aboutsummaryrefslogtreecommitdiff
path: root/src/include
diff options
context:
space:
mode:
Diffstat (limited to 'src/include')
-rw-r--r--src/include/ndpi_api.h345
-rw-r--r--src/include/ndpi_define.h.in50
-rw-r--r--src/include/ndpi_includes.h2
-rw-r--r--src/include/ndpi_includes_OpenBSD.h2
-rw-r--r--src/include/ndpi_main.h15
-rw-r--r--src/include/ndpi_patricia_typedefs.h2
-rw-r--r--src/include/ndpi_private.h676
-rw-r--r--src/include/ndpi_protocol_ids.h45
-rw-r--r--src/include/ndpi_typedefs.h468
-rw-r--r--src/include/ndpi_unix.h2
-rw-r--r--src/include/ndpi_win32.h2
11 files changed, 863 insertions, 746 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
index 48b225d77..2e5dc1ba7 100644
--- a/src/include/ndpi_api.h
+++ b/src/include/ndpi_api.h
@@ -1,7 +1,7 @@
/*
* ndpi_api.h
*
- * Copyright (C) 2011-24 - ntop.org
+ * Copyright (C) 2011-25 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -36,11 +36,6 @@ extern "C" {
#define NDPI_DETECTION_ONLY_IPV4 ( 1 << 0 )
#define NDPI_DETECTION_ONLY_IPV6 ( 1 << 1 )
-#define ADD_TO_DETECTION_BITMASK 1
-#define NO_ADD_TO_DETECTION_BITMASK 0
-#define SAVE_DETECTION_BITMASK_AS_UNKNOWN 1
-#define NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN 0
-
/*
In case a custom DGA function is used, the fucntion
below must be overwritten,
@@ -68,24 +63,6 @@ extern "C" {
*/
u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void);
-
- /**
- * Get the size of the flow tcp struct
- *
- * @return the size of the flow tcp struct
- *
- */
- u_int32_t ndpi_detection_get_sizeof_ndpi_flow_tcp_struct(void);
-
-
- /**
- * Get the size of the flow udp struct
- *
- * @return the size of the flow udp struct
- *
- */
- u_int32_t ndpi_detection_get_sizeof_ndpi_flow_udp_struct(void);
-
/*
Same as the API call above but used for matching raw id's added
via ndpi_add_string_value_to_automa()
@@ -153,6 +130,8 @@ extern "C" {
*/
u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct,
struct in_addr *pin);
+ u_int16_t ndpi_network_ptree6_match(struct ndpi_detection_module_struct *ndpi_str,
+ struct in6_addr *pin);
/**
* Returns the nDPI protocol id for IP+port-based protocol detection
@@ -173,38 +152,6 @@ extern "C" {
u_int16_t port /* network byte order */);
/**
- * Creates a protocol match that does not contain any hostnames.
- *
- * @par hostname_list = the desired hostname list form which the first entry is used to create the match
- * @par empty_app_protocol = the resulting protocol match that does contain all information except the hostname
- *
- * @return 0 on success, 1 otherwise
- */
- int ndpi_init_empty_app_protocol(ndpi_protocol_match const * const hostname_list,
- ndpi_protocol_match * const empty_app_protocol);
-
- /**
- * Init single protocol match.
- *
- * @par ndpi_mod = the struct created for the protocol detection
- * @par match = the struct passed to match the protocol
- *
- * @return 0 on success, 1 otherwise
- */
- int ndpi_init_app_protocol(struct ndpi_detection_module_struct *ndpi_str,
- ndpi_protocol_match const * const match);
-
- /**
- * Init single protocol match and adds it to the Aho-Corasick automata.
- *
- * @par ndpi_mod = the struct created for the protocol detection
- * @par match = the struct passed to match the protocol
- *
- */
- void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod,
- ndpi_protocol_match const * const match);
-
- /**
* Returns a new initialized global context.
*
* @return the initialized global context
@@ -227,10 +174,10 @@ extern "C" {
* it do not forget to call first ndpi_finalize_initialization()
*
* You can call this function multiple times, (i.e. to create multiple
- * indipendent detection contexts) but all these calls MUST NOT run
+ * independent detection contexts) but all these calls MUST NOT run
* in parallel
*
- * @g_ctx = global context associated to the new detection module; NULL if no global context is needed
+ * @par g_ctx = global context associated to the new detection module; NULL if no global context is needed
* @return the initialized detection module
*
*/
@@ -271,40 +218,6 @@ extern "C" {
void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct);
/**
- * Sets a single protocol bitmask
- * This function does not increment the index of the callback_buffer
- *
- * @par label = string for the protocol name
- * @par ndpi_struct = the detection module
- * @par idx = the index of the callback_buffer
- * @par func = function pointer of the protocol search
- * @par ndpi_selection_bitmask = the protocol selected bitmask
- * @par b_save_bitmask_unknow = if set as "true" save the detection bitmask as unknow
- * @par b_add_detection_bitmask = if set as "true" add the protocol bitmask to the detection bitmask
- *
- */
- void ndpi_set_bitmask_protocol_detection(char *label,
- struct ndpi_detection_module_struct *ndpi_struct,
- const u_int32_t idx,
- u_int16_t ndpi_protocol_id,
- void (*func) (struct ndpi_detection_module_struct *,
- struct ndpi_flow_struct *flow),
- const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask,
- u_int8_t b_save_bitmask_unknow,
- u_int8_t b_add_detection_bitmask);
-
- /**
- * Sets the protocol bitmask2
- *
- * @par ndpi_struct = the detection module
- * @par detection_bitmask = the protocol bitmask to set
- * @return 0 if ok, -1 if error
- *
- */
- int ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *ndpi_struct,
- const NDPI_PROTOCOL_BITMASK * detection_bitmask);
-
- /**
* Function to be called before we give up with detection for a given flow.
* This function reduces the NDPI_UNKNOWN_PROTOCOL detection
*
@@ -319,27 +232,6 @@ extern "C" {
u_int8_t *protocol_was_guessed);
/**
- * Processes an extra packet in order to get more information for a given protocol
- * (like SSL getting both client and server certificate even if we already know after
- * seeing the client certificate what the protocol is)
- *
- * @par ndpi_struct = the detection module
- * @par flow = pointer to the connection state machine
- * @par packet = unsigned char pointer to the Layer 3 (IP header)
- * @par packetlen = the length of the packet
- * @par packet_time_ms = the current timestamp for the packet (expressed in msec)
- * @par input_info = (optional) flow information provided by the (external) flow manager
- * @return void
- *
- */
- void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow,
- const unsigned char *packet,
- const unsigned short packetlen,
- const u_int64_t packet_time_ms,
- struct ndpi_flow_input_info *input_info);
-
- /**
* Processes one packet and returns the ID of the detected protocol.
* This is the MAIN PACKET PROCESSING FUNCTION.
*
@@ -486,6 +378,7 @@ extern "C" {
* @par string_to_match_len = the length of the string
* @par ret_match = completed returned match information
* @par master_protocol_id = value of the ID associated to the master protocol detected
+ * @par update_flow_classification = update or not protocol (sub)classification
* @return the ID of the matched subprotocol
*
*/
@@ -494,7 +387,8 @@ extern "C" {
char *string_to_match,
u_int string_to_match_len,
ndpi_protocol_match_result *ret_match,
- u_int16_t master_protocol_id);
+ u_int16_t master_protocol_id,
+ int update_flow_classification);
/**
* Check if the string content passed match with a protocol
@@ -507,18 +401,6 @@ extern "C" {
struct ndpi_flow_struct *flow, u_int16_t subprotocol_id);
/**
- * Exclude protocol from search
- *
- * @par ndpi_struct = the detection module
- * @par flow = the flow where match the host
- * @par master_protocol_id = value of the ID associated to the master protocol detected
- *
- */
- void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow,
- u_int16_t master_protocol_id,
- const char *_file, const char *_func,int _line);
- /**
* Check if the string -bigram_to_match- match with a bigram of -automa-
*
* @par ndpi_mod = the detection module
@@ -558,12 +440,22 @@ extern "C" {
* Find out if a given category is custom/user-defined
*
* @par category = the category associated to the protocol
- * @return 1 if this is a custom user category, 0 otherwise
+ * @return True if this is a custom user category, false otherwise
*
*/
- int ndpi_is_custom_category(ndpi_protocol_category_t category);
+ bool ndpi_is_custom_category(ndpi_protocol_category_t category);
/**
+ * Find out if a given protocol is custom/user-defined
+ *
+ * @par ndpi_str = the detection module
+ * @par proto_id = the proto_id to check
+ * @return True if this is a custom user protocol, false otherwise (nDPI protocol already supported in the engine)
+ *
+ */
+ bool ndpi_is_custom_protocol(struct ndpi_detection_module_struct *ndpi_str, u_int16_t proto_id);
+
+ /**
* Overwrite a protocol category defined by nDPI with the custom category
*
* @par ndpi_mod = the detection module
@@ -586,14 +478,34 @@ extern "C" {
u_int16_t protoId, ndpi_protocol_category_t protoCategory);
/**
+ * Find the QoE category for the specified protocol
+ *
+ * @par ndpi_mod = the detection module
+ * @par protoId = the protocol identifier we're searhing
+ *
+ */
+ ndpi_protocol_qoe_category_t ndpi_find_protocol_qoe(struct ndpi_detection_module_struct *ndpi_str,
+ u_int16_t protoId);
+
+ /**
+ * Return the name of a RTP payload type
+ *
+ * @par payload_type = the RTP payload type
+ * @par evs_payload_type = EVS payload type (only in case payload_type is EVS)
+ * @return The symbolic payload type or "Unknown" if not found
+ */
+ const char* ndpi_rtp_payload_type2str(u_int8_t payload_type, u_int32_t evs_payload_type);
+
+ /**
* Check if subprotocols of the specified master protocol are just
* informative (and not real)
*
+ * @par ndpi_mod = the detection module
* @par protoId = the (master) protocol identifier to query
* @return 1 = the subprotocol is informative, 0 otherwise.
*
*/
- u_int8_t ndpi_is_subprotocol_informative(u_int16_t protoId);
+ u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod, u_int16_t protoId);
/**
* Set hostname-based protocol
@@ -683,6 +595,15 @@ extern "C" {
u_int16_t proto);
/**
+ * Get the protocol breed ID associated to the breed name
+ *
+ * @par name = the string name of the breed
+ * @return the breed ID associated to the name, or NDPI_PROTOCOL_UNRATED if not found
+ *
+ */
+ ndpi_protocol_breed_t ndpi_get_breed_by_name(const char *name);
+
+ /**
* Return the string name of the protocol breed
*
* @par ndpi_struct = the detection module
@@ -700,7 +621,7 @@ extern "C" {
* @return the ID of the protocol
*
*/
- extern u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name);
+ extern u_int16_t ndpi_get_proto_by_name(const struct ndpi_detection_module_struct *ndpi_mod, const char *name);
/**
* Return the name of the protocol given its ID
@@ -710,7 +631,7 @@ extern "C" {
* @return the name of the protocol
*
*/
- extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id);
+ extern char* ndpi_get_proto_by_id(const struct ndpi_detection_module_struct *ndpi_mod, u_int id);
/**
* Return the name of the protocol given its ID. You can specify TLS.YouTube or just TLS
@@ -840,6 +761,19 @@ extern "C" {
char* path);
/**
+ * Load files (whose name is <protocolid>_<label>.<extension>) stored
+ * in a directory and binds each IP/network to the specified protocol.
