diff options
Diffstat (limited to 'src/lib/ndpi_main.c')
| -rw-r--r-- | src/lib/ndpi_main.c | 238 |
1 files changed, 104 insertions, 134 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 16a956d4f..23977334e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -29,8 +29,6 @@ #include "ndpi_api.h" #include "../../config.h" -// #define DEBUG - #include <time.h> #ifndef WIN32 #include <unistd.h> @@ -40,13 +38,6 @@ #include "third_party/include/ndpi_patricia.h" #include "third_party/src/ndpi_patricia.c" -#ifdef WIN32 -/* http://social.msdn.microsoft.com/Forums/uk/vcgeneral/thread/963aac07-da1a-4612-be4a-faac3f1d65ca */ -#ifndef strtok_r -#define strtok_r(a,b,c) strtok(a,b) -#endif -#endif - /* ftp://ftp.cc.uoc.gr/mirrors/OpenBSD/src/lib/libc/stdlib/tsearch.c */ /* find or insert datum into search tree */ void * @@ -344,19 +335,6 @@ char *ndpi_strdup(const char *s) { return(m); } -/* ****************************************** */ - -u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void) -{ - return sizeof(struct ndpi_flow_struct); -} - -/* ****************************************** */ - -u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void) -{ - return sizeof(struct ndpi_id_struct); -} /* ******************************************************************** */ @@ -439,15 +417,6 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, if(udpDefPorts[j].port_low != 0) addDefaultPort(&udpDefPorts[j], &ndpi_mod->proto_defaults[protoId], &ndpi_mod->udpRoot); if(tcpDefPorts[j].port_low != 0) addDefaultPort(&tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], &ndpi_mod->tcpRoot); } - -#if 0 - printf("%s(%d, %s, %p) [%s]\n", - __FUNCTION__, - protoId, - ndpi_mod->proto_defaults[protoId].protoName, - ndpi_mod, - ndpi_mod->proto_defaults[1].protoName); -#endif } /* ******************************************************************** */ @@ -2547,8 +2516,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n * nxt_hdr: protocol of the actual payload * returns 0 upon success and 1 upon failure */ -static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_struct, - const u_int8_t ** l4ptr, u_int16_t * l4len, u_int8_t * nxt_hdr) +static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struct *ndpi_struct, const u_int8_t ** l4ptr, u_int16_t * l4len, u_int8_t * nxt_hdr) { while ((*nxt_hdr == 0 || *nxt_hdr == 43 || *nxt_hdr == 44 || *nxt_hdr == 60 || *nxt_hdr == 135 || *nxt_hdr == 59)) { u_int16_t ehdr_len; @@ -2652,10 +2620,10 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru l4protocol = iph->protocol; } #ifdef NDPI_DETECTION_SUPPORT_IPV6 - else if(iph_v6 != NULL && (l3_len - sizeof(struct ndpi_ipv6hdr)) >= ntohs(iph_v6->payload_len)) { + else if(iph_v6 != NULL && (l3_len - sizeof(struct ndpi_ipv6hdr)) >= ntohs(iph_v6->ip6_ctlun.ip6_un1.ip6_un1_plen)) { l4ptr = (((const u_int8_t *) iph_v6) + sizeof(struct ndpi_ipv6hdr)); - l4len = ntohs(iph_v6->payload_len); - l4protocol = iph_v6->nexthdr; + l4len = ntohs(iph_v6->ip6_ctlun.ip6_un1.ip6_un1_plen); + l4protocol = iph_v6->ip6_ctlun.ip6_un1.ip6_un1_nxt; // we need to handle IPv6 extension headers if present if(ndpi_handle_ipv6_extension_headers(ndpi_struct, &l4ptr, &l4len, &l4protocol) != 0) { @@ -2683,11 +2651,6 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru return 0; } -#if !defined(WIN32) -#define ATTRIBUTE_ALWAYS_INLINE static inline -#else -__forceinline static -#endif void ndpi_apply_flow_protocol_to_packet(struct ndpi_flow_struct *flow, struct ndpi_packet_struct *packet) { @@ -2813,12 +2776,6 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str return 0; } - -#if !defined(WIN32) -static inline -#else -__forceinline static -#endif void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -2831,9 +2788,6 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_tcphdr *tcph = packet->tcp; const struct ndpi_udphdr *udph = flow->packet.udp; - //struct ndpi_unique_flow_struct unique_flow; - //uint8_t new_connection; - u_int8_t proxy_enabled = 0; packet->tcp_retransmission = 0, packet->packet_direction = 0; @@ -2845,7 +2799,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, packet->packet_direction = 1; #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->saddr, &iphv6->daddr) != 0) + if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->ip6_src, &iphv6->ip6_dst) != 0) packet->packet_direction = 1; #endif } @@ -3196,7 +3150,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct #ifdef NDPI_DETECTION_SUPPORT_IPV6 if(flow->packet.iphv6 != NULL) { - protocol = flow->packet.iphv6->nexthdr, saddr = 0, daddr = 0; + protocol = flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt, saddr = 0, daddr = 0; } else #endif { @@ -3217,16 +3171,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct goto ret_protocols; } } - -#if 0 - a = flow->detected_protocol_stack[0]; - if(a != NDPI_PROTOCOL_UNKNOWN) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_TRACE, "PROCESS KNOWN PROTOCOL\n"); - ndpi_struct->proto_defaults[a].func(ndpi_struct, flow); - return a; - } -#endif - + check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet); a = flow->packet.detected_protocol_stack[0]; @@ -3262,18 +3207,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct flow->host_already_guessed = 1; } -#if 0 - /* Swap protocols in case of success */ - if(ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) { - u_int16_t t = ret.master_protocol; - - ret.master_protocol = ret.protocol; - ret.protocol = t; - } -#endif - - if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN)) - ret.protocol = flow->guessed_host_proto_id; + if((ret.protocol == NDPI_PROTOCOL_UNKNOWN) && (ret.master_protocol != NDPI_PROTOCOL_UNKNOWN)) + ret.protocol = flow->guessed_host_proto_id; return(ret); } @@ -3885,39 +3820,50 @@ int NDPI_PROTOCOL_IP_is_set(const ndpi_ip_addr_t * ip) /* NTOP */ int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip) { + #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if(packet->iphv6 != NULL) { - if(packet->iphv6->saddr.ndpi_v6_u.u6_addr64[0] == ip->ipv6.ndpi_v6_u.u6_addr64[0] && - packet->iphv6->saddr.ndpi_v6_u.u6_addr64[1] == ip->ipv6.ndpi_v6_u.u6_addr64[1]) { + /* IPv6 */ + if(packet->iphv6 != NULL) { + + if(packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ip->ipv6.u6_addr.u6_addr32[0] && + packet->iphv6->ip6_src.u6_addr.u6_addr32[1] == ip->ipv6.u6_addr.u6_addr32[1] && + packet->iphv6->ip6_src.u6_addr.u6_addr32[2] == ip->ipv6.u6_addr.u6_addr32[2] && + packet->iphv6->ip6_src.u6_addr.u6_addr32[3] == ip->ipv6.u6_addr.u6_addr32[3]) return 1; - } else { - return 0; - } + //else + return 0; } #endif - if(packet->iph->saddr == ip->ipv4) { + + /* IPv4 */ + if(packet->iph->saddr == ip->ipv4) return 1; - } return 0; } /* check if the destination ip address in packet and ip are equal */ int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip) { + #ifdef NDPI_DETECTION_SUPPORT_IPV6 + + /* IPv6 */ if(packet->iphv6 != NULL) { - if(packet->iphv6->daddr.ndpi_v6_u.u6_addr64[0] == ip->ipv6.ndpi_v6_u.u6_addr64[0] && - packet->iphv6->daddr.ndpi_v6_u.u6_addr64[1] == ip->ipv6.ndpi_v6_u.u6_addr64[1]) { + + if(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ip->ipv6.u6_addr.u6_addr32[0] && + packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] == ip->ipv6.u6_addr.u6_addr32[1] && + packet->iphv6->ip6_dst.u6_addr.u6_addr32[2] == ip->ipv6.u6_addr.u6_addr32[2] && + packet->iphv6->ip6_dst.u6_addr.u6_addr32[3] == ip->ipv6.u6_addr.u6_addr32[3]) return 1; - } else { - return 0; - } + //else + return 0; } #endif - if(packet->iph->daddr == ip->ipv4) { + + /* IPv4 */ + if(packet->iph->saddr == ip->ipv4) return 1; - } return 0; } @@ -3926,12 +3872,21 @@ int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_i void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip) { NDPI_PROTOCOL_IP_clear(ip); + #ifdef NDPI_DETECTION_SUPPORT_IPV6 + + /* IPv6 */ if(packet->iphv6 != NULL) { - ip->ipv6.ndpi_v6_u.u6_addr64[0] = packet->iphv6->saddr.ndpi_v6_u.u6_addr64[0]; - ip->ipv6.ndpi_v6_u.u6_addr64[1] = packet->iphv6->saddr.ndpi_v6_u.u6_addr64[1]; + + ip->ipv6.u6_addr.u6_addr32[0] = packet->iphv6->ip6_src.u6_addr.u6_addr32[0]; + ip->ipv6.u6_addr.u6_addr32[1] = packet->iphv6->ip6_src.u6_addr.u6_addr32[1]; + ip->ipv6.u6_addr.u6_addr32[2] = packet->iphv6->ip6_src.u6_addr.u6_addr32[2]; + ip->ipv6.u6_addr.u6_addr32[3] = packet->iphv6->ip6_src.u6_addr.u6_addr32[3]; + } else #endif + + /* IPv4 */ ip->ipv4 = packet->iph->saddr; } @@ -3940,12 +3895,20 @@ void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_add void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip) { NDPI_PROTOCOL_IP_clear(ip); + #ifdef NDPI_DETECTION_SUPPORT_IPV6 + if(packet->iphv6 != NULL) { - ip->ipv6.ndpi_v6_u.u6_addr64[0] = packet->iphv6->daddr.ndpi_v6_u.u6_addr64[0]; - ip->ipv6.ndpi_v6_u.u6_addr64[1] = packet->iphv6->daddr.ndpi_v6_u.u6_addr64[1]; + + ip->ipv6.u6_addr.u6_addr32[0] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[0]; + ip->ipv6.u6_addr.u6_addr32[1] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[1]; + ip->ipv6.u6_addr.u6_addr32[2] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[2]; + ip->ipv6.u6_addr.u6_addr32[3] = packet->iphv6->ip6_dst.u6_addr.u6_addr32[3]; + } else + #endif + ip->ipv4 = packet->iph->daddr; } @@ -3959,15 +3922,22 @@ char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const u_int8_t *a = (const u_int8_t *) &ip->ipv4; #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if(ip->ipv6.ndpi_v6_u.u6_addr32[1] != 0 || ip->ipv6.ndpi_v6_u.u6_addr64[1] != 0) { - const u_int16_t *b = ip->ipv6.ndpi_v6_u.u6_addr16; + if(ip->ipv6.u6_addr.u6_addr32[0] != 0 || + ip->ipv6.u6_addr.u6_addr32[1] != 0 || + ip->ipv6.u6_addr.u6_addr32[1] != 0 || + ip->ipv6.u6_addr.u6_addr32[1] != 0) { + + const u_int16_t *b = ip->ipv6.u6_addr.u6_addr16; snprintf(ndpi_struct->ip_string, 32, "%x:%x:%x:%x:%x:%x:%x:%x", ntohs(b[0]), ntohs(b[1]), ntohs(b[2]), ntohs(b[3]), ntohs(b[4]), ntohs(b[5]), ntohs(b[6]), ntohs(b[7])); + return ndpi_struct->ip_string; } #endif + snprintf(ndpi_struct->ip_string, 32, "%u.%u.%u.%u", a[0], a[1], a[2], a[3]); + return ndpi_struct->ip_string; } @@ -4383,44 +4353,44 @@ void NDPI_DUMP_BITMASK(NDPI_PROTOCOL_BITMASK a) { } -#ifdef WIN32 -/* http://www.opensource.apple.com/source/xnu/xnu-1456.1.26/bsd/libkern/strsep.c */ - -/* - * Get next token from string *stringp, where tokens are possibly-empty - * strings separated by characters from delim. - * - * Writes NULs into the string at *stringp to end tokens. - * delim need not remain constant from call to call. - * On return, *stringp points past the last NUL written (if there might - * be further tokens), or is NULL (if there are definitely no more tokens). - * - * If *stringp is NULL, strsep returns NULL. - */ -char* strsep(char **stringp, const char *delim) { - char *s; - const char *spanp; - int c, sc; - char *tok; - - if((s = *stringp) == NULL) - return (NULL); - for(tok = s;;) { - c = *s++; - spanp = delim; - do { - if((sc = *spanp++) == c) { - if(c == 0) - s = NULL; - else - s[-1] = 0; - *stringp = s; - return (tok); - } - } while (sc != 0); - } - /* NOTREACHED */ -} -#endif +/* #ifdef WIN32 */ +/* /\* http://www.opensource.apple.com/source/xnu/xnu-1456.1.26/bsd/libkern/strsep.c *\/ */ + +/* /\* */ +/* * Get next token from string *stringp, where tokens are possibly-empty */ +/* * strings separated by characters from delim. */ +/* * */ +/* * Writes NULs into the string at *stringp to end tokens. */ +/* * delim need not remain constant from call to call. */ +/* * On return, *stringp points past the last NUL written (if there might */ +/* * be further tokens), or is NULL (if there are definitely no more tokens). */ +/* * */ +/* * If *stringp is NULL, strsep returns NULL. */ +/* *\/ */ +/* char* strsep(char **stringp, const char *delim) { */ +/* char *s; */ +/* const char *spanp; */ +/* int c, sc; */ +/* char *tok; */ + +/* if((s = *stringp) == NULL) */ +/* return (NULL); */ +/* for(tok = s;;) { */ +/* c = *s++; */ +/* spanp = delim; */ +/* do { */ +/* if((sc = *spanp++) == c) { */ +/* if(c == 0) */ +/* s = NULL; */ +/* else */ +/* s[-1] = 0; */ +/* *stringp = s; */ +/* return (tok); */ +/* } */ +/* } while (sc != 0); */ +/* } */ +/* /\* NOTREACHED *\/ */ +/* } */ +/* #endif */ |