diff options
| -rw-r--r-- | example/reader_util.c | 8 | ||||
| -rw-r--r-- | example/reader_util.h | 11 | ||||
| -rw-r--r-- | src/include/Makefile.am | 1 | ||||
| -rw-r--r-- | src/include/ndpi_classify.h | 26 | ||||
| -rw-r--r-- | src/include/ndpi_define.h.in | 2 | ||||
| -rw-r--r-- | src/include/ndpi_includes.h | 6 | ||||
| -rw-r--r-- | src/include/ndpi_includes_OpenBSD.h | 43 | ||||
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 1 | ||||
| -rw-r--r-- | src/include/ndpi_protocols.h | 1 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 3 | ||||
| -rw-r--r-- | src/lib/ndpi_classify.c | 52 | ||||
| -rw-r--r-- | src/lib/ndpi_community_id.c | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 7 | ||||
| -rw-r--r-- | src/lib/protocols/soap.c | 70 |
14 files changed, 183 insertions, 49 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index 7e68a378d..d0f16ab62 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -692,7 +692,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow u_int8_t **payload, u_int16_t *payload_len, u_int8_t *src_to_dst_direction, - struct timeval when) { + pkt_timeval when) { u_int32_t idx, l4_offset, hashval; struct ndpi_flow_info flow; void *ret; @@ -979,7 +979,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo u_int8_t **payload, u_int16_t *payload_len, u_int8_t *src_to_dst_direction, - struct timeval when) { + pkt_timeval when) { struct ndpi_iphdr iph; memset(&iph, 0, sizeof(iph)); @@ -1300,7 +1300,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, u_int16_t ipsize, u_int16_t rawsize, const struct pcap_pkthdr *header, const u_char *packet, - struct timeval when, + pkt_timeval when, FILE * csv_fp) { struct ndpi_id_struct *src, *dst; struct ndpi_flow_info *flow = NULL; @@ -1330,7 +1330,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, &payload, &payload_len, &src_to_dst_direction, when); if(flow != NULL) { - struct timeval tdiff; + pkt_timeval tdiff; workflow->stats.ip_packet_count++; workflow->stats.total_wire_bytes += rawsize + 24 /* CRC etc */, diff --git a/example/reader_util.h b/example/reader_util.h index d4e3dc74f..4dba29ddc 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -31,6 +31,7 @@ #include "uthash.h" #include <pcap.h> +#include "ndpi_includes.h" #include "ndpi_classify.h" #include "ndpi_typedefs.h" @@ -128,13 +129,13 @@ struct flow_metrics { struct ndpi_entropy { // Entropy fields - struct timeval src2dst_last_pkt_time, dst2src_last_pkt_time, flow_last_pkt_time; + pkt_timeval src2dst_last_pkt_time, dst2src_last_pkt_time, flow_last_pkt_time; u_int16_t src2dst_pkt_len[MAX_NUM_PKTS]; /*!< array of packet appdata lengths */ - struct timeval src2dst_pkt_time[MAX_NUM_PKTS]; /*!< array of arrival times */ + pkt_timeval src2dst_pkt_time[MAX_NUM_PKTS]; /*!< array of arrival times */ u_int16_t dst2src_pkt_len[MAX_NUM_PKTS]; /*!< array of packet appdata lengths */ - struct timeval dst2src_pkt_time[MAX_NUM_PKTS]; /*!< array of arrival times */ - struct timeval src2dst_start; /*!< first packet arrival time */ - struct timeval dst2src_start; /*!< first packet arrival time */ + pkt_timeval dst2src_pkt_time[MAX_NUM_PKTS]; /*!< array of arrival times */ + pkt_timeval src2dst_start; /*!< first packet arrival time */ + pkt_timeval dst2src_start; /*!< first packet arrival time */ u_int32_t src2dst_opackets; /*!