payload, 8);
+ flag = get_u_int16_t(packet->payload, 10);
+ req_ID = get_u_int32_t(packet->payload, 12);
+
+ /* Family 0x0001 */
+ if (family == htons(GE_SE_CTL))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ case (0x0005): break;
+ case (0x0006): break;
+ case (0x0007): break;
+ case (0x0008): break;
+ case (0x0009): break;
+ case (0x000a): break;
+ case (0x000b): break;
+ case (0x000c): break;
+ case (0x000d): break;
+ case (0x000e): break;
+ case (0x000f): break;
+ case (0x0010): break;
+ case (0x0011): break;
+ case (0x0012): break;
+ case (0x0013): break;
+ case (0x0014): break;
+ case (0x0015): break;
+ case (0x0016): break;
+ case (0x0017): break;
+ case (0x0018): break;
+ case (0x001e): break;
+ case (0x001f): break;
+ case (0x0020): break;
+ case (0x0021): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x0002 */
+ if (family == htons(LOC_SRV))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ case (0x0005): break;
+ case (0x0006): break;
+ case (0x0007): break;
+ case (0x0008): break;
+ case (0x0009): break;
+ case (0x000a): break;
+ case (0x000b): break;
+ case (0x000c): break;
+ case (0x000f): break;
+ case (0x0010): break;
+ case (0x0015): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x0003 */
+ if (family == htons(BUDDY_LIST))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ case (0x0005): break;
+ case (0x0006): break;
+ case (0x0007): break;
+ case (0x0008): break;
+ case (0x0009): break;
+ case (0x000a): break;
+ case (0x000b): break;
+ case (0x000c): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x0004 */
+ if (family == htons(IM))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ case (0x0005): break;
+ case (0x0006): break;
+ case (0x0007): break;
+ case (0x0008): break;
+ case (0x0009): break;
+ case (0x000a): break;
+ case (0x000b): break;
+ case (0x000c): break;
+ case (0x0014): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x0006 */
+ if (family == htons(IS))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x0007 */
+ if (family == htons(ACC_ADM))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ case (0x0005): break;
+ case (0x0006): break;
+ case (0x0007): break;
+ case (0x0008): break;
+ case (0x0009): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x0008 */
+ if (family == htons(POPUP))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x0009 */
+ if (family == htons(PMS))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ case (0x0005): break;
+ case (0x0006): break;
+ case (0x0007): break;
+ case (0x0008): break;
+ case (0x0009): break;
+ case (0x000a): break;
+ case (0x000b): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x000b */
+ if (family == htons(USS))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x000d */
+ if (family == htons(CHAT_ROOM_SETUP))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ case (0x0005): break;
+ case (0x0006): break;
+ case (0x0007): break;
+ case (0x0008): break;
+ case (0x0009): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x000e */
+ if (family == htons(CHAT_ROOM_ACT))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ case (0x0005): break;
+ case (0x0006): break;
+ case (0x0007): break;
+ case (0x0008): break;
+ case (0x0009): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x000f */
+ if (family == htons(USER_SRCH))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ case (0x0005): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x0010 */
+ if (family == htons(BUDDY_ICON_SERVER))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ case (0x0005): break;
+ case (0x0006): break;
+ case (0x0007): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x0013 */
+ if (family == htons(SERVER_STORED_INFO))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ case (0x0005): break;
+ case (0x0006): break;
+ case (0x0007): break;
+ case (0x0008): break;
+ case (0x0009): break;
+ case (0x000a): break;
+ case (0x000e): break;
+ case (0x000f): break;
+ case (0x0011): break;
+ case (0x0012): break;
+ case (0x0014): break;
+ case (0x0015): break;
+ case (0x0016): break;
+ case (0x0018): break;
+ case (0x001a): break;
+ case (0x001b): break;
+ case (0x001c): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x0015 */
+ if (family == htons(ICQ))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x0017 */
+ if (family == htons(INIT_AUTH))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ case (0x0004): break;
+ case (0x0005): break;
+ case (0x0006): break;
+ case (0x0007): break;
+ case (0x000a): break;
+ case (0x000b): break;
+ default: excluded = 1;
+ }
+ }
+ /* Family 0x0018 */
+ if (family == htons(EMAIL))
+ {
+ /* TODO */
+ }
+ /* Family 0x0085 */
+ if (family == htons(IS_EXT))
+ {
+ switch (type) {
+
+ case (0x0001): break;
+ case (0x0002): break;
+ case (0x0003): break;
+ default: excluded = 1;
+ }
+ }
+
+ if(excluded == 1)
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "exclude oscar.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OSCAR);
+ }
+
+ /* flag */
+ if (flag == htons(0x0000)|| flag == htons(0x8000) || flag == htons(0x0001))
+ {
+ /* request ID */
+ if((req_ID <= 4294967295))
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected \n");
+ ndpi_int_oscar_add_connection(ndpi_struct, flow);
+ return;
+ }
+ }
+ }
+ /*
+ ERROR -> FLAP__ERROR_CHANNEL_0x03
+ A FLAP error - rare
+ */
+ if (channel == ERROR)
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected - Error frame \n");
+ ndpi_int_oscar_add_connection(ndpi_struct, flow);
+ return;
+ }
+ /*
+ Close down the FLAP connection gracefully.
+ SIGNOFF: FLAP__SIGNOFF_CHANNEL_0x04
+ */
+ if (channel == SIGNOFF)
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected - Signoff frame \n");
+ ndpi_int_oscar_add_connection(ndpi_struct, flow);
+ return;
+ }
+ /*
+ Send a heartbeat to server to help keep connection open.
+ KEEP_ALIVE: FLAP__KEEP_ALIVE_CHANNEL_0x05
+ */
+ if (channel == KEEP_ALIVE)
+ {
+ NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected - Keep Alive frame \n");
+ ndpi_int_oscar_add_connection(ndpi_struct, flow);
+ return;
+ }
}
- }
/* detect http connections */
@@ -270,4 +783,18 @@ void ndpi_search_oscar(struct ndpi_detection_module_struct *ndpi_struct, struct
ndpi_search_oscar_tcp_connect(ndpi_struct, flow);
}
}
+
+
+void init_oscar_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Oscar", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_OSCAR,
+ ndpi_search_oscar,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/pando.c b/src/lib/protocols/pando.c
index 3237bbac8..f3ed00783 100644
--- a/src/lib/protocols/pando.c
+++ b/src/lib/protocols/pando.c
@@ -154,4 +154,17 @@ void ndpi_search_pando(struct ndpi_detection_module_struct *ndpi_struct, struct
ndpi_check_pando_udp(ndpi_struct, flow);
}
+
+void init_pando_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Pando_Media_Booster", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_PANDO,
+ ndpi_search_pando,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/pcanywhere.c b/src/lib/protocols/pcanywhere.c
index 743778816..b1e11e0a2 100644
--- a/src/lib/protocols/pcanywhere.c
+++ b/src/lib/protocols/pcanywhere.c
@@ -52,4 +52,17 @@ void ndpi_search_pcanywhere(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PCANYWHERE);
}
+
+void init_pcanywhere_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("PcAnywhere", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_PCANYWHERE,
+ ndpi_search_pcanywhere,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c
index 08ec13a26..f1dc352a7 100644
--- a/src/lib/protocols/postgres.c
+++ b/src/lib/protocols/postgres.c
@@ -117,4 +117,17 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_POSTGRES);
}
+
+void init_postgres_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("PostgreSQL", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_POSTGRES,
+ ndpi_search_postgres_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/pplive.c b/src/lib/protocols/pplive.c
index 57580b6bc..cf9260f17 100644
--- a/src/lib/protocols/pplive.c
+++ b/src/lib/protocols/pplive.c
@@ -217,4 +217,17 @@ void ndpi_search_pplive(struct ndpi_detection_module_struct *ndpi_struct, struct
ndpi_check_pplive_udp3(ndpi_struct, flow);
}
+
+void init_pplive_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("PPLive", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_PPLIVE,
+ ndpi_search_pplive,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c
index 89c783436..d60966798 100644
--- a/src/lib/protocols/ppstream.c
+++ b/src/lib/protocols/ppstream.c
@@ -94,12 +94,23 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct
return;
}
-
-
-
}
NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, "exclude ppstream.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PPSTREAM);
}
+
+
+void init_ppstream_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("PPStream", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_PPSTREAM,
+ ndpi_search_ppstream,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/pptp.c b/src/lib/protocols/pptp.c
index 085ae5dde..393604cbb 100644
--- a/src/lib/protocols/pptp.c
+++ b/src/lib/protocols/pptp.c
@@ -58,4 +58,18 @@ void ndpi_search_pptp(struct ndpi_detection_module_struct
NDPI_LOG(NDPI_PROTOCOL_PPTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude pptp.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PPTP);
}
+
+
+void init_pptp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("PPTP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_PPTP,
+ ndpi_search_pptp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/qq.c b/src/lib/protocols/qq.c
index a70f88878..d6d22f403 100644
--- a/src/lib/protocols/qq.c
+++ b/src/lib/protocols/qq.c
@@ -662,4 +662,17 @@ void ndpi_search_qq(struct ndpi_detection_module_struct *ndpi_struct, struct ndp
ndpi_search_qq_tcp(ndpi_struct, flow);
}
+
+void init_qq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("QQ", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_QQ,
+ ndpi_search_qq,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/quake.c b/src/lib/protocols/quake.c
index 9029c4b5b..b119ec765 100644
--- a/src/lib/protocols/quake.c
+++ b/src/lib/protocols/quake.c
@@ -88,4 +88,17 @@ void ndpi_search_quake(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUAKE);
}
+
+void init_quake_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Quake", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_QUAKE,
+ ndpi_search_quake,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index d47affbd8..2bece25a7 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -167,4 +167,18 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct n
}
}
}
+
+
+void init_quic_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Quic", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_QUIC,
+ ndpi_search_quic,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c
index 79cd0407d..09f26793b 100644
--- a/src/lib/protocols/radius.c
+++ b/src/lib/protocols/radius.c
@@ -73,4 +73,17 @@ void ndpi_search_radius(struct ndpi_detection_module_struct *ndpi_struct, struct
ndpi_check_radius(ndpi_struct, flow);
}
+
+void init_radius_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Radius", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_RADIUS,
+ ndpi_search_radius,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/rdp.c b/src/lib/protocols/rdp.c
index e909c17a1..ee3dd3ca6 100644
--- a/src/lib/protocols/rdp.c
+++ b/src/lib/protocols/rdp.c
@@ -53,4 +53,17 @@ void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct, struct nd
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RDP);
}
+
+void init_rdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("RDP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_RDP,
+ ndpi_search_rdp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/redis_net.c b/src/lib/protocols/redis_net.c
index 0daf67f46..4a9eeec46 100644
--- a/src/lib/protocols/redis_net.c
+++ b/src/lib/protocols/redis_net.c
@@ -89,4 +89,17 @@ void ndpi_search_redis(struct ndpi_detection_module_struct *ndpi_struct, struct
}
}
+
+void init_redis_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Redis", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_REDIS,
+ ndpi_search_redis,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/rsync.c b/src/lib/protocols/rsync.c
index 2430a7e8f..11f4aa89c 100644
--- a/src/lib/protocols/rsync.c
+++ b/src/lib/protocols/rsync.c
@@ -53,4 +53,18 @@ void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RSYNC);
}
}
+
+
+void init_rsync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("RSYNC", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_RSYNC,
