5 files changed, 19 insertions, 53 deletions

diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 9538aa86e..c9496797c 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -1,3 +1,4 @@
+
 /*
  * ndpi_protocol_ids.h
  *
@@ -174,7 +175,7 @@
 #define NDPI_PROTOCOL_WAZE                  135
 #define NDPI_PROTOCOL_YOUTUBE_UPLOAD        136 /* Upload files to youtube */
 #define NDPI_PROTOCOL_ICQ                   137
-#define NDPI_PROTOCOL_SKYFILE_POSTPAID      138 /* free for future use */
+#define NDPI_PROTOCOL_CHECKMK               138
 #define NDPI_PROTOCOL_CITRIX_ONLINE         139
 #define NDPI_PROTOCOL_APPLE                 140
 #define NDPI_PROTOCOL_WEBEX                 141
@@ -275,10 +276,6 @@
 #define NDPI_PROTOCOL_CSGO                  235 /* Counter-Strike Global Offensive, Dota 2 */
 #define NDPI_PROTOCOL_LISP	            236
 
-/* check_mk */
-#define NDPI_PROTOCOL_CHECKMK               237
-
-
 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
 #define NDPI_LAST_IMPLEMENTED_PROTOCOL              NDPI_PROTOCOL_LISP
 
diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
index dec3a9eeb..da7acaef7 100644
--- a/src/include/ndpi_protocols.h
+++ b/src/include/ndpi_protocols.h
@@ -349,5 +349,6 @@ void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
+void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask);
 
 #endif /* __NDPI_PROTOCOLS_H__ */
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index c2b4e4b13..7db19f818 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -26,6 +26,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \
 		     protocols/bgp.c \
 		     protocols/bittorrent.c \
 		     protocols/bjnp.c \
+		     protocols/checkmk.c \
 		     protocols/ciscovpn.c \
 		     protocols/citrix.c \
 		     protocols/coap.c \
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 500ef892b..c12b4bea2 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -1244,7 +1244,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CHECKMK,
                             no_master,
-                            no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER,
+                            no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
                             ndpi_build_default_ports(ports_a, 6556, 0, 0, 0, 0) /* TCP */,
                             ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET,
@@ -1377,11 +1377,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK,
 			    ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
-    ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_POSTPAID,
-			    no_master,
-			    no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL,
-			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
-			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX_ONLINE,
 			    no_master,
 			    no_master, "Citrix_Online", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
@@ -3170,7 +3165,8 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct,
       packet->packet_direction = 1;
 
 #ifdef NDPI_DETECTION_SUPPORT_IPV6
-    if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->ip6_src, &iphv6->ip6_dst) != 0)
+    if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->ip6_src,
+							  &iphv6->ip6_dst) != 0)
       packet->packet_direction = 1;
 #endif
   }
@@ -4513,23 +4509,6 @@ u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_ch
 
 /* ****************************************************** */
 
-ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct *ndpi_struct /* NOTUSED */,
-					    /* u_int8_t proto, */
-					    u_int32_t shost, u_int16_t sport,
-					    u_int32_t dhost, u_int16_t dport) {
-  ndpi_protocol proto = NDPI_PROTOCOL_NULL;
-
-  /* Skyfile (host 193.252.234.246 or host 10.10.102.80) */
-  if((shost == 0xC1FCEAF6) || (dhost == 0xC1FCEAF6)
-     || (shost == 0x0A0A6650) || (dhost == 0x0A0A6650)) {
-    if((sport == 4710) || (dport == 4710)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID;
-  }
-
-  return(proto);
-}
-
-/* ****************************************************** */
-
 u_int8_t ndpi_is_proto(ndpi_protocol proto, u_int16_t p) {
   return(((proto.app_protocol == p) || (proto.master_protocol == p)) ? 1 : 0);
 }
@@ -4575,10 +4554,6 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct
 	return(ret);
     }
 
-    ret = ndpi_find_port_based_protocol(ndpi_struct/* , proto */, shost, sport, dhost, dport);
-    if(ret.app_protocol != NDPI_PROTOCOL_UNKNOWN)
-      return(ret);
-
   check_guessed_skype:
     addr.s_addr = htonl(shost);
     if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE) {
@@ -4701,26 +4676,20 @@ const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod
     switch(category) {
     case NDPI_PROTOCOL_CATEGORY_CUSTOM_1:
       return(ndpi_mod->custom_category_labels[0]);
-      break;
     case NDPI_PROTOCOL_CATEGORY_CUSTOM_2:
       return(ndpi_mod->custom_category_labels[1]);
-      break;
     case NDPI_PROTOCOL_CATEGORY_CUSTOM_3:
       return(ndpi_mod->custom_category_labels[2]);
-      break;
     case NDPI_PROTOCOL_CATEGORY_CUSTOM_4:
       return(ndpi_mod->custom_category_labels[3]);
-      break;
     case NDPI_PROTOCOL_CATEGORY_CUSTOM_5:
       return(ndpi_mod->custom_category_labels[4]);
-      break;
     case NDPI_PROTOCOL_NUM_CATEGORIES:
       return("Code should not use this internal constant");
-      break;
+    default:
+      return("Unspecified");
     }
   }
-  
-  return("Unspecified");
 }
 
 /* ****************************************************** */
diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c
index d407efea5..50a92c8d5 100755
--- a/src/lib/protocols/checkmk.c
+++ b/src/lib/protocols/checkmk.c
@@ -1,8 +1,7 @@
 /*
  * checkmk.c
  *
- * Copyright (C) 2009-2011 by ipoque GmbH
- * Copyright (C) 2011-16 - ntop.org
+ * Copyright (C) 2011-17 - ntop.org
  *
  * This file is part of nDPI, an open source deep packet inspection
  * library based on the OpenDPI and PACE technology by ipoque GmbH
@@ -20,20 +19,22 @@
  * You should have received a copy of the GNU Lesser General Public License
  * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
  *
- * 
+ *
  */
 
 #include "ndpi_protocols.h"
 
 #ifdef NDPI_PROTOCOL_CHECKMK
 
-static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
+					    struct ndpi_flow_struct *flow)
 {
   ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CHECKMK, NDPI_PROTOCOL_UNKNOWN);
 }
 
 
-void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct,
+			 struct ndpi_flow_struct *flow)
 {
   struct ndpi_packet_struct *packet = &flow->packet;
 
@@ -43,7 +44,7 @@ void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struc
       /*
 	When we transfer a large data chunk, unless we have observed
 	the initial connection, we need to discard these packets
-	as they are not an indication that this flow is not AFP	
+	as they are not an indication that this flow is not AFP
       */
       return;
     }
@@ -52,10 +53,7 @@ void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struc
      * this will detect the OpenSession command of the Data Stream Interface (DSI) protocol
      * which is exclusively used by the Apple Filing Protocol (AFP) on TCP/IP networks
      */
-
-
-
-  if (packet->payload_packet_len >= 15 && packet->payload_packet_len < 100
+    if (packet->payload_packet_len >= 15 && packet->payload_packet_len < 100
         && memcmp(packet->payload, "<<<check_mk>>>", 14) == 0) {
 
       NDPI_LOG(NDPI_PROTOCOL_CHECKMK, ndpi_struct, NDPI_LOG_DEBUG, "Check_MK: Flow detected.\n");
@@ -69,7 +67,8 @@ void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struc
 }
 
 
-void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
+void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+			    u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
 {
   ndpi_set_bitmask_protocol_detection("CHECKMK", ndpi_struct, detection_bitmask, *id,
 				      NDPI_PROTOCOL_CHECKMK,
@@ -82,4 +81,3 @@ void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
 
 
 #endif
-