diff options
Diffstat (limited to 'src/lib/protocols/postgres.c')
| -rw-r--r-- | src/lib/protocols/postgres.c | 47 |
1 files changed, 26 insertions, 21 deletions
diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c index fbefd44b5..a55f0ad45 100644 --- a/src/lib/protocols/postgres.c +++ b/src/lib/protocols/postgres.c @@ -40,7 +40,6 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; - u_int16_t size; if (flow->l4.tcp.postgres_stage == 0) { //SSL @@ -60,6 +59,16 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct flow->l4.tcp.postgres_stage = 3 + packet->packet_direction; return; } + //GSS + if (packet->payload_packet_len > 7 && + packet->payload[4] == 0x04 && + packet->payload[5] == 0xd2 && + packet->payload[6] == 0x16 && + packet->payload[7] == 0x30 && + ntohl(get_u_int32_t(packet->payload, 0)) == packet->payload_packet_len) { + flow->l4.tcp.postgres_stage = 5 + packet->packet_direction; + return; + } } else { if (flow->l4.tcp.postgres_stage == 2 - packet->packet_direction) { //SSL accepted @@ -76,7 +85,7 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct } } //no SSL - if (flow->l4.tcp.postgres_stage == 4 - packet->packet_direction) + if (flow->l4.tcp.postgres_stage == 4 - packet->packet_direction) { if (packet->payload_packet_len > 8 && ntohl(get_u_int32_t(packet->payload, 5)) < 10 && ntohl(get_u_int32_t(packet->payload, 1)) == (uint32_t)packet->payload_packet_len - 1 && packet->payload[0] == 0x52) { @@ -84,29 +93,25 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } - if (flow->l4.tcp.postgres_stage == 6 - && ntohl(get_u_int32_t(packet->payload, 1)) == (uint32_t)packet->payload_packet_len - 1 && packet->payload[0] == 'p') { - NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); - ndpi_int_postgres_add_connection(ndpi_struct, flow); - return; - } - if (flow->l4.tcp.postgres_stage == 5 && packet->payload[0] == 'R') { - if (ntohl(get_u_int32_t(packet->payload, 1)) == (uint32_t)packet->payload_packet_len - 1) { - NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); + if (packet->payload_packet_len > 8 && + ntohl(get_u_int32_t(packet->payload, 5)) == 0 && + ntohl(get_u_int32_t(packet->payload, 1)) == 8 && packet->payload[0] == 0x52) { + NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, no SSL, auth succ, multiple msg\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } - size = (u_int16_t)ntohl(get_u_int32_t(packet->payload, 1)) + 1; - if (size > 0 && size - 1 < packet->payload_packet_len && packet->payload[size - 1] == 'S') { - if ((size + get_u_int32_t(packet->payload, (size + 1))) == packet->payload_packet_len) { - NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); - ndpi_int_postgres_add_connection(ndpi_struct, flow); - return; - } + } + //GSS + if (flow->l4.tcp.postgres_stage == 6 - packet->packet_direction) { + //GSS accepted + if (packet->payload_packet_len == 1 && packet->payload[0] == 'G') { + NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, GSS accepted\n"); + ndpi_int_postgres_add_connection(ndpi_struct, flow); + return; } - size += get_u_int32_t(packet->payload, (size + 1)) + 1; - if (size > 0 && size - 1 < packet->payload_packet_len && packet->payload[size - 1] == 'S') { - NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); + //GSS denied + if (packet->payload_packet_len == 1 && packet->payload[0] == 'N') { + NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, GSS denied\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } |