aboutsummaryrefslogtreecommitdiff
path: root/src/include
diff options
context:
space:
mode:
Diffstat (limited to 'src/include')
-rw-r--r--src/include/ndpi_api.h114
-rw-r--r--src/include/ndpi_define.h27
-rw-r--r--src/include/ndpi_includes.h3
-rw-r--r--src/include/ndpi_main.h131
-rw-r--r--src/include/ndpi_protocol_ids.h53
-rw-r--r--src/include/ndpi_protocols.h14
-rw-r--r--src/include/ndpi_typedefs.h28
-rw-r--r--src/include/ndpi_unix.h3
-rw-r--r--src/include/ndpi_win32.h3
9 files changed, 245 insertions, 131 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index a07c96e63..737e29cb9 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -115,22 +115,14 @@ extern "C" {
*
*/
void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_match *match);
-
/**
* Returns a new initialized detection module
*
- * @par ticks_per_second = the timestamp resolution per second (like 1000 for millisecond resolution)
- * @par __ndpi_malloc = function pointer to a nDPI memory allocator
- * @par ndpi_debug_printf = function pointer to a nDPI debug output function (use NULL in productive envionments)
* @return the initialized detection module
*
*/
- struct ndpi_detection_module_struct *ndpi_init_detection_module(u_int32_t ticks_per_second,
- void* (*__ndpi_malloc)(size_t size),
- void (*__ndpi_free)(void *ptr),
- ndpi_debug_function_ptr ndpi_debug_printf);
-
+ struct ndpi_detection_module_struct *ndpi_init_detection_module();
/**
* Frees the memory allocated in the specified flow
@@ -157,10 +149,9 @@ extern "C" {
* Destroys the detection module
*
* @par ndpi_struct = the struct to clearing for the detection module
- * @par ndpi_free = function pointer to a nDPI memory free function
*
*/
- void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct, void (*ndpi_free) (void *ptr));
+ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct);
/**
@@ -233,6 +224,52 @@ extern "C" {
struct ndpi_id_struct *src,
struct ndpi_id_struct *dst);
+
+ /**
+ * Processes one packet of L4 and returns the ID of the detected protocol.
+ * L3 and L4 packet headers are passed in the arguments while payload
+ * points to the L4 body.
+ * This function mimics ndpi_detection_process_packet behaviour.
+ *
+ * @par ndpi_struct = the detection module
+ * @par flow = pointer to the connection state machine
+ * @par iph = IP packet header for IPv4 or NULL
+ * @par iph6 = IP packet header for IPv6 or NULL
+ * @par tcp = TCP packet header for TCP or NULL
+ * @par udp = UDP packet header for UDP or NULL
+ * @par src_to_dst_direction = order of src/dst state machines in a flow.
+ * @par l4_proto = L4 protocol of the packet.
+ * @par src = pointer to the source subscriber state machine
+ * @par dst = pointer to the destination subscriber state machine
+ * @par sport = source port of L4 packet, used for protocol guessing.
+ * @par dport = destination port of L4 packet, used for protocol guessing.
+ * @par current_tick_l = the current timestamp for the packet
+ * @par payload = unsigned char pointer to the Layer 4 (TCP/UDP body)
+ * @par payload_len = the length of the payload
+ * @return the detected ID of the protocol
+ *
+ * NOTE: in a current implementation flow->src and flow->dst are swapped with
+ * the src_to_dst_direction flag while ndpi_detection_process_packet does not swap
+ * these values.
