From e00b06926e4acc01e56fefb47e0b45f1ea53436d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 11 Jun 2018 16:22:02 +0200 Subject: Fix for handling IP address based custom categories --- example/ndpiReader.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 5a8f91139..9dacf000a 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -380,7 +380,7 @@ void extcap_config() { struct ndpi_proto_sorter *protos; u_int ndpi_num_supported_protocols = ndpi_get_ndpi_num_supported_protocols(ndpi_info_mod); ndpi_proto_defaults_t *proto_defaults = ndpi_get_proto_defaults(ndpi_info_mod); - + /* -i */ printf("arg {number=%d}{call=-i}{display=Capture Interface}{type=string}" "{tooltip=The interface name}\n", argidx++); @@ -601,7 +601,7 @@ static void parseOptions(int argc, char **argv) { extcap_packet_filter = ndpi_get_proto_by_name(ndpi_info_mod, optarg); if (extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg); break; - + case 257: _debug_protocols = strdup(optarg); break; @@ -761,10 +761,12 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa fprintf(out, "[proto: %u/%s]", flow->detected_protocol.app_protocol, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); - + if(flow->detected_protocol.category != 0) - fprintf(out, "[cat: %s]", ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, - flow->detected_protocol.category)); + fprintf(out, "[cat: %s/%u]", + ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.category), + (unsigned int)flow->detected_protocol.category); fprintf(out, "[%u pkts/%llu bytes ", flow->src2dst_packets, (long long unsigned int) flow->src2dst_bytes); fprintf(out, "%s %u pkts/%llu bytes]", @@ -1487,10 +1489,10 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { while(fd) { char buffer[512], *line, *name, *category; int i; - + if(!(line = fgets(buffer, sizeof(buffer), fd))) break; - + if(((i = strlen(line)) <= 1) || (line[0] == '#')) continue; else @@ -1501,9 +1503,16 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { category = strtok(NULL, "\t"); if(category) { + int fields[4]; + // printf("Loading %s\t%s\n", name, category); - ndpi_load_hostname_category(ndpi_thread_info[thread_id].workflow->ndpi_struct, - name, (ndpi_protocol_category_t)atoi(category)); + + if(sscanf(name, "%d.%d.%d.%d", &fields[0], &fields[1], &fields[2], &fields[3]) == 4) + ndpi_load_ip_category(ndpi_thread_info[thread_id].workflow->ndpi_struct, + name, (ndpi_protocol_category_t)atoi(category)); + else + ndpi_load_hostname_category(ndpi_thread_info[thread_id].workflow->ndpi_struct, + name, (ndpi_protocol_category_t)atoi(category)); } } } @@ -3199,7 +3208,7 @@ int orginal_main(int argc, char **argv) { printf("nDPI Library version mismatch: please make sure this code and the nDPI library are in sync\n"); return(-1); } - + automataUnitTest(); ndpi_info_mod = ndpi_init_detection_module(); -- cgit v1.2.3 From 3986a951d8e032b3a25dc3db8198898658502f15 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 21 Jun 2018 16:13:18 +0200 Subject: Suppressed invalid messages with -q -j now accepts - as stdout --- example/ndpiReader.c | 16 +++++++++++----- src/lib/ndpi_content_match.c.inc | 16 ++++++++-------- 2 files changed, 19 insertions(+), 13 deletions(-) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 9dacf000a..9b10fe6c5 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -547,7 +547,7 @@ static void parseOptions(int argc, char **argv) { case 'j': #ifndef HAVE_JSON_C - printf("WARNING: this copy of ndpiReader has been compiled without JSON-C: json export disabled\n"); + printf("WARNING: this copy of ndpiReader has been compiled without json-c: JSON export disabled\n"); #else _jsonFilePath = optarg; json_flag = 1; @@ -1897,6 +1897,7 @@ static void printResults(u_int64_t tot_usec) { char buf[32]; #ifdef HAVE_JSON_C FILE *json_fp = NULL; + u_int8_t dont_close_json_fp = 0; json_object *jObj_main = NULL, *jObj_trafficStats, *jArray_detProto = NULL, *jObj; #endif long long unsigned int breed_stats[NUM_BREEDS] = { 0 }; @@ -2005,10 +2006,14 @@ static void printResults(u_int64_t tot_usec) { if(json_flag) { #ifdef HAVE_JSON_C - if((json_fp = fopen(_jsonFilePath,"w")) == NULL) { + if(!strcmp(_jsonFilePath, "-")) + json_fp = stderr, dont_close_json_fp = 1; + else if((json_fp = fopen(_jsonFilePath,"w")) == NULL) { printf("Error creating .json file %s\n", _jsonFilePath); json_flag = 0; - } else { + } + + if(json_flag) { jObj_main = json_object_new_object(); jObj_trafficStats = json_object_new_object(); jArray_detProto = json_object_new_array(); @@ -2159,7 +2164,7 @@ static void printResults(u_int64_t tot_usec) { json_object_object_add(jObj_main,"unknown.flows",jArray_unknown_flows); fprintf(json_fp,"%s\n",json_object_to_json_string(jObj_main)); - fclose(json_fp); + if(!dont_close_json_fp) fclose(json_fp); #endif } @@ -2473,7 +2478,8 @@ static void pcap_process_packet(u_char *args, memset(&ndpi_thread_info[thread_id].workflow->stats, 0, sizeof(struct ndpi_stats)); } - printf("\n-------------------------------------------\n\n"); + if(!quiet_mode) + printf("\n-------------------------------------------\n\n"); memcpy(&begin, &end, sizeof(begin)); memcpy(&pcap_start, &pcap_end, sizeof(pcap_start)); diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index d65565b3c..ab36cbf48 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8053,6 +8053,14 @@ ndpi_protocol_match host_match[] = { { ".ebaystratus.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".ebayimg.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ + { ".cdninstagram.com", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "igcdn-photos-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramimages-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramstatic-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "facebook.com", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbstatic-a.akamaihd.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".fbcdn.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8221,14 +8229,6 @@ ndpi_protocol_match host_match[] = { { ".snapchat.", NULL, "\\.snapchat\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".snapads.", NULL, "\\.snapads\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ - { ".cdninstagram.com", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "igcdn-photos-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramimages-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramstatic-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".waze.com", NULL, NULL, "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".deezer.com", NULL, NULL, "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From 90ffa1fc2ca87b166e9447643deffb8220ae44ec Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 16 Jul 2018 09:21:34 +0200 Subject: Updated twitter invalid address range Using content substring match in category search --- example/ndpiReader.c | 2 +- src/lib/ndpi_content_match.c.inc | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 9b10fe6c5..39748cd90 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1465,7 +1465,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct, ndpi_pref_dns_dissect_response, 0); ndpi_set_detection_preferences(ndpi_thread_info[thread_id].workflow->ndpi_struct, - ndpi_pref_enable_category_substring_match, 0); + ndpi_pref_enable_category_substring_match, 1); ndpi_workflow_set_flow_detected_callback(ndpi_thread_info[thread_id].workflow, on_protocol_discovered, (void *)(uintptr_t)thread_id); diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 60671b3cd..42031fc2b 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -71,7 +71,6 @@ static ndpi_network host_protocol_list[] = { { 0xB92D0600 /* 185.45.6.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, { 0xBC40E000 /* 188.64.224.0/21 */, 21, NDPI_PROTOCOL_TWITTER }, { 0xC02C4400 /* 192.44.68.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0xC030EC00 /* 192.48.236.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, { 0xC0854C00 /* 192.133.76.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, { 0xC7109C00 /* 199.16.156.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, { 0xC73B9400 /* 199.59.148.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, @@ -609,10 +608,10 @@ static ndpi_network host_protocol_list[] = { /* Teamviewer 159.122.189.32-63 */ { 0x9F7ABD30 /* 159.122.189.32 */, 21, NDPI_PROTOCOL_TEAMVIEWER }, +#if 0 /* IFLIX services -by www.vizuamatix.com R&D team */ - { 0x344D0000 /* 52.77.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, { 0x34DC0000 /* 52.220.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, { 0x344A0000 /* 52.74.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, @@ -622,6 +621,7 @@ static ndpi_network host_protocol_list[] = { { 0x36C09600 /* 54.192.150.0 */, 24, NDPI_PROTOCOL_IFLIX }, { 0x344AC0F7 /* 52.74.192.247 */, 32, NDPI_PROTOCOL_IFLIX }, { 0x0215E718 /* 2.21.231.24 */, 32, NDPI_PROTOCOL_IFLIX }, +#endif /* Citrix GotoMeeting (AS16815, AS21866) @@ -8033,6 +8033,7 @@ ndpi_protocol_match host_match[] = { { "swscan.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes-apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes.apple.com", NULL, NULL, "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "tlnk.io", NULL, NULL, "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "aaplimg.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { ".apple.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".icloud.com", NULL, NULL, "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From 667e77c609d842a9a41930b590de206fb2b917fe Mon Sep 17 00:00:00 2001 From: Luca Date: Sat, 21 Jul 2018 16:02:54 +0200 Subject: Major code cleanup Converted some not popular protocols to NDPI_PROTOCOL_GENERIC with category detection --- autogen.sh | 2 +- configure.seed | 2 +- example/ndpi_util.h | 4 +- src/include/ndpi_api.h | 6 +- src/include/ndpi_main.h | 5 +- src/include/ndpi_protocol_ids.h | 520 ++++++++++++++++----------------- src/include/ndpi_typedefs.h | 433 +++++++++++++-------------- src/lib/Makefile | 24 ++ src/lib/Makefile.am | 181 ------------ src/lib/Makefile.simple | 22 -- src/lib/ndpi_content_match.c.inc | 61 ++-- src/lib/ndpi_main.c | 27 +- src/lib/protocols/afp.c | 8 +- src/lib/protocols/aimini.c | 6 +- src/lib/protocols/ajp.c | 4 - src/lib/protocols/amqp.c | 5 +- src/lib/protocols/apple_push.c | 5 - src/lib/protocols/applejuice.c | 6 +- src/lib/protocols/armagetron.c | 7 +- src/lib/protocols/attic/flash.c | 2 +- src/lib/protocols/attic/ftp.c | 2 +- src/lib/protocols/attic/manolito.c | 2 +- src/lib/protocols/attic/popo.c | 2 +- src/lib/protocols/attic/secondlife.c | 2 +- src/lib/protocols/ayiya.c | 6 +- src/lib/protocols/battlefield.c | 6 +- src/lib/protocols/bgp.c | 6 +- src/lib/protocols/bittorrent.c | 4 - src/lib/protocols/bjnp.c | 12 +- src/lib/protocols/btlib.c | 2 +- src/lib/protocols/checkmk.c | 7 +- src/lib/protocols/ciscovpn.c | 4 - src/lib/protocols/citrix.c | 6 +- src/lib/protocols/coap.c | 4 - src/lib/protocols/collectd.c | 6 +- src/lib/protocols/corba.c | 3 - src/lib/protocols/crossfire.c | 6 +- src/lib/protocols/csgo.c | 4 - src/lib/protocols/dcerpc.c | 5 +- src/lib/protocols/dhcp.c | 6 +- src/lib/protocols/dhcpv6.c | 6 +- src/lib/protocols/diameter.c | 9 +- src/lib/protocols/directconnect.c | 6 +- src/lib/protocols/directdownloadlink.c | 6 +- src/lib/protocols/dns.c | 6 +- src/lib/protocols/dofus.c | 6 +- src/lib/protocols/drda.c | 6 +- src/lib/protocols/dropbox.c | 8 +- src/lib/protocols/eaq.c | 6 +- src/lib/protocols/edonkey.c | 3 - src/lib/protocols/fasttrack.c | 6 +- src/lib/protocols/fbzero.c | 3 - src/lib/protocols/fiesta.c | 5 +- src/lib/protocols/fix.c | 7 +- src/lib/protocols/florensia.c | 6 +- src/lib/protocols/ftp_control.c | 6 +- src/lib/protocols/ftp_data.c | 6 +- src/lib/protocols/git.c | 7 +- src/lib/protocols/gnutella.c | 6 +- src/lib/protocols/gtp.c | 6 +- src/lib/protocols/guildwars.c | 6 +- src/lib/protocols/h323.c | 7 +- src/lib/protocols/halflife2_and_mods.c | 6 +- src/lib/protocols/hangout.c | 5 +- src/lib/protocols/hep.c | 25 +- src/lib/protocols/http.c | 45 +-- src/lib/protocols/http_activesync.c | 40 ++- src/lib/protocols/iax.c | 6 +- src/lib/protocols/icecast.c | 28 +- src/lib/protocols/ipp.c | 6 +- src/lib/protocols/irc.c | 9 +- src/lib/protocols/jabber.c | 13 +- src/lib/protocols/kakaotalk_voice.c | 8 +- src/lib/protocols/kerberos.c | 5 +- src/lib/protocols/kontiki.c | 8 +- src/lib/protocols/ldap.c | 5 +- src/lib/protocols/lisp.c | 3 - src/lib/protocols/lotus_notes.c | 6 +- src/lib/protocols/mail_imap.c | 8 +- src/lib/protocols/mail_pop.c | 6 +- src/lib/protocols/mail_smtp.c | 5 +- src/lib/protocols/maplestory.c | 6 +- src/lib/protocols/mdns.c | 5 +- src/lib/protocols/megaco.c | 8 +- src/lib/protocols/mgcp.c | 7 +- src/lib/protocols/mpegts.c | 5 +- src/lib/protocols/mqtt.c | 3 - src/lib/protocols/msn.c | 61 ++-- src/lib/protocols/mssql_tds.c | 6 +- src/lib/protocols/mysql.c | 6 +- src/lib/protocols/netbios.c | 6 +- src/lib/protocols/netflow.c | 5 +- src/lib/protocols/nfs.c | 5 +- src/lib/protocols/nintendo.c | 5 +- src/lib/protocols/noe.c | 6 +- src/lib/protocols/non_tcp_udp.c | 62 ++-- src/lib/protocols/ntp.c | 5 +- src/lib/protocols/openft.c | 6 +- src/lib/protocols/openvpn.c | 6 +- src/lib/protocols/oracle.c | 4 - src/lib/protocols/oscar.c | 6 +- src/lib/protocols/pando.c | 4 - src/lib/protocols/pcanywhere.c | 5 +- src/lib/protocols/postgres.c | 5 +- src/lib/protocols/pplive.c | 3 - src/lib/protocols/ppstream.c | 5 +- src/lib/protocols/pptp.c | 6 +- src/lib/protocols/qq.c | 12 +- src/lib/protocols/quic.c | 12 +- src/lib/protocols/radius.c | 6 +- src/lib/protocols/rdp.c | 6 +- src/lib/protocols/redis_net.c | 6 +- src/lib/protocols/rsync.c | 6 +- src/lib/protocols/rtcp.c | 10 +- src/lib/protocols/rtmp.c | 3 - src/lib/protocols/rtp.c | 19 +- src/lib/protocols/rtsp.c | 16 +- src/lib/protocols/rx.c | 5 +- src/lib/protocols/sflow.c | 5 +- src/lib/protocols/shoutcast.c | 8 +- src/lib/protocols/sip.c | 21 +- src/lib/protocols/skinny.c | 4 - src/lib/protocols/skype.c | 6 +- src/lib/protocols/smb.c | 5 +- src/lib/protocols/smpp.c | 6 +- src/lib/protocols/snmp.c | 5 +- src/lib/protocols/socks45.c | 5 +- src/lib/protocols/someip.c | 3 - src/lib/protocols/sopcast.c | 5 +- src/lib/protocols/soulseek.c | 6 +- src/lib/protocols/spotify.c | 3 - src/lib/protocols/ssdp.c | 5 +- src/lib/protocols/ssh.c | 5 +- src/lib/protocols/ssl.c | 29 +- src/lib/protocols/starcraft.c | 5 +- src/lib/protocols/stealthnet.c | 5 +- src/lib/protocols/steam.c | 4 - src/lib/protocols/stun.c | 6 +- src/lib/protocols/syslog.c | 6 +- src/lib/protocols/tcp_udp.c | 2 +- src/lib/protocols/teamspeak.c | 3 - src/lib/protocols/teamviewer.c | 5 +- src/lib/protocols/telegram.c | 5 +- src/lib/protocols/telnet.c | 6 +- src/lib/protocols/teredo.c | 5 +- src/lib/protocols/tftp.c | 5 +- src/lib/protocols/thunder.c | 6 +- src/lib/protocols/tinc.c | 5 +- src/lib/protocols/tor.c | 5 +- src/lib/protocols/tvants.c | 6 +- src/lib/protocols/tvuplayer.c | 6 +- src/lib/protocols/ubntac2.c | 5 - src/lib/protocols/usenet.c | 6 +- src/lib/protocols/vhua.c | 5 +- src/lib/protocols/viber.c | 6 +- src/lib/protocols/vmware.c | 6 +- src/lib/protocols/vnc.c | 6 +- src/lib/protocols/warcraft3.c | 5 +- src/lib/protocols/whatsapp.c | 4 - src/lib/protocols/whoisdas.c | 6 +- src/lib/protocols/world_of_kung_fu.c | 5 +- src/lib/protocols/world_of_warcraft.c | 5 +- src/lib/protocols/xbox.c | 6 +- src/lib/protocols/xdmcp.c | 6 +- src/lib/protocols/yahoo.c | 13 +- src/lib/protocols/zattoo.c | 6 +- src/lib/protocols/zeromq.c | 5 +- 167 files changed, 813 insertions(+), 1635 deletions(-) create mode 100644 src/lib/Makefile delete mode 100644 src/lib/Makefile.am delete mode 100644 src/lib/Makefile.simple (limited to 'example') diff --git a/autogen.sh b/autogen.sh index fecb6b1f8..6ce84c3b4 100755 --- a/autogen.sh +++ b/autogen.sh @@ -2,7 +2,7 @@ NDPI_MAJOR="2" NDPI_MINOR="3" -NDPI_PATCH="0" +NDPI_PATCH="1" NDPI_VERSION_SHORT="$NDPI_MAJOR.