diff options
| -rw-r--r-- | python/ndpi.py | 77 | ||||
| -rw-r--r-- | python/ndpi_typestruct.py | 48 | ||||
| -rw-r--r-- | src/include/ndpi_define.h.in | 3 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 81 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/csgo.c | 28 | ||||
| -rw-r--r-- | src/lib/protocols/directdownloadlink.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 1 | ||||
| -rw-r--r-- | src/lib/protocols/rtsp.c | 16 | ||||
| -rw-r--r-- | src/lib/protocols/whoisdas.c | 2 |
10 files changed, 25 insertions, 243 deletions
diff --git a/python/ndpi.py b/python/ndpi.py index db87633ac..a7b568451 100644 --- a/python/ndpi.py +++ b/python/ndpi.py @@ -441,8 +441,6 @@ struct ndpi_id_struct { to compare this, use: **/ NDPI_PROTOCOL_BITMASK detected_protocol_bitmask; - /* NDPI_PROTOCOL_RTSP */ - ndpi_ip_addr_t rtsp_ip_address; /* NDPI_PROTOCOL_IRC_MAXPORT % 2 must be 0 */ /* NDPI_PROTOCOL_IRC */ @@ -457,9 +455,6 @@ struct ndpi_id_struct { /* NDPI_PROTOCOL_THUNDER */ uint32_t thunder_ts; - /* NDPI_PROTOCOL_RTSP */ - uint32_t rtsp_timer; - /* NDPI_PROTOCOL_ZATTOO */ uint32_t zattoo_ts; @@ -494,8 +489,6 @@ struct ndpi_id_struct { /* NDPI_PROTOCOL_UNENCRYPTED_JABBER */ uint8_t jabber_voice_stun_used_ports; - - uint8_t rtsp_ts_set:1; }; struct ndpi_flow_tcp_struct { @@ -505,15 +498,9 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_MAIL_POP */ uint16_t pop_command_bitmask; - /* NDPI_PROTOCOL_QQ */ - uint16_t qq_nxt_len; - /* NDPI_PROTOCOL_WHATSAPP */ uint8_t wa_matched_so_far; - /* NDPI_PROTOCOL_TDS */ - uint8_t tds_login_version; - /* NDPI_PROTOCOL_IRC */ uint8_t irc_stage; uint8_t irc_port; @@ -533,35 +520,16 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_SOULSEEK */ uint32_t soulseek_stage:2; - /* NDPI_PROTOCOL_TDS */ - uint32_t tds_stage:3; - /* NDPI_PROTOCOL_USENET */ uint32_t usenet_stage:2; - /* NDPI_PROTOCOL_IMESH */ - uint32_t imesh_stage:4; - /* NDPI_PROTOCOL_HTTP */ - uint32_t http_setup_dir:2; uint32_t http_stage:2; uint32_t http_empty_line_seen:1; - uint32_t http_wait_for_retransmission:1; /* NDPI_PROTOCOL_GNUTELLA */ uint32_t gnutella_stage:2; // 0 - 2 - /* NDPI_CONTENT_MMS */ - uint32_t mms_stage:2; - - /* NDPI_PROTOCOL_YAHOO */ - uint32_t yahoo_sip_comm:1; - uint32_t yahoo_http_proxy_stage:2; - - /* NDPI_PROTOCOL_MSN */ - uint32_t msn_stage:3; - uint32_t msn_ssl_ft:2; - /* NDPI_PROTOCOL_SSH */ uint32_t ssh_stage:3; @@ -577,8 +545,6 @@ struct ndpi_flow_tcp_struct { unsigned buffer_len, buffer_used; } message; - void* srv_cert_fingerprint_ctx; /* SHA-1 */ - /* NDPI_PROTOCOL_TLS */ uint8_t certificate_processed:1, fingerprint_set:1, _pad:6; uint8_t sha1_certificate_fingerprint[20], num_tls_blocks; @@ -588,8 +554,7 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_POSTGRES */ uint32_t postgres_stage:3; - /* NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK */ - uint32_t ddlink_server_direction:1; + /* Part of the TCP header. */ uint32_t seen_syn:1; uint32_t seen_syn_ack:1; uint32_t seen_ack:1; @@ -606,9 +571,6 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_WORLDOFWARCRAFT */ uint32_t wow_stage:2; - /* NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV */ - uint32_t veoh_tv_stage:2; - /* NDPI_PROTOCOL_SHOUTCAST */ uint32_t