diff options
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/bittorrent.c | 7 | ||||
| -rw-r--r-- | src/lib/protocols/btlib.c | 7 | ||||
| -rw-r--r-- | src/lib/protocols/btlib.h | 2 | ||||
| -rw-r--r-- | src/lib/protocols/citrix.c | 9 | ||||
| -rw-r--r-- | src/lib/protocols/directdownloadlink.c | 21 | ||||
| -rw-r--r-- | src/lib/protocols/gtp.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/lotus_notes.c | 14 | ||||
| -rw-r--r-- | src/lib/protocols/mdns.c | 176 | ||||
| -rw-r--r-- | src/lib/protocols/netflow.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/radius.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/tcp_udp.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tor.c | 2 |
13 files changed, 94 insertions, 172 deletions
diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index e7f55a78d..99420b85e 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -432,14 +432,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st u_int32_t ts = ntohl(*((u_int32_t*)&(packet->payload[4]))); u_int32_t now; -#ifndef __KERNEL__ now = (u_int32_t)time(NULL); -#else - struct timespec t; - - getnstimeofday(&t); - now = t.tv_sec; -#endif if((ts < (now+86400)) && (ts > (now-86400))) { goto bittorrent_found; diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index 6442c7db7..beea43d0d 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -42,8 +42,6 @@ typedef signed long long int i_int64_t; #include "btlib.h" -#ifndef __KERNEL__ - int bt_parse_debug = 0; static char *printXb(char *s,const u_int8_t *b,int l) { @@ -183,11 +181,8 @@ static void _print_safe_str(char *msg,char *k,const u_int8_t *s,size_t l) { static void print_safe_str(char *msg,bt_parse_data_cb_t *cbd) { _print_safe_str(msg,cbd->buf,cbd->v.s.s,cbd->v.s.l); } -#define DEBUG_TRACE(cmd) { if(bt_parse_debug) cmd; } -#else -#define DEBUG_TRACE(cmd,args...) -#endif /* __KERNEL */ +#define DEBUG_TRACE(cmd) { if(bt_parse_debug) cmd; } #define STREQ(a,b) !strcmp(a,b) diff --git a/src/lib/protocols/btlib.h b/src/lib/protocols/btlib.h index cc2928155..db68370c9 100644 --- a/src/lib/protocols/btlib.h +++ b/src/lib/protocols/btlib.h @@ -139,9 +139,7 @@ typedef struct bt_parse_data_cb { } v; } bt_parse_data_cb_t; -#ifndef __KERNEL__ extern int bt_parse_debug; void dump_bt_proto_struct(struct bt_parse_protocol *p); -#endif const u_int8_t *bt_decode(const u_int8_t *b, size_t *l, int *ret, bt_parse_data_cb_t *cbd); diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c index d03c0cbe6..92607579c 100644 --- a/src/lib/protocols/citrix.c +++ b/src/lib/protocols/citrix.c @@ -33,14 +33,6 @@ static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_packet_struct *packet = &flow->packet; u_int32_t payload_len = packet->payload_packet_len; -#if 0 - printf("[len=%u][%02X %02X %02X %02X]\n", payload_len, - packet->payload[0] & 0xFF, - packet->payload[1] & 0xFF, - packet->payload[2] & 0xFF, - packet->payload[3] & 0xFF); -#endif - if(packet->tcp != NULL) { flow->l4.tcp.citrix_packet_id++; @@ -70,7 +62,6 @@ static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX); } else if(flow->l4.tcp.citrix_packet_id > 3) NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX); diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index 846c60170..24375c90f 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -709,23 +709,10 @@ void ndpi_search_direct_download_link_tcp(struct ndpi_detection_module_struct *n { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; -#if 0 - if (ndpi_struct->direct_download_link_counter_callback != NULL) { - if (packet->detected_protocol == NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) { - /* skip packets not requests from the client to the server */ - if (packet->packet_direction == flow->l4.tcp.ddlink_server_direction) { - search_ddl_domains(ndpi_struct, flow); // do the detection again in order to get the URL in keep alive streams - } else { - // just count the packet - ndpi_struct->direct_download_link_counter_callback(flow->hash_id_number, packet->l3_packet_len); - } - } - return; - } -#endif - // do not detect again if it is already ddl + /* struct ndpi_id_struct *src=ndpi_struct->src; */ + /* struct ndpi_id_struct *dst=ndpi_struct->dst; */ + + /* do not detect again if it is already ddl */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) { if (search_ddl_domains(ndpi_struct, flow) != 0) { return; diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c index ec2c1099e..97044f94e 100644 --- a/src/lib/protocols/gtp.c +++ b/src/lib/protocols/gtp.c @@ -35,14 +35,6 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; -#if 0 - printf("[len=%u][%02X %02X %02X %02X]\n", payload_len, - packet->payload[0] & 0xFF, - packet->payload[1] & 0xFF, - packet->payload[2] & 0xFF, - packet->payload[3] & 0xFF); -#endif - if((packet->udp != NULL) && (payload_len > sizeof(struct gtp_header_generic))) { u_int32_t gtp_u = ntohs(2152); u_int32_t gtp_c = ntohs(2123); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 9314dba65..ced34c099 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -349,14 +349,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type Line found %.