+ ndpi_search_rsync,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c
index 49114c8e5..c8fc90953 100644
--- a/src/lib/protocols/rtcp.c
+++ b/src/lib/protocols/rtcp.c
@@ -64,4 +64,18 @@ void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct n
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP);
}
}
+
+
+void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("RTCP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_RTCP,
+ ndpi_search_rtcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/rtmp.c b/src/lib/protocols/rtmp.c
index ec00ff4b8..b6d7db2f1 100644
--- a/src/lib/protocols/rtmp.c
+++ b/src/lib/protocols/rtmp.c
@@ -89,4 +89,17 @@ void ndpi_search_rtmp(struct ndpi_detection_module_struct *ndpi_struct, struct n
}
}
+
+void init_rtmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("RTMP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_RTMP,
+ ndpi_search_rtmp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c
index 05a53bb1c..6dae41bbb 100644
--- a/src/lib/protocols/rtp.c
+++ b/src/lib/protocols/rtp.c
@@ -321,5 +321,19 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd
}
#endif
-#endif /* NDPI_PROTOCOL_RTP */
+
+void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("RTP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_RTP,
+ ndpi_search_rtp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
+#endif
+/* NDPI_PROTOCOL_RTP */
diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c
index 3ba1b5e61..0f4a71e52 100644
--- a/src/lib/protocols/rtsp.c
+++ b/src/lib/protocols/rtsp.c
@@ -117,4 +117,15 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct
}
+void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("RTSP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_RTSP,
+ ndpi_search_rtsp_tcp_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/sflow.c b/src/lib/protocols/sflow.c
index 768c2eed6..45ccb650a 100644
--- a/src/lib/protocols/sflow.c
+++ b/src/lib/protocols/sflow.c
@@ -46,4 +46,17 @@ void ndpi_search_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct
ndpi_check_sflow(ndpi_struct, flow);
}
+
+void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("sFlow", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SFLOW,
+ ndpi_search_sflow,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/shoutcast.c b/src/lib/protocols/shoutcast.c
index 794e20351..9ef6c37e8 100644
--- a/src/lib/protocols/shoutcast.c
+++ b/src/lib/protocols/shoutcast.c
@@ -104,4 +104,17 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SHOUTCAST);
NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast excluded.\n");
}
+
+
+void init_shoutcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("ShoutCast", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SHOUTCAST,
+ ndpi_search_shoutcast_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
#endif
diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c
index a796beb33..3d79561ac 100644
--- a/src/lib/protocols/sip.c
+++ b/src/lib/protocols/sip.c
@@ -191,4 +191,17 @@ void ndpi_search_sip(struct ndpi_detection_module_struct *ndpi_struct, struct nd
}
}
+
+void init_sip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("SIP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SIP,
+ ndpi_search_sip,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,/* Fix courtesy of Miguel Quesada <mquesadab@gmail.com> */
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/skinny.c b/src/lib/protocols/skinny.c
index 78de1107e..a31d8cc86 100644
--- a/src/lib/protocols/skinny.c
+++ b/src/lib/protocols/skinny.c
@@ -60,4 +60,18 @@ void ndpi_search_skinny(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKINNY);
}
}
+
+
+void init_skinny_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("CiscoSkinny", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SKINNY,
+ ndpi_search_skinny,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c
index 339147dfa..7f201569c 100644
--- a/src/lib/protocols/skype.c
+++ b/src/lib/protocols/skype.c
@@ -68,13 +68,17 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s
flow->l4.udp.skype_packet_id++;
if(flow->l4.udp.skype_packet_id < 5) {
+ u_int16_t dport = ntohs(packet->udp->dest);
+
/* skype-to-skype */
- if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d))
- || ((payload_len >= 16)
- && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */
- && (packet->payload[2] == 0x02))) {
- NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found skype.\n");
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN);
+ if(dport != 1119) /* It can be confused with battle.net */ {
+ if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d))
+ || ((payload_len >= 16)
+ && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */
+ && (packet->payload[2] == 0x02))) {
+ NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found skype.\n");
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN);
+ }
}
return;
@@ -118,7 +122,9 @@ void ndpi_search_skype(struct ndpi_detection_module_struct *ndpi_struct, struct
ndpi_check_skype(ndpi_struct, flow);
}
-void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) {
+
+void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
ndpi_set_bitmask_protocol_detection("Skype", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_SKYPE,
ndpi_search_skype,
@@ -126,7 +132,7 @@ void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);
- *id = *id+1;
+ *id += 1;
}
#endif
diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c
index e259bc2d2..761b1125a 100644
--- a/src/lib/protocols/smb.c
+++ b/src/lib/protocols/smb.c
@@ -54,4 +54,17 @@ void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SMB);
}
+
+void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("SMB", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SMB,
+ ndpi_search_smb_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/snmp.c b/src/lib/protocols/snmp.c
index 902934490..b4af37442 100644
--- a/src/lib/protocols/snmp.c
+++ b/src/lib/protocols/snmp.c
@@ -123,4 +123,17 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n
}
+
+void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("SNMP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SNMP,
+ ndpi_search_snmp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/socrates.c b/src/lib/protocols/socrates.c
index 91ae76da1..58a9b01ba 100644
--- a/src/lib/protocols/socrates.c
+++ b/src/lib/protocols/socrates.c
@@ -74,4 +74,17 @@ void ndpi_search_socrates(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOCRATES);
}
+
+void init_socrates_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Socrates", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SOCRATES,
+ ndpi_search_socrates,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c
index c0879a2dd..64a50542a 100644
--- a/src/lib/protocols/sopcast.c
+++ b/src/lib/protocols/sopcast.c
@@ -201,8 +201,6 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct
NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "exclude sopcast. \n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOPCAST);
-
-
}
void ndpi_search_sopcast(struct ndpi_detection_module_struct
@@ -216,4 +214,18 @@ void ndpi_search_sopcast(struct ndpi_detection_module_struct
ndpi_search_sopcast_tcp(ndpi_struct, flow);
}
+
+
+void init_sopcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Sopcast", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SOPCAST,
+ ndpi_search_sopcast,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c
index 6bfa9334e..3b4a0dd94 100644
--- a/src/lib/protocols/soulseek.c
+++ b/src/lib/protocols/soulseek.c
@@ -283,4 +283,17 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct
}
}
+
+void init_soulseek_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Soulseek", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SOULSEEK,
+ ndpi_search_soulseek_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c
index ee1ceabb3..274312163 100644
--- a/src/lib/protocols/spotify.c
+++ b/src/lib/protocols/spotify.c
@@ -123,4 +123,17 @@ void ndpi_search_spotify(struct ndpi_detection_module_struct *ndpi_struct, struc
}
}
+
+void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("SPOTIFY", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SPOTIFY,
+ ndpi_search_spotify,
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/ssdp.c b/src/lib/protocols/ssdp.c
index 94a0fe30d..1f6b80023 100644
--- a/src/lib/protocols/ssdp.c
+++ b/src/lib/protocols/ssdp.c
@@ -67,4 +67,17 @@ void ndpi_search_ssdp(struct ndpi_detection_module_struct *ndpi_struct, struct n
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSDP);
}
+
+void init_ssdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("SSDP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SSDP,
+ ndpi_search_ssdp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c
index cadc43f6d..20b8b5fe9 100644
--- a/src/lib/protocols/ssh.c
+++ b/src/lib/protocols/ssh.c
@@ -58,4 +58,16 @@ void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSH);
}
+
+void init_ssh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("SSH", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SSH,
+ ndpi_search_ssh_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
#endif
diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c
index c1ed2b666..b113bf197 100644
--- a/src/lib/protocols/ssl.c
+++ b/src/lib/protocols/ssl.c
@@ -307,7 +307,9 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s
printf("***** [SSL] %s\n", certificate);
#endif
- if(ndpi_match_string_subprotocol(ndpi_struct, flow, certificate, strlen(certificate)) != NDPI_PROTOCOL_UNKNOWN)
+ if(ndpi_match_host_subprotocol(ndpi_struct, flow, certificate,
+ strlen(certificate),
+ NDPI_PROTOCOL_SSL) != NDPI_PROTOCOL_UNKNOWN)
return(rc); /* Fix courtesy of Gianluca Costa <g.costa@xplico.org> */
#ifdef NDPI_PROTOCOL_TOR
@@ -641,4 +643,18 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSL);
return;
}
+
+
+void init_ssl_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("SSL", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SSL,
+ ndpi_search_ssl_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/starcraft.c b/src/lib/protocols/starcraft.c
new file mode 100644
index 000000000..f96853f23
--- /dev/null
+++ b/src/lib/protocols/starcraft.c
@@ -0,0 +1,157 @@
+/*
+* starcraft.c
+*
+* Copyright (C) 2015 - Matteo Bracci <matteobracci1@gmail.com>
+* Copyright (C) 2015 - ntop.org
+*
+* nDPI is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Lesser General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* nDPI is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public License
+* along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_STARCRAFT
+
+/* Sender or receiver are one of the known login portals? */
+u_int8_t sc2_match_logon_ip(struct ndpi_packet_struct* packet)
+{
+ if (packet->iph == NULL)
+ return 0;
+
+ u_int32_t source_ip = ntohl(packet->iph->saddr);
+ u_int32_t dest_ip = ntohl(packet->iph->daddr);
+ return (ndpi_ips_match(source_ip, dest_ip, 0xD5F87F82, 32) // EU 213.248.127.130
+ || ndpi_ips_match(source_ip, dest_ip, 0x0C81CE82, 32) // US 12.129.206.130
+ || ndpi_ips_match(source_ip, dest_ip, 0x79FEC882, 32) // KR 121.254.200.130
+ || ndpi_ips_match(source_ip, dest_ip, 0xCA09424C, 32) // SG 202.9.66.76
+ || ndpi_ips_match(source_ip, dest_ip, 0x0C81ECFE, 32)); // BETA 12.129.236.254
+}
+
+/*
+ The main TCP flow starts with the user login and stays alive until the logout.
+ Although hard to read, judging from what happens elsewhere this flow probably contains all the data
+ transfer generated by the user interaction with the client, e.g. chatting or looking at someone's
+ match history. The current way to detect this is plain dumb packet matching.
+*/
+u_int8_t ndpi_check_starcraft_tcp(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow)
+{
+ if (sc2_match_logon_ip(&flow->packet)
+ && flow->packet.tcp->dest == htons(1119) //bnetgame port
+ && flow->packet.payload_packet_len >= 10
+ && (match_first_bytes(flow->packet.payload, "\x4a\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66")
+ || match_first_bytes(flow->packet.payload, "\x49\x00\x00\x0a\x66\x02\x0a\xed\x2d\x66")))
+ return 1;
+ else
+ return -1;
+}
+
+/*
+ UPD traffic is the actual game data and it uses a port owned by Blizzard itself, 1119. Therefore the
+ real key point here is to make sure that it's actually Starcraft 2 that is using the port and not
+ some other Blizzard software.
+ The flow is taken if a pattern in the size of some subsequent packets is found.
