diff options
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/protocols/ubntac2.c | 62 | ||||
| -rw-r--r-- | tests/cfgs/default/pcap/ubntac2.pcap | bin | 1888 -> 2572 bytes | |||
| -rw-r--r-- | tests/cfgs/default/result/ubntac2.pcap.out | 29 |
4 files changed, 42 insertions, 51 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 51fcecf2c..b3c4486be 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1526,7 +1526,7 @@ struct ndpi_flow_struct { } discord; struct { - char version[32]; + char version[64]; } ubntac2; /* In TLS.Bittorent flows there is no hash. diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index 2b56c5aee..90e67b972 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -35,47 +35,37 @@ static void ndpi_int_ubntac2_add_connection(struct ndpi_detection_module_struct static void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; + u_int8_t tlv_type; + u_int16_t tlv_length, version_len; + int off; NDPI_LOG_DBG(ndpi_struct, "search ubntac2\n"); - NDPI_LOG_DBG2(ndpi_struct, "UBNTAC2 detection... plen:%i %i:%i\n", packet->payload_packet_len, ntohs(packet->udp->source), ntohs(packet->udp->dest)); - - if(packet->udp) { - if(packet->payload_packet_len >= 135 && - (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001))) { - int found = 0; - - if(memcmp(&(packet->payload[36]), "UBNT", 4) == 0) { - found = 36+5; - } else if(memcmp(&(packet->payload[49]), "ubnt", 4) == 0) { - found = 49+5; - } - if(found) { - found += packet->payload[found+1] + 4; /* Skip model name */ - found++; /* Skip len */ - - if(found < packet->payload_packet_len) { - char version[256]; - int len; - u_int i, j; - - for(i=found, j=0; (i < packet->payload_packet_len) - && (i < (sizeof(version)-1)) - && (packet->payload[i] != 0); i++) - version[j++] = packet->payload[i]; - - version[j] = '\0'; - - len = ndpi_min(sizeof(flow->protos.ubntac2.version) - 1, j); - memcpy(flow->protos.ubntac2.version, (const char *)version, len); - flow->protos.ubntac2.version[len] = '\0'; - } - - NDPI_LOG_INFO(ndpi_struct, "UBNT AirControl 2 request\n"); - - ndpi_int_ubntac2_add_connection(ndpi_struct, flow); + if(packet->payload_packet_len >= 4 && + (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001)) && + packet->payload[0] == 0x02 && + packet->payload[1] == 0x06 && + (4 + ntohs(*(u_int16_t *)&packet->payload[2]) == packet->payload_packet_len)) { + NDPI_LOG_INFO(ndpi_struct, "UBNT AirControl 2 request\n"); + ndpi_int_ubntac2_add_connection(ndpi_struct, flow); + + /* Parse TLV list: 1 byte type + 2 byte length + (optional) data */ + off = 4; + while (off + 3 < packet->payload_packet_len) { + tlv_type = packet->payload[off]; + tlv_length = ntohs(*(u_int16_t *)&packet->payload[off + 1]); + + NDPI_LOG_DBG2(ndpi_struct, "0x%x Len %d\n", tlv_type, tlv_length); + + if(tlv_type == 0x03 && off + 3 + tlv_length < packet->payload_packet_len) { + version_len = ndpi_min(sizeof(flow->protos.ubntac2.version) - 1, tlv_length); + memcpy(flow->protos.ubntac2.version, (const char *)&packet->payload[off + 3], version_len); + flow->protos.ubntac2.version[version_len] = '\0'; } + + off += 3 + tlv_length; } + return; } NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/tests/cfgs/default/pcap/ubntac2.pcap b/tests/cfgs/default/pcap/ubntac2.pcap Binary files differindex 254700b61..a010c3b6a 100644 --- a/tests/cfgs/default/pcap/ubntac2.pcap +++ b/tests/cfgs/default/pcap/ubntac2.pcap diff --git a/tests/cfgs/default/result/ubntac2.pcap.out b/tests/cfgs/default/result/ubntac2.pcap.out index ed0f90bdc..8853e37c9 100644 --- a/tests/cfgs/default/result/ubntac2.pcap.out +++ b/tests/cfgs/default/result/ubntac2.pcap.out @@ -1,6 +1,6 @@ -DPI Packets (UDP): 8 (1.00 pkts/flow) -Confidence DPI : 8 (flows) -Num dissector calls: 8 (1.00 diss/flow) +DPI Packets (UDP): 9 (1.00 pkts/flow) +Confidence DPI : 9 (flows) +Num dissector calls: 9 (1.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) @@ -17,18 +17,19 @@ Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 16/0 (search/found) +Patricia protocols: 18/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) -UBNTAC2 8 1736 8 +UBNTAC2 9 2032 9 -Safe 8 1736 8 +Safe 9 2032 9 - 1 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 6 UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 7 UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 8 UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.1.138:60790 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/296 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][< 1 sec][BZ.qca956x_6.6.77+15402.240813.0934][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |