aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/include/ndpi_protocol_ids.h2
-rw-r--r--src/lib/ndpi_main.c2
-rw-r--r--src/lib/protocols/quic.c7
3 files changed, 9 insertions, 2 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 1683510ef..52fc0ad5d 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -225,7 +225,7 @@ typedef enum {
NDPI_PROTOCOL_KAKAOTALK = 193, /* KakaoTalk Chat (no voice call) */
NDPI_PROTOCOL_KAKAOTALK_VOICE = 194, /* KakaoTalk Voice */
NDPI_PROTOCOL_TWITCH = 195, /* Edoardo Dominici <edoaramis@gmail.com> */
- NDPI_PROTOCOL_DOH_DOT = 196, /* DoH (DNS over HTTPS), DoT (DNS over TLS) */
+ NDPI_PROTOCOL_DOH_DOT = 196, /* DoH (DNS over HTTPS), DoT (DNS over TLS), DoQ (DNS over QUIC). TODO: rename in NDPI_PROTOCOL_DOH_DOT_DOQ? */
NDPI_PROTOCOL_WECHAT = 197,
NDPI_PROTOCOL_MPEGTS = 198,
NDPI_PROTOCOL_SNAPCHAT = 199,
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 6f536952a..0b84f98ef 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -875,7 +875,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOH_DOT, 0 /* can_have_a_subprotocol */,
no_master, no_master, "DoH_DoT", NDPI_PROTOCOL_CATEGORY_NETWORK /* dummy */,
ndpi_build_default_ports(ports_a, 853, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_build_default_ports(ports_b, 784, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_REDDIT, 0 /* can_have_a_subprotocol */,
no_master, no_master, "Reddit", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c
index 48a9db734..a4c93ed1e 100644
--- a/src/lib/protocols/quic.c
+++ b/src/lib/protocols/quic.c
@@ -1191,6 +1191,13 @@ static void process_tls(struct ndpi_detection_module_struct *ndpi_struct,
Negotiated version is only present in the ServerHello message too, but
fortunately, QUIC always uses TLS version 1.3 */
flow->protos.stun_ssl.ssl.ssl_version = 0x0304;
+
+ /* DNS-over-QUIC: ALPN is "doq" or "doq-XXX" (for drafts versions) */
+ if(flow->protos.stun_ssl.ssl.alpn &&
+ strncmp(flow->protos.stun_ssl.ssl.alpn, "doq", 3) == 0) {
+ NDPI_LOG_DBG(ndpi_struct, "Found DOQ (ALPN: [%s])\n", flow->protos.stun_ssl.ssl.alpn);
+ ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DOH_DOT, NDPI_PROTOCOL_QUIC);
+ }
}
static void process_chlo(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
Powered by cgit, Themed by Ted Yin.