+*/
+u_int8_t ndpi_check_starcraft_udp(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow)
+{
+ struct ndpi_packet_struct* packet = &flow->packet;
+
+ /* First off, filter out any traffic not using port 1119, removing the chance of any false positive if we assume that non allowed protocols don't use the port */
+ if (packet->udp->source != htons(1119) && packet->udp->dest != htons(1119))
+ return -1;
+
+ /* Then try to detect the size pattern */
+ switch (flow->starcraft_udp_stage)
+ {
+ case 0:
+ if (packet->payload_packet_len == 20)
+ flow->starcraft_udp_stage = 1;
+ break;
+ case 1:
+ if (packet->payload_packet_len == 20)
+ flow->starcraft_udp_stage = 2;
+ break;
+ case 2:
+ if (packet->payload_packet_len == 75 || packet->payload_packet_len == 85)
+ flow->starcraft_udp_stage = 3;
+ break;
+ case 3:
+ if (packet->payload_packet_len == 20)
+ flow->starcraft_udp_stage = 4;
+ break;
+ case 4:
+ if (packet->payload_packet_len == 548)
+ flow->starcraft_udp_stage = 5;
+ break;
+ case 5:
+ if (packet->payload_packet_len == 548)
+ flow->starcraft_udp_stage = 6;
+ break;
+ case 6:
+ if (packet->payload_packet_len == 548)
+ flow->starcraft_udp_stage = 7;
+ break;
+ case 7:
+ if (packet->payload_packet_len == 484)
+ return 1;
+ break;
+ }
+
+ return(0);
+}
+
+void ndpi_search_starcraft(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow)
+{
+ NDPI_LOG(NDPI_PROTOCOL_STARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Starcraft protocol detection...\n");
+ if (flow->packet.detected_protocol_stack[0] != NDPI_PROTOCOL_STARCRAFT) {
+ struct ndpi_packet_struct* packet = &flow->packet;
+ int8_t result = 0;
+
+ if (packet->udp != NULL) {
+ result = ndpi_check_starcraft_udp(ndpi_struct, flow);
+ if (result == 1) {
+ //printf("Found Starcraft 2 [Game, UDP]\n");
+ NDPI_LOG(NDPI_PROTOCOL_STARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Found Starcraft 2 [Game, UDP]\n");
+ }
+ }
+ else if (packet->tcp != NULL) {
+ result = ndpi_check_starcraft_tcp(ndpi_struct, flow);
+ if (result == 1) {
+ //printf("Found Starcraft 2 [Client, TCP]\n");
+ NDPI_LOG(NDPI_PROTOCOL_STARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Found Starcraft 2 [Client, TCP]\n");
+ }
+ }
+
+ if (result == 1) {
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STARCRAFT, NDPI_PROTOCOL_UNKNOWN);
+ }
+ else if (result == -1) {
+ NDPI_LOG(NDPI_PROTOCOL_STARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Starcraft excluded\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STARCRAFT);
+ }
+ }
+}
+
+void init_starcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Starcraft", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_STARCRAFT, ndpi_search_starcraft,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
+#endif
diff --git a/src/lib/protocols/stealthnet.c b/src/lib/protocols/stealthnet.c
index ff147c360..09e6c18d4 100644
--- a/src/lib/protocols/stealthnet.c
+++ b/src/lib/protocols/stealthnet.c
@@ -55,4 +55,19 @@ void ndpi_search_stealthnet(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STEALTHNET);
}
+
+
+void init_stealthnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+
+ ndpi_set_bitmask_protocol_detection("Stealthnet", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_STEALTHNET,
+ ndpi_search_stealthnet,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c
index d820b9ee7..fe7b9d161 100644
--- a/src/lib/protocols/steam.c
+++ b/src/lib/protocols/steam.c
@@ -283,4 +283,17 @@ void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct, struct
ndpi_check_steam_udp3(ndpi_struct, flow);
}
+
+void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Steam", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_STEAM,
+ ndpi_search_steam,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index 72af5313e..1f84b268f 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -50,8 +50,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
struct ndpi_flow_struct *flow,
const u_int8_t * payload,
const u_int16_t payload_length,
- u_int8_t *is_whatsapp)
-{
+ u_int8_t *is_whatsapp) {
u_int16_t msg_type, msg_len;
struct stun_packet_header *h = (struct stun_packet_header*)payload;
@@ -66,6 +65,9 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
msg_type = ntohs(h->msg_type) & 0x3EEF, msg_len = ntohs(h->msg_len);
+ if((payload[0] != 0x80) && ((msg_len+20) > payload_length))
+ return(NDPI_IS_NOT_STUN);
+
if((payload_length == (msg_len+20))
&& ((msg_type <= 0x000b) /* http://www.3cx.com/blog/voip-howto/stun-details/ */))
goto udp_stun_found;
@@ -88,9 +90,9 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
*/
if(payload_length >= 20 && ntohs(get_u_int16_t(payload, 2)) + 20 == payload_length &&
- ((payload[0] == 0x00 && (payload[1] >= 0x01 && payload[1] <= 0x04)) ||
- (payload[0] == 0x01 &&
- ((payload[1] >= 0x01 && payload[1] <= 0x04) || (payload[1] >= 0x11 && payload[1] <= 0x15))))) {
+ ((payload[0] == 0x00 && (payload[1] >= 0x01 && payload[1] <= 0x04)) ||
+ (payload[0] == 0x01 &&
+ ((payload[1] >= 0x01 && payload[1] <= 0x04) || (payload[1] >= 0x11 && payload[1] <= 0x15))))) {
u_int8_t mod;
u_int8_t old = 1;
u_int8_t padding = 0;
@@ -106,17 +108,17 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
while (a < payload_length) {
if(old && payload_length >= a + 4
- &&
- ((payload[a] == 0x00
- && ((payload[a + 1] >= 0x01 && payload[a + 1] <= 0x16) || payload[a + 1] == 0x19
- || payload[a + 1] == 0x20 || payload[a + 1] == 0x22 || payload[a + 1] == 0x24
- || payload[a + 1] == 0x25))
- || (payload[a] == 0x80
- && (payload[a + 1] == 0x01 || payload[a + 1] == 0x03 || payload[a + 1] == 0x04
- || payload[a + 1] == 0x06 || payload[a + 1] == 0x08 || payload[a + 1] == 0x15
- || payload[a + 1] == 0x20 || payload[a + 1] == 0x22 || payload[a + 1] == 0x28
- || payload[a + 1] == 0x2a || payload[a + 1] == 0x29 || payload[a + 1] == 0x50
- || payload[a + 1] == 0x54 || payload[a + 1] == 0x55)))) {
+ &&
+ ((payload[a] == 0x00
+ && ((payload[a + 1] >= 0x01 && payload[a + 1] <= 0x16) || payload[a + 1] == 0x19
+ || payload[a + 1] == 0x20 || payload[a + 1] == 0x22 || payload[a + 1] == 0x24
+ || payload[a + 1] == 0x25))
+ || (payload[a] == 0x80
+ && (payload[a + 1] == 0x01 || payload[a + 1] == 0x03 || payload[a + 1] == 0x04
+ || payload[a + 1] == 0x06 || payload[a + 1] == 0x08 || payload[a + 1] == 0x15
+ || payload[a + 1] == 0x20 || payload[a + 1] == 0x22 || payload[a + 1] == 0x28
+ || payload[a + 1] == 0x2a || payload[a + 1] == 0x29 || payload[a + 1] == 0x50
+ || payload[a + 1] == 0x54 || payload[a + 1] == 0x55)))) {
NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "attribute match.\n");
@@ -132,21 +134,21 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
} else if(payload_length >= a + padding + 4
&&
- ((payload[a + padding] == 0x00
- && ((payload[a + 1 + padding] >= 0x01 && payload[a + 1 + padding] <= 0x16)
- || payload[a + 1 + padding] == 0x19 || payload[a + 1 + padding] == 0x20
- || payload[a + 1 + padding] == 0x22 || payload[a + 1 + padding] == 0x24
- || payload[a + 1 + padding] == 0x25))
- || (payload[a + padding] == 0x80
- && (payload[a + 1 + padding] == 0x01 || payload[a + 1 + padding] == 0x03
- || payload[a + 1 + padding] == 0x04 || payload[a + 1 + padding] == 0x06
- || payload[a + 1 + padding] == 0x08 || payload[a + 1 + padding] == 0x15
- || payload[a + 1 + padding] == 0x20 || payload[a + 1 + padding] == 0x22
- || payload[a + 1 + padding] == 0x28 || payload[a + 1 + padding] == 0x2a
- || payload[a + 1 + padding] == 0x29 || payload[a + 1 + padding] == 0x50
- || payload[a + 1 + padding] == 0x54 || payload[a + 1 + padding] == 0x55))
- || ((payload[a + padding] == 0x40) && (payload[a + padding + 1] == 0x00))
- )) {
+ ((payload[a + padding] == 0x00
+ && ((payload[a + 1 + padding] >= 0x01 && payload[a + 1 + padding] <= 0x16)
+ || payload[a + 1 + padding] == 0x19 || payload[a + 1 + padding] == 0x20
+ || payload[a + 1 + padding] == 0x22 || payload[a + 1 + padding] == 0x24
+ || payload[a + 1 + padding] == 0x25))
+ || (payload[a + padding] == 0x80
+ && (payload[a + 1 + padding] == 0x01 || payload[a + 1 + padding] == 0x03
+ || payload[a + 1 + padding] == 0x04 || payload[a + 1 + padding] == 0x06
+ || payload[a + 1 + padding] == 0x08 || payload[a + 1 + padding] == 0x15
+ || payload[a + 1 + padding] == 0x20 || payload[a + 1 + padding] == 0x22
+ || payload[a + 1 + padding] == 0x28 || payload[a + 1 + padding] == 0x2a
+ || payload[a + 1 + padding] == 0x29 || payload[a + 1 + padding] == 0x50
+ || payload[a + 1 + padding] == 0x54 || payload[a + 1 + padding] == 0x55))
+ || ((payload[a + padding] == 0x40) && (payload[a + padding + 1] == 0x00))
+ )) {
if((payload[a + padding] == 0x40) && (payload[a + padding + 1] == 0x00))
goto udp_stun_found;
@@ -171,11 +173,14 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
#endif
- if((flow->num_stun_udp_pkts > 0) && ((payload[0] == 0x80) || (payload[0] == 0x81))) {
+ if(
+ ((flow->num_stun_udp_pkts > 0) && (msg_type = 0x0800))
+ || ((msg_type = 0x0800) && (msg_len == 106))
+ ) {
*is_whatsapp = 1;
return NDPI_IS_STUN; /* This is WhatsApp Voice */
} else
- return NDPI_IS_NOT_STUN;
+ return NDPI_IS_NOT_STUN;
udp_stun_found:
flow->num_stun_udp_pkts++;
@@ -194,7 +199,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n
/* STUN may be encapsulated in TCP packets */
if(packet->payload_packet_len >= 2 + 20 &&
- ntohs(get_u_int16_t(packet->payload, 0)) + 2 == packet->payload_packet_len) {
+ ntohs(get_u_int16_t(packet->payload, 0)) + 2 == packet->payload_packet_len) {
/* TODO there could be several STUN packets in a single TCP packet so maybe the detection could be
* improved by checking only the STUN packet of given length */
@@ -222,4 +227,17 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n
}
}
+
+void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("STUN", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_STUN,
+ ndpi_search_stun,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c
index 2d578b2cc..ffd897221 100644
--- a/src/lib/protocols/syslog.c
+++ b/src/lib/protocols/syslog.c
@@ -127,4 +127,17 @@ void ndpi_search_syslog(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG);
}
+
+void init_syslog_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Syslog", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_SYSLOG,
+ ndpi_search_syslog,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c
index 7abe27b52..1eb9c8773 100644
--- a/src/lib/protocols/tcp_udp.c
+++ b/src/lib/protocols/tcp_udp.c
@@ -73,6 +73,3 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st
ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_UNKNOWN);
}
}
-
-
-
diff --git a/src/lib/protocols/tds.c b/src/lib/protocols/tds.c
index 32accbb6c..467e3111c 100644
--- a/src/lib/protocols/tds.c
+++ b/src/lib/protocols/tds.c
@@ -88,4 +88,17 @@ void ndpi_search_tds_tcp(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TDS);
}
+
+void init_tds_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("TDS", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_TDS,
+ ndpi_search_tds_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c
index dbd1874b6..fd8a296fb 100644
--- a/src/lib/protocols/teamspeak.c
+++ b/src/lib/protocols/teamspeak.c
@@ -1,5 +1,5 @@
/*
- * viber.c
+ * teamspeak.c
*
* Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
*
@@ -62,4 +62,17 @@ else if (packet->tcp != NULL) {
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TEAMSPEAK);
return;
}
+
+void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("TeamSpeak", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_TEAMSPEAK,
+ ndpi_search_teamspeak,
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c
index 6a35bb1af..b97f6b157 100644
--- a/src/lib/protocols/teamviewer.c
+++ b/src/lib/protocols/teamviewer.c
@@ -97,4 +97,18 @@ void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, stru
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TEAMVIEWER);
}
+
+
+void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("TeamViewer", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_TEAMVIEWER,
+ ndpi_search_teamview,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/telegram.c b/src/lib/protocols/telegram.c
index 0c518a963..6d71dc844 100644
--- a/src/lib/protocols/telegram.c
+++ b/src/lib/protocols/telegram.c
@@ -65,4 +65,18 @@ void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, stru
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TELEGRAM);
}
+
+
+void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Telegram", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_TELEGRAM,
+ ndpi_search_telegram,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c
index 4ed6c79ae..0be921d44 100644
--- a/src/lib/protocols/telnet.c
+++ b/src/lib/protocols/telnet.c
@@ -104,4 +104,17 @@ void ndpi_search_telnet_tcp(struct ndpi_detection_module_struct
return;
}
+
+void init_telnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Telnet", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_TELNET,
+ ndpi_search_telnet_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/tftp.c b/src/lib/protocols/tftp.c
index 503de6b57..feb37e620 100644
--- a/src/lib/protocols/tftp.c
+++ b/src/lib/protocols/tftp.c
@@ -62,4 +62,18 @@ void ndpi_search_tftp(struct ndpi_detection_module_struct
NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude TFTP.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TFTP);
}
+
+
+void init_tftp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("TFTP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_TFTP,
+ ndpi_search_tftp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c
index 2c013c750..f0198cdda 100644
--- a/src/lib/protocols/thunder.c
+++ b/src/lib/protocols/thunder.c
@@ -208,4 +208,17 @@ void ndpi_search_thunder(struct ndpi_detection_module_struct *ndpi_struct, struc
}
}
+
+void init_thunder_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Thunder", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_THUNDER,
