aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/include/ndpi_protocol_ids.h26
-rw-r--r--src/include/ndpi_protocols.h12
-rw-r--r--src/include/ndpi_typedefs.h21
-rw-r--r--src/lib/ndpi_main.c97
-rw-r--r--src/lib/protocols/aimini.c270
-rw-r--r--src/lib/protocols/applejuice.c67
-rw-r--r--src/lib/protocols/ayiya.c87
-rw-r--r--src/lib/protocols/directconnect.c207
-rw-r--r--src/lib/protocols/directdownloadlink.c726
-rw-r--r--src/lib/protocols/fasttrack.c95
-rw-r--r--src/lib/protocols/fiesta.c105
-rw-r--r--src/lib/protocols/florensia.c130
-rw-r--r--src/lib/protocols/openft.c67
-rw-r--r--src/lib/protocols/ppstream.c2
-rw-r--r--src/lib/protocols/shoutcast.c118
-rw-r--r--src/lib/protocols/sopcast.c223
-rw-r--r--src/lib/protocols/stealthnet.c69
-rw-r--r--src/lib/protocols/thunder.c193
18 files changed, 43 insertions, 2472 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 894b8c1f9..856778dc8 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -50,10 +50,10 @@ typedef enum {
NDPI_PROTOCOL_POSTGRES = 19,
NDPI_PROTOCOL_MYSQL = 20,
NDPI_PROTOCOL_MS_OUTLOOK = 21, /* Hotmail / Microsoft Outlook / Exchange */
- NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK = 22,
+ NDPI_PROTOCOL_FREE_22 = 22, /* FREE */
NDPI_PROTOCOL_MAIL_POPS = 23,
- NDPI_PROTOCOL_APPLEJUICE = 24,
- NDPI_PROTOCOL_DIRECTCONNECT = 25,
+ NDPI_PROTOCOL_FREE_24 = 24, /* FREE */
+ NDPI_PROTOCOL_FREE_25 = 25, /* FREE */
NDPI_PROTOCOL_NTOP = 26,
NDPI_PROTOCOL_COAP = 27,
NDPI_PROTOCOL_VMWARE = 28,
@@ -61,8 +61,8 @@ typedef enum {
NDPI_PROTOCOL_DTLS = 30,
NDPI_PROTOCOL_UBNTAC2 = 31, /* Ubiquity UBNT AirControl = 2 */
NDPI_PROTOCOL_KONTIKI = 32,
- NDPI_PROTOCOL_OPENFT = 33,
- NDPI_PROTOCOL_FASTTRACK = 34,
+ NDPI_PROTOCOL_FREE_33 = 33, /* FREE */
+ NDPI_PROTOCOL_FREE_34 = 34, /* FREE */
NDPI_PROTOCOL_GNUTELLA = 35,
NDPI_PROTOCOL_EDONKEY = 36,
NDPI_PROTOCOL_BITTORRENT = 37,
@@ -84,17 +84,17 @@ typedef enum {
NDPI_PROTOCOL_CPHA = 53,
NDPI_PROTOCOL_PPSTREAM = 54,
NDPI_PROTOCOL_ZATTOO = 55,
- NDPI_PROTOCOL_SHOUTCAST = 56,
- NDPI_PROTOCOL_SOPCAST = 57,
+ NDPI_PROTOCOL_FREE_56 = 56, /* FREE */
+ NDPI_PROTOCOL_FREE_57 = 57, /* FREE */
NDPI_PROTOCOL_DISCORD = 58,
NDPI_PROTOCOL_TVUPLAYER = 59,
NDPI_PROTOCOL_MONGODB = 60,
NDPI_PROTOCOL_PLURALSIGHT = 61,
- NDPI_PROTOCOL_THUNDER = 62,
+ NDPI_PROTOCOL_FREE_62 = 62, /* FREE */
NDPI_PROTOCOL_OCSP = 63,
NDPI_PROTOCOL_VXLAN = 64,
NDPI_PROTOCOL_IRC = 65,
- NDPI_PROTOCOL_AYIYA = 66,
+ NDPI_PROTOCOL_FREE_66 = 66, /* FREE */
NDPI_PROTOCOL_JABBER = 67,
NDPI_PROTOCOL_NATS = 68,
NDPI_PROTOCOL_AMONG_US = 69,
@@ -126,8 +126,8 @@ typedef enum {
NDPI_PROTOCOL_IAX = 95,
NDPI_PROTOCOL_TFTP = 96,
NDPI_PROTOCOL_AFP = 97,
- NDPI_PROTOCOL_STEALTHNET = 98,
- NDPI_PROTOCOL_AIMINI = 99,
+ NDPI_PROTOCOL_FREE_98 = 98, /* FREE */
+ NDPI_PROTOCOL_FREE_99 = 99, /* FREE */
NDPI_PROTOCOL_SIP = 100,
NDPI_PROTOCOL_TRUPHONE = 101,
NDPI_PROTOCOL_IP_ICMPV6 = 102,
@@ -135,8 +135,8 @@ typedef enum {
NDPI_PROTOCOL_ARMAGETRON = 104,
NDPI_PROTOCOL_CROSSFIRE = 105,
NDPI_PROTOCOL_DOFUS = 106,
- NDPI_PROTOCOL_FIESTA = 107,
- NDPI_PROTOCOL_FLORENSIA = 108,
+ NDPI_PROTOCOL_FREE_107 = 107, /* FREE */
+ NDPI_PROTOCOL_FREE_108 = 108, /* FREE */
NDPI_PROTOCOL_GUILDWARS = 109,
NDPI_PROTOCOL_AMAZON_ALEXA = 110,
NDPI_PROTOCOL_KERBEROS = 111,
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index be07c517c..d489b4cdf 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -53,10 +53,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st
void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_ayiya_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
@@ -71,16 +68,11 @@ void init_crossfire_dissector(struct ndpi_detection_module_struct *ndpi_struct,
void init_dcerpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_dhcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_dhcpv6_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_directconnect_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_dns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_directdownloadlink_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_dropbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_eaq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_edonkey_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_fasttrack_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_fiesta_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_florensia_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_ftp_control_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_ftp_data_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_gnutella_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
@@ -118,7 +110,6 @@ void init_nfs_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
void init_noe_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_ntp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_openft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_oracle_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_postgres_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
@@ -144,13 +135,11 @@ void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_socrates_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_sopcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_socks_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_ssh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_tls_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_starcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_stealthnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_syslog_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
@@ -160,7 +149,6 @@ void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct,
void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_telnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_tftp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
-void init_thunder_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
void init_wsd_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 093150407..d9de63d5e 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -730,15 +730,9 @@ struct ndpi_flow_tcp_struct {
/* NDPI_PROTOCOL_DOFUS */
u_int32_t dofus_stage:1;
- /* NDPI_PROTOCOL_FIESTA */
- u_int32_t fiesta_stage:2;
-
/* NDPI_PROTOCOL_WORLDOFWARCRAFT */
u_int32_t wow_stage:2;
- /* NDPI_PROTOCOL_SHOUTCAST */
- u_int32_t shoutcast_stage:2;
-
/* NDPI_PROTOCOL_RTP */
u_int32_t rtp_special_packets_seen:1;
@@ -761,9 +755,6 @@ struct ndpi_flow_tcp_struct {
u_int8_t prev_zmq_pkt_len;
u_char prev_zmq_pkt[10];
- /* NDPI_PROTOCOL_PPSTREAM */
- u_int32_t ppstream_stage:3;
-
/* NDPI_PROTOCOL_MEMCACHED */
u_int8_t memcached_matches;
@@ -783,9 +774,6 @@ struct ndpi_flow_udp_struct {
/* NDPI_PROTOCOL_TFTP */
u_int32_t tftp_stage:2;
- /* NDPI_PROTOCOL_AIMINI */
- u_int32_t aimini_stage:5;
-
/* NDPI_PROTOCOL_XBOX */
u_int32_t xbox_stage:1;
@@ -1533,9 +1521,6 @@ struct ndpi_flow_struct {
u_int8_t bittorrent_stage; // can be 0 - 255
u_int8_t bt_check_performed : 1;
- /* NDPI_PROTOCOL_DIRECTCONNECT */
- u_int8_t directconnect_stage:2; // 0 - 1
-
/* NDPI_PROTOCOL_HTTP */
u_int8_t http_detected:1;
@@ -1545,12 +1530,6 @@ struct ndpi_flow_struct {
/* NDPI_PROTOCOL_ZATTOO */
u_int8_t zattoo_stage:3;
- /* NDPI_PROTOCOL_THUNDER */
- u_int8_t thunder_stage:2; // 0 - 3
-
- /* NDPI_PROTOCOL_FLORENSIA */
- u_int8_t florensia_stage:1;
-
/* NDPI_PROTOCOL_SOCKS */
u_int8_t socks5_stage:2, socks4_stage:2; // 0 - 3
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 97317a1c1..c67e7b2c8 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1049,10 +1049,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
ndpi_build_default_ports(ports_a, 80, 0 /* ntop */, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_subprotocols(ndpi_str, NDPI_PROTOCOL_HTTP,
- NDPI_PROTOCOL_AIMINI, NDPI_PROTOCOL_CROSSFIRE, NDPI_PROTOCOL_SOAP,
- NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, NDPI_PROTOCOL_GNUTELLA,
+ NDPI_PROTOCOL_CROSSFIRE, NDPI_PROTOCOL_SOAP,
+ NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_GNUTELLA,
NDPI_PROTOCOL_MAPLESTORY, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_WORLDOFWARCRAFT,
- NDPI_PROTOCOL_THUNDER, NDPI_PROTOCOL_IRC,
+ NDPI_PROTOCOL_IRC,
NDPI_PROTOCOL_IPP,
NDPI_PROTOCOL_MPEGDASH,
NDPI_PROTOCOL_RTSP,
@@ -1113,16 +1113,16 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
"MySQL", NDPI_PROTOCOL_CATEGORY_DATABASE,
ndpi_build_default_ports(ports_a, 3306, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK,
- "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FREE_22,
+ "Free22", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE,
- "AppleJuice", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FREE_24,
+ "Free24", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT,
- "DirectConnect", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FREE_25,
+ "Free25", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NATS,
@@ -1145,12 +1145,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
"Kontiki", NDPI_PROTOCOL_CATEGORY_MEDIA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT,
- "OpenFT", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FREE_33,
+ "Free33", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK,
- "FastTrack", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FREE_34,
+ "Free34", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA,
@@ -1265,12 +1265,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
"Zattoo", NDPI_PROTOCOL_CATEGORY_VIDEO,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SHOUTCAST,
- "ShoutCast", NDPI_PROTOCOL_CATEGORY_MUSIC,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_56,
+ "Free56", NDPI_PROTOCOL_CATEGORY_MUSIC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOPCAST,
- "Sopcast", NDPI_PROTOCOL_CATEGORY_VIDEO,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_57,
+ "Free57", NDPI_PROTOCOL_CATEGORY_VIDEO,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DISCORD,
@@ -1285,8 +1285,8 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
"Pluralsight", NDPI_PROTOCOL_CATEGORY_VIDEO,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER,
- "Thunder", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_62,
+ "Free62", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OCSP,
@@ -1301,8 +1301,8 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
"IRC", NDPI_PROTOCOL_CATEGORY_CHAT,
ndpi_build_default_ports(ports_a, 194, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 194, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AYIYA,
- "Ayiya", NDPI_PROTOCOL_CATEGORY_NETWORK,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FREE_66,
+ "Free66", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 5072, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_JABBER,
@@ -1447,12 +1447,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
"CHECKMK", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
ndpi_build_default_ports(ports_a, 6556, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET,
- "Stealthnet", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FREE_98,
+ "Free98", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI,
- "Aimini", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_99,
+ "Free99", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP,
@@ -1483,12 +1483,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
"Dofus", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FIESTA,
- "Fiesta", NDPI_PROTOCOL_CATEGORY_GAME,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_107,
+ "Free107", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FLORENSIA,
