diff options
| -rw-r--r-- | fuzz/Makefile.am | 4 | ||||
| -rw-r--r-- | fuzz/fuzz_config.cpp | 3 | ||||
| -rw-r--r-- | src/include/ndpi_api.h | 35 | ||||
| -rw-r--r-- | src/include/ndpi_main.h | 63 | ||||
| -rw-r--r-- | src/include/ndpi_protocols.h | 263 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 19 | ||||
| -rw-r--r-- | src/include/ndpi_utils.h | 58 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 66 | ||||
| -rw-r--r-- | src/lib/ndpi_private.h | 283 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/bittorrent.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/kerberos.c | 6 | ||||
| -rw-r--r-- | src/lib/protocols/ldap.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/snmp_proto.c | 6 | ||||
| -rw-r--r-- | src/lib/protocols/starcraft.c | 10 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 4 | ||||
| -rw-r--r-- | windows/nDPI.vcxproj | 2 | ||||
| -rw-r--r-- | windows/nDPI.vcxproj.filters | 2 |
19 files changed, 360 insertions, 484 deletions
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 3e4cb087f..6caa57fa9 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -78,8 +78,8 @@ fuzz_quic_get_crypto_data_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(fuzz_quic_get_crypto_data_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ fuzz_config_SOURCES = fuzz_config.cpp fuzz_common_code.c -fuzz_config_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -fuzz_config_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_config_CXXFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION +fuzz_config_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION fuzz_config_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) fuzz_config_LDFLAGS = $(LIBS) if HAS_FUZZLDFLAGS diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index 53df3a8c3..0abf63515 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -1,4 +1,5 @@ #include "ndpi_api.h" +#include "ndpi_private.h" #include "ndpi_classify.h" #include "fuzz_common_code.h" @@ -204,7 +205,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_get_http_method(ndpi_info_mod, bool_value ? &flow : NULL); ndpi_get_http_url(ndpi_info_mod, &flow); ndpi_get_http_content_type(ndpi_info_mod, &flow); - ndpi_check_for_email_address(ndpi_info_mod, 0); + check_for_email_address(ndpi_info_mod, 0); ndpi_get_flow_name(bool_value ? &flow : NULL); /* ndpi_guess_undetected_protocol() is a "strange" function. Try fuzzing it, here */ if(!ndpi_is_protocol_detected(ndpi_info_mod, p)) { diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 9621f8e37..0eef7bae2 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -242,18 +242,6 @@ extern "C" { void ndpi_free_flow(struct ndpi_flow_struct *flow); /** - * Enables cache support. - * In nDPI is used for some protocol (i.e. Skype) - * - * @par ndpi_mod = the struct created for the protocol detection - * @par host = string for the host name - * @par port = unsigned int for the port number - * - */ - void ndpi_enable_cache(struct ndpi_detection_module_struct *ndpi_mod, - char* host, u_int port); - - /** * Destroys the detection module * * @par ndpi_struct = the struct to clearing for the detection module @@ -2164,6 +2152,29 @@ extern "C" { */ void *ndpi_get_user_data(struct ndpi_detection_module_struct *ndpi_str); + /* ******************************* */ + + /* Can't call libc functions from kernel space, define some stub instead */ + +#define ndpi_isalpha(ch) (((ch) >= 'a' && (ch) <= 'z') || ((ch) >= 'A' && (ch) <= 'Z')) +#define ndpi_isdigit(ch) ((ch) >= '0' && (ch) <= '9') +#define ndpi_isalnum(ch) (ndpi_isalpha(ch) != 0 || ndpi_isdigit(ch) != 0) +#define ndpi_isspace(ch) (((ch) >= '\t' && (ch) <= '\r') || ((ch) == ' ')) +#define ndpi_isprint(ch) ((ch) >= 0x20 && (ch) <= 0x7e) +#define ndpi_ispunct(ch) (((ch) >= '!' && (ch) <= '/') || \ + ((ch) >= ':' && (ch) <= '@') || \ + ((ch) >= '[' && (ch) <= '`') || \ + ((ch) >= '{' && (ch) <= '~')) + + /* ******************************* */ + + int ndpi_vsnprintf(char * str, size_t size, char const * format, va_list va_args); + int ndpi_snprintf(char * str, size_t size, char const * format, ...); + struct tm *ndpi_gmtime_r(const time_t *timep, + struct tm *result); + + /* ******************************* */ + #ifdef __cplusplus } #endif diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index f2ce493c9..d262a5108 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -33,11 +33,7 @@ #include "ndpi_protocol_ids.h" #include "ndpi_typedefs.h" #include "ndpi_api.h" -#include "ndpi_protocols.h" -/* used by ndpi_set_proto_subprotocols */ -#define NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS (-1) -#define NDPI_PROTOCOL_MATCHED_BY_CONTENT (-2) #ifdef __cplusplus extern "C" { @@ -54,12 +50,8 @@ extern "C" { int NDPI_BITMASK_IS_EMPTY(NDPI_PROTOCOL_BITMASK a); void NDPI_DUMP_BITMASK(NDPI_PROTOCOL_BITMASK a); - extern u_int8_t ndpi_net_match(u_int32_t ip_to_check, - u_int32_t net, - u_int32_t num_bits); - extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst, - u_int32_t net, u_int32_t num_bits); + u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, @@ -78,34 +70,8 @@ extern "C" { u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - u_int16_t upper_detected_protocol, - u_int16_t lower_detected_protocol, - ndpi_confidence_t confidence); - - void ndpi_reset_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow); - - void ndpi_set_detected_protocol_keeping_master(struct ndpi_detection_module_struct *ndpi_str, - struct ndpi_flow_struct *flow, - u_int16_t detected_protocol, - ndpi_confidence_t confidence); - - extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow); - extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow); - - extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, - u_int16_t counter); - - extern void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - ndpi_protocol_category_t protocol_category); - extern void ndpi_set_proto_subprotocols(struct ndpi_detection_module_struct *ndpi_mod, - int protoId, ...); + int protoId, ...); extern int ndpi_parse_ip_string(const char *ip_str, ndpi_ip_addr_t *parsed_ip); extern char *ndpi_get_ip_string(const ndpi_ip_addr_t * ip, char *buf, u_int buf_len); @@ -114,20 +80,10 @@ extern "C" { extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id); u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name); - extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - u_int8_t proto, u_int16_t sport, u_int16_t dport, - u_int8_t *user_defined_proto); - extern u_int8_t ndpi_is_proto(ndpi_protocol proto, u_int16_t p); extern void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); -#ifdef NDPI_ENABLE_DEBUG_MESSAGES - void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct, - const char **file, const char **func, u_int32_t * line); -#endif - /** Checks when the @p payload starts with the string literal @p str. * When the string is larger than the payload, check fails. * @return non-zero if check succeeded @@ -149,7 +105,7 @@ extern "C" { u_int16_t protoId, char *protoName, ndpi_protocol_category_t protoCategory, ndpi_port_range *tcpDefPorts, - ndpi_port_range *udpDefPorts); + ndpi_port_range *udpDefPorts); void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_risk_enum r, char *risk_message); @@ -161,18 +117,7 @@ extern "C" { int ndpi_normalize_printable_string(char * const str, size_t len); int ndpi_is_valid_hostname(char * const str, size_t len); #define NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(entropy) (entropy > 7.0f) - float ndpi_entropy(u_int8_t const * const buf, size_t len); - u_int16_t ndpi_calculate_icmp4_checksum(u_int8_t const * const buf, size_t len); - void load_common_alpns(struct ndpi_detection_module_struct *ndpi_str); - u_int8_t is_a_common_alpn(struct ndpi_detection_module_struct *ndpi_str, - const char *alpn_to_check, u_int alpn_to_check_len); - - char *ndpi_hostname_sni_set(struct ndpi_flow_struct *flow, const u_int8_t *value, size_t value_len); - char *ndpi_user_agent_set(struct ndpi_flow_struct *flow, const u_int8_t *value, size_t value_len); - - int64_t ndpi_asn1_ber_decode_length(const unsigned char *payload, int payload_len, u_int16_t *value_len); - char* ndpi_intoav4(unsigned int addr, char* buf, u_int16_t bufLen); - int ndpi_seen_flow_beginning(const struct ndpi_flow_struct *flow); + float ndpi_entropy(u_int8_t const * const buf, size_t len); #ifdef __cplusplus } diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h deleted file mode 100644 index 8e2f0cc43..000000000 --- a/src/include/ndpi_protocols.h +++ /dev/null @@ -1,263 +0,0 @@ -/* - * ndpi_protocols.h - * - * Copyright (C) 2011-22 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see <http://www.gnu.org/licenses/>. - * - */ - - -#ifndef __NDPI_PROTOCOLS_H__ -#define __NDPI_PROTOCOLS_H__ - -#include "ndpi_main.h" - - -ndpi_port_range* ndpi_build_default_ports_range(ndpi_port_range *ports, - u_int16_t portA_low, u_int16_t portA_high, - u_int16_t portB_low, u_int16_t portB_high, - u_int16_t portC_low, u_int16_t portC_high, - u_int16_t portD_low, u_int16_t portD_high, - u_int16_t portE_low, u_int16_t portE_high); - -ndpi_port_range* ndpi_build_default_ports(ndpi_port_range *ports, - u_int16_t portA, - u_int16_t portB, - u_int16_t portC, - u_int16_t portD, - u_int16_t portE); - -/* TCP/UDP protocols */ -#ifdef __cplusplus -extern "C" -#endif -u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - u_int8_t protocol, - u_int32_t saddr, u_int32_t daddr); - - -void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_teredo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_corba_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_crossfire_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_dcerpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_dhcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_dhcpv6_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_dns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_dropbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_eaq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_edonkey_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ftp_control_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ftp_data_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_gnutella_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_gtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_hsrp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_halflife2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_hots_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ipp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_jabber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_kerberos_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ldap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_lotus_notes_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_mail_imap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_mail_pop_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_mail_smtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_maplestory_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_mgcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_mining_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_nats_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_mssql_tds_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_mysql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_nfs_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_noe_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ntp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_oracle_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_postgres_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ppstream_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_pptp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_qq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_quake_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_quic_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_radius_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_rdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_redis_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_rsync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_rtmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_shoutcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_sip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_imo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_skinny_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_socrates_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_socks_