shoutcast_stage:2; @@ -648,12 +610,6 @@ struct ndpi_flow_tcp_struct { }; struct ndpi_flow_udp_struct { - /* NDPI_PROTOCOL_SNMP */ - uint32_t snmp_msg_id; - - /* NDPI_PROTOCOL_SNMP */ - uint32_t snmp_stage:2; - /* NDPI_PROTOCOL_PPSTREAM */ uint32_t ppstream_stage:3; // 0 - 7 @@ -669,9 +625,6 @@ struct ndpi_flow_udp_struct { /* NDPI_PROTOCOL_XBOX */ uint32_t xbox_stage:1; - /* NDPI_PROTOCOL_WINDOWS_UPDATE */ - uint32_t wsus_stage:1; - /* NDPI_PROTOCOL_SKYPE */ uint8_t skype_packet_id; @@ -710,7 +663,6 @@ struct ndpi_packet_struct { uint64_t current_time_ms; uint16_t detected_protocol_stack[2]; - uint16_t protocol_stack_info; struct ndpi_int_one_line_struct line[64]; /* HTTP headers */ @@ -739,14 +691,12 @@ struct ndpi_packet_struct { uint16_t actual_payload_len; uint16_t num_retried_bytes; uint16_t parsed_lines; - uint16_t parsed_unix_lines; uint16_t empty_line_position; uint8_t tcp_retransmission; uint8_t l4_protocol; - uint8_t tls_certificate_detected:4, tls_certificate_num_checks:4; uint8_t packet_lines_parsed_complete:1, - packet_direction:1, empty_line_position_set:1, pad:5; + packet_direction:1, empty_line_position_set:1, http_check_content:1, pad:4; }; struct ndpi_detection_module_struct; @@ -962,13 +912,8 @@ struct ndpi_detection_module_struct { uint32_t thunder_timeout; /* SoulSeek parameters */ uint32_t soulseek_connection_ip_tick_timeout; - /* rtsp parameters */ - uint32_t rtsp_connection_timeout; /* rstp */ uint32_t orb_rstp_ts_timeout; - /* yahoo */ - uint8_t yahoo_detect_http_connections; - uint32_t yahoo_lan_video_timeout; uint32_t zattoo_connection_timeout; uint32_t jabber_stun_timeout; uint32_t jabber_file_transfer_timeout; @@ -1010,7 +955,6 @@ typedef enum { struct ndpi_flow_struct { uint16_t detected_protocol_stack[2]; - uint16_t protocol_stack_info; /* init parameter, internal used to set up timestamp,... */ uint16_t guessed_protocol_id, guessed_host_protocol_id, guessed_category, guessed_header_category; uint8_t l4_proto, protocol_id_already_guessed:1, host_already_guessed:1, @@ -1037,11 +981,6 @@ struct ndpi_flow_struct { /* Place textual flow info here */ char flow_extra_info[16]; - /* - Pointer to src or dst that identifies the - server of this connection - */ - struct ndpi_id_struct *server_id; /* HTTP host or DNS query */ uint8_t host_server_name[240]; uint8_t initial_binary_bytes[8], initial_binary_bytes_len; @@ -1181,24 +1120,15 @@ struct ndpi_flow_struct { /* NDPI_PROTOCOL_DIRECTCONNECT */ uint8_t directconnect_stage:2; // 0 - 1 - /* NDPI_PROTOCOL_YAHOO */ - uint8_t sip_yahoo_voice:1; - /* NDPI_PROTOCOL_HTTP */ uint8_t http_detected:1; /* NDPI_PROTOCOL_RTSP */ - uint8_t rtsprdt_stage:2, rtsp_control_flow:1; - - /* NDPI_PROTOCOL_YAHOO */ - uint8_t yahoo_detection_finished:2; + uint8_t rtsprdt_stage:2; /* NDPI_PROTOCOL_ZATTOO */ uint8_t zattoo_stage:3; - /* NDPI_PROTOCOL_QQ */ - uint8_t qq_stage:3; - /* NDPI_PROTOCOL_THUNDER */ uint8_t thunder_stage:2; // 0 - 3 @@ -1242,7 +1172,6 @@ struct ndpi_flow_struct { uint32_t csgo_id2; /* internal structures to save functions calls */ struct ndpi_packet_struct packet; - struct ndpi_flow_struct *flow; struct ndpi_id_struct *src; struct ndpi_id_struct *dst; }; diff --git a/python/ndpi_typestruct.py b/python/ndpi_typestruct.py