- "Florensia", NDPI_PROTOCOL_CATEGORY_GAME,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_108,
+ "Free108", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS,
@@ -4225,21 +4225,12 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
/* EDONKEY */
init_edonkey_dissector(ndpi_str, &a);
- /* FASTTRACK */
- init_fasttrack_dissector(ndpi_str, &a);
-
/* GNUTELLA */
init_gnutella_dissector(ndpi_str, &a);
- /* DIRECTCONNECT */
- init_directconnect_dissector(ndpi_str, &a);
-
/* NATS */
init_nats_dissector(ndpi_str, &a);
- /* APPLEJUICE */
- init_applejuice_dissector(ndpi_str, &a);
-
/* SOCKS */
init_socks_dissector(ndpi_str, &a);
@@ -4270,9 +4261,6 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
/* NON_TCP_UDP */
init_non_tcp_udp_dissector(ndpi_str, &a);
- /* SOPCAST */
- init_sopcast_dissector(ndpi_str, &a);
-
/* TVUPLAYER */
init_tvuplayer_dissector(ndpi_str, &a);
@@ -4294,12 +4282,6 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
/* SSH */
init_ssh_dissector(ndpi_str, &a);
- /* AYIYA */
- init_ayiya_dissector(ndpi_str, &a);
-
- /* THUNDER */
- init_thunder_dissector(ndpi_str, &a);
-
/* VNC */
init_vnc_dissector(ndpi_str, &a);
@@ -4360,21 +4342,12 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
/* ICECAST */
init_icecast_dissector(ndpi_str, &a);
- /* SHOUTCAST */
- init_shoutcast_dissector(ndpi_str, &a);
-
/* KERBEROS */
init_kerberos_dissector(ndpi_str, &a);
- /* OPENFT */
- init_openft_dissector(ndpi_str, &a);
-
/* SYSLOG */
init_syslog_dissector(ndpi_str, &a);
- /* DIRECT_DOWNLOAD_LINK */
- init_directdownloadlink_dissector(ndpi_str, &a);
-
/* NETBIOS */
init_netbios_dissector(ndpi_str, &a);
@@ -4399,9 +4372,6 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
/* PPTP */
init_pptp_dissector(ndpi_str, &a);
- /* STEALTHNET */
- init_stealthnet_dissector(ndpi_str, &a);
-
/* DHCPV6 */
init_dhcpv6_dissector(ndpi_str, &a);
@@ -4414,12 +4384,6 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
/* cpha */
init_cpha_dissector(ndpi_str, &a);
- /* AIMINI */
- init_aimini_dissector(ndpi_str, &a);
-
- /* FLORENSIA */
- init_florensia_dissector(ndpi_str, &a);
-
/* MAPLESTORY */
init_maplestory_dissector(ndpi_str, &a);
@@ -4429,9 +4393,6 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
/* WORLD_OF_KUNG_FU */
init_world_of_kung_fu_dissector(ndpi_str, &a);
- /* FIESTA */
- init_fiesta_dissector(ndpi_str, &a);
-
/* CROSSIFIRE */
init_crossfire_dissector(ndpi_str, &a);
diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c
deleted file mode 100644
index 4e08612c6..000000000
--- a/src/lib/protocols/aimini.c
+++ /dev/null
@@ -1,270 +0,0 @@
-/*
- * aimini.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AIMINI
-
-#include "ndpi_api.h"
-
-
-static void ndpi_int_aimini_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */
- /* ndpi_protocol_type_t protocol_type */)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AIMINI, NDPI_PROTOCOL_HTTP, NDPI_CONFIDENCE_DPI);
-}
-
-
-void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- NDPI_LOG_DBG(ndpi_struct, "search aimini\n");
-
- if (packet->udp != NULL) {
- if (flow->l4.udp.aimini_stage == 0) {
- if (packet->payload_packet_len == 64 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010b) {
- flow->l4.udp.aimini_stage = 1;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 1\n");
- return;
- }
- if (packet->payload_packet_len == 136
- && (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9 || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)) {
- flow->l4.udp.aimini_stage = 4;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 4\n");
- return;
- }
- if (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101) {
- flow->l4.udp.aimini_stage = 7;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 7\n");
- return;
- }
- if (packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102) {
- flow->l4.udp.aimini_stage = 10;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 10\n");
- return;
- }
- if (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca) {
- flow->l4.udp.aimini_stage = 13;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 13\n");
- return;
- }
- if (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c) {
- flow->l4.udp.aimini_stage = 16;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 16\n");
- return;
- }
- }
- /* first packet chronology: (len, value): (64, 0x010b), (>100, 0x0115), (16, 0x010c || 64, 0x010b || 88, 0x0115),
- * (16, 0x010c || 64, 0x010b || >100, 0x0115)
- */
- if (flow->l4.udp.aimini_stage == 1 && packet->payload_packet_len > 100
- && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0115) {
- flow->l4.udp.aimini_stage = 2;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 2\n");
- return;
- }
- if (flow->l4.udp.aimini_stage == 2 &&
- ((packet->payload_packet_len == 16 && get_u_int16_t(packet->payload, 0) == htons(0x010c)) ||
- (packet->payload_packet_len == 64 && get_u_int16_t(packet->payload, 0) == htons(0x010b)) ||
- (packet->payload_packet_len == 88 && get_u_int16_t(packet->payload, 0) == ntohs(0x0115)))) {
- flow->l4.udp.aimini_stage = 3;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 3\n");
- return;
- }
- if (flow->l4.udp.aimini_stage == 3
- && ((packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)
- || (packet->payload_packet_len == 64 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010b)
- || (packet->payload_packet_len > 100 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0115))) {
- NDPI_LOG_INFO(ndpi_struct, "found aimini (64, 0x010b), (>300, 0x0115), "
- "(16, 0x010c || 64, 0x010b), (16, 0x010c || 64, 0x010b || >100, 0x0115).\n");
- ndpi_int_aimini_add_connection(ndpi_struct, flow);
- return;
- }
-
- /* second packet chronology: (len, value): (136, 0x01c9), (136, 0x01c9),(136, 0x01c9),(136, 0x01c9 || 32, 0x01ca) */
-
- if (flow->l4.udp.aimini_stage == 4 && packet->payload_packet_len == 136
- && (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9 || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)) {
- flow->l4.udp.aimini_stage = 5;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 5\n");
- return;
- }
- if (flow->l4.udp.aimini_stage == 5 && (packet->payload_packet_len == 136
- && (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9
- || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165))) {
- flow->l4.udp.aimini_stage = 6;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 6\n");
- return;
- }
- if (flow->l4.udp.aimini_stage == 6 && ((packet->payload_packet_len == 136
- && ((ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)
- || ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9))
- || (packet->payload_packet_len == 32
- && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) {
- NDPI_LOG_INFO(ndpi_struct,
- "found aimini (136, 0x01c9), (136, 0x01c9)," "(136, 0x01c9),(136, 0x01c9 || 32, 0x01ca).\n");
- ndpi_int_aimini_add_connection(ndpi_struct, flow);
- return;
- }
-
- /* third packet chronology: (len, value): (88, 0x0101), (88, 0x0101),(88, 0x0101),(88, 0x0101) */
-
- if (flow->l4.udp.aimini_stage == 7 && packet->payload_packet_len == 88
- && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101) {
- flow->l4.udp.aimini_stage = 8;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 8\n");
- return;
- }
- if (flow->l4.udp.aimini_stage == 8
- && (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101)) {
- flow->l4.udp.aimini_stage = 9;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 9\n");
- return;
- }
- if (flow->l4.udp.aimini_stage == 9
- && (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101)) {
- NDPI_LOG_INFO(ndpi_struct,
- "found aimini (88, 0x0101), (88, 0x0101)," "(88, 0x0101),(88, 0x0101).\n");
- ndpi_int_aimini_add_connection(ndpi_struct, flow);
- return;
- }
-
- /* fourth packet chronology: (len, value): (104, 0x0102), (104, 0x0102), (104, 0x0102), (104, 0x0102) */
-
- if (flow->l4.udp.aimini_stage == 10 && packet->payload_packet_len == 104
- && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102) {
- flow->l4.udp.aimini_stage = 11;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 11\n");
- return;
- }
- if (flow->l4.udp.aimini_stage == 11
- && (packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102)) {
- flow->l4.udp.aimini_stage = 12;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 12\n");
- return;
- }
- if (flow->l4.udp.aimini_stage == 12
- && ((packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102)
- || (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) {
- NDPI_LOG_INFO(ndpi_struct,
- "found aimini (104, 0x0102), (104, 0x0102), " "(104, 0x0102), (104, 0x0102).\n");
- ndpi_int_aimini_add_connection(ndpi_struct, flow);
- return;
- }
-
- /* fifth packet chronology (len, value): (32,0x01ca), (32,0x01ca), (32,0x01ca), ((136, 0x0166) || (32,0x01ca)) */
-
- if (flow->l4.udp.aimini_stage == 13 && packet->payload_packet_len == 32
- && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca) {
- flow->l4.udp.aimini_stage = 14;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 14\n");
- return;
- }
- if (flow->l4.udp.aimini_stage == 14
- && ((packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca)
- || (packet->payload_packet_len == 136 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0166))) {
- flow->l4.udp.aimini_stage = 15;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 15\n");
- return;
- }
- if (flow->l4.udp.aimini_stage == 15
- && ((packet->payload_packet_len == 136 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0166)
- || (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) {
- NDPI_LOG_INFO(ndpi_struct,
- "found aimini (32,0x01ca), (32,0x01ca), (32,0x01ca), ((136, 0x0166)||(32,0x01ca)).\n");
- ndpi_int_aimini_add_connection(ndpi_struct, flow);
- return;
- }
-
- /* sixth packet chronology (len, value): (16, 0x010c), (16, 0x010c), (16, 0x010c), (16, 0x010c) */
-
- if (flow->l4.udp.aimini_stage == 16 && packet->payload_packet_len == 16
- && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c) {
- flow->l4.udp.aimini_stage = 17;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 17\n");
- return;
- }
- if (flow->l4.udp.aimini_stage == 17
- && (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)) {
- flow->l4.udp.aimini_stage = 18;
- NDPI_LOG_DBG2(ndpi_struct, "stage = 18\n");
- return;
- }
- if (flow->l4.udp.aimini_stage == 18
- && (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)) {
- NDPI_LOG_INFO(ndpi_struct,
- "found aimini (16, 0x010c), (16, 0x010c), (16, 0x010c), (16, 0x010c).\n");
- ndpi_int_aimini_add_connection(ndpi_struct, flow);
- return;
- }
- }
-
- if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP) {
- if (flow->http.method == NDPI_HTTP_METHOD_GET)
- {
- if ((LINE_STARTS(packet->http_url_name, "/download/") == 1 ||
- LINE_STARTS(packet->http_url_name, "/player/") == 1 ||
- LINE_STARTS(packet->http_url_name, "/webcounter/") == 1 ||
- LINE_STARTS(packet->http_url_name, "/play/") == 1 ||
- LINE_STARTS(packet->http_url_name, "/search/") == 1 ||
- LINE_STARTS(packet->http_url_name, "/member/") == 1) &&
- (LINE_ENDS(packet->host_line, ".aimini.net") == 1 ||
- LINE_ENDS(packet->host_line, ".aimini.com") == 1))
- {
- NDPI_LOG_INFO(ndpi_struct, "found AIMINI HTTP traffic\n");
- ndpi_int_aimini_add_connection(ndpi_struct, flow);
- return;
- }
- } else if (flow->http.method == NDPI_HTTP_METHOD_POST)
- {
- if ((LINE_STARTS(packet->http_url_name, "/upload/") == 1 ||
- LINE_STARTS(packet->http_url_name, "/member/") == 1) &&
- (LINE_ENDS(packet->host_line, ".aimini.net") == 1 ||
- LINE_ENDS(packet->host_line, ".aimini.com") == 1))