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ssh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_tls_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_starcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_syslog_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ssdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_telnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_tftp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_wsd_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_veohtv_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_vmware_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_vnc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_vxlan_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_warcraft3_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_whois_das_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_world_of_warcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_world_of_kung_fu_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_xbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_xdmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_zmq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_stracraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_coap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id); -void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id); -void init_rx_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_cpha_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_amazon_video_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_memcached_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_nest_log_sink_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_modbus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_capwap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_zabbix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_wireguard_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_dnp3_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_104_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_s7comm_dissector(struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id); -void init_websocket_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_soap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_dnscrypt_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_mongodb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_among_us_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_hpvirtgrp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_genshin_impact_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_z3950_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_avast_securedns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_cassandra_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ethernet_ip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_toca_boca_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_sd_rtn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_raknet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_xiaomi_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_mpegdash_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_rsh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ipsec_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_collectd_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_i3d_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_riotgames_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ultrasurf_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_threema_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_alicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_avast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_softether_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_activision_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_discord_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_tivoconnect_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_kismet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_fastcgi_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_natpmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_syncthing_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_crynet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_line_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_munin_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_elasticsearch_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_tuya_lp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_tplink_shp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_merakicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_tailscale_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_source_engine_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_bacnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_oicq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_epicgames_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_bitcoin_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_apache_thrift_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_slp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_http2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_haproxy_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_rmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_can_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_protobuf_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ethereum_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ptpv2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_hart_ip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_rtps_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_opc_ua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_fins_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); -void init_ethersio_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); - -/* ndpi_main.c */ -extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port); - -#endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 68e0365b4..3b29cb046 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -29,7 +29,6 @@ E * ndpi_typedefs.h #include "ndpi_includes.h" #endif #include "ndpi_protocol_ids.h" -#include "ndpi_utils.h" /* Used by both nDPI core and patricia code under third-party */ #include "ndpi_patricia_typedefs.h" @@ -235,11 +234,6 @@ typedef enum { ndpi_leaf } ndpi_VISIT; -/* NDPI_NODE */ -typedef struct node_t { - char *key; - struct node_t *left, *right; -} ndpi_node; /* NDPI_MASK_SIZE */ typedef u_int32_t ndpi_ndpi_mask; @@ -635,9 +629,6 @@ struct ndpi_flow_input_info { unsigned char seen_flow_beginning; }; -/* Save memory limiting the key to 56 bit */ -//#define SAVE_BINARY_BITMAP_MEMORY - PACK_ON struct ndpi_binary_bitmap_entry { #ifdef SAVE_BINARY_BITMAP_MEMORY @@ -1503,16 +1494,6 @@ typedef struct { } ndpi_protocol_match; typedef struct { - char *string_to_match; - ndpi_protocol_category_t protocol_category; -} ndpi_category_match; - -typedef struct { - char *string_to_match; - u_int16_t protocol_id; -} ndpi_tls_cert_name_match; - -typedef struct { u_int32_t network; u_int8_t cidr; u_int16_t value; diff --git a/src/include/ndpi_utils.h b/src/include/ndpi_utils.h deleted file mode 100644 index 288cd7a94..000000000 --- a/src/include/ndpi_utils.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * ndpi_main.c - * - * Copyright (C) 2011-22 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see <http://www.gnu.org/licenses/>. - * - */ - -#ifndef __NDPI_UTILS_H__ -#define __NDPI_UTILS_H__ - -#include "ndpi_define.h" -#ifndef NDPI_CFFI_PREPROCESSING -#include "ndpi_includes.h" -#endif - -#ifndef NDPI_CFFI_PREPROCESSING -struct ndpi_detection_module_struct; -extern u_int8_t ndpi_ends_with(struct ndpi_detection_module_struct *ndpi_struct, - char *str, char *ends); -#endif // NDPI_CFFI_PREPROCESSING -/* **************************************** */ - -/* Can't call libc functions from kernel space, define some stub instead */ - -#define ndpi_isalpha(ch) (((ch) >= 'a' && (ch) <= 'z') || ((ch) >= 'A' && (ch) <= 'Z')) -#define ndpi_isdigit(ch) ((ch) >= '0' && (ch) <= '9') -#define ndpi_isalnum(ch) (ndpi_isalpha(ch) != 0 || ndpi_isdigit(ch) != 0) -#define ndpi_isspace(ch) (((ch) >= '\t' && (ch) <= '\r') || ((ch) == ' ')) -#define ndpi_isprint(ch) ((ch) >= 0x20 && (ch) <= 0x7e) -#define ndpi_ispunct(ch) (((ch) >= '!' && (ch) <= '/') || \ - ((ch) >= ':' && (ch) <= '@') || \ - ((ch) >= '[' && (ch) <= '`') || \ - ((ch) >= '{' && (ch) <= '~')) - -#ifndef NDPI_CFFI_PREPROCESSING -int ndpi_vsnprintf(char * str, size_t size, char const * format, va_list va_args); -int ndpi_snprintf(char * str, size_t size, char const * format, ...); -struct tm *ndpi_gmtime_r(const time_t *timep, - struct tm *result); -#endif - -#endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index a96c9463b..9212d50d7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3978,8 +3978,8 @@ u_int8_t is_udp_not_guessable_protocol(u_int16_t l7_guessed_proto) { /* ****************************************************** */ -u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, - u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto) { +static u_int16_t guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, + u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto) { struct ndpi_packet_struct *packet = &ndpi_str->packet; *user_defined_proto = 0; /* Default */ @@ -4032,7 +4032,7 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_ENTROPY, str); } - u_int16_t chksm = ndpi_calculate_icmp4_checksum(packet->payload, packet->payload_packet_len); + u_int16_t chksm = icmp4_checksum(packet->payload, packet->payload_packet_len); if(chksm) { ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET, NULL); } @@ -6988,7 +6988,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s /* ********************************************************************************* */ -u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port) { +u_int32_t ip_port_hash_funct(u_int32_t ip, u_int16_t port) { return(ip + 3 * port); } @@ -7646,9 +7646,9 @@ static int ndpi_do_guess(struct ndpi_detection_module_struct *ndpi_str, struct n u_int8_t user_defined_proto; /* guess protocol */ - flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_str, flow, flow->l4_proto, - ntohs(flow->c_port), ntohs(flow->s_port), - &user_defined_proto); + flow->guessed_protocol_id = (int16_t) guess_protocol_id(ndpi_str, flow, flow->l4_proto, + ntohs(flow->c_port), ntohs(flow->s_port), + &user_defined_proto); flow->guessed_protocol_id_by_ip = ndpi_guess_host_protocol_id(ndpi_str, flow); ret->protocol_by_ip = flow->guessed_protocol_id_by_ip; @@ -8500,8 +8500,8 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s /* ********************************************************************************* */ -u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_str, - u_int16_t counter) { +u_int16_t check_for_email_address(struct ndpi_detection_module_struct *ndpi_str, + u_int16_t counter) { struct ndpi_packet_struct *packet; if(!ndpi_str) @@ -8582,24 +8582,6 @@ u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi return(0); } -#ifdef NDPI_ENABLE_DEBUG_MESSAGES -/* ********************************************************************************* */ - -void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_str, const char **file, - const char **func, u_int32_t *line) { - *file = ""; - *func = ""; - - if(ndpi_str->ndpi_debug_print_file != NULL) - *file = ndpi_str->ndpi_debug_print_file; - - if(ndpi_str->ndpi_debug_print_function != NULL) - *func = ndpi_str->ndpi_debug_print_function; - - *line = ndpi_str->ndpi_debug_print_line; -} -#endif - /* ********************************************************************************* */ u_int8_t ndpi_detection_get_l4(const u_int8_t *l3, u_int16_t l3_len, const u_int8_t **l4_return, @@ -8637,7 +8619,7 @@ void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_str, s /* ********************************************************************************* */ -void ndpi_reset_detected_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { +void reset_detected_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { flow->detected_protocol_stack[1] = NDPI_PROTOCOL_UNKNOWN; flow->detected_protocol_stack[0] = NDPI_PROTOCOL_UNKNOWN; flow->confidence = NDPI_CONFIDENCE_UNKNOWN; @@ -8706,8 +8688,8 @@ static void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_s /* ********************************************************************************* */ -void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, - ndpi_protocol_category_t