aboutsummaryrefslogtreecommitdiff
path: root/src/include
diff options
context:
space:
mode:
Diffstat (limited to 'src/include')
-rw-r--r--src/include/ndpi_classify.h92
-rw-r--r--src/include/ndpi_protocol_ids.h1
-rw-r--r--src/include/ndpi_protocols.h5
-rw-r--r--src/include/ndpi_typedefs.h43
4 files changed, 141 insertions, 0 deletions
diff --git a/src/include/ndpi_classify.h b/src/include/ndpi_classify.h
new file mode 100644
index 000000000..a33dff752
--- /dev/null
+++ b/src/include/ndpi_classify.h
@@ -0,0 +1,92 @@
+/*
+ *
+ * Copyright (c) 2016 Cisco Systems, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * Neither the name of the Cisco Systems, Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/**
+ * \file ndpi_classify.h
+ *
+ * \brief header file for inline Classification functionality
+ */
+
+#ifndef NDPI_CLASSIFY_H
+#define NDPI_CLASSIFY_H
+
+#include <stdint.h>
+#include <sys/time.h>
+
+/* constants */
+#define NUM_PARAMETERS_SPLT_LOGREG 208
+#define NUM_PARAMETERS_BD_LOGREG 464
+#define MC_BINS_LEN 10
+#define MC_BINS_TIME 10
+#define MC_BIN_SIZE_TIME 50
+#define MC_BIN_SIZE_LEN 150
+#define MAX_BIN_LEN 1500
+#define NUM_BD_VALUES 256
+#define NDPI_TIMESTAMP_LEN 64
+
+/** Classifier parameter type codes */
+typedef enum {
+ SPLT_PARAM_TYPE = 0,
+ BD_PARAM_TYPE = 1
+} classifier_type_codes_t;
+
+extern float parameters_bd[NUM_PARAMETERS_BD_LOGREG];
+extern float parameters_splt[NUM_PARAMETERS_SPLT_LOGREG];
+
+/* Classifier functions */
+float ndpi_classify(const unsigned short *pkt_len, const struct timeval *pkt_time,
+ const unsigned short *pkt_len_twin, const struct timeval *pkt_time_twin,
+ struct timeval start_time, struct timeval start_time_twin, uint32_t max_num_pkt_len,
+ uint16_t sp, uint16_t dp, uint32_t op, uint32_t ip, uint32_t np_o, uint32_t np_i,
+ uint32_t ob, uint32_t ib, uint16_t use_bd, const uint32_t *bd, const uint32_t *bd_t);
+
+void ndpi_merge_splt_arrays(const uint16_t *pkt_len, const struct timeval *pkt_time,
+ const uint16_t *pkt_len_twin, const struct timeval *pkt_time_twin,
+ struct timeval start_time, struct timeval start_time_twin,
+ uint16_t s_idx, uint16_t r_idx,
+ uint16_t *merged_lens, uint16_t *merged_times);
+
+void ndpi_update_params(classifier_type_codes_t param_type, const char *param_file);
+
+void ndpi_flow_info_freer(void *node);
+unsigned int ndpi_timer_eq(const struct timeval *a, const struct timeval *b);
+unsigned int ndpi_timer_lt(const struct timeval *a, const struct timeval *b);
+void ndpi_timer_sub(const struct timeval *a, const struct timeval *b, struct timeval *result);
+void ndpi_timer_clear(struct timeval *a);
+unsigned int ndpi_timeval_to_milliseconds(struct timeval ts);
+void ndpi_log_timestamp(char *log_ts);
+
+#endif /* NDPI_CLASSIFY_H */
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index b2fdbed77..4a1aa5f7f 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -277,6 +277,7 @@ typedef enum {
NDPI_PROTOCOL_AMAZON_VIDEO = 240,
NDPI_PROTOCOL_GOOGLE_DOCS = 241,
NDPI_PROTOCOL_WHATSAPP_FILES = 242, /* Videos, pictures, voice messages... */
+ NDPI_PROTOCOL_TARGUS_GETDATA = 243,
/*
IMPORTANT
before allocating a new identifier please fill up
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index 96f6a898e..01afada71 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -205,6 +205,9 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct *ndpi_struct, struct n
void ndpi_search_ajp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
void ndpi_search_memcached(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
void ndpi_search_nest_log_sink(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_targus_getdata(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_apple_push(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_amazon_video(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
/* --- INIT FUNCTIONS --- */
void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
@@ -357,6 +360,7 @@ void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_amazon_video_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_fbzero_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
@@ -365,5 +369,6 @@ void init_nest_log_sink_dissector(struct ndpi_detection_module_struct *ndpi_stru
void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_modbus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
void init_line_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_targus_getdata_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
#endif /* __NDPI_PROTOCOLS_H__ */
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 135d97574..31e5c0056 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -122,6 +122,49 @@ struct ndpi_ethhdr
u_int16_t h_proto; /* data length (<= 1500) or type ID proto (>=1536) */
} PACK_OFF;
+/* +++++++++++++++ ARP header +++++++++++++++ */
+PACK_ON
+struct ndpi_arphdr {
+ u_int16_t ar_hrd;/* Format of hardware address. */
+ u_int16_t ar_pro;/* Format of protocol address. */
+ u_int8_t ar_hln;/* Length of hardware address. */
+ u_int8_t ar_pln;/* Length of protocol address. */
+ u_int16_t ar_op;/* ARP opcode (command). */
+ u_char arp_sha[6];/* sender hardware address */
+ u_int32_t arp_spa;/* sender protocol address */
+ u_char arp_tha[6];/* target hardware address */
+ u_int32_t arp_tpa;/* target protocol address */
+} PACK_OFF;
+
+/* +++++++++++++++ DHCP header +++++++++++++++ */
+PACK_ON
+struct ndpi_dhcphdr {
+ u_int8_t msgType;
+ u_int8_t htype;
+ u_int8_t hlen;
+ u_int8_t hops;
+ u_int32_t xid;/* 4 */
+ u_int16_t secs;/* 8 */
+ u_int16_t flags;
+ u_int32_t ciaddr;/* 12 */
+ u_int32_t yiaddr;/* 16 */
+ u_int32_t siaddr;/* 20 */
+ u_int32_t giaddr;/* 24 */
+ u_int8_t chaddr[16]; /* 28 */
+ u_int8_t sname[64]; /* 44 */
+ u_int8_t file[128]; /* 108 */
+ u_int32_t magic; /* 236 */
+ u_int8_t options[308];
+} PACK_OFF;
+
+/* +++++++++++++++ MDNS rsp header +++++++++++++++ */
+PACK_ON
+struct ndpi_mdns_rsp_entry {
+ u_int16_t rsp_type, rsp_class;
+ u_int32_t ttl;
+ u_int16_t data_len;
+} PACK_OFF;
+
/* +++++++++++++++++++ LLC header (IEEE 802.2) ++++++++++++++++ */
PACK_ON
Powered by cgit, Themed by Ted Yin.