aboutsummaryrefslogtreecommitdiff
path: root/src/include
diff options
context:
space:
mode:
Diffstat (limited to 'src/include')
-rw-r--r--src/include/Makefile.am9
-rw-r--r--src/include/linux_compat.h188
-rw-r--r--src/include/ndpi_api.h242
-rw-r--r--src/include/ndpi_define.h309
-rw-r--r--src/include/ndpi_main.h156
-rw-r--r--src/include/ndpi_protocol_ids.h244
-rw-r--r--src/include/ndpi_protocols.h181
-rw-r--r--src/include/ndpi_typedefs.h852
-rw-r--r--src/include/ndpi_unix.h53
-rw-r--r--src/include/ndpi_win32.h73
10 files changed, 2307 insertions, 0 deletions
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
new file mode 100644
index 000000000..71a507ae2
--- /dev/null
+++ b/src/include/Makefile.am
@@ -0,0 +1,9 @@
+
+library_includedir=$(includedir)/libndpi-1.4/libndpi
+
+library_include_HEADERS = ndpi_api.h \
+ ndpi_debug_functions.h \
+ ndpi_define.h \
+ ndpi_macros.h \
+ ndpi_protocols_osdpi.h \
+ ndpi_public_functions.h
diff --git a/src/include/linux_compat.h b/src/include/linux_compat.h
new file mode 100644
index 000000000..38601f180
--- /dev/null
+++ b/src/include/linux_compat.h
@@ -0,0 +1,188 @@
+/*
+ * linux_compat.h
+ *
+ * Copyright (C) 2009-2011 by ipoque GmbH
+ * Copyright (C) 2011-15 - ntop.org
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#ifndef __NDPI_LINUX_COMPAT_H__
+#define __NDPI_LINUX_COMPAT_H__
+
+#include "ndpi_define.h"
+
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
+#include <machine/endian.h>
+
+#if _BYTE_ORDER == _LITTLE_ENDIAN
+#ifndef __LITTLE_ENDIAN__
+#define __LITTLE_ENDIAN__ 1
+#endif
+#else
+#ifndef __BIG_ENDIAN__
+#define __BIG_ENDIAN__ 1
+#endif
+#endif
+#endif
+
+#pragma pack(push, 1) /* push current alignment to stack */
+#pragma pack(1) /* set alignment to 1 byte boundary */
+
+#pragma pack(pop) /* restore original alignment from stack */
+
+struct ndpi_ethhdr {
+ u_char h_dest[6]; /* destination eth addr */
+ u_char h_source[6]; /* source ether addr */
+ u_int16_t h_proto; /* packet type ID field */
+};
+
+struct ndpi_80211q {
+ u_int16_t vlanId;
+ u_int16_t protoType;
+};
+
+struct ndpi_iphdr {
+#if defined(__LITTLE_ENDIAN__)
+ u_int8_t ihl:4, version:4;
+#elif defined(__BIG_ENDIAN__)
+ u_int8_t version:4, ihl:4;
+#else
+# error "Byte order must be defined"
+#endif
+ u_int8_t tos;
+ u_int16_t tot_len;
+ u_int16_t id;
+ u_int16_t frag_off;
+ u_int8_t ttl;
+ u_int8_t protocol;
+ u_int16_t check;
+ u_int32_t saddr;
+ u_int32_t daddr;
+};
+
+
+#ifdef WIN32
+
+typedef unsigned char u_char;
+typedef unsigned short u_short;
+typedef unsigned int uint;
+typedef unsigned long u_long;
+typedef u_char u_int8_t;
+typedef u_short u_int16_t;
+typedef uint u_int32_t;
+
+#define _WS2TCPIP_H_ /* Avoid compilation problems */
+#define HAVE_SIN6_LEN
+
+
+/* IPv6 address */
+/* Already defined in WS2tcpip.h */
+struct ndpi_win_in6_addr
+{
+ union
+ {
+ u_int8_t u6_addr8[16];
+ u_int16_t u6_addr16[8];
+ u_int32_t u6_addr32[4];
+ } in6_u;
+#ifdef s6_addr
+#undef s6_addr
+#endif
+
+#ifdef s6_addr16
+#undef s6_addr16
+#endif
+
+#ifdef s6_addr32
+#undef s6_addr32
+#endif
+
+#define s6_addr in6_u.u6_addr8
+ // #define s6_addr16 in6_u.u6_addr16
+ // #define s6_addr32 in6_u.u6_addr32
+
+};
+
+#define in6_addr win_in6_addr
+
+/* Generic extension header. */
+struct ndpi_ip6_ext
+{
+ u_int8_t ip6e_nxt; /* next header. */
+ u_int8_t ip6e_len; /* length in units of 8 octets. */
+};
+
+#define s6_addr16 __u6_addr.__u6_addr16
+#define s6_addr32 __u6_addr.__u6_addr32
+#else
+#ifndef __KERNEL__
+#include <arpa/inet.h>
+#endif
+#endif
+
+
+
+struct ndpi_in6_addr {
+ union {
+ u_int8_t __u6_addr8[16];
+ u_int16_t __u6_addr16[8];
+ u_int32_t __u6_addr32[4];
+ } __u6_addr; /* 128-bit IP6 address */
+};
+
+struct ndpi_ip6_hdr {
+ union {
+ struct ndpi_ip6_hdrctl {
+ u_int32_t ip6_un1_flow;
+ u_int16_t ip6_un1_plen;
+ u_int8_t ip6_un1_nxt;
+ u_int8_t ip6_un1_hlim;
+ } ip6_un1;
+ u_int8_t ip6_un2_vfc;
+ } ip6_ctlun;
+ struct ndpi_in6_addr ip6_src;
+ struct ndpi_in6_addr ip6_dst;
+};
+
+struct ndpi_tcphdr {
+ u_int16_t source;
+ u_int16_t dest;
+ u_int32_t seq;
+ u_int32_t ack_seq;
+#if defined(__LITTLE_ENDIAN__)
+ u_int16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1;
+#elif defined(__BIG_ENDIAN__)
+ u_int16_t doff:4, res1:4, cwr:1, ece:1, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1;
+#else
+# error "Byte order must be defined"
+#endif
+ u_int16_t window;
+ u_int16_t check;
+ u_int16_t urg_ptr;
+};
+
+struct ndpi_udphdr {
+ u_int16_t source;
+ u_int16_t dest;
+ u_int16_t len;
+ u_int16_t check;
+};
+
+#endif
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h
new file mode 100644
index 000000000..2bfd345f9
--- /dev/null
+++ b/src/include/ndpi_api.h
@@ -0,0 +1,242 @@
+/*
+ * ndpi_api.h
+ *
+ * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2009-2011 by ipoque GmbH
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#ifndef __NDPI_PUBLIC_FUNCTIONS_H__
+#define __NDPI_PUBLIC_FUNCTIONS_H__
+
+#include "ndpi_main.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ /**
+ * This function returns the size of the flow struct
+ * @return the size of the flow struct
+ */
+ u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void);
+
+ /**
+ * This function returns the size of the id struct
+ * @return the size of the id struct
+ */
+ u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void);
+
+
+ /* Public malloc/free */
+ void* ndpi_malloc(unsigned long size);
+ void* ndpi_calloc(unsigned long count, unsigned long size);
+ void ndpi_free(void *ptr);
+ void *ndpi_realloc(void *ptr, size_t old_size, size_t new_size);
+ char *ndpi_strdup(const char *s);
+ /*
+ * Find the first occurrence of find in s, where the search is limited to the
+ * first slen characters of s.
+ */
+ char* ndpi_strnstr(const char *s, const char *find, size_t slen);
+
+ /**
+ * This function returns the nDPI protocol id for IP-based protocol detection
+ */
+ u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin);
+
+ /**
+ * Same as ndpi_network_ptree_match
+ */
+ u_int16_t ndpi_host_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t host);
+
+ /**
+ * This function returns a new initialized detection module.
+ * @param ticks_per_second the timestamp resolution per second (like 1000 for millisecond resolution)
+ * @param ndpi_malloc function pointer to a memory allocator
+ * @param ndpi_debug_printf a function pointer to a debug output function, use NULL in productive envionments
+ * @return the initialized detection module
+ */
+ struct ndpi_detection_module_struct *ndpi_init_detection_module(u_int32_t ticks_per_second,
+ void* (*__ndpi_malloc)(unsigned long size),
+ void (*__ndpi_free)(void *ptr),
+ ndpi_debug_function_ptr ndpi_debug_printf);
+
+
+ /**
+ * This function frees the memory allocated in the specified flow
+ * @param flow to free
+ */
+ void ndpi_free_flow(struct ndpi_flow_struct *flow);
+
+ /**
+ * This function enables cache support in nDPI used for some protocol such as Skype
+ * @param cache host name
+ * @param cache port
+ */
+ void ndpi_enable_cache(struct ndpi_detection_module_struct *ndpi_mod, char* host, u_int port);
+
+ /**
+ * This function destroys the detection module
+ * @param ndpi_struct the to clearing detection module
+ * @param ndpi_free function pointer to a memory free function
+ */
+ void
+ ndpi_exit_detection_module(struct ndpi_detection_module_struct
+ *ndpi_struct, void (*ndpi_free) (void *ptr));
+
+ /**
+ * This function sets the protocol bitmask2
+ * @param ndpi_struct the detection module
+ * @param detection_bitmask the protocol bitmask
+ */
+ void
+ ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *ndpi_struct,
+ const NDPI_PROTOCOL_BITMASK * detection_bitmask);
+ /**
+ * This function will processes one packet and returns the ID of the detected protocol.