+ *
+ */
+
+ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow,
+ const struct ndpi_iphdr *iph,
+ struct ndpi_ipv6hdr *iph6,
+ struct ndpi_tcphdr *tcp,
+ struct ndpi_udphdr *udp,
+ u_int8_t src_to_dst_direction,
+ u_int8_t l4_proto,
+ struct ndpi_id_struct *src,
+ u_int16_t sport,
+ struct ndpi_id_struct *dst,
+ u_int16_t dport,
+ const u_int64_t current_tick_l,
+ u_int8_t *payload, u_int16_t payload_len);
+
+
/**
* Get the main protocol of the passed flows for the detected module
@@ -544,6 +581,61 @@ extern "C" {
struct ndpi_flow_struct *flow, char *certificate);
#endif
+ /* Wrappers functions */
+ /**
+ * Init Aho-Corasick automata
+ *
+ * @return The requested automata, or NULL if an error occurred
+ *
+ */
+ void* ndpi_init_automa();
+
+
+ /**
+ * Free Aho-Corasick automata allocated with ndpi_init_automa();
+ *
+ * @par The automata initialized with ndpi_init_automa();
+ *
+ */
+ void ndpi_free_automa(void *_automa);
+
+
+ /**
+ * Add a string to match to an automata
+ *
+ * @par The automata initialized with ndpi_init_automa();
+ * @par The (sub)string to search
+ * @return 0 in case of no error, or -1 if an error occurred.
+ *
+ */
+ int ndpi_add_string_to_automa(void *_automa, char *str);
+
+
+ /**
+ * Finalize the automa (necessary before start searching)
+ *
+ * @par The automata initialized with ndpi_init_automa();
+ *
+ */
+ void ndpi_finalize_automa(void *_automa);
+
+
+ /**
+ * Add a string to match to an automata
+ *
+ * @par The automata initialized with ndpi_init_automa();
+ * @par The (sub)string to search
+ * @return 0 in case of match, or -1 if no match, or -2 if an error occurred.
+ *
+ */
+ int ndpi_match_string(void *_automa, char *string_to_match);
+
+
+ /* Utility functions to set ndpi malloc/free/print wrappers */
+ void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size));
+ void set_ndpi_free(void (*__ndpi_free)(void *ptr));
+ void set_ndpi_debug_function(ndpi_debug_function_ptr ndpi_debug_printf);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h
index 3fa0b34e6..cc237128a 100644
--- a/src/include/ndpi_define.h
+++ b/src/include/ndpi_define.h
@@ -1,7 +1,6 @@
/*
*
- * Copyright (C) 2011-15 - ntop.org
- * Copyright (C) 2009-2011 by ipoque GmbH
+ * Copyright (C) 2011-16 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -77,7 +76,7 @@
#endif
-#define NDPI_USE_ASYMMETRIC_DETECTION 0
+#define NDPI_USE_ASYMMETRIC_DETECTION 0
#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t
#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0)
@@ -160,24 +159,24 @@
/* TODO: rebuild all memory areas to have a more aligned memory block here */
/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */
-#define NDPI_MAX_PARSE_LINES_PER_PACKET 64
+#define NDPI_MAX_PARSE_LINES_PER_PACKET 64
#define MAX_PACKET_COUNTER 65000
#define MAX_DEFAULT_PORTS 5
#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600
#define NDPI_IRC_CONNECTION_TIMEOUT 120
-#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60
-#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60
-#define NDPI_THUNDER_CONNECTION_TIMEOUT 30
-#define NDPI_RTSP_CONNECTION_TIMEOUT 5
-#define NDPI_TVANTS_CONNECTION_TIMEOUT 5
-#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1
-#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30
+#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60
+#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60
+#define NDPI_THUNDER_CONNECTION_TIMEOUT 30
+#define NDPI_RTSP_CONNECTION_TIMEOUT 5
+#define NDPI_TVANTS_CONNECTION_TIMEOUT 5
+#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1
+#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30
#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120
-#define NDPI_ZATTOO_FLASH_TIMEOUT 5
-#define NDPI_JABBER_STUN_TIMEOUT 30
-#define NDPI_JABBER_FT_TIMEOUT 5
+#define NDPI_ZATTOO_FLASH_TIMEOUT 5
+#define NDPI_JABBER_STUN_TIMEOUT 30
+#define NDPI_JABBER_FT_TIMEOUT 5
#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600
#ifdef NDPI_ENABLE_DEBUG_MESSAGES
