diff options
| -rw-r--r-- | example/ndpiReader.c | 10 | ||||
| -rw-r--r-- | example/ndpi_util.c | 16 | ||||
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 21 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 13 | ||||
| -rw-r--r-- | src/lib/Makefile.am | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 75 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 55 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 98 | ||||
| -rw-r--r-- | src/lib/protocols/mms.c | 95 | ||||
| -rw-r--r-- | src/lib/protocols/non_tcp_udp.c | 18 |
10 files changed, 163 insertions, 239 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 76fad23dd..5a8f91139 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -757,16 +757,14 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa flow->detected_protocol.master_protocol, flow->detected_protocol.app_protocol, ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol, buf, sizeof(buf))); - - if(flow->detected_protocol.category != 0) - fprintf(out, "[cat: %u]", flow->detected_protocol.category); } else fprintf(out, "[proto: %u/%s]", flow->detected_protocol.app_protocol, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); - - if(flow->detected_protocol.category != 0) - fprintf(out, "[cat: %u]", flow->detected_protocol.category); + + if(flow->detected_protocol.category != 0) + fprintf(out, "[cat: %s]", ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.category)); fprintf(out, "[%u pkts/%llu bytes ", flow->src2dst_packets, (long long unsigned int) flow->src2dst_bytes); fprintf(out, "%s %u pkts/%llu bytes]", diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 9695558ae..52cbc6f9b 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -114,13 +114,13 @@ static uint16_t ndpi_get_proto_id(struct ndpi_detection_module_struct *ndpi_mod, char *e; unsigned long p = strtol(name,&e,0); ndpi_proto_defaults_t *proto_defaults = ndpi_get_proto_defaults(ndpi_mod); - + if(e && !*e) { if(p < NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS && proto_defaults[p].protoName) return (uint16_t)p; return NDPI_PROTOCOL_UNKNOWN; } - + for(proto_id=NDPI_PROTOCOL_UNKNOWN; proto_id < NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS; proto_id++) { if(proto_defaults[proto_id].protoName && !strcasecmp(proto_defaults[proto_id].protoName,name)) @@ -128,6 +128,9 @@ static uint16_t ndpi_get_proto_id(struct ndpi_detection_module_struct *ndpi_mod, } return NDPI_PROTOCOL_UNKNOWN; } + +/* ***************************************************** */ + static NDPI_PROTOCOL_BITMASK debug_bitmask; static char _proto_delim[] = " \t,:;"; static int parse_debug_proto(struct ndpi_detection_module_struct *ndpi_mod, char *str) { @@ -184,7 +187,7 @@ struct ndpi_workflow* ndpi_workflow_init(const struct ndpi_workflow_prefs * pref NDPI_LOG(0, NULL, NDPI_LOG_ERROR, "global structure initialization failed\n"); exit(-1); } - + ndpi_set_log_level(module, nDPI_LogLevel); if(_debug_protocols != NULL && ! _debug_protocols_ok) { @@ -377,8 +380,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow /* to avoid two nodes in one binary tree for a flow */ int is_changed = 0; - if(ret == NULL) - { + if(ret == NULL) { u_int32_t orig_src_ip = flow.src_ip; u_int16_t orig_src_port = flow.src_port; u_int32_t orig_dst_ip = flow.dst_ip; @@ -522,7 +524,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) { if(!flow->ndpi_flow) return; - + snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name); @@ -533,7 +535,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->protos.bittorrent.hash[i]); - + j += 2, n += flow->ndpi_flow->protos.bittorrent.hash[i]; } diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index c626d3d9f..5a59ddc7c 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -76,14 +76,17 @@ #define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow <tomasz@skatnet.dk> */ #define NDPI_PROTOCOL_BITTORRENT 37 #define NDPI_PROTOCOL_SKYPE_CALL_OUT 38 -#define NDPI_CONTENT_AVI 39 -#define NDPI_CONTENT_FLASH 40 -#define NDPI_CONTENT_OGG 41 -#define NDPI_CONTENT_MPEG 42 -#define NDPI_CONTENT_QUICKTIME 43 -#define NDPI_CONTENT_REALMEDIA 44 -#define NDPI_CONTENT_WINDOWSMEDIA 45 -#define NDPI_CONTENT_MMS 46 + +/* 39..46 are free */ +#define NDPI_PROTOCOL_FREE_39 39 +#define NDPI_PROTOCOL_FREE_40 40 +#define NDPI_PROTOCOL_FREE_41 41 +#define NDPI_PROTOCOL_FREE_42 42 +#define NDPI_PROTOCOL_FREE_43 43 +#define NDPI_PROTOCOL_FREE_44 44 +#define NDPI_PROTOCOL_FREE_45 45 +#define NDPI_PROTOCOL_FREE_46 46 + #define NDPI_PROTOCOL_XBOX 47 #define NDPI_PROTOCOL_QQ 48 #define NDPI_PROTOCOL_SKYPE_CALL_IN 49 @@ -194,7 +197,7 @@ #define NDPI_PROTOCOL_LLMNR 154 #define NDPI_PROTOCOL_REMOTE_SCAN 155 #define NDPI_PROTOCOL_SPOTIFY 156 -#define NDPI_CONTENT_WEBM 157 +#define NDPI_PROTOCOL_MESSENGER 157 #define NDPI_PROTOCOL_H323 158 /* Remy Mudingay <mudingay@ill.fr> */ #define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay <mudingay@ill.fr> */ #define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay <mudingay@ill.fr> */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 9ec6b7158..cfef9db4f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -781,6 +781,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_STREAMING, /* Streaming protocols */ NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, /* System/Operating System level applications */ NDPI_PROTOCOL_CATEGORY_SW_UPDATE, /* Software update */ + /* See #define NUM_CUSTOM_CATEGORIES */ NDPI_PROTOCOL_CATEGORY_CUSTOM_1, /* User custom category 1 */ NDPI_PROTOCOL_CATEGORY_CUSTOM_2, /* User custom category 2 */ @@ -788,6 +789,16 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_CUSTOM_4, /* User custom category 4 */ NDPI_PROTOCOL_CATEGORY_CUSTOM_5, /* User custom category 5 */ + /* Payload Content */ + NDPI_CONTENT_CATEGORY_AVI, + NDPI_CONTENT_CATEGORY_FLASH, + NDPI_CONTENT_CATEGORY_OGG, + NDPI_CONTENT_CATEGORY_MPEG, + NDPI_CONTENT_CATEGORY_QUICKTIME, + NDPI_CONTENT_CATEGORY_REALMEDIA, + NDPI_CONTENT_CATEGORY_WINDOWSMEDIA, + NDPI_CONTENT_CATEGORY_WEBM, + NDPI_PROTOCOL_NUM_CATEGORIES /* NOTE: Keep this as last member Unused as value but useful to getting the number of elements @@ -978,7 +989,7 @@ struct ndpi_flow_struct { u_int16_t protocol_stack_info; /* init parameter, internal used to set up timestamp,... */ - u_int16_t guessed_protocol_id, guessed_host_protocol_id; + u_int16_t guessed_protocol_id, guessed_host_protocol_id, guessed_category; u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1, check_extra_packets:1; diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 633c110d8..10a54c719 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -85,7 +85,6 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/mdns.c \ protocols/megaco.c \ protocols/mgcp.c \ - protocols/mms.c \ protocols/mpegts.c \ protocols/mqtt.c \ protocols/msn.c \ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 93ba2ca8c..a60543c98 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8035,8 +8035,8 @@ ndpi_protocol_match host_match[] = { { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "drive-thirdparty.googleusercontent.com", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "drive.google.com", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive-thirdparty.googleusercontent.com", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive.google.com", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "android.clients.google.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "ggpht.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, @@ -8070,6 +8070,7 @@ ndpi_protocol_match host_match[] = { { ".2mdn.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, { ".dmtry.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, { "google-analytics.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "gtv1.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Google Services */ { "googleapis.com", NULL, NULL, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8157,6 +8158,7 @@ ndpi_protocol_match host_match[] = { { ".spotify.", NULL, NULL, "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "audio-fa.scdn.co", NULL, NULL, "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "edge-mqtt.facebook.com", NULL, NULL, "Messenger", NDPI_PROTOCOL_MESSENGER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".pandora.com", NULL, NULL, "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, @@ -8336,44 +8338,43 @@ ndpi_protocol_match host_match[] = { Mime-type content match match */ ndpi_protocol_match content_match[] = { - { "audio/mpeg", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-mpeg", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/mpeg3", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/mp4a", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/mpeg", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/nsv", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "misc/ultravox", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/ogg", NULL, NULL, NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/ogg", NULL, NULL, NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/ogg", NULL, NULL, NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".adobe.", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/flv", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-flv", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-fcs", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-shockwave-flash",NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "video/flash", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/flv", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "flv-application/octet-stream", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/futuresplash", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/quicktime", NULL, NULL, NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