*s\n", packet->user_agent_line.len, packet->user_agent_line.ptr); - -#if 0 - if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) - ndpi_match_content_subprotocol(ndpi_struct, flow, - (char*)packet->user_agent_line.ptr, - packet->user_agent_line.len, - NDPI_PROTOCOL_HTTP); -#endif } /* check for host line */ diff --git a/src/lib/protocols/lotus_notes.c b/src/lib/protocols/lotus_notes.c index d0b3aa50f..37c4cf896 100644 --- a/src/lib/protocols/lotus_notes.c +++ b/src/lib/protocols/lotus_notes.c @@ -35,20 +35,6 @@ static void ndpi_check_lotus_notes(struct ndpi_detection_module_struct *ndpi_str if(packet->tcp != NULL) { flow->l4.tcp.lotus_notes_packet_id++; -#if 0 - printf("[lotus_notes_packet_id: %u][len=%u][%02X %02X %02X %02X %02X %02X %02X %02X]\n", - flow->l4.tcp.lotus_notes_packet_id, payload_len, - packet->payload[6] & 0xFF, - packet->payload[7] & 0xFF, - packet->payload[8] & 0xFF, - packet->payload[9] & 0xFF, - packet->payload[10] & 0xFF, - packet->payload[11] & 0xFF, - packet->payload[12] & 0xFF, - packet->payload[13] & 0xFF - ); -#endif - if((flow->l4.tcp.lotus_notes_packet_id == 1) /* We have seen the 3-way handshake */ && flow->l4.tcp.seen_syn diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c index 8226ab93c..d4426e7f3 100644 --- a/src/lib/protocols/mdns.c +++ b/src/lib/protocols/mdns.c @@ -37,108 +37,108 @@ static void ndpi_int_mdns_add_connection(struct ndpi_detection_module_struct } static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) + *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &flow->packet; - if ((packet->payload[2] & 0x80) == 0 && - ntohs(get_u_int16_t(packet->payload, 4)) <= NDPI_MAX_MDNS_REQUESTS && - ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS) { + if ((packet->payload[2] & 0x80) == 0 && + ntohs(get_u_int16_t(packet->payload, 4)) <= NDPI_MAX_MDNS_REQUESTS && + ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS) { - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n"); + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n"); - return 1; - } else if ((packet->payload[2] & 0x80) != 0 && - ntohs(get_u_int16_t(packet->payload, 4)) == 0 && - ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS && - ntohs(get_u_int16_t(packet->payload, 6)) != 0) { - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with answer query.\n"); + return 1; + } else if ((packet->payload[2] & 0x80) != 0 && + ntohs(get_u_int16_t(packet->payload, 4)) == 0 && + ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS && + ntohs(get_u_int16_t(packet->payload, 6)) != 0) { + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with answer query.\n"); - return 1; - } + return 1; + } - return 0; + return 0; } void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - - u_int16_t dport; -// const u_int16_t sport=ntohs(packet->udp->source); - - /* check if UDP and */ - if (packet->udp != NULL) { - /*read destination port */ - dport = ntohs(packet->udp->dest); - - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "MDNS udp start \n"); - - - - /*check standard MDNS to port 5353 */ - /*took this information from http://www.it-administrator.de/lexikon/multicast-dns.html */ - - if (dport == 5353 && packet->payload_packet_len >= 12) { - - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with destination port 5353\n"); - - /* MDNS header is similar to dns header */ - /* dns header - 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | ID | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - |QR| Opcode |AA|TC|RD|RA| Z | RCODE | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | QDCOUNT | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | ANCOUNT | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | NSCOUNT | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - | ARCOUNT | - +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - * - * dns query check: query: QR set, ancount = 0, nscount = 0, QDCOUNT < MAX_MDNS, ARCOUNT < MAX_MDNS - * - */ - - /* mdns protocol must have destination address 224.0.0.251 */ - /* took this information from http://www.it-administrator.de/lexikon/multicast-dns.html */ - - if (packet->iph != NULL && ntohl(packet->iph->daddr) == 0xe00000fb) { - - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, - NDPI_LOG_DEBUG, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n"); - - if (ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { - ndpi_int_mdns_add_connection(ndpi_struct, flow); - return; - } - } + // struct ndpi_id_struct *src=ndpi_struct->src; + // struct ndpi_id_struct *dst=ndpi_struct->dst; + + u_int16_t dport; + // const u_int16_t sport=ntohs(packet->udp->source); + + /* check if UDP and */ + if (packet->udp != NULL) { + /*read destination port */ + dport = ntohs(packet->udp->dest); + + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "MDNS udp start \n"); + + + + /*check standard MDNS to port 5353 */ + /*took this information from http://www.it-administrator.de/lexikon/multicast-dns.html */ + + if (dport == 5353 && packet->payload_packet_len >= 12) { + + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with destination port 5353\n"); + + /* MDNS header is similar to dns header */ + /* dns header + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ID | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + |QR| Opcode |AA|TC|RD|RA| Z | RCODE | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | QDCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ANCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | NSCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + | ARCOUNT | + +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * + * dns query check: query: QR set, ancount = 0, nscount = 0, QDCOUNT < MAX_MDNS, ARCOUNT < MAX_MDNS + * + */ + + /* mdns protocol must have destination address 224.0.0.251 */ + /* took this information from http://www.it-administrator.de/lexikon/multicast-dns.html */ + + if (packet->iph != NULL && ntohl(packet->iph->daddr) == 0xe00000fb) { + + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, + NDPI_LOG_DEBUG, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n"); + + if (ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { + ndpi_int_mdns_add_connection(ndpi_struct, flow); + return; + } + } #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if (packet->iphv6 != NULL) { - const u_int32_t *daddr = packet->iphv6->daddr.ndpi_v6_u.u6_addr32; - if (daddr[0] == htonl(0xff020000) && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb)) { - - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, - NDPI_LOG_DEBUG, "found MDNS with destination address ff02::fb\n"); - - if (ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { - ndpi_int_mdns_add_connection(ndpi_struct, flow); - return; - } - } - } -#endif + if (packet->iphv6 != NULL) { + const u_int32_t *daddr = packet->iphv6->ip6_dst.u6_addr.u6_addr32; + if (daddr[0] == htonl(0xff020000) && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb)) { + + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, + NDPI_LOG_DEBUG, "found MDNS with destination address ff02::fb\n"); - } + if (ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { + ndpi_int_mdns_add_connection(ndpi_struct, flow); + return; + } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MDNS); + } +#endif + + } + } + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MDNS); } diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c index 30bb898f2..54c634263 100644 --- a/src/lib/protocols/netflow.c +++ b/src/lib/protocols/netflow.c @@ -23,12 +23,10 @@ #ifdef NDPI_PROTOCOL_NETFLOW -#ifndef __KERNEL__ #ifdef WIN32 extern int gettimeofday(struct timeval * tp, struct timezone * tzp); #endif #define do_gettimeofday(a) gettimeofday(a, NULL) -#endif struct flow_ver1_rec { u_int32_t srcaddr; /* Source IP Address */ diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c index 09f26793b..625dc4108 100644 --- a/src/lib/protocols/radius.c +++ b/src/lib/protocols/radius.c @@ -35,14 +35,6 @@ static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct, // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; -#if 0 - printf("[len=%u][%02X %02X %02X %02X]\n", payload_len, - packet->payload[0] & 0xFF, - packet->payload[1] & 0xFF, - packet->payload[2] & 0xFF, - packet->payload[3] & 0xFF); -#endif - if(packet->udp != NULL) { struct radius_header *h = (struct radius_header*)packet->payload; u_int len = ntohs(h->len); diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index de9700e4a..9f9febfeb 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -64,7 +64,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st proto = ndpi_search_tcp_or_udp_raw(ndpi_struct, flow->packet.iph ? flow->packet.iph->protocol : #ifdef NDPI_DETECTION_SUPPORT_IPV6 - flow->packet.iphv6->nexthdr, + flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt, #else 0, #endif diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index 036162b1f..f2c2eae4c 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -66,14 +66,12 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, ndpi_int_tor_add_connection(ndpi_struct, flow); return(1); } else { -#ifndef __KERNEL__ #ifdef PENDANTIC_TOR_CHECK if(gethostbyname(certificate) == NULL) { ndpi_int_tor_add_connection(ndpi_struct, flow); return(1); } #endif -#endif } return(0); |