< non-zero packet counts */ u_int32_t dst2src_opackets; /*!< non-zero packet counts */ u_int16_t src2dst_pkt_count; /*!< packet counts */ diff --git a/src/include/Makefile.am b/src/include/Makefile.am index db4e40f35..19d6c60cf 100644 --- a/src/include/Makefile.am +++ b/src/include/Makefile.am @@ -8,4 +8,5 @@ library_include_HEADERS = ndpi_api.h \ ndpi_protocol_ids.h \ ndpi_protocols.h \ ndpi_win32.h \ + ndpi_includes_OpenBSD.h \ ndpi_includes.h diff --git a/src/include/ndpi_classify.h b/src/include/ndpi_classify.h index 4d2cfff97..ab9212832 100644 --- a/src/include/ndpi_classify.h +++ b/src/include/ndpi_classify.h @@ -43,7 +43,7 @@ #ifndef NDPI_CLASSIFY_H #define NDPI_CLASSIFY_H - +#include "ndpi_includes.h" /* constants */ #define NUM_PARAMETERS_SPLT_LOGREG 208 @@ -66,27 +66,27 @@ extern float parameters_bd[NUM_PARAMETERS_BD_LOGREG]; extern float parameters_splt[NUM_PARAMETERS_SPLT_LOGREG]; /* Classifier functions */ -float ndpi_classify(const unsigned short *pkt_len, const struct timeval *pkt_time, - const unsigned short *pkt_len_twin, const struct timeval *pkt_time_twin, - struct timeval start_time, struct timeval start_time_twin, uint32_t max_num_pkt_len, +float ndpi_classify(const unsigned short *pkt_len, const pkt_timeval *pkt_time, + const unsigned short *pkt_len_twin, const pkt_timeval *pkt_time_twin, + pkt_timeval start_time, pkt_timeval start_time_twin, uint32_t max_num_pkt_len, uint16_t sp, uint16_t dp, uint32_t op, uint32_t ip, uint32_t np_o, uint32_t np_i, uint32_t ob, uint32_t ib, uint16_t use_bd, const uint32_t *bd, const uint32_t *bd_t); -void ndpi_merge_splt_arrays(const uint16_t *pkt_len, const struct timeval *pkt_time, - const uint16_t *pkt_len_twin, const struct timeval *pkt_time_twin, - struct timeval start_time, struct timeval start_time_twin, +void ndpi_merge_splt_arrays(const uint16_t *pkt_len, const pkt_timeval *pkt_time, + const uint16_t *pkt_len_twin, const pkt_timeval *pkt_time_twin, + pkt_timeval start_time, pkt_timeval start_time_twin, uint16_t s_idx, uint16_t r_idx, uint16_t *merged_lens, uint16_t *merged_times); void ndpi_update_params(classifier_type_codes_t param_type, const char *param_file); void ndpi_flow_info_freer(void *node); -unsigned int ndpi_timer_eq(const struct timeval *a, const struct timeval *b); -unsigned int ndpi_timer_lt(const struct timeval *a, const struct timeval *b); -void ndpi_timer_sub(const struct timeval *a, const struct timeval *b, struct timeval *result); -void ndpi_timer_clear(struct timeval *a); -unsigned int ndpi_timeval_to_milliseconds(struct timeval ts); -unsigned int ndpi_timeval_to_microseconds(struct timeval ts); +unsigned int ndpi_timer_eq(const pkt_timeval *a, const pkt_timeval *b); +unsigned int ndpi_timer_lt(const pkt_timeval *a, const pkt_timeval *b); +void ndpi_timer_sub(const pkt_timeval *a, const pkt_timeval *b, pkt_timeval *result); +void ndpi_timer_clear(pkt_timeval *a); +unsigned int ndpi_timeval_to_milliseconds(pkt_timeval ts); +unsigned int ndpi_timeval_to_microseconds(pkt_timeval ts); void ndpi_log_timestamp(char *log_ts, uint32_t log_ts_len); #endif /* NDPI_CLASSIFY_H */ diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index 990f84bf4..1fb0d282c 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -35,7 +35,9 @@ #include <endian.h> #define __BYTE_ORDER BYTE_ORDER #if BYTE_ORDER == LITTLE_ENDIAN +#ifndef __LITTLE_ENDIAN__ #define __LITTLE_ENDIAN__ +#endif /* __LITTLE_ENDIAN__ */ #else #define __BIG_ENDIAN__ #endif/* BYTE_ORDER */ diff --git a/src/include/ndpi_includes.h b/src/include/ndpi_includes.h index f8bde5194..99c50fe02 100644 --- a/src/include/ndpi_includes.h +++ b/src/include/ndpi_includes.h @@ -57,7 +57,7 @@ #if defined __NetBSD__ || defined __OpenBSD__ #include <netinet/in_systm.h> -#ifdef __OpenBSD__ +#if defined __OpenBSD__ #include <pthread.h> #endif @@ -67,4 +67,8 @@ #endif /* Win32 */ +#if defined __OpenBSD__ +#include "ndpi_includes_OpenBSD.h" +#endif /* __OpenBSD__ */ + #endif /* __NDPI_INCLUDES_H__ */ diff --git a/src/include/ndpi_includes_OpenBSD.h b/src/include/ndpi_includes_OpenBSD.h new file mode 100644 index 000000000..4efdbd844 --- /dev/null +++ b/src/include/ndpi_includes_OpenBSD.h @@ -0,0 +1,43 @@ +/* + * ndpi_includes_OpenBSD.h + * + * Copyright (C) 2011-16 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + +#ifndef __NDPI_INCLUDES_OPENBSD_H__ +#define __NDPI_INCLUDES_OPENBSD_H__ + +#ifdef __OpenBSD__ + +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif /* IPPROTO_SCTP */ + +#endif /* __OpenBSD__ */ + + +#ifdef __OpenBSD__ +#include <net/bpf.h> +typedef struct bpf_timeval pkt_timeval; +#else +typedef struct timeval pkt_timeval; +#endif /* __OpenBSD__ */ + +#endif /* __NDPI_INCLUDES_OPENBSD_H__ */ diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index d184ff4a5..07f444e8e 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -282,6 +282,7 @@ typedef enum { NDPI_PROTOCOL_MSTEAMS = 250, NDPI_PROTOCOL_WEBSOCKET = 251, /* Leonn Paiva <leonn.paiva@gmail.com> */ NDPI_PROTOCOL_ANYDESK = 252, /* Toni Uhlig <matzeton@googlemail.com> */ + NDPI_PROTOCOL_SOAP = 253, /* Toni Uhlig <matzeton@googlemail.com> */ #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h" diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 417c6fb8d..392abf9e1 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -213,5 +213,6 @@ void init_dnp3_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_104_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_s7comm_dissector(struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_websocket_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_soap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 40c27329e..d5baf9fe7 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -711,6 +711,9 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_MAIL_IMAP */ u_int32_t mail_imap_stage:3, mail_imap_starttls:2; + /* NDPI_PROTOCOL_SOAP */ + u_int32_t soap_stage:1; + /* NDPI_PROTOCOL_SKYPE */ u_int8_t skype_packet_id; diff --git a/src/lib/ndpi_classify.c b/src/lib/ndpi_classify.c index 9791db324..7b410e05f 100644 --- a/src/lib/ndpi_classify.c +++ b/src/lib/ndpi_classify.c @@ -240,9 +240,9 @@ float ndpi_parameters_bd[NUM_PARAMETERS_BD_LOGREG] = { }; /** - * \fn void ndpi_merge_splt_arrays (const uint16_t *pkt_len, const struct timeval *pkt_time, - const uint16_t *pkt_len_twin, const struct timeval *pkt_time_twin, - struct timeval start_time, struct timeval start_time_twin, + * \fn void ndpi_merge_splt_arrays (const uint16_t *pkt_len, const pkt_timeval *pkt_time, + const uint16_t *pkt_len_twin, const pkt_timeval *pkt_time_twin, + pkt_timeval start_time, pkt_timeval start_time_twin, uint16_t s_idx, uint16_t r_idx, uint16_t *merged_lens, uint16_t *merged_times, uint32_t max_num_pkt_len, uint32_t max_merged_num_pkts) @@ -260,16 +260,16 @@ float ndpi_parameters_bd[NUM_PARAMETERS_BD_LOGREG] = { * \return none */ void -ndpi_merge_splt_arrays (const uint16_t *pkt_len, const struct timeval *pkt_time, - const uint16_t *pkt_len_twin, const struct timeval *pkt_time_twin, - struct timeval start_time, struct timeval start_time_twin, +ndpi_merge_splt_arrays (const uint16_t *pkt_len, const pkt_timeval *pkt_time, + const uint16_t *pkt_len_twin, const pkt_timeval *pkt_time_twin, + pkt_timeval start_time, pkt_timeval start_time_twin, uint16_t s_idx, uint16_t r_idx, uint16_t *merged_lens, uint16_t *merged_times) { int s,r; - struct timeval ts_start = { 0, 0 }; /* initialize to avoid spurious warnings */ - struct timeval tmp, tmp_r; - struct timeval start_m; + pkt_timeval ts_start = { 0, 0 }; /* initialize to avoid spurious warnings */ + pkt_timeval tmp, tmp_r; + pkt_timeval start_m; if(r_idx + s_idx == 0) { return ; @@ -419,9 +419,9 @@ ndpi_get_mc_rep_times (uint16_t *times, float *time_mc, uint16_t num_packets) } /** - * \fn float classify (const unsigned short *pkt_len, const struct timeval *pkt_time, - const unsigned short *pkt_len_twin, const struct timeval *pkt_time_twin, - struct timeval start_time, struct timeval start_time_twin, uint32_t max_num_pkt_len, + * \fn float classify (const unsigned short *pkt_len, const pkt_timeval *pkt_time, + const unsigned short *pkt_len_twin, const pkt_timeval *pkt_time_twin, + pkt_timeval start_time, pkt_timeval start_time_twin, uint32_t max_num_pkt_len, uint16_t sp, uint16_t dp, uint32_t op, uint32_t ip, uint32_t np_o, uint32_t np_i, uint32_t ob, uint32_t ib, uint16_t use_bd, const uint32_t *bd, const uint32_t *bd_t) * \param pkt_len length of the packet @@ -445,9 +445,9 @@ ndpi_get_mc_rep_times (uint16_t *times, float *time_mc, uint16_t num_packets) * \return float score */ float -ndpi_classify (const unsigned short *pkt_len, const struct timeval *pkt_time, - const unsigned short *pkt_len_twin, const struct timeval *pkt_time_twin, - struct timeval start_time, struct timeval start_time_twin, uint32_t max_num_pkt_len, +ndpi_classify (const unsigned short *pkt_len, const pkt_timeval *pkt_time, + const unsigned short *pkt_len_twin, const pkt_timeval *pkt_time_twin, + pkt_timeval start_time, pkt_timeval start_time_twin, uint32_t max_num_pkt_len, uint16_t sp, uint16_t dp, uint32_t op, uint32_t ip, uint32_t np_o, uint32_t np_i, uint32_t ob, uint32_t ib, uint16_t use_bd, const uint32_t *bd, const uint32_t *bd_t) { @@ -604,8 +604,8 @@ ndpi_update_params (classifier_type_codes_t param_type, const char *param_file) * \return 1 if equal, 0 otherwise */ unsigned int -ndpi_timer_eq(const struct timeval *a, - const struct timeval *b) +ndpi_timer_eq(const pkt_timeval *a, + const pkt_timeval *b) { if(a->tv_sec == b->tv_sec && a->tv_usec == b->tv_usec) { return 1; @@ -615,8 +615,8 @@ ndpi_timer_eq(const struct timeval *a, } unsigned int -ndpi_timer_lt(const struct timeval *a, - const struct timeval *b) +ndpi_timer_lt(const pkt_timeval *a, + const pkt_timeval *b) { return (a->tv_sec == b->tv_sec) ? (a->tv_usec < b->tv_usec):(a->tv_sec < b->tv_sec); @@ -630,9 +630,9 @@ ndpi_timer_lt(const struct timeval *a, * \return none */ void -ndpi_timer_sub(const struct timeval *a, - const struct timeval *b, - struct timeval *result) +ndpi_timer_sub(const