diff options
| -rw-r--r-- | src/lib/ndpi_main.c | 79 | ||||
| -rw-r--r-- | src/lib/protocols/steam.c | 76 | ||||
| -rw-r--r-- | tests/pcap/steam.pcap | bin | 0 -> 10708 bytes | |||
| -rw-r--r-- | tests/result/steam.pcap.out | 57 |
4 files changed, 140 insertions, 72 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index df40c5769..418ceaf2e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4460,6 +4460,44 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc /* ********************************************************************************* */ +static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet) { + packet->parsed_lines = 0, + packet->empty_line_position_set = 0, + packet->host_line.ptr = NULL, + packet->host_line.len = 0, + packet->referer_line.ptr = NULL, + packet->referer_line.len = 0, + packet->content_line.ptr = NULL, + packet->content_line.len = 0, + packet->accept_line.ptr = NULL, + packet->accept_line.len = 0, + packet->user_agent_line.ptr = NULL, + packet->user_agent_line.len = 0, + packet->http_url_name.ptr = NULL, + packet->http_url_name.len = 0, + packet->http_encoding.ptr = NULL, + packet->http_encoding.len = 0, + packet->http_transfer_encoding.ptr = NULL, + packet->http_transfer_encoding.len = 0, + packet->http_contentlen.ptr = NULL, + packet->http_contentlen.len = 0, + packet->http_cookie.ptr = NULL, + packet->http_cookie.len = 0, + packet->http_origin.len = 0, + packet->http_origin.ptr = NULL, + packet->http_x_session_type.ptr = NULL, + packet->http_x_session_type.len = 0, + packet->server_line.ptr = NULL, + packet->server_line.len = 0, + packet->http_method.ptr = NULL, + packet->http_method.len = 0, + packet->http_response.ptr = NULL, + packet->http_response.len = 0, + packet->http_num_headers = 0; +} + +/* ********************************************************************************* */ + ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const unsigned char *packet, @@ -4701,8 +4739,9 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct Invalidate packet memory to avoid accessing the pointers below when the packet is no longer accessible */ - flow->packet.iph = NULL, flow->packet.tcp = NULL, flow->packet.udp = NULL; - + flow->packet.iph = NULL, flow->packet.tcp = NULL, flow->packet.udp = NULL, flow->packet.payload = NULL; + ndpi_reset_packet_line_info(&flow->packet); + return(ret); } @@ -4864,40 +4903,8 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc return; packet->packet_lines_parsed_complete = 1; - packet->parsed_lines = 0; - packet->empty_line_position_set = 0; - packet->host_line.ptr = NULL; - packet->host_line.len = 0; - packet->referer_line.ptr = NULL; - packet->referer_line.len = 0; - packet->content_line.ptr = NULL; - packet->content_line.len = 0; - packet->accept_line.ptr = NULL; - packet->accept_line.len = 0; - packet->user_agent_line.ptr = NULL; - packet->user_agent_line.len = 0; - packet->http_url_name.ptr = NULL; - packet->http_url_name.len = 0; - packet->http_encoding.ptr = NULL; - packet->http_encoding.len = 0; - packet->http_transfer_encoding.ptr = NULL; - packet->http_transfer_encoding.len = 0; - packet->http_contentlen.ptr = NULL; - packet->http_contentlen.len = 0; - packet->http_cookie.ptr = NULL; - packet->http_cookie.len = 0; - packet->http_origin.len = 0; - packet->http_origin.ptr = NULL; - packet->http_x_session_type.ptr = NULL; - packet->http_x_session_type.len = 0; - packet->server_line.ptr = NULL; - packet->server_line.len = 0; - packet->http_method.ptr = NULL; - packet->http_method.len = 0; - packet->http_response.ptr = NULL; - packet->http_response.len = 0; - packet->http_num_headers=0; - + ndpi_reset_packet_line_info(packet); + if((packet->payload_packet_len < 3) || (packet->payload == NULL)) return; diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c index 0a737baf9..6e1034aee 100644 --- a/src/lib/protocols/steam.c +++ b/src/lib/protocols/steam.c @@ -1,6 +1,7 @@ /* * steam.c * + * Copyright (C) 2011-19 - ntop.org * Copyright (C) 2014 Tomasz Bujlow <tomasz@skatnet.dk> * * The signature is mostly based on the Libprotoident library @@ -242,52 +243,55 @@ static void ndpi_check_steam_udp3(struct ndpi_detection_module_struct *ndpi_stru void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - /* Break after 20 packets. */ - if (flow->packet_counter > 20) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - return; - } - - /* skip marked or retransmitted packets */ - if (packet->tcp_retransmission != 0) { - return; - } - - if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM) { - return; - } - - NDPI_LOG_DBG(ndpi_struct, "search STEAM\n"); - ndpi_check_steam_http(ndpi_struct, flow); + if(flow->packet.udp != NULL) { + if(flow->packet_counter > 5) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + ndpi_check_steam_udp1(ndpi_struct, flow); - if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM) { - return; - } - - ndpi_check_steam_tcp(ndpi_struct, flow); + if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM) + return; - if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM) { - return; - } + ndpi_check_steam_udp2(ndpi_struct, flow); - ndpi_check_steam_udp1(ndpi_struct, flow); + if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM) + return; - if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM) { - return; - } + ndpi_check_steam_udp3(ndpi_struct, flow); + } else { + /* Break after 10 packets. */ + if(flow->packet_counter > 10) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + + /* skip marked or retransmitted packets */ + if(packet->tcp_retransmission != 0) { + return; + } + + if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM) + return; + + NDPI_LOG_DBG(ndpi_struct, "search STEAM\n"); + ndpi_check_steam_http(ndpi_struct, flow); - ndpi_check_steam_udp2(ndpi_struct, flow); + if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM) + return; + + ndpi_check_steam_tcp(ndpi_struct, flow); - if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM) { - return; + if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM) + return; } - - ndpi_check_steam_udp3(ndpi_struct, flow); } -void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ +void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("Steam", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_STEAM, ndpi_search_steam, diff --git a/tests/pcap/steam.pcap b/tests/pcap/steam.pcap Binary files differnew file mode 100644 index 000000000..32c383ef9 --- /dev/null +++ b/tests/pcap/steam.pcap diff --git a/tests/result/steam.pcap.out b/tests/result/steam.pcap.out new file mode 100644 index 000000000..40b907306 --- /dev/null +++ b/tests/result/steam.pcap.out @@ -0,0 +1,57 @@ +Steam 104 9020 55 + + 1 UDP 192.168.188.149:45665 <-> 72.165.61.188:27018 [proto: 74/Steam][cat: Game/8][5 pkts/846 bytes <-> 6 pkts/608 bytes][bytes ratio: 0.164 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 50/0 173.2/123.6 298/289 102.3/115.6][Pkt Len c2s/s2c min/avg/max/stddev: 78/78 169.2/101.3 366/158 116.8/27.6][PLAIN TEXT (H@VS01)] + 2 UDP 192.168.188.149:45665 <-> 68.142.91.34:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 3 UDP 192.168.188.149:45665 <-> 68.142.91.35:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 4 UDP 192.168.188.149:45665 <-> 68.142.91.36:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 5 UDP 192.168.188.149:45665 <-> 68.142.116.178:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 6 UDP 192.168.188.149:45665 <-> 68.142.116.179:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 7 UDP 192.168.188.149:45665 <-> 69.28.145.170:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 8 UDP 192.168.188.149:45665 <-> 69.28.145.170:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 9 UDP 192.168.188.149:45665 <-> 69.28.145.171:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 10 UDP 192.168.188.149:45665 <-> 69.28.145.171:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 11 UDP 192.168.188.149:45665 <-> 69.28.145.172:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 12 UDP 192.168.188.149:45665 <-> 69.28.145.172:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 13 UDP 192.168.188.149:45665 <-> 72.165.61.174:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 14 UDP 192.168.188.149:45665 <-> 72.165.61.174:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 15 UDP 192.168.188.149:45665 <-> 72.165.61.175:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 16 UDP 192.168.188.149:45665 <-> 72.165.61.175:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 17 UDP 192.168.188.149:45665 <-> 72.165.61.176:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][PLAIN TEXT (FIVS01)] + 18 UDP 192.168.188.149:45665 <-> 72.165.61.176:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 19 UDP 192.168.188.149:45665 <-> 72.165.61.185:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 20 UDP 192.168.188.149:45665 <-> 72.165.61.185:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 21 UDP 192.168.188.149:45665 <-> 72.165.61.187:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 22 UDP 192.168.188.149:45665 <-> 72.165.61.187:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 23 UDP 192.168.188.149:45665 <-> 72.165.61.188:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 24 UDP 192.168.188.149:45665 <-> 146.66.152.12:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 25 UDP 192.168.188.149:45665 <-> 146.66.152.12:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 26 UDP 192.168.188.149:45665 <-> 146.66.152.12:27019 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 27 UDP 192.168.188.149:45665 <-> 146.66.152.13:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][PLAIN TEXT (FGVS01)] + 28 UDP 192.168.188.149:45665 <-> 146.66.152.13:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 29 UDP 192.168.188.149:45665 <-> 146.66.152.13:27019 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 30 UDP 192.168.188.149:45665 <-> 146.66.152.14:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 31 UDP 192.168.188.149:45665 <-> 146.66.152.14:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 32 UDP 192.168.188.149:45665 <-> 146.66.152.14:27019 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 33 UDP 192.168.188.149:45665 <-> 146.66.152.15:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 34 UDP 192.168.188.149:45665 <-> 146.66.152.15:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 35 UDP 192.168.188.149:45665 <-> 146.66.152.15:27019 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 36 UDP 192.168.188.149:45665 <-> 208.111.133.84:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 37 UDP 192.168.188.149:45665 <-> 208.111.133.84:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 38 UDP 192.168.188.149:45665 <-> 208.111.133.85:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 39 UDP 192.168.188.149:45665 <-> 208.111.133.85:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes] + 40 UDP 192.168.188.149:45665 <-> 208.111.171.82:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes <-> 1 pkts/86 bytes][PLAIN TEXT (b VS01)] + 41 UDP 192.168.188.149:45665 -> 81.171.115.5:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 42 UDP 192.168.188.149:45665 -> 81.171.115.5:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 43 UDP 192.168.188.149:45665 -> 81.171.115.5:27019 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 44 UDP 192.168.188.149:45665 -> 81.171.115.6:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 45 UDP 192.168.188.149:45665 -> 81.171.115.6:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 46 UDP 192.168.188.149:45665 -> 81.171.115.6:27019 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 47 UDP 192.168.188.149:45665 -> 81.171.115.7:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 48 UDP 192.168.188.149:45665 -> 81.171.115.7:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 49 UDP 192.168.188.149:45665 -> 81.171.115.7:27019 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 50 UDP 192.168.188.149:45665 -> 81.171.115.8:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 51 UDP 192.168.188.149:45665 -> 81.171.115.8:27018 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 52 UDP 192.168.188.149:45665 -> 81.171.115.8:27019 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 53 UDP 192.168.188.149:45665 -> 203.77.185.4:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 54 UDP 192.168.188.149:45665 -> 203.77.185.5:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] + 55 UDP 192.168.188.149:45665 -> 208.111.171.83:27017 [proto: 74/Steam][cat: Game/8][1 pkts/78 bytes -> 0 pkts/0 bytes] |