+ ndpi_search_thunder,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c
index 458e1ef3a..036162b1f 100644
--- a/src/lib/protocols/tor.c
+++ b/src/lib/protocols/tor.c
@@ -9,7 +9,6 @@
#include "ndpi_api.h"
-
#ifdef NDPI_PROTOCOL_TOR
static void ndpi_int_tor_add_connection(struct ndpi_detection_module_struct
@@ -106,4 +105,18 @@ void ndpi_search_tor(struct ndpi_detection_module_struct *ndpi_struct, struct nd
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TOR);
}
}
+
+
+void init_tor_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Tor", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_TOR,
+ ndpi_search_tor,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/tvants.c b/src/lib/protocols/tvants.c
index ba52cc50c..7297e489f 100644
--- a/src/lib/protocols/tvants.c
+++ b/src/lib/protocols/tvants.c
@@ -75,4 +75,18 @@ void ndpi_search_tvants_udp(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TVANTS);
}
+
+
+void init_tvants_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Tvants", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_TVANTS,
+ ndpi_search_tvants_udp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/tvuplayer.c b/src/lib/protocols/tvuplayer.c
index 7e58c54a3..2d35ae6cc 100644
--- a/src/lib/protocols/tvuplayer.c
+++ b/src/lib/protocols/tvuplayer.c
@@ -150,4 +150,18 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TVUPLAYER);
}
+
+
+void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("TVUplayer", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_TVUPLAYER,
+ ndpi_search_tvuplayer,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/twitter.c b/src/lib/protocols/twitter.c
index 13dd1e98d..0297bad1e 100644
--- a/src/lib/protocols/twitter.c
+++ b/src/lib/protocols/twitter.c
@@ -55,9 +55,22 @@ void ndpi_search_twitter(struct ndpi_detection_module_struct *ndpi_struct, struc
ndpi_int_twitter_add_connection(ndpi_struct, flow);
return;
}
-
}
-
+
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_SERVICE_TWITTER);
}
+
+
+void init_twitter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("TWITTER", ndpi_struct, detection_bitmask, *id,
+ NDPI_SERVICE_TWITTER,
+ ndpi_search_twitter,
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/usenet.c b/src/lib/protocols/usenet.c
index 3d81dd928..4648a69ab 100644
--- a/src/lib/protocols/usenet.c
+++ b/src/lib/protocols/usenet.c
@@ -102,4 +102,17 @@ void ndpi_search_usenet_tcp(struct ndpi_detection_module_struct
}
+
+void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Usenet", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_USENET,
+ ndpi_search_usenet_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/veohtv.c b/src/lib/protocols/veohtv.c
index f6b29607f..a3ab267b9 100644
--- a/src/lib/protocols/veohtv.c
+++ b/src/lib/protocols/veohtv.c
@@ -113,4 +113,18 @@ void ndpi_search_veohtv_tcp(struct ndpi_detection_module_struct *ndpi_struct, st
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV);
}
+
+
+void init_veohtv_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("HTTP_APPLICATION_VEOHTV", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV,
+ ndpi_search_veohtv_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/vhua.c b/src/lib/protocols/vhua.c
index 7e8951e4c..e20477573 100644
--- a/src/lib/protocols/vhua.c
+++ b/src/lib/protocols/vhua.c
@@ -65,4 +65,16 @@ void ndpi_search_vhua(struct ndpi_detection_module_struct *ndpi_struct, struct n
}
}
+
+void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("VHUA", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_VHUA,
+ ndpi_search_vhua,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c
index 803227457..111a53007 100644
--- a/src/lib/protocols/viber.c
+++ b/src/lib/protocols/viber.c
@@ -45,4 +45,18 @@ void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VIBER);
}
+
+void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("VIBER", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_VIBER,
+ ndpi_search_viber,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
+
#endif
diff --git a/src/lib/protocols/vmware.c b/src/lib/protocols/vmware.c
index 6fb74aea5..0c2ffaa69 100644
--- a/src/lib/protocols/vmware.c
+++ b/src/lib/protocols/vmware.c
@@ -41,5 +41,17 @@ void ndpi_search_vmware(struct ndpi_detection_module_struct *ndpi_struct, struct
}
-#endif /* NDPI_PROTOCOL_VMWARE */
+void init_vmware_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("VMWARE", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_VMWARE,
+ ndpi_search_vmware,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
+#endif
diff --git a/src/lib/protocols/vnc.c b/src/lib/protocols/vnc.c
index b44b7a167..5d793bccf 100644
--- a/src/lib/protocols/vnc.c
+++ b/src/lib/protocols/vnc.c
@@ -64,4 +64,18 @@ void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VNC);
}
+
+
+void init_vnc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("VNC", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_VNC,
+ ndpi_search_vnc_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/warcraft3.c b/src/lib/protocols/warcraft3.c
index 4433eb55d..ab07571eb 100644
--- a/src/lib/protocols/warcraft3.c
+++ b/src/lib/protocols/warcraft3.c
@@ -97,4 +97,17 @@ void ndpi_search_warcraft3(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WARCRAFT3);
}
+
+void init_warcraft3_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Warcraft3", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_WARCRAFT3,
+ ndpi_search_warcraft3,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/whoisdas.c b/src/lib/protocols/whoisdas.c
index 1da106e8d..2b086bb2f 100644
--- a/src/lib/protocols/whoisdas.c
+++ b/src/lib/protocols/whoisdas.c
@@ -1,5 +1,5 @@
/*
- * ssh.c
+ * whoisdas.c
*
* Copyright (C) 2013 - ntop.org
*
@@ -57,4 +57,17 @@ void ndpi_search_whois_das(struct ndpi_detection_module_struct *ndpi_struct, str
}
}
+
+void init_whois_das_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Whois-DAS", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_WHOIS_DAS,
+ ndpi_search_whois_das,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/winmx.c b/src/lib/protocols/winmx.c
index f2cac7482..31d4b1ed6 100644
--- a/src/lib/protocols/winmx.c
+++ b/src/lib/protocols/winmx.c
@@ -101,4 +101,17 @@ void ndpi_search_winmx_tcp(struct ndpi_detection_module_struct *ndpi_struct, str
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WINMX);
}
+
+void init_winmx_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("WinMX", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_WINMX,
+ ndpi_search_winmx_tcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/world_of_kung_fu.c b/src/lib/protocols/world_of_kung_fu.c
index b6b202803..0a8d2707d 100644
--- a/src/lib/protocols/world_of_kung_fu.c
+++ b/src/lib/protocols/world_of_kung_fu.c
@@ -55,4 +55,17 @@ void ndpi_search_world_of_kung_fu(struct ndpi_detection_module_struct *ndpi_stru
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WORLD_OF_KUNG_FU);
}
+
+void init_world_of_kung_fu_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("WorldOfKungFu", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_WORLD_OF_KUNG_FU,
+ ndpi_search_world_of_kung_fu,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/world_of_warcraft.c b/src/lib/protocols/world_of_warcraft.c
index b8c0ba3a9..de3f720ba 100644
--- a/src/lib/protocols/world_of_warcraft.c
+++ b/src/lib/protocols/world_of_warcraft.c
@@ -19,7 +19,7 @@
*
* You should have received a copy of the GNU Lesser General Public License
* along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
+ *
*/
@@ -35,7 +35,7 @@ static void ndpi_int_worldofwarcraft_add_connection(struct ndpi_detection_module
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_UNKNOWN);
}
-
+
#if !defined(WIN32)
static inline
#else
@@ -54,28 +54,30 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
-
+
struct ndpi_id_struct *src = flow->src;
struct ndpi_id_struct *dst = flow->dst;
NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Search World of Warcraft.\n");
if (packet->tcp != NULL) {
- if ((packet->payload_packet_len > NDPI_STATICSTRING_LEN("POST /") &&
- memcmp(packet->payload, "POST /", NDPI_STATICSTRING_LEN("POST /")) == 0) ||
- (packet->payload_packet_len > NDPI_STATICSTRING_LEN("GET /") &&
- memcmp(packet->payload, "GET /", NDPI_STATICSTRING_LEN("GET /")) == 0)) {
+ /*
+ if ((packet->payload_packet_len > NDPI_STATICSTRING_LEN("POST /") &&
+ memcmp(packet->payload, "POST /", NDPI_STATICSTRING_LEN("POST /")) == 0) ||
+ (packet->payload_packet_len > NDPI_STATICSTRING_LEN("GET /") &&
+ memcmp(packet->payload, "GET /", NDPI_STATICSTRING_LEN("GET /")) == 0)) {
ndpi_parse_packet_line_info(ndpi_struct, flow);
if (packet->user_agent_line.ptr != NULL &&
- packet->user_agent_line.len == NDPI_STATICSTRING_LEN("Blizzard Web Client") &&
- memcmp(packet->user_agent_line.ptr, "Blizzard Web Client",
- NDPI_STATICSTRING_LEN("Blizzard Web Client")) == 0) {
- ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow);
- NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG,
- "World of Warcraft: Web Client found\n");
- return;
+ packet->user_agent_line.len == NDPI_STATICSTRING_LEN("Blizzard Web Client") &&
+ memcmp(packet->user_agent_line.ptr, "Blizzard Web Client",
+ NDPI_STATICSTRING_LEN("Blizzard Web Client")) == 0) {
+ ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow);
+ NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG,
+ "World of Warcraft: Web Client found\n");
+ return;
}
- }
+ }
+ */
if (packet->payload_packet_len > NDPI_STATICSTRING_LEN("GET /")
&& memcmp(packet->payload, "GET /", NDPI_STATICSTRING_LEN("GET /")) == 0) {
ndpi_parse_packet_line_info(ndpi_struct, flow);
@@ -207,4 +209,17 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WORLDOFWARCRAFT);
}
+
+void init_world_of_warcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("WorldOfWarcraft", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_WORLDOFWARCRAFT,
+ ndpi_search_worldofwarcraft,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/xbox.c b/src/lib/protocols/xbox.c
index cd5f9ba67..7fad5ced9 100644
--- a/src/lib/protocols/xbox.c
+++ b/src/lib/protocols/xbox.c
@@ -100,4 +100,17 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n
/* to not exclude tcp traffic here, done by http code... */
}
+
+void init_xbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Xbox", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_XBOX,
+ ndpi_search_xbox,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
+ NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/xdmcp.c b/src/lib/protocols/xdmcp.c
index 7468765c7..614e503b1 100644
--- a/src/lib/protocols/xdmcp.c
+++ b/src/lib/protocols/xdmcp.c
@@ -66,4 +66,17 @@ void ndpi_search_xdmcp(struct ndpi_detection_module_struct
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_XDMCP);
}
+
+void init_xdmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("XDMCP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_XDMCP,
+ ndpi_search_xdmcp,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/yahoo.c b/src/lib/protocols/yahoo.c
index ad9500a40..40805b1b1 100644
--- a/src/lib/protocols/yahoo.c
+++ b/src/lib/protocols/yahoo.c
@@ -429,4 +429,19 @@ void ndpi_search_yahoo(struct ndpi_detection_module_struct *ndpi_struct, struct
}
}
}
+
+
+void init_yahoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+
+ ndpi_set_bitmask_protocol_detection("YAHOO", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_YAHOO,
+ ndpi_search_yahoo,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c
index 9a9226a04..e282a1ed5 100644
--- a/src/lib/protocols/zattoo.c
+++ b/src/lib/protocols/zattoo.c
@@ -232,4 +232,18 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct
NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "exclude zattoo.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ZATTOO);
}
+
+
+void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("Zattoo", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_ZATTOO,
+ ndpi_search_zattoo,
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/src/lib/protocols/zeromq.c b/src/lib/protocols/zeromq.c
index af277c6dc..2f31eb815 100644
--- a/src/lib/protocols/zeromq.c
+++ b/src/lib/protocols/zeromq.c
@@ -97,4 +97,17 @@ void ndpi_search_zmq(struct ndpi_detection_module_struct *ndpi_struct, struct nd
}
}
+
+void init_zmq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("ZeroMQ", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_ZMQ,
+ ndpi_search_zmq, /* TODO: add UDP support */
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
#endif
diff --git a/tests/pcap/Instagram.pcap b/tests/pcap/Instagram.pcap
new file mode 100644
index 000000000..af83dc942
--- /dev/null
+++ b/tests/pcap/Instagram.pcap
Binary files differ
diff --git a/tests/pcap/Oscar.pcap b/tests/pcap/Oscar.pcap
new file mode 100644
index 000000000..5608dcb5e
--- /dev/null
+++ b/tests/pcap/Oscar.pcap
Binary files differ
diff --git a/tests/pcap/starcraft_battle.pcap b/tests/pcap/starcraft_battle.pcap
new file mode 100644
index 000000000..a17d0b6d9
--- /dev/null
+++ b/tests/pcap/starcraft_battle.pcap
Binary files differ
diff --git a/tests/pcap/waze.pcap b/tests/pcap/waze.pcap
new file mode 100644
index 000000000..d16d61a75
--- /dev/null
+++ b/tests/pcap/waze.pcap
Binary files differ
diff --git a/tests/pcap/whatsapp_voice_and_message.pcap b/tests/pcap/whatsapp_voice_and_message.pcap
new file mode 100644
index 000000000..e607890fe
--- /dev/null
+++ b/tests/pcap/whatsapp_voice_and_message.pcap
Binary files differ
diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out
new file mode 100644
index 000000000..3e349a331
--- /dev/null
+++ b/tests/result/Instagram.pcap.out
@@ -0,0 +1,42 @@
+Unknown 1 66 1
+HTTP 266 245342 7
+ICMP 5 510 1
+SSL 103 62597 5
+DropBox 5 725 2
+Instagram 363 255094 16
+
