diff options
Diffstat (limited to 'src/lib/protocols/http.c')
| -rw-r--r-- | src/lib/protocols/http.c | 67 |
1 files changed, 45 insertions, 22 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index bc0ca1fc2..eaf2fdce4 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -314,12 +314,17 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd ndpi_search_tcp_or_udp(ndpi_struct, flow); /* If no custom protocol has been detected */ - if((flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) || (http_protocol != NDPI_PROTOCOL_HTTP)) + if((flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + || ((http_protocol != NDPI_PROTOCOL_HTTP) && (http_protocol != NDPI_PROTOCOL_HTTP_CONNECT)) + ) flow->guessed_host_protocol_id = http_protocol; // ndpi_int_reset_protocol(flow); - ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, NDPI_PROTOCOL_HTTP); - + ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, + (flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) ? + flow->detected_protocol_stack[1] : NDPI_PROTOCOL_HTTP + ); + /* This is necessary to inform the core to call this dissector again */ flow->check_extra_packets = 1; flow->max_extra_packets_to_check = 8; @@ -370,7 +375,8 @@ static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndp if(double_col) double_col[0] = '\0'; - if(ndpi_match_hostname_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, + if(ndpi_match_hostname_protocol(ndpi_struct, flow, + flow->detected_protocol_stack[1], flow->host_server_name, strlen(flow->host_server_name)) == 0) { if(flow->http.url && @@ -532,11 +538,25 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ flow->http.url = ndpi_malloc(len); if(flow->http.url) { - strncpy(flow->http.url, (char*)packet->host_line.ptr, packet->host_line.len); - strncpy(&flow->http.url[packet->host_line.len], (char*)packet->http_url_name.ptr, - packet->http_url_name.len); - flow->http.url[len-1] = '\0'; + u_int offset = 0; + if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP_CONNECT) { + strncpy(flow->http.url, (char*)packet->http_url_name.ptr, + packet->http_url_name.len); + + flow->http.url[packet->http_url_name.len] = '\0'; + } else { + /* Check if we pass through a proxy (usually there is also the Via: ... header) */ + if(strncmp((char*)packet->http_url_name.ptr, "http://", 7) != 0) + strncpy(flow->http.url, (char*)packet->host_line.ptr, offset = packet->host_line.len); + + strncpy(&flow->http.url[offset], (char*)packet->http_url_name.ptr, + packet->http_url_name.len); + offset += packet->http_url_name.len; + + flow->http.url[offset] = '\0'; + } + ndpi_check_http_url(ndpi_struct, flow, &flow->http.url[packet->host_line.len]); } @@ -612,8 +632,9 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_PROTOCOL_HTTP); } - if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { - if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) { + if(flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) { + if((flow->detected_protocol_stack[1] != NDPI_PROTOCOL_HTTP) + && (flow->detected_protocol_stack[1] != NDPI_PROTOCOL_HTTP_CONNECT)) { NDPI_LOG_INFO(ndpi_struct, "found HTTP/%s\n", ndpi_get_proto_name(ndpi_struct, flow->detected_protocol_stack[0])); ndpi_int_http_add_connection(ndpi_struct, flow, flow->detected_protocol_stack[0], NDPI_PROTOCOL_CATEGORY_WEB); @@ -691,9 +712,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } if (ndpi_get_http_method(ndpi_struct, flow) != NDPI_HTTP_METHOD_UNKNOWN) - { - ndpi_int_http_add_connection(ndpi_struct, flow, flow->detected_protocol_stack[0], NDPI_PROTOCOL_CATEGORY_WEB); - } + ndpi_int_http_add_connection(ndpi_struct, flow, flow->detected_protocol_stack[0], NDPI_PROTOCOL_CATEGORY_WEB); } /* ************************************************************* */ @@ -1053,14 +1072,13 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if((packet->http_url_name.len > 7) && (!strncasecmp((const char*) packet->http_url_name.ptr, "http://", 7))) { NDPI_LOG_INFO(ndpi_struct, "found HTTP_PROXY\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_PROXY, NDPI_PROTOCOL_CATEGORY_WEB); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_PROXY, flow->detected_protocol_stack[0]); check_content_type_and_change_protocol(ndpi_struct, flow); } if(filename_start == 8 && (strncasecmp((const char *)packet->payload, "CONNECT ", 8) == 0)) { - /* nathan@getoffmalawn.com */ NDPI_LOG_INFO(ndpi_struct, "found HTTP_CONNECT\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_CONNECT, NDPI_PROTOCOL_CATEGORY_WEB); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_CONNECT, flow->detected_protocol_stack[0]); check_content_type_and_change_protocol(ndpi_struct, flow); } @@ -1075,12 +1093,17 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct in 99.99% of the cases is like that. */ - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP, NDPI_PROTOCOL_CATEGORY_WEB); - flow->http_detected = 1; - NDPI_LOG_DBG2(ndpi_struct, - "HTTP START Found, we will look further for the response...\n"); - flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 - check_content_type_and_change_protocol(ndpi_struct, flow); + /* if(!flow->http_detected) */ { + u_int proto = flow->detected_protocol_stack[1] ? flow->detected_protocol_stack[1] : flow->detected_protocol_stack[0]; + + if(proto == NDPI_PROTOCOL_UNKNOWN) proto = NDPI_PROTOCOL_HTTP; + ndpi_int_http_add_connection(ndpi_struct, flow, proto, NDPI_PROTOCOL_CATEGORY_WEB); + flow->http_detected = 1; + NDPI_LOG_DBG2(ndpi_struct, + "HTTP START Found, we will look further for the response...\n"); + flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 + check_content_type_and_change_protocol(ndpi_struct, flow); + } return; } } |