protocol_category) { +void change_category(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, + ndpi_protocol_category_t protocol_category) { flow->category = protocol_category; } @@ -8828,7 +8810,7 @@ static ndpi_protocol ndpi_internal_guess_undetected_protocol(struct ndpi_detecti ret.app_protocol = NDPI_PROTOCOL_BITTORRENT; } } else { - ret.app_protocol = ndpi_guess_protocol_id(ndpi_str, flow, proto, 0, 0, &user_defined_proto); + ret.app_protocol = guess_protocol_id(ndpi_str, flow, proto, 0, 0, &user_defined_proto); } ret.category = ndpi_get_proto_category(ndpi_str, ret); @@ -8863,12 +8845,12 @@ ndpi_protocol ndpi_guess_undetected_protocol_v4(struct ndpi_detection_module_str if(rc != NDPI_PROTOCOL_UNKNOWN) { ret.app_protocol = rc, - ret.master_protocol = ndpi_guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); + ret.master_protocol = guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); if(ret.app_protocol == ret.master_protocol) ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; } else { - ret.app_protocol = ndpi_guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto), + ret.app_protocol = guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto), ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; } @@ -9528,7 +9510,7 @@ int ndpi_match_hostname_protocol(struct ndpi_detection_module_struct *ndpi_struc if(subproto != NDPI_PROTOCOL_UNKNOWN) { ndpi_set_detected_protocol(ndpi_struct, flow, subproto, master_protocol, NDPI_CONFIDENCE_DPI); if(!category_depends_on_master(master_protocol)) - ndpi_int_change_category(ndpi_struct, flow, ret_match.protocol_category); + change_category(ndpi_struct, flow, ret_match.protocol_category); if(subproto == NDPI_PROTOCOL_OOKLA) { ookla_add_to_cache(ndpi_struct, flow); @@ -10094,8 +10076,8 @@ static int enough(int a, int b) { /* ******************************************************************** */ -u_int8_t ndpi_ends_with(struct ndpi_detection_module_struct *ndpi_struct, - char *str, char *ends) { +u_int8_t ends_with(struct ndpi_detection_module_struct *ndpi_struct, + char *str, char *ends) { u_int str_len = str ? strlen(str) : 0; u_int8_t ends_len = strlen(ends); u_int8_t rc; @@ -10161,12 +10143,12 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, if((!name) || (strchr(name, '_') != NULL) || (strchr(name, '-') != NULL) - || (ndpi_ends_with(ndpi_str, name, "in-addr.arpa")) - || (ndpi_ends_with(ndpi_str, name, "ip6.arpa")) + || (ends_with(ndpi_str, name, "in-addr.arpa")) + || (ends_with(ndpi_str, name, "ip6.arpa")) /* Ignore TLD .local .lan and .home */ - || (ndpi_ends_with(ndpi_str, name, ".local")) - || (ndpi_ends_with(ndpi_str, name, ".lan")) - || (ndpi_ends_with(ndpi_str, name, ".home")) + || (ends_with(ndpi_str, name, ".local")) + || (ends_with(ndpi_str, name, ".lan")) + || (ends_with(ndpi_str, name, ".home")) ) return(0); @@ -10320,7 +10302,7 @@ int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str, if((word_len = strlen(word)) < 5) continue; - if((word_len < 10) && (ndpi_ends_with(ndpi_str, word, "cdn") /* Content Delivery Network ? */)) + if((word_len < 10) && (ends_with(ndpi_str, word, "cdn") /* Content Delivery Network ? */)) continue; /* Ignore names (not too long) that end with cdn [ ssl.p.jwpcdn.com or www.awxcdn.com ] */ NDPI_LOG_DBG2(ndpi_str, "[DGA] word(%s) [%s][len: %u]\n", word, name, (unsigned int)strlen(word)); diff --git a/src/lib/ndpi_private.h b/src/lib/ndpi_private.h index cf549c00c..325f76b3b 100644 --- a/src/lib/ndpi_private.h +++ b/src/lib/ndpi_private.h @@ -14,6 +14,22 @@ extern "C" { #define _NDPI_CONFIG_H_ #endif +/* NDPI_NODE */ +typedef struct node_t { + char *key; + struct node_t *left, *right; +} ndpi_node; + +typedef struct { + char *string_to_match; + ndpi_protocol_category_t protocol_category; +} ndpi_category_match; + +typedef struct { + char *string_to_match; + u_int16_t protocol_id; +} ndpi_tls_cert_name_match; + struct call_function_struct { NDPI_PROTOCOL_BITMASK detection_bitmask; NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask; @@ -145,7 +161,6 @@ struct ndpi_detection_module_struct { ndpi_debug_function_ptr ndpi_debug_printf; const char *ndpi_debug_print_file; const char *ndpi_debug_print_function; - u_int32_t ndpi_debug_print_line; NDPI_PROTOCOL_BITMASK debug_bitmask; #endif @@ -278,6 +293,9 @@ struct ndpi_detection_module_struct { }; +/* Used by ndpi_set_proto_subprotocols */ +#define NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS (-1) +#define NDPI_PROTOCOL_MATCHED_BY_CONTENT (-2) @@ -291,6 +309,62 @@ u_int8_t iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *iph, const u_i int current_pkt_from_client_to_server(const struct ndpi_detection_module_struct *ndpi_str, const struct ndpi_flow_struct *flow); int current_pkt_from_server_to_client(const struct ndpi_detection_module_struct *ndpi_str, const struct ndpi_flow_struct *flow); +int ndpi_seen_flow_beginning(const struct ndpi_flow_struct *flow); + +void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int16_t upper_detected_protocol, + u_int16_t lower_detected_protocol, + ndpi_confidence_t confidence); + +void reset_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); + +void ndpi_set_detected_protocol_keeping_master(struct ndpi_detection_module_struct *ndpi_str, + struct ndpi_flow_struct *flow, + u_int16_t detected_protocol, + ndpi_confidence_t confidence); + +void change_category(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + ndpi_protocol_category_t protocol_category); + + +char *ndpi_hostname_sni_set(struct ndpi_flow_struct *flow, const u_int8_t *value, size_t value_len); +char *ndpi_user_agent_set(struct ndpi_flow_struct *flow, const u_int8_t *value, size_t value_len); + +void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); +void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); + +void load_common_alpns(struct ndpi_detection_module_struct *ndpi_str); +u_int8_t is_a_common_alpn(struct ndpi_detection_module_struct *ndpi_str, + const char *alpn_to_check, u_int alpn_to_check_len); + +int64_t asn1_ber_decode_length(const unsigned char *payload, int payload_len, u_int16_t *value_len); + +u_int8_t ips_match(u_int32_t src, u_int32_t dst, + u_int32_t net, u_int32_t num_bits); + +u_int8_t ends_with(struct ndpi_detection_module_struct *ndpi_struct, + char *str, char *ends); + +u_int16_t check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, + u_int16_t counter); + +u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int8_t protocol, + u_int32_t saddr, u_int32_t daddr); + +u_int32_t ip_port_hash_funct(u_int32_t ip, u_int16_t port); + +char* ndpi_intoav4(unsigned int addr, char* buf, u_int16_t bufLen); + +u_int16_t icmp4_checksum(u_int8_t const * const buf, size_t len); + + /* TLS */ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, uint32_t quic_version); @@ -350,6 +424,213 @@ u_int32_t make_mining_key(struct ndpi_flow_struct *flow); int stun_search_into_zoom_cache(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); + +/* Protocols init */ +void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_teredo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_corba_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_crossfire_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_dcerpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_dhcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_dhcpv6_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_dns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_dropbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_eaq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_edonkey_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ftp_control_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ftp_data_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_gnutella_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_gtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_hsrp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_halflife2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_hots_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ipp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_jabber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_kerberos_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ldap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_lotus_notes_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_mail_imap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_mail_pop_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_mail_smtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_maplestory_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_mgcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_mining_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_nats_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_mssql_tds_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_mysql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_nfs_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_noe_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ntp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_oracle_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_postgres_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ppstream_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_pptp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_qq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_quake_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_quic_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_radius_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_rdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_redis_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_rsync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_rtmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_shoutcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_sip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_imo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_skinny_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_socrates_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_socks_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ssh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_tls_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_starcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_syslog_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ssdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_telnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_tftp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_wsd_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_veohtv_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_vmware_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_vnc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_vxlan_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_warcraft3_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_whois_das_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_world_of_warcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_world_of_kung_fu_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_xbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_xdmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_zmq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_stracraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_coap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id); +void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id); +void init_rx_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_cpha_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_amazon_video_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_memcached_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_nest_log_sink_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_modbus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_capwap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_zabbix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_wireguard_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_dnp3_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_104_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_s7comm_dissector(struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id); +void