diff --git a/src/include/ndpi_includes.h b/src/include/ndpi_includes.h
index ce36a25f9..f77f8cfc4 100644
--- a/src/include/ndpi_includes.h
+++ b/src/include/ndpi_includes.h
@@ -1,7 +1,7 @@
/*
* ndpi_includes.h
*
- * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-16 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -35,6 +35,7 @@
#ifdef WIN32
#include "ndpi_win32.h"
#else
+#include <sys/types.h>
#include <sys/param.h>
#include <pthread.h>
#include <arpa/inet.h>
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index a70f35c8d..43bd4e2bb 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -1,8 +1,7 @@
/*
* ndpi_main.h
*
- * Copyright (C) 2011-15 - ntop.org
- * Copyright (C) 2009-2011 by ipoque GmbH
+ * Copyright (C) 2011-16 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -32,79 +31,99 @@
#include "ndpi_protocols.h"
#include "ndpi_api.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
-void *ndpi_tdelete(const void * __restrict, void ** __restrict,
- int (*)(const void *, const void *));
-void *ndpi_tfind(const void *, void *, int (*)(const void *, const void *));
-void *ndpi_tsearch(const void *, void**, int (*)(const void *, const void *));
-void ndpi_twalk(const void *, void (*)(const void *, ndpi_VISIT, int, void*), void *user_data);
-void ndpi_tdestroy(void *vrootp, void (*freefct)(void *));
+ void *ndpi_tdelete(const void * __restrict, void ** __restrict,
+ int (*)(const void *, const void *));
+ void *ndpi_tfind(const void *, void *, int (*)(const void *, const void *));
+ void *ndpi_tsearch(const void *, void**, int (*)(const void *, const void *));
+ void ndpi_twalk(const void *, void (*)(const void *, ndpi_VISIT, int, void*), void *user_data);
+ void ndpi_tdestroy(void *vrootp, void (*freefct)(void *));
-int NDPI_BITMASK_COMPARE(NDPI_PROTOCOL_BITMASK a, NDPI_PROTOCOL_BITMASK b);
-int NDPI_BITMASK_IS_EMPTY(NDPI_PROTOCOL_BITMASK a);
-void NDPI_DUMP_BITMASK(NDPI_PROTOCOL_BITMASK a);
+ int NDPI_BITMASK_COMPARE(NDPI_PROTOCOL_BITMASK a, NDPI_PROTOCOL_BITMASK b);
+ int NDPI_BITMASK_IS_EMPTY(NDPI_PROTOCOL_BITMASK a);
+ void NDPI_DUMP_BITMASK(NDPI_PROTOCOL_BITMASK a);
-extern u_int8_t ndpi_net_match(u_int32_t ip_to_check,
- u_int32_t net,
- u_int32_t num_bits);
+ extern u_int8_t ndpi_net_match(u_int32_t ip_to_check,
+ u_int32_t net,
+ u_int32_t num_bits);
-extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst,
- u_int32_t net, u_int32_t num_bits);
+ extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst,
+ u_int32_t net, u_int32_t num_bits);
-u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+ u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
-u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
-u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
-u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
-u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
-u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+ u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+ u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+ u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+ u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+ u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
-void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow,
- u_int16_t upper_detected_protocol,
- u_int16_t lower_detected_protocol);
+ void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow,
+ u_int16_t upper_detected_protocol,
+ u_int16_t lower_detected_protocol);
-extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
-extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+ extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+ extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
-extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter);
+ extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter);
-extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
- u_int16_t upper_detected_protocol,
- u_int16_t lower_detected_protocol);
-extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
- u_int16_t upper_detected_protocol,