+ * This function is used to bind IP addresses to protocols
+ *
+ * @par ndpi_mod = the detection module
+ * @par path = the path of the file
+ * @return 0 if the file is loaded correctly;
+ * -1 else
+ */
+ int ndpi_load_protocols_dir(struct ndpi_detection_module_struct *ndpi_str,
+ char* path);
+
+ /**
* Read a file and load the list of risky domains
*
* @par ndpi_mod = the detection module
@@ -868,14 +802,40 @@ extern "C" {
*/
int ndpi_load_malicious_sha1_file(struct ndpi_detection_module_struct *ndpi_str, const char *path);
+ /*
+ Add a new TCP fingerprint
+
+ Return code:
+ 0 OK
+ -1 Duplicated fingerprint
+ -2 Unable to add a new entry
+ */
+ int ndpi_add_tcp_fingerprint(struct ndpi_detection_module_struct *ndpi_str,
+ char *fingerprint, ndpi_os os);
+
/**
- * Get the total number of the supported protocols
+ * Read a file and load the list of TCP fingerprints
+ * @par ndpi_mod = the detection module
+ * @par path = the path of the file
+ * @return 0 if the file is loaded correctly;
+ * -1 else
+ */
+ int load_tcp_fingerprint_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd);
+ int ndpi_load_tcp_fingerprint_file(struct ndpi_detection_module_struct *ndpi_str, const char *path);
+ void ndpi_load_tcp_fingerprints(struct ndpi_detection_module_struct *ndpi_str);
+ ndpi_os ndpi_get_os_from_tcp_fingerprint(struct ndpi_detection_module_struct *ndpi_str,
+ char *tcp_fingerprint);
+
+ /**
+ * Get the total number of the defined protocols (internals and custom).
+ * It can be called only with finalized context, i.e. after having called
+ * ndpi_finalize_initialization()
*
* @par ndpi_mod = the detection module
* @return the number of protocols
*
*/
- u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_mod);
+ u_int ndpi_get_num_protocols(struct ndpi_detection_module_struct *ndpi_mod);
/**
* Get the nDPI version release
@@ -895,48 +855,6 @@ extern "C" {
void ndpi_set_automa(struct ndpi_detection_module_struct *ndpi_struct,
void* automa);
- /* NDPI_PROTOCOL_HTTP */
- /**
- * Retrieve information for HTTP flows
- *
- * @par flow = the detected flow
- * @return the HTTP method information about the flow
- *
- */
- ndpi_http_method ndpi_get_http_method(struct ndpi_flow_struct *flow);
-
- /**
- * Get the HTTP url
- *
- * @par flow = the detected flow
- * @return the HTTP method information about the flow
- *
- */
- char* ndpi_get_http_url(struct ndpi_flow_struct *flow);
-
- /**
- * Get the HTTP content-type
- *
- * @par flow = the detected flow
- * @return the HTTP method information about the flow
- *
- */
- char* ndpi_get_http_content_type(struct ndpi_flow_struct *flow);
-
- /* NDPI_PROTOCOL_TOR */
- /**
- * Check if the flow could be detected as TOR protocol
- *
- * @par ndpi_struct = the detection module
- * @par flow = the detected flow
- * @par certificate = the SSL/TLS certificate
- * @return 1 if the flow is TOR;
- * 0 else
- *
- */
- int ndpi_is_tls_tor(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow, char *certificate);
-
/* Wrappers functions */
/**
* Init Aho-Corasick automata
@@ -1051,7 +969,6 @@ extern "C" {
u_int16_t user_proto_id);
u_int16_t ndpi_map_ndpi_id_to_user_proto_id(struct ndpi_detection_module_struct *ndpi_str,
u_int16_t ndpi_proto_id);
- void ndpi_self_check_host_match(FILE *error_out);
/* Tells to called on what l4 protocol given application protocol can be found */
ndpi_l4_proto_info ndpi_get_l4_proto_info(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t ndpi_proto_id);
@@ -1064,8 +981,6 @@ extern "C" {
bool ndpi_is_proto_equals(ndpi_master_app_protocol to_check, ndpi_master_app_protocol to_match, bool exact_match_only);
ndpi_proto_defaults_t* ndpi_get_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod);
- u_int ndpi_get_ndpi_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_mod);
- u_int ndpi_get_ndpi_num_custom_protocols(struct ndpi_detection_module_struct *ndpi_mod);
u_int ndpi_get_ndpi_detection_module_size(void);
/* Simple helper to get current time, in sec */
@@ -1207,13 +1122,13 @@ extern "C" {
u_int8_t ndpi_is_public_ipv4(u_int32_t a /* host byte order */);
u_int64_t ndpi_htonll(u_int64_t v);
u_int64_t ndpi_ntohll(u_int64_t v);
- u_int8_t ndpi_is_valid_protoId(u_int16_t protoId);
u_int8_t ndpi_is_encrypted_proto(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol proto);
/* DGA */
int ndpi_check_dga_name(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow,
- char *name, u_int8_t is_hostname, u_int8_t check_subproto);
+ char *name, u_int8_t is_hostname, u_int8_t check_subproto,
+ u_int8_t flow_fully_classified);
/* Serializer (supports JSON, TLV, CSV) */
@@ -1728,6 +1643,7 @@ extern "C" {
float ndpi_data_variance(struct ndpi_analyze_struct *s);
float ndpi_data_stddev(struct ndpi_analyze_struct *s);
float ndpi_data_mean(struct ndpi_analyze_struct *s);
+ float ndpi_data_jitter(struct ndpi_analyze_struct *s);
u_int64_t ndpi_data_last(struct ndpi_analyze_struct *s);
u_int64_t ndpi_data_min(struct ndpi_analyze_struct *s);
u_int64_t ndpi_data_max(struct ndpi_analyze_struct *s);
@@ -1799,7 +1715,8 @@ extern "C" {
void ndpi_data_print_window_values(struct ndpi_analyze_struct *s); /* debug */
- ndpi_risk_enum ndpi_validate_url(char *url);
+ ndpi_risk_enum ndpi_validate_url(struct ndpi_detection_module_struct *ndpi_str,
+ struct ndpi_flow_struct *flow, char *url);
u_int8_t ndpi_is_protocol_detected(ndpi_protocol proto);
void ndpi_serialize_risk(ndpi_serializer *serializer, ndpi_risk risk);
@@ -2062,9 +1979,15 @@ extern "C" {
void ndpi_free_geoip(struct ndpi_detection_module_struct *ndpi_str);
int ndpi_get_geoip_asn(struct ndpi_detection_module_struct *ndpi_str,
char *ip, u_int32_t *asn);
+ int ndpi_get_geoip_aso(struct ndpi_detection_module_struct *ndpi_str,
+ char *ip, char *aso, u_int8_t aso_len);
int ndpi_get_geoip_country_continent(struct ndpi_detection_module_struct *ndpi_str, char *ip,
char *country_code, u_int8_t country_code_len,
char *continent, u_int8_t continent_len);
+ int ndpi_get_geoip_country_continent_city(struct ndpi_detection_module_struct *ndpi_str, char *ip,
+ char *country_code, u_int8_t country_code_len,
+ char *continent, u_int8_t continent_len,
+ char *city, u_int8_t city_len);
/* ******************************* */
@@ -2335,7 +2258,7 @@ extern "C" {
/* ******************************* */
- const char* ndpi_print_os_hint(u_int8_t os_hint);
+ const char* ndpi_print_os_hint(ndpi_os os_hint);
/* ******************************* */
@@ -2363,6 +2286,25 @@ extern "C" {
u_int32_t ndpi_cache_address_restore(struct ndpi_detection_module_struct *ndpi_struct, char *path, u_int32_t epoch_now);
u_int32_t ndpi_cache_address_flush_expired(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t epoch_now);
+ /* Protocol normalization functions */
+ /**
+ * Checks if the specified protocol identifier can be placed only on the master_protocol field of ndpi_master_app_protocol
+ * @param ndpi_str nDPI detection module
+ * @param proto_id nDPI protocol identifier
+ * @return true if proto_id cannot be used s app_protocol but only on master_protocol, false is it can be used on both fields
+ */
+ bool ndpi_is_master_only_protocol(struct ndpi_detection_module_struct *ndpi_str, u_int16_t proto_id);
+
+ /**
+ * Normalizes the ndpi_master_app_protocol by reworking values of the specified proto, placing the master/app protocols
+ * in the corresponding protocol fields
+ * @param ndpi_str nDPI detection module
+ * @param proto_id nDPI protocol identifier
+ * @return true if the protocok has been modified/normalized, false if proto has not been modified
+ */
+ bool ndpi_normalize_protocol(struct ndpi_detection_module_struct *ndpi_str,
+ ndpi_master_app_protocol *proto);
+
/* ******************************* */
const char *ndpi_lru_cache_idx_to_name(lru_cache_type idx);
@@ -2403,6 +2345,45 @@ extern "C" {
* @return Length of src string
*/
size_t ndpi_strlcpy(char* dst, const char* src, size_t dst_len, size_t src_len);
+
+ /**
+ * @brief Converts a string from ISO 8859 to UTF-8
+ *
+ * @param in String to convert
+ * @param in_len Source string lenght
+ * @param out Destination string buffer (UTF-8)
+ * @param out_len Length of destination string buffer. It must be at least (2*in_len)+1
+ *
+ * @return The destination string buffer
+ */
+ u_char* ndpi_str_to_utf8(u_char *in, u_int in_len, u_char *out, u_int out_len);
+
+ /**
+ * Performs a case-insensitive comparison of two memory regions
+ *
+ * @par s1 Pointer to the first memory region
+ * @par s2 Pointer to the second memory region
+ * @par n Number of bytes to compare
+ * @return < 0 if s1 is less than s2 in a case-insensitive comparison
+ * = 0 if s1 matches s2 in a case-insensitive comparison
+ * > 0 if s1 is greater than s2 in a case-insensitive comparison
+ * If s1 is NULL and s2 is not, returns -1
+ * If s2 is NULL and s1 is not, returns 1
+ * If both are NULL, returns 0
+ *
+ * This function works similarly to memcmp() but performs case-insensitive
+ * comparison.
+ */
+ int ndpi_memcasecmp(const void *s1, const void *s2, size_t n);
+
+
+ int ndpi_bitmask_alloc(struct ndpi_bitmask *b, u_int16_t max_bits);
+ void ndpi_bitmask_free(struct ndpi_bitmask *b);
+ void ndpi_bitmask_set(struct ndpi_bitmask *b, u_int16_t bit);
+ void ndpi_bitmask_clear(struct ndpi_bitmask *b, u_int16_t bit);
+ int ndpi_bitmask_is_set(const struct ndpi_bitmask *b, u_int16_t bit);
+ void ndpi_bitmask_set_all(struct ndpi_bitmask *b);
+ void ndpi_bitmask_reset(struct ndpi_bitmask *b);
#ifdef __cplusplus
}
diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in
index f5468e822..934f8e387 100644
--- a/src/include/ndpi_define.h.in
+++ b/src/include/ndpi_define.h.in
@@ -86,19 +86,9 @@
#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t
-/**
- * convenience macro to check for excluded protocol
- * a protocol is excluded if the flow is known and either the protocol is not detected at all
- * or the excluded bitmask contains the protocol
- */
-#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \
- ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \
- NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) )
-
#define MAX_DEFAULT_PORTS 5
-#define NDPI_EXCLUDE_PROTO(mod,flow) ndpi_exclude_protocol(mod, flow, NDPI_CURRENT_PROTO, __FILE__, __FUNCTION__, __LINE__)
-#define NDPI_EXCLUDE_PROTO_EXT(mod,flow,proto) ndpi_exclude_protocol(mod, flow, proto, __FILE__, __FUNCTION__, __LINE__)
+#define NDPI_EXCLUDE_DISSECTOR(mod,flow) exclude_dissector(mod, flow, mod->current_dissector_idx, __FILE__, __FUNCTION__, __LINE__)
/**
* macro for getting the string len of a static string
@@ -111,44 +101,14 @@
#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \
((x.u6_addr.u6_addr64[0] < y.u6_addr.u6_addr64[0]) || ((x.u6_addr.u6_addr64[0] == y.u6_addr.u6_addr64[0]) && (x.u6_addr.u6_addr64[1] < y.u6_addr.u6_addr64[1])))
-#define NDPI_NUM_BITS 512
-#define NDPI_NUM_BITS_MASK (512-1)
-
-#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */
#define howmanybits(x, y) (((x)+((y)-1))/(y))
-
-#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1ul << (((u_int32_t)n) % NDPI_BITS)))
-#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1ul << (((u_int32_t)n) % NDPI_BITS)))
-#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1ul << (((u_int32_t)n) % NDPI_BITS)))
-#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p)))
-#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p)))
-
-#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS)
-
-#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t
-
-#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b)
-#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b)
-#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a)
-#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a)
-#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); }
-
#define NDPI_SET_BIT(num, n) num |= 1ULL << ( n )
#define NDPI_CLR_BIT(num, n) num &= ~(1ULL << ( n ))
#define NDPI_CLR_BIT(num, n) num &= ~(1ULL << ( n ))
#define NDPI_ISSET_BIT(num, n) (num & (1ULL << ( n )))
#define NDPI_ZERO_BIT(num) num = 0
-
-/* this is a very very tricky macro *g*,
- * the compiler will remove all shifts here if the protocol is static...
