diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_api.h | 53 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 6 | ||||
| -rw-r--r-- | src/lib/ndpi_content_match.c.inc | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 248 |
4 files changed, 257 insertions, 52 deletions
diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 7ac5b3ef8..2cf5d3436 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -36,8 +36,8 @@ extern "C" { */ #define NDPI_API_VERSION 1 -#define SIZEOF_ID_STRUCT (sizeof(struct ndpi_id_struct)) -#define SIZEOF_FLOW_STRUCT (sizeof(struct ndpi_flow_struct)) +#define SIZEOF_ID_STRUCT ( sizeof(struct ndpi_id_struct) ) +#define SIZEOF_FLOW_STRUCT ( sizeof(struct ndpi_flow_struct) ) #define NDPI_DETECTION_ONLY_IPV4 ( 1 << 0 ) #define NDPI_DETECTION_ONLY_IPV6 ( 1 << 1 ) @@ -125,7 +125,8 @@ extern "C" { * @return the nDPI protocol ID * */ - u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin); + u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, + struct in_addr *pin); /** @@ -135,7 +136,8 @@ extern "C" { * @par match = the struct passed to match the protocol * */ - void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_match *match); + void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_match *match); /** * Returns a new initialized detection module @@ -163,7 +165,8 @@ extern "C" { * @par port = unsigned int for the port number * */ - void ndpi_enable_cache(struct ndpi_detection_module_struct *ndpi_mod, char* host, u_int port); + void ndpi_enable_cache(struct ndpi_detection_module_struct *ndpi_mod, + char* host, u_int port); /** @@ -193,7 +196,8 @@ extern "C" { const NDPI_PROTOCOL_BITMASK *detection_bitmask, const u_int32_t idx, u_int16_t ndpi_protocol_id, - void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow), + void (*func) (struct ndpi_detection_module_struct *, + struct ndpi_flow_struct *flow), const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask, u_int8_t b_save_bitmask_unknow, u_int8_t b_add_detection_bitmask); @@ -514,7 +518,8 @@ extern "C" { * @par proto = the struct ndpi_protocol contain the protocols name * @return the protocol category */ - ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto); + ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol proto); /** * Get the protocol name associated to the ID @@ -535,7 +540,8 @@ extern "C" { * @return the breed ID associated to the protocol * */ - ndpi_protocol_breed_t ndpi_get_proto_breed(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t proto); + ndpi_protocol_breed_t ndpi_get_proto_breed(struct ndpi_detection_module_struct *ndpi_struct, + u_int16_t proto); /** @@ -546,7 +552,8 @@ extern "C" { * @return the string name of the breed ID * */ - char* ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_struct, ndpi_protocol_breed_t breed_id); + char* ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_struct, + ndpi_protocol_breed_t breed_id); /** @@ -594,7 +601,8 @@ extern "C" { * -1 else * */ - int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, char* path); + int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, + char* path); /** @@ -623,7 +631,8 @@ extern "C" { * @par automa = the automa to match * */ - void ndpi_set_automa(struct ndpi_detection_module_struct *ndpi_struct, void* automa); + void ndpi_set_automa(struct ndpi_detection_module_struct *ndpi_struct, + void* automa); #ifdef NDPI_PROTOCOL_HTTP @@ -635,7 +644,8 @@ extern "C" { * @return the HTTP method information about the flow * */ - ndpi_http_method ndpi_get_http_method(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow); + ndpi_http_method ndpi_get_http_method(struct ndpi_detection_module_struct *ndpi_mod, + struct ndpi_flow_struct *flow); /** @@ -646,7 +656,8 @@ extern "C" { * @return the HTTP method information about the flow * */ - char* ndpi_get_http_url(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow); + char* ndpi_get_http_url(struct ndpi_detection_module_struct *ndpi_mod, + struct ndpi_flow_struct *flow); /** @@ -657,7 +668,8 @@ extern "C" { * @return the HTTP method information about the flow * */ - char* ndpi_get_http_content_type(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow); + char* ndpi_get_http_content_type(struct ndpi_detection_module_struct *ndpi_mod, + struct ndpi_flow_struct *flow); #endif @@ -736,8 +748,13 @@ extern "C" { * */ int ndpi_match_string(void *_automa, char *string_to_match); - - + + void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_struct, + char *ip_address_and_mask, ndpi_protocol_category_t category); + void ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct, + char *name, ndpi_protocol_category_t category); + void ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_struct); + /** * Add a string to match to an automata * @@ -749,13 +766,13 @@ extern "C" { */ int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id); - /* Utility functions to set ndpi malloc/free/print wrappers */ void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)); void set_ndpi_free(void (*__ndpi_free)(void *ptr)); void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)); void set_ndpi_flow_free(void (*__ndpi_flow_free)(void *ptr)); - void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi_debug_function_ptr