- u_int16_t lower_detected_protocol);
-extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t protoBreed, u_int16_t protoId,
- u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], char *protoName,
- ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts);
+ extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
+ u_int16_t upper_detected_protocol,
+ u_int16_t lower_detected_protocol);
+ extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
+ u_int16_t upper_detected_protocol,
+ u_int16_t lower_detected_protocol);
+ extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t protoBreed, u_int16_t protoId,
+ u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], char *protoName,
+ ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts);
-extern void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet);
-extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow);
+ extern void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet);
+ extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow);
-extern int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip);
-extern int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip);
-extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip);
-extern void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip);
+ extern int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip);
+ extern int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip);
+ extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip);
+ extern void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip);
-extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const ndpi_ip_addr_t * ip);
-extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_packet_struct *packet);
-extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id);
+ extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const ndpi_ip_addr_t * ip);
+ extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_packet_struct *packet);
+ extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id);
+ u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name);
-extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct,
- u_int8_t proto, u_int16_t sport, u_int16_t dport);
+ extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct,
+ u_int8_t proto, u_int16_t sport, u_int16_t dport,
+ u_int8_t *user_defined_proto);
-extern u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto);
+ extern u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto);
-extern u_int16_t ndpi_get_lower_proto(ndpi_protocol p);
-extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id,
- u_int16_t** tcp_master_proto,
- u_int16_t** udp_master_proto);
+ extern u_int16_t ndpi_get_lower_proto(ndpi_protocol p);
+ extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id,
+ u_int16_t** tcp_master_proto,
+ u_int16_t** udp_master_proto);
#ifdef NDPI_ENABLE_DEBUG_MESSAGES
-void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct,
- const char **file, const char **func, u_int32_t * line);
+ void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct,
+ const char **file, const char **func, u_int32_t * line);
+#endif
+
+ /** Checks when the @p payload starts with the string literal @p str.
+ * When the string is larger than the payload, check fails.
+ * @return non-zero if check succeeded
+ */
+ int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len,
+ const char *str, size_t str_len);
+
+ /* version of ndpi_match_prefix with string literal */
+#define ndpi_match_strprefix(payload, payload_len, str) \
+ ndpi_match_prefix((payload), (payload_len), (str), (sizeof(str)-1))
+
+#ifdef __cplusplus
+}
#endif
#endif /* __NDPI_MAIN_H__ */
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index cfc0ad56d..e4d40e9bb 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -1,8 +1,7 @@
/*
* ndpi_protocol_ids.h
*
- * Copyright (C) 2011-15 - ntop.org
- * Copyright (C) 2009-11 - ipoque GmbH
+ * Copyright (C) 2011-16 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -199,10 +198,10 @@
