diff options
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 2 | ||||
| -rw-r--r-- | src/lib/inc_generated/ndpi_asn_vk.c.inc | 35 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 8 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 6 | ||||
| -rw-r--r-- | tests/pcap/vk.pcapng | bin | 0 -> 158280 bytes | |||
| -rw-r--r-- | tests/result/vk.pcapng.out | 40 | ||||
| -rwxr-xr-x | utils/asn_update.sh | 5 |
7 files changed, 91 insertions, 5 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 1ffe932d6..926485c02 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -50,7 +50,7 @@ typedef enum { NDPI_PROTOCOL_POSTGRES = 19, NDPI_PROTOCOL_MYSQL = 20, NDPI_PROTOCOL_MS_OUTLOOK = 21, /* Hotmail / Microsoft Outlook / Exchange */ - NDPI_PROTOCOL_FREE_22 = 22, /* FREE */ + NDPI_PROTOCOL_VK = 22, NDPI_PROTOCOL_MAIL_POPS = 23, NDPI_PROTOCOL_TAILSCALE = 24, NDPI_PROTOCOL_FREE_25 = 25, /* FREE */ diff --git a/src/lib/inc_generated/ndpi_asn_vk.c.inc b/src/lib/inc_generated/ndpi_asn_vk.c.inc new file mode 100644 index 000000000..882cf9df2 --- /dev/null +++ b/src/lib/inc_generated/ndpi_asn_vk.c.inc @@ -0,0 +1,35 @@ +/* + * + * This file is generated automatically and part of nDPI + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + +/* ****************************************************** */ + + +static ndpi_network ndpi_protocol_vk_protocol_list[] = { + { 0x4F898B00 /* 79.137.139.0/24 */, 24, NDPI_PROTOCOL_VK }, + { 0x4F89A400 /* 79.137.164.0/24 */, 24, NDPI_PROTOCOL_VK }, + { 0x4F89B400 /* 79.137.180.0/24 */, 24, NDPI_PROTOCOL_VK }, + { 0x4F89B700 /* 79.137.183.0/24 */, 24, NDPI_PROTOCOL_VK }, + { 0x57F08000 /* 87.240.128.0/18 */, 18, NDPI_PROTOCOL_VK }, + { 0x5DBAE000 /* 93.186.224.0/20 */, 20, NDPI_PROTOCOL_VK }, + { 0x5F8EC000 /* 95.142.192.0/20 */, 20, NDPI_PROTOCOL_VK }, + { 0x5FD50000 /* 95.213.0.0/18 */, 18, NDPI_PROTOCOL_VK }, + { 0xB920F800 /* 185.32.248.0/22 */, 22, NDPI_PROTOCOL_VK }, + /* End */ + { 0x0, 0, 0 } +}; diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 4a88ccbbd..618b7b162 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1790,6 +1790,14 @@ static ndpi_protocol_match host_match[] = { "tailscale.com", "Tailscale", NDPI_PROTOCOL_TAILSCALE, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "userapi.com", "VK", NDPI_PROTOCOL_VK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "vk-cdn.net", "VK", NDPI_PROTOCOL_VK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "vk-portal.net", "VK", NDPI_PROTOCOL_VK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "vk.", "VK", NDPI_PROTOCOL_VK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "vkuser.net", "VK", NDPI_PROTOCOL_VK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "vkuseraudio.net", "VK", NDPI_PROTOCOL_VK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "vkuservideo.net", "VK", NDPI_PROTOCOL_VK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL }, + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_content_match_host_match.c.inc" #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2f53d9e48..5c79ae515 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -100,6 +100,7 @@ #include "inc_generated/ndpi_asn_avast.c.inc" #include "inc_generated/ndpi_asn_discord.c.inc" #include "inc_generated/ndpi_asn_line.c.inc" +#include "inc_generated/ndpi_asn_vk.c.inc" /* Third party libraries */ @@ -1145,10 +1146,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp "MySQL", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 3306, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FREE_22, - "Free22", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FREE_25, "Free25", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -2780,6 +2777,7 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_avast_protocol_list); ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_discord_protocol_list); ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_line_protocol_list); + ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_vk_protocol_list); } if(prefs & ndpi_track_flow_payload) diff --git a/tests/pcap/vk.pcapng b/tests/pcap/vk.pcapng Binary files differnew file mode 100644 index 000000000..a8613b249 --- /dev/null +++ b/tests/pcap/vk.pcapng diff --git a/tests/result/vk.pcapng.out b/tests/result/vk.pcapng.out new file mode 100644 index 000000000..ee4630194 --- /dev/null +++ b/tests/result/vk.pcapng.out @@ -0,0 +1,40 @@ +Guessed flow protos: 3 + +DPI Packets (TCP): 107 (10.70 pkts/flow) +Confidence DPI : 10 (flows) +Num dissector calls: 10 (1.