diff options
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 4 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/hangout.c | 6 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 6 | ||||
| -rw-r--r-- | tests/result/whatsapp_login_call.pcap.out | 28 | ||||
| -rw-r--r-- | tests/result/whatsapp_voice_and_message.pcap.out | 16 |
7 files changed, 35 insertions, 35 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index afd052d7b..b2fdbed77 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -235,12 +235,12 @@ typedef enum { NDPI_PROTOCOL_MPEGTS = 198, NDPI_PROTOCOL_SNAPCHAT = 199, NDPI_PROTOCOL_SINA = 200, - NDPI_PROTOCOL_HANGOUT = 201, + NDPI_PROTOCOL_HANGOUT_DUO = 201, /* Google Hangout ad Duo (merged as they are very similar) */ NDPI_PROTOCOL_IFLIX = 202, /* www.vizuamatix.com R&D team & M.Mallawaarachchie <manoj_ws@yahoo.com> */ NDPI_PROTOCOL_GITHUB = 203, NDPI_PROTOCOL_BJNP = 204, NDPI_PROTOCOL_LINE = 205, /* https://en.wikipedia.org/wiki/Line_(software) */ - NDPI_PROTOCOL_GOOGLE_DUO = 206, + NDPI_PROTOCOL_FREE206 = 206, /* Free */ NDPI_PROTOCOL_SMPP = 207, /* Damir Franusic <df@release14.org> */ NDPI_PROTOCOL_DNSCRYPT = 208, NDPI_PROTOCOL_TINC = 209, /* William Guglielmo <william@deselmo.com> */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index fee06109d..0d8e1769a 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8415,7 +8415,7 @@ ndpi_protocol_match host_match[] = { { "gtv1.com", NULL, "gtv1" TLD, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Google Hangout */ - { "images2-hangout-opensocial.googleusercontent.com", NULL, "images2-hangout-opensocial\\.googleusercontent" TLD, "GoogleHangout", NDPI_PROTOCOL_HANGOUT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "images2-hangout-opensocial.googleusercontent.com", NULL, "images2-hangout-opensocial\\.googleusercontent" TLD, "GoogleHangout", NDPI_PROTOCOL_HANGOUT_DUO, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, /* Google Services */ { "googleapis.com", NULL, "googleapis" TLD, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5a281ae41..d1aa34b6c 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1006,9 +1006,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Line", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GOOGLE_DUO, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FREE206, 0 /* can_have_a_subprotocol */, no_master, - no_master, "GoogleDuo", NDPI_PROTOCOL_CATEGORY_VOIP, + no_master, "Free206", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPSTREAM, @@ -1659,7 +1659,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "DRDA", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT_DUO, 0 /* can_have_a_subprotocol */, no_master, no_master, "GoogleHangout", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -4096,7 +4096,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st we need to distinguish between it and hangout thing that should be handled by the STUN dissector */ - ret.app_protocol = NDPI_PROTOCOL_HANGOUT; + ret.app_protocol = NDPI_PROTOCOL_HANGOUT_DUO; } } diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index a9b63a021..99bf879cb 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -20,7 +20,7 @@ #include "ndpi_protocol_ids.h" -#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HANGOUT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HANGOUT_DUO #include "ndpi_api.h" @@ -89,7 +89,7 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, || ((packet->tcp != NULL) && (isHangoutTCPPort(ntohs(packet->tcp->source)) || isHangoutTCPPort(ntohs(packet->tcp->dest))))) { NDPI_LOG_INFO(ndpi_struct, "found Hangout\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HANGOUT, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HANGOUT_DUO, NDPI_PROTOCOL_UNKNOWN); return; } } @@ -102,7 +102,7 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("GoogleHangout", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_HANGOUT, + NDPI_PROTOCOL_HANGOUT_DUO, ndpi_search_hangout, NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, SAVE_DETECTION_BITMASK_AS_UNKNOWN, diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index ecd7b56ee..b53bed73d 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -88,7 +88,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if(msg_type == 0x01 /* Binding Request */) { flow->protos.stun_ssl.stun.num_binding_requests++; if((msg_len == 0) && (flow->guessed_host_protocol_id == NDPI_PROTOCOL_GOOGLE)) { - flow->guessed_host_protocol_id = NDPI_PROTOCOL_GOOGLE_DUO; + flow->guessed_host_protocol_id = NDPI_PROTOCOL_HANGOUT_DUO; } } @@ -261,7 +261,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_STUN); return; } else if(is_duo) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GOOGLE_DUO, NDPI_PROTOCOL_STUN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HANGOUT_DUO, NDPI_PROTOCOL_STUN); return; } else if(flow->protos.stun_ssl.stun.is_skype) { NDPI_LOG_INFO(ndpi_struct, "found Skype\n"); @@ -289,7 +289,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_STUN); return; } else