/mp4", NULL, NULL, NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-m4v", NULL, NULL, NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-pn-realaudio", NULL, NULL, NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.rn-realmedia", NULL, NULL, NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-ms-", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "asf", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "asx", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-msvideo", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-wav", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.ms.wms-hdr.asfv1", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "NSPlayer/", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-mms-framed", NULL, NULL, NULL, NDPI_CONTENT_MMS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/mpeg", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-mpeg", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/mpeg3", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/mp4a", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/mpeg", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/nsv", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "misc/ultravox", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/ogg", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/ogg", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/ogg", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".adobe.", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/flv", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-flv", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-fcs", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-shockwave-flash",NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "video/flash", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/flv", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "flv-application/octet-stream", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/futuresplash", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/quicktime", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/mp4", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-m4v", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-pn-realaudio", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.rn-realmedia", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-ms-", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "asf", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "asx", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-msvideo", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-wav", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.ms.wms-hdr.asfv1", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "NSPlayer/", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "Xbox Live Client/", NULL, NULL, NULL, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "Windows-Update-Agent", NULL, NULL, NULL, NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "audio/webm", NULL, NULL, NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/webm", NULL, NULL, NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/webm", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/webm", NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/x-rtsp-tunnelled", NULL, NULL, NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.apple.mpegurl",NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.apple.mpegurl",NULL, NULL, NULL, NDPI_CONTENT_CATEGORY_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/x-tar", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, { "application/octet-stream", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, { "application/mac-binary", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8f4cc8660..44c373944 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1137,46 +1137,50 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 3544, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_AVI, + + + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_39, no_master, - no_master, "AVI", NDPI_PROTOCOL_CATEGORY_MEDIA, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_FLASH, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_40, no_master, - no_master, "Flash", NDPI_PROTOCOL_CATEGORY_MEDIA, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_OGG, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_41, no_master, - no_master, "OggVorbis", NDPI_PROTOCOL_CATEGORY_MEDIA, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_MPEG, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_42, no_master, - no_master, "MPEG", NDPI_PROTOCOL_CATEGORY_MEDIA, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_QUICKTIME, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_43, no_master, - no_master, "QuickTime", NDPI_PROTOCOL_CATEGORY_MEDIA, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_REALMEDIA, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_44, no_master, - no_master, "RealMedia", NDPI_PROTOCOL_CATEGORY_MEDIA, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_WINDOWSMEDIA, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_45, no_master, - no_master, "WindowsMedia", NDPI_PROTOCOL_CATEGORY_MEDIA, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_MMS, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_46, no_master, - no_master, "MMS", NDPI_PROTOCOL_CATEGORY_MEDIA, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_XBOX, no_master, no_master, "Xbox", NDPI_PROTOCOL_CATEGORY_GAME, @@ -1659,11 +1663,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 6077, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6078, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_WEBM, - no_master, - no_master, "WebM", NDPI_PROTOCOL_CATEGORY_MEDIA, /* Courtesy of Shreeram Ramamoorthy Swaminathan <shreeram <shreeram1985@yahoo.co.in> */ - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_H323, no_master, no_master,"H323", NDPI_PROTOCOL_CATEGORY_VOIP, @@ -2759,9 +2759,6 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* VMWARE */ init_vmware_dissector(ndpi_struct, &a, detection_bitmask); - /* MMS */ - init_mms_dissector(ndpi_struct, &a, detection_bitmask); - /* NON_TCP_UDP */ init_non_tcp_udp_dissector(ndpi_struct, &a, detection_bitmask); @@ -5301,7 +5298,15 @@ static const char* categories[] = { "", "", "", - "" + "", + "AVI", + "Flash", + "OGG", + "MPEG", + "QuickTime", + "RealMedia", + "WindowsMedia", + "Webm", }; const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod, diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index d2311b3db..ac5b9d173 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -34,7 +34,7 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - u_int32_t protocol) { + u_int16_t category) { if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { /* This is HTTP and it is not a sub protocol (e.g. skype or dropbox) */ @@ -42,18 +42,18 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd ndpi_search_tcp_or_udp(ndpi_struct, flow); /* If no custom protocol has been detected */ - /* if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ - if(protocol == NDPI_PROTOCOL_HTTP) { + + if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) { ndpi_int_reset_protocol(flow); - ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, protocol); + ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, NDPI_PROTOCOL_HTTP); } else - ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_HTTP); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_UNKNOWN); - flow->http_detected = 1; + flow->http_detected = 1, flow->guessed_category = category; } } -#ifdef NDPI_CONTENT_FLASH +#ifdef NDPI_CONTENT_CATEGORY_FLASH static void flash_check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -69,12 +69,12 @@ static void flash_check_http_payload(struct ndpi_detection_module_struct && pos[5] == 0x00 && pos[6] == 0x00 && pos[7] == 0x00 && pos[8] == 0x09) { NDPI_LOG_INFO(ndpi_struct, "found Flash content in HTTP\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_FLASH); + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_CATEGORY_FLASH); } } #endif -#ifdef NDPI_CONTENT_AVI +#ifdef NDPI_CONTENT_CATEGORY_AVI static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -96,7 +96,7 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str if(packet->payload_packet_len > 20 && memcmp(packet->payload, "RIFF", 4) == 0 && memcmp(packet->payload + 8, "AVI LIST", 8) == 0) { NDPI_LOG_INFO(ndpi_struct, "found Avi content in HTTP\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_AVI); + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_CATEGORY_AVI); } flow->l4.tcp.http_empty_line_seen = 0; return; @@ -115,7 +115,7 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str if((p + 16) <= packet->payload_packet_len && memcmp(&packet->payload[p], "RIFF", 4) == 0 && memcmp(&packet->payload[p + 8], "AVI LIST", 8) == 0) { NDPI_LOG_INFO(ndpi_struct, "found Avi content in HTTP\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_AVI); + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_CATEGORY_AVI); } } } @@ -436,15 +436,15 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } /* search for line startin with "Icy-MetaData" */ -#ifdef NDPI_CONTENT_MPEG +#ifdef NDPI_CONTENT_CATEGORY_MPEG for (a = 0; a < packet->parsed_lines; a++) { if(packet->line[a].len > 11 && memcmp(packet->line[a].ptr, "Icy-MetaData", 12) == 0) { NDPI_LOG_INFO(ndpi_struct, "found MPEG: Icy-MetaData\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_MPEG); + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_CATEGORY_MPEG); return; } } -#ifdef NDPI_CONTENT_AVI +#ifdef NDPI_CONTENT_CATEGORY_AVI #endif #endif @@ -463,12 +463,12 @@ static void check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, { NDPI_LOG_DBG2(ndpi_struct, "called check_http_payload\n"); -#ifdef