- */
-#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask, value & NDPI_NUM_BITS_MASK)
-#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask, value & NDPI_NUM_BITS_MASK)
-#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask, value & NDPI_NUM_BITS_MASK)
-
-#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); }
-
+#define NDPI_ONES_BIT(num) num = -1;
#define ndpi_min(a,b) ((a < b) ? a : b)
#define ndpi_max(a,b) ((a > b) ? a : b)
@@ -218,13 +178,13 @@ static inline uint64_t get_u_int64_t(const uint8_t* X, int O)
#endif /* WIN32 */
-#define NDPI_MAX_DNS_REQUESTS 16
-#define NDPI_MIN_NUM_STUN_DETECTION 8
-
#define NDPI_MAJOR @NDPI_MAJOR@
#define NDPI_MINOR @NDPI_MINOR@
#define NDPI_PATCH @NDPI_PATCH@
+#define NDPI_MAX_DNS_REQUESTS 48
+#define NDPI_MIN_NUM_STUN_DETECTION 8
+
/* IMPORTANT: order according to its severity */
#define NDPI_CIPHER_SAFE 0
#define NDPI_CIPHER_WEAK 1
diff --git a/src/include/ndpi_includes.h b/src/include/ndpi_includes.h
index 3e864d300..83c118bac 100644
--- a/src/include/ndpi_includes.h
+++ b/src/include/ndpi_includes.h
@@ -1,7 +1,7 @@
/*
* ndpi_includes.h
*
- * Copyright (C) 2011-22 - ntop.org
+ * Copyright (C) 2011-25 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
diff --git a/src/include/ndpi_includes_OpenBSD.h b/src/include/ndpi_includes_OpenBSD.h
index 1d3a93ea2..61e3c8225 100644
--- a/src/include/ndpi_includes_OpenBSD.h
+++ b/src/include/ndpi_includes_OpenBSD.h
@@ -1,7 +1,7 @@
/*
* ndpi_includes_OpenBSD.h
*
- * Copyright (C) 2011-22 - ntop.org
+ * Copyright (C) 2011-25 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index 6bbeb320c..d589eb04d 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -1,7 +1,7 @@
/*
* ndpi_main.h
*
- * Copyright (C) 2011-22 - ntop.org
+ * Copyright (C) 2011-25 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -46,8 +46,6 @@ extern "C" {
void ndpi_twalk(const void *, void (*)(const void *, ndpi_VISIT, int, void*), void *user_data);
void ndpi_tdestroy(void *vrootp, void (*freefct)(void *));
- int NDPI_BITMASK_COMPARE(NDPI_PROTOCOL_BITMASK a, NDPI_PROTOCOL_BITMASK b);
-
u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str,
u_int16_t max_chars_to_read,
u_int16_t * bytes_read);
@@ -85,17 +83,10 @@ extern "C" {
int ndpi_handle_ipv6_extension_headers(u_int16_t l3len,
const u_int8_t ** l4ptr, u_int16_t * l4len,
u_int8_t * nxt_hdr);
-
- void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_str,
- u_int8_t is_cleartext, u_int8_t is_app_protocol,
- ndpi_protocol_breed_t breed,
- u_int16_t protoId, char *protoName,
- ndpi_protocol_category_t protoCategory,
- ndpi_port_range *tcpDefPorts,
- ndpi_port_range *udpDefPorts);
+
void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
ndpi_risk_enum r, char *risk_message);
- void ndpi_unset_risk(struct ndpi_flow_struct *flow, ndpi_risk_enum r);
+ void ndpi_unset_risk(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, ndpi_risk_enum r);
int ndpi_isset_risk(struct ndpi_flow_struct *flow, ndpi_risk_enum r);
int ndpi_is_printable_buffer(u_int8_t const * const buf, size_t len);
int ndpi_normalize_printable_string(char * const str, size_t len);
diff --git a/src/include/ndpi_patricia_typedefs.h b/src/include/ndpi_patricia_typedefs.h
index 41f15e790..84439a02b 100644
--- a/src/include/ndpi_patricia_typedefs.h
+++ b/src/include/ndpi_patricia_typedefs.h
@@ -1,7 +1,7 @@
/*
* ndpi_patricia_typedef.h
*
- * Copyright (C) 2011-22 - ntop.org
+ * Copyright (C) 2011-25 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h
index 07f8329e8..8d963149e 100644
--- a/src/include/ndpi_private.h
+++ b/src/include/ndpi_private.h
@@ -1,6 +1,6 @@
/*
*
- * Copyright (C) 2011-24 - ntop.org
+ * Copyright (C) 2011-25 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -53,44 +53,33 @@ typedef struct {
} ndpi_tls_cert_name_match;
struct call_function_struct {
- NDPI_PROTOCOL_BITMASK detection_bitmask;
- NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask;
+ char name[16]; /* Used only for logging/debugging */
void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow);
NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask;
- u_int16_t ndpi_protocol_id;
- u_int8_t detection_feature;
-};
-
-struct subprotocol_conf_struct {
- void (*func) (struct ndpi_detection_module_struct *, char *attr, char *value, int protocol_id);
+ u_int16_t dissector_idx;
+ /* We don't need to keep track of the list of protocols handled by this dissector */
+ u_int16_t first_protocol_id; /* ID of the first protocol registered with this dissector.
+ It is used ONLY for logging, because logging configuration
+ is (still) for protocol, not for dissector */
};
typedef struct default_ports_tree_node {
- ndpi_proto_defaults_t *proto;
+ u_int16_t proto_idx;
u_int8_t customUserProto;
u_int16_t default_port;
} default_ports_tree_node_t;
-#define LINE_EQUALS(ndpi_int_one_line_struct, string_to_compare) \
- ((ndpi_int_one_line_struct).len == strlen(string_to_compare) && \
- LINE_CMP(ndpi_int_one_line_struct, string_to_compare, strlen(string_to_compare)) == 1)
-
#define LINE_STARTS(ndpi_int_one_line_struct, string_to_compare) \
- ((ndpi_int_one_line_struct).len >= strlen(string_to_compare) && \
- LINE_CMP(ndpi_int_one_line_struct, string_to_compare, strlen(string_to_compare)) == 1)
+ ((ndpi_int_one_line_struct).ptr != NULL && \
+ (ndpi_int_one_line_struct).len >= strlen(string_to_compare) && \
+ strncasecmp((const char *)((ndpi_int_one_line_struct).ptr), string_to_compare, strlen(string_to_compare)) == 0)
#define LINE_ENDS(ndpi_int_one_line_struct, string_to_compare) \
((ndpi_int_one_line_struct).len >= strlen(string_to_compare) && \
- ndpi_strncasestr((const char *)((ndpi_int_one_line_struct).ptr) + \
- ((ndpi_int_one_line_struct).len - strlen(string_to_compare)), \
- string_to_compare, strlen(string_to_compare)) == \
- (const char *)((ndpi_int_one_line_struct).ptr) + ((ndpi_int_one_line_struct).len - strlen(string_to_compare)))
-
-#define LINE_CMP(ndpi_int_one_line_struct, string_to_compare, string_to_compare_length) \
- ((ndpi_int_one_line_struct).ptr != NULL && \
- ndpi_strncasestr((const char *)((ndpi_int_one_line_struct).ptr), string_to_compare, \
- string_to_compare_length) == (const char *)((ndpi_int_one_line_struct).ptr))
+ strncasecmp((const char *)((ndpi_int_one_line_struct).ptr) + \
+ ((ndpi_int_one_line_struct).len - strlen(string_to_compare)), \
+ string_to_compare, strlen(string_to_compare)) == 0)
#define NDPI_MAX_PARSE_LINES_PER_PACKET 64
@@ -104,7 +93,6 @@ struct ndpi_packet_struct {
const struct ndpi_ipv6hdr *iphv6;
const struct ndpi_tcphdr *tcp;
const struct ndpi_udphdr *udp;
- const u_int8_t *generic_l4_ptr; /* is set only for non tcp-udp traffic */
const u_int8_t *payload;
u_int64_t current_time_ms;
@@ -126,6 +114,23 @@ struct ndpi_packet_struct {
struct ndpi_int_one_line_struct upgrade_line;
struct ndpi_int_one_line_struct http_response; /* the first "word" in this pointer is the
response code in the packet (200, etc) */
+ struct ndpi_int_one_line_struct bootid;
+ struct ndpi_int_one_line_struct usn;
+ struct ndpi_int_one_line_struct cache_controle;
+ struct ndpi_int_one_line_struct location;
+ struct ndpi_int_one_line_struct household_smart_speaker_audio;
+ struct ndpi_int_one_line_struct rincon_household;
+ struct ndpi_int_one_line_struct rincon_bootseq;
+ struct ndpi_int_one_line_struct rincon_wifimode;
+ struct ndpi_int_one_line_struct rincon_variant;
+ struct ndpi_int_one_line_struct sonos_securelocation;
+ struct ndpi_int_one_line_struct securelocation_upnp;
+ struct ndpi_int_one_line_struct location_smart_speaker_audio;
+ struct ndpi_int_one_line_struct nt;
+ struct ndpi_int_one_line_struct nts;
+ struct ndpi_int_one_line_struct man;
+ struct ndpi_int_one_line_struct mx;
+ struct ndpi_int_one_line_struct st;
u_int16_t l3_packet_len;
u_int16_t payload_packet_len;
@@ -174,10 +179,23 @@ struct ndpi_global_context {
/* FPC DNS cache */
struct ndpi_lru_cache *fpc_dns_global_cache;
+
+ /* Signal STUN cache */
+ struct ndpi_lru_cache *signal_global_cache;
};
#define CFG_MAX_LEN 256
+
+ /*
+ NOTE: keep it in sync with "metadata.tcp_fingerprint_format"
+ in ndpi_main.c
+ */
+ typedef enum {
+ NDPI_NATIVE_TCP_FINGERPRINT = 0,
+ NDPI_MUONFP_TCP_FINGERPRINT /* https://github.com/sundruid/muonfp */
+ } ndpi_tcp_fingerprint_format;
+
struct ndpi_detection_module_config_struct {
int max_packets_to_process;
int direction_detect_enabled;
@@ -206,7 +224,9 @@ struct ndpi_detection_module_config_struct {
int guess_ip_before_port;
int use_client_ip_in_guess;
int use_client_port_in_guess;
+ ndpi_tcp_fingerprint_format tcp_fingerprint_format;
int tcp_fingerprint_enabled;
+ int tcp_fingerprint_raw_enabled;
char filename_config[CFG_MAX_LEN];
@@ -235,14 +255,31 @@ struct ndpi_detection_module_config_struct {
int fpc_dns_cache_num_entries;
int fpc_dns_cache_ttl;
int fpc_dns_cache_scope;
-
+ int signal_cache_num_entries;
+ int signal_cache_ttl;
+ int signal_cache_scope;
+
/* Protocols */
+ int http_request_content_type_enabled;
+ int http_referer_enabled;
+ int http_host_enabled;
+ int http_username_enabled;
+ int http_password_enabled;
+
int tls_certificate_expire_in_x_days;
int tls_app_blocks_tracking_enabled;
int tls_heuristics;
int tls_heuristics_max_packets;
+ int tls_versions_supported_enabled;
+ int tls_alpn_negotiated_enabled;
+ int tls_cipher_enabled;
int tls_sha1_fingerprint_enabled;
+ int tls_cert_server_names_enabled;
+ int tls_cert_validity_enabled;
+ int tls_cert_issuer_enabled;
+ int tls_cert_subject_enabled;
+ int tls_broswer_enabled;
int tls_ja3s_fingerprint_enabled;
int tls_ja4c_fingerprint_enabled;
int tls_ja4r_fingerprint_enabled;
@@ -265,12 +302,17 @@ struct ndpi_detection_module_config_struct {
int stun_opportunistic_tls_enabled;
int stun_max_packets_extra_dissection;
+ int rtp_max_packets_extra_dissection;
int stun_mapped_address_enabled;
int stun_response_origin_enabled;
int stun_other_address_enabled;
int stun_relayed_address_enabled;
int stun_peer_address_enabled;
+ int bittorrent_hash_enabled;
+
+ int ssdp_metadata_enabled;
+
int dns_subclassification_enabled;
int dns_parse_response_enabled;
@@ -289,21 +331,22 @@ struct ndpi_detection_module_config_struct {
int wireguard_subclassification_by_ip;
- NDPI_PROTOCOL_BITMASK debug_bitmask;
- NDPI_PROTOCOL_BITMASK ip_list_bitmask;
- NDPI_PROTOCOL_BITMASK monitoring;
+ struct ndpi_bitmask detection_bitmask;
+
+ struct ndpi_bitmask debug_bitmask;
+ struct ndpi_bitmask ip_list_bitmask;
+ struct ndpi_bitmask monitoring;
- NDPI_PROTOCOL_BITMASK flowrisk_bitmask;
+ struct ndpi_bitmask flowrisk_bitmask;
+ struct ndpi_bitmask flowrisk_info_bitmask;
int flow_risk_lists_enabled;
int risk_anonymous_subscriber_list_icloudprivaterelay_enabled;
- int risk_anonymous_subscriber_list_protonvpn_enabled;
+ int risk_anonymous_subscriber_list_tor_exit_nodes_enabled;
int risk_crawler_bot_list_enabled;
};
struct ndpi_detection_module_struct {
- NDPI_PROTOCOL_BITMASK detection_bitmask;
-
u_int64_t current_ts;
u_int16_t num_tls_blocks_to_follow;
u_int8_t skip_tls_blocks_until_change_cipher:1, finalized:1, _notused:6;
@@ -323,6 +366,8 @@ struct ndpi_detection_module_struct {
u_int32_t callback_buffer_size_tcp_payload;
u_int32_t callback_buffer_size_udp;
u_int32_t callback_buffer_size_non_tcp_udp;
+ u_int32_t callback_buffer_num;
+ u_int32_t current_dissector_idx;
default_ports_tree_node_t *tcpRoot, *udpRoot;
@@ -336,11 +381,9 @@ struct ndpi_detection_module_struct {
/* misc parameters */
u_int32_t tcp_max_retransmission_window_size;
- /* subprotocol registration handler */
- struct subprotocol_conf_struct subprotocol_conf[NDPI_MAX_SUPPORTED_PROTOCOLS + 1];
-
- u_int ndpi_num_supported_protocols;
- u_int ndpi_num_custom_protocols;
+ u_int num_supported_protocols;
+ u_int num_custom_protocols;
+ u_int num_internal_protocols;
/* HTTP/DNS/HTTPS/QUIC host matching */
ndpi_automa host_automa, /* Used for DNS/HTTPS */
@@ -351,7 +394,7 @@ struct ndpi_detection_module_struct {
* update automa_type above
*/
- ndpi_str_hash *malicious_ja4_hashmap, *malicious_sha1_hashmap;
+ ndpi_str_hash *malicious_ja4_hashmap, *malicious_sha1_hashmap, *tcp_fingerprint_hashmap;
ndpi_list *trusted_issuer_dn;
@@ -378,6 +421,9 @@ struct ndpi_detection_module_struct {
/* NDPI_PROTOCOL_OOKLA */
struct ndpi_lru_cache *ookla_cache;
+ /* NDPI_PROTOCOL_SIGNAL */
+ struct ndpi_lru_cache *signal_cache;
+
/* NDPI_PROTOCOL_BITTORRENT */
struct ndpi_lru_cache *bittorrent_cache;
@@ -398,8 +444,11 @@ struct ndpi_detection_module_struct {
/* *** If you add a new LRU cache, please update lru_cache_type above! *** */
- u_int16_t ndpi_to_user_proto_id[NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; /* custom protocolId mapping */
- ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS];
+ u_int16_t *ndpi_to_user_proto_id; /* custom protocolId mapping */
+ u_int16_t ndpi_to_user_proto_id_num_allocated;
+
+ ndpi_proto_defaults_t *proto_defaults;
+ u_int16_t proto_defaults_num_allocated;
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_typedefs.h"
@@ -570,6 +619,17 @@ struct ndpi_detection_module_struct {
/* Generic */
+int is_proto_enabled(struct ndpi_detection_module_struct *ndpi_str, int protoId);
+int is_flowrisk_enabled(struct ndpi_detection_module_struct *ndpi_str, ndpi_risk_enum flowrisk_id);
+
+void register_dissector(char *dissector_name, struct ndpi_detection_module_struct *ndpi_str,
+ void (*func)(struct ndpi_detection_module_struct *,
+ struct ndpi_flow_struct *flow),
+ const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask,
+ int num_protocol_ids, ...);
+void exclude_dissector(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
+ u_int16_t dissector_idx, const char *_file, const char *_func, int _line) ;
+
char *strptime(const char *s, const char *format, struct tm *tm);
u_int8_t iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *iph, const u_int16_t ipsize);
@@ -638,13 +698,16 @@ int load_config_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd)
int load_category_file_fd(struct ndpi_detection_module_struct *ndpi_str,
FILE *fd, ndpi_protocol_category_t category_id);
-u_int64_t fpc_dns_cache_key_from_dns_info(struct ndpi_flow_struct *flow);
+u_int64_t fpc_dns_cache_key_from_flow(struct ndpi_flow_struct *flow);
bool ndpi_cache_address(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_ip_addr_t ip_addr, char *hostname,
u_int32_t epoch_now, u_int32_t ttl);
int is_monitoring_enabled(struct ndpi_detection_module_struct *ndpi_str, int protoId);
+int is_flowrisk_info_enabled(struct ndpi_detection_module_struct *ndpi_str, ndpi_risk_enum flowrisk_id);
+
+u_int8_t ndpi_is_valid_protoId(const struct ndpi_detection_module_struct *ndpi_str, u_int16_t protoId);
/* TLS */
int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
@@ -666,6 +729,12 @@ int ookla_search_into_cache(struct ndpi_detection_module_struct* ndpi_struct,
void ookla_add_to_cache(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
+/* SIGNAL */
+int signal_search_into_cache(struct ndpi_detection_module_struct* ndpi_struct,
+ struct ndpi_flow_struct* flow);
+void signal_add_to_cache(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow);
+
/* QUIC */
int quic_len(const uint8_t *buf, uint64_t *value);
int quic_len_buffer_still_required(uint8_t value);
@@ -699,7 +768,7 @@ int search_into_bittorrent_cache(struct ndpi_detection_module_struct *ndpi_struc
/* Stun */
int is_stun(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
- u_int16_t *app_proto);
+ u_int16_t *app_proto, ndpi_protocol_category_t *category);
void switch_extra_dissection_to_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, int std_callback);
/* TPKT */
@@ -710,266 +779,265 @@ u_int64_t mining_make_lru_cache_key(struct ndpi_flow_struct *flow);
/* Protocols init */
