diff options
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/ajp.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/alicloud.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/http.c | 27 | ||||
| -rw-r--r-- | src/lib/protocols/mongodb.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/ssh.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/stun.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tcp_udp.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/telnet.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/websocket.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/wireguard.c | 3 |
11 files changed, 26 insertions, 24 deletions
diff --git a/src/lib/protocols/ajp.c b/src/lib/protocols/ajp.c index f2a9ec920..88782c9ec 100644 --- a/src/lib/protocols/ajp.c +++ b/src/lib/protocols/ajp.c @@ -63,7 +63,7 @@ static void set_ajp_detected(struct ndpi_detection_module_struct *ndpi_struct, /* If no custom protocol has been detected */ /* if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ ndpi_int_reset_protocol(flow); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AJP, flow->guessed_host_protocol_id, NDPI_CONFIDENCE_DPI); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AJP, flow->guessed_protocol_id_by_ip, NDPI_CONFIDENCE_DPI); } } diff --git a/src/lib/protocols/alicloud.c b/src/lib/protocols/alicloud.c index b8ce58d81..add82dbe8 100644 --- a/src/lib/protocols/alicloud.c +++ b/src/lib/protocols/alicloud.c @@ -30,7 +30,7 @@ static void ndpi_int_alicloud_add_connection(struct ndpi_detection_module_struct { NDPI_LOG_INFO(ndpi_struct, "found alicloud\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, NDPI_PROTOCOL_ALICLOUD, + ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_protocol_id_by_ip, NDPI_PROTOCOL_ALICLOUD, NDPI_CONFIDENCE_DPI); } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index dd494702a..6fd70d9b6 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -335,22 +335,20 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd struct ndpi_flow_struct *flow, u_int16_t http_protocol, ndpi_protocol_category_t category) { - u_int16_t master_protocol; + u_int16_t master_protocol, app_protocol; #ifdef HTTP_DEBUG printf("=> %s()\n", __FUNCTION__); #endif - if(flow->extra_packets_func && (flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN)) - return; /* Nothing new to add */ - + app_protocol = flow->guessed_protocol_id_by_ip; /* If no custom protocol has been detected */ - if((flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + if((app_protocol == NDPI_PROTOCOL_UNKNOWN) || ((http_protocol != NDPI_PROTOCOL_HTTP) && (http_protocol != NDPI_PROTOCOL_HTTP_CONNECT) && (http_protocol != NDPI_PROTOCOL_HTTP_PROXY)) ) - flow->guessed_host_protocol_id = http_protocol; + app_protocol = http_protocol; // ndpi_int_reset_protocol(flow); master_protocol = NDPI_PROTOCOL_HTTP; @@ -365,7 +363,7 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd sub-protocol via the (content-matched) subprotocols logic (i.e. MPEGDASH, SOAP, ....) */ if(flow->detected_protocol_stack[1] == 0) - ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, + ndpi_set_detected_protocol(ndpi_struct, flow, app_protocol, master_protocol, NDPI_CONFIDENCE_DPI); @@ -408,27 +406,36 @@ static void setHttpUserAgent(struct ndpi_detection_module_struct *ndpi_struct, static void ndpi_http_parse_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + u_int16_t master_protocol; + if((flow->l4.tcp.http_stage == 0) || (flow->http.url && flow->http_detected)) { char *double_col = strchr((char*)flow->host_server_name, ':'); if(double_col) double_col[0] = '\0'; + master_protocol = NDPI_PROTOCOL_HTTP; + if(flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) + master_protocol = flow->detected_protocol_stack[1]; + else if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP_CONNECT || + flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP_PROXY) + master_protocol = flow->detected_protocol_stack[0]; + if(ndpi_match_hostname_protocol(ndpi_struct, flow, - flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN ? flow->detected_protocol_stack[1] : NDPI_PROTOCOL_HTTP, + master_protocol, flow->host_server_name, strlen(flow->host_server_name)) == 0) { if(flow->http.url && ((strstr(flow->http.url, ":8080/downloading?n=0.") != NULL) || (strstr(flow->http.url, ":8080/upload?n=0.") != NULL))) { /* This looks like Ookla speedtest */ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP, NDPI_CONFIDENCE_DPI); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, master_protocol, NDPI_CONFIDENCE_DPI); } } if (flow->http.url != NULL && strstr(flow->http.url, "micloud.xiaomi.net") != NULL) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_XIAOMI, NDPI_PROTOCOL_HTTP, NDPI_CONFIDENCE_DPI); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_XIAOMI, master_protocol, NDPI_CONFIDENCE_DPI); } } } diff --git a/src/lib/protocols/mongodb.c b/src/lib/protocols/mongodb.c index 1f1619141..1ed4fdcb1 100644 --- a/src/lib/protocols/mongodb.c +++ b/src/lib/protocols/mongodb.c @@ -58,7 +58,7 @@ static void set_mongodb_detected(struct ndpi_detection_module_struct *ndpi_struc /* If no custom protocol has been detected */ /* if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ ndpi_int_reset_protocol(flow); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MONGODB, flow->guessed_host_protocol_id, NDPI_CONFIDENCE_DPI); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MONGODB, flow->guessed_protocol_id_by_ip, NDPI_CONFIDENCE_DPI); } } diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 36e950ce1..935ec3cc7 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -209,8 +209,6 @@ static void ndpi_int_ssh_add_connection(struct ndpi_detection_module_struct if(flow->extra_packets_func != NULL) return; - flow->guessed_host_protocol_id = flow->guessed_protocol_id = NDPI_PROTOCOL_SSH; - flow->max_extra_packets_to_check = 12; flow->extra_packets_func = search_ssh_again; @@ -445,7 +443,7 @@ static void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct #endif NDPI_LOG_DBG2(ndpi_struct, "ssh stage 1 passed\n"); - flow->guessed_host_protocol_id = flow->guessed_protocol_id = NDPI_PROTOCOL_SSH; + flow->guessed_protocol_id = NDPI_PROTOCOL_SSH; #ifdef SSH_DEBUG printf("[SSH] [completed stage: %u]\n", flow->l4.tcp.ssh_stage); diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index beec5a508..070939b87 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -424,7 +424,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG_DBG(ndpi_struct, "search stun\n"); - app_proto = flow->guessed_host_protocol_id; + app_proto = flow->guessed_protocol_id_by_ip; if(packet->tcp) { /* STUN may be encapsulated in TCP packets */ diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index 03965d1c2..dd25292f5 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -40,7 +40,7 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc } if(flow) - return(flow->guessed_host_protocol_id); + return(flow->guessed_protocol_id_by_ip); else { host.s_addr = htonl(saddr); if((rc = ndpi_network_ptree_match(ndpi_struct, &host)) != NDPI_PROTOCOL_UNKNOWN) diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index ed0808596..5bec572e6 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -130,8 +130,6 @@ static int search_telnet_again(struct ndpi_detection_module_struct *ndpi_struct, static void ndpi_int_telnet_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - flow->guessed_host_protocol_id = flow->guessed_protocol_id = NDPI_PROTOCOL_TELNET; - flow->max_extra_packets_to_check = 64; flow->extra_packets_func = search_telnet_again; diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index fe36555ed..4397bf705 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -2491,7 +2491,7 @@ static void ndpi_search_tls_wrapper(struct ndpi_detection_module_struct *ndpi_st #ifdef DEBUG_TLS printf("==>> %s() %u [len: %u][version: %u]\n", __FUNCTION__, - flow->guessed_host_protocol_id, + flow->guessed_protocol_id_by_ip, packet->payload_packet_len, flow->protos.tls_quic.ssl_version); #endif diff --git a/src/lib/protocols/websocket.c b/src/lib/protocols/websocket.c index e009e7916..1438825b5 100644 --- a/src/lib/protocols/websocket.c +++ b/src/lib/protocols/websocket.c @@ -53,7 +53,7 @@ static void set_websocket_detected(struct ndpi_detection_module_struct *ndpi_str ndpi_search_tcp_or_udp(ndpi_struct, flow); ndpi_int_reset_protocol(flow); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WEBSOCKET, flow->guessed_host_protocol_id, NDPI_CONFIDENCE_DPI); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WEBSOCKET, flow->guessed_protocol_id_by_ip, NDPI_CONFIDENCE_DPI); } } diff --git a/src/lib/protocols/wireguard.c b/src/lib/protocols/wireguard.c index a2e2291bc..8a0d15e00 100644 --- a/src/lib/protocols/wireguard.c +++ b/src/lib/protocols/wireguard.c @@ -140,8 +140,7 @@ void ndpi_search_wireguard(struct ndpi_detection_module_struct u_int32_t receiver_index = get_u_int32_t(payload, 4); /* We speculate this is wireguard, so let's remember it */ - if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) - flow->guessed_host_protocol_id = NDPI_PROTOCOL_WIREGUARD; + flow->guessed_protocol_id = NDPI_PROTOCOL_WIREGUARD; if (flow->l4.udp.wireguard_stage == 0) { flow->l4.udp.wireguard_stage = 3 + packet->packet_direction; |