diff options
| -rw-r--r-- | example/ndpiReader.c | 41 | ||||
| -rw-r--r-- | example/reader_util.c | 2 | ||||
| -rw-r--r-- | src/include/ndpi_protocol_ids.h | 5 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 9 | ||||
| -rw-r--r-- | src/lib/protocols/directdownloadlink.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/fasttrack.c | 77 | ||||
| -rw-r--r-- | src/lib/protocols/icecast.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/mail_smtp.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/oscar.c | 7 | ||||
| -rw-r--r-- | src/lib/protocols/radius.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/sflow.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/soulseek.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 24 | ||||
| -rw-r--r-- | src/lib/protocols/zattoo.c | 3 |
14 files changed, 101 insertions, 81 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 0193f5ce3..cb40166c8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1512,20 +1512,20 @@ static int receivers_sort_asc(void *_a, void *_b) { /*@brief removes first (size - max) elements from hash table. * hash table is ordered in ascending order. */ -static struct receiver *cutBackTo(struct receiver **receivers, u_int32_t size, u_int32_t max) { +static struct receiver *cutBackTo(struct receiver **rcvrs, u_int32_t size, u_int32_t max) { struct receiver *r, *tmp; int i=0; int count; if(size < max) //return the original table - return *receivers; + return *rcvrs; count = size - max; - HASH_ITER(hh, *receivers, r, tmp) { + HASH_ITER(hh, *rcvrs, r, tmp) { if(i++ == count) return r; - HASH_DEL(*receivers, r); + HASH_DEL(*rcvrs, r); free(r); } @@ -1563,11 +1563,11 @@ static void mergeTables(struct receiver **primary, struct receiver **secondary) } /* *********************************************** */ -static void deleteReceivers(struct receiver *receivers) { +static void deleteReceivers(struct receiver *rcvrs) { struct receiver *current, *tmp; - HASH_ITER(hh, receivers, current, tmp) { - HASH_DEL(receivers, current); + HASH_ITER(hh, rcvrs, current, tmp) { + HASH_DEL(rcvrs, current); free(current); } } @@ -1587,16 +1587,16 @@ static void deleteReceivers(struct receiver *receivers) { * else * update table1 */ -static void updateReceivers(struct receiver **receivers, u_int32_t dst_addr, +static void updateReceivers(struct receiver **rcvrs, u_int32_t dst_addr, u_int8_t version, u_int32_t num_pkts, - struct receiver **topReceivers) { + struct receiver **topRcvrs) { struct receiver *r; u_int32_t size; int a; - HASH_FIND_INT(*receivers, (int *)&dst_addr, r); + HASH_FIND_INT(*rcvrs, (int *)&dst_addr, r); if(r == NULL) { - if(((size = HASH_COUNT(*receivers)) < MAX_TABLE_SIZE_1) + if(((size = HASH_COUNT(*rcvrs)) < MAX_TABLE_SIZE_1) || ((a = acceptable(num_pkts)) != 0)){ r = (struct receiver *)malloc(sizeof(struct receiver)); if(!r) return; @@ -1605,20 +1605,20 @@ static void updateReceivers(struct receiver **receivers, u_int32_t dst_addr, r->version = version; r->num_pkts = num_pkts; - HASH_ADD_INT(*receivers, addr, r); + HASH_ADD_INT(*rcvrs, addr, r); - if((size = HASH_COUNT(*receivers)) > MAX_TABLE_SIZE_2){ + if((size = HASH_COUNT(*rcvrs)) > MAX_TABLE_SIZE_2){ - HASH_SORT(*receivers, receivers_sort_asc); - *receivers = cutBackTo(receivers, size, MAX_TABLE_SIZE_1); - mergeTables(receivers, topReceivers); + HASH_SORT(*rcvrs, receivers_sort_asc); + *rcvrs = cutBackTo(rcvrs, size, MAX_TABLE_SIZE_1); + mergeTables(rcvrs, topRcvrs); - if((size = HASH_COUNT(*topReceivers)) > MAX_TABLE_SIZE_1){ - HASH_SORT(*topReceivers, receivers_sort_asc); - *topReceivers = cutBackTo(topReceivers, size, MAX_TABLE_SIZE_1); + if((size = HASH_COUNT(*topRcvrs)) > MAX_TABLE_SIZE_1){ + HASH_SORT(*topRcvrs, receivers_sort_asc); + *topRcvrs = cutBackTo(topRcvrs, size, MAX_TABLE_SIZE_1); } - *receivers = NULL; + *rcvrs = NULL; } } } @@ -2921,7 +2921,6 @@ pcap_loop: * @brief Begin, process, end detection process */ void test_lib() { - struct timeval end; u_int64_t processing_time_usec, setup_time_usec; long thread_id; diff --git a/example/reader_util.c b/example/reader_util.c index b90cf8256..9f011c4cc 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1506,7 +1506,7 @@ ether_type_check: vlan_packet = 1; // double tagging for 802.1Q - while((type == 0x8100) && (ip_offset < header->caplen)) { + while((type == 0x8100) && (ip_offset < (u_int16_t)header->caplen)) { vlan_id = ((packet[ip_offset] << 8) + packet[ip_offset+1]) & 0xFFF; type = (packet[ip_offset+2] << 8) + packet[ip_offset+3]; ip_offset += 4; diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index a9c14dc85..b0518649c 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -22,7 +22,7 @@ */ -#ifndef __NDPI_API_H__ +#ifndef __NDPI_PROTOCOL_IDS_H__ #endif @@ -301,4 +301,5 @@ typedef enum { #define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN #define NDPI_MAX_SUPPORTED_PROTOCOLS NDPI_LAST_IMPLEMENTED_PROTOCOL #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) -#endif + +#endif /* __NDPI_PROTOCOL_IDS_H__ */ diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 9b0339c3c..3637561d0 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1063,9 +1063,12 @@ int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct, ndpi_serialize_string_string(serializer, "cipher", ndpi_cipher2str(flow->protos.stun_ssl.ssl.server_cipher)); if(flow->l4.tcp.tls_sha1_certificate_fingerprint[0] != '\0') { - for(i=0, off=0; i<20; i++) - off += snprintf(&buf[off], sizeof(buf)-off,"%s%02X", (i > 0) ? ":" : "", - flow->l4.tcp.tls_sha1_certificate_fingerprint[i] & 0xFF); + for(i=0, off=0; i<20; i++) { + int rc = snprintf(&buf[off], sizeof(buf)-off,"%s%02X", (i > 0) ? ":" : "", + flow->l4.tcp.tls_sha1_certificate_fingerprint[i] & 0xFF); + + if(rc <= 0) break; else off += rc; + } ndpi_serialize_string_string(serializer, "fingerprint", buf); } diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index dae952a7a..95d795885 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -56,7 +56,7 @@ u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, st { struct ndpi_packet_struct *packet = &flow->packet; u_int16_t filename_start = 0; - u_int8_t i = 1; + u_int16_t i = 1; u_int16_t host_line_len_without_port; if (packet->payload_packet_len < 100) { diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c index 49a4abdce..8fb20924f 100644 --- a/src/lib/protocols/fasttrack.c +++ b/src/lib/protocols/fasttrack.c @@ -37,47 +37,48 @@ static void ndpi_int_fasttrack_add_connection(struct ndpi_detection_module_struc void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG_DBG(ndpi_struct, "search FASTTRACK\n"); - - if ( (packet->payload != NULL) - && (packet->payload_packet_len > 6) - && (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a)) { - NDPI_LOG_DBG2(ndpi_struct, "detected 0d0a at the end of the packet\n"); - - if (memcmp(packet->payload, "GIVE ", 5) == 0 && packet->payload_packet_len >= 8) { - u_int16_t i; - for (i = 5; i < (packet->payload_packet_len - 2); i++) { - // make shure that the argument to GIVE is numeric - if (!