-void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_teredo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_corba_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_crossfire_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_dcerpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_dhcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_dhcpv6_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_dns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_dropbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_eaq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_edonkey_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ftp_control_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ftp_data_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_gnutella_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_gtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_hsrp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_halflife2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_hots_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ipp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_jabber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_kerberos_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ldap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_lotus_notes_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mail_imap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mail_pop_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mail_smtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_maplestory_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mgcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mining_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mikrotik_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_monero_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_nats_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mssql_tds_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mysql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_nfs_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_noe_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ntp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_oracle_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_postgres_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_pptp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_qq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_quake_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_quic_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_radius_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_rdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_resp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_rsync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_rtmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_shoutcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_sip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_imo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_skinny_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_socrates_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_socks_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_sonos_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ssh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_tls_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_starcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_syslog_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ssdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_telnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_tftp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_wsd_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_veohtv_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_vmware_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_vnc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_vxlan_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_warcraft3_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_whois_das_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_world_of_warcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_world_of_kung_fu_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_xbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_xdmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_zmq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_stracraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_coap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id);
-void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id);
-void init_rx_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_cpha_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_amazon_video_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_memcached_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_nest_log_sink_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_modbus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_capwap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_zabbix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_wireguard_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_dnp3_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_104_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_s7comm_dissector(struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id);
-void init_websocket_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_soap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_dnscrypt_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mongodb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_among_us_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_hpvirtgrp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_genshin_impact_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_z3950_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_avast_securedns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_cassandra_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ethernet_ip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_toca_boca_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_sd_rtn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_raknet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_xiaomi_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mpegdash_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_rsh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ipsec_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_collectd_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_i3d_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_riotgames_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ultrasurf_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_threema_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_alicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_avast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_softether_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_activision_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_discord_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_tivoconnect_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_kismet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_fastcgi_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_natpmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_syncthing_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_crynet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_line_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_munin_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_elasticsearch_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_tuya_lp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_tplink_shp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_merakicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_tailscale_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_source_engine_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_bacnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_oicq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_epicgames_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_bitcoin_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_apache_thrift_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_slp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_http2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_haproxy_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_rmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_can_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_protobuf_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ethereum_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ptpv2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_hart_ip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_rtps_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_opc_ua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_fins_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ethersio_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_beckhoff_ads_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_iso9506_1_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ieee_c37118_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ethersbus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_profinet_io_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_hislip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_uftp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_openflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_json_rpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_kafka_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_nomachine_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_iec62056_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_hl7_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ceph_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_roughtime_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_kcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_valve_sdr_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_mumble_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_zoom_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_yojimbo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_stomp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_radmin_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_raft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_cip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_gearman_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_tencent_games_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_gaijin_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_c1222_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_dlep_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_bfd_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_netease_games_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_pathofexile_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_pfcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_flute_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_lolwildrift_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_teso_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ldp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_knxnet_ip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_bfcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_iqiyi_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_egd_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_cod_mobile_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_zug_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_jrmi_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ripe_atlas_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_cloudflare_warp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_nano_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_openwire_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_cnp_ip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_atg_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_trdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_lustre_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_dingtalk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_paltalk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_dicom_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-
-
+void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_teredo_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_corba_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_crossfire_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_dcerpc_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_dhcp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_dhcpv6_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_dns_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_dropbox_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_eaq_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_edonkey_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ftp_control_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ftp_data_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_gnutella_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_gtp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_hsrp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_guildwars2_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_hots_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ipp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_jabber_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_kerberos_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ldap_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_hcl_notes_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mail_imap_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mail_pop_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mail_smtp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_nexon_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mgcp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mining_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mikrotik_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_monero_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_nats_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mssql_tds_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mysql_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_nfs_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_noe_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ntp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_oracle_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_postgres_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_pptp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_qq_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_quake_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_quic_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_radius_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_rdp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_resp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_rsync_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_rtmp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_shoutcast_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_sip_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_imo_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_skinny_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_socrates_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_socks_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_sonos_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ssh_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_tls_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_blizzard_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_syslog_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ssdp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_telnet_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_tftp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_wsd_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_veohtv_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_vmware_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_vnc_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_vxlan_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_whois_das_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_xbox_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_xdmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_zmq_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_stracraft_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_coap_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct);