+ * This is the main packet processing function.
+ *
+ * @param ndpi_struct the detection module
+ * @param flow void pointer to the connection state machine
+ * @param packet the packet as unsigned char pointer with the length of packetlen. the pointer must point to the Layer 3 (IP header)
+ * @param packetlen the length of the packet
+ * @param current_tick the current timestamp for the packet
+ * @param src void pointer to the source subscriber state machine
+ * @param dst void pointer to the destination subscriber state machine
+ * @return returns the detected ID of the protocol
+ */
+ unsigned int
+ ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow,
+ const unsigned char *packet,
+ const unsigned short packetlen,
+ const u_int64_t current_tick,
+ struct ndpi_id_struct *src,
+ struct ndpi_id_struct *dst);
+
+#define NDPI_DETECTION_ONLY_IPV4 ( 1 << 0 )
+#define NDPI_DETECTION_ONLY_IPV6 ( 1 << 1 )
+
+ /**
+ * query the pointer to the layer 4 packet
+ *
+ * @param l3 pointer to the layer 3 data
+ * @param l3_len length of the layer 3 data
+ * @param l4_return filled with the pointer the layer 4 data if return value == 0, undefined otherwise
+ * @param l4_len_return filled with the length of the layer 4 data if return value == 0, undefined otherwise
+ * @param l4_protocol_return filled with the protocol of the layer 4 data if return value == 0, undefined otherwise
+ * @param flags limit operation on ipv4 or ipv6 packets, possible values are NDPI_DETECTION_ONLY_IPV4 or NDPI_DETECTION_ONLY_IPV6; 0 means any
+ * @return 0 if correct layer 4 data could be found, != 0 otherwise
+ */
+ u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_int8_t ** l4_return, u_int16_t * l4_len_return,
+ u_int8_t * l4_protocol_return, u_int32_t flags);
+ /**
+ * returns the real protocol for the flow of the last packet given to the detection.
+ * if no real protocol could be found, the unknown protocol will be returned.
+ *
+ * @param ndpi_struct the detection module
+ * @return the protocol id of the last real protocol found in the protocol history of the flow
+ */
+ u_int16_t ndpi_detection_get_real_protocol_of_flow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+
+ /**
+ * returns true if the protocol history of the flow of the last packet given to the detection
+ * contains the given protocol.
+ *
+ * @param ndpi_struct the detection module
+ * @return 1 if protocol has been found, 0 otherwise
+ */
+ u_int8_t ndpi_detection_flow_protocol_history_contains_protocol(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow,
+ u_int16_t protocol_id);
+ unsigned int ndpi_find_port_based_protocol(struct ndpi_detection_module_struct *ndpi_struct,
+ u_int8_t proto, u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport);
+ unsigned int ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
+ u_int8_t proto, u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport);
+ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len);
+ int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow,
+ char *string_to_match, u_int string_to_match_len);
+ int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct,
+ ndpi_automa *automa, char *bigram_to_match);
+ char* ndpi_get_proto_name(struct ndpi_detection_module_struct *mod, u_int16_t proto_id);
+ ndpi_protocol_breed_t ndpi_get_proto_breed(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t proto);
+ char* ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_struct, ndpi_protocol_breed_t breed_id);
+ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *proto);
+ void ndpi_dump_protocols(struct ndpi_detection_module_struct *mod);
+ int matchStringProtocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
+ char *string_to_match, u_int string_to_match_len);
+
+ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, char* path);
+ u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_mod);
+ char* ndpi_revision(void);
+ void ndpi_set_automa(struct ndpi_detection_module_struct *ndpi_struct, void* automa);
+
+#define ADD_TO_DETECTION_BITMASK 1
+#define NO_ADD_TO_DETECTION_BITMASK 0
+#define SAVE_DETECTION_BITMASK_AS_UNKNOWN 1
+#define NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN 0
+
+ /**
+ * This function sets a single protocol bitmask
+ * @param label Protocol name
+ * @param ndpi_struct the detection module
+ * @param detection_bitmask the protocol bitmask
+ * @param idx the index of the callback_buffer
+ * @param func void function point of the protocol search
+ * @param ndpi_selection_bitmask the protocol selected bitmask
+ * @param b_save_bitmask_unknow set true if you want save the detection bitmask as unknow
+ * @param b_add_detection_bitmask set true if you want add the protocol bitmask to the detection bitmask
+ * NB: this function does not increment the index of the callback_buffer
+ */
+ void ndpi_set_bitmask_protocol_detection(char * label, struct ndpi_detection_module_struct *ndpi_struct,
+ const NDPI_PROTOCOL_BITMASK * detection_bitmask,
+ const u_int32_t idx,
+ u_int16_t ndpi_protocol_id,
+ void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow),
+ const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask,
+ u_int8_t b_save_bitmask_unknow,
+ u_int8_t b_add_detection_bitmask);
+
+#ifdef NDPI_PROTOCOL_HTTP
+ /*
+ API used to retrieve information for HTTP flows
+ */
+ ndpi_http_method ndpi_get_http_method(struct ndpi_detection_module_struct *ndpi_mod,
+ struct ndpi_flow_struct *flow);
+
+ char* ndpi_get_http_url(struct ndpi_detection_module_struct *ndpi_mod,
+ struct ndpi_flow_struct *flow);
+
+ char* ndpi_get_http_content_type(struct ndpi_detection_module_struct *ndpi_mod,
+ struct ndpi_flow_struct *flow);
+#endif
+
+#ifdef NDPI_PROTOCOL_TOR
+ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow, char *certificate);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h
new file mode 100644
index 000000000..365012adb
--- /dev/null
+++ b/src/include/ndpi_define.h
@@ -0,0 +1,309 @@
+/*
+ *
+ * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2009-2011 by ipoque GmbH
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef __NDPI_DEFINE_INCLUDE_FILE__
+#define __NDPI_DEFINE_INCLUDE_FILE__
+
+/*
+ gcc -E -dM - < /dev/null |grep ENDIAN
+*/
+
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
+#include <machine/endian.h>
+#endif
+
+#ifdef __OpenBSD__
+#include <endian.h>
+#define __BYTE_ORDER BYTE_ORDER
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define __LITTLE_ENDIAN__
+#else
+#define __BIG_ENDIAN__
+#endif/* BYTE_ORDER */
+#endif/* __OPENBSD__ */
+
+#if 0
+#ifndef NDPI_ENABLE_DEBUG_MESSAGES
+#define NDPI_ENABLE_DEBUG_MESSAGES
+#endif
+#endif
+
+#ifdef WIN32
+#define __LITTLE_ENDIAN__ 1
+#endif
+
+#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__))
+#if defined(__mips__)
+#undef __LITTLE_ENDIAN__
+#undef __LITTLE_ENDIAN
+#define __BIG_ENDIAN__
+#endif
+
+/* Kernel modules */
+#if defined(__LITTLE_ENDIAN)
+#define __LITTLE_ENDIAN__
+#endif
+#if defined(__BIG_ENDIAN)
+#define __BIG_ENDIAN__
+#endif
+/* Everything else */
+#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__))
+#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+#define __LITTLE_ENDIAN__
+#else
+#define __BIG_ENDIAN__
+#endif
+#endif
+
+#endif
+
+#define NDPI_USE_ASYMMETRIC_DETECTION 0
+#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t
+
+#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8)
+/* now combined detections */
+
+/* v4 */
+#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP)
+
+/* v6 */
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP)
+
+/* v4 or v6 */
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP)
+
+
+#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+
+/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */
+#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+
+#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+
+#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION)
+
+#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION)
+
+#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+
+#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD)
+
+/* safe src/dst protocol check macros... */
+
+#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0)
+
+#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0)
+
+#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol))
+
+/**
+ * convenience macro to check for excluded protocol
+ * a protocol is excluded if the flow is known and either the protocol is not detected at all
+ * or the excluded bitmask contains the protocol
+ */
+#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \
+ ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \
+ NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) )
+
+/* misc definitions */
+#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000
+
+
+/* TODO: rebuild all memory areas to have a more aligned memory block here */
+
+/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */
+#define NDPI_MAX_PARSE_LINES_PER_PACKET 64
+
+#define MAX_PACKET_COUNTER 65000
+#define MAX_DEFAULT_PORTS 5
+
+/**********************
+ * detection features *
+ **********************/
+#define NDPI_SELECT_DETECTION_WITH_REAL_PROTOCOL ( 1 << 0 )
+
+#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600
+#define NDPI_IRC_CONNECTION_TIMEOUT 120
+#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60
+#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60
+#define NDPI_THUNDER_CONNECTION_TIMEOUT 30
+#define NDPI_RTSP_CONNECTION_TIMEOUT 5
+#define NDPI_TVANTS_CONNECTION_TIMEOUT 5
+#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1
+#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30
+#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120
+#define NDPI_ZATTOO_FLASH_TIMEOUT 5
+#define NDPI_JABBER_STUN_TIMEOUT 30
+#define NDPI_JABBER_FT_TIMEOUT 5
+#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600
+
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
+
+#define NDPI_LOG(proto, mod, log_level, args...) \
+ { \
+ if(mod != NULL) { \
+ mod->ndpi_debug_print_file=__FILE__; \
+ mod->ndpi_debug_print_function=__FUNCTION__; \
+ mod->ndpi_debug_print_line=__LINE__; \
+ mod->ndpi_debug_printf(proto, mod, log_level, args); \
+ } \
+ }
+
+#else /* NDPI_ENABLE_DEBUG_MESSAGES */
+
+#if defined(WIN32)
+#define NDPI_LOG(...) {}
+#else
+#define NDPI_LOG(proto, mod, log_level, args...) {}
+#endif
+
+#endif /* NDPI_ENABLE_DEBUG_MESSAGES */
+
+/**
+ * macro for getting the string len of a static string
+ *
+ * use it instead of strlen to avoid runtime calculations
+ */
+#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 )
+
+/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */
+#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \
+ ((((u_int64_t *)(x))[0]) < (((u_int64_t *)(y))[0]) || ( (((u_int64_t *)(x))[0]) == (((u_int64_t *)(y))[0]) && (((u_int64_t *)(x))[1]) < (((u_int64_t *)(y))[1])) )
+
+#if !defined(__KERNEL__) && !defined(NDPI_IPTABLES_EXT)
+#define NDPI_NUM_BITS 256
+#else
+/* custom protocols not supported */
+#define NDPI_NUM_BITS 192
+#endif
+
+#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */
+#define howmanybits(x, y) (((x)+((y)-1))/(y))
+
+
+#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS)))
+#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS)))
+#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS)))
+#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p)))
+#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p)))
+
+#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS)
+
+#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t
+
+#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b)
+#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b)
+#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a)
+#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a)
+#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); }
+
+/* this is a very very tricky macro *g*,
+ * the compiler will remove all shifts here if the protocol is static...
