diff options
| -rw-r--r-- | example/MacOS/README.md | 6 | ||||
| -rw-r--r-- | example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj | 13 | ||||
| -rw-r--r-- | example/ndpi_util.c | 2 | ||||
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 4 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 28 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 12 | ||||
| -rw-r--r-- | src/lib/third_party/include/libcache.h | 6 | ||||
| -rw-r--r-- | src/lib/third_party/src/libcache.c | 73 | ||||
| -rw-r--r-- | tests/result/http_ipv6.pcap.out | 8 | ||||
| -rw-r--r-- | tests/result/mpeg.pcap.out | 2 | ||||
| -rw-r--r-- | tests/result/wechat.pcap.out | 12 |
11 files changed, 93 insertions, 73 deletions
diff --git a/example/MacOS/README.md b/example/MacOS/README.md index b46833395..e7a9f91fc 100644 --- a/example/MacOS/README.md +++ b/example/MacOS/README.md @@ -8,11 +8,11 @@ You need to first compile the nDPI library as usual: Then open the Xcode project and you are ready to go. The default behavior is to analyze an embeded pcap file `capture.pcap`. You can change the behavior by changing command line input in `ViewController.m` file. -# What the XCode project did? +# What does the XCode project do? It's a dummy Mac App project with a **Run** button. It doesn't modify any nDPI code except that it renamed the `main` function to `orginal_main` in `ndpiReader.c` (because the Mac App has it's own main function) and call the `orginal_main` with synthetic command line input from `ViewController.m` file when the **Run** button is clicked. -It also fixes some problems when compiling with Xcode. Somes are listed below: +It also fixes some problems when compiling with Xcode. Some are listed below: - Add missed `NDPI_LOG_DEBUG2` macro definition implementation (defined as `NDPI_LOG_DEBUG2_XCODE_PROJ` in `ViewController.m`) -- Add a empty ndpi_utils.h file to make `protocols/attic/ftp.c` and `protocols/attic/secondlife.c` can compile +- Add an empty ndpi_utils.h file to make `protocols/attic/ftp.c` and `protocols/attic/secondlife.c` can compile - Specially treat `ndpi_patricia.c` by not adding it into compilation source, since it's directly included in `ndpi_main.c` diff --git a/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj b/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj index f79eaa8aa..d73d10c05 100644 --- a/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj +++ b/example/MacOS/ndpiExample/ndpiExample.xcodeproj/project.pbxproj @@ -20,7 +20,6 @@ E395431A20255354000BBA0D /* Makefile.simple in Resources */ = {isa = PBXBuildFile; fileRef = E39540BF20255353000BBA0D /* Makefile.simple */; }; E395431B20255354000BBA0D /* ndpi_content_match.c.inc in Sources */ = {isa = PBXBuildFile; fileRef = E39540C020255353000BBA0D /* ndpi_content_match.c.inc */; }; E395431C20255354000BBA0D /* ndpi_main.c in Sources */ = {isa = PBXBuildFile; fileRef = E39540C120255353000BBA0D /* ndpi_main.c */; }; - E395431E20255354000BBA0D /* .dirstamp in Resources */ = {isa = PBXBuildFile; fileRef = E39540C520255353000BBA0D /* .dirstamp */; }; E39543A320255354000BBA0D /* afp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395414B20255353000BBA0D /* afp.c */; }; E39543A420255354000BBA0D /* aimini.c in Sources */ = {isa = PBXBuildFile; fileRef = E395414C20255353000BBA0D /* aimini.c */; }; E39543A520255354000BBA0D /* amqp.c in Sources */ = {isa = PBXBuildFile; fileRef = E395414D20255353000BBA0D /* amqp.c */; }; @@ -176,7 +175,6 @@ E395454320255355000BBA0D /* yahoo.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542ED20255354000BBA0D /* yahoo.c */; }; E395454420255355000BBA0D /* zattoo.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542EE20255354000BBA0D /* zattoo.c */; }; E395454520255355000BBA0D /* zeromq.c in Sources */ = {isa = PBXBuildFile; fileRef = E39542EF20255354000BBA0D /* zeromq.c */; }; - E395454720255355000BBA0D /* .dirstamp in Resources */ = {isa = PBXBuildFile; fileRef = E39542FB20255354000BBA0D /* .dirstamp */; }; E395454C20255355000BBA0D /* libcache.c in Sources */ = {isa = PBXBuildFile; fileRef = E395430120255354000BBA0D /* libcache.c */; }; E395455420255355000BBA0D /* node.c in Sources */ = {isa = PBXBuildFile; fileRef = E395430920255354000BBA0D /* node.c */; }; E395455520255355000BBA0D /* sort.c in Sources */ = {isa = PBXBuildFile; fileRef = E395430A20255354000BBA0D /* sort.c */; }; @@ -215,7 +213,6 @@ E39540BF20255353000BBA0D /* Makefile.simple */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = Makefile.simple; sourceTree = "<group>"; }; E39540C020255353000BBA0D /* ndpi_content_match.c.inc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.pascal; path = ndpi_content_match.c.inc; sourceTree = "<group>"; }; E39540C120255353000BBA0D /* ndpi_main.