+void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct);
+void init_rx_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_cpha_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_amazon_video_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_memcached_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_nest_log_sink_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_modbus_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_capwap_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_zabbix_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_wireguard_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_dnp3_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_104_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_s7comm_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_websocket_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_soap_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_dnscrypt_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mongodb_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_among_us_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_hpvirtgrp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_genshin_impact_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_z3950_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_avast_securedns_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_cassandra_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ethernet_ip_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_toca_boca_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_sd_rtn_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_raknet_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_xiaomi_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mpegdash_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_rsh_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ipsec_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_collectd_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_i3d_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_riotgames_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ultrasurf_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_threema_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_alicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_avast_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_softether_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_activision_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_discord_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_tivoconnect_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_kismet_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_fastcgi_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_natpmp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_syncthing_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_crynet_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_line_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_munin_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_elasticsearch_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_tuya_lp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_tplink_shp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_merakicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_tailscale_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_source_engine_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_bacnet_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_oicq_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_epicgames_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_bitcoin_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_apache_thrift_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_slp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_http2_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_haproxy_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_rmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_can_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_protobuf_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ethereum_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ptpv2_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_hart_ip_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_rtps_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_opc_ua_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_fins_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ethersio_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_beckhoff_ads_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_iso9506_1_mms_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ieee_c37118_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ethersbus_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_profinet_io_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_hislip_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_uftp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_openflow_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_json_rpc_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_kafka_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_nomachine_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_iec62056_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_hl7_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ceph_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_roughtime_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_kcp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_valve_sdr_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_mumble_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_zoom_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_yojimbo_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_stomp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_radmin_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_raft_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_cip_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_gearman_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_tencent_games_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_gaijin_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_c1222_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_dlep_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_bfd_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_netease_games_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_pathofexile_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_pfcp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_flute_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_lolwildrift_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_teso_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ldp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_knxnet_ip_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_bfcp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_iqiyi_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_egd_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_cod_mobile_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_zug_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_jrmi_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_ripe_atlas_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_cloudflare_warp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_nano_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_openwire_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_cnp_ip_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_atg_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_trdp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_lustre_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_dingtalk_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_paltalk_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_dicom_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_lagofast_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_gearup_booster_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_msdo_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_melsec_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_hamachi_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_glbp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_private.h"
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 91071d45b..a4a4fc7fe 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -1,7 +1,7 @@
/*
* ndpi_protocol_ids.h
*
- * Copyright (C) 2011-22 - ntop.org
+ * Copyright (C) 2011-25 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -103,7 +103,7 @@ typedef enum {
NDPI_PROTOCOL_HART_IP = 72,
NDPI_PROTOCOL_IP_VRRP = 73,
NDPI_PROTOCOL_STEAM = 74,
- NDPI_PROTOCOL_HALFLIFE2 = 75,
+ NDPI_PROTOCOL_MELSEC = 75,
NDPI_PROTOCOL_WORLDOFWARCRAFT = 76,
NDPI_PROTOCOL_TELNET = 77,
NDPI_PROTOCOL_STUN = 78,
@@ -135,17 +135,17 @@ typedef enum {
NDPI_PROTOCOL_ARMAGETRON = 104,
NDPI_PROTOCOL_CROSSFIRE = 105,
NDPI_PROTOCOL_DOFUS = 106,
- NDPI_PROTOCOL_ADS_ANALYTICS_TRACK = 107, /* Generic id for advertisement/analytics/tracking stuff */
- NDPI_PROTOCOL_ADULT_CONTENT = 108,
- NDPI_PROTOCOL_GUILDWARS = 109,
+ NDPI_PROTOCOL_FREE_107 = 107, /* Free to use */
+ NDPI_PROTOCOL_FREE = 108, /* Free to use */
+ NDPI_PROTOCOL_GUILDWARS2 = 109,
NDPI_PROTOCOL_AMAZON_ALEXA = 110,
NDPI_PROTOCOL_KERBEROS = 111,
NDPI_PROTOCOL_LDAP = 112,
- NDPI_PROTOCOL_MAPLESTORY = 113,
+ NDPI_PROTOCOL_NEXON = 113,
NDPI_PROTOCOL_MSSQL_TDS = 114,
NDPI_PROTOCOL_PPTP = 115,
- NDPI_PROTOCOL_WARCRAFT3 = 116,
- NDPI_PROTOCOL_WORLD_OF_KUNG_FU = 117,
+ NDPI_PROTOCOL_IP_AH = 116,
+ NDPI_PROTOCOL_IP_ESP = 117,
NDPI_PROTOCOL_SLACK = 118,
NDPI_PROTOCOL_FACEBOOK = 119,
NDPI_PROTOCOL_TWITTER = 120,
@@ -153,7 +153,7 @@ typedef enum {
NDPI_PROTOCOL_GMAIL = 122,
NDPI_PROTOCOL_GOOGLE_MAPS = 123,
NDPI_PROTOCOL_YOUTUBE = 124,
- NDPI_PROTOCOL_FREE_125 = 125, /* FREE */
+ NDPI_PROTOCOL_MOZILLA = 125,
NDPI_PROTOCOL_GOOGLE = 126,
NDPI_PROTOCOL_MS_RPCH = 127,
NDPI_PROTOCOL_NETFLOW = 128,
@@ -178,7 +178,7 @@ typedef enum {
NDPI_PROTOCOL_WINDOWS_UPDATE = 147,
NDPI_PROTOCOL_TEAMVIEWER = 148,
NDPI_PROTOCOL_EGD = 149,
- NDPI_PROTOCOL_LOTUS_NOTES = 150,
+ NDPI_PROTOCOL_HCL_NOTES = 150,
NDPI_PROTOCOL_SAP = 151,
NDPI_PROTOCOL_GTP = 152,
NDPI_PROTOCOL_WSD = 153,
@@ -197,7 +197,7 @@ typedef enum {
NDPI_PROTOCOL_RSYNC = 166,
NDPI_PROTOCOL_ORACLE = 167,
NDPI_PROTOCOL_CORBA = 168,
- NDPI_PROTOCOL_UBUNTUONE = 169,
+ NDPI_PROTOCOL_CANONICAL = 169,
NDPI_PROTOCOL_WHOIS_DAS = 170,
NDPI_PROTOCOL_SD_RTN = 171, /* Agora SD-RTN: https://www.agora.io/en */
NDPI_PROTOCOL_SOCKS = 172,
@@ -212,7 +212,7 @@ typedef enum {
NDPI_PROTOCOL_MEGACO = 181,
NDPI_PROTOCOL_RESP = 182,
NDPI_PROTOCOL_PINTEREST = 183,
- NDPI_PROTOCOL_VHUA = 184,
+ NDPI_PROTOCOL_OSPF = 184,
NDPI_PROTOCOL_TELEGRAM = 185,
NDPI_PROTOCOL_COD_MOBILE = 186,
NDPI_PROTOCOL_PANDORA = 187,
@@ -241,7 +241,7 @@ typedef enum {
NDPI_PROTOCOL_DEEZER = 210,
NDPI_PROTOCOL_INSTAGRAM = 211,
NDPI_PROTOCOL_MICROSOFT = 212,
- NDPI_PROTOCOL_STARCRAFT = 213,
+ NDPI_PROTOCOL_BLIZZARD = 213,
NDPI_PROTOCOL_TEREDO = 214,
NDPI_PROTOCOL_HOTSPOT_SHIELD = 215,
NDPI_PROTOCOL_IMO = 216,
@@ -471,6 +471,16 @@ typedef enum {
NDPI_PROTOCOL_YANDEX_ALICE = 440,
NDPI_PROTOCOL_VIVOX = 441,
NDPI_PROTOCOL_DIGITALOCEAN = 442,
+ NDPI_PROTOCOL_RUTUBE = 443,
+ NDPI_PROTOCOL_LAGOFAST = 444,
+ NDPI_PROTOCOL_GEARUP_BOOSTER = 445,
+ NDPI_PROTOCOL_FREE_1 = 446, /* Free to use */
+ NDPI_PROTOCOL_UBIQUITY = 447,
+ NDPI_PROTOCOL_MSDO = 448,
+ NDPI_PROTOCOL_ROCKSTAR_GAMES = 449,
+ NDPI_PROTOCOL_KICK = 450,
+ NDPI_PROTOCOL_HAMACHI = 451,
+ NDPI_PROTOCOL_GLBP = 452,
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"
@@ -483,12 +493,9 @@ typedef enum {
(placeholders to avoid protocol renumbering)
*/
- /* IMPORTANT:NDPI_LAST_IMPLEMENTED_PROTOCOL MUST BE THE LAST ELEMENT */
- NDPI_LAST_IMPLEMENTED_PROTOCOL
+ /* IMPORTANT: DO NOT ADD A "_LAST" or "_MAX" ENTRY HERE!!!
+ The number of protocols is calculated at runtime!
+ */
} ndpi_protocol_id_t;
-#define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN
-#define NDPI_MAX_SUPPORTED_PROTOCOLS NDPI_LAST_IMPLEMENTED_PROTOCOL
-#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
-
#endif /* __NDPI_PROTOCOL_IDS_H__ */
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index dd9effa95..d38d50c09 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1,7 +1,7 @@
/*
* ndpi_typedefs.h
*
- * Copyright (C) 2011-23 - ntop.org
+ * Copyright (C) 2011-25 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -130,7 +130,7 @@ typedef enum {
NDPI_SSH_OBSOLETE_CLIENT_VERSION_OR_CIPHER,
NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER,
NDPI_SMB_INSECURE_VERSION, /* 20 */
- NDPI_TLS_SUSPICIOUS_ESNI_USAGE,
+ NDPI_FREE_21, /* FREE */
NDPI_UNSAFE_PROTOCOL,
NDPI_DNS_SUSPICIOUS_TRAFFIC,
NDPI_TLS_MISSING_SNI,
@@ -162,12 +162,13 @@ typedef enum {
NDPI_PERIODIC_FLOW, /* Set in case a flow repeats at a specific pace [used by apps on top of nDPI] */
NDPI_MINOR_ISSUES, /* Generic packet issues (e.g. DNS with 0 TTL) */
NDPI_TCP_ISSUES, /* 50 */ /* TCP issues such as connection failed or scan */
- NDPI_FULLY_ENCRYPTED, /* This (unknown) session is fully encrypted */
+ NDPI_FREE_51, /* FREE */
NDPI_TLS_ALPN_SNI_MISMATCH, /* Invalid ALPN/SNI combination */
NDPI_MALWARE_HOST_CONTACTED, /* Flow client contacted a malware host */
NDPI_BINARY_DATA_TRANSFER, /* Attempt to transfer something in binary format */
NDPI_PROBING_ATTEMPT, /* Probing attempt (e.g. TCP connection with no data exchanged or unidirection traffic for bidirectional flows such as SSH) */
NDPI_OBFUSCATED_TRAFFIC,
+ /* Before allocating a new risk here, check if there are FREE entries above */
/* Leave this as last member */
NDPI_MAX_RISK /* must be <= 63 due to (**) */
@@ -188,11 +189,11 @@ typedef enum {
please update ndpi_check_flow_risk_exceptions()
(in ndpi_utils.c) whenever you add a new parameter
*/
-
+
/* Leave this as last member */
NDPI_MAX_RISK_PARAM_ID
} ndpi_risk_param_id;
-
+
typedef struct {
ndpi_risk_param_id id;
void *value; /* char* for strings, u_int32_t* for IPv4 addresses */
@@ -261,15 +262,25 @@ typedef u_int32_t ndpi_ndpi_mask;
#define MAX_NUM_RISK_INFOS 8
-/* NDPI_PROTO_BITMASK_STRUCT */
-#ifdef NDPI_CFFI_PREPROCESSING
-#undef NDPI_NUM_FDS_BITS
-#define NDPI_NUM_FDS_BITS 16
+struct ndpi_bitmask {
+ u_int16_t max_bits;
+ u_int16_t num_fds;
+ ndpi_ndpi_mask *fds;
+};
+
+#define NDPI_MAX_NUM_DISSECTORS 288 /* Multiple of 32 */
+#ifndef NDPI_CFFI_PREPROCESSING
+#define NDPI_NUM_FDS_DISSECTORS howmanybits(NDPI_MAX_NUM_DISSECTORS, 32)
+#else
+#define NDPI_NUM_FDS_DISSECTORS 9
#endif
-typedef struct ndpi_protocol_bitmask_struct {
- ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS];
-} ndpi_protocol_bitmask_struct_t;
+/* Similar to `struct ndpi_bitmask` but with pre-allocated memory, i.e. fixed size.
