diff options
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 15 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 16 | ||||
| -rwxr-xr-x | utils/toripaddr2list.py | 10 |
4 files changed, 34 insertions, 8 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 7a4ceb22f..758609030 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -282,6 +282,7 @@ typedef enum { NDPI_PROTOCOL_104 = 245, NDPI_PROTOCOL_BLOOMBERG = 246, NDPI_PROTOCOL_CAPWAP = 247, + NDPI_PROTOCOL_ZABBIX = 248, /* IMPORTANT diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index d095e14ff..b5b3a9952 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -359,6 +359,7 @@ static ndpi_network host_protocol_list[] = { { 0x1F0D4934 /* 31.13.73.52/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, { 0x1F0D4A34 /* 31.13.74.52/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, { 0x1F0D4F35 /* 31.13.79.53/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, + /* Files */ { 0xB93CD835 /* 185.60.216.53/32 */, 32, NDPI_PROTOCOL_WHATSAPP_FILES }, { 0xB93CD836 /* 185.60.216.54/32 */, 32, NDPI_PROTOCOL_WHATSAPP_FILES }, @@ -8308,6 +8309,20 @@ static ndpi_network host_protocol_list[] = { { 0xA7CEDA82 /* 167.206.218.130/32*/, 32, NDPI_PROTOCOL_PS_VUE }, { 0xA7CEDA8A /* 167.206.218.138/32*/, 32, NDPI_PROTOCOL_PS_VUE }, + /* Bloomberg */ + { 0xD086A100 /* 208.134.161.0/24 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0xCDB7F600 /* 205.183.246.0/24 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0xC769B000 /* 199.105.176.0/21 */, 21, NDPI_PROTOCOL_BLOOMBERG }, + { 0xC769B800 /* 199.105.184.0/23 */, 23, NDPI_PROTOCOL_BLOOMBERG }, + { 0x45B80000 /* 69.184.0.0/13 */, 13, NDPI_PROTOCOL_BLOOMBERG }, + { 0xA02B0000 /* 160.43.0.0/16 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0xCE9C3500 /* 206.156.53.0/24 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0xCDD87000 /* 205.216.112.0/24 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0xD0163800 /* 208.22.56.0/24 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0xD0163900 /* 208.22.57.0/24 */, 24, NDPI_PROTOCOL_BLOOMBERG }, + { 0x45BFC000 /* 69.191.192.0/18 */, 18, NDPI_PROTOCOL_BLOOMBERG }, + + /* End */ { 0x0, 0, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 25d81c142..b65a1f36f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1234,7 +1234,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp 0 /* can_have_a_subprotocol */, no_master, no_master, "RDP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 3389, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_build_default_ports(ports_b, 3389, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VNC, 0 /* can_have_a_subprotocol */, no_master, no_master, "VNC", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, @@ -1758,19 +1758,23 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "104", NDPI_PROTOCOL_CATEGORY_NETWORK, /* Perhaps IoT in the future */ ndpi_build_default_ports(ports_a, 2404, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - - ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BLOOMBERG, 1 /* no subprotocol */, no_master, no_master, "Bloomberg", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CAPWAP, 1 /* no subprotocol */, no_master, no_master, "CAPWAP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - // ndpi_build_default_ports(ports_b, 5246, 5247, 0, 0, 0) /* UDP */ + ndpi_build_default_ports(ports_b, 5246, 5247, 0, 0, 0) /* UDP */ + ); + + /* TODO: Needs a pcap file for Zabbix */ + ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZABBIX, + 1 /* no subprotocol */, no_master, + no_master, "Zabbix", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 10050, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */ ); diff --git a/utils/toripaddr2list.py b/utils/toripaddr2list.py index 13cc8e1e6..47c5412e5 100755 --- a/utils/toripaddr2list.py +++ b/utils/toripaddr2list.py @@ -9,6 +9,12 @@ if len (sys.argv) != 2 : with open(sys.argv[1]) as fp: for cnt, line in enumerate(fp): - ipaddr = line.rstrip() - print(" { 0x"+socket.inet_aton(ipaddr).hex()+", /* "+ipaddr+" */, 32, NDPI_PROTOCOL_TOR },") + x = line.rstrip().split("/") + ipaddr = x[0] + cidr = x[1] + + if(cidr == None): + cidr = "32" + + print(" { 0x"+socket.inet_aton(ipaddr).hex().upper()+" /* "+ipaddr+"/"+cidr+" */, "+cidr+", NDPI_PROTOCOL_XYX },") |