+ 1 UDP 192.168.0.106:17500 <-> 192.168.0.255:17500 [proto: 121/DropBox][1 pkts/145 bytes]
+ 2 UDP 8.8.8.8:53 <-> 192.168.0.103:26540 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-g-a.akamaihd.net]
+ 3 UDP 8.8.8.8:53 <-> 192.168.0.103:27124 [proto: 5.211/DNS.Instagram][1 pkts/85 bytes][Host: photos-b.ak.instagram.com]
+ 4 TCP 31.13.93.52:443 <-> 192.168.0.103:33763 [proto: 91/SSL][11 pkts/5397 bytes]
+ 5 TCP 31.13.93.52:443 <-> 192.168.0.103:33935 [proto: 91/SSL][10 pkts/5299 bytes]
+ 6 TCP 2.22.236.51:80 <-> 192.168.0.103:44151 [proto: 7/HTTP][49 pkts/38684 bytes]
+ 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com]
+ 8 TCP 77.67.29.17:80 <-> 192.168.0.103:33976 [proto: 7/HTTP][34 pkts/29039 bytes]
+ 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com]
+ 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][SSL client: igcdn-photos-a-a.akamaihd.net]
+ 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7/HTTP][150 pkts/153558 bytes]
+ 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com]
+ 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes]
+ 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com]
+ 15 TCP 173.252.107.4:443 <-> 192.168.0.103:56382 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][SSL client: telegraph-ash.instagram.com]
+ 16 UDP 192.168.0.106:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][4 pkts/580 bytes]
+ 17 UDP 8.8.8.8:53 <-> 192.168.0.103:33603 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net]
+ 18 TCP 31.13.93.52:443 <-> 192.168.0.103:33936 [proto: 91/SSL][68 pkts/45688 bytes]
+ 19 TCP 31.13.93.52:443 <-> 192.168.0.103:33934 [proto: 91/SSL][12 pkts/6044 bytes]
+ 20 ICMP 192.168.0.103:0 <-> 192.168.0.103:0 [proto: 81/ICMP][5 pkts/510 bytes]
+ 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes]
+ 22 TCP 192.168.0.103:40855 <-> 46.33.70.150:80 [proto: 7/HTTP][2 pkts/140 bytes]
+ 23 UDP 8.8.8.8:53 <-> 192.168.0.103:51219 [proto: 5.211/DNS.Instagram][2 pkts/394 bytes][Host: igcdn-photos-h-a.akamaihd.net]
+ 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][17 pkts/6369 bytes][SSL client: igcdn-photos-h-a.akamaihd.net]
+ 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][SSL client: igcdn-photos-a-a.akamaihd.net]
+ 26 TCP 192.168.0.103:41562 <-> 92.122.48.138:80 [proto: 7/HTTP][25 pkts/23525 bytes]
+ 27 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][81 pkts/53416 bytes][Host: photos-e.ak.instagram.com]
+ 28 TCP 192.168.0.103:58690 <-> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes]
+ 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][19 pkts/9340 bytes][SSL client: igcdn-photos-g-a.akamaihd.net]
+ 30 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][7 pkts/4015 bytes][Host: photos-f.ak.instagram.com]
+ 31 TCP 192.168.0.103:58053 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes][Host: photos-g.ak.instagram.com]
+
+
+Undetected flows:
+ 1 UDP 192.168.0.1:520 <-> 192.168.0.255:520 [proto: 0/Unknown][1 pkts/66 bytes]
diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out
index 75fff57b2..b569250c6 100644
--- a/tests/result/KakaoTalk_chat.pcap.out
+++ b/tests/result/KakaoTalk_chat.pcap.out
@@ -8,42 +8,42 @@ Google 1 164 1
HTTP_Proxy 26 3926 1
KakaoTalk 55 9990 15
- 1 UDP 10.188.1.1:53 <-> 10.24.82.188:56820 [proto: 193/KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com]
- 2 UDP 10.188.1.1:53 <-> 10.24.82.188:57816 [proto: 193/KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com]
- 3 UDP 10.188.1.1:53 <-> 10.24.82.188:58810 [proto: 193/KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com]
+ 1 UDP 10.188.1.1:53 <-> 10.24.82.188:56820 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com]
+ 2 UDP 10.188.1.1:53 <-> 10.24.82.188:57816 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com]
+ 3 UDP 10.188.1.1:53 <-> 10.24.82.188:58810 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com]
4 TCP 10.24.82.188:34503 <-> 120.28.26.242:80 [proto: 7/HTTP][1 pkts/56 bytes]
5 ICMP 10.188.191.1:0 <-> 10.24.82.188:0 [proto: 81/ICMP][1 pkts/147 bytes]
- 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 119/Facebook][2 pkts/229 bytes][Host: developers.facebook.com]
- 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 193/KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com]
+ 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com]
+ 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com]
8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes]
- 9 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 193/KakaoTalk][27 pkts/7126 bytes][SSL server: *.kakao.com]
- 10 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 193/KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com]
- 11 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 193/KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com]
- 12 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 193/KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com]
+ 9 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][SSL server: *.kakao.com]
+ 10 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com]
+ 11 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com]
+ 12 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com]
13 TCP 31.13.68.84:80 <-> 10.24.82.188:37553 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com]
14 TCP 31.13.68.84:80 <-> 10.24.82.188:37557 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com]
- 15 UDP 10.188.1.1:53 <-> 10.24.82.188:41909 [proto: 193/KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com]
- 16 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 193/KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com]
- 17 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 193/KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com]
- 18 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 193/KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com]
+ 15 UDP 10.188.1.1:53 <-> 10.24.82.188:41909 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com]
+ 16 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com]
+ 17 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com]
+ 18 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com]
19 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][SSL server: *.push.samsungosp.com]
- 20 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 193/KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com]
- 21 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 119/Facebook][38 pkts/7591 bytes][SSL server: *.facebook.com]
- 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 119/Facebook][36 pkts/7152 bytes][SSL server: *.facebook.com]
+ 20 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com]
+ 21 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][SSL server: *.facebook.com]
+ 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][SSL server: *.facebook.com]
23 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes]
- 24 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 193/KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com]
+ 24 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com]
25 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes]
26 UDP 10.188.1.1:53 <-> 10.24.82.188:14650 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa]
- 27 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 119/Facebook][2 pkts/218 bytes][Host: graph.facebook.com]
+ 27 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com]
28 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7/HTTP][14 pkts/784 bytes]
- 29 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 119/Facebook][2 pkts/196 bytes][Host: api.facebook.com]
+ 29 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com]
30 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes]
31 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91/SSL][1 pkts/83 bytes]
- 32 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 193/KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com]
- 33 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 119/Facebook][34 pkts/9655 bytes][SSL client: graph.facebook.com]
- 34 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 119/Facebook][19 pkts/7707 bytes][SSL client: api.facebook.com]
- 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 119/Facebook][29 pkts/9077 bytes][SSL client: developers.facebook.com]
- 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 119/Facebook][28 pkts/7561 bytes][SSL server: *.facebook.com]
+ 32 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com]
+ 33 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][SSL client: graph.facebook.com]
+ 34 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][SSL client: api.facebook.com]
+ 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][SSL client: developers.facebook.com]
+ 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][SSL server: *.facebook.com]
37 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91/SSL][4 pkts/251 bytes]
diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out
index cc89066ea..3cf76becd 100644
--- a/tests/result/KakaoTalk_talk.pcap.out
+++ b/tests/result/KakaoTalk_talk.pcap.out
@@ -6,20 +6,20 @@ SSL 10 1517 5
Facebook 2 197 1
Google 2 220 2
HTTP_Proxy 31 3565 3
-TOR 40 10538 1
+Tor 40 10538 1
KakaoTalk_Voice 44 6196 2
1 TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes]
- 2 TCP 10.24.82.188:38380 <-> 173.194.117.229:443 [proto: 126/Google][1 pkts/56 bytes]
+ 2 TCP 10.24.82.188:38380 <-> 173.194.117.229:443 [proto: 91.126/SSL.Google][1 pkts/56 bytes]
3 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][11 pkts/1488 bytes]
- 4 UDP 10.188.1.1:53 <-> 10.24.82.188:25223 [proto: 119/Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com]
+ 4 UDP 10.188.1.1:53 <-> 10.24.82.188:25223 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com]
5 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91/SSL][2 pkts/124 bytes]
6 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes]
7 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes]
8 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes]
9 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes]
10 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes]
- 11 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/TOR][40 pkts/10538 bytes]
+ 11 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes]
12 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91/SSL][1 pkts/56 bytes]
13 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 131/HTTP_Proxy][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com]
14 UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes]
diff --git a/tests/result/Meu.pcap.out b/tests/result/Meu.pcap.out
index 660c917e9..788681ba2 100644
--- a/tests/result/Meu.pcap.out
+++ b/tests/result/Meu.pcap.out
@@ -1,28 +1,28 @@
-Meu 814 658545 26
+TIM_Meu 814 658545 26
- 1 TCP 10.8.0.1:55226 <-> 189.40.216.95:443 [proto: 191/Meu][62 pkts/31584 bytes][SSL client: appmeutim.tim.com.br]
- 2 TCP 10.8.0.1:55230 <-> 189.40.216.95:443 [proto: 191/Meu][27 pkts/11642 bytes][SSL client: appmeutim.tim.com.br]
- 3 TCP 10.8.0.1:55232 <-> 189.40.216.95:443 [proto: 191/Meu][37 pkts/37269 bytes][SSL client: appmeutim.tim.com.br]
- 4 TCP 10.8.0.1:55234 <-> 189.40.216.95:443 [proto: 191/Meu][21 pkts/9350 bytes][SSL client: appmeutim.tim.com.br]
- 5 TCP 10.8.0.1:55236 <-> 189.40.216.95:443 [proto: 191/Meu][13 pkts/1181 bytes][SSL client: appmeutim.tim.com.br]
- 6 TCP 10.8.0.1:55238 <-> 189.40.216.95:443 [proto: 191/Meu][13 pkts/1181 bytes][SSL client: appmeutim.tim.com.br]
- 7 TCP 10.8.0.1:55250 <-> 189.40.216.95:443 [proto: 191/Meu][22 pkts/9903 bytes][SSL client: appmeutim.tim.com.br]
- 8 TCP 10.8.0.1:55252 <-> 189.40.216.95:443 [proto: 191/Meu][34 pkts/20796 bytes][SSL client: appmeutim.tim.com.br]
- 9 TCP 10.8.0.1:55254 <-> 189.40.216.95:443 [proto: 191/Meu][27 pkts/8864 bytes][SSL client: appmeutim.tim.com.br]
- 10 TCP 10.8.0.1:55262 <-> 189.40.216.95:443 [proto: 191/Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br]
- 11 TCP 10.8.0.1:55264 <-> 189.40.216.95:443 [proto: 191/Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br]
- 12 TCP 10.8.0.1:55268 <-> 189.40.216.95:443 [proto: 191/Meu][26 pkts/6969 bytes][SSL client: appmeutim.tim.com.br]
- 13 TCP 10.8.0.1:55270 <-> 189.40.216.95:443 [proto: 191/Meu][56 pkts/36838 bytes][SSL client: appmeutim.tim.com.br]
- 14 TCP 10.8.0.1:55272 <-> 189.40.216.95:443 [proto: 191/Meu][53 pkts/142338 bytes][SSL client: appmeutim.tim.com.br]
- 15 TCP 10.8.0.1:55276 <-> 189.40.216.95:443 [proto: 191/Meu][20 pkts/7059 bytes][SSL client: appmeutim.tim.com.br]
- 16 TCP 10.8.0.1:55227 <-> 189.40.216.95:443 [proto: 191/Meu][41 pkts/19844 bytes][SSL client: appmeutim.tim.com.br]
- 17 TCP 10.8.0.1:55231 <-> 189.40.216.95:443 [proto: 191/Meu][33 pkts/14083 bytes][SSL client: appmeutim.tim.com.br]
- 18 TCP 10.8.0.1:55233 <-> 189.40.216.95:443 [proto: 191/Meu][96 pkts/137364 bytes][SSL client: appmeutim.tim.com.br]
- 19 TCP 10.8.0.1:55235 <-> 189.40.216.95:443 [proto: 191/Meu][19 pkts/5178 bytes][SSL client: appmeutim.tim.com.br]
- 20 TCP 10.8.0.1:55237 <-> 189.40.216.95:443 [proto: 191/Meu][13 pkts/1181 bytes][SSL client: appmeutim.tim.com.br]
- 21 TCP 10.8.0.1:55239 <-> 189.40.216.95:443 [proto: 191/Meu][85 pkts/122532 bytes][SSL client: appmeutim.tim.com.br]
- 22 TCP 10.8.0.1:55251 <-> 189.40.216.95:443 [proto: 191/Meu][20 pkts/6243 bytes][SSL client: appmeutim.tim.com.br]
- 23 TCP 10.8.0.1:55253 <-> 189.40.216.95:443 [proto: 191/Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br]
- 24 TCP 10.8.0.1:55255 <-> 189.40.216.95:443 [proto: 191/Meu][17 pkts/4594 bytes][SSL client: appmeutim.tim.com.br]
- 25 TCP 10.8.0.1:55263 <-> 189.40.216.95:443 [proto: 191/Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br]