+ Used only internally in `ndpi_flow_struct`
+ */
+struct ndpi_dissector_bitmask {
+ ndpi_ndpi_mask fds[NDPI_NUM_FDS_DISSECTORS];
+};
struct ndpi_detection_module_struct;
@@ -750,7 +761,7 @@ typedef enum {
NDPI_LRUCACHE_MINING,
NDPI_LRUCACHE_MSTEAMS,
NDPI_LRUCACHE_FPC_DNS, /* FPC DNS cache */
-
+ NDPI_LRUCACHE_SIGNAL,
NDPI_LRUCACHE_MAX /* Last one! */
} lru_cache_type;
@@ -805,6 +816,13 @@ struct ndpi_lru_cache {
/* ************************************************** */
struct ndpi_flow_tcp_struct {
+ /* TCP sequence number */
+ u_int32_t next_tcp_seq_nr[2];
+ u_int16_t last_tcp_pkt_payload_len;
+
+ /* Part of the TCP header */
+ u_int8_t cli2srv_tcp_flags, srv2cli_tcp_flags;
+
/* NDPI_PROTOCOL_MAIL_SMTP */
/* NDPI_PROTOCOL_MAIL_POP */
/* NDPI_PROTOCOL_MAIL_IMAP */
@@ -815,102 +833,103 @@ struct ndpi_flow_tcp_struct {
char username[32], password[16];
} ftp_imap_pop_smtp;
+ struct {
+ /* NDPI_PROTOCOL_TLS */
+ u_int8_t app_data_seen[2];
+ u_int8_t num_tls_blocks;
+ int16_t tls_application_blocks_len[NDPI_MAX_NUM_TLS_APPL_BLOCKS]; /* + = src->dst, - = dst->src */
+ } tls;
+
+
+
/* NDPI_PROTOCOL_MAIL_SMTP */
u_int16_t smtp_command_bitmask;
/* NDPI_PROTOCOL_MAIL_POP */
u_int16_t pop_command_bitmask;
+ /* NDPI_PROTOCOL_RTMP */
+ u_int16_t rtmp_client_buffer_len;
+
+ /* NDPI_PROTOCOL_HCL_NOTES */
+ u_int8_t hcl_notes_packet_id;
+
/* NDPI_PROTOCOL_WHATSAPP */
u_int8_t wa_matched_so_far;
/* NDPI_PROTOCOL_IRC */
u_int8_t irc_stage;
- /* NDPI_PROTOCOL_GNUTELLA */
- u_int8_t gnutella_msg_id[3];
+ /* NDPI_PROTOCOL_NEST_LOG_SINK */
+ u_int8_t nest_log_sink_matches;
+
+ /* NDPI_PROTOCOL_MEMCACHED */
+ u_int8_t memcached_matches;
+
+ /* Part of the TCP header */
+ u_int64_t seen_syn:1, seen_syn_ack:1, seen_ack:1;
/* NDPI_PROTOCOL_IRC */
- u_int32_t irc_3a_counter:3;
+ u_int64_t irc_3a_counter:3;
/* NDPI_PROTOCOL_USENET */
- u_int32_t usenet_stage:2;
+ u_int64_t usenet_stage:2;
/* NDPI_PROTOCOL_HTTP */
- u_int32_t http_stage:3;
- u_int32_t http_asymmetric_stage:2;
+ u_int64_t http_stage:3;
+ u_int64_t http_asymmetric_stage:2;
/* NDPI_PROTOCOL_GNUTELLA */
- u_int32_t gnutella_stage:2; // 0 - 2
+ u_int64_t gnutella_stage:2;
/* NDPI_PROTOCOL_SSH */
- u_int32_t ssh_stage:3;
+ u_int64_t ssh_stage:3;
/* NDPI_PROTOCOL_VNC */
- u_int32_t vnc_stage:2; // 0 - 3
+ u_int64_t vnc_stage:2;
/* NDPI_PROTOCOL_TELNET */
- u_int32_t telnet_stage:2; // 0 - 2
+ u_int64_t telnet_stage:2;
- /* NDPI_PROTOCOL_RTMP */
- u_int32_t rtmp_stage:2;
- u_int16_t rtmp_client_buffer_len;
-
- struct {
- /* NDPI_PROTOCOL_TLS */
- u_int8_t app_data_seen[2];
- u_int8_t num_tls_blocks;
- int16_t tls_application_blocks_len[NDPI_MAX_NUM_TLS_APPL_BLOCKS]; /* + = src->dst, - = dst->src */
- } tls;
-
- /* NDPI_PROTOCOL_POSTGRES */
- u_int32_t postgres_stage:3;
-
- /* Part of the TCP header. */
- u_int32_t seen_syn:1, seen_syn_ack:1, seen_ack:1, __notused:29;
- u_int8_t cli2srv_tcp_flags, srv2cli_tcp_flags;
-
- /* NDPI_PROTOCOL_ICECAST */
- u_int32_t icecast_stage:1;
+ /* NDPI_PROTOCOL_RADMIN */
+ u_int64_t radmin_stage:1;
- /* NDPI_PROTOCOL_DOFUS */
- u_int32_t dofus_stage:1;
+ /* NDPI_PROTOCOL_FTP_CONTROL */
+ u_int64_t ftp_control_stage:2;
- /* NDPI_PROTOCOL_WORLDOFWARCRAFT */
- u_int32_t wow_stage:2;
+ /* NDPI_PROTOCOL_SOAP */
+ u_int64_t soap_stage:1;
- /* NDPI_PROTOCOL_MAIL_POP */
- u_int32_t mail_pop_stage:2;
+ /* NDPI_PROTOCOL_SOCKS */
+ u_int64_t socks5_stage:2;
+ u_int64_t socks4_stage:2;
- /* NDPI_PROTOCOL_MAIL_IMAP */
- u_int32_t mail_imap_stage:3, mail_imap_starttls:2;
+ /* NDPI_PROTOCOL_Z3950 */
+ u_int64_t z3950_stage:2;
- /* NDPI_PROTOCOL_SOAP */
- u_int32_t soap_stage:1;
+ /* NDPI_PROTOCOL_RTMP */
+ u_int64_t rtmp_stage:2;
- /* NDPI_PROTOCOL_LOTUS_NOTES */
- u_int8_t lotus_notes_packet_id;
+ /* NDPI_PROTOCOL_POSTGRES */
+ u_int64_t postgres_stage:3;
- /* NDPI_PROTOCOL_ZMQ */
- u_int8_t prev_zmq_pkt_len;
- u_char prev_zmq_pkt[10];
+ /* NDPI_PROTOCOL_ICECAST */
+ u_int64_t icecast_stage:1;
- /* NDPI_PROTOCOL_MEMCACHED */
- u_int8_t memcached_matches;
+ /* NDPI_PROTOCOL_MAIL_POP */
+ u_int64_t mail_pop_stage:2;
- /* NDPI_PROTOCOL_NEST_LOG_SINK */
- u_int8_t nest_log_sink_matches;
+ /* NDPI_PROTOCOL_MAIL_IMAP */
+ u_int64_t mail_imap_stage:3;
+ u_int64_t mail_imap_starttls:1;
- /* NDPI_PROTOCOL_RADMIN */
- u_int32_t radmin_stage:1;
+ /* Reserved for future use */
+ u_int64_t reserved:20;
};
/* ************************************************** */
struct ndpi_flow_udp_struct {
- /* NDPI_PROTOCOL_HALFLIFE2 */
- u_int32_t halflife2_stage:2; // 0 - 2
-
/* NDPI_PROTOCOL_TFTP */
u_int32_t tftp_stage:2;
@@ -928,27 +947,40 @@ struct ndpi_flow_udp_struct {
/* NDPI_PROTOCOL_ZOOM */
u_int32_t zoom_p2p:1;
- /* NDPI_PROTOCOL_EPICGAMES */
- u_int32_t epicgames_stage:1;
- u_int32_t epicgames_word;
-
/* NDPI_PROTOCOL_RAKNET */
u_int32_t raknet_custom:1;
- /* NDPI_PROTOCOL_EAQ */
- u_int8_t eaq_pkt_id;
- u_int32_t eaq_sequence;
+ /* NDPI_PROTOCOL_MUMBLE */
+ u_int32_t mumble_stage:1;
+
+ /* NDPI_PROTOCOL_HAMACHI */
+ u_int32_t hamachi_stage:2;
+
+ /* NDPI_PROTOCOL_EPICGAMES */
+ u_int32_t epicgames_stage:1;
+ u_int32_t epicgames_word;
/* NDPI_PROTOCOL_RX */
u_int32_t rx_conn_epoch;
u_int32_t rx_conn_id;
+ /* NDPI_PROTOCOL_WIREGUARD */
+ u_int32_t wireguard_peer_index[2];
+ u_int8_t wireguard_stage;
+
/* NDPI_PROTOCOL_MEMCACHED */
u_int8_t memcached_matches;
- /* NDPI_PROTOCOL_WIREGUARD */
- u_int8_t wireguard_stage;
- u_int32_t wireguard_peer_index[2];
+ /* NDPI_PROTOCOL_EAQ */
+ u_int8_t eaq_pkt_id;
+ u_int32_t eaq_sequence;
+
+ /* NDPI_PROTOCOL_MUMBLE */
+ u_int64_t mumble_ident;
+
+ /* NDPI_PROTOCOL_HAMACHI */
+ u_int32_t hamachi_long[2];
+ u_int16_t hamachi_short[2];
/* NDPI_PROTOCOL_QUIC */
u_int8_t *quic_reasm_buf;
@@ -962,7 +994,7 @@ struct ndpi_flow_udp_struct {
u_int8_t quic_orig_dest_conn_id_len;
/* NDPI_PROTOCOL_RDP */
- u_int8_t rdp_to_srv[3], rdp_from_srv[3], rdp_to_srv_pkts, rdp_from_srv_pkts;
+ u_int8_t rdp_to_srv[3], rdp_from_srv[3], rdp_to_srv_pkts, rdp_from_srv_pkts;
/* NDPI_PROTOCOL_IMO */
u_int8_t imo_last_one_byte_pkt, imo_last_byte;
@@ -975,9 +1007,6 @@ struct ndpi_flow_udp_struct {
u_int16_t tftp_data_num;
u_int16_t tftp_ack_num;
- /* NDPI_PROTOCOL_MUMBLE */
- u_int8_t mumble_stage:1;
- u_int64_t mumble_ident;
};
/* ************************************************** */
@@ -989,6 +1018,7 @@ struct ndpi_flow_struct;
typedef struct {
u_int16_t port_low, port_high;
+ u_int8_t is_custom; /* Is this range created by a custom rules? */
} ndpi_port_range;
typedef enum {
@@ -1046,7 +1076,12 @@ typedef enum {
#define NUM_BREEDS (NDPI_PROTOCOL_UNRATED+1)
-/* Abstract categories to group the protocols. */
+/*
+ Abstract categories to group the protocols.
