diff options
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 3 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 15 | ||||
| -rw-r--r-- | tests/result/6in4tunnel.pcap.out | 8 | ||||
| -rw-r--r-- | tests/result/http_ipv6.pcap.out | 2 |
4 files changed, 22 insertions, 6 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 5132167f7..df213bfdd 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -203,7 +203,7 @@ #define NDPI_PROTOCOL_TEREDO 214 #define NDPI_PROTOCOL_HEP 216 /* Sipcapture.org QXIP BV */ #define NDPI_PROTOCOL_UBNTAC2 217 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom <thomas+ndpi@fjellstrom.ca> */ -#define NDPI_PROTOCOL_MS_LYNC 220 +#define NDPI_PROTOCOL_MS_LYNC 221 @@ -268,6 +268,7 @@ #define NDPI_SERVICE_HOTSPOT_SHIELD 215 #define NDPI_SERVICE_OCS 218 #define NDPI_SERVICE_OFFICE_365 219 +#define NDPI_SERVICE_CLOUDFLARE 220 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_MS_LYNC diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 74b21b536..2cac78de3 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -34,6 +34,14 @@ typedef struct { static ndpi_network host_protocol_list[] = { + /* + Cloudflare + 104.16.0.0/12 + 173.245.48.0/20 + */ + { 0x68100000 /* 104.16.0.0/12 */, 12, NDPI_SERVICE_CLOUDFLARE }, + { 0xADF53000 /* 173.245.48.0/20 */, 20, NDPI_SERVICE_CLOUDFLARE }, + /* OFFICE 365 13.107.1.0/24 @@ -7477,6 +7485,13 @@ ndpi_protocol_match host_match[] = { { ".entrust.net", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE }, { ".public-trust.com", "OFFICE_365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_ACCEPTABLE }, + /* http://www.urlquery.net/report.php?id=1453233646161 */ + { "lifedom.top", "Cloudflare", NDPI_SERVICE_CLOUDFLARE, NDPI_PROTOCOL_ACCEPTABLE }, + { "coby.ns.cloudflare.com", "Cloudflare", NDPI_SERVICE_CLOUDFLARE, NDPI_PROTOCOL_ACCEPTABLE }, + { "amanda.ns.cloudflare.com", "Cloudflare", NDPI_SERVICE_CLOUDFLARE, NDPI_PROTOCOL_ACCEPTABLE }, + + + { NULL, 0 } }; diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 7786f4a3a..8e7d1cec7 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -4,13 +4,13 @@ SSL 28 15397 1 ICMPV6 48 7862 3 Facebook 37 14726 3 - 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2a03:2880:1010:6f03:face:b00c::2]:53234 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][SSL client: www.facebook.com] - 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/394 bytes][Host: star.c10r.facebook.com] + 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2a03:2880:1010:6f03:face:b00c:0:2]:53234 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][SSL client: www.facebook.com] + 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c:0:99]:53 [proto: 5.119/DNS.Facebook][2 pkts/394 bytes][Host: star.c10r.facebook.com] 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2604:a880:1:20::224:b001]:60205 [proto: 91/SSL][28 pkts/15397 bytes][SSL client: mail.tomasu.net] 4 ICMPV6 [2001:470:1f16:13f::2]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes] - 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes] + 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c:0:2]:0 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes] 6 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][2 pkts/258 bytes] 7 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][46 pkts/6348 bytes] 8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:56381 [proto: 51/IMAPS][2 pkts/258 bytes] - 9 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/406 bytes][Host: star.c10r.facebook.com] + 9 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c:0:99]:53 [proto: 5.119/DNS.Facebook][2 pkts/406 bytes][Host: star.c10r.facebook.com] 10 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:80 <-> [2604:a880:1:20::224:b001]:41538 [proto: 7/HTTP][10 pkts/1792 bytes][Host: mail.tomasu.net] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 77bc0d9db..f4bb8dc36 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -14,6 +14,6 @@ Quic 65 16479 2 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4006:803::2008]:58660 [proto: 91/SSL][2 pkts/172 bytes] 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1012]:59690 [proto: 91/SSL][2 pkts/172 bytes] 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][2 pkts/172 bytes] - 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c::25de]:443 [proto: 91/SSL][2 pkts/172 bytes] + 13 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40308 <-> [2a03:2880:1010:3f20:face:b00c:0:25de]:443 [proto: 91/SSL][2 pkts/172 bytes] 14 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1017]:45931 [proto: 188/Quic][62 pkts/15977 bytes] 15 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:55145 <-> [2a00:1450:400b:c02::5f]:443 [proto: 188/Quic][3 pkts/502 bytes] |