aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/include/ndpi_typedefs.h5
-rw-r--r--src/lib/ndpi_content_match.c.inc4
-rw-r--r--src/lib/ndpi_main.c2
-rw-r--r--src/lib/protocols/dofus.c97
4 files changed, 12 insertions, 96 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index fab32a5cb..fba4bc270 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -916,9 +916,6 @@ struct ndpi_flow_tcp_struct {
/* NDPI_PROTOCOL_ICECAST */
u_int64_t icecast_stage:1;
- /* NDPI_PROTOCOL_DOFUS */
- u_int64_t dofus_stage:1;
-
/* NDPI_PROTOCOL_MAIL_POP */
u_int64_t mail_pop_stage:2;
@@ -927,7 +924,7 @@ struct ndpi_flow_tcp_struct {
u_int64_t mail_imap_starttls:1;
/* Reserved for future use */
- u_int64_t reserved:19;
+ u_int64_t reserved:20;
};
/* ************************************************** */
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index 0a54ad490..25b2a225d 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -1756,6 +1756,10 @@ static ndpi_protocol_match host_match[] =
{ "kick.com", "Kick", NDPI_PROTOCOL_KICK, NDPI_PROTOCOL_CATEGORY_VIDEO, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
+ { "ankama.com", "Dofus", NDPI_PROTOCOL_DOFUS, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+ { "ankama-games.com", "Dofus", NDPI_PROTOCOL_DOFUS, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+ { "dofus-touch.com", "Dofus", NDPI_PROTOCOL_DOFUS, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_content_match_host_match.c.inc"
#endif
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index bb287d2d6..6adebf900 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1520,7 +1520,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
"Crossfire", NDPI_PROTOCOL_CATEGORY_RPC, NDPI_PROTOCOL_QOE_CATEGORY_UNSPECIFIED,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOFUS,
+ ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOFUS,
"Dofus", NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_QOE_CATEGORY_ONLINE_GAMING,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
diff --git a/src/lib/protocols/dofus.c b/src/lib/protocols/dofus.c
index 109a5d5a6..d87763d88 100644
--- a/src/lib/protocols/dofus.c
+++ b/src/lib/protocols/dofus.c
@@ -41,102 +41,17 @@ static void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct,
NDPI_LOG_DBG(ndpi_struct, "search dofus\n");
- /* Dofus v 1.x.x */
- if (packet->payload_packet_len == 13 && get_u_int16_t(packet->payload, 1) == ntohs(0x0508)
- && get_u_int16_t(packet->payload, 5) == ntohs(0x04a0)
- && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == ntohs(0x0194)) {
- ndpi_dofus_add_connection(ndpi_struct, flow);
- return;
- }
- if (flow->l4.tcp.dofus_stage == 0) {
- if (packet->payload_packet_len == 3 && memcmp(packet->payload, "HG", 2) == 0
- && packet->payload[packet->payload_packet_len - 1] == 0)
- goto maybe_dofus;
-
- if (packet->payload_packet_len == 12 && memcmp(packet->payload, "Af", 2) == 0
- && packet->payload[packet->payload_packet_len - 1] == 0)
- goto maybe_dofus;
-
- if (packet->payload_packet_len == 35 && memcmp(packet->payload, "HC", 2) == 0
- && packet->payload[packet->payload_packet_len - 1] == 0)
- goto maybe_dofus;
-
- if (packet->payload_packet_len > 2 && packet->payload[0] == 'A'
- && (packet->payload[1] == 'x' || packet->payload[1] == 'X')
- && packet->payload[packet->payload_packet_len - 1] == 0)
- goto maybe_dofus;
-
- if (packet->payload_packet_len > 2 && memcmp(packet->payload, "Ad", 2)
- && packet->payload[packet->payload_packet_len - 1] == 0)
- goto maybe_dofus;
-
- }
- if (flow->l4.tcp.dofus_stage == 1) {
- if (packet->payload_packet_len == 11 && memcmp(packet->payload, "AT", 2) == 0
- && packet->payload[10] == 0x00) {
- ndpi_dofus_add_connection(ndpi_struct, flow);
- return;
- }
- if (packet->payload_packet_len == 5
- && packet->payload[0] == 'A' && packet->payload[4] == 0x00
- && (packet->payload[1] == 'T' || packet->payload[1] == 'k')) {
+ /* Dofus 3 */
+ if(ntohs(flow->c_port) == 5555 || ntohs(flow->s_port) == 5555) {
+ if(packet->payload_packet_len > 3 &&
+ packet->payload[0] + 1 == packet->payload_packet_len &&
+ packet->payload[1] == 0x0a &&
+ packet->payload[2] + 2 == packet->payload[0]) {
ndpi_dofus_add_connection(ndpi_struct, flow);
- return;
}
}
- /* end Dofus 1.x.x */
-
- /* Dofus 2.0 */
- if ((packet->payload_packet_len == 11 || packet->payload_packet_len == 13 || packet->payload_packet_len == 49)
- && get_u_int32_t(packet->payload, 0) == ntohl(0x00050800)
- && get_u_int16_t(packet->payload, 4) == ntohs(0x0005)
- && get_u_int16_t(packet->payload, 8) == ntohs(0x0005)
- && packet->payload[10] == 0x18) {
- if (packet->payload_packet_len == 13
- && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) != ntohs(0x0194)) {
- goto exclude;
- }
- if (packet->payload_packet_len == 49 && ntohs(get_u_int16_t(packet->payload, 15)) + 17 != packet->payload_packet_len) {
- goto exclude;
- }
- ndpi_dofus_add_connection(ndpi_struct, flow);
- return;
- }
- if (packet->payload_packet_len >= 41 && get_u_int16_t(packet->payload, 0) == ntohs(0x01b9) && packet->payload[2] == 0x26) {
- u_int16_t len, len2;
- len = ntohs(get_u_int16_t(packet->payload, 3));
- if ((len + 5 + 2) > packet->payload_packet_len)
- goto exclude;
- len2 = ntohs(get_u_int16_t(packet->payload, 5 + len));
- if (5 + len + 2 + len2 == packet->payload_packet_len) {
- ndpi_dofus_add_connection(ndpi_struct, flow);
- return;
- }
- }
- if (packet->payload_packet_len == 56
- && memcmp(packet->payload, "\x00\x11\x35\x02\x03\x00\x93\x96\x01\x00", 10) == 0) {
- u_int16_t len, len2;
- len = ntohs(get_u_int16_t(packet->payload, 10));
- if ((len + 12 + 2) > packet->payload_packet_len)
- goto exclude;
- len2 = ntohs(get_u_int16_t(packet->payload, 12 + len));
- if ((12 + len + 2 + len2 + 1) > packet->payload_packet_len)
- goto exclude;
- if (12 + len + 2 + len2 + 1 == packet->payload_packet_len && packet->payload[12 + len + 2 + len2] == 0x01) {
- ndpi_dofus_add_connection(ndpi_struct, flow);
- return;
- }
- }
-exclude:
NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow);
- return;
-
-maybe_dofus:
- flow->l4.tcp.dofus_stage = 1;
- NDPI_LOG_DBG2(ndpi_struct, "maybe dofus\n");
- return;
-
}
void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct)
Powered by cgit, Themed by Ted Yin.