+ */
+#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask,value)
+#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask,value)
+#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask,value)
+
+#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); }
+
+
+#define ndpi_min(a,b) ((a < b) ? a : b)
+#define ndpi_max(a,b) ((a > b) ? a : b)
+
+#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \
+ if (packet->packet_lines_parsed_complete != 1) { \
+ ndpi_parse_packet_line_info(ndpi_struct,flow); \
+ } \
+
+#define NDPI_IPSEC_PROTOCOL_ESP 50
+#define NDPI_IPSEC_PROTOCOL_AH 51
+#define NDPI_GRE_PROTOCOL_TYPE 0x2F
+#define NDPI_ICMP_PROTOCOL_TYPE 0x01
+#define NDPI_IGMP_PROTOCOL_TYPE 0x02
+#define NDPI_EGP_PROTOCOL_TYPE 0x08
+#define NDPI_OSPF_PROTOCOL_TYPE 0x59
+#define NDPI_SCTP_PROTOCOL_TYPE 132
+#define NDPI_IPIP_PROTOCOL_TYPE 0x04
+#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a
+
+/* the get_uXX will return raw network packet bytes !! */
+#define get_u_int8_t(X,O) (*(u_int8_t *)(((u_int8_t *)X) + O))
+#define get_u_int16_t(X,O) (*(u_int16_t *)(((u_int8_t *)X) + O))
+#define get_u_int32_t(X,O) (*(u_int32_t *)(((u_int8_t *)X) + O))
+#define get_u_int64_t(X,O) (*(u_int64_t *)(((u_int8_t *)X) + O))
+
+/* new definitions to get little endian from network bytes */
+#define get_ul8(X,O) get_u_int8_t(X,O)
+
+
+#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN)
+#define get_l16(X,O) get_u_int16_t(X,O)
+#define get_l32(X,O) get_u_int32_t(X,O)
+#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN)
+/* convert the bytes from big to little endian */
+#ifndef __KERNEL__
+# define get_l16(X,O) bswap_16(get_u_int16_t(X,O))
+# define get_l32(X,O) bswap_32(get_u_int32_t(X,O))
+#else
+# define get_l16(X,O) __cpu_to_le16(get_u_int16_t(X,O))
+# define get_l32(X,O) __cpu_to_le32(get_u_int32_t(X,O))
+#endif
+
+#else
+
+#error "__BYTE_ORDER MUST BE DEFINED !"
+
+#endif /* __BYTE_ORDER */
+
+/* define memory callback function */
+#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0)
+
+#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
new file mode 100644
index 000000000..55db9235e
--- /dev/null
+++ b/src/include/ndpi_main.h
@@ -0,0 +1,156 @@
+/*
+ * ndpi_main.h
+ *
+ * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2009-2011 by ipoque GmbH
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef __NDPI_MAIN_INCLUDE_FILE__
+#define __NDPI_MAIN_INCLUDE_FILE__
+
+#ifndef __KERNEL__
+#include <stdint.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#ifndef WIN32
+#include <pthread.h>
+#endif
+#include <ctype.h>
+#include <time.h>
+#endif
+
+
+#ifndef WIN32
+#ifndef __KERNEL__
+#include <sys/time.h>
+#endif
+
+#if !defined __APPLE__ && !defined __FreeBSD__ && !defined __NetBSD__ && !defined __OpenBSD__
+
+#ifndef __KERNEL__
+#include <endian.h>
+#include <byteswap.h>
+#else
+#include <asm/byteorder.h>
+#include <linux/ctype.h>
+#endif
+
+#endif
+
+/* default includes */
+
+#ifndef __KERNEL__
+#include <sys/param.h>
+#include <limits.h>
+#endif
+#endif
+
+#include "ndpi_win32.h"
+#include "ndpi_unix.h"
+#include "ndpi_define.h"
+#include "ndpi_protocol_ids.h"
+#include "ndpi_typedefs.h"
+#include "ndpi_protocols.h"
+
+
+void *ndpi_tdelete(const void * __restrict, void ** __restrict,
+ int (*)(const void *, const void *));
+void *ndpi_tfind(const void *, void *, int (*)(const void *, const void *));
+void *ndpi_tsearch(const void *, void**, int (*)(const void *, const void *));
+void ndpi_twalk(const void *, void (*)(const void *, ndpi_VISIT, int, void*), void *user_data);
+void ndpi_tdestroy(void *vrootp, void (*freefct)(void *));
+
+int NDPI_BITMASK_COMPARE(NDPI_PROTOCOL_BITMASK a, NDPI_PROTOCOL_BITMASK b);
+int NDPI_BITMASK_IS_EMPTY(NDPI_PROTOCOL_BITMASK a);
+void NDPI_DUMP_BITMASK(NDPI_PROTOCOL_BITMASK a);
+
+extern u_int8_t ndpi_net_match(u_int32_t ip_to_check,
+ u_int32_t net,
+ u_int32_t num_bits);
+
+extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst,
+ u_int32_t net, u_int32_t num_bits);
+
+u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+
+u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read);
+
+
+void ndpi_int_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow,
+ u_int16_t detected_protocol, ndpi_protocol_type_t protocol_type);
+
+
+/* function to parse a packet which has line based information into a line based structure
+ * this function will also set some well known line pointers like:
+ * - host, user agent, empty line,....
+ */
+extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter);
+extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow,
+ u_int16_t detected_protocol, ndpi_protocol_type_t protocol_type);
+extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow,
+ u_int16_t detected_protocol,
+ ndpi_protocol_type_t protocol_type);
+extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod,
+ ndpi_protocol_breed_t protoBreed, u_int16_t protoId,
+ u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2],
+ char *protoName,
+ ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts);
+extern void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet);
+extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow);
+extern int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip);
+extern int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip);
+extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip);
+extern void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip);
+extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const ndpi_ip_addr_t * ip);
+extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct,
+ const struct ndpi_packet_struct *packet);
+extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id);
+extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct,
+ u_int8_t proto, u_int16_t sport, u_int16_t dport);
+extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct,
+ u_int16_t protocol_id,
+ u_int16_t** tcp_master_proto,
+ u_int16_t** udp_master_proto);
+
+extern u_int8_t ndpi_net_match(u_int32_t ip_to_check,
+ u_int32_t net,
+ u_int32_t num_bits);
+
+extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst,
+ u_int32_t net, u_int32_t num_bits);
+
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
+ void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct,
+ const char **file, const char **func, u_int32_t * line);
+#endif
+
+#include "ndpi_api.h"
+
+#endif /* __NDPI_MAIN_INCLUDE_FILE__ */
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
new file mode 100644
index 000000000..43e845117
--- /dev/null
+++ b/src/include/ndpi_protocol_ids.h
@@ -0,0 +1,244 @@
+/*
+ * ndpi_protocol_ids.h
+ *
+ * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2009-11 - ipoque GmbH
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#ifndef __NDPI_API_INCLUDE_FILE__
+
+#endif
+
+#ifndef __NDPI_PROTOCOLS_DEFAULT_H__
+#define __NDPI_PROTOCOLS_DEFAULT_H__
+
+#define NDPI_DETECTION_SUPPORT_IPV6
+#define NDPI_PROTOCOL_HISTORY_SIZE 3
+
+#define NDPI_PROTOCOL_UNKNOWN 0
+
+#define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN
+
+#define NDPI_PROTOCOL_IP_VRRP 73
+#define NDPI_PROTOCOL_IP_IPSEC 79
+#define NDPI_PROTOCOL_IP_GRE 80
+#define NDPI_PROTOCOL_IP_ICMP 81
+#define NDPI_PROTOCOL_IP_IGMP 82
+#define NDPI_PROTOCOL_IP_EGP 83
+#define NDPI_PROTOCOL_IP_SCTP 84
+#define NDPI_PROTOCOL_IP_OSPF 85
+#define NDPI_PROTOCOL_IP_IP_IN_IP 86
+#define NDPI_PROTOCOL_IP_ICMPV6 102
+
+#define NDPI_PROTOCOL_HTTP 7
+#define NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV 60
+#define NDPI_PROTOCOL_SSL_NO_CERT 64 /* SSL without certificate (Skype, Ultrasurf?) - ntop.org */
+#define NDPI_PROTOCOL_SSL 91
+#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110
+#define NDPI_PROTOCOL_HTTP_CONNECT 130
+#define NDPI_PROTOCOL_HTTP_PROXY 131
+#define NDPI_PROTOCOL_SOCKS5 172 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_PROTOCOL_SOCKS4 173 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+
+#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_PROTOCOL_MAIL_POP 2