#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa <g.costa@xplico.org> */
#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu <andrea.buscarinu@gmail.com> - Michele Campus <michelecampus5@gmail.com> */
#define NDPI_PROTOCOL_WHATSAPP_VOICE 189
-#define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci <matteobracci1@gmail.com> */
-#define NDPI_PROTOCOL_TEREDO 214
-#define NDPI_PROTOCOL_HEP 216 /* Sipcapture.org QXIP BV */
-#define NDPI_PROTOCOL_UBNTAC2 217 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom <thomas+ndpi@fjellstrom.ca> */
+#define NDPI_PROTOCOL_STARCRAFT 211 /* Matteo Bracci <matteobracci1@gmail.com> */
+#define NDPI_PROTOCOL_TEREDO 212
+#define NDPI_PROTOCOL_HEP 213 /* Sipcapture.org QXIP BV */
+#define NDPI_PROTOCOL_UBNTAC2 214 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom <thomas+ndpi@fjellstrom.ca> */
#define NDPI_PROTOCOL_MS_LYNC 173
@@ -243,36 +242,32 @@
#define NDPI_SERVICE_YAHOO NDPI_PROTOCOL_YAHOO /* Tomasz Bujlow <tomasz@skatnet.dk> */
#define NDPI_SERVICE_PANDORA 187
#define NDPI_PROTOCOL_EAQ 190
-#define NDPI_SERVICE_TIMMEU 191
-#define NDPI_SERVICE_TORCEDOR 192
+#define NDPI_PROTOCOL_GIT 191
+#define NDPI_PROTOCOL_DRDA 192
#define NDPI_SERVICE_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */
#define NDPI_SERVICE_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */
#define NDPI_SERVICE_TWITCH 195 /* Edoardo Dominici <edoaramis@gmail.com> */
#define NDPI_SERVICE_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */
-#define NDPI_SERVICE_TIM 197 /* Traffic for tim.com.br and tim.it */
+#define NDPI_SERVICE_OPENDNS 197
#define NDPI_PROTOCOL_MPEGTS 198
#define NDPI_SERVICE_SNAPCHAT 199
-#define NDPI_SERVICE_SIMET 200
-#define NDPI_SERVICE_OPENSIGNAL 201
-#define NDPI_SERVICE_99TAXI 202
-#define NDPI_SERVICE_EASYTAXI 203
-#define NDPI_SERVICE_GLOBOTV 204
-#define NDPI_SERVICE_TIMSOMDECHAMADA 205
-#define NDPI_SERVICE_TIMMENU 206
-#define NDPI_SERVICE_TIMPORTASABERTAS 207
-#define NDPI_SERVICE_TIMRECARGA 208
-#define NDPI_SERVICE_TIMBETA 209
-#define NDPI_SERVICE_DEEZER 210
-#define NDPI_SERVICE_INSTAGRAM 211 /* Andrea Buscarinu <andrea.buscarinu@gmail.com> */
-#define NDPI_SERVICE_MICROSOFT 212
-#define NDPI_SERVICE_HOTSPOT_SHIELD 215
-#define NDPI_SERVICE_OCS 218
-#define NDPI_SERVICE_OFFICE_365 219
-#define NDPI_SERVICE_CLOUDFLARE 220
-#define NDPI_SERVICE_MS_ONE_DRIVE 221
-#define NDPI_PROTOCOL_MQTT 222
+#define NDPI_SERVICE_DEEZER 200
+#define NDPI_SERVICE_INSTAGRAM 201 /* Andrea Buscarinu <andrea.buscarinu@gmail.com> */
+#define NDPI_SERVICE_MICROSOFT 202
+#define NDPI_SERVICE_HOTSPOT_SHIELD 203
+#define NDPI_SERVICE_OCS 204
+#define NDPI_SERVICE_OFFICE_365 205
+#define NDPI_SERVICE_CLOUDFLARE 206
+#define NDPI_SERVICE_MS_ONE_DRIVE 207
+#define NDPI_PROTOCOL_MQTT 208
+#define NDPI_PROTOCOL_RX 209
+#define NDPI_SERVICE_WEIBO 210
+#define NDPI_SERVICE_HANGOUT 215
+#define NDPI_SERVICE_SLACK 216
+#define NDPI_SERVICE_HOTMAIL 217
+
/* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
-#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_MQTT
+#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_SERVICE_HOTMAIL
#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index b5df1c937..12f3a0dbd 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -1,8 +1,7 @@
/*
* ndpi_protocols.h
*
- * Copyright (C) 2011-15 - ntop.org
- * Copyright (C) 2009-2011 by ipoque GmbH
+ * Copyright (C) 2011-16 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -53,10 +52,6 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st
/* Applications and other protocols. */
void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
-void ndpi_bittorrent_init(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t size,u_int32_t timeout);
-void ndpi_bittorrent_done(struct ndpi_detection_module_struct *ndpi_struct);
-int ndpi_bittorrent_gc(struct hash_ip4p_table *ht,int key,time_t now);
-
void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