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ndpi_main.c; sourceTree = "<group>"; }; - E39540C520255353000BBA0D /* .dirstamp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = .dirstamp; sourceTree = "<group>"; }; E395414B20255353000BBA0D /* afp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = afp.c; sourceTree = "<group>"; }; E395414C20255353000BBA0D /* aimini.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = aimini.c; sourceTree = "<group>"; }; E395414D20255353000BBA0D /* amqp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = amqp.c; sourceTree = "<group>"; }; @@ -378,7 +375,6 @@ E39542F520255354000BBA0D /* ndpi_patricia.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ndpi_patricia.h; sourceTree = "<group>"; }; E39542F620255354000BBA0D /* node.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = node.h; sourceTree = "<group>"; }; E39542F720255354000BBA0D /* sort.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sort.h; sourceTree = "<group>"; }; - E39542FB20255354000BBA0D /* .dirstamp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = .dirstamp; sourceTree = "<group>"; }; E395430020255354000BBA0D /* ahocorasick.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ahocorasick.c; sourceTree = "<group>"; }; E395430120255354000BBA0D /* libcache.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = libcache.c; sourceTree = "<group>"; }; E395430820255354000BBA0D /* ndpi_patricia.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ndpi_patricia.c; sourceTree = "<group>"; }; @@ -496,7 +492,6 @@ E39540C220255353000BBA0D /* protocols */ = { isa = PBXGroup; children = ( - E39540C520255353000BBA0D /* .dirstamp */, E395414B20255353000BBA0D /* afp.c */, E395414C20255353000BBA0D /* aimini.c */, E395414D20255353000BBA0D /* amqp.c */, @@ -690,7 +685,6 @@ E39542F820255354000BBA0D /* src */ = { isa = PBXGroup; children = ( - E39542FB20255354000BBA0D /* .dirstamp */, E395430020255354000BBA0D /* ahocorasick.c */, E395430120255354000BBA0D /* libcache.c */, E395430820255354000BBA0D /* ndpi_patricia.c */, @@ -772,9 +766,7 @@ buildActionMask = 2147483647; files = ( E395430C20255354000BBA0D /* ndpi_define.h.in in Resources */, - E395431E20255354000BBA0D /* .dirstamp in Resources */, E395431A20255354000BBA0D /* Makefile.simple in Resources */, - E395454720255355000BBA0D /* .dirstamp in Resources */, E395430B20255354000BBA0D /* Makefile.am in Resources */, E395431920255354000BBA0D /* Makefile.in in Resources */, E3953F5920254989000BBA0D /* Assets.xcassets in Resources */, @@ -1106,7 +1098,10 @@ CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; DEVELOPMENT_TEAM = 5NEA8474R4; - GCC_PREPROCESSOR_DEFINITIONS = BUILD_NDPI_IN_XCODE; + GCC_PREPROCESSOR_DEFINITIONS = ( + "APP_HAS_OWN_MAIN=1", + "NDPI_LOG_DEBUG2=NDPI_LOG_DEBUG2_XCODE_PROJ", + ); INFOPLIST_FILE = ndpiExample/Info.plist; LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/../Frameworks"; PRODUCT_BUNDLE_IDENTIFIER = com.zyingp.ndpiExample; diff --git a/example/ndpi_util.c b/example/ndpi_util.c index af83c6d14..104aa4db5 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -855,9 +855,9 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, type = ETH_P_IP, ip_offset += 4; while(!mpls.mpls.s) { - ip_offset += 4; mpls.u32 = *((uint32_t *) &packet[ip_offset]); mpls.u32 = ntohl(mpls.u32); + ip_offset += 4; } break; case PPPoE: diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index acc510d49..c8871509b 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -277,9 +277,11 @@ #define NDPI_PROTOCOL_DIAMETER 237 #define NDPI_PROTOCOL_APPLE_PUSH 238 #define NDPI_PROTOCOL_GOOGLE_SERVICES 239 +#define NDPI_PROTOCOL_AMAZON_VIDEO 240 +#define NDPI_PROTOCOL_GOOGLE_DOCS 241 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_GOOGLE_SERVICES +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_GOOGLE_DOCS #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 6ff6220f6..fee3967d8 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -802,6 +802,7 @@ static ndpi_network host_protocol_list[] = { { 0x5B6C1400 /* 91.108.20.