- {
- NDPI_LOG_INFO(ndpi_struct, "found AIMINI HTTP traffic\n");
- ndpi_int_aimini_add_connection(ndpi_struct, flow);
- return;
- }
- }
- }
-
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-
-}
-
-
-void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
- ndpi_set_bitmask_protocol_detection("Aimini", ndpi_struct, *id,
- NDPI_PROTOCOL_AIMINI,
- ndpi_search_aimini,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
diff --git a/src/lib/protocols/applejuice.c b/src/lib/protocols/applejuice.c
deleted file mode 100644
index a8d2e810c..000000000
--- a/src/lib/protocols/applejuice.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * applejuice.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLEJUICE
-
-#include "ndpi_api.h"
-
-
-static void ndpi_int_applejuice_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLEJUICE, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-}
-
-void ndpi_search_applejuice_tcp(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- NDPI_LOG_DBG(ndpi_struct, "search applejuice\n");
-
- if ((packet->payload_packet_len > 7) && (packet->payload[6] == 0x0d)
- && (packet->payload[7] == 0x0a)
- && (memcmp(packet->payload, "ajprot", 6) == 0)) {
- NDPI_LOG_INFO(ndpi_struct, "found applejuice\n");
- ndpi_int_applejuice_add_connection(ndpi_struct, flow);
- return;
- }
-
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-}
-
-
-void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
- ndpi_set_bitmask_protocol_detection("AppleJuice", ndpi_struct, *id,
- NDPI_PROTOCOL_APPLEJUICE,
- ndpi_search_applejuice_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c
deleted file mode 100644
index 43b0c84c9..000000000
--- a/src/lib/protocols/ayiya.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * ayiya.c
- *
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-/*
- http://en.wikipedia.org/wiki/Anything_In_Anything
- http://tools.ietf.org/html/rfc4891
-*/
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AYIYA
-
-#include "ndpi_api.h"
-
-struct ayiya {
- u_int8_t flags[3];
- u_int8_t next_header;
- u_int32_t epoch;
- u_int8_t identity[16];
- u_int8_t signature[20];
-};
-
-void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- NDPI_LOG_DBG(ndpi_struct, "search AYIYA\n");
-
- if(packet->udp && (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) {
- /* Ayiya is udp based, port 5072 */
- u_int16_t port_to_match = htons(5072);
-
- if ((packet->udp->source == port_to_match || packet->udp->dest == port_to_match)
- /* check for ayiya new packet */
- && (packet->payload_packet_len > 44)
- ) {
- /* FINISH */
- struct ayiya *a = (struct ayiya*)packet->payload;
- u_int32_t epoch = ntohl(a->epoch), now;
- u_int32_t fiveyears = 86400 * 365 * 5;
-
- now = packet->current_time_ms;
-
- if((epoch >= (now - fiveyears)) && (epoch <= (now+86400 /* 1 day */))) {
- NDPI_LOG_INFO(ndpi_struct, "found AYIYA\n");
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AYIYA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
- }
-
- return;
- }
-
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
- }
-}
-
-
-void init_ayiya_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
- ndpi_set_bitmask_protocol_detection("Ayiya", ndpi_struct, *id,
- NDPI_PROTOCOL_AYIYA,
- ndpi_search_ayiya,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c
deleted file mode 100644
index 01caf79ff..000000000
--- a/src/lib/protocols/directconnect.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * directconnect.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECTCONNECT
-
-#include "ndpi_api.h"
-
-
-//#define NDPI_DEBUG_DIRECTCONNECT
-//#define NDPI_DIRECTCONNECT_PORT_DEBUG
-//#define NDPI_DEBUG_DIRECTCONNECT_CONN
-
-
-#define DIRECT_CONNECT_TYPE_HUB 0
-#define DIRECT_CONNECT_TYPE_PEER 1
-#define DIRECT_CONNECT_ADC_PEER 2
-
-static u_int32_t skip_unknown_headers(const u_int8_t * payload, u_int32_t payload_len, u_int32_t pos)
-{
- u_int32_t i = pos;
- while (i < payload_len && payload[i] != 0x0a)
- i++;
-
- i++;
- return i;
-
-}
-
-static u_int16_t parse_binf_message(struct ndpi_detection_module_struct
- *ndpi_struct, const u_int8_t * payload, uint32_t payload_len)
-{
- u_int32_t i = 4;
- u_int16_t bytes_read = 0;
- u_int16_t ssl_port = 0;
- while (i < payload_len) {
- i = skip_unknown_headers(payload, payload_len, i);
- if((i + 30) < payload_len) {
- if(memcmp(&payload[i], "DCTM", 4) == 0) {
- if(memcmp(&payload[i + 15], "ADCS", 4) == 0) {
- ssl_port = ntohs_ndpi_bytestream_to_number(&payload[i + 25], 5, &bytes_read);
- NDPI_LOG_DBG2(ndpi_struct, "DC ssl port parsed %d\n", ssl_port);
- }
- }
- } else {
- break;
- }
-
- }
- return ssl_port;
-}
-
-static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow,
- const u_int8_t connection_type)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-}
-
-static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow) {
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_DIRECTCONNECT) {
- if(packet->payload_packet_len >= 40 && memcmp(&packet->payload[0], "BINF", 4) == 0) {
- parse_binf_message(ndpi_struct,
- &packet->payload[4],
- packet->payload_packet_len - 4);
- }
-
- return;
-
- }
-
- if(flow->directconnect_stage == 0) {
-
- if(packet->payload_packet_len > 6) {
- if(packet->payload[0] == '$'
- && packet->payload[packet->payload_packet_len - 1] == '|'
- && (memcmp(&packet->payload[1], "Lock ", 5) == 0)) {
- NDPI_LOG_DBG2(ndpi_struct, "maybe first dc connect to hub detected\n");
- flow->directconnect_stage = 1;
- return;
- }
- if(packet->payload_packet_len > 7
- && packet->payload[0] == '$'
- && packet->payload[packet->payload_packet_len - 1] == '|'
- && (memcmp(&packet->payload[1], "MyNick ", 7) == 0)) {
- NDPI_LOG_DBG2(ndpi_struct, "maybe first dc connect between peers detected\n");
- flow->directconnect_stage = 2;
- return;
- }
-
- }
- if(packet->payload_packet_len >= 11) {
- /* did not see this pattern in any trace */
- if(memcmp(&packet->payload[0], "HSUP ADBAS0", 11) == 0
- || memcmp(&packet->payload[0], "HSUP ADBASE", 11) == 0) {
- NDPI_LOG_INFO(ndpi_struct, "found DC HSUP ADBAS0 E\n");
- ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_HUB);
- return;
- /* did not see this pattern in any trace */
- } else if(memcmp(&packet->payload[0], "CSUP ADBAS0", 11) == 0 ||
- memcmp(&packet->payload[0], "CSUP ADBASE", 11) == 0) {
- NDPI_LOG_INFO(ndpi_struct, "found DC CSUP ADBAS0 E\n");
- ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_ADC_PEER);
- return;
-
- }
-
- }
-
- } else if(flow->directconnect_stage == 1) {
- if(packet->payload_packet_len >= 11) {
- /* did not see this pattern in any trace */
- if(memcmp(&packet->payload[0], "HSUP ADBAS0", 11) == 0
- || memcmp(&packet->payload[0], "HSUP ADBASE", 11) == 0) {
- NDPI_LOG_INFO(ndpi_struct, "found DC HSUP ADBAS E in second packet\n");
- ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_HUB);
- return;
- /* did not see this pattern in any trace */
- } else if(memcmp(&packet->payload[0], "CSUP ADBAS0", 11) == 0 ||
- memcmp(&packet->payload[0], "CSUP ADBASE", 11) == 0) {
- NDPI_LOG_INFO(ndpi_struct, "found DC HSUP ADBAS0 E in second packet\n");
- ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_ADC_PEER);
- return;
-
- }
- }
- /* get client hello answer or server message */
- if(packet->payload_packet_len > 6) {
- if((packet->payload[0] == '$' || packet->payload[0] == '<')
- && packet->payload[packet->payload_packet_len - 1] == '|') {
- NDPI_LOG_INFO(ndpi_struct, "found DC second\n");
- ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_HUB);
- return;
- } else {
- NDPI_LOG_DBG2(ndpi_struct, "second dc not detected\n");
- }
-
- }
- } else if(flow->directconnect_stage == 2) {
- /* get client hello answer or server message */
- if(packet->payload_packet_len > 6) {
- if(packet->payload[0] == '$' && packet->payload[packet->payload_packet_len - 1] == '|') {
- NDPI_LOG_INFO(ndpi_struct, "found DC between peers\n");
- ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_PEER);
- return;
- } else {
- NDPI_LOG_DBG2(ndpi_struct, "second dc between peers not detected\n");
- }
- }
-
- }
-
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-
-}
-
-void ndpi_search_directconnect(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- NDPI_LOG_DBG(ndpi_struct, "search DC\n");
-
- if(packet->tcp != NULL) {
- ndpi_search_directconnect_tcp(ndpi_struct, flow);
- }
-}
-
-
-void init_directconnect_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
- ndpi_set_bitmask_protocol_detection("DirectConnect", ndpi_struct, *id,
- NDPI_PROTOCOL_DIRECTCONNECT,
- ndpi_search_directconnect,
- /* TODO: UDP?*/
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c
deleted file mode 100644
index 2821490b6..000000000
--- a/src/lib/protocols/directdownloadlink.c
+++ /dev/null
@@ -1,726 +0,0 @@
-/*
- * directdownloadlink.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK
-
-#include "ndpi_api.h"
-
-
-#ifdef NDPI_DEBUG_DIRECT_DOWNLOAD_LINK
-//#define NDPI_DEBUG_DIRECT_DOWNLOAD_LINK_NOTHING_FOUND
-//#define NDPI_DEBUG_DIRECT_DOWNLOAD_LINK_PACKET_TOO_SMALL
-#define NDPI_DEBUG_DIRECT_DOWNLOAD_LINK_IP
-#endif
-
-static void ndpi_int_direct_download_link_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-}
-
-
-
-/*
- return 0 if nothing has been detected
- return 1 if it is a megaupload packet
-*/
-u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
- u_int16_t filename_start = 0;
- u_int16_t i = 1;
- u_int16_t host_line_len_without_port;
-
- if (packet->payload_packet_len < 100) {
- NDPI_LOG_DBG2(ndpi_struct, "DDL: Packet too small\n");
- goto end_ddl_nothing_found;
- }
-
-
-
- if (memcmp(packet->payload, "POST ", 5) == 0) {
- filename_start = 5; // POST
- NDPI_LOG_DBG2(ndpi_struct, "DDL: POST FOUND\n");
- } else if (memcmp(packet->payload, "GET ", 4) == 0) {
- filename_start = 4; // GET
- NDPI_LOG_DBG2(ndpi_struct, "DDL: GET FOUND\n");
- } else {
- goto end_ddl_nothing_found;
- }
- // parse packet
- ndpi_parse_packet_line_info(ndpi_struct, flow);
-
- if (packet->host_line.ptr == NULL) {
- NDPI_LOG_DBG2(ndpi_struct, "DDL: NO HOST FOUND\n");
- goto end_ddl_nothing_found;
- }
-
- NDPI_LOG_DBG2(ndpi_struct, "DDL: Host: found\n");
-
- if (packet->line[0].len < 9 + filename_start
- || memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) != 0) {
- NDPI_LOG_DBG2(ndpi_struct, "DDL: PACKET NOT HTTP CONFORM.\nXXX%.*sXXX\n",
- 8, &packet->line[0].ptr[packet->line[0].len - 9]);
- goto end_ddl_nothing_found;
- }
- // BEGIN OF AUTOMATED CODE GENERATION
- // first see if we have ':port' at the end of the line
- host_line_len_without_port = packet->host_line.len;
- if (host_line_len_without_port >= i && packet->host_line.ptr[host_line_len_without_port - i] >= '0'
- && packet->host_line.ptr[packet->host_line.len - i] <= '9') {
- i = 2;
- while (host_line_len_without_port >= i && packet->host_line.ptr[host_line_len_without_port - i] >= '0'
- && packet->host_line.ptr[host_line_len_without_port - i] <= '9') {
- NDPI_LOG_DBG2(ndpi_struct, "DDL: number found\n");
- i++;
- }
- if (host_line_len_without_port >= i && packet->host_line.ptr[host_line_len_without_port - i] == ':') {
- NDPI_LOG_DBG2(ndpi_struct, "DDL: ':' found\n");
- host_line_len_without_port = host_line_len_without_port - i;
- }
- }
- // then start automated code generation
-
- if (host_line_len_without_port >= 0 + 4
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 0 - 4], ".com", 4) == 0) {
- if (host_line_len_without_port >= 4 + 1 && packet->host_line.ptr[host_line_len_without_port - 4 - 1] == 'd') {