ndpi_debug_printf); + void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, + ndpi_debug_function_ptr ndpi_debug_printf); void * ndpi_malloc(size_t size); void * ndpi_calloc(unsigned long count, size_t size); void ndpi_free(void *ptr); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index a338338d1..99531356d 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -820,6 +820,7 @@ typedef struct _ndpi_automa { typedef struct ndpi_proto { u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; + ndpi_protocol_category_t category; } ndpi_protocol; #define NDPI_PROTOCOL_NULL { NDPI_PROTOCOL_UNKNOWN , NDPI_PROTOCOL_UNKNOWN } @@ -884,6 +885,11 @@ struct ndpi_detection_module_struct { subprotocol_automa, /* Used for HTTP subprotocol_detection */ bigrams_automa, impossible_bigrams_automa; /* TOR */ + struct { + ndpi_automa hostnames, hostnames_shadow; + void *ipAddresses, *ipAddresses_shadow; /* Patricia */ + } custom_categories; + /* IP-based protocol detection */ void *protocols_ptree; diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 888b0e560..d50d89006 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1,7 +1,7 @@ /* * ndpi_content_match.c * - * Copyright (C) 2011-2017 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index dcbcc1ab9..a42f8c3ce 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -655,9 +655,7 @@ static int removeDefaultPort(ndpi_port_range *range, static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struct, ndpi_automa *automa, - char *value, int protocol_id, - ndpi_protocol_breed_t breed) -{ + char *value, int protocol_id) { AC_PATTERN_t ac_pattern; if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) { @@ -682,24 +680,22 @@ static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struc static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *value, int protocol_id, - ndpi_protocol_breed_t breed) + ndpi_protocol_breed_t breed /* UNUSED */) { #ifdef DEBUG NDPI_LOG_DEBUG2(ndpi_struct, "[NDPI] Adding [%s][%d]\n", value, protocol_id); #endif - return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->host_automa, - value, protocol_id, breed)); + return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->host_automa, value, protocol_id)); } /* ****************************************************** */ int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *value, int protocol_id, - ndpi_protocol_breed_t breed) -{ + ndpi_protocol_breed_t breed /* UNUSED */) { return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->content_automa, - value, protocol_id, breed)); + value, protocol_id)); } /* ****************************************************** */ @@ -840,12 +836,12 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp for(i=0; ndpi_en_bigrams[i] != NULL; i++) ndpi_string_to_automa(ndpi_mod, &ndpi_mod->bigrams_automa, (char*)ndpi_en_bigrams[i], - 1, NDPI_PROTOCOL_UNRATED); + 1); for(i=0; ndpi_en_impossible_bigrams[i] != NULL; i++) ndpi_string_to_automa(ndpi_mod, &ndpi_mod->impossible_bigrams_automa, (char*)ndpi_en_impossible_bigrams[i], - 1, NDPI_PROTOCOL_UNRATED); + 1); } /* ******************************************************************** */ @@ -1859,7 +1855,8 @@ static int fill_prefix_v4(prefix_t *p, struct in_addr *a, int b, int mb) { /* ******************************************* */ -u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin /* network byte order */) { +u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, + struct in_addr *pin /* network byte order */) { prefix_t prefix; patricia_node_t *node; @@ -1943,19 +1940,18 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp int bits = 32; char *ptr = strrchr(value, '/'); - if (ptr) - { - ptr[0] = '\0'; - ptr++; - if (atoi(ptr)>=0 && atoi(ptr)<=32) - bits = atoi(ptr); - } - + if(ptr) { + ptr[0] = '\0'; + ptr++; + if(atoi(ptr)>=0 && atoi(ptr)<=32) + bits = atoi(ptr); + } + inet_pton(AF_INET, value, &pin); - + if((node = add_to_ptree(ndpi_struct->protocols_ptree, AF_INET, &pin, bits)) != NULL) node->value.user_value = protocol_id; - + return 0; } @@ -2047,11 +2043,20 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { ndpi_str->ndpi_num_supported_protocols = NDPI_MAX_SUPPORTED_PROTOCOLS; ndpi_str->ndpi_num_custom_protocols = 0; - ndpi_str->host_automa.ac_automa = ac_automata_init(ac_match_handler); - ndpi_str->content_automa.ac_automa = ac_automata_init(ac_match_handler); - ndpi_str->bigrams_automa.ac_automa = ac_automata_init(ac_match_handler); + ndpi_str->host_automa.ac_automa = ac_automata_init(ac_match_handler); + ndpi_str->content_automa.ac_automa = ac_automata_init(ac_match_handler); + ndpi_str->bigrams_automa.ac_automa = ac_automata_init(ac_match_handler); ndpi_str->impossible_bigrams_automa.ac_automa = ac_automata_init(ac_match_handler); + ndpi_str->custom_categories.hostnames.ac_automa = ac_automata_init(ac_match_handler); + ndpi_str->custom_categories.hostnames_shadow.ac_automa = ac_automata_init(ac_match_handler); + ndpi_str->custom_categories.ipAddresses = ndpi_New_Patricia(32 /* IPv4 */); + ndpi_str->custom_categories.ipAddresses_shadow = ndpi_New_Patricia(32 /* IPv4 */); + + if((ndpi_str->custom_categories.ipAddresses == NULL) + || (ndpi_str->custom_categories.ipAddresses_shadow == NULL)) + return(NULL); + ndpi_init_protocol_defaults(ndpi_str); for(i=0; i<NUM_CUSTOM_CATEGORIES; i++) @@ -2169,6 +2174,18 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct destroy_hyperscan(ndpi_struct); #endif + if(ndpi_struct->custom_categories.hostnames.ac_automa != NULL) + ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->custom_categories.hostnames.ac_automa); + + if(ndpi_struct->custom_categories.hostnames_shadow.ac_automa != NULL) + ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->custom_categories.hostnames_shadow.ac_automa); + + if(ndpi_struct->custom_categories.ipAddresses != NULL) + ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->custom_categories.ipAddresses, free_ptree_data); + + if(ndpi_struct->custom_categories.ipAddresses_shadow != NULL) + ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->custom_categories.ipAddresses_shadow, free_ptree_data); + ndpi_free(ndpi_struct); } } @@ -3627,7 +3644,7 @@ static u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; + ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED }; if(flow == NULL) return(ret); @@ -3724,17 +3741,125 @@ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************* */ +void ndpi_load_ip_category(struct ndpi_detection_module_struct *ndpi_struct, + char *ip_address_and_mask, ndpi_protocol_category_t category) { + patricia_node_t *node; + struct in_addr pin; + int bits = 32; + char *ptr = strrchr(ip_address_and_mask, '/'); + + if(ptr) { + ptr[0] = '\0'; + ptr++; + if (atoi(ptr)>=0 && atoi(ptr)<=32) + bits = atoi(ptr); + } + + inet_pton(AF_INET, ip_address_and_mask, &pin); + + if((node = add_to_ptree(ndpi_struct->custom_categories.ipAddresses_shadow, + AF_INET, &pin, bits)) != NULL) + node->value.user_value = (int)category; +} + +/* ********************************************************************************* */ + +void ndpi_load_hostname_category(struct ndpi_detection_module_struct *ndpi_struct, + char *name, ndpi_protocol_category_t category) { + AC_PATTERN_t ac_pattern; + + if(name == NULL) return; + + /* printf("===> Loading %s as %u\n", name, category); */ + + if(ndpi_struct->custom_categories.hostnames_shadow.ac_automa == NULL) return; + ac_pattern.astring = name, ac_pattern.length = strlen(ac_pattern.astring); + ac_pattern.rep.number = (int)category; + + ac_automata_add(ndpi_struct->custom_categories.hostnames_shadow.ac_automa, &ac_pattern); + ac_automata_finalize(ndpi_struct->custom_categories.hostnames_shadow.ac_automa); +} + +/* ********************************************************************************* */ + +void ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_struct) { + /* Free */ + ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->custom_categories.hostnames.ac_automa); + ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->custom_categories.ipAddresses, free_ptree_data); + + /* Finalize */ + ac_automata_finalize((AC_AUTOMATA_t*)ndpi_struct->custom_categories.hostnames_shadow.ac_automa); + + /* Swap */ + ndpi_struct->custom_categories.hostnames.ac_automa = ndpi_struct->custom_categories.hostnames_shadow.ac_automa; + ndpi_struct->custom_categories.ipAddresses = ndpi_struct->custom_categories.ipAddresses_shadow; + + /* Realloc */ + ndpi_struct->custom_categories.hostnames_shadow.ac_automa = ac_automata_init(ac_match_handler); + ndpi_struct->custom_categories.ipAddresses_shadow = ndpi_New_Patricia(32 /* IPv4 */); +} + +/* ********************************************************************************* */ + +static void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + ndpi_protocol *ret) { + if(flow->packet.iph) { + prefix_t prefix; + patricia_node_t *node; + + /* Make sure all in network byte order otherwise compares wont work */ + fill_prefix_v4(&prefix, (struct in_addr *)&flow->packet.iph->saddr, + 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits); + node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix); + + if(!node) { + fill_prefix_v4(&prefix, (struct in_addr *)&flow->packet.iph->daddr, + 32, ((patricia_tree_t*)ndpi_struct->protocols_ptree)->maxbits); + node = ndpi_patricia_search_best(ndpi_struct->custom_categories.ipAddresses, &prefix); + } + + if(node) { + ret->category = (ndpi_protocol_category_t)node->value.user_value; + return; + } + } + + if(flow->host_server_name[0] != '\0') { + unsigned long id; + int rc = ndpi_match_string_id(ndpi_struct->custom_categories.hostnames.ac_automa, (char *)flow->host_server_name, &id); + + if(rc == 0) { + ret->category = (ndpi_protocol_category_t)id; + return; + } + } + + if(flow->protos.ssl.server_certificate[0] != '\0') { + unsigned long id; + int rc = ndpi_match_string_id(ndpi_struct->custom_categories.hostnames.ac_automa, (char *)flow->protos.ssl.server_certificate, &id); + + if(rc == 0) { + ret->category = (ndpi_protocol_category_t)id; + return; + } + } + + ret->category = ndpi_get_proto_category(ndpi_struct, *ret); +} + +/* ********************************************************************************* */ + ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const unsigned char *packet, const unsigned short packetlen, const u_int64_t current_tick_l, struct ndpi_id_struct *src, - struct ndpi_id_struct *dst) -{ + struct ndpi_id_struct *dst) { NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_packet; u_int32_t a; - ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; + ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED }; if(ndpi_struct->ndpi_log_level >= NDPI_LOG_TRACE) NDPI_LOG(flow ? flow->detected_protocol_stack[0]:NDPI_PROTOCOL_UNKNOWN, @@ -3825,6 +3950,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->guessed_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { /* This is a custom protocol and it has priority over everything else */ ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_host_protocol_id; + ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); } @@ -3835,6 +3961,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ret = ndpi_detection_giveup(ndpi_struct, flow); } + ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); } } else { @@ -3851,6 +3978,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct /* This is a custom protocol and it has priority over everything else */ ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_host_protocol_id; ndpi_check_flow_func(ndpi_struct, flow, &ndpi_selection_packet); + ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); } @@ -3878,9 +4006,12 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct } else ret.app_protocol = flow->detected_protocol_stack[0]; + ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); } +/* ********************************************************************************* */ + u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read) { u_int32_t val; @@ -3896,6 +4027,8 @@ u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to return (val); } +/* ********************************************************************************* */ + u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read) { u_int32_t val; @@ -3929,6 +4062,7 @@ u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t m return (val); } +/* ********************************************************************************* */ u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read) { @@ -3945,6 +4079,8 @@ u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_ return (val); } +/* ********************************************************************************* */ + u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read) { u_int64_t val; @@ -3978,6 +4114,7 @@ u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t return (val); } +/* ********************************************************************************* */ u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read) { @@ -4015,6 +4152,8 @@ u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_r return htonl(val); } +/* ********************************************************************************* */ + /* internal function for every detection to parse one packet and to increase the info buffer */ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -4266,6 +4405,8 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc } } +/* ********************************************************************************* */ + void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -4309,6 +4450,7 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s } } +/* ********************************************************************************* */ u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter) @@ -4391,6 +4533,8 @@ u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi } #ifdef NDPI_ENABLE_DEBUG_MESSAGES +/* ********************************************************************************* */ + void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct, const char **file, const char **func, u_int32_t * line) { @@ -4406,12 +4550,17 @@ void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *line = ndpi_struct->ndpi_debug_print_line; } #endif + +/* ********************************************************************************* */ + u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_int8_t ** l4_return, u_int16_t * l4_len_return, u_int8_t * l4_protocol_return, u_int32_t flags) { return ndpi_detection_get_l4_internal(NULL, l3, l3_len, l4_return, l4_len_return, l4_protocol_return, flags); } +/* ********************************************************************************* */ + void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, @@ -4437,11 +4586,15 @@ void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct } } +/* ********************************************************************************* */ + u_int16_t ndpi_get_flow_masterprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { return(flow->detected_protocol_stack[1]); } +/* ********************************************************************************* */ + void ndpi_int_change_flow_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, @@ -4451,6 +4604,8 @@ void ndpi_int_change_flow_protocol(struct ndpi_detection_module_struct *ndpi_str flow->detected_protocol_stack[0] = upper_detected_protocol, flow->detected_protocol_stack[1] = lower_detected_protocol; } +/* ********************************************************************************* */ + void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, @@ -4464,9 +4619,12 @@ void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_s