5 files changed, 71 insertions, 84 deletions

diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h
index f5b27e479..4117c2d27 100644
--- a/src/include/ndpi_private.h
+++ b/src/include/ndpi_private.h
@@ -787,7 +787,7 @@ void init_ftp_data_dissector(struct ndpi_detection_module_struct *ndpi_struct);
 void init_gnutella_dissector(struct ndpi_detection_module_struct *ndpi_struct);
 void init_gtp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
 void init_hsrp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
-void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct);
+void init_guildwars2_dissector(struct ndpi_detection_module_struct *ndpi_struct);
 void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct);
 void init_hots_dissector(struct ndpi_detection_module_struct *ndpi_struct);
 void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct);
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 429798deb..984ea7be5 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -137,7 +137,7 @@ typedef enum {
   NDPI_PROTOCOL_DOFUS                 = 106,
   NDPI_PROTOCOL_ADS_ANALYTICS_TRACK   = 107, /* Generic id for advertisement/analytics/tracking stuff */
   NDPI_PROTOCOL_ADULT_CONTENT         = 108,
-  NDPI_PROTOCOL_GUILDWARS             = 109,
+  NDPI_PROTOCOL_GUILDWARS2            = 109,
   NDPI_PROTOCOL_AMAZON_ALEXA          = 110,
   NDPI_PROTOCOL_KERBEROS              = 111,
   NDPI_PROTOCOL_LDAP                  = 112,
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 9d73b875b..57e58b8d9 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1523,9 +1523,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  "Dofus", NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_QOE_CATEGORY_ONLINE_GAMING,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS,
-			  "Guildwars", NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_QOE_CATEGORY_ONLINE_GAMING,
-			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS2,
+			  "GuildWars2", NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_QOE_CATEGORY_ONLINE_GAMING,
+			  ndpi_build_default_ports(ports_a, 6112, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMAZON_ALEXA,
 			  "AmazonAlexa", NDPI_PROTOCOL_CATEGORY_VIRTUAL_ASSISTANT, NDPI_PROTOCOL_QOE_CATEGORY_UNSPECIFIED,
@@ -5979,8 +5979,8 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
   /* CROSSIFIRE */
   init_crossfire_dissector(ndpi_str);
 
-  /* GUILDWARS */
-  init_guildwars_dissector(ndpi_str);
+  /* Guild Wars 2 */
+  init_guildwars2_dissector(ndpi_str);
 
   /* ARMAGETRON */
   init_armagetron_dissector(ndpi_str);
diff --git a/src/lib/protocols/guildwars.c b/src/lib/protocols/guildwars.c
deleted file mode 100644
index 299fef252..000000000
--- a/src/lib/protocols/guildwars.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * guildwars.c
- *
- * Copyright (C) 2009-11 - ipoque GmbH
- * Copyright (C) 2011-25 - ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
- * 
- */
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GUILDWARS
-
-#include "ndpi_api.h"
-#include "ndpi_private.h"
-
-
-static void ndpi_int_guildwars_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
-  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GUILDWARS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-}
-
-static void ndpi_search_guildwars_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
-  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
-  NDPI_LOG_DBG(ndpi_struct, "search guildwars\n");
-
-  if (packet->payload_packet_len == 64 && get_u_int16_t(packet->payload, 1) == ntohs(0x050c)
-      && memcmp(&packet->payload[50], "@2&P", 4) == 0) {
-    NDPI_LOG_INFO(ndpi_struct, "found GuildWars version 29.350\n");
-    ndpi_int_guildwars_add_connection(ndpi_struct, flow);
-    return;
-  }
-  if (packet->payload_packet_len == 16 && get_u_int16_t(packet->payload, 1) == ntohs(0x040c)
-      && get_u_int16_t(packet->payload, 4) == ntohs(0xa672)
-      && packet->payload[8] == 0x01 && packet->payload[12] == 0x04) {
-    NDPI_LOG_INFO(ndpi_struct, "found GuildWars version 29.350\n");
-    ndpi_int_guildwars_add_connection(ndpi_struct, flow);
-    return;
-  }
-  if (packet->payload_packet_len == 21 && get_u_int16_t(packet->payload, 0) == ntohs(0x0100)
-      && get_u_int32_t(packet->payload, 5) == ntohl(0xf1001000)
-      && packet->payload[9] == 0x01) {
-    NDPI_LOG_INFO(ndpi_struct, "found GuildWars version 216.107.245.50\n");
-    ndpi_int_guildwars_add_connection(ndpi_struct, flow);
-    return;
-  }
-
-  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-}
-
-
-void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct)
-{
-  ndpi_set_bitmask_protocol_detection("Guildwars", ndpi_struct,
-				      NDPI_PROTOCOL_GUILDWARS,
-				      ndpi_search_guildwars_tcp,
-				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
-				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
-				      ADD_TO_DETECTION_BITMASK);
-}
diff --git a/src/lib/protocols/guildwars2.c b/src/lib/protocols/guildwars2.c
new file mode 100644
index 000000000..196766a0e
--- /dev/null
+++ b/src/lib/protocols/guildwars2.c
@@ -0,0 +1,64 @@
+/*
+ * guildwars2.c
+ *
+ * Copyright (C) 2009-11 - ipoque GmbH
+ * Copyright (C) 2011-25 - ntop.org
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ * 
+ */
+
+#include "ndpi_protocol_ids.h"
+
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GUILDWARS2
+
+#include "ndpi_api.h"
+#include "ndpi_private.h"
+
+static void ndpi_search_guildwars2_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+  struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;
+
+  NDPI_LOG_DBG(ndpi_struct, "search Guild Wars 2\n");
+
+  if (packet->payload_packet_len > 50)
+  {
+    /* The connection starts with this preamble containing client info.
+     * The TLS handshake begins around packet 12. */
+    if ((memcmp(packet->payload, "P /Sts/Connect STS/1.0", 22) == 0) ||
+        (memcmp(packet->payload, "P /Auth/StartTls STS/1.0", 24) == 0) ||
+        (memcmp(packet->payload, "STS/1.0 400 Success", 19) == 0))
+    {
+      NDPI_LOG_INFO(ndpi_struct, "found Guild Wars 2\n");
+      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GUILDWARS2, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+      return;
+    }
+  }
+
+  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+}
+
+
+void init_guildwars2_dissector(struct ndpi_detection_module_struct *ndpi_struct)
+{
+  ndpi_set_bitmask_protocol_detection("GuildWars2", ndpi_struct,
+				      NDPI_PROTOCOL_GUILDWARS2,
+				      ndpi_search_guildwars2_tcp,
+				      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+				      ADD_TO_DETECTION_BITMASK);
+}