- if (host_line_len_without_port >= 5 + 6 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 6], "4share", 6) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 6 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 6 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 5 + 8 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 8], "fileclou", 8) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 8 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 8 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 5 + 5
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 5], "uploa", 5) == 0) {
- if (host_line_len_without_port >= 10 + 6 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 10 - 6], "files-", 6) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 10 - 6 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 10 - 6 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 10 + 4 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 10 - 4], "mega", 4) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 10 - 4 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 10 - 4 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 10 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 10 - 5], "rapid", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 10 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 10 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 10 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 10 - 5], "turbo", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 10 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 10 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 4 + 1 && packet->host_line.ptr[host_line_len_without_port - 4 - 1] == 'o') {
- if (host_line_len_without_port >= 5 + 6 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 6], "badong", 6) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 6 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 6 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 5 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 5], "fileh", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 4 + 1 && packet->host_line.ptr[host_line_len_without_port - 4 - 1] == 'g') {
- if (host_line_len_without_port >= 5 + 2
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 2], "in", 2) == 0) {
- if (host_line_len_without_port >= 7 + 4
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 7 - 4], "shar", 4) == 0) {
- if (host_line_len_without_port >= 11 + 4 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 11 - 4], "best", 4) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 11 - 4 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 11 - 4 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 11 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 11 - 5], "quick", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 11 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 11 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 7 + 6 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 7 - 6], "upload", 6) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 7 - 6 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 7 - 6 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 5 + 7 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 7], "sharebi", 7) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 7 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 7 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 4 + 8 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 4 - 8], "bigfilez", 8) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 4 - 8 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 4 - 8 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 4 + 1 && packet->host_line.ptr[host_line_len_without_port - 4 - 1] == 'e') {
- if (host_line_len_without_port >= 5 + 3
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 3], "fil", 3) == 0) {
- if (host_line_len_without_port >= 8 + 2
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 8 - 2], "mo", 2) == 0) {
- if (host_line_len_without_port >= 10 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 10 - 5], "china", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 10 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 10 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 8 + 2 + 1
- && (packet->host_line.ptr[host_line_len_without_port - 8 - 2 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 8 - 2 - 1] == '.')) {
- goto end_ddl_found;
- }
- }
- if (host_line_len_without_port >= 8 + 3 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 8 - 3], "hot", 3) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 8 - 3 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 8 - 3 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 8 + 6 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 8 - 6], "keepmy", 6) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 8 - 6 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 8 - 6 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 8 + 1
- && packet->host_line.ptr[host_line_len_without_port - 8 - 1] == 'e') {
- if (host_line_len_without_port >= 9 + 3 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 9 - 3], "sav", 3) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 9 - 3 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 9 - 3 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 9 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 9 - 5], "sendm", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 9 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 9 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 8 + 8 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 8 - 8], "sharebig", 8) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 8 - 8 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 8 - 8 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 8 + 3 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 8 - 3], "up-", 3) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 8 - 3 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 8 - 3 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 5 + 1 && packet->host_line.ptr[host_line_len_without_port - 5 - 1] == 'r') {
- if (host_line_len_without_port >= 6 + 3
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 6 - 3], "sha", 3) == 0) {
- if (host_line_len_without_port >= 9 + 1
- && packet->host_line.ptr[host_line_len_without_port - 9 - 1] == '-') {
- if (host_line_len_without_port >= 10 + 4 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 10 - 4], "easy",
- 4) == 0 && (packet->host_line.ptr[host_line_len_without_port - 10 - 4 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 10 - 4 - 1] ==
- '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 10 + 4 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 10 - 4], "fast",
- 4) == 0 && (packet->host_line.ptr[host_line_len_without_port - 10 - 4 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 10 - 4 - 1] ==
- '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 10 + 4 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 10 - 4], "live",
- 4) == 0 && (packet->host_line.ptr[host_line_len_without_port - 10 - 4 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 10 - 4 - 1] ==
- '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 9 + 4 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 9 - 4], "ftp2", 4) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 9 - 4 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 9 - 4 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 9 + 4 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 9 - 4], "gige", 4) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 9 - 4 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 9 - 4 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 9 + 4 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 9 - 4], "mega", 4) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 9 - 4 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 9 - 4 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 9 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 9 - 5], "rapid", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 9 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 9 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 6 + 7 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 6 - 7], "mediafi", 7) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 6 - 7 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 6 - 7 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 5 + 7 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 7], "gigasiz", 7) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 7 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 7 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 5 + 8 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 8], "sendspac", 8) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 8 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 8 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 5 + 7 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 7], "sharebe", 7) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 7 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 7 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 5 + 11 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 11], "sharebigfli", 11) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 11 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 11 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 5 + 8 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 8], "fileserv", 8) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 8 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 8 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 4 + 1 && packet->host_line.ptr[host_line_len_without_port - 4 - 1] == 's') {
- if (host_line_len_without_port >= 5 + 1 && packet->host_line.ptr[host_line_len_without_port - 5 - 1] == 'e') {
- if (host_line_len_without_port >= 6 + 10 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 6 - 10], "depositfil",
- 10) == 0 && (packet->host_line.ptr[host_line_len_without_port - 6 - 10 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 6 - 10 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 6 + 8 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 6 - 8], "megashar", 8) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 6 - 8 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 6 - 8 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 5 + 10 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 10], "fileupyour", 10) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 10 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 10 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 4 + 11 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 4 - 11], "filefactory", 11) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 4 - 11 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 4 - 11 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 4 + 1 && packet->host_line.ptr[host_line_len_without_port - 4 - 1] == 't') {
- if (host_line_len_without_port >= 5 + 8 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 8], "filefron", 8) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 8 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 8 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 5 + 10 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 10], "uploadingi", 10) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 10 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 10 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 5 + 11 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 11], "yourfilehos", 11) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 11 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 11 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 4 + 1 && packet->host_line.ptr[host_line_len_without_port - 4 - 1] == 'r') {