init_websocket_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_soap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_dnscrypt_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_mongodb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_among_us_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_hpvirtgrp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_genshin_impact_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_z3950_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_avast_securedns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_cassandra_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ethernet_ip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_toca_boca_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_sd_rtn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_raknet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_xiaomi_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_mpegdash_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_rsh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ipsec_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_collectd_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_i3d_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_riotgames_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ultrasurf_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_threema_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_alicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_avast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_softether_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_activision_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_discord_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_tivoconnect_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_kismet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_fastcgi_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_natpmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_syncthing_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_crynet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_line_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_munin_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_elasticsearch_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_tuya_lp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_tplink_shp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_merakicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_tailscale_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_source_engine_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_bacnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_oicq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_epicgames_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_bitcoin_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_apache_thrift_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_slp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_http2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_haproxy_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_rmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_can_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_protobuf_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ethereum_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ptpv2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_hart_ip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_rtps_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_opc_ua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_fins_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_ethersio_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); + #endif #ifdef __cplusplus diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 041f9226e..d6f5b7f60 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -271,8 +271,8 @@ u_int8_t ndpi_net_match(u_int32_t ip_to_check, return(((ip_to_check & mask) == (net & mask)) ? 1 : 0); } -u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst, - u_int32_t net, u_int32_t num_bits) +u_int8_t ips_match(u_int32_t src, u_int32_t dst, + u_int32_t net, u_int32_t num_bits) { return(ndpi_net_match(src, net, num_bits) || ndpi_net_match(dst, net, num_bits)); } @@ -2635,7 +2635,7 @@ static inline uint16_t get_n16bit(uint8_t const * cbuf) { return r; } -u_int16_t ndpi_calculate_icmp4_checksum(const u_int8_t * buf, size_t len) { +u_int16_t icmp4_checksum(const u_int8_t * buf, size_t len) { u_int32_t checksum = 0; /* @@ -2944,7 +2944,7 @@ u_int8_t ndpi_check_flow_risk_exceptions(struct ndpi_detection_module_struct *nd /* ******************************************* */ -int64_t ndpi_asn1_ber_decode_length(const unsigned char *payload, int payload_len, u_int16_t *value_len) +int64_t asn1_ber_decode_length(const unsigned char *payload, int payload_len, u_int16_t *value_len) { unsigned int value, i; diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index b3838a8dd..2d687654e 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -108,14 +108,14 @@ u_int32_t make_bittorrent_host_key(struct ndpi_flow_struct *flow, int client, in /* network byte order */ if(flow->is_ipv6) { if(client) - key = ndpi_ip_port_hash_funct(ndpi_quick_hash(flow->c_address.v6, 16), htons(ntohs(flow->c_port) + offset)); + key = ip_port_hash_funct(ndpi_quick_hash(flow->c_address.v6, 16), htons(ntohs(flow->c_port) + offset)); else - key = ndpi_ip_port_hash_funct(ndpi_quick_hash(flow->s_address.v6, 16), flow->s_port); + key = ip_port_hash_funct(ndpi_quick_hash(flow->s_address.v6, 16), flow->s_port); } else { if(client) - key = ndpi_ip_port_hash_funct(flow->c_address.v4, htons(ntohs(flow->c_port) + offset)); + key = ip_port_hash_funct(flow->c_address.v4, htons(ntohs(flow->c_port) + offset)); else - key = ndpi_ip_port_hash_funct(flow->s_address.v4, flow->s_port); + key = ip_port_hash_funct(flow->s_address.v4, flow->s_port); } return key; diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index ee0c61591..68ba42561 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -60,7 +60,7 @@ static void ndpi_set_binary_application_transfer(struct ndpi_detection_module_st /* Check known exceptions */ - if(ndpi_ends_with(ndpi_struct, (char*)flow->host_server_name, ".windowsupdate.com")) + if(ends_with(ndpi_struct, (char*)flow->host_server_name, ".windowsupdate.com")) ; else ndpi_set_risk(ndpi_struct, flow, NDPI_BINARY_APPLICATION_TRANSFER, msg); diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index 1939a2e32..ae09493b9 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -45,9 +45,9 @@ static int