aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/include/ndpi_protocol_ids.h3
-rw-r--r--src/lib/ndpi_content_match.c.inc1
-rw-r--r--src/lib/protocols/ssl.c94
3 files changed, 55 insertions, 43 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index df91f7c59..e4d40e9bb 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -264,9 +264,10 @@
#define NDPI_SERVICE_WEIBO 210
#define NDPI_SERVICE_HANGOUT 215
#define NDPI_SERVICE_SLACK 216
+#define NDPI_SERVICE_HOTMAIL 217
/* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
-#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_SERVICE_SLACK
+#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_SERVICE_HOTMAIL
#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 47778105f..7bc2b776d 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -7293,6 +7293,7 @@ ndpi_protocol_match host_match[] = {
{ "maps.gstatic.com", "GoogleMaps", NDPI_SERVICE_GOOGLE_MAPS, NDPI_PROTOCOL_ACCEPTABLE },
{ ".gmail.", "GMail", NDPI_SERVICE_GMAIL, NDPI_PROTOCOL_SAFE },
{ "mail.google.", "GMail", NDPI_SERVICE_GMAIL, NDPI_PROTOCOL_SAFE },
+ { "mail.outlook.com", "Hotmail", NDPI_SERVICE_HOTMAIL, NDPI_PROTOCOL_SAFE },
{ ".last.fm", "LastFM", NDPI_SERVICE_LASTFM, NDPI_PROTOCOL_FUN },
{ "msn.com", "MSN", NDPI_SERVICE_MSN, NDPI_PROTOCOL_FUN },
{ "netflix.com", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_FUN },
diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c
index 02f64842b..f55b86ca1 100644
--- a/src/lib/protocols/ssl.c
+++ b/src/lib/protocols/ssl.c
@@ -34,51 +34,58 @@
extern u_int8_t is_skype_flow(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
-static void ndpi_int_ssl_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
+static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow, u_int32_t protocol)
{
- if((protocol != NDPI_PROTOCOL_SSL)
- && (protocol != NDPI_PROTOCOL_SSL_NO_CERT)) {
- ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
- } else {
- struct ndpi_packet_struct *packet = &flow->packet;
-
- if((flow->protos.ssl.client_certificate[0] != '\0')
- || (flow->protos.ssl.server_certificate[0] != '\0')
- || (flow->host_server_name[0] != '\0'))
- protocol = NDPI_PROTOCOL_SSL;
- else
- protocol = NDPI_PROTOCOL_SSL_NO_CERT;
-
- if(packet->tcp != NULL) {
- switch(protocol) {
- case NDPI_PROTOCOL_SSL:
- case NDPI_PROTOCOL_SSL_NO_CERT:
- {
- /*
- In case of SSL there are probably sub-protocols
- such as IMAPS that can be otherwise detected
- */
- u_int16_t sport = ntohs(packet->tcp->source);
- u_int16_t dport = ntohs(packet->tcp->dest);
-
- if((sport == 465) || (dport == 465)) protocol = NDPI_PROTOCOL_MAIL_SMTPS;
- else if((sport == 993) || (dport == 993)
+ struct ndpi_packet_struct *packet = &flow->packet;
+
+ if((flow->protos.ssl.client_certificate[0] != '\0')
+ || (flow->protos.ssl.server_certificate[0] != '\0')
+ || (flow->host_server_name[0] != '\0'))
+ protocol = NDPI_PROTOCOL_SSL;
+ else
+ protocol = NDPI_PROTOCOL_SSL_NO_CERT;
+
+ if(packet->tcp != NULL) {
+ switch(protocol) {
+ case NDPI_PROTOCOL_SSL:
+ case NDPI_PROTOCOL_SSL_NO_CERT:
+{
+ /*
+ In case of SSL there are probably sub-protocols
+ such as IMAPS that can be otherwise detected
+ */
+ u_int16_t sport = ntohs(packet->tcp->source);
+ u_int16_t dport = ntohs(packet->tcp->dest);
+
+ if((sport == 465) || (dport == 465)) protocol = NDPI_PROTOCOL_MAIL_SMTPS;
+ else if((sport == 993) || (dport == 993)
#ifdef NDPI_PROTOCOL_MAIL_IMAP
- || (flow->l4.tcp.mail_imap_starttls)
+ || (flow->l4.tcp.mail_imap_starttls)
#endif
- ) protocol = NDPI_PROTOCOL_MAIL_IMAPS;
- else if((sport == 995) || (dport == 995)) protocol = NDPI_PROTOCOL_MAIL_POPS;
- }
- break;
- }
+ ) protocol = NDPI_PROTOCOL_MAIL_IMAPS;
+ else if((sport == 995) || (dport == 995)) protocol = NDPI_PROTOCOL_MAIL_POPS;
+}
+break;
+ }
- if((protocol == NDPI_PROTOCOL_SSL_NO_CERT)
- && is_skype_flow(ndpi_struct, flow)) {
- protocol = NDPI_PROTOCOL_SKYPE;
- }
+ if((protocol == NDPI_PROTOCOL_SSL_NO_CERT)
+ && is_skype_flow(ndpi_struct, flow)) {
+protocol = NDPI_PROTOCOL_SKYPE;
}
+ }
+
+ return protocol;
+}
+static void ndpi_int_ssl_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow, u_int32_t protocol)
+{
+ if((protocol != NDPI_PROTOCOL_SSL)
+ && (protocol != NDPI_PROTOCOL_SSL_NO_CERT)) {
+ ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
+ } else {
+ protocol = ndpi_ssl_refine_master_protocol(ndpi_struct, flow, protocol);
ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN);
}
}
@@ -320,11 +327,14 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s
#ifdef CERTIFICATE_DEBUG
printf("***** [SSL] %s\n", certificate);
#endif
-
- if(ndpi_match_host_subprotocol(ndpi_struct, flow, certificate,
- strlen(certificate),
- NDPI_PROTOCOL_SSL) != NDPI_PROTOCOL_UNKNOWN)
+ u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate,
+ strlen(certificate), NDPI_PROTOCOL_SSL);
+
+ if(subproto != NDPI_PROTOCOL_UNKNOWN) {
+ ndpi_set_detected_protocol(ndpi_struct, flow, subproto,
+ ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL));
return(rc); /* Fix courtesy of Gianluca Costa <g.costa@xplico.org> */
+ }
#ifdef NDPI_PROTOCOL_TOR
if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0)