if(!packet) return; - packet->detected_protocol_stack[0] = upper_detected_protocol, packet->detected_protocol_stack[1] = lower_detected_protocol; + packet->detected_protocol_stack[0] = upper_detected_protocol, + packet->detected_protocol_stack[1] = lower_detected_protocol; } +/* ********************************************************************************* */ + /* generic function for changing the protocol * * what it does is: @@ -4490,6 +4648,8 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, upper_detected_protocol, lower_detected_protocol); } +/* ********************************************************************************* */ + /* change protocol only if guessing is active */ /* void ndpi_guess_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, */ /* struct ndpi_flow_struct *flow) */ @@ -4509,6 +4669,8 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, /* } */ /* } */ +/* ********************************************************************************* */ + /* turns a packet back to unknown */ void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet) { int a; @@ -4517,6 +4679,8 @@ void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet) { packet->detected_protocol_stack[a] = NDPI_PROTOCOL_UNKNOWN; } +/* ********************************************************************************* */ + void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow) { if(flow) { int a; @@ -4527,16 +4691,22 @@ void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow) { } } +/* ********************************************************************************* */ + void NDPI_PROTOCOL_IP_clear(ndpi_ip_addr_t * ip) { memset(ip, 0, sizeof(ndpi_ip_addr_t)); } +/* ********************************************************************************* */ + /* NTOP */ int NDPI_PROTOCOL_IP_is_set(const ndpi_ip_addr_t * ip) { return memcmp(ip, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", sizeof(ndpi_ip_addr_t)) != 0; } +/* ********************************************************************************* */ + /* check if the source ip address in packet and ip are equal */ /* NTOP */ int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip) @@ -4563,6 +4733,8 @@ int ndpi_packet_src_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_i return 0; } +/* ********************************************************************************* */ + /* check if the destination ip address in packet and ip are equal */ int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_ip_addr_t * ip) { @@ -4588,6 +4760,8 @@ int ndpi_packet_dst_ip_eql(const struct ndpi_packet_struct *packet, const ndpi_i return 0; } +/* ********************************************************************************* */ + /* get the source ip address from packet and put it into ip */ /* NTOP */ void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip) @@ -4611,6 +4785,8 @@ void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_add ip->ipv4 = packet->iph->saddr; } +/* ********************************************************************************* */ + /* get the destination ip address from packet and put it into ip */ /* NTOP */ void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip) @@ -4633,6 +4809,8 @@ void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_add ip->ipv4 = packet->iph->daddr; } +/* ********************************************************************************* */ + #ifdef NDPI_ENABLE_DEBUG_MESSAGES /* get the string representation of ip * returns a pointer to a static string @@ -4663,6 +4841,7 @@ char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, } +/* ********************************************************************************* */ /* get the string representation of the source ip address from packet */ char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, @@ -4673,6 +4852,8 @@ char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_st return ndpi_get_ip_string(ndpi_struct, &ip); } +/* ********************************************************************************* */ + /* get the string representation of the destination ip address from packet */ char *ndpi_get_packet_dst_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_packet_struct *packet) @@ -4681,11 +4862,12 @@ char *ndpi_get_packet_dst_ip_string(struct ndpi_detection_module_struct *ndpi_st ndpi_packet_dst_ip_get(packet, &ip); return ndpi_get_ip_string(ndpi_struct, &ip); } -#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ +#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ /* ****************************************************** */ -u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read) +u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, + u_int16_t max_chars_to_read, u_int16_t * bytes_read) { u_int16_t val = ndpi_bytestream_to_number(str, max_chars_to_read, bytes_read); return ntohs(val); @@ -4711,7 +4893,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct u_int32_t dhost /* host byte order */, u_int16_t dport) { u_int32_t rc; struct in_addr addr; - ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; + ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED }; u_int8_t user_defined_proto; if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) { |