- if (host_line_len_without_port >= 5 + 8 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 8], "mytempdi", 8) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 8 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 8 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 5 + 10 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 10], "uploadpowe", 10) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 10 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 10 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 4 + 9 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 4 - 9], "mega.1280", 9) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 4 - 9 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 4 - 9 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 4 + 9 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 4 - 9], "filesonic", 9) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 4 - 9 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 4 - 9 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 0 + 4
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 0 - 4], ".net", 4) == 0) {
- if (host_line_len_without_port >= 4 + 7 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 4 - 7], "badongo", 7) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 4 - 7 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 4 - 7 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 4 + 1 && packet->host_line.ptr[host_line_len_without_port - 4 - 1] == 'd') {
- if (host_line_len_without_port >= 5 + 3
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 3], "loa", 3) == 0) {
- if (host_line_len_without_port >= 8 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 8 - 5], "fast-", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 8 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 8 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 8 + 2
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 8 - 2], "up", 2) == 0) {
- if (host_line_len_without_port >= 10 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 10 - 5], "file-", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 10 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 10 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 10 + 6 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 10 - 6], "simple",
- 6) == 0 && (packet->host_line.ptr[host_line_len_without_port - 10 - 6 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 10 - 6 - 1] ==
- '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 10 + 3 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 10 - 3], "wii", 3) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 10 - 3 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 10 - 3 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 5 + 7 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 7], "filesen", 7) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 7 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 7 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 4 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 4 - 5], "filer", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 4 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 4 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 4 + 9 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 4 - 9], "livedepot", 9) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 4 - 9 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 4 - 9 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 4 + 1 && packet->host_line.ptr[host_line_len_without_port - 4 - 1] == 'e') {
- if (host_line_len_without_port >= 5 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 5], "mofil", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 5 + 17 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 17], "odsiebie.najlepsz",
- 17) == 0 && (packet->host_line.ptr[host_line_len_without_port - 5 - 17 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 17 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 5 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 5 - 5], "zshar", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 5 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 5 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 0 + 1 && packet->host_line.ptr[host_line_len_without_port - 0 - 1] == 'u') {
- if (host_line_len_without_port >= 1 + 6 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 1 - 6], "data.h", 6) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 1 - 6 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 1 - 6 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 1 + 2
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 1 - 2], ".r", 2) == 0) {
- if (host_line_len_without_port >= 3 + 10 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 3 - 10], "filearchiv", 10) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 3 - 10 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 3 - 10 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 3 + 8 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 3 - 8], "filepost", 8) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 3 - 8 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 3 - 8 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 3 + 7 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 3 - 7], "ifolder", 7) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 3 - 7 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 3 - 7 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 0 + 11 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 0 - 11], "filehost.tv", 11) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 0 - 11 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 0 - 11 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 0 + 3
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 0 - 3], ".to", 3) == 0) {
- if (host_line_len_without_port >= 3 + 1 && packet->host_line.ptr[host_line_len_without_port - 3 - 1] == 'e') {
- if (host_line_len_without_port >= 4 + 7 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 4 - 7], "filesaf", 7) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 4 - 7 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 4 - 7 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 4 + 8 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 4 - 8], "sharebas", 8) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 4 - 8 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 4 - 8 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 3 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 3 - 5], "files", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 3 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 3 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 3 + 1 && packet->host_line.ptr[host_line_len_without_port - 3 - 1] == 'd') {
- if (host_line_len_without_port >= 4 + 3
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 4 - 3], "loa", 3) == 0) {
- if (host_line_len_without_port >= 7 + 7 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 7 - 7], "file-up", 7) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 7 - 7 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 7 - 7 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 4 + 3 + 1
- && (packet->host_line.ptr[host_line_len_without_port - 4 - 3 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 4 - 3 - 1] == '.')) {
- goto end_ddl_found;
- }
- }
- if (host_line_len_without_port >= 4 + 7 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 4 - 7], "uploade", 7) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 4 - 7 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 4 - 7 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 0 + 1 && packet->host_line.ptr[host_line_len_without_port - 0 - 1] == 'z') {
- if (host_line_len_without_port >= 1 + 14 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 1 - 14], "leteckaposta.c", 14) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 1 - 14 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 1 - 14 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 1 + 12 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 1 - 12], "yourfiles.bi", 12) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 1 - 12 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 1 - 12 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 0 + 1 && packet->host_line.ptr[host_line_len_without_port - 0 - 1] == 'n') {
- if (host_line_len_without_port >= 1 + 9 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 1 - 9], "netload.i", 9) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 1 - 9 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 1 - 9 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 1 + 2
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 1 - 2], ".v", 2) == 0) {
- if (host_line_len_without_port >= 3 + 7 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 3 - 7], "4shared", 7) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 3 - 7 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 3 - 7 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 3 + 9 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 3 - 9], "megashare", 9) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 3 - 9 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 3 - 9 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 0 + 3
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 0 - 3], ".de", 3) == 0) {
- if (host_line_len_without_port >= 3 + 5
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 3 - 5], "share", 5) == 0) {
- if (host_line_len_without_port >= 8 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 8 - 5], "rapid", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 8 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 8 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- if (host_line_len_without_port >= 8 + 5 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 8 - 5], "ultra", 5) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 8 - 5 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 8 - 5 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 3 + 15 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 3 - 15], "uploadyourfiles", 15) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 3 - 15 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 3 - 15 - 1] == '.')) {
- goto end_ddl_found;
- }
- goto end_ddl_nothing_found;
- }
- if (host_line_len_without_port >= 0 + 14 + 1
- && memcmp((void *) &packet->host_line.ptr[host_line_len_without_port - 0 - 14], "speedshare.org", 14) == 0
- && (packet->host_line.ptr[host_line_len_without_port - 0 - 14 - 1] == ' '
- || packet->host_line.ptr[host_line_len_without_port - 0 - 14 - 1] == '.')) {
- goto end_ddl_found;
- }
- // END OF AUTOMATED CODE GENERATION
-
- /* This is the hard way. We do this in order to find the download of services when other
- domains are involved. This is not significant if ddl is blocked. --> then the link can not be started because
- the ads are not viewed. But when ddl is only limited then the download is the important part.