NDPI_CONTENT_FLASH - if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_CONTENT_FLASH) != 0) +#ifdef NDPI_CONTENT_CATEGORY_FLASH + if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_CONTENT_CATEGORY_FLASH) != 0) flash_check_http_payload(ndpi_struct, flow); #endif -#ifdef NDPI_CONTENT_AVI - if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_CONTENT_AVI) != 0) +#ifdef NDPI_CONTENT_CATEGORY_AVI + if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_CONTENT_CATEGORY_AVI) != 0) avi_check_http_payload(ndpi_struct, flow); #endif #ifdef NDPI_PROTOCOL_TEAMVIEWER @@ -532,23 +532,23 @@ static u_int16_t http_request_url_offset(struct ndpi_detection_module_struct *nd static void http_bitmask_exclude_other(struct ndpi_flow_struct *flow) { -#ifdef NDPI_CONTENT_MPEG - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_MPEG); +#ifdef NDPI_CONTENT_CATEGORY_MPEG + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_CATEGORY_MPEG); #endif -#ifdef NDPI_CONTENT_QUICKTIME - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_QUICKTIME); +#ifdef NDPI_CONTENT_CATEGORY_QUICKTIME + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_CATEGORY_QUICKTIME); #endif -#ifdef NDPI_CONTENT_WINDOWSMEDIA - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_WINDOWSMEDIA); +#ifdef NDPI_CONTENT_CATEGORY_WINDOWSMEDIA + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_CATEGORY_WINDOWSMEDIA); #endif -#ifdef NDPI_CONTENT_REALMEDIA - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_REALMEDIA); +#ifdef NDPI_CONTENT_CATEGORY_REALMEDIA + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_CATEGORY_REALMEDIA); #endif -#ifdef NDPI_CONTENT_AVI - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_AVI); +#ifdef NDPI_CONTENT_CATEGORY_AVI + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_CATEGORY_AVI); #endif -#ifdef NDPI_CONTENT_OGG - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_OGG); +#ifdef NDPI_CONTENT_CATEGORY_OGG + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_CATEGORY_OGG); #endif #ifdef NDPI_PROTOCOL_XBOX NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_XBOX); @@ -952,9 +952,9 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ADD_TO_DETECTION_BITMASK); *id += 1; -#ifdef NDPI_CONTENT_MPEG +#ifdef NDPI_CONTENT_CATEGORY_MPEG ndpi_set_bitmask_protocol_detection("MPEG", ndpi_struct, detection_bitmask, *id, - NDPI_CONTENT_MPEG, + NDPI_CONTENT_CATEGORY_MPEG, ndpi_search_http_tcp, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, @@ -962,45 +962,45 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; #endif -#ifdef NDPI_CONTENT_FLASH +#ifdef NDPI_CONTENT_CATEGORY_FLASH ndpi_set_bitmask_protocol_detection("Flash", ndpi_struct, detection_bitmask, *id, - NDPI_CONTENT_FLASH, + NDPI_CONTENT_CATEGORY_FLASH, ndpi_search_http_tcp, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_QUICKTIME +#ifdef NDPI_CONTENT_CATEGORY_QUICKTIME ndpi_set_bitmask_protocol_detection("QuickTime", ndpi_struct, detection_bitmask, *id, - NDPI_CONTENT_QUICKTIME, + NDPI_CONTENT_CATEGORY_QUICKTIME, ndpi_search_http_tcp, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_REALMEDIA +#ifdef NDPI_CONTENT_CATEGORY_REALMEDIA ndpi_set_bitmask_protocol_detection("RealMedia", ndpi_struct, detection_bitmask, *id, - NDPI_CONTENT_REALMEDIA, + NDPI_CONTENT_CATEGORY_REALMEDIA, ndpi_search_http_tcp, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_WINDOWSMEDIA +#ifdef NDPI_CONTENT_CATEGORY_WINDOWSMEDIA ndpi_set_bitmask_protocol_detection("WindowsMedia", ndpi_struct, detection_bitmask, *id, - NDPI_CONTENT_WINDOWSMEDIA, + NDPI_CONTENT_CATEGORY_WINDOWSMEDIA, ndpi_search_http_tcp, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_MMS +#ifdef NDPI_CONTENT_CATEGORY_MMS ndpi_set_bitmask_protocol_detection("MMS", ndpi_struct, detection_bitmask, *id, - NDPI_CONTENT_MMS, + NDPI_CONTENT_CATEGORY_MMS, ndpi_search_http_tcp, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, @@ -1025,18 +1025,18 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_AVI +#ifdef NDPI_CONTENT_CATEGORY_AVI ndpi_set_bitmask_protocol_detection("AVI", ndpi_struct, detection_bitmask, *id, - NDPI_CONTENT_AVI, + NDPI_CONTENT_CATEGORY_AVI, ndpi_search_http_tcp, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_OGG +#ifdef NDPI_CONTENT_CATEGORY_OGG ndpi_set_bitmask_protocol_detection("OggVorbis", ndpi_struct, detection_bitmask, *id, - NDPI_CONTENT_OGG, + NDPI_CONTENT_CATEGORY_OGG, ndpi_search_http_tcp, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, @@ -1053,11 +1053,11 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_QQ); -#ifdef NDPI_CONTENT_FLASH - NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_CONTENT_FLASH); +#ifdef NDPI_CONTENT_CATEGORY_FLASH + NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_CONTENT_CATEGORY_FLASH); #endif - NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_CONTENT_MMS); + NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_CONTENT_CATEGORY_MMS); NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_XBOX); diff --git a/src/lib/protocols/mms.c b/src/lib/protocols/mms.c deleted file mode 100644 index 42391b5fc..000000000 --- a/src/lib/protocols/mms.