+#define NDPI_PROTOCOL_MAIL_SMTP 3
+#define NDPI_PROTOCOL_MAIL_IMAP 4
+#define NDPI_PROTOCOL_DNS 5
+#define NDPI_PROTOCOL_IPP 6
+#define NDPI_PROTOCOL_MDNS 8
+#define NDPI_PROTOCOL_NTP 9
+#define NDPI_PROTOCOL_NETBIOS 10
+#define NDPI_PROTOCOL_NFS 11
+#define NDPI_PROTOCOL_SSDP 12
+#define NDPI_PROTOCOL_BGP 13
+#define NDPI_PROTOCOL_SNMP 14
+#define NDPI_PROTOCOL_XDMCP 15
+#define NDPI_PROTOCOL_SMB 16
+#define NDPI_PROTOCOL_SYSLOG 17
+#define NDPI_PROTOCOL_DHCP 18
+#define NDPI_PROTOCOL_POSTGRES 19
+#define NDPI_PROTOCOL_MYSQL 20
+#define NDPI_PROTOCOL_TDS 21
+#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22
+#define NDPI_PROTOCOL_MAIL_POPS 23
+#define NDPI_PROTOCOL_APPLEJUICE 24
+#define NDPI_PROTOCOL_DIRECTCONNECT 25
+#define NDPI_PROTOCOL_SOCRATES 26
+#define NDPI_PROTOCOL_WINMX 27
+#define NDPI_PROTOCOL_VMWARE 28
+#define NDPI_PROTOCOL_MAIL_SMTPS 29
+#define NDPI_PROTOCOL_FILETOPIA 30
+#define NDPI_PROTOCOL_IMESH 31
+#define NDPI_PROTOCOL_KONTIKI 32
+#define NDPI_PROTOCOL_OPENFT 33
+#define NDPI_PROTOCOL_FASTTRACK 34
+#define NDPI_PROTOCOL_GNUTELLA 35
+#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_PROTOCOL_BITTORRENT 37
+#define NDPI_PROTOCOL_EPP 38
+#define NDPI_PROTOCOL_XBOX 47
+#define NDPI_PROTOCOL_QQ 48
+#define NDPI_PROTOCOL_MOVE 49
+#define NDPI_PROTOCOL_RTSP 50
+#define NDPI_PROTOCOL_MAIL_IMAPS 51
+#define NDPI_PROTOCOL_ICECAST 52
+#define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_PROTOCOL_PPSTREAM 54
+#define NDPI_PROTOCOL_ZATTOO 55
+#define NDPI_PROTOCOL_SHOUTCAST 56
+#define NDPI_PROTOCOL_SOPCAST 57
+#define NDPI_PROTOCOL_TVANTS 58
+#define NDPI_PROTOCOL_TVUPLAYER 59
+#define NDPI_PROTOCOL_QQLIVE 61
+#define NDPI_PROTOCOL_THUNDER 62
+#define NDPI_PROTOCOL_SOULSEEK 63
+#define NDPI_PROTOCOL_IRC 65
+#define NDPI_PROTOCOL_AYIYA 66
+#define NDPI_PROTOCOL_UNENCRYPED_JABBER 67
+#define NDPI_PROTOCOL_MSN 68
+#define NDPI_PROTOCOL_OSCAR 69
+#define NDPI_PROTOCOL_YAHOO 70
+#define NDPI_PROTOCOL_BATTLEFIELD 71
+#define NDPI_PROTOCOL_QUAKE 72
+#define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_PROTOCOL_HALFLIFE2 75
+#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76
+#define NDPI_PROTOCOL_TELNET 77
+#define NDPI_PROTOCOL_STUN 78
+#define NDPI_PROTOCOL_RTP 87
+#define NDPI_PROTOCOL_RDP 88
+#define NDPI_PROTOCOL_VNC 89
+#define NDPI_PROTOCOL_PCANYWHERE 90
+#define NDPI_PROTOCOL_SSH 92
+#define NDPI_PROTOCOL_USENET 93
+#define NDPI_PROTOCOL_MGCP 94
+#define NDPI_PROTOCOL_IAX 95
+#define NDPI_PROTOCOL_TFTP 96
+#define NDPI_PROTOCOL_AFP 97
+#define NDPI_PROTOCOL_STEALTHNET 98
+#define NDPI_PROTOCOL_AIMINI 99
+#define NDPI_PROTOCOL_SIP 100
+#define NDPI_PROTOCOL_TRUPHONE 101
+#define NDPI_PROTOCOL_DHCPV6 103
+#define NDPI_PROTOCOL_ARMAGETRON 104
+#define NDPI_PROTOCOL_CROSSFIRE 105
+#define NDPI_PROTOCOL_DOFUS 106
+#define NDPI_PROTOCOL_FIESTA 107
+#define NDPI_PROTOCOL_FLORENSIA 108
+#define NDPI_PROTOCOL_GUILDWARS 109
+#define NDPI_PROTOCOL_KERBEROS 111
+#define NDPI_PROTOCOL_LDAP 112
+#define NDPI_PROTOCOL_MAPLESTORY 113
+#define NDPI_PROTOCOL_MSSQL 114
+#define NDPI_PROTOCOL_PPTP 115
+#define NDPI_PROTOCOL_WARCRAFT3 116
+#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117
+#define NDPI_PROTOCOL_MEEBO 118
+#define NDPI_PROTOCOL_DROPBOX 121
+#define NDPI_PROTOCOL_SKYPE 125
+#define NDPI_PROTOCOL_DCERPC 127
+#define NDPI_PROTOCOL_NETFLOW 128
+#define NDPI_PROTOCOL_SFLOW 129
+#define NDPI_PROTOCOL_CITRIX 132
+#define NDPI_PROTOCOL_SKYFILE_PREPAID 136
+#define NDPI_PROTOCOL_SKYFILE_RUDICS 137
+#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138
+#define NDPI_PROTOCOL_CITRIX_ONLINE 139
+#define NDPI_PROTOCOL_WEBEX 141
+#define NDPI_PROTOCOL_VIBER 144
+#define NDPI_PROTOCOL_RADIUS 146
+#define NDPI_PROTOCOL_WINDOWS_UPDATE 147 /* Thierry Laurion */
+#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */
+#define NDPI_PROTOCOL_LOTUS_NOTES 150
+#define NDPI_PROTOCOL_SAP 151
+#define NDPI_PROTOCOL_GTP 152
+#define NDPI_PROTOCOL_UPNP 153
+#define NDPI_PROTOCOL_LLMNR 154
+#define NDPI_PROTOCOL_REMOTE_SCAN 155
+#define NDPI_PROTOCOL_SPOTIFY 156
+#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_WHOIS_DAS 170
+#define NDPI_PROTOCOL_COLLECTD 171
+#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_PROTOCOL_ZMQ 177
+#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa <g.costa@xplico.org> */
+#define NDPI_PROTOCOL_REDIS 182
+#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_PROTOCOL_VHUA 184
+#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa <g.costa@xplico.org> */
+
+
+#define NDPI_CONTENT_AVI 39
+#define NDPI_CONTENT_FLASH 40
+#define NDPI_CONTENT_OGG 41
+#define NDPI_CONTENT_MPEG 42
+#define NDPI_CONTENT_QUICKTIME 43
+#define NDPI_CONTENT_REALMEDIA 44
+#define NDPI_CONTENT_WINDOWSMEDIA 45
+#define NDPI_CONTENT_MMS 46
+#define NDPI_CONTENT_WEBM 157
+
+#define NDPI_SERVICE_FACEBOOK 119
+#define NDPI_SERVICE_TWITTER 120
+#define NDPI_SERVICE_GMAIL 122
+#define NDPI_SERVICE_GOOGLE_MAPS 123
+#define NDPI_SERVICE_YOUTUBE 124
+#define NDPI_SERVICE_VEVO 188
+#define NDPI_SERVICE_GOOGLE 126
+#define NDPI_SERVICE_NETFLIX 133
+#define NDPI_SERVICE_LASTFM 134
+#define NDPI_SERVICE_GROOVESHARK 135
+#define NDPI_SERVICE_APPLE 140
+#define NDPI_SERVICE_WHATSAPP 142
+#define NDPI_SERVICE_APPLE_ICLOUD 143
+#define NDPI_SERVICE_APPLE_ITUNES 145
+#define NDPI_SERVICE_TUENTI 149
+#define NDPI_SERVICE_WIKIPEDIA 176 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_MSN NDPI_PROTOCOL_MSN /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_AMAZON 178 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_EBAY 179 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_CNN 180 /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_DROPBOX NDPI_PROTOCOL_DROPBOX /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_SKYPE NDPI_PROTOCOL_SKYPE /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_VIBER NDPI_PROTOCOL_VIBER /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_YAHOO NDPI_PROTOCOL_YAHOO /* Tomasz Bujlow <tomasz@skatnet.dk> */
+#define NDPI_SERVICE_FACEBOOK_CHAT 186
+#define NDPI_SERVICE_PANDORA 187
+
+/* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE (NDPI_SERVICE_VEVO) */
+#define NDPI_LAST_IMPLEMENTED_PROTOCOL 188
+
+#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
+#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
+#endif
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
new file mode 100644
index 000000000..5ab0da83a
--- /dev/null
+++ b/src/include/ndpi_protocols.h
@@ -0,0 +1,181 @@
+/*
+ * ndpi_protocols.h
+ *
+ * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2009-2011 by ipoque GmbH
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#ifndef __NDPI_PROTOCOLS_INCLUDE_FILE__
+#define __NDPI_PROTOCOLS_INCLUDE_FILE__
+
+#include "ndpi_main.h"
+
+
+/* TCP/UDP protocols */
+u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct,
+ u_int8_t protocol,
+ u_int32_t saddr, u_int32_t daddr,
+ u_int16_t sport, u_int16_t dport);
+
+void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+
+/* Applications and other protocols. */
+void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_bittorrent_init(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t size,u_int32_t timeout);
+void ndpi_bittorrent_done(struct ndpi_detection_module_struct *ndpi_struct);
+int ndpi_bittorrent_gc(struct hash_ip4p_table *ht,int key,time_t now);
+
+void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_winmx_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_directconnect(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_applejuice_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_i23v5(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_socrates(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_msn(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_yahoo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_oscar(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_sip(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_direct_download_link_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_http_subprotocol_conf(struct ndpi_detection_module_struct *ndpi_struct, char *attr, char *value, int protocol_id);