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 4/4 (search/found) +Automa domain: 4/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 8/8 (search/found) +Patricia risk mask: 20/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia protocols: 10/10 (search/found) + +VK 82 10228 4 +TLS 827 116853 6 + +JA3 Host Stats: + IP Address # JA3C + 1 192.168.1.249 1 + + + 1 TCP 192.168.1.249:60436 -> 87.240.132.78:443 [proto: 91/TLS][IP: 22/VK][Encrypted][Confidence: DPI][cat: Web/5][706 pkts/85400 bytes -> 0 pkts/0 bytes][Goodput ratio: 45/0][16.78 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 25/0 3943/0 194/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 121/0 1464/0 175/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,9,0,0,0,0,0,3,0,0,0,9,18,6,3,6,9,9,6,0,0,6,0,0,3,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.1.249:40344 -> 87.240.129.140:443 [proto: 91/TLS][IP: 22/VK][Encrypted][Confidence: DPI][cat: Web/5][92 pkts/26327 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][12.81 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 154/0 4880/0 644/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 286/0 1464/0 382/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 5,0,2,0,0,10,14,0,10,5,2,2,0,2,0,5,7,0,0,2,0,0,7,0,0,0,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0] + 3 TCP 192.168.1.249:33904 -> 87.240.129.131:443 [proto: 91/TLS][IP: 22/VK][Encrypted][Confidence: DPI][cat: Web/5][21 pkts/3598 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][10.88 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 545/0 4263/0 1183/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 171/0 371/0 112/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,16,0,0,8,33,16,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.1.249:32990 -> 87.240.169.10:443 [proto: 91.22/TLS.VK][IP: 22/VK][Encrypted][Confidence: DPI][cat: SocialNetwork/6][24 pkts/2765 bytes -> 0 pkts/0 bytes][Goodput ratio: 42/0][0.11 sec][Hostname/SNI: sun9-87.userapi.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 4/0 17/0 5/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 115/0 583/0 127/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][Firefox][Plen Bins: 20,0,20,0,0,20,0,0,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 192.168.1.249:59722 -> 87.240.169.11:443 [proto: 91.22/TLS.VK][IP: 22/VK][Encrypted][Confidence: DPI][cat: SocialNetwork/6][21 pkts/2600 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][0.15 sec][Hostname/SNI: sun9-88.userapi.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/0 31/0 9/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 124/0 583/0 138/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][Firefox][Plen Bins: 20,0,20,0,0,20,0,0,0,0,0,0,20,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 TCP 192.168.1.249:47934 -> 87.240.169.3:443 [proto: 91.22/TLS.VK][IP: 22/VK][Encrypted][Confidence: DPI][cat: SocialNetwork/6][19 pkts/2493 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][0.13 sec][Hostname/SNI: sun9-80.userapi.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/0 44/0 12/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 131/0 583/0 147/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][Firefox][Plen Bins: 20,0,20,0,0,20,0,0,0,0,0,0,0,20,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 TCP 192.168.1.249:59154 -> 87.240.185.137:443 [proto: 91.22/TLS.VK][IP: 22/VK][Encrypted][Confidence: DPI][cat: SocialNetwork/6][18 pkts/2370 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][0.13 sec][Hostname/SNI: sun9-10.userapi.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/0 41/0 10/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 132/0 583/0 143/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][Firefox][Plen Bins: 20,0,20,0,0,20,0,0,0,0,0,20,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 TCP 192.168.1.249:56504 -> 87.240.129.135:443 [proto: 91/TLS][IP: 22/VK][Encrypted][Confidence: DPI][cat: Web/5][4 pkts/1186 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][0.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 TCP 192.168.1.249:43644 -> 87.240.132.67:443 [proto: 91/TLS][IP: 22/VK][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/171 bytes -> 0 pkts/0 bytes][Goodput ratio: 23/0][0.01 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 TCP 192.168.1.249:43938 -> 87.240.129.135:443 [proto: 91/TLS][IP: 22/VK][Encrypted][Confidence: DPI][cat: Web/5][2 pkts/171 bytes -> 0 pkts/0 bytes][Goodput ratio: 23/0][0.06 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/utils/asn_update.sh b/utils/asn_update.sh index 6ed94abb1..5e976e625 100755 --- a/utils/asn_update.sh +++ b/utils/asn_update.sh @@ -159,6 +159,11 @@ DEST=../src/lib/inc_generated/ndpi_asn_line.c.inc create_list NDPI_PROTOCOL_LINE $DEST "AS38631" echo "(3) Line IPs are available in $DEST" +echo "(1) Downloading VK..." +DEST=../src/lib/inc_generated/ndpi_asn_vk.c.inc +create_list NDPI_PROTOCOL_VK $DEST "AS47541" +echo "(3) VK IPs are available in $DEST" + if [ ${TOTAL_ASN} -eq ${FAILED_ASN} ]; then printf '%s: %s\n' "${0}" "All download(s) failed, ./get_routes_by_asn.sh broken?" exit 1 |