diff options
| -rw-r--r-- | src/lib/ndpi_main.c | 24 | ||||
| -rw-r--r-- | tests/result/starcraft_battle.pcap.out | 11 |
2 files changed, 14 insertions, 21 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index fc5042b0f..5639ed620 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1666,7 +1666,7 @@ static int fill_prefix_v4(prefix_t *p, struct in_addr *a, int b, int mb) { /* ******************************************* */ -u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin) { +u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin /* network byte order */) { prefix_t prefix; patricia_node_t *node; @@ -1679,7 +1679,7 @@ u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_str /* ******************************************* */ -u_int16_t ndpi_host_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t host) { +u_int16_t ndpi_host_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t host /* network byte order */) { struct in_addr pin; pin.s_addr = host; @@ -1700,11 +1700,9 @@ u_int8_t ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_packet_struct *packet = &flow->packet; if(packet->tcp != NULL) { - if(flow->packet.iph) { - struct in_addr saddr = { packet->iph->saddr }; - struct in_addr daddr = { packet->iph->daddr }; - if(tor_ptree_match(ndpi_struct, &saddr) - || tor_ptree_match(ndpi_struct, &daddr)) { + if(packet->iph) { + if(tor_ptree_match(ndpi_struct, (struct in_addr *)&packet->iph->saddr) + || tor_ptree_match(ndpi_struct, (struct in_addr *)&packet->iph->daddr)) { return(1); } } @@ -1751,7 +1749,6 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp struct in_addr pin; inet_pton(AF_INET, value, &pin); - pin.s_addr = ntohl(pin.s_addr); if((node = add_to_ptree(ndpi_struct->protocols_ptree, AF_INET, &pin, 32)) != NULL) { node->value.user_value = protocol_id; @@ -3424,12 +3421,9 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) && flow->packet.iph && (!flow->host_already_guessed)) { - struct in_addr pin; - pin.s_addr = flow->packet.iph->saddr; - if((flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, &pin)) == NDPI_PROTOCOL_UNKNOWN) { - pin.s_addr = flow->packet.iph->daddr; - flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, &pin); + if((flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) { + flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); } flow->host_already_guessed = 1; @@ -4252,11 +4246,11 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct return(ret); check_guessed_skype: - addr.s_addr = shost; + addr.s_addr = htonl(shost); if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE) { ret.protocol = NDPI_PROTOCOL_SKYPE; } else { - addr.s_addr = dhost; + addr.s_addr = htonl(dhost); if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE) ret.protocol = NDPI_PROTOCOL_SKYPE; } diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 4cbdb5ceb..918647cef 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -4,8 +4,7 @@ HTTP 450 294880 19 SSDP 11 4984 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 -SSL 27 1803 9 -Skype 16 1100 4 +SSL 43 2903 13 Google 12 1467 2 Quic 6 475 1 Starcraft 236 51494 6 @@ -28,10 +27,10 @@ Starcraft 236 51494 6 16 TCP 192.168.1.100:3530 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] 17 TCP 192.168.1.100:3532 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes] 18 TCP 192.168.1.100:3534 <-> 2.228.46.112:80 [proto: 7/HTTP][1 pkts/66 bytes] - 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 125/Skype][4 pkts/275 bytes] + 19 TCP 192.168.1.100:3489 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] 20 TCP 192.168.1.100:3481 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 21 TCP 192.168.1.100:3479 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] - 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 125/Skype][4 pkts/275 bytes] + 22 TCP 192.168.1.100:3491 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] 23 TCP 80.239.186.26:80 <-> 192.168.1.100:3515 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] 24 TCP 80.239.186.21:80 <-> 192.168.1.100:3519 [proto: 7/HTTP][9 pkts/979 bytes][Host: eu.launcher.battle.net] 25 TCP 80.239.186.26:80 <-> 192.168.1.100:3521 [proto: 7/HTTP][10 pkts/1224 bytes][Host: nydus.battle.net] @@ -55,8 +54,8 @@ Starcraft 236 51494 6 43 TCP 192.168.1.100:3529 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] 44 TCP 192.168.1.100:3531 <-> 2.228.46.112:80 [proto: 7/HTTP][29 pkts/25102 bytes][Host: bnetcmsus-a.akamaihd.net] 45 TCP 192.168.1.100:3533 <-> 2.228.46.112:80 [proto: 7/HTTP][4 pkts/386 bytes] - 46 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 125/Skype][4 pkts/275 bytes] - 47 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 125/Skype][4 pkts/275 bytes] + 46 TCP 192.168.1.100:3492 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] + 47 TCP 192.168.1.100:3490 <-> 2.228.46.104:443 [proto: 91/SSL][4 pkts/275 bytes] 48 TCP 192.168.1.100:3482 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 49 TCP 192.168.1.100:3480 <-> 2.228.46.114:443 [proto: 91/SSL][4 pkts/275 bytes] 50 TCP 12.129.222.54:80 <-> 192.168.1.100:3512 [proto: 7.76/HTTP.WorldOfWarcraft][9 pkts/880 bytes][Host: us.scan.worldofwarcraft.com] |