pkt_timeval *a, + const pkt_timeval *b, + pkt_timeval *result) { result->tv_sec = a->tv_sec - b->tv_sec; result->tv_usec = a->tv_usec - b->tv_usec; @@ -648,7 +648,7 @@ ndpi_timer_sub(const struct timeval *a, * \return none */ void -ndpi_timer_clear(struct timeval *a) +ndpi_timer_clear(pkt_timeval *a) { a->tv_sec = a->tv_usec = 0; } @@ -659,7 +659,7 @@ ndpi_timer_clear(struct timeval *a) * \return unsigned int - Milliseconds */ unsigned int -ndpi_timeval_to_milliseconds(struct timeval ts) +ndpi_timeval_to_milliseconds(pkt_timeval ts) { unsigned int result = ts.tv_usec / 1000 + ts.tv_sec * 1000; return result; @@ -671,7 +671,7 @@ ndpi_timeval_to_milliseconds(struct timeval ts) * \return unsigned int - Milliseconds */ unsigned int -ndpi_timeval_to_microseconds(struct timeval ts) +ndpi_timeval_to_microseconds(pkt_timeval ts) { unsigned int result = ts.tv_usec + ts.tv_sec * 1000 * 1000; return result; @@ -680,7 +680,7 @@ ndpi_timeval_to_microseconds(struct timeval ts) void ndpi_log_timestamp(char *log_ts, uint32_t log_ts_len) { - struct timeval tv; + pkt_timeval tv; time_t nowtime; struct tm nowtm_r; char tmbuf[NDPI_TIMESTAMP_LEN]; diff --git a/src/lib/ndpi_community_id.c b/src/lib/ndpi_community_id.c index 72f60c746..cc8436928 100644 --- a/src/lib/ndpi_community_id.c +++ b/src/lib/ndpi_community_id.c @@ -31,6 +31,7 @@ #include "ndpi_api.h" #include "ndpi_config.h" +#include "ndpi_includes.h" #include <time.h> #ifndef WIN32 diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 707347c76..ea2aeb206 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1493,6 +1493,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "AnyDesk", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOAP, 1 /* no subprotocol */, + no_master, no_master, "SOAP", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main.c" @@ -3311,6 +3315,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* WEBSOCKET */ init_websocket_dissector(ndpi_str, &a, detection_bitmask); + /* SOAP */ + init_soap_dissector(ndpi_str, &a, detection_bitmask); + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main_init.c" #endif diff --git a/src/lib/protocols/soap.c b/src/lib/protocols/soap.c new file mode 100644 index 000000000..dfbaf6c1e --- /dev/null +++ b/src/lib/protocols/soap.c @@ -0,0 +1,70 @@ +/* + * soap.c + * + * Copyright (C) 2020 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOAP + +#include "ndpi_api.h" + +static void ndpi_int_soap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOAP, NDPI_PROTOCOL_UNKNOWN); +} + +void ndpi_search_soap(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG_DBG(ndpi_struct, "search soap\n"); + + if (flow->packet_counter > 3) + { + if (flow->l4.tcp.soap_stage == 1) + { + ndpi_int_soap_add_connection(ndpi_struct, flow); + } + else { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } + } + + if (flow->l4.tcp.soap_stage == 0 && + packet->payload_packet_len >= 19) + { + if (strncmp((char*)packet->payload, "<?xml version=\"1.0\"", 19) == 0) + { + flow->l4.tcp.soap_stage = 1; + } + } +} + +void init_soap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, + NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection( + "SOAP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_SOAP, ndpi_search_soap, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); + *id += 1; +} + |