diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_protocols.h | 1 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 3 | ||||
| -rw-r--r-- | src/lib/protocols/iec60870-5-104.c | 14 | ||||
| -rw-r--r-- | src/lib/protocols/irc.c | 49 |
4 files changed, 23 insertions, 44 deletions
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 3bff4bcbc..7a12c1ffd 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -192,6 +192,7 @@ void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_cpha_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_amazon_video_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 385b869e5..58b48d2c2 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3116,6 +3116,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* check_mk */ init_checkmk_dissector(ndpi_str, &a, detection_bitmask); + /* cpha */ + init_cpha_dissector(ndpi_str, &a, detection_bitmask); + /* AIMINI */ init_aimini_dissector(ndpi_str, &a, detection_bitmask); diff --git a/src/lib/protocols/iec60870-5-104.c b/src/lib/protocols/iec60870-5-104.c index 93f724543..b2da8c34c 100644 --- a/src/lib/protocols/iec60870-5-104.c +++ b/src/lib/protocols/iec60870-5-104.c @@ -34,7 +34,7 @@ void ndpi_search_iec60870_tcp(struct ndpi_detection_module_struct *ndpi_struct, /* Check connection over TCP */ NDPI_LOG_DBG(ndpi_struct, "search IEC60870\n"); - + if(packet->tcp) { u_int16_t offset = 0, found = 0; @@ -45,8 +45,16 @@ void ndpi_search_iec60870_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(len == 0) break; - else - offset += len + 2, found = 1; + else { + u_int8_t len = packet->payload[offset+1]; + + if((len + offset + 2) == packet->payload_packet_len) { + found = 1; + break; + } + + offset += len + 2; + } } else break; } diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index 71d739025..8eb51aae4 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -373,7 +373,6 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc struct ndpi_id_struct *dst = flow->dst; int less; u_int16_t c = 0; - u_int16_t c1 = 0; u_int16_t port = 0; u_int16_t sport = 0; u_int16_t dport = 0; @@ -439,38 +438,6 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } } -#if 0 - if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_IRC - && flow->packet_counter == 2 && (packet->payload_packet_len > 400 && packet->payload_packet_len < 1381)) { - for (c1 = 50; c1 < packet->payload_packet_len - 23; c1++) { - if (packet->payload[c1] == 'i' || packet->payload[c1] == 'd') { - if ((memcmp(&packet->payload[c1], "irc.hackthissite.org0", 21) - == 0) - || (memcmp(&packet->payload[c1], "irc.gamepad.ca1", 15) == 0) - || (memcmp(&packet->payload[c1], "dungeon.axenet.org0", 19) - == 0) - || (memcmp(&packet->payload[c1], "dazed.nuggethaus.net", 20) - == 0) - || (memcmp(&packet->payload[c1], "irc.indymedia.org", 17) - == 0) - || (memcmp(&packet->payload[c1], "irc.cccp-project.net", 20) - == 0) - || (memcmp(&packet->payload[c1], "dirc.followell.net0", 19) - == 0) - || (memcmp(&packet->payload[c1], "irc.discostars.de1", 18) - == 0) - || (memcmp(&packet->payload[c1], "irc.rizon.net", 13) == 0)) { - NDPI_LOG_INFO(ndpi_struct, - "found IRC SSL: - irc.hackthissite.org0 | irc.gamepad.ca1 | dungeon.axenet.org0 " - "| dazed.nuggethaus.net | irc.indymedia.org | irc.discostars.de1 "); - ndpi_int_irc_add_connection(ndpi_struct, flow); - break; - } - } - } - } -#endif - if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_IRC && ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(ndpi_struct, flow) != 0) { return; @@ -518,7 +485,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc || (memcmp(packet->payload, "PRIVMSG ", 8) == 0) || (memcmp(packet->payload, "VERSION ", 8) == 0)) { NDPI_LOG_DBG2(ndpi_struct, - "USER, NICK, PASS, NOTICE, PRIVMSG one time"); + "USER, NICK, PASS, NOTICE, PRIVMSG one time"); if (flow->l4.tcp.irc_stage == 2) { NDPI_LOG_INFO(ndpi_struct, "found irc"); ndpi_int_irc_add_connection(ndpi_struct, flow); @@ -555,8 +522,8 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG_DBG2(ndpi_struct, "packet contains more than one line"); for (c = 1; c < packet->parsed_lines; c++) { if (packet->line[c].len > 4 && (memcmp(packet->line[c].ptr, "NICK ", 5) == 0 - || memcmp(packet->line[c].ptr, "USER ", - 5) == 0)) { + || memcmp(packet->line[c].ptr, "USER ", + 5) == 0)) { NDPI_LOG_INFO(ndpi_struct, "found IRC: two icq signal words in the same packet"); ndpi_int_irc_add_connection(ndpi_struct, flow); flow->l4.tcp.irc_stage = 3; @@ -580,7 +547,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (memcmp(packet->payload, "POST ", 5) == 0) { ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->parsed_lines) { - u_int16_t http_header_len = (u_int16_t)((packet->line[packet->parsed_lines - 1].ptr - packet->payload) + 2); + u_int16_t http_header_len = (u_int16_t)((packet->line[packet->parsed_lines - 1].ptr - packet->payload) + 2); if (packet->payload_packet_len > http_header_len) { http_content_ptr_len = packet->payload_packet_len - http_header_len; } @@ -590,7 +557,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc || ((packet->referer_line.ptr) && (ndpi_check_for_IRC_traces(packet->referer_line.ptr, packet->referer_line.len)))) { NDPI_LOG_DBG2(ndpi_struct, - "IRC detected from the Http URL/ Referer header "); + "IRC detected from the Http URL/ Referer header "); flow->l4.tcp.irc_stage = 1; // HTTP POST Request body is not in the same packet. if (!http_content_ptr_len) { @@ -637,7 +604,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (memcmp(&packet->line[i].ptr[j + 1], "DCC SEND ", 9) == 0 || memcmp(&packet->line[i].ptr[j + 1], "DCC CHAT ", 9) == 0) { NDPI_LOG_INFO(ndpi_struct, - "found NOTICE and DCC CHAT or DCC SEND."); + "found NOTICE and DCC CHAT or DCC SEND."); } } } @@ -700,7 +667,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc ntohs_ndpi_bytestream_to_number (&packet->line[i].ptr[j], packet->payload_packet_len - j, &j); NDPI_LOG_DBG2(ndpi_struct, "port %u.", - port); + port); j = k; // hier jetzt überlegen, wie die ports abgespeichert werden sollen if (src->irc_number_of_port < NDPI_PROTOCOL_IRC_MAXPORT) @@ -711,7 +678,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc = port; src->irc_number_of_port++; NDPI_LOG_DBG2(ndpi_struct, "found port=%d jjeeeeeeeeeeeeeeeeeeeeeeeee", - ntohs(get_u_int16_t(src->irc_port, 0))); + ntohs(get_u_int16_t(src->irc_port, 0))); } src->irc_ts = packet->current_time_ms; } else if (port != 0 && src->irc_number_of_port == NDPI_PROTOCOL_IRC_MAXPORT) { |