+
+ IMPORTANT
+ Keep in sync with categories[] on ndpi_main.c
+*/
typedef enum {
NDPI_PROTOCOL_CATEGORY_UNSPECIFIED = 0, /* For general services and unknown protocols */
NDPI_PROTOCOL_CATEGORY_MEDIA, /* Multimedia and streaming */
@@ -1058,7 +1093,7 @@ typedef enum {
NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, /* Download, FTP, file transfer/sharing */
NDPI_PROTOCOL_CATEGORY_GAME, /* Online games */
NDPI_PROTOCOL_CATEGORY_CHAT, /* Instant messaging */
- NDPI_PROTOCOL_CATEGORY_VOIP, /* Real-time communications and conferencing */
+ NDPI_PROTOCOL_CATEGORY_VOIP, /* Real-time communications and conferencing */ /* 10 */
NDPI_PROTOCOL_CATEGORY_DATABASE, /* Protocols for database communication */
NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, /* Remote access and control */
NDPI_PROTOCOL_CATEGORY_CLOUD, /* Online cloud services */
@@ -1068,14 +1103,14 @@ typedef enum {
NDPI_PROTOCOL_CATEGORY_STREAMING, /* Streaming protocols */
NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, /* System/Operating System level applications */
NDPI_PROTOCOL_CATEGORY_SW_UPDATE, /* Software update */
-
+
/* See #define NUM_CUSTOM_CATEGORIES */
- NDPI_PROTOCOL_CATEGORY_CUSTOM_1, /* User custom category 1 */
+ NDPI_PROTOCOL_CATEGORY_CUSTOM_1, /* User custom category 1 */ /* 20 */
NDPI_PROTOCOL_CATEGORY_CUSTOM_2, /* User custom category 2 */
NDPI_PROTOCOL_CATEGORY_CUSTOM_3, /* User custom category 3 */
NDPI_PROTOCOL_CATEGORY_CUSTOM_4, /* User custom category 4 */
NDPI_PROTOCOL_CATEGORY_CUSTOM_5, /* User custom category 5 */
-
+
/* Further categories... */
NDPI_PROTOCOL_CATEGORY_MUSIC,
NDPI_PROTOCOL_CATEGORY_VIDEO,
@@ -1087,37 +1122,85 @@ typedef enum {
The category below is used by sites who are used
to test connectivity
*/
- NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK,
+ NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK, /* 30 */
NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
/*
The category below is used for vocal assistance services.
*/
NDPI_PROTOCOL_CATEGORY_VIRTUAL_ASSISTANT,
NDPI_PROTOCOL_CATEGORY_CYBERSECURITY,
- NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT,
-
- /* Some custom categories */
- CUSTOM_CATEGORY_MINING = 99,
- CUSTOM_CATEGORY_MALWARE = 100,
- CUSTOM_CATEGORY_ADVERTISEMENT = 101,
- CUSTOM_CATEGORY_BANNED_SITE = 102,
- CUSTOM_CATEGORY_SITE_UNAVAILABLE = 103,
- CUSTOM_CATEGORY_ALLOWED_SITE = 104,
+ NDPI_PROTOCOL_CATEGORY_ADULT_CONTENT, /* 34 */
+
+ /* Free 35... 98 */
+
+ NDPI_PROTOCOL_CATEGORY_MINING = 99,
+ NDPI_PROTOCOL_CATEGORY_MALWARE = 100,
+ NDPI_PROTOCOL_CATEGORY_ADVERTISEMENT = 101, /* Advertisement, ADS & analytics */
+ NDPI_PROTOCOL_CATEGORY_BANNED_SITE = 102,
+ NDPI_PROTOCOL_CATEGORY_SITE_UNAVAILABLE = 103,
+ NDPI_PROTOCOL_CATEGORY_ALLOWED_SITE = 104,
/*
The category below is used to track communications made by
security applications (e.g. sophosxl.net, spamhaus.org)
to track malware, spam etc.
*/
- CUSTOM_CATEGORY_ANTIMALWARE = 105,
-
- /*
- Crypto Currency e.g Bitcoin, Litecoin, Etherum ..et.
- */
- NDPI_PROTOCOL_CATEGORY_CRYPTO_CURRENCY = 106,
+ NDPI_PROTOCOL_CATEGORY_ANTIMALWARE = 105,
+
+ /* Crypto Currency e.g Bitcoin, Litecoin, Etherum ..et. */
+ NDPI_PROTOCOL_CATEGORY_CRYPTO_BLOCKCHAIN = 106,
/* Gambling websites */
NDPI_PROTOCOL_CATEGORY_GAMBLING = 107,
NDPI_PROTOCOL_CATEGORY_HEALTH,
+ NDPI_PROTOCOL_CATEGORY_ARTIFICIAL_INTELLIGENCE,
+ NDPI_PROTOCOL_CATEGORY_FINANCE, /* 110 */
+ NDPI_PROTOCOL_CATEGORY_NEWS,
+ NDPI_PROTOCOL_CATEGORY_SPORT,
+ NDPI_PROTOCOL_CATEGORY_BUSINESS,
+ NDPI_PROTOCOL_CATEGORY_INTERNET_HOSTING, /* Internet sites including hosting */
+ NDPI_PROTOCOL_CATEGORY_BLOCKCHAIN_CRYPTO,
+ NDPI_PROTOCOL_CATEGORY_BLOG_FORUM,
+ NDPI_PROTOCOL_CATEGORY_GOVERNMENT,
+ NDPI_PROTOCOL_CATEGORY_EDU_CATION,
+ NDPI_PROTOCOL_CATEGORY_CDN_PROXY,
+ NDPI_PROTOCOL_CATEGORY_HARDWARE_SOFTWARE, /* 120 */
+ NDPI_PROTOCOL_CATEGORY_DATING,
+ NDPI_PROTOCOL_CATEGORY_TRAVEL,
+ NDPI_PROTOCOL_CATEGORY_FOOD,
+ NDPI_PROTOCOL_CATEGORY_BOTS, /* Crawlers, bots */
+ NDPI_PROTOCOL_CATEGORY_SCANNERS, /* e.g. shodan.io, censys.io */
+ NDPI_PROTOCOL_CATEGORY_HOSTING,
+ NDPI_PROTOCOL_CATEGORY_ART,
+ NDPI_PROTOCOL_CATEGORY_FASHION,
+ NDPI_PROTOCOL_CATEGORY_BOOKS,
+ NDPI_PROTOCOL_CATEGORY_SCIENCE, /* 130 */
+ NDPI_PROTOCOL_CATEGORY_MAPS_NAVIGATION,
+ NDPI_PROTOCOL_CATEGORY_LOGIN_PORTAL,
+ NDPI_PROTOCOL_CATEGORY_LEGAL,
+ NDPI_PROTOCOL_CATEGORY_ENVIRONMENTAL_SERVICES,
+ NDPI_PROTOCOL_CATEGORY_CULTURE,
+ NDPI_PROTOCOL_CATEGORY_HOUSING,
+ NDPI_PROTOCOL_CATEGORY_TELECOMMUNICATION,
+ NDPI_PROTOCOL_CATEGORY_TRANSPORTATION,
+ NDPI_PROTOCOL_CATEGORY_DESIGN,
+ NDPI_PROTOCOL_CATEGORY_EMPLOYMENT, /* 140 */
+ NDPI_PROTOCOL_CATEGORY_EVENTS,
+ NDPI_PROTOCOL_CATEGORY_WEATHER,
+ NDPI_PROTOCOL_CATEGORY_LIFESTYLE,
+ NDPI_PROTOCOL_CATEGORY_REAL_ESTATE,
+ NDPI_PROTOCOL_CATEGORY_SECURITY,
+ NDPI_PROTOCOL_CATEGORY_ENVIRONMENT,
+ NDPI_PROTOCOL_CATEGORY_HOBBY,
+ NDPI_PROTOCOL_CATEGORY_COMPUTER_SCIENCE,
+ NDPI_PROTOCOL_CATEGORY_CONSTRUCTION,
+ NDPI_PROTOCOL_CATEGORY_ENGINEERING, /* 150 */
+ NDPI_PROTOCOL_CATEGORY_RELIGION,
+ NDPI_PROTOCOL_CATEGORY_ENTERTAINMENT,
+ NDPI_PROTOCOL_CATEGORY_AGRICULTURE,
+ NDPI_PROTOCOL_CATEGORY_TECHNOLOGY,
+ NDPI_PROTOCOL_CATEGORY_BEAUTY, /* 154 */
+
+
/*
IMPORTANT
@@ -1136,17 +1219,34 @@ typedef enum {
NDPI_PROTOCOL_ANY_CATEGORY /* Used to handle wildcards */
} ndpi_protocol_category_t;
-/* ntop extensions */
+typedef enum {
+ NDPI_PROTOCOL_QOE_CATEGORY_UNSPECIFIED = 0, /* Unspecified/default QoE constraints */
+ NDPI_PROTOCOL_QOE_CATEGORY_VOIP_CALLS, /* VoIP Calls (G.711, RTP, SIP) */
+ NDPI_PROTOCOL_QOE_CATEGORY_VIDEO_CONFERENCING, /* Video Conferencing (Zoom, WebRTC, Skype) */
+ NDPI_PROTOCOL_QOE_CATEGORY_ONLINE_GAMING, /* Online Gaming (FPS, MOBA, MMO) */
+ NDPI_PROTOCOL_QOE_CATEGORY_CLOUD_GAMING, /* Cloud Gaming (GeForce NOW, Stadia, xCloud) */
+ NDPI_PROTOCOL_QOE_CATEGORY_WEB_BROWSING, /* Web Browsing (HTTP, HTTPS) */
+ NDPI_PROTOCOL_QOE_CATEGORY_DNS_QUERIES, /* DNS Queries (UDP/53) */
+ NDPI_PROTOCOL_QOE_CATEGORY_LIVE_STREAMING, /* Live Streaming (Twitch, YouTube Live, etc.) */
+ NDPI_PROTOCOL_QOE_CATEGORY_BUFFERED_STREAMING, /* Buffered Streaming (Netflix, YouTube, etc.) */
+ NDPI_PROTOCOL_QOE_CATEGORY_REMOTE_ACCESS, /* Remote Desktop (RDP, VNC, AnyDesk) */
+ NDPI_PROTOCOL_QOE_CATEGORY_HFT, /* High-Frequency Trading (HFT, Stock Trading) */
+ NDPI_PROTOCOL_QOE_CATEGORY_IOT_OT, /* IoT Smart Home (Zigbee, Z-Wave, MQTT) */
+ NDPI_PROTOCOL_QOE_CATEGORY_AV, /* Autonomous Vehicles (V2X, 5G C-V2X) */
+
+ NDPI_PROTOCOL_QOE_CATEGORY_MAX /* Leave it as last entry !!! */
+} ndpi_protocol_qoe_category_t;
+
typedef struct ndpi_proto_defaults {
- char *protoName;
+ char protoName[32];
ndpi_protocol_category_t protoCategory;
- u_int8_t isClearTextProto:1, isAppProtocol:1, _notused:6;
+ u_int8_t isClearTextProto:1, isAppProtocol:1, isCustomProto:1, _notused:5;
u_int16_t *subprotocols;
u_int32_t subprotocol_count;
- u_int16_t protoId, protoIdx;
- u_int16_t tcp_default_ports[MAX_DEFAULT_PORTS], udp_default_ports[MAX_DEFAULT_PORTS];
+ u_int16_t protoId, dissector_idx;
+ ndpi_port_range tcp_default_ports[MAX_DEFAULT_PORTS], udp_default_ports[MAX_DEFAULT_PORTS];
ndpi_protocol_breed_t protoBreed;
- void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow);
+ ndpi_protocol_qoe_category_t qoeCategory;
} ndpi_proto_defaults_t;
@@ -1188,7 +1288,7 @@ typedef void ndpi_bitmap64;
typedef void ndpi_bitmap64_fuse; /* probabilistic */
typedef void ndpi_bitmap_iterator;
typedef void ndpi_filter;
-
+
typedef struct {
u_int32_t num_allocated_entries, num_used_entries;
struct ndpi_binary_bitmap_entry *entries;
@@ -1219,7 +1319,7 @@ typedef struct {
u_int16_t port;
u_int16_t is_ipv6: 1, _pad: 15;
} ndpi_address_port;
-
+
struct tls_heuristics {
/*
TLS heuristics for detecting browsers usage
@@ -1230,7 +1330,7 @@ struct tls_heuristics {
struct ndpi_risk_information {
ndpi_risk_enum id;
- char *info;
+ char *info;
};
struct ndpi_metadata_monitoring {
@@ -1245,25 +1345,26 @@ struct ndpi_metadata_monitoring {
} protos;
};
-enum operating_system_hint {
- os_hint_unknown = 0,
- os_hint_windows = 1,
- os_hint_macos = 2,
- os_hint_ios_ipad_os = 3,
- os_hint_android = 4,
- os_hint_linux = 5,
- os_hint_freebsd = 6,
- os_hint_unused2 = 7
-};
+typedef enum {
+ ndpi_os_unknown = 0,
+ ndpi_os_windows = 1,
+ ndpi_os_macos = 2,
+ ndpi_os_ios_ipad_os = 3,
+ ndpi_os_android = 4,
+ ndpi_os_linux = 5,
+ ndpi_os_freebsd = 6,
+ ndpi_os_MAX_OS = 7 /* Keep it as last */
+} ndpi_os;
struct os_fingerprint {
const char *fingerprint;
- enum operating_system_hint os;
+ ndpi_os os;
};
-struct ndpi_tls_obfuscated_heuristic_matching_set {
- u_int32_t bytes[4];
- u_int32_t pkts[4];
+struct rtp_info {
+ u_int8_t payload_type;
+ bool payload_detected;
+ u_int32_t evs_subtype;
};
struct ndpi_flow_struct {
@@ -1272,10 +1373,10 @@ struct ndpi_flow_struct {
u_int16_t guessed_protocol_id; /* Classification by-port. Set with the first pkt and never updated */
u_int16_t guessed_protocol_id_by_ip; /* Classification by-ip. Set with the first pkt and never updated */
u_int16_t fast_callback_protocol_id; /* Partial/incomplete classification. Used internally as first callback when iterating all the protocols */
- u_int16_t guessed_category, guessed_header_category;
+ u_int16_t guessed_header_category;
u_int8_t l4_proto, protocol_id_already_guessed:1, fail_with_unknown:1,
init_finished:1, client_packet_direction:1, packet_direction:1, is_ipv6:1, first_pkt_fully_encrypted:1, skip_entropy_check: 1;
- u_int8_t monitoring:1, _pad:7;
+ u_int8_t monitoring:1, already_gaveup:1, _pad:6;
u_int16_t num_dissector_calls;
ndpi_confidence_t confidence; /* ndpi_confidence_t */
@@ -1283,13 +1384,6 @@ struct ndpi_flow_struct {
/* First Packet Classification info */
struct ndpi_fpc_info fpc;
- /*
- if ndpi_struct->direction_detect_disable == 1
- tcp sequence number connection tracking
- */
- u_int32_t next_tcp_seq_nr[2];
- u_int16_t last_tcp_pkt_payload_len;
-
/* Flow addresses (useful for LRU lookups in ndpi_detection_giveup())
and ports. All in *network* byte order.