krb_decode_asn1_length(struct ndpi_detection_module_struct *ndpi_stru int64_t length; u_int16_t value_len; - length = ndpi_asn1_ber_decode_length(&packet->payload[*kasn1_offset], - packet->payload_packet_len - *kasn1_offset, - &value_len); + length = asn1_ber_decode_length(&packet->payload[*kasn1_offset], + packet->payload_packet_len - *kasn1_offset, + &value_len); if (length == -1 || packet->payload_packet_len < *kasn1_offset + value_len + length) diff --git a/src/lib/protocols/ldap.c b/src/lib/protocols/ldap.c index 36f4c5686..b4df469f9 100644 --- a/src/lib/protocols/ldap.c +++ b/src/lib/protocols/ldap.c @@ -47,7 +47,7 @@ static void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, s if(packet->payload_packet_len > 1 && packet->payload[0] == 0x30) { - length = ndpi_asn1_ber_decode_length(&packet->payload[1], packet->payload_packet_len - 1, &length_len); + length = asn1_ber_decode_length(&packet->payload[1], packet->payload_packet_len - 1, &length_len); NDPI_LOG_DBG(ndpi_struct, "length %d (%d bytes)\n", length, length_len); if(length > 0 && packet->payload_packet_len > 1 + length_len + 1 && diff --git a/src/lib/protocols/snmp_proto.c b/src/lib/protocols/snmp_proto.c index 66e415db3..75e829126 100644 --- a/src/lib/protocols/snmp_proto.c +++ b/src/lib/protocols/snmp_proto.c @@ -72,7 +72,7 @@ static void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t len_length = 0, offset; int64_t len; - len = ndpi_asn1_ber_decode_length(&packet->payload[1], packet->payload_packet_len - 1, &len_length); + len = asn1_ber_decode_length(&packet->payload[1], packet->payload_packet_len - 1, &len_length); if(len > 2 && 1 + len_length + len == packet->payload_packet_len && @@ -106,10 +106,10 @@ static void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, if(snmp_primitive == 2 /* Get Response */ && snmp_primitive_offset + 1 < packet->payload_packet_len) { offset = snmp_primitive_offset + 1; - ndpi_asn1_ber_decode_length(&packet->payload[offset], packet->payload_packet_len - offset, &len_length); + asn1_ber_decode_length(&packet->payload[offset], packet->payload_packet_len - offset, &len_length); offset += len_length + 1; if(offset < packet->payload_packet_len) { - len = ndpi_asn1_ber_decode_length(&packet->payload[offset], packet->payload_packet_len - offset, &len_length); + len = asn1_ber_decode_length(&packet->payload[offset], packet->payload_packet_len - offset, &len_length); u_int8_t error_status_offset = offset + len_length + len + 2; diff --git a/src/lib/protocols/starcraft.c b/src/lib/protocols/starcraft.c index 8cf59bbbf..d04f2a381 100644 --- a/src/lib/protocols/starcraft.c +++ b/src/lib/protocols/starcraft.c @@ -35,11 +35,11 @@ static u_int8_t sc2_match_logon_ip(struct ndpi_packet_struct* packet) u_int32_t source_ip = ntohl(packet->iph->saddr); u_int32_t dest_ip = ntohl(packet->iph->daddr); - return (ndpi_ips_match(source_ip, dest_ip, 0xD5F87F82, 32) // EU 213.248.127.130 - || ndpi_ips_match(source_ip, dest_ip, 0x0C81CE82, 32) // US 12.129.206.130 - || ndpi_ips_match(source_ip, dest_ip, 0x79FEC882, 32) // KR 121.254.200.130 - || ndpi_ips_match(source_ip, dest_ip, 0xCA09424C, 32) // SG 202.9.66.76 - || ndpi_ips_match(source_ip, dest_ip, 0x0C81ECFE, 32)); // BETA 12.129.236.254 + return (ips_match(source_ip, dest_ip, 0xD5F87F82, 32) // EU 213.248.127.130 + || ips_match(source_ip, dest_ip, 0x0C81CE82, 32) // US 12.129.206.130 + || ips_match(source_ip, dest_ip, 0x79FEC882, 32) // KR 121.254.200.130 + || ips_match(source_ip, dest_ip, 0xCA09424C, 32) // SG 202.9.66.76 + || ips_match(source_ip, dest_ip, 0x0C81ECFE, 32)); // BETA 12.129.236.254 } /* diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 589c599d2..76a75b459 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -408,8 +408,8 @@ static int stun_search_again(struct ndpi_detection_module_struct *ndpi_struct, first_dtls_pkt = 1; /* TODO: right way? It is a bit scary... do we need to reset something else too? */ - ndpi_reset_detected_protocol(ndpi_struct, flow); - ndpi_int_change_category(ndpi_struct, flow, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED); + reset_detected_protocol(ndpi_struct, flow); + change_category(ndpi_struct, flow, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED); /* Give room for DTLS handshake, where we might have retransmissions and fragments */ diff --git a/windows/nDPI.vcxproj b/windows/nDPI.vcxproj index 2caba13d6..89d7dc322 100644 --- a/windows/nDPI.vcxproj +++ b/windows/nDPI.vcxproj @@ -361,7 +361,6 @@ <ClInclude Include="..\src\include\ndpi_encryption.h" /> <ClInclude Include="..\src\include\ndpi_main.h" /> <ClInclude Include="..\src\include\ndpi_patricia_typedefs.h" /> - <ClInclude Include="..\src\include\ndpi_utils.h" /> <ClInclude Include="..\src\lib\ndpi_replace_printf.h" /> <ClInclude Include="..\src\lib\third_party\include\ahocorasick.h" /> <ClInclude Include="..\src\include\ndpi_includes.h" /> @@ -377,7 +376,6 @@ <ClInclude Include="..\src\lib\third_party\include\ndpi_md5.h" /> <ClInclude Include="..\src\lib\third_party\include\ndpi_patricia.h" /> <ClInclude Include="..\src\include\ndpi_protocol_ids.h" /> - <ClInclude Include="..\src\include\ndpi_protocols.h" /> <ClInclude Include="..\src\include\ndpi_typedefs.h" /> <ClInclude Include="..\src\include\ndpi_unix.h" /> <ClInclude Include="..\src\include\ndpi_win32.h" /> diff --git a/windows/nDPI.vcxproj.filters b/windows/nDPI.vcxproj.filters index d5c3dba0a..90f982e2d 100644 --- a/windows/nDPI.vcxproj.filters +++ b/windows/nDPI.vcxproj.filters @@ -249,7 +249,6 @@ <ItemGroup> <ClInclude Include="..\src\include\ndpi_includes.h" /> <ClInclude Include="..\src\include\ndpi_protocol_ids.h" /> - <ClInclude Include="..\src\include\ndpi_protocols.h" /> <ClInclude Include="..\src\include\ndpi_typedefs.h" /> <ClInclude Include="..\src\include\ndpi_unix.h" /> <ClInclude Include="..\src\include\ndpi_win32.h" /> @@ -258,7 +257,6 @@ <ClInclude Include="src\dirent.h" /> <ClInclude Include="..\src\include\ndpi_encryption.h" /> <ClInclude Include="..\src\include\ndpi_main.h" /> - <ClInclude Include="..\src\include\ndpi_utils.h" /> <ClInclude Include="..\src\lib\third_party\include\gcrypt_light.h" /> <ClInclude Include="..\src\lib\third_party\include\MurmurHash3.h" /> <ClInclude Include="..\src\lib\third_party\include\rce_injection.h" /> |