diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 8 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 21 |
2 files changed, 29 insertions, 0 deletions
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index fe7b39b52..5e0210d71 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7289,6 +7289,12 @@ static ndpi_network host_protocol_list[] = { /* Simet - 200.160.4.0/24 */ { 0xC8A00400, 24, NDPI_SERVICE_SIMET }, + /* + AnchorFree (Hotspot Shield) + AnchorFree Inc. AFNETWORK-1 (NET-74-115-0-0-1) 74.115.0.0 - 74.115.7.255 + */ + { 0x4A730000, 21, NDPI_SERVICE_HOTSPOT_SHIELD }, + { 0x0, 0, 0 } }; @@ -7409,6 +7415,8 @@ ndpi_protocol_match host_match[] = { { "update.microsoft.com", "WindowsUpdate", NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { ".windowsupdate.com", "WindowsUpdate", NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_FUN }, + { ".anchorfree.", "HotspotShield", NDPI_SERVICE_HOTSPOT_SHIELD, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { "hotspotshield.com", "HotspotShield", NDPI_SERVICE_HOTSPOT_SHIELD, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f88651443..9514a5943 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1164,6 +1164,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "WorldOfWarcraft", ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_SERVICE_HOTSPOT_SHIELD, + no_master, + no_master, "HotspotShield", + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_TELNET, no_master, no_master, "Telnet", @@ -3411,6 +3416,22 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct } else ret.protocol = flow->detected_protocol_stack[0]; + + if((ret.master_protocol == NDPI_PROTOCOL_UNKNOWN) && flow->packet.iph) { + struct ndpi_packet_struct *packet = &flow->packet; + + if((ret.master_protocol = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&packet->iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) + ret.master_protocol = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&packet->iph->daddr); + + /* Swap proocols in case of success */ + if(ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) { + u_int8_t t = ret.master_protocol; + + ret.master_protocol = ret.protocol; + ret.protocol = t; + } + } + return(ret); } |