aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/protocols')
-rw-r--r--src/lib/protocols/dcerpc.c19
-rw-r--r--src/lib/protocols/hep.c68
-rw-r--r--src/lib/protocols/kakaotalk_voice.c2
-rw-r--r--src/lib/protocols/mail_smtp.c8
-rw-r--r--src/lib/protocols/skype.c4
-rw-r--r--src/lib/protocols/steam.c1
-rw-r--r--src/lib/protocols/tcp_udp.c4
-rw-r--r--src/lib/protocols/ubntac2.c63
8 files changed, 152 insertions, 17 deletions
diff --git a/src/lib/protocols/dcerpc.c b/src/lib/protocols/dcerpc.c
index 2537afd56..ec96d1287 100644
--- a/src/lib/protocols/dcerpc.c
+++ b/src/lib/protocols/dcerpc.c
@@ -18,7 +18,7 @@
*
* You should have received a copy of the GNU Lesser General Public License
* along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
+ *
*/
@@ -35,20 +35,23 @@ static void ndpi_int_dcerpc_add_connection(struct ndpi_detection_module_struct
void ndpi_search_dcerpc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
-
- if((packet->tcp != NULL)
- && (packet->payload_packet_len > 64)
- && ((ntohs(packet->tcp->source) == 135) || (ntohs(packet->tcp->dest) == 135))
+ u_int16_t len_packet = (packet->payload[9]<<8) | packet->payload[8];
+
+ if((packet->tcp != NULL)
+ && (packet->payload_packet_len >= 64)
&& (packet->payload[0] == 0x05) /* version 5 */
&& (packet->payload[2] < 16) /* Packet type */
- ) {
- NDPI_LOG(NDPI_PROTOCOL_DCERPC, ndpi_struct, NDPI_LOG_DEBUG, "DCERPC match\n");
+ && (len_packet == packet->payload_packet_len) /* Packet Length */
+ ) {
+ NDPI_LOG(NDPI_PROTOCOL_DCERPC, ndpi_struct, NDPI_LOG_DEBUG, "DCERPC match\n");
ndpi_int_dcerpc_add_connection(ndpi_struct, flow);
return;
}
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DCERPC);
+ if(packet->payload_packet_len>1){
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DCERPC);
+ }
}
diff --git a/src/lib/protocols/hep.c b/src/lib/protocols/hep.c
new file mode 100644
index 000000000..516e430e7
--- /dev/null
+++ b/src/lib/protocols/hep.c
@@ -0,0 +1,68 @@
+/*
+ * hep.c
+ *
+ * Copyright (C) 2009-2011 by ipoque GmbH
+ * Copyright (C) 2011-15 - ntop.org
+ * Copyright (C) 2011-15 - QXIP BV
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#include "ndpi_protocols.h"
+#ifdef NDPI_PROTOCOL_HEP
+
+static void ndpi_int_hep_add_connection(struct ndpi_detection_module_struct
+ *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HEP, NDPI_PROTOCOL_UNKNOWN);
+}
+
+void ndpi_search_hep(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ const u_int8_t *packet_payload = packet->payload;
+ u_int32_t payload_len = packet->payload_packet_len;
+
+ NDPI_LOG(NDPI_PROTOCOL_HEP, ndpi_struct, NDPI_LOG_DEBUG, "searching for HEP.\n");
+ if (payload_len > 10) {
+ if (memcmp(packet_payload, "HEP3", 4) == 0) {
+ NDPI_LOG(NDPI_PROTOCOL_HEP, ndpi_struct, NDPI_LOG_DEBUG, "found HEP3.\n");
+ ndpi_int_hep_add_connection(ndpi_struct, flow);
+ return;
+ }
+ }
+
+ NDPI_LOG(NDPI_PROTOCOL_HEP, ndpi_struct, NDPI_LOG_DEBUG, "exclude HEP.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HEP);
+}
+
+
+void init_hep_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("HEP", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_HEP,
+ ndpi_search_hep,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+
+ *id += 1;
+}
+
+#endif
diff --git a/src/lib/protocols/kakaotalk_voice.c b/src/lib/protocols/kakaotalk_voice.c
index 38596e41d..daa97cc36 100644
--- a/src/lib/protocols/kakaotalk_voice.c
+++ b/src/lib/protocols/kakaotalk_voice.c
@@ -56,7 +56,7 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struc
}
}
- NDPI_LOG(NDPI_PROTOCOL_KAKAOTALK_VOICE, ndpi_struct, NDPI_LOG_DEBUG, "Exclude kakaotalk_voice.\n");
+ NDPI_LOG(NDPI_SERVICE_KAKAOTALK_VOICE, ndpi_struct, NDPI_LOG_DEBUG, "Exclude kakaotalk_voice.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_SERVICE_KAKAOTALK_VOICE);
}
diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c
index 37846930e..422ed0dc2 100644
--- a/src/lib/protocols/mail_smtp.c
+++ b/src/lib/protocols/mail_smtp.c
@@ -117,10 +117,10 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct
&& (packet->line[a].ptr[1] == 'T' || packet->line[a].ptr[1] == 't')
&& (packet->line[a].ptr[2] == 'A' || packet->line[a].ptr[2] == 'a')
&& (packet->line[a].ptr[3] == 'R' || packet->line[a].ptr[3] == 'r')
- && (packet->line[a].ptr[4] == 'T' || packet->line[a].ptr[0] == 't')
- && (packet->line[a].ptr[5] == 'T' || packet->line[a].ptr[1] == 't')
- && (packet->line[a].ptr[6] == 'L' || packet->line[a].ptr[2] == 'l')
- && (packet->line[a].ptr[7] == 'S' || packet->line[a].ptr[3] == 's')) {
+ && (packet->line[a].ptr[4] == 'T' || packet->line[a].ptr[4] == 't')
+ && (packet->line[a].ptr[5] == 'T' || packet->line[a].ptr[5] == 't')
+ && (packet->line[a].ptr[6] == 'L' || packet->line[a].ptr[6] == 'l')
+ && (packet->line[a].ptr[7] == 'S' || packet->line[a].ptr[7] == 's')) {
flow->l4.tcp.smtp_command_bitmask |= SMTP_BIT_STARTTLS;
}
}
diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c
index 7f201569c..e3bd00332 100644
--- a/src/lib/protocols/skype.c
+++ b/src/lib/protocols/skype.c
@@ -40,8 +40,8 @@ u_int8_t is_skype_flow(struct ndpi_detection_module_struct *ndpi_struct,
Skype connections are identified by some SSL-like communications
without SSL certificate being exchanged
*/
- if(is_skype_host(ndpi_struct, ntohl(packet->iph->saddr))
- || is_skype_host(ndpi_struct, ntohl(packet->iph->daddr))) {
+ if(is_skype_host(ndpi_struct, packet->iph->saddr)
+ || is_skype_host(ndpi_struct, packet->iph->daddr)) {
return(1);
}
}
diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c
index fe7b9d161..7ed0eae29 100644
--- a/src/lib/protocols/steam.c
+++ b/src/lib/protocols/steam.c
@@ -34,6 +34,7 @@ static void ndpi_int_steam_add_connection(struct ndpi_detection_module_struct *n
static void ndpi_check_steam_http(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
+ NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet);
if (packet->user_agent_line.ptr != NULL
&& packet->user_agent_line.len >= 23
&& memcmp(packet->user_agent_line.ptr, "Valve/Steam HTTP Client", 23) == 0) {
diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c
index 1eb9c8773..7ca276dca 100644
--- a/src/lib/protocols/tcp_udp.c
+++ b/src/lib/protocols/tcp_udp.c
@@ -37,9 +37,9 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc
}
}
- if((rc = ndpi_host_ptree_match(ndpi_struct, saddr)) != NDPI_PROTOCOL_UNKNOWN) return(rc);
+ if((rc = ndpi_host_ptree_match(ndpi_struct, htonl(saddr))) != NDPI_PROTOCOL_UNKNOWN) return(rc);
- return(ndpi_host_ptree_match(ndpi_struct, daddr));
+ return(ndpi_host_ptree_match(ndpi_struct, htonl(daddr)));
}
void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c
new file mode 100644
index 000000000..7763c18d1
--- /dev/null
+++ b/src/lib/protocols/ubntac2.c
@@ -0,0 +1,63 @@
+/*
+ * ubntac2.c
+ *
+ * Copyright (C) 2015 Thomas Fjellstrom
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_UBNTAC2
+
+static void ndpi_int_ubntac2_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UBNTAC2, NDPI_PROTOCOL_UNKNOWN);
+}
+
+
+void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+
+ NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_TRACE, "UBNTAC2 detection... plen:%i %i:%i\n", packet->payload_packet_len, ntohs(packet->udp->source), ntohs(packet->udp->dest));
+
+ if (packet->payload_packet_len >= 135 &&
+ (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001)) &&
+ memcmp(&(packet->payload[36]), "UBNT", 4) == 0) {
+
+ NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n");
+
+ ndpi_int_ubntac2_add_connection(ndpi_struct, flow);
+ return;
+ }
+
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_UBNTAC2);
+}
+
+
+void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+{
+ ndpi_set_bitmask_protocol_detection("UBNTAC2", ndpi_struct, detection_bitmask, *id,
+ NDPI_PROTOCOL_UBNTAC2,
+ ndpi_search_ubntac2,
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
+ SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+ ADD_TO_DETECTION_BITMASK);
+ *id += 1;
+}
+
+#endif
Powered by cgit, Themed by Ted Yin.