aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols/directconnect.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/protocols/directconnect.c')
-rw-r--r--src/lib/protocols/directconnect.c131
1 files changed, 47 insertions, 84 deletions
diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c
index e712df626..725e53348 100644
--- a/src/lib/protocols/directconnect.c
+++ b/src/lib/protocols/directconnect.c
@@ -23,9 +23,15 @@
*/
-#include "ndpi_protocols.h"
+#include "ndpi_protocol_ids.h"
+
#ifdef NDPI_PROTOCOL_DIRECTCONNECT
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECTCONNECT
+
+#include "ndpi_api.h"
+
+
//#define NDPI_DEBUG_DIRECTCONNECT
//#define NDPI_DIRECTCONNECT_PORT_DEBUG
//#define NDPI_DEBUG_DIRECTCONNECT_CONN
@@ -58,9 +64,7 @@ static u_int16_t parse_binf_message(struct ndpi_detection_module_struct
if (memcmp(&payload[i], "DCTM", 4) == 0) {
if (memcmp(&payload[i + 15], "ADCS", 4) == 0) {
ssl_port = ntohs_ndpi_bytestream_to_number(&payload[i + 25], 5, &bytes_read);
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "directconnect ssl port parsed %d", ssl_port);
-
+ NDPI_LOG_DBG2(ndpi_struct, "DC ssl port parsed %d\n", ssl_port);
}
}
} else {
@@ -89,13 +93,11 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s
if (packet->tcp != NULL
&& flow->setup_packet_direction != packet->packet_direction && src->detected_directconnect_port == 0) {
src->detected_directconnect_port = packet->tcp->source;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "directconnect tcp PORT %u for src\n", ntohs(src->detected_directconnect_port));
+ NDPI_LOG_DBG2(ndpi_struct, "DC tcp PORT %u for src\n", ntohs(src->detected_directconnect_port));
}
if (packet->udp != NULL && src->detected_directconnect_udp_port == 0) {
src->detected_directconnect_udp_port = packet->udp->source;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "directconnect udp PORT %u for src\n", ntohs(src->detected_directconnect_port));
+ NDPI_LOG_DBG2(ndpi_struct, "DC udp PORT %u for src\n", ntohs(src->detected_directconnect_port));
}
}
@@ -113,9 +115,9 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s
/*
dst->detected_directconnect_port = packet->tcp->dest;
- NDPI_LOG (NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "directconnect tcp PORT %u for dst\n",
- ntohs (dst->detected_directconnect_port));
+ NDPI_LOG_DBG2(ndpi_struct,
+ "DC tcp PORT %u for dst\n",
+ ntohs (dst->detected_directconnect_port));
*/
}
}
@@ -148,14 +150,12 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n
if (dst != NULL) {
dst->detected_directconnect_ssl_port =
ntohs_ndpi_bytestream_to_number(&packet->payload[25], 5, &bytes_read);
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "directconnect ssl port parsed %d", ntohs(dst->detected_directconnect_ssl_port));
+ NDPI_LOG_DBG2(ndpi_struct, "DC ssl port parsed %d\n", ntohs(dst->detected_directconnect_ssl_port));
}
if (src != NULL) {
src->detected_directconnect_ssl_port =
ntohs_ndpi_bytestream_to_number(&packet->payload[25], 5, &bytes_read);
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "directconnect ssl port parsed %d", ntohs(src->detected_directconnect_ssl_port));
+ NDPI_LOG_DBG2(ndpi_struct, "DC ssl port parsed %d\n", ntohs(src->detected_directconnect_ssl_port));
}
@@ -168,15 +168,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n
if ((u_int32_t)
(packet->tick_timestamp -
src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) {
- ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN);
src->directconnect_last_safe_access_time = packet->tick_timestamp;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "marking using dc port\n %d", ntohs(src->detected_directconnect_port));
+ NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(src->detected_directconnect_port));
+ ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN);
return;
} else {
src->detected_directconnect_port = 0;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "resetting src port due to timeout");
+ NDPI_LOG_DBG2(ndpi_struct, "resetting src port due to timeout\n");
return;
}
}
@@ -184,15 +182,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n
if ((u_int32_t)
(packet->tick_timestamp -
src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) {
- ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN);
src->directconnect_last_safe_access_time = packet->tick_timestamp;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "marking using dc port\n %d", ntohs(src->detected_directconnect_ssl_port));
+ NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(src->detected_directconnect_ssl_port));
+ ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN);
return;
} else {
src->detected_directconnect_ssl_port = 0;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "resetting src port due to timeout");
+ NDPI_LOG_DBG2(ndpi_struct, "resetting src port due to timeout\n");
return;
}
}
@@ -204,15 +200,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n
if ((u_int32_t)
(packet->tick_timestamp -
dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) {
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN);
dst->directconnect_last_safe_access_time = packet->tick_timestamp;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "marking using dc port\n %d", ntohs(dst->detected_directconnect_port));
+ NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(dst->detected_directconnect_port));
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN);
return;
} else {
dst->detected_directconnect_port = 0;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "resetting dst port due to timeout");
+ NDPI_LOG_DBG(ndpi_struct, "resetting dst port due to timeout\n");
return;
}
}
@@ -220,16 +214,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n
if ((u_int32_t)
(packet->tick_timestamp -
dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) {
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN);
dst->directconnect_last_safe_access_time = packet->tick_timestamp;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "marking using dc port\n %d", ntohs(dst->detected_directconnect_ssl_port));
-
+ NDPI_LOG_DBG(ndpi_struct, "found DC using port %d\n", ntohs(dst->detected_directconnect_ssl_port));
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN);
return;
} else {
dst->detected_directconnect_ssl_port = 0;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "resetting dst port due to timeout");
+ NDPI_LOG_DBG2(ndpi_struct, "resetting dst port due to timeout\n");
return;
}
}
@@ -242,8 +233,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n
if (packet->payload[0] == '$'
&& packet->payload[packet->payload_packet_len - 1] == '|'
&& (memcmp(&packet->payload[1], "Lock ", 5) == 0)) {
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "maybe first dc connect to hub detected\n");
+ NDPI_LOG_DBG2(ndpi_struct, "maybe first dc connect to hub detected\n");
flow->directconnect_stage = 1;
return;
}
@@ -251,8 +241,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n
&& packet->payload[0] == '$'
&& packet->payload[packet->payload_packet_len - 1] == '|'
&& (memcmp(&packet->payload[1], "MyNick ", 7) == 0)) {
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "maybe first dc connect between peers detected\n");
+ NDPI_LOG_DBG2(ndpi_struct, "maybe first dc connect between peers detected\n");
flow->directconnect_stage = 2;
return;
}
@@ -262,15 +251,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n
/* did not see this pattern in any trace */
if (memcmp(&packet->payload[0], "HSUP ADBAS0", 11) == 0
|| memcmp(&packet->payload[0], "HSUP ADBASE", 11) == 0) {
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "found directconnect HSUP ADBAS0 E\n");
+ NDPI_LOG_INFO(ndpi_struct, "found DC HSUP ADBAS0 E\n");
ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_HUB);
return;
/* did not see this pattern in any trace */
} else if (memcmp(&packet->payload[0], "CSUP ADBAS0", 11) == 0 ||
memcmp(&packet->payload[0], "CSUP ADBASE", 11) == 0) {
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "found directconnect CSUP ADBAS0 E\n");
+ NDPI_LOG_INFO(ndpi_struct, "found DC CSUP ADBAS0 E\n");
ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_ADC_PEER);
return;
@@ -283,19 +270,14 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n
/* did not see this pattern in any trace */
if (memcmp(&packet->payload[0], "HSUP ADBAS0", 11) == 0
|| memcmp(&packet->payload[0], "HSUP ADBASE", 11) == 0) {
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "found directconnect HSUP ADBAS E in second packet\n");
+ NDPI_LOG_INFO(ndpi_struct, "found DC HSUP ADBAS E in second packet\n");
ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_HUB);
-
return;
/* did not see this pattern in any trace */
} else if (memcmp(&packet->payload[0], "CSUP ADBAS0", 11) == 0 ||
memcmp(&packet->payload[0], "CSUP ADBASE", 11) == 0) {
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "found directconnect HSUP ADBAS0 E in second packet\n");