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, + { 0xA93F4940 /* 169.63.73.64/26 */, 26, NDPI_PROTOCOL_TELEGRAM }, /* BitTorrent @@ -7973,10 +7974,13 @@ static ndpi_network host_protocol_list[] = { */ ndpi_protocol_match host_match[] = { + { "s3.ll.dash.row.aiv-cdn.net", NULL, "s3\\.ll\\.dash\\.row\\.aiv-cdn\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "d25xi40x97liuc.cloudfront.net", NULL, "d25xi40x97liuc\\.cloudfront\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".aiv-delivery.net", NULL, "\\.aiv-delivery\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "amazon.", NULL, NULL, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "amazon.com", NULL, "amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "images-amazon.com", NULL, "images-amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazonaws.com", NULL, "amazonaws\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_UNSAFE }, + { "amazonaws.com", NULL, "amazonaws\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "amazon-adsystem.com", NULL, "amazon-adsystem\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cloudfront.net", NULL, "\\.cloudfront\\.net$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8021,10 +8025,10 @@ ndpi_protocol_match host_match[] = { { ".speedtest.net", NULL, NULL, "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, - { "drive-thirdparty.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "docs.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".docs.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "drive.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + + { "drive-thirdparty.googleusercontent.com", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive.google.com", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "android.clients.google.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "ggpht.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, @@ -8064,15 +8068,14 @@ ndpi_protocol_match host_match[] = { { "plus.google.com", NULL, NULL, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "plus.url.google.com", NULL, NULL, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gstatic.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* http://check.googlezip.net/connect [check browser connectivity] */ { ".googlezip.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "googleusercontent.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - + { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "docs.google.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + + { "googleusercontent.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "maps.google.", NULL, NULL, "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8081,6 +8084,10 @@ ndpi_protocol_match host_match[] = { { ".gmail.", NULL, NULL, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, { "mail.google.", NULL, NULL, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { "google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".gstatic.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "mail.outlook.com", NULL, NULL, "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, { ".last.fm", NULL, NULL, "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, @@ -8132,7 +8139,6 @@ ndpi_protocol_match host_match[] = { { ".ytimg.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtube-nocookie.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "ggpht.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "googleusercontent.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".vevo.com", NULL, NULL, "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8d65a50cf..9840d8715 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -954,7 +954,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP, no_master, no_master, "BGP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 2605, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_a, 179, 2605, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, no_master, @@ -4718,9 +4718,13 @@ char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto, char *buf, u_int buf_len) { if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) && (proto.master_protocol != proto.app_protocol)) { - snprintf(buf, buf_len, "%s.%s", - ndpi_get_proto_name(ndpi_mod, proto.master_protocol), - ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); + if(proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) + snprintf(buf, buf_len, "%s.