- */
-
- end_ddl_nothing_found:
- NDPI_LOG_DBG2(ndpi_struct,
- "Nothing Found\n");
- return 0;
-
- end_ddl_found:
- NDPI_LOG_INFO(ndpi_struct, "found DIRECT DOWNLOAD LINK\n");
- ndpi_int_direct_download_link_add_connection(ndpi_struct, flow);
- return 1;
-}
-
-
-void ndpi_search_direct_download_link_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- /* do not detect again if it is already ddl */
- if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) {
- if (search_ddl_domains(ndpi_struct, flow) != 0) {
- return;
- }
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
- }
-
-}
-
-void init_directdownloadlink_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
- ndpi_set_bitmask_protocol_detection("Direct_Download_Link", ndpi_struct, *id,
- NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK,
- ndpi_search_direct_download_link_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
-
diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c
deleted file mode 100644
index 88693967a..000000000
--- a/src/lib/protocols/fasttrack.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * fasttrack.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FASTTRACK
-
-#include "ndpi_api.h"
-
-
-static void ndpi_int_fasttrack_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FASTTRACK, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-}
-
-
-void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- NDPI_LOG_DBG(ndpi_struct, "search FASTTRACK\n");
-
- if ( (packet->payload != NULL)
- && (packet->payload_packet_len > 6)
- && (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a)) {
- NDPI_LOG_DBG2(ndpi_struct, "detected 0d0a at the end of the packet\n");
-
- if (memcmp(packet->payload, "GIVE ", 5) == 0 && packet->payload_packet_len >= 8) {
- u_int16_t i;
- for (i = 5; i < (packet->payload_packet_len - 2); i++) {
- // make shure that the argument to GIVE is numeric
- if (!(packet->payload[i] >= '0' && packet->payload[i] <= '9')) {
- goto exclude_fasttrack;
- }
- }
-
- NDPI_LOG_INFO(ndpi_struct, "found FASTTRACK\n");
- ndpi_int_fasttrack_add_connection(ndpi_struct, flow);
- return;
- }
-
- if (packet->payload_packet_len > 50 && memcmp(packet->payload, "GET /", 5) == 0) {
- u_int16_t a = 0;
- NDPI_LOG_DBG2(ndpi_struct, "detected GET /. \n");
-
- ndpi_parse_packet_line_info(ndpi_struct, flow);
- for (a = 0; a < packet->parsed_lines; a++) {
- if ((packet->line[a].len > 17 && memcmp(packet->line[a].ptr, "X-Kazaa-Username: ", 18) == 0)
- || (packet->line[a].len > 23 && memcmp(packet->line[a].ptr, "User-Agent: PeerEnabler/", 24) == 0)) {
- NDPI_LOG_INFO(ndpi_struct,
- "found FASTTRACK X-Kazaa-Username: || User-Agent: PeerEnabler/\n");
- ndpi_int_fasttrack_add_connection(ndpi_struct, flow);
- return;
- }
- }
- }
- }
-
- exclude_fasttrack:
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-}
-
-
-void init_fasttrack_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
- ndpi_set_bitmask_protocol_detection("FastTrack", ndpi_struct, *id,
- NDPI_PROTOCOL_FASTTRACK,
- ndpi_search_fasttrack_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
diff --git a/src/lib/protocols/fiesta.c b/src/lib/protocols/fiesta.c
deleted file mode 100644
index 40e813bf1..000000000
--- a/src/lib/protocols/fiesta.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * fiesta.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FIESTA
-
-#include "ndpi_api.h"
-
-
-static void ndpi_int_fiesta_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIESTA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-}
-
-void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- NDPI_LOG_DBG(ndpi_struct, "search fiesta\n");
-
- if (flow->l4.tcp.fiesta_stage == 0 && packet->payload_packet_len == 5
- && get_u_int16_t(packet->payload, 0) == ntohs(0x0407)
- && (packet->payload[2] == 0x08)
- && (packet->payload[4] == 0x00 || packet->payload[4] == 0x01)) {
-
- NDPI_LOG_DBG2(ndpi_struct, "maybe fiesta symmetric, first packet\n");
- flow->l4.tcp.fiesta_stage = 1 + packet->packet_direction;
- goto maybe_fiesta;
- }
- if (flow->l4.tcp.fiesta_stage == (2 - packet->packet_direction)
- && ((packet->payload_packet_len > 1 && packet->payload_packet_len - 1 == packet->payload[0])
- || (packet->payload_packet_len > 3 && packet->payload[0] == 0
- && get_l16(packet->payload, 1) == packet->payload_packet_len - 3))) {
- NDPI_LOG_DBG2(ndpi_struct, "Maybe fiesta\n");
- goto maybe_fiesta;
- }
- if (flow->l4.tcp.fiesta_stage == (1 + packet->packet_direction)) {
- if (packet->payload_packet_len == 4 && get_u_int32_t(packet->payload, 0) == htonl(0x03050c01)) {
- goto add_fiesta;
- }
- if (packet->payload_packet_len == 5 && get_u_int32_t(packet->payload, 0) == htonl(0x04030c01)
- && packet->payload[4] == 0) {
- goto add_fiesta;
- }
- if (packet->payload_packet_len == 6 && get_u_int32_t(packet->payload, 0) == htonl(0x050e080b)) {
- goto add_fiesta;
- }
- if (packet->payload_packet_len == 100 && packet->payload[0] == 0x63 && packet->payload[61] == 0x52
- && packet->payload[81] == 0x5a && get_u_int16_t(packet->payload, 1) == htons(0x3810)
- && get_u_int16_t(packet->payload, 62) == htons(0x6f75)) {
- goto add_fiesta;
- }
- if (packet->payload_packet_len > 3 && packet->payload_packet_len - 1 == packet->payload[0]
- && get_u_int16_t(packet->payload, 1) == htons(0x140c)) {
- goto add_fiesta;
- }
- }
-
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
- return;
-
- maybe_fiesta:
- NDPI_LOG_DBG2(ndpi_struct, "Stage is set to %d\n", flow->l4.tcp.fiesta_stage);
- return;
-
- add_fiesta:
- NDPI_LOG_INFO(ndpi_struct, "found fiesta\n");
- ndpi_int_fiesta_add_connection(ndpi_struct, flow);
- return;
-}
-
-
-void init_fiesta_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
- ndpi_set_bitmask_protocol_detection("Fiesta", ndpi_struct, *id,
- NDPI_PROTOCOL_FIESTA,
- ndpi_search_fiesta,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
diff --git a/src/lib/protocols/florensia.c b/src/lib/protocols/florensia.c
deleted file mode 100644
index 13bbe7d4d..000000000
--- a/src/lib/protocols/florensia.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * florensia.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FLORENSIA
-
-#include "ndpi_api.h"
-
-
-static void ndpi_florensia_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FLORENSIA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-}
-
-void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- NDPI_LOG_DBG(ndpi_struct, "search florensia\n");
-
- if (packet->tcp != NULL) {
- if (packet->payload_packet_len == 5 && get_l16(packet->payload, 0) == packet->payload_packet_len
- && packet->payload[2] == 0x65 && packet->payload[4] == 0xff) {
- if (flow->florensia_stage == 1) {
- NDPI_LOG_INFO(ndpi_struct, "found florensia\n");
- ndpi_florensia_add_connection(ndpi_struct, flow);
- return;
- }
- NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n");
- flow->florensia_stage = 1;
- return;
- }
- if (packet->payload_packet_len > 8 && get_l16(packet->payload, 0) == packet->payload_packet_len
- && get_u_int16_t(packet->payload, 2) == htons(0x0201) && get_u_int32_t(packet->payload, 4) == htonl(0xFFFFFFFF)) {
- NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n");
- flow->florensia_stage = 1;
- return;
- }
- if (packet->payload_packet_len == 406 && get_l16(packet->payload, 0) == packet->payload_packet_len
- && packet->payload[2] == 0x63) {
- NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n");
- flow->florensia_stage = 1;
- return;
- }
- if (packet->payload_packet_len == 12 && get_l16(packet->payload, 0) == packet->payload_packet_len
- && get_u_int16_t(packet->payload, 2) == htons(0x0301)) {
- if (flow->florensia_stage == 1) {
- NDPI_LOG_INFO(ndpi_struct, "found florensia\n");
- ndpi_florensia_add_connection(ndpi_struct, flow);
- return;
- }
- NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n");
- flow->florensia_stage = 1;
- return;
- }
-
- if (flow->florensia_stage == 1) {
- if (packet->payload_packet_len == 8 && get_l16(packet->payload, 0) == packet->payload_packet_len
- && get_u_int16_t(packet->payload, 2) == htons(0x0302) && get_u_int32_t(packet->payload, 4) == htonl(0xFFFFFFFF)) {
- NDPI_LOG_INFO(ndpi_struct, "found florensia asymmetrically\n");
- ndpi_florensia_add_connection(ndpi_struct, flow);
- return;
- }
- if (packet->payload_packet_len == 24 && get_l16(packet->payload, 0) == packet->payload_packet_len
- && get_u_int16_t(packet->payload, 2) == htons(0x0202)
- && get_u_int32_t(packet->payload, packet->payload_packet_len - 4) == htonl(0xFFFFFFFF)) {
- NDPI_LOG_INFO(ndpi_struct, "found florensia\n");
- ndpi_florensia_add_connection(ndpi_struct, flow);
- return;
- }
- if (flow->packet_counter < 10 && packet->payload_packet_len >=2 &&
- get_l16(packet->payload, 0) == packet->payload_packet_len) {
- NDPI_LOG_DBG2(ndpi_struct, "maybe florensia\n");
- return;
- }
- }
- }
-
- if (packet->udp != NULL) {
- if (flow->florensia_stage == 0 && packet->payload_packet_len == 6
- && get_u_int16_t(packet->payload, 0) == ntohs(0x0503) && get_u_int32_t(packet->payload, 2) == htonl(0xFFFF0000)) {
- NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n");
- flow->florensia_stage = 1;
- return;
- }
- if (flow->florensia_stage == 1 && packet->payload_packet_len == 8
- && get_u_int16_t(packet->payload, 0) == ntohs(0x0500) && get_u_int16_t(packet->payload, 4) == htons(0x4191)) {
- NDPI_LOG_INFO(ndpi_struct, "found florensia\n");
- ndpi_florensia_add_connection(ndpi_struct, flow);
- return;
- }
- }
-
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-}