- 26 TCP 10.8.0.1:55273 <-> 189.40.216.95:443 [proto: 191/Meu][19 pkts/4608 bytes][SSL client: appmeutim.tim.com.br]
+ 1 TCP 10.8.0.1:55226 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][62 pkts/31584 bytes][SSL client: appmeutim.tim.com.br]
+ 2 TCP 10.8.0.1:55230 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][27 pkts/11642 bytes][SSL client: appmeutim.tim.com.br]
+ 3 TCP 10.8.0.1:55232 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][37 pkts/37269 bytes][SSL client: appmeutim.tim.com.br]
+ 4 TCP 10.8.0.1:55234 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][21 pkts/9350 bytes][SSL client: appmeutim.tim.com.br]
+ 5 TCP 10.8.0.1:55236 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][13 pkts/1181 bytes][SSL client: appmeutim.tim.com.br]
+ 6 TCP 10.8.0.1:55238 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][13 pkts/1181 bytes][SSL client: appmeutim.tim.com.br]
+ 7 TCP 10.8.0.1:55250 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][22 pkts/9903 bytes][SSL client: appmeutim.tim.com.br]
+ 8 TCP 10.8.0.1:55252 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][34 pkts/20796 bytes][SSL client: appmeutim.tim.com.br]
+ 9 TCP 10.8.0.1:55254 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][27 pkts/8864 bytes][SSL client: appmeutim.tim.com.br]
+ 10 TCP 10.8.0.1:55262 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br]
+ 11 TCP 10.8.0.1:55264 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br]
+ 12 TCP 10.8.0.1:55268 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][26 pkts/6969 bytes][SSL client: appmeutim.tim.com.br]
+ 13 TCP 10.8.0.1:55270 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][56 pkts/36838 bytes][SSL client: appmeutim.tim.com.br]
+ 14 TCP 10.8.0.1:55272 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][53 pkts/142338 bytes][SSL client: appmeutim.tim.com.br]
+ 15 TCP 10.8.0.1:55276 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][20 pkts/7059 bytes][SSL client: appmeutim.tim.com.br]
+ 16 TCP 10.8.0.1:55227 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][41 pkts/19844 bytes][SSL client: appmeutim.tim.com.br]
+ 17 TCP 10.8.0.1:55231 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][33 pkts/14083 bytes][SSL client: appmeutim.tim.com.br]
+ 18 TCP 10.8.0.1:55233 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][96 pkts/137364 bytes][SSL client: appmeutim.tim.com.br]
+ 19 TCP 10.8.0.1:55235 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][19 pkts/5178 bytes][SSL client: appmeutim.tim.com.br]
+ 20 TCP 10.8.0.1:55237 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][13 pkts/1181 bytes][SSL client: appmeutim.tim.com.br]
+ 21 TCP 10.8.0.1:55239 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][85 pkts/122532 bytes][SSL client: appmeutim.tim.com.br]
+ 22 TCP 10.8.0.1:55251 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][20 pkts/6243 bytes][SSL client: appmeutim.tim.com.br]
+ 23 TCP 10.8.0.1:55253 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br]
+ 24 TCP 10.8.0.1:55255 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][17 pkts/4594 bytes][SSL client: appmeutim.tim.com.br]
+ 25 TCP 10.8.0.1:55263 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][15 pkts/4486 bytes][SSL client: appmeutim.tim.com.br]
+ 26 TCP 10.8.0.1:55273 <-> 189.40.216.95:443 [proto: 91.191/SSL.TIM_Meu][19 pkts/4608 bytes][SSL client: appmeutim.tim.com.br]
diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out
new file mode 100644
index 000000000..1f9e194a9
--- /dev/null
+++ b/tests/result/Oscar.pcap.out
@@ -0,0 +1,3 @@
+Oscar 71 9386 1
+
+ 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 69/Oscar][71 pkts/9386 bytes]
diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out
index 76b05e607..111be80e6 100644
--- a/tests/result/google_ssl.pcap.out
+++ b/tests/result/google_ssl.pcap.out
@@ -1,3 +1,3 @@
Google 28 9108 1
- 1 TCP 216.58.212.100:443 <-> 172.31.3.224:42835 [proto: 126/Google][28 pkts/9108 bytes][SSL server: www.google.com]
+ 1 TCP 216.58.212.100:443 <-> 172.31.3.224:42835 [proto: 91.126/SSL.Google][28 pkts/9108 bytes][SSL server: www.google.com]
diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out
index 6ccc2e8e0..84954bdea 100644
--- a/tests/result/skype.pcap.out
+++ b/tests/result/skype.pcap.out
@@ -74,16 +74,16 @@ Spotify 5 430 1
61 UDP 192.168.1.34:13021 <-> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes]
62 UDP 192.168.1.34:13021 <-> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes]
63 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][14 pkts/1132 bytes]
- 64 UDP 192.168.1.1:53 <-> 192.168.1.34:49163 [proto: 125/Skype][7 pkts/546 bytes][Host: b.config.skype.com]
- 65 UDP 192.168.1.1:53 <-> 192.168.1.34:49793 [proto: 125/Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net]
- 66 UDP 192.168.1.1:53 <-> 192.168.1.34:49903 [proto: 125/Skype][9 pkts/648 bytes][Host: ui.skype.com]
+ 64 UDP 192.168.1.1:53 <-> 192.168.1.34:49163 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
+ 65 UDP 192.168.1.1:53 <-> 192.168.1.34:49793 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net]
+ 66 UDP 192.168.1.1:53 <-> 192.168.1.34:49903 [proto: 5.125/DNS.Skype][9 pkts/648 bytes][Host: ui.skype.com]
67 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][15 pkts/1920 bytes]
68 UDP 192.168.1.1:53 <-> 192.168.1.34:51879 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net]
- 69 UDP 192.168.1.1:53 <-> 192.168.1.34:54343 [proto: 125/Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net]
- 70 UDP 192.168.1.1:53 <-> 192.168.1.34:55159 [proto: 125/Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net]
- 71 UDP 192.168.1.1:53 <-> 192.168.1.34:55711 [proto: 125/Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net]
- 72 UDP 192.168.1.1:53 <-> 192.168.1.34:55893 [proto: 125/Skype][5 pkts/360 bytes][Host: ui.skype.com]
- 73 UDP 192.168.1.1:53 <-> 192.168.1.34:56387 [proto: 125/Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net]
+ 69 UDP 192.168.1.1:53 <-> 192.168.1.34:54343 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net]
+ 70 UDP 192.168.1.1:53 <-> 192.168.1.34:55159 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net]
+ 71 UDP 192.168.1.1:53 <-> 192.168.1.34:55711 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net]
+ 72 UDP 192.168.1.1:53 <-> 192.168.1.34:55893 [proto: 5.125/DNS.Skype][5 pkts/360 bytes][Host: ui.skype.com]
+ 73 UDP 192.168.1.1:53 <-> 192.168.1.34:56387 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net]
74 UDP 192.168.1.34:13021 <-> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes]
75 UDP 192.168.1.34:13021 <-> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes]
76 UDP 192.168.1.34:13021 <-> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes]
@@ -94,18 +94,18 @@ Spotify 5 430 1
81 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][20 pkts/1624 bytes]
82 UDP 192.168.1.1:53 <-> 192.168.1.34:63321 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net]
83 UDP 192.168.1.34:49485 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes]
- 84 UDP 192.168.1.1:53 <-> 192.168.1.34:63421 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 84 UDP 192.168.1.1:53 <-> 192.168.1.34:63421 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
85 UDP 192.168.1.1:53 <-> 192.168.1.34:64085 [proto: 5/DNS][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net]
- 86 UDP 192.168.1.1:53 <-> 192.168.1.34:65045 [proto: 125/Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net]
- 87 UDP 192.168.1.1:53 <-> 192.168.1.34:65037 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 86 UDP 192.168.1.1:53 <-> 192.168.1.34:65045 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net]
+ 87 UDP 192.168.1.1:53 <-> 192.168.1.34:65037 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
88 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 125/Skype][19 pkts/5111 bytes]
89 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][16 pkts/1262 bytes]
90 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][16 pkts/1270 bytes]
91 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][15 pkts/1212 bytes]
- 92 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 140/Apple][3 pkts/168 bytes]
- 93 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 143/AppleiCloud][86 pkts/20286 bytes][SSL client: p05-keyvalueservice.icloud.com]
- 94 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 125/Skype][18 pkts/3679 bytes][SSL client: apps.skypeassets.com]
- 95 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 125/Skype][15 pkts/2340 bytes][SSL client: apps.skype.com]
+ 92 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][3 pkts/168 bytes]
+ 93 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][86 pkts/20286 bytes][SSL client: p05-keyvalueservice.icloud.com]
+ 94 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][18 pkts/3679 bytes][SSL client: apps.skypeassets.com]
+ 95 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][15 pkts/2340 bytes][SSL client: apps.skype.com]
96 UDP 192.168.1.34:13021 <-> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes]
97 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes]
98 UDP 192.168.1.34:13021 <-> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes]
@@ -179,7 +179,7 @@ Spotify 5 430 1
166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 125/Skype][15 pkts/1513 bytes]
167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 125/Skype][16 pkts/1754 bytes]
168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 125/Skype][15 pkts/1590 bytes]
- 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 125/Skype][8 pkts/608 bytes]
+ 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes]
170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes]
171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes]
172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes]
@@ -205,46 +205,46 @@ Spotify 5 430 1
192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes]
193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes]
194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes]
- 195 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 195 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
196 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes]
197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes]
- 198 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 125/Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net]
+ 198 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net]
199 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 125/Skype][8 pkts/608 bytes]
200 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][6 pkts/3264 bytes]
201 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][5 pkts/2720 bytes]
202 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes]
- 203 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 125/Skype][7 pkts/546 bytes][Host: b.config.skype.com]
- 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 125/Skype][7 pkts/546 bytes][Host: b.config.skype.com]
- 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 125/Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net]
- 206 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 125/Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net]
+ 203 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
+ 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
+ 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net]
+ 206 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net]
207 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 125/Skype][16 pkts/1592 bytes]
208 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 125/Skype][16 pkts/1376 bytes]
- 209 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 125/Skype][7 pkts/511 bytes][Host: api.skype.com]
+ 209 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com]
210 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes]
211 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes]
212 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes]
213 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes]
- 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 125/Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net]
- 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 125/Skype][7 pkts/546 bytes][Host: b.config.skype.com]
- 216 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net]
+ 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
+ 216 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
217 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes]
218 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes]
219 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes]
220 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes]
221 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes]
222 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes]
- 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
- 224 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 125/Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net]
- 225 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 224 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net]
+ 225 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
226 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes]
- 227 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 143/AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net]
- 228 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 125/Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net]
+ 227 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net]
+ 228 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net]
229 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes]
230 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes]