%s", + ndpi_get_proto_name(ndpi_mod, proto.master_protocol), + ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); + else + snprintf(buf, buf_len, "%s", + ndpi_get_proto_name(ndpi_mod, proto.master_protocol)); } else snprintf(buf, buf_len, "%s", ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); diff --git a/src/lib/third_party/include/libcache.h b/src/lib/third_party/include/libcache.h index 53632616e..7f84b89ad 100644 --- a/src/lib/third_party/include/libcache.h +++ b/src/lib/third_party/include/libcache.h @@ -29,6 +29,10 @@ SOFTWARE. #include <stdint.h> +typedef struct cache_entry *cache_entry; + +typedef struct cache_entry_map *cache_entry_map; + /** * @brief Codes representing the result of some functions * @@ -99,5 +103,7 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size); */ void cache_free(cache_t cache); +cache_entry cache_entry_new(void); +cache_entry_map cache_entry_map_new(void); #endif diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c index af53c9813..4479ff54d 100644 --- a/src/lib/third_party/src/libcache.c +++ b/src/lib/third_party/src/libcache.c @@ -30,6 +30,7 @@ SOFTWARE. #include <string.h> #include "libcache.h" +#include "ndpi_api.h" // https://en.wikipedia.org/wiki/Jenkins_hash_function @@ -49,10 +50,6 @@ uint32_t jenkins_one_at_a_time_hash(const uint8_t* key, size_t length) { } -typedef struct cache_entry *cache_entry; - -typedef struct cache_entry_map *cache_entry_map; - struct cache { uint32_t size; uint32_t max_size; @@ -91,19 +88,20 @@ void cache_touch_entry(cache_t cache, cache_entry entry) { } -cache_entry cache_entry_new() { - return (cache_entry) calloc(sizeof(struct cache_entry), 1); +cache_entry cache_entry_new(void) { + return (cache_entry) ndpi_calloc(sizeof(struct cache_entry), 1); } -cache_entry_map cache_entry_map_new() { - return (cache_entry_map) calloc(sizeof(struct cache_entry_map), 1); +cache_entry_map cache_entry_map_new(void) { + return (cache_entry_map) ndpi_calloc(sizeof(struct cache_entry_map), 1); } cache_t cache_new(uint32_t cache_max_size) { + cache_t cache; if(!cache_max_size) { return NULL; } - cache_t cache = (cache_t) calloc(sizeof(struct cache), 1); + cache = (cache_t) ndpi_calloc(sizeof(struct cache), 1); if(!cache) { return NULL; } @@ -111,10 +109,10 @@ cache_t cache_new(uint32_t cache_max_size) { cache->size = 0; cache->max_size = cache_max_size; - cache->map = (cache_entry_map *) calloc(sizeof(cache_entry_map ), cache->max_size); + cache->map = (cache_entry_map *) ndpi_calloc(sizeof(cache_entry_map ), cache->max_size); if(!cache->map) { - free(cache); + ndpi_free(cache); return NULL; } @@ -122,11 +120,15 @@ cache_t cache_new(uint32_t cache_max_size) { } cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { + uint32_t hash; + cache_entry entry; + cache_entry_map map_entry; + if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; + hash = HASH_FUNCTION(item, item_size) % cache->max_size; if((cache->map)[hash]) { cache_entry_map hash_entry_map = cache->map[hash]; @@ -146,20 +148,19 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { } } - - cache_entry entry = cache_entry_new(); + entry = cache_entry_new(); if(!entry) { return CACHE_MALLOC_ERROR; } - cache_entry_map map_entry = cache_entry_map_new(); + map_entry = cache_entry_map_new(); if(!map_entry) { - free(entry); + ndpi_free(entry); return CACHE_MALLOC_ERROR; } - entry->item = malloc(item_size); + entry->item = ndpi_malloc(item_size); memcpy(entry->item, item, item_size); entry->item_size = item_size; @@ -203,9 +204,9 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { tail->prev->next = NULL; cache->tail = tail->prev; - free(tail->item); - free(tail); - free(hash_entry_map); + ndpi_free(tail->item); + ndpi_free(tail); + ndpi_free(hash_entry_map); } } @@ -213,11 +214,13 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { } cache_result cache_contains(cache_t cache, void *item, uint32_t item_size) { + uint32_t hash; + if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; + hash = HASH_FUNCTION(item, item_size) % cache->max_size; if(cache->map[hash]) { cache_entry_map hash_entry_map = cache->map[hash]; @@ -237,11 +240,13 @@ cache_result cache_contains(cache_t cache, void *item, uint32_t item_size) { } cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { + uint32_t hash; + if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; + hash = HASH_FUNCTION(item, item_size) % cache->max_size; if(cache->map[hash]) { cache_entry_map hash_entry_map_prev = NULL; @@ -256,14 +261,16 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { hash_entry_map = hash_entry_map->next; } - if(hash_entry_map) { + if(hash_entry_map) { + cache_entry entry; + if(hash_entry_map_prev) { hash_entry_map_prev->next = hash_entry_map->next; } else { cache->map[hash] = hash_entry_map->next; } - cache_entry entry = hash_entry_map->entry; + entry = hash_entry_map->entry; if(entry->prev) { entry->prev->next = entry->next; @@ -276,9 +283,9 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { cache->tail = entry->prev; } - free(entry->item); - free(entry); - free(hash_entry_map); + ndpi_free(entry->item); + ndpi_free(entry); + ndpi_free(hash_entry_map); (cache->size)--; return CACHE_NO_ERROR; @@ -289,25 +296,25 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { } void cache_free(cache_t cache) { + int i; if(!cache) { return; } - int i; for(i = 0; i < cache->max_size; i++) { cache_entry_map prev = NULL; cache_entry_map curr = cache->map[i]; while(curr) { prev = curr; curr = curr->next; - free(prev->entry->item); - free(prev->entry); - free(prev); + ndpi_free(prev->entry->item); + ndpi_free(prev->entry); + ndpi_free(prev); } } - free(cache->map); - free(cache); + ndpi_free(cache->map); + ndpi_free(cache); return; } diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 37f5ce787..c80f76023 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.243/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.243/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.243/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.243/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 1f5020ab6..c69256aec 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.241/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.243/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 8735cc83b..02d754bc5 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -9,10 +9,10 @@ QQ 26 9402 2 IGMP 24 1280 4 SSL 21 1209 3 ICMPV6 3 218 2 -YouTube 36 9047 2 -Google 92 20878 15 +Google 113 24811 15 LLMNR 12 944 6 WeChat 1251 606425 49 +GoogleDocs 15 5114 2 1 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][88 pkts/15114 bytes <-> 91 pkts/61842 bytes] 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com][server: web.wechat.com] @@ -35,9 +35,9 @@ WeChat 1251 606425 49 19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][client: web.wechat.com][server: web.wechat.com] 20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][client: web.wechat.com][server: web.wechat.com] 21 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/SSL.QQ][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com][server: wx.qq.com] - 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.124/SSL.YouTube][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com][server: *.googleusercontent.com] + 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com][server: *.googleusercontent.com] 23 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com] - 24 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] + 24 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.241/QUIC.GoogleDocs][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com][server: web.wechat.com] @@ -78,12 +78,12 @@ WeChat 1251 606425 49 62 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com] 63 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 3 pkts/198 bytes] 64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes] - 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.124/DNS.YouTube][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] + 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] 66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][3 pkts/206 bytes <-> 2 pkts/148 bytes] 67 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica] 68 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] 69 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] - 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] + 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.241/DNS.GoogleDocs][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] 71 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes -> 0 pkts/0 bytes] 72 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] 73 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][4 pkts/200 bytes -> 0 pkts/0 bytes] |