-
-
-void init_florensia_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
- ndpi_set_bitmask_protocol_detection("Florensia", ndpi_struct, *id,
- NDPI_PROTOCOL_FLORENSIA,
- ndpi_search_florensia,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
diff --git a/src/lib/protocols/openft.c b/src/lib/protocols/openft.c
deleted file mode 100644
index c9bfd4ea8..000000000
--- a/src/lib/protocols/openft.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * openft.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENFT
-
-#include "ndpi_api.h"
-
-static void ndpi_int_openft_add_connection(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OPENFT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-}
-
-void ndpi_search_openft_tcp(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- if (packet->payload_packet_len > 5 && memcmp(packet->payload, "GET /", 5) == 0) {
- NDPI_LOG_DBG2(ndpi_struct, "HTTP packet detected\n");
- ndpi_parse_packet_line_info(ndpi_struct, flow);
- if (packet->parsed_lines >= 2
- && packet->line[1].len > 13 && memcmp(packet->line[1].ptr, "X-OpenftAlias:", 14) == 0) {
- NDPI_LOG_INFO(ndpi_struct, "found OpenFT\n");
- ndpi_int_openft_add_connection(ndpi_struct, flow);
- return;
- }
- }
-
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-}
-
-
-void init_openft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
- ndpi_set_bitmask_protocol_detection("OpenFT", ndpi_struct, *id,
- NDPI_PROTOCOL_OPENFT,
- ndpi_search_openft_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c
index d54a994af..a1c68e404 100644
--- a/src/lib/protocols/ppstream.c
+++ b/src/lib/protocols/ppstream.c
@@ -228,7 +228,7 @@ void init_ppstream_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
ndpi_set_bitmask_protocol_detection("PPStream", ndpi_struct, *id,
NDPI_PROTOCOL_PPSTREAM,
ndpi_search_ppstream,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);
diff --git a/src/lib/protocols/shoutcast.c b/src/lib/protocols/shoutcast.c
deleted file mode 100644
index 155e2cea7..000000000
--- a/src/lib/protocols/shoutcast.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * shoutcast.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SHOUTCAST
-
-#include "ndpi_api.h"
-
-static void ndpi_int_shoutcast_add_connection(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SHOUTCAST, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-}
-
-void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
-
- NDPI_LOG_DBG(ndpi_struct, "search shoutcast\n");
-
- if (flow->packet_counter == 1) {
-/* this case in paul_upload_oddcast_002.pcap */
- if (packet->payload_packet_len >= 6
- && packet->payload_packet_len < 80 && memcmp(packet->payload, "123456", 6) == 0) {
- NDPI_LOG_DBG2(ndpi_struct, "Shoutcast stage 1, \"123456\"\n");
- return;
- }
- if (flow->packet_counter < 3
- && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP
- ) {
- NDPI_LOG_DBG2(ndpi_struct,
- "http detected, need next packet for shoutcast detection.\n");
- if (packet->payload_packet_len > 4
- && get_u_int32_t(packet->payload, packet->payload_packet_len - 4) != htonl(0x0d0a0d0a)) {
- NDPI_LOG_DBG2(ndpi_struct, "segmented packet found\n");
- flow->l4.tcp.shoutcast_stage = 1 + packet->packet_direction;
- }
- return;
- }
-
-
- /* else
- goto exclude_shoutcast; */
-
- }
- /* evtl. für asym detection noch User-Agent:Winamp dazunehmen. */
- if (packet->payload_packet_len > 11 && memcmp(packet->payload, "ICY 200 OK\x0d\x0a", 12) == 0) {
- NDPI_LOG_INFO(ndpi_struct, "found shoutcast by ICY 200 OK\n");
- ndpi_int_shoutcast_add_connection(ndpi_struct, flow);
- return;
- }
- if (flow->l4.tcp.shoutcast_stage == 1 + packet->packet_direction
- && flow->packet_direction_counter[packet->packet_direction] < 5) {
- return;
- }
-
- if (flow->packet_counter == 2) {
- if (packet->payload_packet_len == 2 && memcmp(packet->payload, "\x0d\x0a", 2) == 0) {
- NDPI_LOG_DBG2(ndpi_struct, "Shoutcast stage 1 continuation\n");
- return;
- } else if (packet->payload_packet_len > 3 && memcmp(&packet->payload[0], "OK2", 3) == 0) {
- NDPI_LOG_DBG2(ndpi_struct, "Shoutcast stage 2, OK2 found\n");
- return;
- } else
- goto exclude_shoutcast;
- } else if (flow->packet_counter == 3 || flow->packet_counter == 4) {
- if (packet->payload_packet_len > 3 && memcmp(&packet->payload[0], "OK2", 3) == 0) {
- NDPI_LOG_DBG2(ndpi_struct, "Shoutcast stage 2, OK2 found\n");
- return;
- } else if (packet->payload_packet_len > 4 && memcmp(&packet->payload[0], "icy-", 4) == 0) {
- NDPI_LOG_INFO(ndpi_struct, "found Shoutcast\n");
- ndpi_int_shoutcast_add_connection(ndpi_struct, flow);
- return;
- } else
- goto exclude_shoutcast;
- }
-
- exclude_shoutcast:
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-}
-
-
-void init_shoutcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
- ndpi_set_bitmask_protocol_detection("ShoutCast", ndpi_struct, *id,
- NDPI_PROTOCOL_SHOUTCAST,
- ndpi_search_shoutcast_tcp,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
-
diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c
deleted file mode 100644
index b903538cc..000000000
--- a/src/lib/protocols/sopcast.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * sopcast.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOPCAST
-
-#include "ndpi_api.h"
-
-
-static void ndpi_int_sopcast_add_connection(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOPCAST, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-}
-
-/**
- * this function checks for sopcast tcp pattern
- *
- * NOTE: if you add more patterns please keep the number of if levels
- * low, it is already complex enough
- */
-
-#if !defined(WIN32)
-static inline
-#elif defined(MINGW_GCC)
-__mingw_forceinline static
-#else
-__forceinline static
-#endif
-u_int8_t ndpi_int_is_sopcast_tcp(const u_int8_t * payload, const u_int16_t payload_len)
-{
- if (payload[2] != payload[3] - 4 && payload[2] != payload[3] + 4)
- return 0;
-
- if (payload[2] != payload[4] - 1 && payload[2] != payload[4] + 1)
- return 0;
-
- if (payload[25] != payload[25 + 16 - 1] + 1 && payload[25] != payload[25 + 16 - 1] - 1) {
-
- if (payload[3] != payload[25] &&
- payload[3] != payload[25] - 4 && payload[3] != payload[25] + 4 && payload[3] != payload[25] - 21) {
- return 0;
- }
- }
-
- if (payload[4] != payload[28] ||
- payload[28] != payload[30] ||
- payload[30] != payload[31] ||
- get_u_int16_t(payload, 30) != get_u_int16_t(payload, 32) || get_u_int16_t(payload, 32) != get_u_int16_t(payload, 34)) {
-
- if ((payload[2] != payload[5] - 1 && payload[2] != payload[5] + 1) ||
- payload[2] != payload[25] ||
- payload[4] != payload[28] ||
- payload[4] != payload[31] ||
- payload[4] != payload[32] ||
- payload[4] != payload[33] ||
- payload[4] != payload[34] ||
- payload[4] != payload[35] || payload[4] != payload[30] || payload[2] != payload[36]) {
- return 0;
- }
- }
-
- if (payload[42] != payload[53])
- return 0;
-
- if (payload[45] != payload[46] + 1 && payload[45] != payload[46] - 1)
- return 0;
-
- if (payload[45] != payload[49] || payload[46] != payload[50] || payload[47] != payload[51])
- return 0;
-
- return 1;
-}
-
-static void ndpi_search_sopcast_tcp(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
-
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- if (flow->packet_counter == 1 && packet->payload_packet_len == 54 && get_u_int16_t(packet->payload, 0) == ntohs(0x0036)) {
- if (ndpi_int_is_sopcast_tcp(packet->payload, packet->payload_packet_len)) {
- NDPI_LOG_INFO(ndpi_struct, "found sopcast TCP \n");
- ndpi_int_sopcast_add_connection(ndpi_struct, flow);
- return;
- }
- }
-
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-
-}
-
-static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- NDPI_LOG_DBG(ndpi_struct, "search sopcast. \n");
-
- if (packet->payload_packet_len == 52 && packet->payload[0] == 0xff
- && packet->payload[1] == 0xff && packet->payload[2] == 0x01
- && packet->payload[8] == 0x02 && packet->payload[9] == 0xff
- && packet->payload[10] == 0x00 && packet->payload[11] == 0x2c
- && packet->payload[12] == 0x00 && packet->payload[13] == 0x00 && packet->payload[14] == 0x00) {
- NDPI_LOG_INFO(ndpi_struct, "found sopcast with if I. \n");
- ndpi_int_sopcast_add_connection(ndpi_struct, flow);
- return;
- }
- if ((packet->payload_packet_len == 80 || packet->payload_packet_len == 28 || packet->payload_packet_len == 94)
- && packet->payload[0] == 0x00 && (packet->payload[2] == 0x02 || packet->payload[2] == 0x01)
- && packet->payload[8] == 0x01 && packet->payload[9] == 0xff
- && packet->payload[10] == 0x00 && packet->payload[11] == 0x14
- && packet->payload[12] == 0x00 && packet->payload[13] == 0x00) {
- NDPI_LOG_INFO(ndpi_struct, "found sopcast with if II. \n");
- ndpi_int_sopcast_add_connection(ndpi_struct, flow);
- return;
- }
- /* this case has been seen once. Please remove this comment, if you see it another time */
- if (packet->payload_packet_len == 60 && packet->payload[0] == 0x00
- && packet->payload[2] == 0x01
- && packet->payload[8] == 0x03 && packet->payload[9] == 0xff
- && packet->payload[10] == 0x00 && packet->payload[11] == 0x34
- && packet->payload[12] == 0x00 && packet->payload[13] == 0x00 && packet->payload[14] == 0x00) {
- NDPI_LOG_INFO(ndpi_struct, "found sopcast with if III. \n");
- ndpi_int_sopcast_add_connection(ndpi_struct, flow);
- return;
- }
- if (packet->payload_packet_len == 42 && packet->payload[0] == 0x00
- && packet->payload[1] == 0x02 && packet->payload[2] == 0x01
- && packet->payload[3] == 0x07 && packet->payload[4] == 0x03