+void ndpi_search_ftp_control(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_ftp_data(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_usenet_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_filetopia_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_vmware(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_imesh_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_mms_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_veohtv_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_openft_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_tvants_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_sopcast(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_ppstream(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_pplive(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_iax(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_mgcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_zattoo(struct ndpi_detection_module_struct*ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_qq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_feidian(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_thunder(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_activesync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_in_non_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_halflife2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_telnet_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_ntp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_nfs(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_ssdp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_bgp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_quake(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_battlefield(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_secondlife(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_pcanywhere(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_kontiki(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_syslog(struct ndpi_detection_module_struct*ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_tds_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_warcraft3(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_xdmcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_tftp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_mssql(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_pptp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_stealthnet(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_dhcpv6_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_meebo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_afp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_world_of_kung_fu(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_crossfire_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_guildwars_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_dropbox(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_citrix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_dcerpc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_netflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_radius(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_wsus(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_lotus_notes(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_gtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_spotify(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_openvpn(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_teamspeak(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_corba(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_skinny(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_tor(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_whois_das(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_socks5(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_socks4(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_rtmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_pando(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_redis(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_zmq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_twitter(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_vhua(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+
+#endif /* __NDPI_PROTOCOLS_INCLUDE_FILE__ */
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
new file mode 100644
index 000000000..5bdd5a6e6
--- /dev/null
+++ b/src/include/ndpi_typedefs.h
@@ -0,0 +1,852 @@
+/*
+ * ndpi_typedefs.h
+ *
+ * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2009-11 - ipoque GmbH
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef __NDPI_TYPEDEFS_FILE__
+#define __NDPI_TYPEDEFS_FILE__
+
+typedef enum {
+ NDPI_LOG_ERROR,
+ NDPI_LOG_TRACE,
+ NDPI_LOG_DEBUG
+} ndpi_log_level_t;
+
+typedef void (*ndpi_debug_function_ptr) (u_int32_t protocol,
+ void *module_struct, ndpi_log_level_t log_level,
+ const char *format, ...);
+#define BT_ANNOUNCE
+
+typedef enum {
+ ndpi_preorder,
+ ndpi_postorder,
+ ndpi_endorder,
+ ndpi_leaf
+} ndpi_VISIT;
+
+typedef struct node_t {
+ char *key;
+ struct node_t *left, *right;
+} ndpi_node;
+
+typedef u_int32_t ndpi_ndpi_mask;
+
+typedef struct ndpi_protocol_bitmask_struct {
+ ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS];
+} ndpi_protocol_bitmask_struct_t;
+
+#ifdef NDPI_DETECTION_SUPPORT_IPV6
+struct ndpi_ip6_addr {
+ union {
+ u_int8_t u6_addr8[16];
+ u_int16_t u6_addr16[8];
+ u_int32_t u6_addr32[4];
+ u_int64_t u6_addr64[2];
+ } ndpi_v6_u;
+
+#define ndpi_v6_addr ndpi_v6_u.u6_addr8
+#define ndpi_v6_addr16 ndpi_v6_u.u6_addr16
+#define ndpi_v6_addr32 ndpi_v6_u.u6_addr32
+#define ndpi_v6_addr64 ndpi_v6_u.u6_addr64
+};
+
+struct ndpi_ipv6hdr {
+ /* use userspace and kernelspace compatible compile parameters */
+#if defined(__LITTLE_ENDIAN__)
+ u_int8_t priority:4, version:4;
+#elif defined(__BIG_ENDIAN__)
+ u_int8_t version:4, priority:4;
+#else
+# error "Byte order must be defined"
+#endif
+
+ u_int8_t flow_lbl[3];
+
+ u_int16_t payload_len;
+ u_int8_t nexthdr;
+ u_int8_t hop_limit;
+
+ struct ndpi_ip6_addr saddr;
+ struct ndpi_ip6_addr daddr;
+};
+#endif /* NDPI_DETECTION_SUPPORT_IPV6 */
+
+typedef union {
+ u_int32_t ipv4;
+ u_int8_t ipv4_u_int8_t[4];
+#ifdef NDPI_DETECTION_SUPPORT_IPV6
+ struct ndpi_ip6_addr ipv6;
+#endif
+} ndpi_ip_addr_t;
+
+
+#ifdef NDPI_PROTOCOL_BITTORRENT
+#ifndef __KERNEL__
+typedef struct spinlock {
+ volatile int val;
+} spinlock_t;
+typedef struct atomic {
+ volatile int counter;
+} atomic_t;
+
+#endif
+
+struct hash_ip4p_node {
+ struct hash_ip4p_node *next,*prev;
+ time_t lchg;
+ u_int16_t port,count:12,flag:4;
+ u_int32_t ip;
+ // + 12 bytes for ipv6
+};
+
+struct hash_ip4p {
+ struct hash_ip4p_node *top;
+ spinlock_t lock;
+ size_t len;
+};
+
+struct hash_ip4p_table {
+ size_t size;
+ int ipv6;
+ spinlock_t lock;
+ atomic_t count;
+ struct hash_ip4p tbl[0];
+};
+
+struct bt_announce { // 192 bytes
+ u_int32_t hash[5];
+ u_int32_t ip[4];
+ u_int32_t time;
+ u_int16_t port;
+ u_int8_t name_len,
+ name[192 - 4*10 - 2 - 1]; // 149 bytes
+};
+#endif
+
+typedef enum {
+ HTTP_METHOD_UNKNOWN = 0,
+ HTTP_METHOD_OPTIONS,
+ HTTP_METHOD_GET,
+ HTTP_METHOD_HEAD,
+ HTTP_METHOD_POST,
+ HTTP_METHOD_PUT,
+ HTTP_METHOD_DELETE,
+ HTTP_METHOD_TRACE,
+ HTTP_METHOD_CONNECT
+} ndpi_http_method;
+
+typedef struct ndpi_id_struct {
+ /* detected_protocol_bitmask:
+ * access this bitmask to find out whether an id has used skype or not
+ * if a flag is set here, it will not be resetted
+ * to compare this, use:
+ * if (NDPI_BITMASK_COMPARE(id->detected_protocol_bitmask,
+ * NDPI_PROTOCOL_BITMASK_XXX) != 0)
+ * {
+ * // protocol XXX detected on this id
+ * }
+ */
+ NDPI_PROTOCOL_BITMASK detected_protocol_bitmask;
