diff options
Diffstat (limited to 'src/lib/protocols/dofus.c')
| -rw-r--r-- | src/lib/protocols/dofus.c | 97 |
1 files changed, 6 insertions, 91 deletions
diff --git a/src/lib/protocols/dofus.c b/src/lib/protocols/dofus.c index 109a5d5a6..d87763d88 100644 --- a/src/lib/protocols/dofus.c +++ b/src/lib/protocols/dofus.c @@ -41,102 +41,17 @@ static void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_DBG(ndpi_struct, "search dofus\n"); - /* Dofus v 1.x.x */ - if (packet->payload_packet_len == 13 && get_u_int16_t(packet->payload, 1) == ntohs(0x0508) - && get_u_int16_t(packet->payload, 5) == ntohs(0x04a0) - && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == ntohs(0x0194)) { - ndpi_dofus_add_connection(ndpi_struct, flow); - return; - } - if (flow->l4.tcp.dofus_stage == 0) { - if (packet->payload_packet_len == 3 && memcmp(packet->payload, "HG", 2) == 0 - && packet->payload[packet->payload_packet_len - 1] == 0) - goto maybe_dofus; - - if (packet->payload_packet_len == 12 && memcmp(packet->payload, "Af", 2) == 0 - && packet->payload[packet->payload_packet_len - 1] == 0) - goto maybe_dofus; - - if (packet->payload_packet_len == 35 && memcmp(packet->payload, "HC", 2) == 0 - && packet->payload[packet->payload_packet_len - 1] == 0) - goto maybe_dofus; - - if (packet->payload_packet_len > 2 && packet->payload[0] == 'A' - && (packet->payload[1] == 'x' || packet->payload[1] == 'X') - && packet->payload[packet->payload_packet_len - 1] == 0) - goto maybe_dofus; - - if (packet->payload_packet_len > 2 && memcmp(packet->payload, "Ad", 2) - && packet->payload[packet->payload_packet_len - 1] == 0) - goto maybe_dofus; - - } - if (flow->l4.tcp.dofus_stage == 1) { - if (packet->payload_packet_len == 11 && memcmp(packet->payload, "AT", 2) == 0 - && packet->payload[10] == 0x00) { - ndpi_dofus_add_connection(ndpi_struct, flow); - return; - } - if (packet->payload_packet_len == 5 - && packet->payload[0] == 'A' && packet->payload[4] == 0x00 - && (packet->payload[1] == 'T' || packet->payload[1] == 'k')) { + /* Dofus 3 */ + if(ntohs(flow->c_port) == 5555 || ntohs(flow->s_port) == 5555) { + if(packet->payload_packet_len > 3 && + packet->payload[0] + 1 == packet->payload_packet_len && + packet->payload[1] == 0x0a && + packet->payload[2] + 2 == packet->payload[0]) { ndpi_dofus_add_connection(ndpi_struct, flow); - return; } } - /* end Dofus 1.x.x */ - - /* Dofus 2.0 */ - if ((packet->payload_packet_len == 11 || packet->payload_packet_len == 13 || packet->payload_packet_len == 49) - && get_u_int32_t(packet->payload, 0) == ntohl(0x00050800) - && get_u_int16_t(packet->payload, 4) == ntohs(0x0005) - && get_u_int16_t(packet->payload, 8) == ntohs(0x0005) - && packet->payload[10] == 0x18) { - if (packet->payload_packet_len == 13 - && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) != ntohs(0x0194)) { - goto exclude; - } - if (packet->payload_packet_len == 49 && ntohs(get_u_int16_t(packet->payload, 15)) + 17 != packet->payload_packet_len) { - goto exclude; - } - ndpi_dofus_add_connection(ndpi_struct, flow); - return; - } - if (packet->payload_packet_len >= 41 && get_u_int16_t(packet->payload, 0) == ntohs(0x01b9) && packet->payload[2] == 0x26) { - u_int16_t len, len2; - len = ntohs(get_u_int16_t(packet->payload, 3)); - if ((len + 5 + 2) > packet->payload_packet_len) - goto exclude; - len2 = ntohs(get_u_int16_t(packet->payload, 5 + len)); - if (5 + len + 2 + len2 == packet->payload_packet_len) { - ndpi_dofus_add_connection(ndpi_struct, flow); - return; - } - } - if (packet->payload_packet_len == 56 - && memcmp(packet->payload, "\x00\x11\x35\x02\x03\x00\x93\x96\x01\x00", 10) == 0) { - u_int16_t len, len2; - len = ntohs(get_u_int16_t(packet->payload, 10)); - if ((len + 12 + 2) > packet->payload_packet_len) - goto exclude; - len2 = ntohs(get_u_int16_t(packet->payload, 12 + len)); - if ((12 + len + 2 + len2 + 1) > packet->payload_packet_len) - goto exclude; - if (12 + len + 2 + len2 + 1 == packet->payload_packet_len && packet->payload[12 + len + 2 + len2] == 0x01) { - ndpi_dofus_add_connection(ndpi_struct, flow); - return; - } - } -exclude: NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); - return; - -maybe_dofus: - flow->l4.tcp.dofus_stage = 1; - NDPI_LOG_DBG2(ndpi_struct, "maybe dofus\n"); - return; - } void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct) |