@@ -198,6 +193,9 @@ void ndpi_search_starcraft(struct ndpi_detection_module_struct *ndpi_struct, str
void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
void ndpi_search_coap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_rx(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
/* --- INIT FUNCTIONS --- */
void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
@@ -337,4 +335,8 @@ void init_stracraft_dissector(struct ndpi_detection_module_struct *ndpi_struct,
void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_coap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_rx_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
#endif /* __NDPI_PROTOCOLS_H__ */
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index ed74b9a07..9a50b65fd 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1,8 +1,7 @@
/*
* ndpi_typedefs.h
*
- * Copyright (C) 2011-15 - ntop.org
- * Copyright (C) 2009-11 - ipoque GmbH
+ * Copyright (C) 2011-16 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -555,7 +554,7 @@ struct ndpi_flow_tcp_struct {
u_int32_t mail_pop_stage:2;
#endif
#ifdef NDPI_PROTOCOL_MAIL_IMAP
- u_int32_t mail_imap_stage:3;
+ u_int32_t mail_imap_stage:3, mail_imap_starttls:2;
#endif
#ifdef NDPI_PROTOCOL_SKYPE
u_int8_t skype_packet_id;
@@ -622,6 +621,10 @@ struct ndpi_flow_udp_struct {
u_int8_t eaq_pkt_id;
u_int32_t eaq_sequence;
#endif
+#ifdef NDPI_PROTOCOL_RX
+ u_int32_t rx_conn_epoch;
+ u_int32_t rx_conn_id;
+#endif
}
#ifndef WIN32
__attribute__ ((__packed__))
@@ -734,6 +737,7 @@ typedef struct ndpi_proto_defaults {
typedef struct ndpi_default_ports_tree_node {
ndpi_proto_defaults_t *proto;
+ u_int8_t customUserProto;
u_int16_t default_port;
} ndpi_default_ports_tree_node_t;
@@ -749,7 +753,7 @@ typedef struct ndpi_proto {
#define NDPI_PROTOCOL_NULL { NDPI_PROTOCOL_UNKNOWN , NDPI_PROTOCOL_UNKNOWN }
struct ndpi_detection_module_struct {
-
+
NDPI_PROTOCOL_BITMASK detection_bitmask;
NDPI_PROTOCOL_BITMASK generic_http_packet_bitmask;
@@ -802,7 +806,7 @@ struct ndpi_detection_module_struct {
content_automa, /* Used for HTTP subprotocol_detection */
subprotocol_automa, /* Used for HTTP subprotocol_detection */
bigrams_automa, impossible_bigrams_automa; /* TOR */
-
+
/* IP-based protocol detection */
void *protocols_ptree;
@@ -846,8 +850,8 @@ struct ndpi_detection_module_struct {
ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS];
- u_int8_t http_dont_dissect_response:1;
- u_int8_t direction_detect_disable:1; /* disable internal detection of packet direction */
+ u_int8_t http_dont_dissect_response:1, dns_dissect_response:1,
+ direction_detect_disable:1; /* disable internal detection of packet direction */
};
struct ndpi_flow_struct {
@@ -908,10 +912,10 @@ struct ndpi_flow_struct {
/* the only fields useful for nDPI and ntopng */
struct {
- u_int8_t num_answers, ret_code;
- u_int16_t query_type;
+ u_int8_t num_queries, num_answers, reply_code;
+ u_int16_t query_type, query_class, rsp_type;
} dns;
-
+
struct {
u_int8_t request_code;
u_int8_t version;
@@ -1002,6 +1006,10 @@ struct ndpi_flow_struct {
#ifdef NDPI_PROTOCOL_STARCRAFT
u_int32_t starcraft_udp_stage : 3; // 0-7
#endif
+#ifdef NDPI_PROTOCOL_OPENVPN
+ u_int8_t ovpn_session_id[8];
+ u_int8_t ovpn_counter;
+#endif
/* internal structures to save functions calls */
struct ndpi_packet_struct packet;
diff --git a/src/include/ndpi_unix.h b/src/include/ndpi_unix.h
index b680d3c30..6e6987bfd 100644
--- a/src/include/ndpi_unix.h
+++ b/src/include/ndpi_unix.h
@@ -1,8 +1,7 @@
/*
* ndpi_unix.h
*
- * Copyright (C) 2011-15 - ntop.org
- * Copyright (C) 2009-2011 by ipoque GmbH
+ * Copyright (C) 2011-16 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
diff --git a/src/include/ndpi_win32.h b/src/include/ndpi_win32.h
index 645c022e5..876e59c05 100644
--- a/src/include/ndpi_win32.h
+++ b/src/include/ndpi_win32.h
@@ -1,8 +1,7 @@
/*
* ndpi_win32.h
*
- * Copyright (C) 2011-15 - ntop.org
- * Copyright (C) 2009-2011 by ipoque GmbH
+ * Copyright (C) 2011-16 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
Powered by cgit, Themed by Ted Yin.