+#ifdef NDPI_PROTOCOL_RTSP
+ ndpi_ip_addr_t rtsp_ip_address;
+#endif
+#ifdef NDPI_PROTOCOL_SIP
+#ifdef NDPI_PROTOCOL_YAHOO
+ u_int32_t yahoo_video_lan_timer;
+#endif
+#endif
+/* NDPI_PROTOCOL_IRC_MAXPORT % 2 must be 0 */
+#ifdef NDPI_PROTOCOL_IRC
+#define NDPI_PROTOCOL_IRC_MAXPORT 8
+ u_int16_t irc_port[NDPI_PROTOCOL_IRC_MAXPORT];
+ u_int32_t last_time_port_used[NDPI_PROTOCOL_IRC_MAXPORT];
+ u_int32_t irc_ts;
+#endif
+#ifdef NDPI_PROTOCOL_GNUTELLA
+ u_int32_t gnutella_ts;
+#endif
+#ifdef NDPI_PROTOCOL_BATTLEFIELD
+ u_int32_t battlefield_ts;
+#endif
+#ifdef NDPI_PROTOCOL_THUNDER
+ u_int32_t thunder_ts;
+#endif
+#ifdef NDPI_PROTOCOL_RTSP
+ u_int32_t rtsp_timer;
+#endif
+#ifdef NDPI_PROTOCOL_OSCAR
+ u_int32_t oscar_last_safe_access_time;
+#endif
+#ifdef NDPI_PROTOCOL_ZATTOO
+ u_int32_t zattoo_ts;
+#endif
+#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER
+ u_int32_t jabber_stun_or_ft_ts;
+#endif
+#ifdef NDPI_PROTOCOL_DIRECTCONNECT
+ u_int32_t directconnect_last_safe_access_time;
+#endif
+#ifdef NDPI_PROTOCOL_SOULSEEK
+ u_int32_t soulseek_last_safe_access_time;
+#endif
+#ifdef NDPI_PROTOCOL_DIRECTCONNECT
+ u_int16_t detected_directconnect_port;
+ u_int16_t detected_directconnect_udp_port;
+ u_int16_t detected_directconnect_ssl_port;
+#endif
+#ifdef NDPI_PROTOCOL_BITTORRENT
+#define NDPI_BT_PORTS 8
+ u_int16_t bt_port_t[NDPI_BT_PORTS];
+ u_int16_t bt_port_u[NDPI_BT_PORTS];
+#endif
+#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER
+#define JABBER_MAX_STUN_PORTS 6
+ u_int16_t jabber_voice_stun_port[JABBER_MAX_STUN_PORTS];
+ u_int16_t jabber_file_transfer_port[2];
+#endif
+#ifdef NDPI_PROTOCOL_GNUTELLA
+ u_int16_t detected_gnutella_port;
+#endif
+#ifdef NDPI_PROTOCOL_GNUTELLA
+ u_int16_t detected_gnutella_udp_port1;
+ u_int16_t detected_gnutella_udp_port2;
+#endif
+#ifdef NDPI_PROTOCOL_SOULSEEK
+ u_int16_t soulseek_listen_port;
+#endif
+#ifdef NDPI_PROTOCOL_IRC
+ u_int8_t irc_number_of_port;
+#endif
+#ifdef NDPI_PROTOCOL_OSCAR
+ u_int8_t oscar_ssl_session_id[33];
+#endif
+#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER
+ u_int8_t jabber_voice_stun_used_ports;
+#endif
+#ifdef NDPI_PROTOCOL_SIP
+#ifdef NDPI_PROTOCOL_YAHOO
+ u_int32_t yahoo_video_lan_dir:1;
+#endif
+#endif
+#ifdef NDPI_PROTOCOL_YAHOO
+ u_int32_t yahoo_conf_logged_in:1;
+ u_int32_t yahoo_voice_conf_logged_in:1;
+#endif
+#ifdef NDPI_PROTOCOL_RTSP
+ u_int32_t rtsp_ts_set:1;
+#endif
+} ndpi_id_struct;
+
+/* ************************************************** */
+
+struct ndpi_flow_tcp_struct {
+#ifdef NDPI_PROTOCOL_MAIL_SMTP
+ u_int16_t smtp_command_bitmask;
+#endif
+#ifdef NDPI_PROTOCOL_MAIL_POP
+ u_int16_t pop_command_bitmask;
+#endif
+#ifdef NDPI_PROTOCOL_QQ
+ u_int16_t qq_nxt_len;
+#endif
+#ifdef NDPI_PROTOCOL_TDS
+ u_int8_t tds_login_version;
+#endif
+#ifdef NDPI_PROTOCOL_IRC
+ u_int8_t irc_stage;
+ u_int8_t irc_port;
+#endif
+#ifdef NDPI_PROTOCOL_H323
+ u_int8_t h323_valid_packets;
+#endif
+#ifdef NDPI_PROTOCOL_GNUTELLA
+ u_int8_t gnutella_msg_id[3];
+#endif
+#ifdef NDPI_PROTOCOL_IRC
+ u_int32_t irc_3a_counter:3;
+ u_int32_t irc_stage2:5;
+ u_int32_t irc_direction:2;
+ u_int32_t irc_0x1000_full:1;
+#endif
+#ifdef NDPI_PROTOCOL_WINMX
+ u_int32_t winmx_stage:1; // 0-1
+#endif
+#ifdef NDPI_PROTOCOL_SOULSEEK
+ u_int32_t soulseek_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_FILETOPIA
+ u_int32_t filetopia_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_TDS
+ u_int32_t tds_stage:3;
+#endif
+#ifdef NDPI_PROTOCOL_USENET
+ u_int32_t usenet_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_IMESH
+ u_int32_t imesh_stage:4;
+#endif
+#ifdef NDPI_PROTOCOL_HTTP
+ u_int32_t http_setup_dir:2;
+ u_int32_t http_stage:2;
+ u_int32_t http_empty_line_seen:1;
+ u_int32_t http_wait_for_retransmission:1;
+#endif // NDPI_PROTOCOL_HTTP
+#ifdef NDPI_PROTOCOL_GNUTELLA
+ u_int32_t gnutella_stage:2; //0-2
+#endif
+#ifdef NDPI_CONTENT_MMS
+ u_int32_t mms_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_YAHOO
+ u_int32_t yahoo_sip_comm:1;
+ u_int32_t yahoo_http_proxy_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_MSN
+ u_int32_t msn_stage:3;
+ u_int32_t msn_ssl_ft:2;
+#endif
+#ifdef NDPI_PROTOCOL_SSH
+ u_int32_t ssh_stage:3;
+#endif
+#ifdef NDPI_PROTOCOL_VNC
+ u_int32_t vnc_stage:2; // 0 - 3
+#endif
+#ifdef NDPI_PROTOCOL_TELNET
+ u_int32_t telnet_stage:2; // 0 - 2
+#endif
+#ifdef NDPI_PROTOCOL_SSL
+ u_int8_t ssl_stage:2, ssl_seen_client_cert:1, ssl_seen_server_cert:1; // 0 - 5
+#endif
+#ifdef NDPI_PROTOCOL_POSTGRES
+ u_int32_t postgres_stage:3;
+#endif
+#ifdef NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK
+ u_int32_t ddlink_server_direction:1;
+#endif
+ u_int32_t seen_syn:1;
+ u_int32_t seen_syn_ack:1;
+ u_int32_t seen_ack:1;
+#ifdef NDPI_PROTOCOL_ICECAST
+ u_int32_t icecast_stage:1;
+#endif
+#ifdef NDPI_PROTOCOL_DOFUS
+ u_int32_t dofus_stage:1;
+#endif
+#ifdef NDPI_PROTOCOL_FIESTA
+ u_int32_t fiesta_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_WORLDOFWARCRAFT
+ u_int32_t wow_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV
+ u_int32_t veoh_tv_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_SHOUTCAST
+ u_int32_t shoutcast_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_RTP
+ u_int32_t rtp_special_packets_seen:1;
+#endif
+#ifdef NDPI_PROTOCOL_MAIL_POP
+ u_int32_t mail_pop_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_MAIL_IMAP
+ u_int32_t mail_imap_stage:3;
+#endif
+
+#ifdef NDPI_PROTOCOL_SKYPE
+ u_int8_t skype_packet_id;
+#endif
+
+#ifdef NDPI_PROTOCOL_CITRIX
+ u_int8_t citrix_packet_id;
+#endif
+
+#ifdef NDPI_PROTOCOL_LOTUS_NOTES
+ u_int8_t lotus_notes_packet_id;
+#endif
+
+#ifdef NDPI_PROTOCOL_TEAMVIEWER
+ u_int8_t teamviewer_stage;
+#endif
+
+#ifdef NDPI_PROTOCOL_ZMQ
+ u_int8_t prev_zmq_pkt_len;
+ u_char prev_zmq_pkt[10];
+#endif
+}
+#if !defined(WIN32)
+ __attribute__ ((__packed__))
+#endif
+ ;
+
+/* ************************************************** */
+
+struct ndpi_flow_udp_struct {
+#ifdef NDPI_PROTOCOL_BATTLEFIELD
+ u_int32_t battlefield_msg_id;
+#endif
+#ifdef NDPI_PROTOCOL_SNMP
+ u_int32_t snmp_msg_id;
+#endif
+#ifdef NDPI_PROTOCOL_BATTLEFIELD
+ u_int32_t battlefield_stage:3;
+#endif
+#ifdef NDPI_PROTOCOL_SNMP
+ u_int32_t snmp_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_PPSTREAM
+ u_int32_t ppstream_stage:3; // 0-7
+#endif
+#ifdef NDPI_PROTOCOL_HALFLIFE2
+ u_int32_t halflife2_stage:2; // 0 - 2
+#endif
+#ifdef NDPI_PROTOCOL_TFTP
+ u_int32_t tftp_stage:1;
+#endif
+#ifdef NDPI_PROTOCOL_AIMINI
+ u_int32_t aimini_stage:5;
+#endif
+#ifdef NDPI_PROTOCOL_XBOX
+ u_int32_t xbox_stage:1;
+#endif
+#ifdef NDPI_PROTOCOL_WINDOWS_UPDATE
+ u_int32_t wsus_stage:1;
+#endif
+#ifdef NDPI_PROTOCOL_SKYPE
+ u_int8_t skype_packet_id;
+#endif
+#ifdef NDPI_PROTOCOL_TEAMVIEWER
+ u_int8_t teamviewer_stage;
+#endif
+}
+#if !defined(WIN32)
+ __attribute__ ((__packed__))
+#endif
+ ;
+
+/* ************************************************** */
+
+typedef struct ndpi_int_one_line_struct {
+ const u_int8_t *ptr;
+ u_int16_t len;
+} ndpi_int_one_line_struct_t;
+
+typedef struct ndpi_packet_struct {
+ const struct ndpi_iphdr *iph;
+#ifdef NDPI_DETECTION_SUPPORT_IPV6
+ const struct ndpi_ipv6hdr *iphv6;
+#endif
+ const struct ndpi_tcphdr *tcp;
+ const struct ndpi_udphdr *udp;
+ const u_int8_t *generic_l4_ptr; /* is set only for non tcp-udp traffic */
+ const u_int8_t *payload;
+
+ u_int32_t tick_timestamp;
+ u_int64_t tick_timestamp_l;
+
+ u_int16_t detected_protocol_stack[NDPI_PROTOCOL_HISTORY_SIZE];
+ u_int8_t detected_subprotocol_stack[NDPI_PROTOCOL_HISTORY_SIZE];
+
+ /* this is for simple read-only access to the real protocol
+ * used for the main loop */
+ u_int16_t real_protocol_read_only;
+
+#if NDPI_PROTOCOL_HISTORY_SIZE > 1
+# if NDPI_PROTOCOL_HISTORY_SIZE > 5
+# error protocol stack size not supported
+# endif
+
+ struct {
+ u_int8_t entry_is_real_protocol:5;
+ u_int8_t current_stack_size_minus_one:3;
+ }
+#if !defined(WIN32)
+ __attribute__ ((__packed__))
+#endif
+ protocol_stack_info;
+#endif
+