+ NDPI_LOG_INFO(ndpi_struct, "found DC HSUP ADBAS0 E in second packet\n");
ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_ADC_PEER);
-
-
return;
}
@@ -304,12 +286,11 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n
if (packet->payload_packet_len > 6) {
if ((packet->payload[0] == '$' || packet->payload[0] == '<')
&& packet->payload[packet->payload_packet_len - 1] == '|') {
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, "second dc detected\n");
+ NDPI_LOG_INFO(ndpi_struct, "found DC second\n");
ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_HUB);
-
return;
} else {
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, "second dc not detected\n");
+ NDPI_LOG_DBG2(ndpi_struct, "second dc not detected\n");
}
}
@@ -317,23 +298,17 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n
/* get client hello answer or server message */
if (packet->payload_packet_len > 6) {
if (packet->payload[0] == '$' && packet->payload[packet->payload_packet_len - 1] == '|') {
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "second dc between peers detected\n");
-
-
+ NDPI_LOG_INFO(ndpi_struct, "found DC between peers\n");
ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_PEER);
-
return;
} else {
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "second dc between peers not detected\n");
+ NDPI_LOG_DBG2(ndpi_struct, "second dc between peers not detected\n");
}
}
}
-
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DIRECTCONNECT);
+ NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
}
@@ -352,15 +327,13 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct
(packet->tick_timestamp -
dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) {
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN);
dst->directconnect_last_safe_access_time = packet->tick_timestamp;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "marking using dc udp port\n %d", ntohs(dst->detected_directconnect_udp_port));
+ NDPI_LOG_INFO(ndpi_struct, "found DC using udp port %d\n", ntohs(dst->detected_directconnect_udp_port));
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN);
return;
} else {
dst->detected_directconnect_udp_port = 0;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "resetting dst udp port due to timeout");
+ NDPI_LOG_DBG2(ndpi_struct, "resetting dst udp port due to timeout\n");
return;
}
}
@@ -380,20 +353,15 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct
if (packet->payload[pos] == '(') {
pos = pos - 44;
if (pos > 2 && memcmp(&packet->payload[pos], "TTH:", 4) == 0) {
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, "dc udp detected\n");
+ NDPI_LOG_INFO(ndpi_struct, "found DC udp\n");
ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_PEER);
return;
}
}
}
flow->directconnect_stage++;
-
- if (flow->directconnect_stage < 3) {
-
-
+ if (flow->directconnect_stage < 3)
return;
- }
-
}
}
@@ -411,7 +379,7 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct
if (packet->payload[pos] == '(') {
pos = pos - 44;
if (pos > 2 && memcmp(&packet->payload[pos], "TTH:", 4) == 0) {
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, "dc udp detected\n");
+ NDPI_LOG_INFO(ndpi_struct, "found DC udp\n");
ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_PEER);
return;
}
@@ -420,15 +388,11 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct
flow->directconnect_stage++;
if (flow->directconnect_stage < 3)
return;
-
}
}
}
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG,
- "excluded at stage %d \n", flow->directconnect_stage);
-
-
+ NDPI_LOG_DBG(ndpi_struct, "excluded DC at stage %d \n", flow->directconnect_stage);
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DIRECTCONNECT);
@@ -442,7 +406,7 @@ void ndpi_search_directconnect(struct ndpi_detection_module_struct
struct ndpi_id_struct *src = flow->src;
struct ndpi_id_struct *dst = flow->dst;
-
+ NDPI_LOG_DBG(ndpi_struct, "search DC\n");
if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_DIRECTCONNECT) {
if (src != NULL && ((u_int32_t)
@@ -458,8 +422,7 @@ void ndpi_search_directconnect(struct ndpi_detection_module_struct
dst->directconnect_last_safe_access_time = packet->tick_timestamp;
} else {
packet->detected_protocol_stack[0] = NDPI_PROTOCOL_UNKNOWN;
- NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct,
- NDPI_LOG_DEBUG, "directconnect: skipping as unknown due to timeout\n");
+ NDPI_LOG_DBG2(ndpi_struct, "skipping as unknown due to timeout\n");
}
return;
}
Powered by cgit, Themed by Ted Yin.