index 20f77120b..9413ca039 100644 --- a/python/ndpi_typestruct.py +++ b/python/ndpi_typestruct.py @@ -262,11 +262,8 @@ NDPIDetectionModuleStruct._fields_ = [ ("battlefield_timeout", c_uint32), ("thunder_timeout", c_uint32), ("soulseek_connection_ip_tick_timeout", c_uint32), - ("rtsp_connection_timeout", c_uint32), ("tvants_connection_timeout", c_uint32), ("orb_rstp_ts_timeout", c_uint32), - ("yahoo_detect_http_connections", c_uint8), - ("yahoo_lan_video_timeout", c_uint32), ("zattoo_connection_timeout", c_uint32), ("jabber_stun_timeout", c_uint32), ("jabber_file_transfer_timeout", c_uint32), @@ -312,7 +309,6 @@ class NDPIIpAddrT(Union): class NDPIIdStruct(Structure): _fields_ = [ ('detected_protocol_bitmask', NDPIProtocolBitMask), - ('rtsp_ip_address', NDPIIpAddrT), ('irc_port', c_uint16 * 8), ('last_time_port_used', c_uint32 * 8), ('irc_ts', c_uint32), @@ -336,7 +332,6 @@ class NDPIIdStruct(Structure): ('irc_number_of_port', c_uint8), ('oscar_ssl_session_id', c_uint8 * 33), ('jabber_voice_stun_used_ports', c_uint8), - ('rtsp_ts_set', c_uint8, 1), ] @@ -345,9 +340,7 @@ class NDPIFlowTcpStruct(Structure): _fields_ = [ ('smtp_command_bitmask', c_uint16), ('pop_command_bitmask', c_uint16), - ('qq_nxt_len', c_uint16), ('wa_matched_so_far', c_uint8), - ('tds_login_version', c_uint8), ('irc_stage', c_uint8), ('irc_port', c_uint8), ('h323_valid_packets', c_uint8), @@ -357,23 +350,13 @@ class NDPIFlowTcpStruct(Structure): ('irc_direction', c_uint32, 2), ('irc_0x1000_full', c_uint32, 1), ('soulseek_stage', c_uint32, 2), - ('tds_stage', c_uint32, 3), ('usenet_stage', c_uint32, 2), - ('imesh_stage', c_uint32, 4), - ('http_setup_dir', c_uint32, 2), ('http_stage', c_uint32, 2), ('http_empty_line_seen', c_uint32, 1), - ('http_wait_for_retransmission', c_uint32, 1), ('gnutella_stage', c_uint32, 2), - ('mms_stage', c_uint32, 2), - ('yahoo_sip_comm', c_uint32, 1), - ('yahoo_http_proxy_stage', c_uint32, 2), - ('msn_stage', c_uint32, 3), - ('msn_ssl_ft', c_uint32, 2), ('ssh_stage', c_uint32, 3), ('vnc_stage', c_uint32, 2), ('telnet_stage', c_uint32, 2), - ('tls_srv_cert_fingerprint_ctx', c_void_p), ('tls_seen_client_cert', c_uint8, 1), ('tls_seen_server_cert', c_uint8, 1), ('tls_seen_certificate', c_uint8, 1), @@ -384,7 +367,6 @@ class NDPIFlowTcpStruct(Structure): ('tls_fingerprint_len', c_int16), ('tls_sha1_certificate_fingerprint', c_uint8 * 20), ('postgres_stage', c_uint32, 3), - ('ddlink_server_direction', c_uint32, 1), ('seen_syn', c_uint32, 1), ('seen_syn_ack', c_uint32, 1), ('seen_ack', c_uint32, 1), @@ -392,7 +374,6 @@ class NDPIFlowTcpStruct(Structure): ('dofus_stage', c_uint32, 1), ('fiesta_stage', c_uint32, 2), ('wow_stage', c_uint32, 2), - ('veoh_tv_stage', c_uint32, 2), ('shoutcast_stage', c_uint32, 2), ('rtp_special_packets_seen', c_uint32, 1), ('mail_pop_stage', c_uint32, 2), @@ -413,16 +394,11 @@ class NDPIFlowTcpStruct(Structure): class NDPIFlowUdpStruct(Structure): _pack_ = 1 _fields_ = [ - ('battlefield_msg_id', c_uint32), - ('snmp_msg_id', c_uint32), - ('battlefield_stage', c_uint32, 3), - ('snmp_stage', c_uint32, 2), ('ppstream_stage', c_uint32, 3), ('halflife2_stage', c_uint32, 2), ('tftp_stage', c_uint32, 2), ('aimini_stage', c_uint32, 5), ('xbox_stage', c_uint32, 