+ struct ndpi_int_one_line_struct line[NDPI_MAX_PARSE_LINES_PER_PACKET];
+ struct ndpi_int_one_line_struct host_line;
+ struct ndpi_int_one_line_struct forwarded_line;
+ struct ndpi_int_one_line_struct referer_line;
+ struct ndpi_int_one_line_struct content_line;
+ struct ndpi_int_one_line_struct accept_line;
+ struct ndpi_int_one_line_struct user_agent_line;
+ struct ndpi_int_one_line_struct http_url_name;
+ struct ndpi_int_one_line_struct http_encoding;
+ struct ndpi_int_one_line_struct http_transfer_encoding;
+ struct ndpi_int_one_line_struct http_contentlen;
+ struct ndpi_int_one_line_struct http_cookie;
+ struct ndpi_int_one_line_struct http_origin;
+ struct ndpi_int_one_line_struct http_x_session_type;
+ struct ndpi_int_one_line_struct server_line;
+ struct ndpi_int_one_line_struct http_method;
+ struct ndpi_int_one_line_struct http_response;
+
+ u_int16_t l3_packet_len;
+ u_int16_t l4_packet_len;
+ u_int16_t payload_packet_len;
+ u_int16_t actual_payload_len;
+ u_int16_t num_retried_bytes;
+ u_int16_t parsed_lines;
+ u_int16_t parsed_unix_lines;
+ u_int16_t empty_line_position;
+ u_int8_t tcp_retransmission;
+ u_int8_t l4_protocol;
+
+ u_int8_t ssl_certificate_detected:4, ssl_certificate_num_checks:4;
+ u_int8_t packet_lines_parsed_complete:1,
+ packet_direction:1,
+ empty_line_position_set:1;
+} ndpi_packet_struct_t;
+
+struct ndpi_detection_module_struct;
+struct ndpi_flow_struct;
+
+typedef struct ndpi_call_function_struct {
+ NDPI_PROTOCOL_BITMASK detection_bitmask;
+ NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask;
+ NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask;
+ void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow);
+ u_int8_t detection_feature;
+} ndpi_call_function_struct_t;
+
+typedef struct ndpi_subprotocol_conf_struct {
+ void (*func) (struct ndpi_detection_module_struct *, char *attr, char *value, int protocol_id);
+} ndpi_subprotocol_conf_struct_t;
+
+
+typedef struct {
+ u_int16_t port_low, port_high;
+} ndpi_port_range;
+
+typedef enum {
+ NDPI_PROTOCOL_SAFE = 0, /* Safe protocol with encryption */
+ NDPI_PROTOCOL_ACCEPTABLE, /* Ok but not encrypted */
+ NDPI_PROTOCOL_FUN, /* Pure fun protocol */
+ NDPI_PROTOCOL_UNSAFE, /* Protocol with a safe version existing what should be used instead */
+ NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Be prepared to troubles */
+ NDPI_PROTOCOL_UNRATED /* No idea */
+} ndpi_protocol_breed_t;
+
+#define NUM_BREEDS (NDPI_PROTOCOL_UNRATED+1)
+
+/* ntop extensions */
+typedef struct ndpi_proto_defaults {
+ char *protoName;
+ u_int16_t protoId, protoIdx;
+ u_int16_t master_tcp_protoId[2], master_udp_protoId[2]; /* The main protocols on which this sub-protocol sits on */
+ ndpi_protocol_breed_t protoBreed;
+ void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow);
+} ndpi_proto_defaults_t;
+
+typedef struct ndpi_default_ports_tree_node {
+ ndpi_proto_defaults_t *proto;
+ u_int16_t default_port;
+} ndpi_default_ports_tree_node_t;
+
+typedef struct _ndpi_automa {
+ void *ac_automa; /* Real type is AC_AUTOMATA_t */
+ u_int8_t ac_automa_finalized;
+} ndpi_automa;
+
+typedef struct ndpi_detection_module_struct {
+ NDPI_PROTOCOL_BITMASK detection_bitmask;
+ NDPI_PROTOCOL_BITMASK generic_http_packet_bitmask;
+
+ u_int32_t current_ts;
+ u_int32_t ticks_per_second;
+
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
+ void *user_data;
+#endif
+ /* callback function buffer */
+ struct ndpi_call_function_struct callback_buffer[NDPI_MAX_SUPPORTED_PROTOCOLS + 1];
+ u_int32_t callback_buffer_size;
+
+ struct ndpi_call_function_struct callback_buffer_tcp_no_payload[NDPI_MAX_SUPPORTED_PROTOCOLS + 1];
+ u_int32_t callback_buffer_size_tcp_no_payload;
+
+ struct ndpi_call_function_struct callback_buffer_tcp_payload[NDPI_MAX_SUPPORTED_PROTOCOLS + 1];
+ u_int32_t callback_buffer_size_tcp_payload;
+
+ struct ndpi_call_function_struct callback_buffer_udp[NDPI_MAX_SUPPORTED_PROTOCOLS + 1];
+ u_int32_t callback_buffer_size_udp;
+
+ struct ndpi_call_function_struct callback_buffer_non_tcp_udp[NDPI_MAX_SUPPORTED_PROTOCOLS + 1];
+ u_int32_t callback_buffer_size_non_tcp_udp;
+
+ ndpi_default_ports_tree_node_t *tcpRoot, *udpRoot;
+
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
+ /* debug callback, only set when debug is used */
+ ndpi_debug_function_ptr ndpi_debug_printf;
+ const char *ndpi_debug_print_file;
+ const char *ndpi_debug_print_function;
+ u_int32_t ndpi_debug_print_line;
+#endif
+ /* misc parameters */
+ u_int32_t tcp_max_retransmission_window_size;
+
+ u_int32_t directconnect_connection_ip_tick_timeout;
+
+ /* subprotocol registration handler */
+ struct ndpi_subprotocol_conf_struct subprotocol_conf[NDPI_MAX_SUPPORTED_PROTOCOLS + 1];
+
+ u_int ndpi_num_supported_protocols;
+ u_int ndpi_num_custom_protocols;
+
+ /* HTTP/DNS/HTTPS host matching */
+ ndpi_automa host_automa, content_automa, bigrams_automa, impossible_bigrams_automa;
+
+ /* IP-based protocol detection */
+ void *protocols_ptree;
+
+ /* irc parameters */
+ u_int32_t irc_timeout;
+ /* gnutella parameters */
+ u_int32_t gnutella_timeout;
+ /* battlefield parameters */
+ u_int32_t battlefield_timeout;
+ /* thunder parameters */
+ u_int32_t thunder_timeout;
+ /* SoulSeek parameters */
+ u_int32_t soulseek_connection_ip_tick_timeout;
+ /* rtsp parameters */
+ u_int32_t rtsp_connection_timeout;
+ /* tvants parameters */
+ u_int32_t tvants_connection_timeout;
+ u_int32_t orb_rstp_ts_timeout;
+ /* yahoo */
+ // u_int32_t yahoo_http_filetransfer_timeout;
+ u_int8_t yahoo_detect_http_connections;
+ u_int32_t yahoo_lan_video_timeout;
+ u_int32_t zattoo_connection_timeout;
+ u_int32_t jabber_stun_timeout;
+ u_int32_t jabber_file_transfer_timeout;
+#ifdef NDPI_ENABLE_DEBUG_MESSAGES
+#define NDPI_IP_STRING_SIZE 40
+ char ip_string[NDPI_IP_STRING_SIZE];
+#endif
+ u_int8_t ip_version_limit;
+ /* ********************* */
+#ifdef NDPI_PROTOCOL_BITTORRENT
+ struct hash_ip4p_table *bt_ht;
+#ifdef NDPI_DETECTION_SUPPORT_IPV6
+ struct hash_ip4p_table *bt6_ht;
+#endif
+#ifdef BT_ANNOUNCE
+ struct bt_announce *bt_ann;
+ int bt_ann_len;
+#endif
+#endif
+
+ ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS];
+
+ u_int8_t match_dns_host_names:1, http_dissect_response:1;
+ u_int8_t direction_detect_disable:1; /* disable internal detection of packet direction */
+} ndpi_detection_module_struct_t;
+
+typedef struct ndpi_flow_struct {
+ u_int16_t detected_protocol_stack[NDPI_PROTOCOL_HISTORY_SIZE];
+#if NDPI_PROTOCOL_HISTORY_SIZE > 1
+# if NDPI_PROTOCOL_HISTORY_SIZE > 5
+# error protocol stack size not supported
+# endif
+
+ struct {
+ u_int8_t entry_is_real_protocol:5;
+ u_int8_t current_stack_size_minus_one:3;
+ }
+
+#if !defined(WIN32)
+ __attribute__ ((__packed__))
+#endif
+ protocol_stack_info;
+#endif
+
+ /* init parameter, internal used to set up timestamp,... */
+ u_int16_t guessed_protocol_id;
+
+ u_int8_t protocol_id_already_guessed:1;
+ u_int8_t no_cache_protocol:1;
+ u_int8_t init_finished:1;
+ u_int8_t setup_packet_direction:1;
+ u_int8_t packet_direction:1; /* if ndpi_struct->direction_detect_disable == 1 */
+ /* tcp sequence number connection tracking */
+ u_int32_t next_tcp_seq_nr[2];
+
+ /* the tcp / udp / other l4 value union
+ * this is used to reduce the number of bytes for tcp or udp protocol states
+ * */
+ union {
+ struct ndpi_flow_tcp_struct tcp;
+ struct ndpi_flow_udp_struct udp;
+ } l4;
+
+ struct ndpi_id_struct *server_id; /*
+ Pointer to src or dst
+ that identifies the
+ server of this connection
+ */
+#ifndef __KERNEL__
+ u_char host_server_name[256]; /* HTTP host or DNS query */
+#else
+ u_char host_server_name[160];
+#endif
+ u_char detected_os[32]; /* Via HTTP User-Agent */
+ u_char nat_ip[24]; /* Via HTTP X-Forwarded-For */
+
+ /*
+ This structure below will not not stay inside the protos
+ structure below as HTTP is used by many subprotocols
+ such as FaceBook, Google... so it is hard to know
+ when to use it or not. Thus we leave it outside for the
+ time being.
