diff options
Diffstat (limited to 'src/lib/protocols/bittorrent.c')
| -rw-r--r-- | src/lib/protocols/bittorrent.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index fd8ab20c0..2b5fcfffd 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -378,6 +378,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st { struct ndpi_packet_struct *packet = &flow->packet; int no_bittorrent = 0; + char *bt_proto = NULL; /* This is broadcast */ if(packet->iph @@ -412,7 +413,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st if(packet->payload_packet_len >= 23 /* min header size */) { if(strncmp((const char*)packet->payload, bt_search, strlen(bt_search)) == 0) { ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION/* , */ + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION /* , */ /* NDPI_REAL_PROTOCOL */); return; } else { @@ -431,12 +432,14 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st && (packet->payload[3]== 0x0) && (packet->payload[4]== 0x0)) { /* Heuristic */ + bt_proto = ndpi_strnstr((const char *)&packet->payload[20], "BitTorrent protocol", packet->payload_packet_len-20); goto bittorrent_found; } else if(((v1_version & 0x0f) == 1) && ((v1_version >> 4) < 5 /* ST_NUM_STATES */) && (v1_extension < 3 /* EXT_NUM_EXT */) && (v1_window_size < 32768 /* 32k */) ) { + bt_proto = ndpi_strnstr((const char *)&packet->payload[20], "BitTorrent protocol", packet->payload_packet_len-20); goto bittorrent_found; } else if((v0_flags < 6 /* ST_NUM_STATES */) && (v0_extension < 3 /* EXT_NUM_EXT */)) { @@ -446,6 +449,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st now = (u_int32_t)time(NULL); if((ts < (now+86400)) && (ts > (now-86400))) { + bt_proto = ndpi_strnstr((const char *)&packet->payload[20], "BitTorrent protocol", packet->payload_packet_len-20); goto bittorrent_found; } } @@ -455,16 +459,19 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st flow->bittorrent_stage++; if(flow->bittorrent_stage < 10) { - if(packet->payload_packet_len > 19 /* min size */) { + if(packet->payload_packet_len > 19 /* min size */) { if(ndpi_strnstr((const char *)packet->payload, ":target20:", packet->payload_packet_len) || ndpi_strnstr((const char *)packet->payload, ":find_node1:", packet->payload_packet_len) || ndpi_strnstr((const char *)packet->payload, "d1:ad2:id20:", packet->payload_packet_len) || ndpi_strnstr((const char *)packet->payload, ":info_hash20:", packet->payload_packet_len) || ndpi_strnstr((const char *)packet->payload, ":filter64", packet->payload_packet_len) || ndpi_strnstr((const char *)packet->payload, "d1:rd2:id20:", packet->payload_packet_len) - || ndpi_strnstr((const char *)packet->payload, "BitTorrent protocol", packet->payload_packet_len) - ) { + || (bt_proto = ndpi_strnstr((const char *)packet->payload, "BitTorrent protocol", packet->payload_packet_len)) + ) { bittorrent_found: + if(bt_proto && (packet->payload_packet_len > 47)) + memcpy(flow->bittorent_hash, &bt_proto[27], 20); + NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, |