1), - ('wsus_stage', c_uint32, 1), ('skype_packet_id', c_uint8), ('teamviewer_stage', c_uint8), ('eaq_pkt_id', c_uint8), @@ -642,13 +618,6 @@ class NDPIUdpHdr(Structure): ] -class NDPIPacketStructStack(Structure): - _pack_ = 1 - _fields_ = [ - ('protocol_stack_info', c_uint16) - ] - - class NDPIPacketStruct(Structure): _fields_ = [ ('iph', POINTER(NDPIIphdr)), @@ -657,10 +626,8 @@ class NDPIPacketStruct(Structure): ('udp', POINTER(NDPIUdpHdr)), ('generic_l4_ptr', POINTER(c_uint8)), ('payload', POINTER(c_uint8)), - ('tick_timestamp', c_uint32), - ('tick_timestamp_l', c_uint64), + ('current_timestamp_ms', c_uint64), ('detected_protocol_stack', c_uint16 * ndpi.ndpi_wrap_ndpi_procol_size()), - ('ndpi_packet_stack', NDPIPacketStructStack), ('line', NDPIIntOneLineStruct * 64), ('host_line', NDPIIntOneLineStruct), ('forwarded_line', NDPIIntOneLineStruct), @@ -685,16 +652,14 @@ class NDPIPacketStruct(Structure): ('actual_payload_len', c_uint16), ('num_retried_bytes', c_uint16), ('parsed_lines', c_uint16), - ('parsed_unix_lines', c_uint16), ('empty_line_position', c_uint16), ('tcp_retransmission', c_uint8), ('l4_protocol', c_uint8), - ('ssl_certificate_detected', c_uint8, 4), - ('ssl_certificate_num_checks', c_uint8, 4), ('packet_lines_parsed_complete', c_uint8, 1), ('packet_direction', c_uint8, 1), ('empty_line_position_set', c_uint8, 1), - ('pad', c_uint8, 5), + ('http_check_content', c_uint8, 1), + ('pad', c_uint8, 4), ] @@ -702,7 +667,6 @@ class NDPIFlowStructStack(Structure): _pack_ = 1 _fields_ = [ ("detected_protocol_stack", c_uint16 * ndpi.ndpi_wrap_ndpi_procol_size()), - ("protocol_stack_info", c_uint16) ] @@ -725,7 +689,6 @@ NDPIFlowStruct._fields_ = [ ("num_processed_pkts", c_uint8), ("extra_packets_func", CFUNCTYPE(c_int, POINTER(NDPIDetectionModuleStruct), POINTER(NDPIFlowStruct))), ("l4", L4), - ("server_id", POINTER(NDPIIdStruct)), ("host_server_name", c_ubyte * 256), ("http", Http), ("protos", Protos), @@ -738,15 +701,11 @@ NDPIFlowStruct._fields_ = [ ('byte_counter', c_uint16 * 2), ('bittorrent_stage', c_uint8), ('directconnect_stage', c_uint8, 2), - ('sip_yahoo_voice', c_uint8, 1), ('http_detected', c_uint8, 1), ('http_upper_protocol', c_uint16), ('http_lower_protocol', c_uint16), ('rtsprdt_stage', c_uint8, 2), - ('rtsp_control_flow', c_uint8, 1), - ('yahoo_detection_finished', c_uint8, 2), ('zattoo_stage', c_uint8, 3), - ('qq_stage', c_uint8, 3), ('thunder_stage', c_uint8, 2), ('oscar_ssl_voice_stage', c_uint8, 3), ('oscar_video_voice', c_uint8, 1), @@ -775,7 +734,6 @@ NDPIFlowStruct._fields_ = [ ('kxun_counter', c_uint16), ('iqiyi_counter', c_uint16), ('packet', NDPIPacketStruct), - ('flow', POINTER(NDPIFlowStruct)), ('src', POINTER(NDPIIdStruct)), ('dst', POINTER(NDPIIdStruct)) ] diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index 664f52bce..e959b23a9 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -172,10 +172,7 @@ #define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 #define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 #define NDPI_THUNDER_CONNECTION_TIMEOUT 30 -#define NDPI_RTSP_CONNECTION_TIMEOUT 5 #define NDPI_TVANTS_CONNECTION_TIMEOUT 5 -#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 -#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 #define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 #define NDPI_ZATTOO_FLASH_TIMEOUT 5 #define NDPI_JABBER_STUN_TIMEOUT 30 diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 9a9edfc3e..2347d0429 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -579,8 +579,6 @@ struct ndpi_id_struct { to compare this, use: **/ NDPI_PROTOCOL_BITMASK detected_protocol_bitmask; - /* NDPI_PROTOCOL_RTSP */ - ndpi_ip_addr_t rtsp_ip_address; /* NDPI_PROTOCOL_IRC_MAXPORT % 2 must be 0 */ /* NDPI_PROTOCOL_IRC */ @@ -595,9 +593,6 @@ struct ndpi_id_struct { /* NDPI_PROTOCOL_THUNDER */ u_int32_t thunder_ts; - /* NDPI_PROTOCOL_RTSP */ - u_int32_t rtsp_timer; - /* NDPI_PROTOCOL_ZATTOO */ u_int32_t zattoo_ts; @@ -632,9 +627,6 @@ struct ndpi_id_struct { /* NDPI_PROTOCOL_JABBER */ u_int8_t jabber_voice_stun_used_ports; - - /* NDPI_PROTOCOL_RTSP */ - u_int8_t rtsp_ts_set:1; }; /* ************************************************** */ @@ -646,15 +638,9 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_MAIL_POP */ u_int16_t pop_command_bitmask; - /* NDPI_PROTOCOL_QQ */ - u_int16_t qq_nxt_len; - /* NDPI_PROTOCOL_WHATSAPP */ u_int8_t wa_matched_so_far; - /* NDPI_PROTOCOL_TDS */ - u_int8_t tds_login_version; - /* NDPI_PROTOCOL_IRC */ u_int8_t irc_stage; u_int8_t irc_port; @@ -674,35 +660,16 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_SOULSEEK */ u_int32_t soulseek_stage:2; - /* NDPI_PROTOCOL_TDS */ - u_int32_t tds_stage:3; - /* NDPI_PROTOCOL_USENET */ u_int32_t usenet_stage:2; - /* NDPI_PROTOCOL_IMESH */ - u_int32_t imesh_stage:4; - /* NDPI_PROTOCOL_HTTP */ - u_int32_t http_setup_dir:2; u_int32_t http_stage:2; u_int32_t http_empty_line_seen:1; - u_int32_t http_wait_for_retransmission:1; /* NDPI_PROTOCOL_GNUTELLA */ u_int32_t gnutella_stage:2; // 0 - 2 - /* NDPI_CONTENT_MMS */ - u_int32_t mms_stage:2; - - /* NDPI_PROTOCOL_YAHOO */ - u_int32_t yahoo_sip_comm:1; - u_int32_t yahoo_http_proxy_stage:2; - - /* NDPI_PROTOCOL_MSN */ - u_int32_t msn_stage:3; - u_int32_t msn_ssl_ft:2; - /* NDPI_PROTOCOL_SSH */ u_int32_t ssh_stage:3; @@ -715,8 +682,6 @@ struct ndpi_flow_tcp_struct { struct { message_t message; - void* srv_cert_fingerprint_ctx; /* SHA-1 */ - /* NDPI_PROTOCOL_TLS */ u_int8_t certificate_processed:1, fingerprint_set:1, _pad:6; u_int8_t num_tls_blocks; @@ -726,9 +691,6 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_POSTGRES */ u_int32_t postgres_stage:3; - /* NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK */ - u_int32_t ddlink_server_direction:1; - /* Part of the TCP header. */ u_int32_t seen_syn:1; u_int32_t seen_syn_ack:1; @@ -746,9 +708,6 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_WORLDOFWARCRAFT */ u_int32_t wow_stage:2; - /* NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV */ - u_int32_t veoh_tv_stage:2; - /* NDPI_PROTOCOL_SHOUTCAST */ u_int32_t shoutcast_stage:2; @@ -793,12 +752,6 @@ struct ndpi_flow_tcp_struct { /* ************************************************** */ struct ndpi_flow_udp_struct { - /* NDPI_PROTOCOL_SNMP */ - u_int32_t snmp_msg_id; - - /* NDPI_PROTOCOL_SNMP */ - u_int32_t snmp_stage:2; - /* NDPI_PROTOCOL_PPSTREAM */ u_int32_t ppstream_stage:3; // 0 - 7 @@ -814,9 +767,6 @@ struct ndpi_flow_udp_struct { /* NDPI_PROTOCOL_XBOX */ u_int32_t xbox_stage:1; - /* NDPI_PROTOCOL_WINDOWS_UPDATE */ - u_int32_t wsus_stage:1; - /* NDPI_PROTOCOL_SKYPE */ u_int8_t skype_packet_id; u_int8_t skype_crc[4]; @@ -842,6 +792,10 @@ struct ndpi_flow_udp_struct { /* NDPI_PROTOCOL_QUIC */ u_int8_t *quic_reasm_buf; u_int32_t quic_reasm_buf_len; + + /* NDPI_PROTOCOL_CSGO */ + u_int8_t csgo_strid[18],csgo_state,csgo_s2; + u_int32_t csgo_id2; }; /* ************************************************** */ @@ -880,7 +834,6 @@ struct ndpi_packet_struct { u_int64_t current_time_ms; u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; - u_int16_t protocol_stack_info; struct ndpi_int_one_line_struct line[NDPI_MAX_PARSE_LINES_PER_PACKET]; /* HTTP headers */ @@ -911,12 +864,10 @@ struct ndpi_packet_struct { u_int16_t actual_payload_len; u_int16_t num_retried_bytes; u_int16_t parsed_lines; - u_int16_t parsed_unix_lines; u_int16_t empty_line_position; u_int8_t tcp_retransmission; u_int8_t l4_protocol; - u_int8_t tls_certificate_detected:4, tls_certificate_num_checks:4; u_int8_t packet_lines_parsed_complete:1, packet_direction:1, empty_line_position_set:1, http_check_content:1, pad:4; }; @@ -1180,13 +1131,8 @@ struct ndpi_detection_module_struct { u_int32_t thunder_timeout; /* SoulSeek parameters */ u_int32_t soulseek_connection_ip_tick_timeout; - /* rtsp parameters */ - u_int32_t rtsp_connection_timeout; /* rstp */ u_int32_t orb_rstp_ts_timeout; - /* yahoo */ - u_int8_t yahoo_detect_http_connections; - u_int32_t yahoo_lan_video_timeout; u_int32_t zattoo_connection_timeout; u_int32_t jabber_stun_timeout; u_int32_t jabber_file_transfer_timeout; @@ -1257,7 +1203,6 @@ struct tls_heuristics { */ struct ndpi_flow_struct { u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; - u_int16_t protocol_stack_info; /* init parameter, internal used to set up timestamp,... */ u_int16_t guessed_protocol_id, guessed_host_protocol_id, guessed_category, guessed_header_category; @@ -1293,11 +1238,6 @@ struct ndpi_flow_struct { /* Place textual flow info here */ char flow_extra_info[16]; - /* - Pointer to src or dst that identifies the - server of this connection - */ - struct ndpi_id_struct *server_id; /* HTTP host or DNS query */ u_char host_server_name[240]; u_int8_t initial_binary_bytes[8], initial_binary_bytes_len; @@ -1448,17 +1388,11 @@ struct ndpi_flow_struct { u_int8_t http_detected:1; /* NDPI_PROTOCOL_RTSP */ - u_int8_t rtsprdt_stage:2, rtsp_control_flow:1; - - /* NDPI_PROTOCOL_YAHOO */ - u_int8_t yahoo_detection_finished:2; + u_int8_t rtsprdt_stage:2; /* NDPI_PROTOCOL_ZATTOO */ u_int8_t zattoo_stage:3; - /* NDPI_PROTOCOL_QQ */ - u_int8_t qq_stage:3; - /* NDPI_PROTOCOL_THUNDER */ u_int8_t thunder_stage:2; // 0 - 3 @@ -1494,13 +1428,8 @@ struct ndpi_flow_struct { u_int8_t tinc_state; struct tinc_cache_entry tinc_cache_entry; - /* NDPI_PROTOCOL_CSGO */ - u_int8_t csgo_strid[18],csgo_state,csgo_s2; - u_int32_t csgo_id2; - /* internal structures to save functions calls */ struct ndpi_packet_struct packet; - struct ndpi_flow_struct *flow; struct ndpi_id_struct *src; struct ndpi_id_struct *dst; }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 1c29d1a8f..ba6c66a4f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2339,7 +2339,6 