+ */
+ struct {
+ ndpi_http_method method;
+ char *url, *content_type;
+ } http;
+
+ union {
+ struct {
+ u_int8_t num_queries, num_answers, ret_code;
+ u_int8_t bad_packet /* the received packet looks bad */;
+ u_int16_t query_type, query_class, rsp_type;
+ } dns;
+
+ struct {
+ char client_certificate[48], server_certificate[48];
+ } ssl;
+ } protos;
+ /* ALL protocol specific 64 bit variables here */
+
+ /* protocols which have marked a connection as this connection cannot be protocol XXX, multiple u_int64_t */
+ NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask;
+
+#if 0
+#ifdef NDPI_PROTOCOL_RTP
+ u_int32_t rtp_ssid[2];
+ u_int16_t rtp_seqnum[2]; /* current highest sequence number (only goes forwards, is not decreased by retransmissions) */
+ /* tcp and udp */
+ u_int8_t rtp_payload_type[2];
+ u_int32_t rtp_stage1:2; //0-3
+ u_int32_t rtp_stage2:2;
+#endif
+#endif
+
+#ifdef NDPI_PROTOCOL_REDIS
+ u_int8_t redis_s2d_first_char, redis_d2s_first_char;
+#endif
+
+ u_int16_t packet_counter; // can be 0-65000
+ u_int16_t packet_direction_counter[2];
+ u_int16_t byte_counter[2];
+
+#ifdef NDPI_PROTOCOL_BITTORRENT
+ u_int8_t bittorrent_stage; // can be 0-255
+#endif
+#ifdef NDPI_PROTOCOL_DIRECTCONNECT
+ u_int32_t directconnect_stage:2; // 0-1
+#endif
+#ifdef NDPI_PROTOCOL_SIP
+#ifdef NDPI_PROTOCOL_YAHOO
+ u_int32_t sip_yahoo_voice:1;
+#endif
+#endif
+#ifdef NDPI_PROTOCOL_HTTP
+ u_int32_t http_detected:1;
+#endif // NDPI_PROTOCOL_HTTP
+#ifdef NDPI_PROTOCOL_RTSP
+ u_int32_t rtsprdt_stage:2;
+ u_int32_t rtsp_control_flow:1;
+#endif
+
+#ifdef NDPI_PROTOCOL_YAHOO
+ u_int32_t yahoo_detection_finished:2;
+#endif
+#ifdef NDPI_PROTOCOL_ZATTOO
+ u_int32_t zattoo_stage:3;
+#endif
+#ifdef NDPI_PROTOCOL_QQ
+ u_int32_t qq_stage:3;
+#endif
+#ifdef NDPI_PROTOCOL_THUNDER
+ u_int32_t thunder_stage:2; // 0-3
+#endif
+#ifdef NDPI_PROTOCOL_OSCAR
+ u_int32_t oscar_ssl_voice_stage:3;
+ u_int32_t oscar_video_voice:1;
+#endif
+#ifdef NDPI_PROTOCOL_FLORENSIA
+ u_int32_t florensia_stage:1;
+#endif
+#ifdef NDPI_PROTOCOL_SOCKS5
+ u_int32_t socks5_stage:2; // 0-3
+#endif
+#ifdef NDPI_PROTOCOL_SOCKS4
+ u_int32_t socks4_stage:2; // 0-3
+#endif
+#ifdef NDPI_PROTOCOL_EDONKEY
+ u_int32_t edonkey_stage:2; // 0-3
+#endif
+#ifdef NDPI_PROTOCOL_FTP_CONTROL
+ u_int32_t ftp_control_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_FTP_DATA
+ u_int32_t ftp_data_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_RTMP
+ u_int32_t rtmp_stage:2;
+#endif
+#ifdef NDPI_PROTOCOL_PANDO
+ u_int32_t pando_stage:3;
+#endif
+#ifdef NDPI_PROTOCOL_STEAM
+ u_int32_t steam_stage:3;
+ u_int32_t steam_stage1:3; // 0 - 4
+ u_int32_t steam_stage2:2; // 0 - 2
+ u_int32_t steam_stage3:2; // 0 - 2
+#endif
+#ifdef NDPI_PROTOCOL_PPLIVE
+ u_int32_t pplive_stage1:3; // 0-6
+ u_int32_t pplive_stage2:2; // 0-2
+ u_int32_t pplive_stage3:2; // 0-2
+#endif
+
+ /* internal structures to save functions calls */
+ struct ndpi_packet_struct packet;
+ struct ndpi_flow_struct *flow;
+ struct ndpi_id_struct *src;
+ struct ndpi_id_struct *dst;
+} ndpi_flow_struct_t;
+
+typedef enum {
+ NDPI_REAL_PROTOCOL = 0,
+ NDPI_CORRELATED_PROTOCOL = 1
+} ndpi_protocol_type_t;
+
+#endif/* __NDPI_TYPEDEFS_FILE__ */
diff --git a/src/include/ndpi_unix.h b/src/include/ndpi_unix.h
new file mode 100644
index 000000000..79de7b43c
--- /dev/null
+++ b/src/include/ndpi_unix.h
@@ -0,0 +1,53 @@
+/*
+ * ndpi_unix.h
+ *
+ * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2009-2011 by ipoque GmbH
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef __NDPI_UNIX_INCLUDE_FILE__
+#define __NDPI_UNIX_INCLUDE_FILE__
+
+#include "linux_compat.h"
+
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
+#include <netinet/in.h>
+#if defined(__NetBSD__) || defined(__OpenBSD__)
+#include <netinet/in_systm.h>
+#if defined(__OpenBSD__)
+#include <pthread.h>
+#endif
+#endif
+#endif
+
+#ifndef WIN32
+#ifndef __KERNEL__
+
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <netinet/udp.h>
+#else
+#include <linux/ip.h>
+#include <linux/tcp.h>
+#include <linux/udp.h>
+#endif
+#endif
+
+#endif /* __NDPI_UNIX_INCLUDE_FILE__ */
diff --git a/src/include/ndpi_win32.h b/src/include/ndpi_win32.h
new file mode 100644
index 000000000..3b568beb9
--- /dev/null
+++ b/src/include/ndpi_win32.h
@@ -0,0 +1,73 @@
+/*
+ * ndpi_win32.h
+ *
+ * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2009-2011 by ipoque GmbH
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef __NDPI_WIN32_INCLUDE_FILE__
+#define __NDPI_WIN32_INCLUDE_FILE__
+
+#ifdef WIN32
+#include <Winsock2.h> /* winsock.h is included automatically */
+#include <process.h>
+#include <io.h>
+#include <getopt.h> /* getopt from: http://www.pwilson.net/sample.html. */
+#include <process.h> /* for getpid() and the exec..() family */
+
+#ifndef _CRT_SECURE_NO_WARNINGS
+#define _CRT_SECURE_NO_WARNINGS
+#endif
+#define snprintf _snprintf
+
+extern char* strsep(char **stringp, const char *delim);
+
+#define __attribute__(x)
+#include <stdint.h>
+#ifndef __GNUC__
+typedef unsigned char u_char;
+typedef unsigned short u_short;
+typedef unsigned int uint;
+typedef unsigned long u_long;
+#endif
+typedef u_char u_int8_t;
+typedef u_short u_int16_t;
+typedef unsigned int u_int32_t;
+typedef unsigned __int64 u_int64_t;
+
+
+#define pthread_t HANDLE
+#define pthread_mutex_t HANDLE
+#define pthread_rwlock_t pthread_mutex_t
+#define pthread_rwlock_init pthread_mutex_init
+#define pthread_rwlock_wrlock pthread_mutex_lock
+#define pthread_rwlock_rdlock pthread_mutex_lock
+#define pthread_rwlock_unlock pthread_mutex_unlock
+#define pthread_rwlock_destroy pthread_mutex_destroy
+
+#define gmtime_r(a, b) gmtime(a) /* Already thread safe on windows */
+
+extern unsigned long waitForNextEvent(unsigned long ulDelay /* ms */);
+
+#define sleep(a /* sec */) waitForNextEvent(1000*a /* ms */)
+
+#endif /* Win32 */
+
+#endif /* __NDPI_WIN32_INCLUDE_FILE__ */
Powered by cgit, Themed by Ted Yin.