- 231 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 125/Skype][7 pkts/511 bytes][Host: api.skype.com]
+ 231 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com]
232 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes]
233 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes]
- 234 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 125/Skype][17 pkts/3535 bytes][SSL client: apps.skype.com]
+ 234 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][SSL client: apps.skype.com]
235 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes]
236 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes]
237 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes]
@@ -284,7 +284,7 @@ Spotify 5 430 1
271 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 125/Skype][20 pkts/1516 bytes]
272 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes]
273 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes]
- 274 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 121/DropBox][16 pkts/5980 bytes]
+ 274 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.DropBox][16 pkts/5980 bytes]
275 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 125/Skype][14 pkts/1208 bytes]
276 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 125/Skype][13 pkts/1109 bytes]
277 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes]
diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out
index d7feddaaa..bd0a5d9b4 100644
--- a/tests/result/skype_no_unknown.pcap.out
+++ b/tests/result/skype_no_unknown.pcap.out
@@ -66,10 +66,10 @@ Apple 84 20699 2
54 UDP 192.168.1.34:13021 <-> 157.55.235.171:40006 [proto: 125/Skype][1 pkts/66 bytes]
55 UDP 192.168.1.34:13021 <-> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/68 bytes]
56 UDP 133.236.67.25:49195 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/60 bytes]
- 57 UDP 192.168.1.1:53 <-> 192.168.1.34:50055 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 57 UDP 192.168.1.1:53 <-> 192.168.1.34:50055 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
58 TCP 149.13.32.15:13392 <-> 192.168.1.34:51305 [proto: 125/Skype][18 pkts/1426 bytes]
59 TCP 149.13.32.15:13392 <-> 192.168.1.34:51309 [proto: 125/Skype][15 pkts/1197 bytes]
- 60 UDP 192.168.1.1:53 <-> 192.168.1.34:51753 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 60 UDP 192.168.1.1:53 <-> 192.168.1.34:51753 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
61 TCP 192.168.1.34:51262 <-> 213.199.179.176:443 [proto: 125/Skype][16 pkts/1637 bytes]
62 TCP 192.168.1.34:51251 <-> 64.4.23.166:40029 [proto: 125/Skype][16 pkts/1297 bytes]
63 UDP 111.221.74.14:443 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/60 bytes]
@@ -79,13 +79,13 @@ Apple 84 20699 2
67 UDP 192.168.1.34:13021 <-> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/68 bytes]
68 UDP 192.168.1.34:13021 <-> 213.199.179.149:40030 [proto: 125/Skype][1 pkts/73 bytes]
69 UDP 192.168.1.34:13021 <-> 213.199.179.165:40004 [proto: 125/Skype][1 pkts/78 bytes]
- 70 UDP 192.168.1.1:53 <-> 192.168.1.34:58631 [proto: 125/Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net]
- 71 UDP 192.168.1.1:53 <-> 192.168.1.34:59113 [proto: 125/Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net]
- 72 UDP 192.168.1.1:53 <-> 192.168.1.34:60413 [proto: 125/Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net]
- 73 UDP 192.168.1.1:53 <-> 192.168.1.34:61095 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
- 74 UDP 192.168.1.1:53 <-> 192.168.1.34:62875 [proto: 125/Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net]
+ 70 UDP 192.168.1.1:53 <-> 192.168.1.34:58631 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net]
+ 71 UDP 192.168.1.1:53 <-> 192.168.1.34:59113 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net]
+ 72 UDP 192.168.1.1:53 <-> 192.168.1.34:60413 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net]
+ 73 UDP 192.168.1.1:53 <-> 192.168.1.34:61095 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 74 UDP 192.168.1.1:53 <-> 192.168.1.34:62875 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net]
75 UDP 192.168.1.1:53 <-> 192.168.1.34:63661 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net]
- 76 UDP 192.168.1.1:53 <-> 192.168.1.34:64971 [proto: 125/Skype][7 pkts/546 bytes][Host: a.config.skype.com]
+ 76 UDP 192.168.1.1:53 <-> 192.168.1.34:64971 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com]
77 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][14 pkts/1142 bytes]
78 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 125/Skype][23 pkts/12290 bytes]
79 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 125/Skype][1 pkts/78 bytes]
@@ -125,9 +125,9 @@ Apple 84 20699 2
113 TCP 192.168.1.34:51302 <-> 91.190.216.125:443 [proto: 125/Skype][10 pkts/599 bytes]
114 UDP 192.168.1.34:13021 <-> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/70 bytes]
115 UDP 111.221.74.18:33033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes]
- 116 TCP 192.168.1.34:51222 <-> 108.160.163.108:443 [proto: 121/DropBox][8 pkts/2990 bytes]
+ 116 TCP 192.168.1.34:51222 <-> 108.160.163.108:443 [proto: 91.121/SSL.DropBox][8 pkts/2990 bytes]
117 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 125/Skype][14 pkts/1253 bytes]
- 118 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 125/Skype][3 pkts/206 bytes]
+ 118 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes]
119 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes]
120 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes]
121 UDP 111.221.74.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes]
@@ -188,19 +188,19 @@ Apple 84 20699 2
176 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes]
177 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes]
178 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes]
- 179 UDP 192.168.1.1:53 <-> 192.168.1.34:49864 [proto: 125/Skype][7 pkts/511 bytes][Host: api.skype.com]
+ 179 UDP 192.168.1.1:53 <-> 192.168.1.34:49864 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com]
180 TCP 149.13.32.15:13392 <-> 192.168.1.34:51316 [proto: 125/Skype][14 pkts/1176 bytes]
181 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][2 pkts/1088 bytes]
182 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/DropBox][2 pkts/1088 bytes]
183 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes]
- 184 UDP 192.168.1.1:53 <-> 192.168.1.34:53372 [proto: 125/Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net]
+ 184 UDP 192.168.1.1:53 <-> 192.168.1.34:53372 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net]
185 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes]
186 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 125/Skype][15 pkts/1415 bytes]
- 187 UDP 192.168.1.1:53 <-> 192.168.1.34:55028 [proto: 125/Skype][7 pkts/546 bytes][Host: a.config.skype.com]
+ 187 UDP 192.168.1.1:53 <-> 192.168.1.34:55028 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com]
188 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes]
189 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes]
- 190 UDP 192.168.1.1:53 <-> 192.168.1.34:55866 [proto: 125/Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
- 191 UDP 192.168.1.1:53 <-> 192.168.1.34:57592 [proto: 125/Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net]
+ 190 UDP 192.168.1.1:53 <-> 192.168.1.34:55866 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net]
+ 191 UDP 192.168.1.1:53 <-> 192.168.1.34:57592 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net]
192 UDP 192.168.1.1:53 <-> 192.168.1.34:57694 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com]
193 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes]
194 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes]
@@ -212,14 +212,14 @@ Apple 84 20699 2
200 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes]
201 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes]
202 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net]
- 203 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 125/Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net]
- 204 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 125/Skype][1 pkts/80 bytes][Host: apps.skypeassets.com]
+ 203 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net]
+ 204 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com]
205 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes]
- 206 UDP 192.168.1.1:53 <-> 192.168.1.34:63342 [proto: 125/Skype][7 pkts/546 bytes][Host: b.config.skype.com]
- 207 UDP 192.168.1.1:53 <-> 192.168.1.34:63514 [proto: 125/Skype][8 pkts/576 bytes][Host: ui.skype.com]
- 208 UDP 192.168.1.1:53 <-> 192.168.1.34:64240 [proto: 125/Skype][7 pkts/511 bytes][Host: api.skype.com]
- 209 UDP 192.168.1.1:53 <-> 192.168.1.34:64258 [proto: 125/Skype][7 pkts/546 bytes][Host: b.config.skype.com]
- 210 UDP 192.168.1.1:53 <-> 192.168.1.34:64364 [proto: 125/Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net]
+ 206 UDP 192.168.1.1:53 <-> 192.168.1.34:63342 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
+ 207 UDP 192.168.1.1:53 <-> 192.168.1.34:63514 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com]
+ 208 UDP 192.168.1.1:53 <-> 192.168.1.34:64240 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com]
+ 209 UDP 192.168.1.1:53 <-> 192.168.1.34:64258 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com]
+ 210 UDP 192.168.1.1:53 <-> 192.168.1.34:64364 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net]
211 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes]
212 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes]
213 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes]
@@ -230,12 +230,12 @@ Apple 84 20699 2
218 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes]
219 TCP 111.221.74.18:40025 <-> 192.168.1.34:51267 [proto: 125/Skype][14 pkts/1163 bytes]
220 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes]
- 221 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 140/Apple][76 pkts/19581 bytes]
+ 221 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes]
222 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes]
223 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes]
224 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes]
- 225 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 125/Skype][17 pkts/3535 bytes][SSL client: apps.skype.com]
- 226 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 125/Skype][12 pkts/2148 bytes][SSL client: apps.skype.com]
+ 225 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][SSL client: apps.skype.com]
+ 226 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][SSL client: apps.skype.com]
227 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes]
228 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes]
229 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes]
diff --git a/tests/result/snapchat.pcap.out b/tests/result/snapchat.pcap.out
index cb75d1a87..132460e25 100644
--- a/tests/result/snapchat.pcap.out
+++ b/tests/result/snapchat.pcap.out
@@ -1,6 +1,6 @@
SSL_No_Cert 22 2879 1
Snapchat 34 7320 2
- 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 199/Snapchat][17 pkts/3943 bytes][SSL client: feelinsonice-hrd.appspot.com]
- 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 199/Snapchat][17 pkts/3377 bytes][SSL client: feelinsonice-hrd.appspot.com]
+ 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3943 bytes][SSL client: feelinsonice-hrd.appspot.com]
+ 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3377 bytes][SSL client: feelinsonice-hrd.appspot.com]
3 TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 64/SSL_No_Cert][22 pkts/2879 bytes]
diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out
new file mode 100644
index 000000000..8627460d6
--- /dev/null
+++ b/tests/result/starcraft_battle.pcap.out
@@ -0,0 +1,67 @@
+Unknown 2 121 1
+DNS 18 1956 5
+HTTP 180 134270 2
+SSDP 11 4984 1
+WorldOfWarcraft 9 880 1
+IGMP 2 120 1
+SSL 43 2903 13
+Google 12 1467 2
+Quic 6 475 1
+Battle.net 278 161502 19
+Starcraft 236 51494 6
+
+ 1 TCP 80.239.186.21:80 <-> 192.168.1.100:3516 [proto: 7.213/HTTP.Battle.net][12 pkts/3680 bytes][Host: eu.launcher.battle.net]
+ 2 TCP 80.239.186.26:80 <-> 192.168.1.100:3518 [proto: 7.213/HTTP.Battle.net][10 pkts/1226 bytes][Host: nydus.battle.net]
+ 3 TCP 80.239.186.21:80 <-> 192.168.1.100:3522 [proto: 7.213/HTTP.Battle.net][11 pkts/3620 bytes][Host: eu.launcher.battle.net]
+ 4 TCP 80.239.186.26:80 <-> 192.168.1.100:3524 [proto: 7.213/HTTP.Battle.net][10 pkts/1214 bytes][Host: nydus.battle.net]
+ 5 TCP 80.239.186.40:80 <-> 192.168.1.100:3526 [proto: 7.213/HTTP.Battle.net][11 pkts/3686 bytes][Host: eu.battle.net]
+ 6 TCP 192.168.1.100:3427 <-> 80.239.208.193:1119 [proto: 214/Starcraft][13 pkts/902 bytes]
+ 7 UDP 239.255.255.250:1900 <-> 192.168.1.254:38605 [proto: 12/SSDP][11 pkts/4984 bytes]
+ 8 UDP 192.168.1.100:53145 <-> 192.168.1.254:53 [proto: 5.213/DNS.Battle.net][4 pkts/336 bytes][Host: nydus.battle.net]
+ 9 UDP 192.168.1.100:58831 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/417 bytes][Host: 254.1.168.192.in-addr.arpa]
+ 10 UDP 192.168.1.100:58851 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/455 bytes][Host: 22.40.194.173.in-addr.arpa]
+ 11 TCP 192.168.1.100:3484 <-> 173.194.113.224:443 [proto: 91.126/SSL.Google][3 pkts/168 bytes]
+ 12 TCP 192.168.1.100:3486 <-> 199.38.164.156:443 [proto: 91/SSL][4 pkts/228 bytes]
+ 13 UDP 192.168.1.100:53146 <-> 5.42.180.154:1119 [proto: 214/Starcraft][2 pkts/104 bytes]
+ 14 TCP 192.168.1.100:3052 <-> 216.58.212.110:443 [proto: 91/SSL][2 pkts/121 bytes]
+ 15 TCP 192.168.1.100:3528 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][29 pkts/25105 bytes][Host: bnetcmsus-a.akamaihd.net]
+ 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
+ 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net]