- && packet->payload[8] == 0x06
- && packet->payload[9] == 0x01 && packet->payload[10] == 0x00
- && packet->payload[11] == 0x22 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00) {
- NDPI_LOG_INFO(ndpi_struct, "found sopcast with if IV. \n");
- ndpi_int_sopcast_add_connection(ndpi_struct, flow);
- return;
- }
- if (packet->payload_packet_len == 28 && packet->payload[0] == 0x00
- && packet->payload[1] == 0x0c && packet->payload[2] == 0x01
- && packet->payload[3] == 0x07 && packet->payload[4] == 0x00
- && packet->payload[8] == 0x01
- && packet->payload[9] == 0x01 && packet->payload[10] == 0x00
- && packet->payload[11] == 0x14 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00) {
- NDPI_LOG_INFO(ndpi_struct, "found sopcast with if V. \n");
- ndpi_int_sopcast_add_connection(ndpi_struct, flow);
- return;
- }
- /* this case has been seen once. Please remove this comment, if you see it another time */
- if (packet->payload_packet_len == 286 && packet->payload[0] == 0x00
- && packet->payload[1] == 0x02 && packet->payload[2] == 0x01
- && packet->payload[3] == 0x07 && packet->payload[4] == 0x03
- && packet->payload[8] == 0x06
- && packet->payload[9] == 0x01 && packet->payload[10] == 0x01
- && packet->payload[11] == 0x16 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00) {
- NDPI_LOG_INFO(ndpi_struct, "found sopcast with if VI. \n");
- ndpi_int_sopcast_add_connection(ndpi_struct, flow);
- return;
- }
- if (packet->payload_packet_len == 76 && packet->payload[0] == 0xff
- && packet->payload[1] == 0xff && packet->payload[2] == 0x01
- && packet->payload[8] == 0x0c && packet->payload[9] == 0xff
- && packet->payload[10] == 0x00 && packet->payload[11] == 0x44
- && packet->payload[16] == 0x01 && packet->payload[15] == 0x01
- && packet->payload[12] == 0x00 && packet->payload[13] == 0x00 && packet->payload[14] == 0x00) {
- NDPI_LOG_INFO(ndpi_struct, "found sopcast with if VII. \n");
- ndpi_int_sopcast_add_connection(ndpi_struct, flow);
- return;
- }
-
- /* Attention please: no asymmetric detection necessary. This detection works asymmetrically as well. */
-
- NDPI_LOG_DBG(ndpi_struct, "exclude sopcast. \n");
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOPCAST);
-
-}
-
-void ndpi_search_sopcast(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- if (packet->udp != NULL)
- ndpi_search_sopcast_udp(ndpi_struct, flow);
- if (packet->tcp != NULL)
- ndpi_search_sopcast_tcp(ndpi_struct, flow);
-
-}
-
-
-void init_sopcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
- ndpi_set_bitmask_protocol_detection("Sopcast", ndpi_struct, *id,
- NDPI_PROTOCOL_SOPCAST,
- ndpi_search_sopcast,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
-
diff --git a/src/lib/protocols/stealthnet.c b/src/lib/protocols/stealthnet.c
deleted file mode 100644
index f4099e194..000000000
--- a/src/lib/protocols/stealthnet.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * stealthnet.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STEALTHNET
-
-#include "ndpi_api.h"
-
-
-static void ndpi_int_stealthnet_add_connection(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STEALTHNET, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-}
-
-void ndpi_search_stealthnet(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- NDPI_LOG_DBG(ndpi_struct, "search stealthnet\n");
-
- if (packet->payload_packet_len > 40
- && memcmp(packet->payload, "LARS REGENSBURGER'S FILE SHARING PROTOCOL", 41) == 0) {
- NDPI_LOG_INFO(ndpi_struct, "found stealthnet\n");
- ndpi_int_stealthnet_add_connection(ndpi_struct, flow);
- return;
- }
-
- NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-
-}
-
-
-void init_stealthnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
-
- ndpi_set_bitmask_protocol_detection("Stealthnet", ndpi_struct, *id,
- NDPI_PROTOCOL_STEALTHNET,
- ndpi_search_stealthnet,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
-
diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c
deleted file mode 100644
index 258e7750f..000000000
--- a/src/lib/protocols/thunder.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*
- * thunder.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-22 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_THUNDER
-
-#include "ndpi_api.h"
-
-
-static void ndpi_int_thunder_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
- struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */)
-{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_THUNDER, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-}
-
-
-
-#if !defined(WIN32)
-static inline
-#elif defined(MINGW_GCC)
-__mingw_forceinline static
-#else
-__forceinline static
-#endif
-void ndpi_int_search_thunder_udp(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- if (packet->payload_packet_len > 8 && packet->payload[0] >= 0x30
- && packet->payload[0] < 0x40 && packet->payload[1] == 0 && packet->payload[2] == 0 && packet->payload[3] == 0) {
- if (flow->thunder_stage == 3) {
- NDPI_LOG_INFO(ndpi_struct, "found THUNDER udp\n");
- ndpi_int_thunder_add_connection(ndpi_struct, flow);
- return;
- }
-
- flow->thunder_stage++;
- NDPI_LOG_DBG2(ndpi_struct,
- "maybe thunder udp packet detected, stage increased to %u\n", flow->thunder_stage);
- return;
- }
-
- NDPI_LOG_DBG(ndpi_struct, "excluding thunder udp at stage %u\n", flow->thunder_stage);
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_THUNDER);
-}
-
-
-#if !defined(WIN32)
-static inline
-#elif defined(MINGW_GCC)
-__mingw_forceinline static
-#else
-__forceinline static
-#endif
-void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- if (packet->payload_packet_len > 8 && packet->payload[0] >= 0x30
- && packet->payload[0] < 0x40 && packet->payload[1] == 0 && packet->payload[2] == 0 && packet->payload[3] == 0) {
- if (flow->thunder_stage == 3) {
- NDPI_LOG_INFO(ndpi_struct, "found THUNDER tcp\n");
- ndpi_int_thunder_add_connection(ndpi_struct, flow);
- return;
- }
-
- flow->thunder_stage++;
- NDPI_LOG_DBG2(ndpi_struct,
- "maybe thunder tcp packet detected, stage increased to %u\n", flow->thunder_stage);
- return;
- }
-
- if (flow->thunder_stage == 0 && packet->payload_packet_len > 17
- && memcmp(packet->payload, "POST / HTTP/1.1\r\n", 17) == 0) {
- ndpi_parse_packet_line_info(ndpi_struct, flow);
-
- NDPI_LOG_DBG2(ndpi_struct,
- "maybe thunder http POST packet detected, parsed packet lines: %u, empty line set %u (at: %u)\n",
- packet->parsed_lines, packet->empty_line_position_set, packet->empty_line_position);
-
- if (packet->empty_line_position_set != 0 &&
- packet->content_line.ptr != NULL &&
- packet->content_line.len == 24 &&
- memcmp(packet->content_line.ptr, "application/octet-stream",
- 24) == 0 && packet->empty_line_position_set < (packet->payload_packet_len - 8)
- && packet->payload_packet_len > (packet->empty_line_position + 5)
- && packet->payload[packet->empty_line_position + 2] >= 0x30
- && packet->payload[packet->empty_line_position + 2] < 0x40
- && packet->payload[packet->empty_line_position + 3] == 0x00
- && packet->payload[packet->empty_line_position + 4] == 0x00
- && packet->payload[packet->empty_line_position + 5] == 0x00) {
- NDPI_LOG_INFO(ndpi_struct,
- "found thunder http POST packet application does match\n");
- ndpi_int_thunder_add_connection(ndpi_struct, flow);
- return;
- }
- }
- NDPI_LOG_DBG(ndpi_struct, "excluding thunder tcp at stage %u\n", flow->thunder_stage);
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_THUNDER);
-}
-
-
-#if !defined(WIN32)
-static inline
-#elif defined(MINGW_GCC)
-__mingw_forceinline static
-#else
-__forceinline static
-#endif
-void ndpi_int_search_thunder_http(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
- if (packet->payload_packet_len > 5
- && memcmp(packet->payload, "GET /", 5) == 0) {
- NDPI_LOG_DBG2(ndpi_struct, "HTTP packet detected\n");
- ndpi_parse_packet_line_info(ndpi_struct, flow);
-
- if (packet->parsed_lines > 7
- && packet->parsed_lines < 11
- && packet->line[1].len > 10
- && memcmp(packet->line[1].ptr, "Accept: */*", 11) == 0
- && packet->line[2].len > 22
- && memcmp(packet->line[2].ptr, "Cache-Control: no-cache",
- 23) == 0 && packet->line[3].len > 16
- && memcmp(packet->line[3].ptr, "Connection: close", 17) == 0
- && packet->line[4].len > 6
- && memcmp(packet->line[4].ptr, "Host: ", 6) == 0
- && packet->line[5].len > 15
- && memcmp(packet->line[5].ptr, "Pragma: no-cache", 16) == 0
- && packet->user_agent_line.ptr != NULL
- && packet->user_agent_line.len > 49
- && memcmp(packet->user_agent_line.ptr,
- "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)", 50) == 0) {
- NDPI_LOG_INFO(ndpi_struct,
- "found thunder HTTP download detected\n");
- ndpi_int_thunder_add_connection(ndpi_struct, flow);
- }
- }
-}
-
-void ndpi_search_thunder(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
- struct ndpi_packet_struct *packet = &ndpi_struct->packet;
- //
- //struct ndpi_id_struct *src = flow->src;
- //struct ndpi_id_struct *dst = flow->dst;
-
- if (packet->tcp != NULL) {
- ndpi_int_search_thunder_http(ndpi_struct, flow);
- ndpi_int_search_thunder_tcp(ndpi_struct, flow);
- } else if (packet->udp != NULL) {
- ndpi_int_search_thunder_udp(ndpi_struct, flow);
- }
-}
-
-
-void init_thunder_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
-{
- ndpi_set_bitmask_protocol_detection("Thunder", ndpi_struct, *id,
- NDPI_PROTOCOL_THUNDER,
- ndpi_search_thunder,
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
- SAVE_DETECTION_BITMASK_AS_UNKNOWN,
- ADD_TO_DETECTION_BITMASK);
-
- *id += 1;
-}
Powered by cgit, Themed by Ted Yin.