Client and server.
@@ -1299,7 +1393,7 @@ struct ndpi_flow_struct {
u_int8_t v6[16];
} c_address, s_address; /* For some unknown reasons, x86_64-w64-mingw32-gcc doesn't like the name "s_addr" */
u_int16_t c_port, s_port;
-
+
// -----------------------------------------
u_int8_t max_extra_packets_to_check;
@@ -1310,6 +1404,15 @@ struct ndpi_flow_struct {
u_int64_t last_packet_time_ms;
+ ndpi_protocol_category_t category;
+
+ /* Counters with only packets with L5 data (ie no TCP SYN, pure ACKs, ...) */
+ u_int16_t packet_counter;
+ u_int16_t packet_direction_counter[2];
+ /* Counters with all packets even those without payload */
+ u_int16_t all_packets_counter;
+ u_int16_t packet_direction_complete_counter[2];
+
/*
the tcp / udp / other l4 value union
used to reduce the number of bytes for tcp or udp protocol states
@@ -1339,9 +1442,10 @@ struct ndpi_flow_struct {
struct {
char *fingerprint;
- u_int8_t os_hint;
+ char *fingerprint_raw;
+ ndpi_os os_hint;
} tcp;
-
+
/*
This structure below will not not stay inside the protos
structure below as HTTP is used by many subprotocols
@@ -1379,21 +1483,23 @@ struct ndpi_flow_struct {
u_int8_t num_xor_relayed_addresses, num_xor_mapped_addresses;
u_int8_t num_non_stun_pkt, non_stun_pkt_len[2];
u_int16_t rtp_counters[2];
+ u_int32_t t_start, t_end;
} stun;
struct {
message_t message[2]; /* Directions */
- u_int8_t certificate_processed:1, change_cipher_from_client:1, change_cipher_from_server:1, from_opportunistic_tls:1, pad:4;
+ u_int8_t certificate_processed:1, change_cipher_from_client:1, change_cipher_from_server:1, from_opportunistic_tls:1, from_rdp:1, pad:3;
struct tls_obfuscated_heuristic_state *obfuscated_heur_state;
- struct ndpi_tls_obfuscated_heuristic_matching_set *obfuscated_heur_matching_set;
} tls_quic; /* Used also by DTLS and POPS/IMAPS/SMTPS/FTPS */
+ struct rtp_info rtp[2 /* directions */];
+
union {
/* the only fields useful for nDPI and ntopng */
struct {
u_int8_t num_queries, num_answers, reply_code, num_rsp_addr;
u_int8_t is_query:1, pad:7;
- u_int16_t query_type, query_class, rsp_type, edns0_udp_payload_size;
+ u_int16_t transaction_id, query_type, query_class, rsp_type, edns0_udp_payload_size;
u_int8_t is_rsp_addr_ipv6[MAX_NUM_DNS_RSP_ADDRESSES];
ndpi_ip_addr_t rsp_addr[MAX_NUM_DNS_RSP_ADDRESSES]; /* The first num_rsp_addr address in a DNS response packet (A and AAAA) */
u_int32_t rsp_addr_ttl[MAX_NUM_DNS_RSP_ADDRESSES];
@@ -1402,8 +1508,8 @@ struct ndpi_flow_struct {
} dns;
struct {
- u_int8_t request_code;
u_int8_t version;
+ u_int8_t mode;
} ntp;
struct {
@@ -1419,7 +1525,7 @@ struct ndpi_flow_struct {
struct {
char currency[16];
- } mining;
+ } mining;
struct {
char *server_names, *advertised_alpns, *negotiated_alpn, *tls_supported_versions, *issuerDN, *subjectDN;
@@ -1481,7 +1587,7 @@ struct ndpi_flow_struct {
} discord;
struct {
- char version[32];
+ char version[64];
} ubntac2;
/* In TLS.Bittorent flows there is no hash.
@@ -1540,57 +1646,61 @@ struct ndpi_flow_struct {
u_int32_t ipv4_addr, uptime;
struct ndpi_in6_addr ipv6_addr;
} mikrotik;
-} protos;
- /* **Packet** metadata for flows where monitoring is enabled. It is reset after each packet! */
- struct ndpi_metadata_monitoring *monit;
+ struct {
+ char *method;
+ char *bootid;
+ char *usn;
+ char *cache_controle;
+ char *location;
+ char *household_smart_speaker_audio;
+ char *rincon_household;
+ char *rincon_bootseq;
+ char *rincon_wifimode;
+ char *rincon_variant;
+ char *sonos_securelocation;
+ char *securelocation_upnp;
+ char *location_smart_speaker_audio;
+ char *nt;
+ char *nts;
+ char *server;
+ char *man;
+ char *mx;
+ char *st;
+ char *user_agent;
+ } ssdp;
- /* protocols which have marked a connection as this connection cannot be protocol XXX, multiple u_int64_t */
- NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask;
+ struct {
+ ndpi_http_method method;
+ char user_agent[32];
+ char url[64];
+ } fast_cgi;
- ndpi_protocol_category_t category;
+ struct {
+ u_int32_t conference_id;
+ u_int16_t user_id;
+ } bfcp;
- /* Only packets with L5 data (ie no TCP SYN, pure ACKs, ...) */
- u_int16_t packet_counter; // can be 0 - 65000
- u_int16_t packet_direction_counter[2];
- u_int8_t packet_direction_with_payload_observed[2]; /* 0 = no packet with payload observed, 1 = at least one packet with payload observed */
+ } protos;
- /* All packets even those without payload */
- u_int16_t all_packets_counter;
- u_int16_t packet_direction_complete_counter[2]; // can be 0 - 65000
+ /* **Packet** metadata for flows where monitoring is enabled. It is reset after each packet! */
+ struct ndpi_metadata_monitoring *monit;
+
+ struct ndpi_dissector_bitmask excluded_dissectors_bitmask;
/* NDPI_PROTOCOL_BITTORRENT */
u_int8_t bittorrent_stage; // can be 0 - 255
u_int8_t bt_check_performed : 1;
- /* NDPI_PROTOCOL_RTSP */
- u_int8_t rtsprdt_stage:2;
-
/* NDPI_PROTOCOL_ZATTOO */
u_int8_t zattoo_stage:3;
- /* NDPI_PROTOCOL_SOCKS */
- u_int8_t socks5_stage:2, socks4_stage:2; // 0 - 3
-
- /* NDPI_PROTOCOL_FTP_CONTROL */
- u_int8_t ftp_control_stage:2;
-
- /* NDPI_PROTOCOL_STARCRAFT */
- u_int8_t starcraft_udp_stage : 3; // 0-7
-
- /* NDPI_PROTOCOL_Z3950 */
- u_int8_t z3950_stage : 2; // 0-3
-
/* NDPI_PROTOCOL_OOKLA */
u_int8_t ookla_stage : 1;
/* NDPI_PROTOCOL_TEAMVIEWER */
u_int8_t teamviewer_stage : 3;
- /* NDPI_PROTOCOL_BFCP */
- u_int8_t bfcp_stage:1;
- u_int32_t bfcp_conference_id;
-
/* NDPI_PROTOCOL_OPENVPN */
u_int8_t ovpn_session_id[2][8];
u_int8_t ovpn_alg_standard_state : 2;
@@ -1604,8 +1714,8 @@ struct ndpi_flow_struct {
/* NDPI_PROTOCOL_TINC */
u_int8_t tinc_state;
-
- /* NDPI_PROTOCOL_RTCP */
+
+ /* NDPI_PROTOCOL_RTCP */
u_int8_t rtcp_stage:2;
/* NDPI_PROTOCOL_RTP */
@@ -1617,7 +1727,7 @@ struct ndpi_flow_struct {
u_int16_t flow_payload_len;
char *flow_payload;
- /*
+ /*
Leave this field below at the end
The field below can be used by third
party dissectors for storing private data
@@ -1760,7 +1870,7 @@ typedef struct {
struct ndpi_analyze_struct {
u_int64_t *values;
- u_int64_t min_val, max_val, sum_total;
+ u_int64_t min_val, max_val, sum_total, jitter_total;
u_int32_t num_data_entries, next_value_insert_index;
u_int16_t num_values_array_len /* length of the values array */;
diff --git a/src/include/ndpi_unix.h b/src/include/ndpi_unix.h
index fabaca4bd..3cf0b5924 100644
--- a/src/include/ndpi_unix.h
+++ b/src/include/ndpi_unix.h
@@ -1,7 +1,7 @@
/*
* ndpi_unix.h
*
- * Copyright (C) 2011-22 - ntop.org
+ * Copyright (C) 2011-25 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
diff --git a/src/include/ndpi_win32.h b/src/include/ndpi_win32.h
index c6b3290f6..4624d5d66 100644
--- a/src/include/ndpi_win32.h
+++ b/src/include/ndpi_win32.h
@@ -1,7 +1,7 @@
/*
* ndpi_win32.h
*
- * Copyright (C) 2011-22 - ntop.org
+ * Copyright (C) 2011-25 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
Powered by cgit, Themed by Ted Yin.