+ 18 TCP 192.168.1.100:3534 <-> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes]
+ 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes]
+ 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes]
+ 21 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes]
+ 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes]
+ 23 TCP 80.239.186.26:80 <-> 192.168.1.100:3515 [proto: 7.213/HTTP.Battle.net][10 pkts/1224 bytes][Host: nydus.battle.net]
+ 24 TCP 80.239.186.21:80 <-> 192.168.1.100:3519 [proto: 7.213/HTTP.Battle.net][9 pkts/979 bytes][Host: eu.launcher.battle.net]
+ 25 TCP 80.239.186.26:80 <-> 192.168.1.100:3521 [proto: 7.213/HTTP.Battle.net][10 pkts/1224 bytes][Host: nydus.battle.net]
+ 26 TCP 80.239.186.26:80 <-> 192.168.1.100:3523 [proto: 7.213/HTTP.Battle.net][10 pkts/1208 bytes][Host: nydus.battle.net]
+ 27 TCP 80.239.186.40:80 <-> 192.168.1.100:3525 [proto: 7.213/HTTP.Battle.net][12 pkts/3933 bytes][Host: eu.battle.net]
+ 28 TCP 80.239.186.26:443 <-> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes]
+ 29 TCP 80.239.186.40:443 <-> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes]
+ 30 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7/HTTP][179 pkts/134204 bytes][Host: llnw.blizzard.com]
+ 31 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/Quic][6 pkts/475 bytes]
+ 32 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5.213/DNS.Battle.net][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net]
+ 33 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/432 bytes][Host: 91.252.30.192.in-addr.arpa]
+ 34 UDP 192.168.1.100:58844 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/210 bytes][Host: 40.186.239.80.in-addr.arpa]
+ 35 UDP 192.168.1.100:60026 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/442 bytes][Host: llnw.blizzard.com]
+ 36 TCP 192.168.1.100:3506 <-> 173.194.113.224:80 [proto: 7.126/HTTP.Google][9 pkts/1299 bytes][Host: www.google-analytics.com]
+ 37 TCP 192.30.252.91:443 <-> 192.168.1.100:3213 [proto: 91/SSL][3 pkts/234 bytes]
+ 38 IGMP 224.0.0.22:0 <-> 192.168.1.107:0 [proto: 82/IGMP][2 pkts/120 bytes]
+ 39 TCP 192.168.1.100:3517 <-> 213.248.127.130:1119 [proto: 214/Starcraft][215 pkts/50178 bytes]
+ 40 UDP 192.168.1.100:6113 <-> 213.248.127.212:1119 [proto: 214/Starcraft][2 pkts/103 bytes]
+ 41 UDP 192.168.1.100:6113 <-> 213.248.127.166:1119 [proto: 214/Starcraft][2 pkts/103 bytes]
+ 42 TCP 192.168.1.100:3527 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][41 pkts/37433 bytes][Host: bnetcmsus-a.akamaihd.net]
+ 43 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
+ 44 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net]
+ 45 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7.213/HTTP.Battle.net][4 pkts/386 bytes][Host: bnetcmsus-a.akamaihd.net]
+ 46 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes]
+ 47 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes]
+ 48 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes]
+ 49 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes]
+ 50 TCP 12.129.222.54:80 <-> 192.168.1.100:3512 [proto: 7.76/HTTP.WorldOfWarcraft][9 pkts/880 bytes][Host: us.scan.worldofwarcraft.com]
+ 51 UDP 62.115.246.51:1119 <-> 192.168.1.100:53146 [proto: 214/Starcraft][2 pkts/104 bytes]
+
+
+Undetected flows:
+ 1 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 0/Unknown][2 pkts/121 bytes]
diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out
new file mode 100644
index 000000000..49a6b96e0
--- /dev/null
+++ b/tests/result/waze.pcap.out
@@ -0,0 +1,44 @@
+Unknown 10 786 1
+HTTP 37 63205 1
+NTP 2 180 1
+SSL_No_Cert 13 2142 1
+Waze 484 289335 19
+WhatsApp 15 1341 1
+Simet 36 2004 9
+
+ 1 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][15 pkts/1341 bytes]
+ 2 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][32 pkts/44619 bytes][SSL server: *.world.waze.com]
+ 3 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][20 pkts/5673 bytes][SSL server: *.world.waze.com]
+ 4 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][28 pkts/27886 bytes][SSL server: *.world.waze.com]
+ 5 TCP 200.160.4.49:80 <-> 10.16.37.157:41823 [proto: 7.200/HTTP.Simet][4 pkts/228 bytes]
+ 6 TCP 200.160.4.31:80 <-> 10.16.37.157:43991 [proto: 7.200/HTTP.Simet][4 pkts/228 bytes]
+ 7 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][18 pkts/5553 bytes][SSL server: *.waze.com]
+ 8 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7.200/HTTP.Simet][4 pkts/216 bytes]
+ 9 TCP 200.160.4.49:80 <-> 10.16.37.157:46473 [proto: 7.200/HTTP.Simet][4 pkts/228 bytes]
+ 10 TCP 200.160.4.49:80 <-> 10.16.37.157:52953 [proto: 7.200/HTTP.Simet][4 pkts/228 bytes]
+ 11 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][107 pkts/85712 bytes][SSL server: *.world.waze.com]
+ 12 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][37 pkts/11984 bytes][SSL server: *.world.waze.com]
+ 13 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][24 pkts/6585 bytes][SSL server: *.world.waze.com]
+ 14 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][16 pkts/9185 bytes][SSL server: *.world.waze.com]
+ 15 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][15 pkts/1365 bytes][Host: cres.waze.com]
+ 16 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1326 bytes][Host: cres.waze.com]
+ 17 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1286 bytes][Host: roadshields.waze.com]
+ 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1328 bytes][Host: cres.waze.com]
+ 19 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1323 bytes][Host: cres.waze.com]
+ 20 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1319 bytes][Host: cres.waze.com]
+ 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7/HTTP][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net]
+ 22 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][13 pkts/2142 bytes]
+ 23 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91.200/SSL.Simet][4 pkts/216 bytes]
+ 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][SSL server: *.waze.com]
+ 25 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][21 pkts/7715 bytes][SSL server: *.waze.com]
+ 26 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][2 pkts/180 bytes]
+ 27 TCP 200.160.4.49:80 <-> 10.16.37.157:52746 [proto: 7.200/HTTP.Simet][4 pkts/228 bytes]
+ 28 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7.200/HTTP.Simet][4 pkts/216 bytes]
+ 29 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91.200/SSL.Simet][4 pkts/216 bytes]
+ 30 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][23 pkts/5742 bytes][SSL server: *.world.waze.com]
+ 31 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][33 pkts/58896 bytes][SSL server: *.world.waze.com]
+ 32 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][17 pkts/4015 bytes][Host: roadshields.waze.com]
+
+
+Undetected flows:
+ 1 TCP 174.37.231.81:5222 <-> 10.16.37.157:42256 [proto: 0/Unknown][10 pkts/786 bytes]
diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out
index 88cedf98d..81b5d2fa6 100644
--- a/tests/result/whatsapp_login_call.pcap.out
+++ b/tests/result/whatsapp_login_call.pcap.out
@@ -17,16 +17,16 @@ WhatsAppVoice 662 83338 2
3 ICMP 192.168.2.4:0 <-> 91.253.176.65:0 [proto: 81/ICMP][10 pkts/700 bytes]
4 UDP 192.168.2.4:52794 <-> 91.253.176.65:9665 [proto: 189/WhatsAppVoice][198 pkts/30418 bytes]
5 UDP 173.252.114.1:3478 <-> 192.168.2.4:52794 [proto: 78/STUN][5 pkts/676 bytes]
- 6 UDP 192.168.2.1:53 <-> 192.168.2.4:51897 [proto: 140/Apple][2 pkts/330 bytes][Host: query.ess.apple.com]
+ 6 UDP 192.168.2.1:53 <-> 192.168.2.4:51897 [proto: 5.140/DNS.Apple][2 pkts/330 bytes][Host: query.ess.apple.com]
7 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
8 UDP 192.168.2.4:51518 <-> 1.194.90.191:60312 [proto: 78/STUN][15 pkts/1290 bytes]
- 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 140/Apple][3 pkts/162 bytes]
- 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 140/Apple][3 pkts/162 bytes]
- 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 140/Apple][3 pkts/162 bytes]
- 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 140/Apple][3 pkts/162 bytes]
- 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 140/Apple][3 pkts/162 bytes]
- 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 140/Apple][3 pkts/162 bytes]
- 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 145/AppleiTunes][32 pkts/9705 bytes][SSL client: p53-buy.itunes.apple.com]
+ 9 TCP 192.168.2.4:49166 <-> 17.154.66.121:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 10 TCP 192.168.2.4:49169 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 11 TCP 192.168.2.4:49176 <-> 17.130.137.77:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][SSL client: p53-buy.itunes.apple.com]
16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes]
17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78/STUN][5 pkts/676 bytes]
18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
@@ -48,22 +48,22 @@ WhatsAppVoice 662 83338 2
34 UDP 192.168.2.4:51518 <-> 91.253.176.65:9344 [proto: 189/WhatsAppVoice][464 pkts/52920 bytes]
35 TCP 192.168.2.4:49202 <-> 184.173.179.37:5222 [proto: 142/WhatsApp][180 pkts/24874 bytes]
36 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][3 pkts/258 bytes]
- 37 UDP 192.168.2.1:53 <-> 192.168.2.4:52190 [proto: 142/WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net]
+ 37 UDP 192.168.2.1:53 <-> 192.168.2.4:52190 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e13.whatsapp.net]
38 UDP 192.168.2.4:52794 <-> 1.194.90.191:51727 [proto: 128/NetFlow][12 pkts/1032 bytes]
39 TCP 192.168.2.4:49174 <-> 5.178.42.26:80 [proto: 7/HTTP][3 pkts/198 bytes]
- 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 140/Apple][3 pkts/162 bytes]
- 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 140/Apple][3 pkts/162 bytes]
- 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 140/Apple][3 pkts/162 bytes]
- 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 140/Apple][3 pkts/162 bytes]
- 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 140/Apple][3 pkts/162 bytes]
- 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 140/Apple][38 pkts/17220 bytes][SSL client: query.ess.apple.com]
- 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 140/Apple][3 pkts/162 bytes]
- 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 140/Apple][3 pkts/162 bytes]
- 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 140/Apple][3 pkts/162 bytes]
- 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 140/Apple][3 pkts/162 bytes]
- 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 140/Apple][3 pkts/198 bytes]
- 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 145/AppleiTunes][53 pkts/18382 bytes][SSL client: p53-buy.itunes.apple.com]
- 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 140/Apple][17 pkts/1998 bytes]
+ 40 TCP 192.168.2.4:49163 <-> 17.154.66.111:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 41 TCP 192.168.2.4:49175 <-> 17.172.100.53:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][SSL client: query.ess.apple.com]
+ 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes]
+ 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes]
+ 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][SSL client: p53-buy.itunes.apple.com]
+ 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes]
53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes]
54 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes]
55 UDP 192.168.2.1:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes]
diff --git a/tests/result/whatsapp_login_chat.pcap.out b/tests/result/whatsapp_login_chat.pcap.out
index 2cb7d8ff2..d109353a3 100644
--- a/tests/result/whatsapp_login_chat.pcap.out
+++ b/tests/result/whatsapp_login_chat.pcap.out
@@ -7,8 +7,8 @@ Spotify 1 86 1
1 UDP 192.168.2.1:17500 <-> 192.168.2.255:17500 [proto: 121/DropBox][2 pkts/1088 bytes]
2 UDP fe80::189c:c31b:1298:224:5353 <-> ff02::fb:5353 [proto: 8/MDNS][1 pkts/111 bytes]
- 3 UDP 192.168.2.1:53 <-> 192.168.2.4:61697 [proto: 142/WhatsApp][2 pkts/280 bytes][Host: e12.whatsapp.net]
- 4 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 140/Apple][44 pkts/21371 bytes]
+ 3 UDP 192.168.2.1:53 <-> 192.168.2.4:61697 [proto: 5.142/DNS.WhatsApp][2 pkts/280 bytes][Host: e12.whatsapp.net]
+ 4 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.140/SSL.Apple][44 pkts/21371 bytes]
5 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][6 pkts/2052 bytes]
6 TCP 192.168.2.4:49206 <-> 158.85.58.15:5222 [proto: 142/WhatsApp][30 pkts/2963 bytes]
7 UDP 192.168.2.1:57621 <-> 192.168.2.255:57621 [proto: 156/Spotify][1 pkts/86 bytes]
diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out
new file mode 100644
index 000000000..a03fab0ac
--- /dev/null
+++ b/tests/result/whatsapp_voice_and_message.pcap.out
@@ -0,0 +1,16 @@
+STUN 44 5916 8
+WhatsApp 217 22139 5
+
+ 1 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 2 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 3 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 4 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 78/STUN][9 pkts/1184 bytes]
+ 5 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 6 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 7 TCP 10.8.0.1:42241 <-> 173.192.222.189:5222 [proto: 142/WhatsApp][62 pkts/5609 bytes]
+ 8 TCP 10.8.0.1:35480 <-> 184.173.179.46:443 [proto: 142/WhatsApp][46 pkts/4990 bytes]
+ 9 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][30 pkts/4709 bytes]
+ 10 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][27 pkts/2220 bytes]
+ 11 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][52 pkts/4611 bytes]
+ 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78/STUN][5 pkts/676 bytes]
+ 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78/STUN][5 pkts/676 bytes]
Powered by cgit, Themed by Ted Yin.