(packet->payload[i] >= '0' && packet->payload[i] <= '9')) { - goto exclude_fasttrack; - } - } - - NDPI_LOG_INFO(ndpi_struct, "found FASTTRACK\n"); - ndpi_int_fasttrack_add_connection(ndpi_struct, flow); - return; - } - - if (packet->payload_packet_len > 50 && memcmp(packet->payload, "GET /", 5) == 0) { - u_int8_t a = 0; - NDPI_LOG_DBG2(ndpi_struct, "detected GET /. \n"); - ndpi_parse_packet_line_info(ndpi_struct, flow); - for (a = 0; a < packet->parsed_lines; a++) { - if ((packet->line[a].len > 17 && memcmp(packet->line[a].ptr, "X-Kazaa-Username: ", 18) == 0) - || (packet->line[a].len > 23 && memcmp(packet->line[a].ptr, "User-Agent: PeerEnabler/", 24) == 0)) { - NDPI_LOG_INFO(ndpi_struct, - "found FASTTRACK X-Kazaa-Username: || User-Agent: PeerEnabler/\n"); - ndpi_int_fasttrack_add_connection(ndpi_struct, flow); - return; - } - } - } + NDPI_LOG_DBG(ndpi_struct, "search FASTTRACK\n"); + + if ( (packet->payload != NULL) + && (packet->payload_packet_len > 6) + && (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a)) { + NDPI_LOG_DBG2(ndpi_struct, "detected 0d0a at the end of the packet\n"); + + if (memcmp(packet->payload, "GIVE ", 5) == 0 && packet->payload_packet_len >= 8) { + u_int16_t i; + for (i = 5; i < (packet->payload_packet_len - 2); i++) { + // make shure that the argument to GIVE is numeric + if (!(packet->payload[i] >= '0' && packet->payload[i] <= '9')) { + goto exclude_fasttrack; + } + } + + NDPI_LOG_INFO(ndpi_struct, "found FASTTRACK\n"); + ndpi_int_fasttrack_add_connection(ndpi_struct, flow); + return; + } + + if (packet->payload_packet_len > 50 && memcmp(packet->payload, "GET /", 5) == 0) { + u_int16_t a = 0; + NDPI_LOG_DBG2(ndpi_struct, "detected GET /. \n"); + + ndpi_parse_packet_line_info(ndpi_struct, flow); + for (a = 0; a < packet->parsed_lines; a++) { + if ((packet->line[a].len > 17 && memcmp(packet->line[a].ptr, "X-Kazaa-Username: ", 18) == 0) + || (packet->line[a].len > 23 && memcmp(packet->line[a].ptr, "User-Agent: PeerEnabler/", 24) == 0)) { + NDPI_LOG_INFO(ndpi_struct, + "found FASTTRACK X-Kazaa-Username: || User-Agent: PeerEnabler/\n"); + ndpi_int_fasttrack_add_connection(ndpi_struct, flow); + return; } + } + } + } - exclude_fasttrack: - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + exclude_fasttrack: + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/icecast.c b/src/lib/protocols/icecast.c index 249996281..3055b79f1 100644 --- a/src/lib/protocols/icecast.c +++ b/src/lib/protocols/icecast.c @@ -36,7 +36,7 @@ static void ndpi_int_icecast_add_connection(struct ndpi_detection_module_struct void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - u_int8_t i; + u_int16_t i; NDPI_LOG_DBG(ndpi_struct, "search icecast\n"); diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 86ff79486..353d2997d 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -73,7 +73,7 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, && (packet->parsed_lines < NDPI_MAX_PARSE_LINES_PER_PACKET) && (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) ) { - u_int8_t a; + u_int16_t a; u_int8_t bit_count = 0; NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet); diff --git a/src/lib/protocols/oscar.c b/src/lib/protocols/oscar.c index 535e513a9..ec256b81b 100644 --- a/src/lib/protocols/oscar.c +++ b/src/lib/protocols/oscar.c @@ -580,7 +580,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct { /* request ID */ req_ID = get_u_int32_t(packet->payload, 12); - if((req_ID <= ((u_int32_t)-1))) + /* if((req_ID <= ((u_int32_t)-1))) */ { NDPI_LOG_INFO(ndpi_struct, "found OSCAR\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); @@ -740,10 +740,13 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct || memcmp(packet->payload, "\x00\x0d\x00\x87\x01\xc1", 6) == 0)))) { flow->oscar_video_voice = 1; } + +#if 0 if (flow->oscar_video_voice && ntohs(get_u_int16_t(packet->payload, 0)) == packet->payload_packet_len && packet->payload[2] == 0x00 && packet->payload[3] == 0x00) { } - +#endif + if (packet->payload_packet_len >= 70 && ntohs(get_u_int16_t(packet->payload, 4)) == packet->payload_packet_len) { if (memcmp(packet->payload, "OFT", 3) == 0 && ((packet->payload[3] == '3' && ((memcmp(&packet->payload[4], "\x01\x00\x01\x01", 4) == 0) diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c index b64767700..83315d71d 100644 --- a/src/lib/protocols/radius.c +++ b/src/lib/protocols/radius.c @@ -43,8 +43,7 @@ static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct, if((payload_len < 20) || (payload_len > 4096)) return; - if((payload_len > sizeof(struct radius_header)) - && (h->code > 0) + if((h->code > 0) && (h->code <= 13) && (ntohs(h->len) == payload_len)) { NDPI_LOG_INFO(ndpi_struct, "Found radius\n"); @@ -52,6 +51,7 @@ static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct, return; } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/sflow.c b/src/lib/protocols/sflow.c index 6330e178c..9e87cfe3f 100644 --- a/src/lib/protocols/sflow.c +++ b/src/lib/protocols/sflow.c @@ -42,7 +42,7 @@ void ndpi_search_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct return; } -// FIXME NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index be4d2e0e9..8e7341713 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -259,7 +259,9 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, SOULSEEK_DETECT; return; } + if(flow->l4.tcp.soulseek_stage && flow->packet_counter < 11) { + ; } else { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index ed92814d9..fb9ad4c45 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -352,16 +352,22 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, ja3_str_len = snprintf(ja3_str, sizeof(ja3_str), "%u,", ja3.tls_handshake_version); - for(i=0; i<ja3.num_cipher; i++) - ja3_str_len += snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]); + for(i=0; i<ja3.num_cipher; i++) { + int rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.cipher[i]); + if(rc <= 0) break; else ja3_str_len += rc; + } + ja3_str_len += snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, ","); /* ********** */ - for(i=0; i<ja3.num_tls_extension; i++) - ja3_str_len += snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]); + for(i=0; i<ja3.num_tls_extension; i++) { + int rc = snprintf(&ja3_str[ja3_str_len], sizeof(ja3_str)-ja3_str_len, "%s%u", (i > 0) ? "-" : "", ja3.tls_extension[i]); + if(rc <= 0) break; else ja3_str_len += rc; + } + #ifdef DEBUG_TLS printf("TLS [server] %s\n", ja3_str); #endif @@ -374,10 +380,12 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, ndpi_MD5Update(&ctx, (const unsigned char *)ja3_str, strlen(ja3_str)); ndpi_MD5Final(md5_hash, &ctx); - for(i=0, j=0; i<16; i++) - j += snprintf(&flow->protos.stun_ssl.ssl.ja3_server[j], - sizeof(flow->protos.stun_ssl.ssl.ja3_server)-j, "%02x", md5_hash[i]); - + for(i=0, j=0; i<16; i++) { + int rc = snprintf(&flow->protos.stun_ssl.ssl.ja3_server[j], + sizeof(flow->protos.stun_ssl.ssl.ja3_server)-j, "%02x", md5_hash[i]); + if(rc <= 0) break; else j += rc; + } + #ifdef DEBUG_TLS printf("[JA3] Server: %s \n", flow->protos.stun_ssl.ssl.ja3_server); #endif diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 4f2d115ce..1c40fdb8f 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -164,12 +164,15 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct NDPI_LOG_DBG2(ndpi_struct, "need next packet, seen pattern 0x0000\n"); return; } +#if 0 if(packet->payload_packet_len > 50 && packet->payload[0] == 0x03 && packet->payload[1] == 0x04 && packet->payload[2] == 0x00 && packet->payload[3] == 0x04 && packet->payload[4] == 0x0a && packet->payload[5] == 0x00) { } +#endif + NDPI_LOG_DBG2(ndpi_struct, "need next packet, seen pattern 0x030400040a00\n"); return; |