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * mms.c - * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see <http://www.gnu.org/licenses/>. - * - */ - - -#include "ndpi_protocol_ids.h" - -#ifdef NDPI_CONTENT_MMS - -#define NDPI_CURRENT_PROTO NDPI_CONTENT_MMS - -#include "ndpi_api.h" - - -static void ndpi_int_mms_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_CONTENT_MMS, NDPI_PROTOCOL_UNKNOWN); -} - - -void ndpi_search_mms_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - NDPI_LOG_DBG(ndpi_struct, "search MMS\n"); - - /* search MSMMS packets */ - if (packet->payload_packet_len >= 20) { - if (flow->l4.tcp.mms_stage == 0 && packet->payload[4] == 0xce - && packet->payload[5] == 0xfa && packet->payload[6] == 0x0b - && packet->payload[7] == 0xb0 && packet->payload[12] == 0x4d - && packet->payload[13] == 0x4d && packet->payload[14] == 0x53 && packet->payload[15] == 0x20) { - NDPI_LOG_INFO(ndpi_struct, "found MMS: MSMMS Request \n"); - flow->l4.tcp.mms_stage = 1 + packet->packet_direction; - return; - } - - if (flow->l4.tcp.mms_stage == 2 - packet->packet_direction - && packet->payload[4] == 0xce && packet->payload[5] == 0xfa - && packet->payload[6] == 0x0b && packet->payload[7] == 0xb0 - && packet->payload[12] == 0x4d && packet->payload[13] == 0x4d - && packet->payload[14] == 0x53 && packet->payload[15] == 0x20) { - NDPI_LOG_INFO(ndpi_struct, "found MMS: MSMMS Response \n"); - ndpi_int_mms_add_connection(ndpi_struct, flow); - return; - } - } -#ifdef NDPI_PROTOCOL_HTTP - if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP) != 0) { -#endif /* NDPI_PROTOCOL_HTTP */ - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - -#ifdef NDPI_PROTOCOL_HTTP - } else { - NDPI_LOG_DBG(ndpi_struct, "MMS avoid early exclude from http\n"); - } -#endif /* NDPI_PROTOCOL_HTTP */ - -} - - -void init_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - ndpi_set_bitmask_protocol_detection("MMS", ndpi_struct, detection_bitmask, *id, - NDPI_CONTENT_MMS, - ndpi_search_mms_tcp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, - NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); - - *id += 1; -} - -#endif diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c index a2e0d81f5..668a158d7 100644 --- a/src/lib/protocols/non_tcp_udp.c +++ b/src/lib/protocols/non_tcp_udp.c @@ -113,7 +113,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct /* always add non tcp/udp if one protocol is compiled in */ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[*id].detection_bitmask, NDPI_PROTOCOL_UNKNOWN); -#ifdef NDPI_CONTENT_IP_IPSEC +#ifdef NDPI_PROTOCOL_IP_IPSEC ndpi_set_bitmask_protocol_detection("IP_IPSEC", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_IPSEC, ndpi_search_in_non_tcp_udp, @@ -122,7 +122,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_IP_GRE +#ifdef NDPI_PROTOCOL_IP_GRE ndpi_set_bitmask_protocol_detection("IP_GRE", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_GRE, ndpi_search_in_non_tcp_udp, @@ -131,7 +131,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_IP_ICMP +#ifdef NDPI_PROTOCOL_IP_ICMP ndpi_set_bitmask_protocol_detection("IP_ICMP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_ICMP, ndpi_search_in_non_tcp_udp, @@ -140,7 +140,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_IP_IGMP +#ifdef NDPI_PROTOCOL_IP_IGMP ndpi_set_bitmask_protocol_detection("IP_IGMP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_IGMP, ndpi_search_in_non_tcp_udp, @@ -149,7 +149,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_IP_EGP +#ifdef NDPI_PROTOCOL_IP_EGP ndpi_set_bitmask_protocol_detection("IP_EGP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_EGP, ndpi_search_in_non_tcp_udp, @@ -158,7 +158,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_IP_SCTP +#ifdef NDPI_PROTOCOL_IP_SCTP ndpi_set_bitmask_protocol_detection("IP_SCTP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_SCTP, ndpi_search_in_non_tcp_udp, @@ -167,7 +167,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_IP_OSPF +#ifdef NDPI_PROTOCOL_IP_OSPF ndpi_set_bitmask_protocol_detection("IP_OSPF", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_OSPF, ndpi_search_in_non_tcp_udp, @@ -176,7 +176,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_IP_IP_IN_IP +#ifdef NDPI_PROTOCOL_IP_IP_IN_IP ndpi_set_bitmask_protocol_detection("IP_IP_IN_IP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_IP_IN_IP, ndpi_search_in_non_tcp_udp, @@ -185,7 +185,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_CONTENT_IP_ICMPV6 +#ifdef NDPI_PROTOCOL_IP_ICMPV6 ndpi_set_bitmask_protocol_detection("IP_ICMPV6", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_ICMPV6, ndpi_search_in_non_tcp_udp, |