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs ndpi_str->directconnect_connection_ip_tick_timeout = NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT * ndpi_str->ticks_per_second; - ndpi_str->rtsp_connection_timeout = NDPI_RTSP_CONNECTION_TIMEOUT * ndpi_str->ticks_per_second; ndpi_str->irc_timeout = NDPI_IRC_CONNECTION_TIMEOUT * ndpi_str->ticks_per_second; ndpi_str->gnutella_timeout = NDPI_GNUTELLA_CONNECTION_TIMEOUT * ndpi_str->ticks_per_second; ndpi_str->thunder_timeout = NDPI_THUNDER_CONNECTION_TIMEOUT * ndpi_str->ticks_per_second; @@ -4276,7 +4275,6 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru void ndpi_apply_flow_protocol_to_packet(struct ndpi_flow_struct *flow, struct ndpi_packet_struct *packet) { memcpy(&packet->detected_protocol_stack, &flow->detected_protocol_stack, sizeof(packet->detected_protocol_stack)); - memcpy(&packet->protocol_stack_info, &flow->protocol_stack_info, sizeof(packet->protocol_stack_info)); } /* ****************************************************** */ @@ -4948,9 +4946,6 @@ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_str, st if(flow == NULL) return; - if(flow->server_id == NULL) - flow->server_id = dst; /* Default */ - /* need at least 20 bytes for ip header */ if(packetlen < 20) { return; @@ -5432,9 +5427,6 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; - if(flow->server_id == NULL) - flow->server_id = dst; /* Default */ - if(flow->check_extra_packets) { ndpi_process_extra_packet(ndpi_str, flow, packet, packetlen, current_time_ms, src, dst); /* Update in case of new match */ diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c index a1f5e56ef..ae17d5f46 100644 --- a/src/lib/protocols/csgo.c +++ b/src/lib/protocols/csgo.c @@ -38,18 +38,18 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n uint32_t w = htonl(get_u_int32_t(packet->payload, 0)); NDPI_LOG_DBG2(ndpi_struct, "CSGO: word %08x\n", w); - if(!flow->csgo_state && packet->payload_packet_len == 23 && w == 0xfffffffful) { + if(!flow->l4.udp.csgo_state && packet->payload_packet_len == 23 && w == 0xfffffffful) { if(!memcmp(packet->payload + 5, "connect0x", 9)) { - flow->csgo_state++; - memcpy(flow->csgo_strid, packet->payload + 5, 18); + flow->l4.udp.csgo_state++; + memcpy(flow->l4.udp.csgo_strid, packet->payload + 5, 18); NDPI_LOG_DBG2(ndpi_struct, "Found csgo connect0x\n"); return; } } - if(flow->csgo_state == 1 && packet->payload_packet_len >= 42 && w == 0xfffffffful) { - if(!memcmp(packet->payload + 24, flow->csgo_strid, 18)) { - flow->csgo_state++; + if(flow->l4.udp.csgo_state == 1 && packet->payload_packet_len >= 42 && w == 0xfffffffful) { + if(!memcmp(packet->payload + 24, flow->l4.udp.csgo_strid, 18)) { + flow->l4.udp.csgo_state++; ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); NDPI_LOG_INFO( ndpi_struct, "found csgo connect0x reply\n"); return; @@ -77,32 +77,32 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n } } - if(flow->csgo_s2 < 3 && (w & 0xffff0000ul) == 0x0d1d0000) { + if(flow->l4.udp.csgo_s2 < 3 && (w & 0xffff0000ul) == 0x0d1d0000) { uint32_t w2 = get_u_int32_t(packet->payload, 2); if(packet->payload_packet_len == 13) { - if(!flow->csgo_s2) { - flow->csgo_id2 = w2; - flow->csgo_s2 = 1; + if(!flow->l4.udp.csgo_s2) { + flow->l4.udp.csgo_id2 = w2; + flow->l4.udp.csgo_s2 = 1; NDPI_LOG_DBG2( ndpi_struct, "Found csgo udp 0d1d step1\n"); return; } - if(flow->csgo_s2 == 1 && flow->csgo_id2 == w2) { + if(flow->l4.udp.csgo_s2 == 1 && flow->l4.udp.csgo_id2 == w2) { NDPI_LOG_DBG2( ndpi_struct, "Found csgo udp 0d1d step1 DUP\n"); return; } - flow->csgo_s2 = 3; + flow->l4.udp.csgo_s2 = 3; return; } if(packet->payload_packet_len == 15) { - if(flow->csgo_s2 == 1 && flow->csgo_id2 == w2) { + if(flow->l4.udp.csgo_s2 == 1 && flow->l4.udp.csgo_id2 == w2) { NDPI_LOG_INFO( ndpi_struct, "found csgo udp 0d1d\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } } - flow->csgo_s2 = 3; + flow->l4.udp.csgo_s2 = 3; } if(packet->payload_packet_len >= 140 && (w == 0x02124c6c || w == 0x02125c6c) && diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index 1be4cd671..fad3964e9 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -39,11 +39,7 @@ static void ndpi_int_direct_download_link_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, NDPI_PROTOCOL_UNKNOWN); - - flow->l4.tcp.ddlink_server_direction = packet->packet_direction; } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 0da3a16e7..725bc2edf 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -554,7 +554,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ flow->extra_packets_func = NULL; /* We're good now */ if(len > 0) ndpi_check_dga_name(ndpi_struct, flow, (char*)flow->host_server_name, 1); - flow->server_id = flow->dst; if(packet->forwarded_line.ptr) { len = ndpi_min(packet->forwarded_line.len, sizeof(flow->protos.http.nat_ip)-1); diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index 5a14f1d83..9d258f864 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -42,9 +42,6 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - struct ndpi_id_struct *src = flow->src; - struct ndpi_id_struct *dst = flow->dst; - NDPI_LOG_DBG(ndpi_struct, "search RTSP\n"); if (packet->parsed_lines == 0) @@ -84,20 +81,7 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct if((memcmp(packet->payload, "RTSP/1.0 ", 9) == 0) || (strstr(buf, "rtsp://") != NULL)) { NDPI_LOG_DBG2(ndpi_struct, "found RTSP/1.0 \n"); - if (dst != NULL) { - NDPI_LOG_DBG2(ndpi_struct, "found dst\n"); - ndpi_packet_src_ip_get(packet, &dst->rtsp_ip_address); - dst->rtsp_timer = packet->current_time_ms; - dst->rtsp_ts_set = 1; - } - if (src != NULL) { - NDPI_LOG_DBG2(ndpi_struct, "found src\n"); - ndpi_packet_dst_ip_get(packet, &src->rtsp_ip_address); - src->rtsp_timer = packet->current_time_ms; - src->rtsp_ts_set = 1; - } NDPI_LOG_INFO(ndpi_struct, "found RTSP\n"); - flow->rtsp_control_flow = 1; ndpi_int_rtsp_add_connection(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/whoisdas.c b/src/lib/protocols/whoisdas.c index 7b711c33b..530b7418b 100644 --- a/src/lib/protocols/whoisdas.c +++ b/src/lib/protocols/whoisdas.c @@ -47,8 +47,6 @@ void ndpi_search_whois_das(struct ndpi_detection_module_struct *ndpi_struct, str flow->host_server_name[i] = '\0'; - flow->server_id = ((sport == 43) || (sport == 4343)) ? flow->src : flow->dst; - NDPI_LOG_INFO(ndpi_struct, "[WHOIS/DAS] %s\n", flow->host_server_name); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHOIS_DAS, NDPI_PROTOCOL_UNKNOWN); return; |