if(is_duo) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GOOGLE_DUO, NDPI_PROTOCOL_STUN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HANGOUT_DUO, NDPI_PROTOCOL_STUN); return; } else if(flow->protos.stun_ssl.stun.is_skype) { NDPI_LOG_INFO(ndpi_struct, "Found Skype\n"); diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index f3e64a9b2..547471f5c 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -32,20 +32,20 @@ JA3 Host Stats: 13 UDP 192.168.2.4:51518 -> 1.194.90.191:60312 [proto: 78/STUN][cat: Network/14][15 pkts/1290 bytes -> 0 pkts/0 bytes] 14 UDP 192.168.2.4:52794 -> 1.194.90.191:51727 [proto: 78/STUN][cat: Network/14][12 pkts/1032 bytes -> 0 pkts/0 bytes] 15 ICMP 192.168.2.4:0 -> 91.253.176.65:0 [proto: 81/ICMP][cat: Network/14][10 pkts/700 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 17 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 18 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 19 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 20 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 21 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 22 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 23 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 24 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 25 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 26 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 27 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 28 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 29 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 16 UDP 192.168.2.4:51518 <-> 31.13.64.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 17 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 18 UDP 192.168.2.4:51518 <-> 31.13.73.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 19 UDP 192.168.2.4:51518 <-> 31.13.79.192:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 20 UDP 192.168.2.4:51518 <-> 31.13.85.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 21 UDP 192.168.2.4:51518 <-> 31.13.91.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 22 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 23 UDP 192.168.2.4:52794 <-> 31.13.73.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 24 UDP 192.168.2.4:52794 <-> 31.13.74.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 25 UDP 192.168.2.4:52794 <-> 31.13.79.192:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 26 UDP 192.168.2.4:52794 <-> 31.13.90.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 27 UDP 192.168.2.4:52794 <-> 31.13.93.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 28 UDP 192.168.2.4:52794 <-> 173.252.114.1:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 29 UDP 192.168.2.4:52794 <-> 179.60.192.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] 30 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][cat: Web/5][3 pkts/174 bytes <-> 2 pkts/217 bytes] 31 TCP 192.168.2.4:49192 <-> 93.186.135.8:80 [proto: 7/HTTP][cat: Web/5][3 pkts/198 bytes <-> 2 pkts/132 bytes] 32 UDP 192.168.2.4:51897 <-> 192.168.2.1:53 [proto: 5.140/DNS.Apple][cat: Web/5][1 pkts/79 bytes <-> 1 pkts/251 bytes][Host: query.ess.apple.com] diff --git a/tests/result/whatsapp_voice_and_message.pcap.out b/tests/result/whatsapp_voice_and_message.pcap.out index 042c85b94..2661271c1 100644 --- a/tests/result/whatsapp_voice_and_message.pcap.out +++ b/tests/result/whatsapp_voice_and_message.pcap.out @@ -6,11 +6,11 @@ WhatsAppVoice 44 5916 8 3 TCP 10.8.0.1:44819 <-> 158.85.58.42:5222 [proto: 142/WhatsApp][cat: Chat/9][15 pkts/2690 bytes <-> 15 pkts/2019 bytes] 4 TCP 10.8.0.1:49721 <-> 158.85.58.109:5222 [proto: 142/WhatsApp][cat: Chat/9][26 pkts/2311 bytes <-> 26 pkts/2300 bytes] 5 TCP 10.8.0.1:51570 <-> 158.85.5.199:443 [proto: 142/WhatsApp][cat: Chat/9][14 pkts/1123 bytes <-> 13 pkts/1097 bytes] - 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][5 pkts/840 bytes <-> 4 pkts/344 bytes] - 7 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 8 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 9 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 10 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 11 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] - 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 189/WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 6 UDP 10.8.0.1:53620 <-> 31.13.73.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][5 pkts/840 bytes <-> 4 pkts/344 bytes] + 7 UDP 10.8.0.1:53620 <-> 31.13.64.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 8 UDP 10.8.0.1:53620 <-> 31.13.74.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 9 UDP 10.8.0.1:53620 <-> 31.13.79.192:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 10 UDP 10.8.0.1:53620 <-> 31.13.84.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 11 UDP 10.8.0.1:53620 <-> 31.13.93.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 12 UDP 10.8.0.1:53620 <-> 173.252.121.1:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] + 13 UDP 10.8.0.1:53620 <-> 179.60.192.48:3478 [proto: 78.189/STUN.WhatsAppVoice][cat: VoIP/10][3 pkts/504 bytes <-> 2 pkts/172 bytes] |