aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_main.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/ndpi_main.c')
-rw-r--r--src/lib/ndpi_main.c92
1 files changed, 57 insertions, 35 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 5fb0b6cd8..5fe7e61af 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -833,6 +833,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
no_master, "IPP",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HEP,
+ no_master,
+ no_master, "HEP",
+ ndpi_build_default_ports(ports_a, 9064, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 9063, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP,
no_master,
no_master, "HTTP",
@@ -1622,7 +1627,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
no_master, "Starcraft",
ndpi_build_default_ports(ports_a, 1119, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */
-
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2,
+ no_master,
+ no_master, "UBNTAC2",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
+ ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */
+
/* calling function for host and content matched protocols */
init_string_based_protocols(ndpi_mod);
@@ -1666,20 +1676,20 @@ static int fill_prefix_v4(prefix_t *p, struct in_addr *a, int b, int mb) {
/* ******************************************* */
-u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin) {
+u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin /* network byte order */) {
prefix_t prefix;
patricia_node_t *node;
- pin->s_addr = ntohl(pin->s_addr); /* Make sure all in network byte order otherwise compares wont work */
+ /* Make sure all in network byte order otherwise compares wont work */
fill_prefix_v4(&prefix, pin, 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits);
node = ndpi_patricia_search_best(ndpi_struct->protocols_ptree, &prefix);
-
+
return(node ? node->value.user_value : NDPI_PROTOCOL_UNKNOWN);
}
/* ******************************************* */
-u_int16_t ndpi_host_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t host) {
+u_int16_t ndpi_host_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t host /* network byte order */) {
struct in_addr pin;
pin.s_addr = host;
@@ -1700,11 +1710,9 @@ u_int8_t ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_packet_struct *packet = &flow->packet;
if(packet->tcp != NULL) {
- if(flow->packet.iph) {
- struct in_addr saddr = { packet->iph->saddr };
- struct in_addr daddr = { packet->iph->daddr };
- if(tor_ptree_match(ndpi_struct, &saddr)
- || tor_ptree_match(ndpi_struct, &daddr)) {
+ if(packet->iph) {
+ if(tor_ptree_match(ndpi_struct, (struct in_addr *)&packet->iph->saddr)
+ || tor_ptree_match(ndpi_struct, (struct in_addr *)&packet->iph->daddr)) {
return(1);
}
}
@@ -1736,7 +1744,7 @@ static void ndpi_init_ptree_ipv4(struct ndpi_detection_module_struct *ndpi_str,
struct in_addr pin;
patricia_node_t *node;
- pin.s_addr = ntohl(host_list[i].network);
+ pin.s_addr = htonl(host_list[i].network);
if((node = add_to_ptree(ptree, AF_INET, &pin, host_list[i].cidr /* bits */)) != NULL)
node->value.user_value = host_list[i].value;
}
@@ -1745,19 +1753,18 @@ static void ndpi_init_ptree_ipv4(struct ndpi_detection_module_struct *ndpi_str,
/* ******************************************* */
static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndpi_struct,
- char *value, int protocol_id) {
-
- patricia_node_t *node;
- struct in_addr pin;
+ char *value, int protocol_id) {
- inet_pton(AF_INET, value, &pin);
- pin.s_addr = ntohl(pin.s_addr);
-
- if((node = add_to_ptree(ndpi_struct->protocols_ptree, AF_INET, &pin, 32)) != NULL) {
- node->value.user_value = protocol_id;
- }
+ patricia_node_t *node;
+ struct in_addr pin;
+
+ inet_pton(AF_INET, value, &pin);
+
+ if((node = add_to_ptree(ndpi_struct->protocols_ptree, AF_INET, &pin, 32)) != NULL) {
+ node->value.user_value = protocol_id;
+ }
- return(0);
+ return(0);
}
#endif
@@ -1891,13 +1898,16 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struc
ndpi_default_ports_tree_node_t node;
if(sport && dport) {
- node.default_port = sport;
+ int low = ndpi_min(sport, dport);
+ int high = ndpi_max(sport, dport);
+
+ node.default_port = low; /* Check server port first */
ret = ndpi_tfind(&node,
(proto == IPPROTO_TCP) ? (void*)&ndpi_struct->tcpRoot : (void*)&ndpi_struct->udpRoot,
ndpi_default_ports_tree_node_t_cmp);
if(ret == NULL) {
- node.default_port = dport;
+ node.default_port = high;
ret = ndpi_tfind(&node,
(proto == IPPROTO_TCP) ? (void*)&ndpi_struct->tcpRoot : (void*)&ndpi_struct->udpRoot,
ndpi_default_ports_tree_node_t_cmp);
@@ -2250,6 +2260,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
/* SIP */
init_sip_dissector(ndpi_struct, &a, detection_bitmask);
+ /* HEP */
+ init_hep_dissector(ndpi_struct, &a, detection_bitmask);
+
/* BITTORRENT */
init_bittorrent_dissector(ndpi_struct, &a, detection_bitmask);
@@ -2622,6 +2635,8 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n
/* MPEGTS */
init_mpegts_dissector(ndpi_struct, &a, detection_bitmask);
+ /* UBNTAC2 */
+ init_ubntac2_dissector(ndpi_struct, &a, detection_bitmask);
/* ----------------------------------------------------------------- */
@@ -3418,23 +3433,30 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
} else
ret.protocol = flow->detected_protocol_stack[0];
-
- if((ret.master_protocol == NDPI_PROTOCOL_UNKNOWN) && flow->packet.iph) {
- struct in_addr pin = { flow->packet.iph->saddr };
-
- if((ret.master_protocol = ndpi_network_ptree_match(ndpi_struct, &pin)) == NDPI_PROTOCOL_UNKNOWN) {
- pin.s_addr = flow->packet.iph->daddr;
- ret.master_protocol = ndpi_network_ptree_match(ndpi_struct, &pin);
+ if((ret.protocol == NDPI_PROTOCOL_UNKNOWN)
+ && flow->packet.iph
+ && (!flow->host_already_guessed)) {
+
+ if((flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) {
+ flow->guessed_host_proto_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr);
}
+
+ flow->host_already_guessed = 1;
+ }
+
+#if 0
- /* Swap proocols in case of success */
+ /* Swap protocols in case of success */
if(ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) {
u_int16_t t = ret.master_protocol;
ret.master_protocol = ret.protocol;
ret.protocol = t;
}
- }
+#endif
+
+ if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN))
+ ret.protocol = flow->guessed_host_proto_id;
return(ret);
}
@@ -4239,11 +4261,11 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct
return(ret);
check_guessed_skype:
- addr.s_addr = shost;
+ addr.s_addr = htonl(shost);
if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE) {
ret.protocol = NDPI_PROTOCOL_SKYPE;
} else {
- addr.s_addr = dhost;
+ addr.s_addr = htonl(dhost);
if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE)
ret.protocol = NDPI_PROTOCOL_SKYPE;
}
Powered by cgit, Themed by Ted Yin.