$NDPI_MINOR.$NDPI_PATCH" rm -f configure config.h config.h.in src/lib/Makefile.in diff --git a/configure.seed b/configure.seed index 9813f54c0..993ee03fa 100644 --- a/configure.seed +++ b/configure.seed @@ -119,7 +119,7 @@ AC_ARG_ENABLE([debug-messages], AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) -AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) +AC_CONFIG_FILES([Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) AC_CONFIG_HEADERS(src/include/ndpi_config.h) AC_SUBST(GIT_RELEASE) AC_SUBST(NDPI_MAJOR) diff --git a/example/ndpi_util.h b/example/ndpi_util.h index a6adb88c1..0ea174aa5 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -1,7 +1,7 @@ /* * ndpi_util.h * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -24,7 +24,7 @@ * If you concern about performance or have to integrate nDPI in your * application, you could need to reimplement them yourself. * - * WARNING: this API is unstable! Use it at your own risk! + * WARNING: this API is just a demo od nDPI usage: Use it at your own risk! */ #ifndef __NDPI_UTIL_H__ #define __NDPI_UTIL_H__ diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 16ac45de0..358c0491c 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -606,7 +606,7 @@ extern "C" { void ndpi_set_automa(struct ndpi_detection_module_struct *ndpi_struct, void* automa); -#ifdef NDPI_PROTOCOL_HTTP +/* NDPI_PROTOCOL_HTTP */ /** * Retrieve information for HTTP flows * @@ -639,9 +639,8 @@ extern "C" { */ char* ndpi_get_http_content_type(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow); -#endif -#ifdef NDPI_PROTOCOL_TOR +/* NDPI_PROTOCOL_TOR */ /** * Check if the flow could be detected as TOR protocol * @@ -654,7 +653,6 @@ extern "C" { */ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *certificate); -#endif /* Wrappers functions */ /** diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index b76335e02..b18efa21a 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -1,7 +1,7 @@ /* * ndpi_main.h * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -105,9 +105,8 @@ extern "C" { extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id, u_int16_t** tcp_master_proto, u_int16_t** udp_master_proto); -#ifdef NDPI_PROTOCOL_NETBIOS + #/* NDPI_PROTOCOL_NETBIOS */ int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len); -#endif #ifdef NDPI_ENABLE_DEBUG_MESSAGES void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 1a7671169..59de3ee0e 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -33,267 +33,265 @@ #define NDPI_DETECTION_SUPPORT_IPV6 #define NDPI_PROTOCOL_SIZE 2 -#define NDPI_PROTOCOL_UNKNOWN 0 +typedef enum { + NDPI_PROTOCOL_UNKNOWN = 0, + NDPI_PROTOCOL_FTP_CONTROL = 1, /* Tomasz Bujlow */ + NDPI_PROTOCOL_MAIL_POP = 2, + NDPI_PROTOCOL_MAIL_SMTP = 3, + NDPI_PROTOCOL_MAIL_IMAP = 4, + NDPI_PROTOCOL_DNS = 5, + NDPI_PROTOCOL_IPP = 6, + NDPI_PROTOCOL_HTTP = 7, + NDPI_PROTOCOL_MDNS = 8, + NDPI_PROTOCOL_NTP = 9, + NDPI_PROTOCOL_NETBIOS = 10, + NDPI_PROTOCOL_NFS = 11, + NDPI_PROTOCOL_SSDP = 12, + NDPI_PROTOCOL_BGP = 13, + NDPI_PROTOCOL_SNMP = 14, + NDPI_PROTOCOL_XDMCP = 15, + NDPI_PROTOCOL_SMB = 16, + NDPI_PROTOCOL_SYSLOG = 17, + NDPI_PROTOCOL_DHCP = 18, + NDPI_PROTOCOL_POSTGRES = 19, + NDPI_PROTOCOL_MYSQL = 20, + NDPI_PROTOCOL_HOTMAIL = 21, + NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK = 22, + NDPI_PROTOCOL_MAIL_POPS = 23, + NDPI_PROTOCOL_APPLEJUICE = 24, + NDPI_PROTOCOL_DIRECTCONNECT = 25, + NDPI_PROTOCOL_NTOP = 26, + NDPI_PROTOCOL_COAP = 27, + NDPI_PROTOCOL_VMWARE = 28, + NDPI_PROTOCOL_MAIL_SMTPS = 29, + NDPI_PROTOCOL_FBZERO = 30, + NDPI_PROTOCOL_UBNTAC2 = 31, /* Ubiquity UBNT AirControl = 2 - Thomas Fjellstrom */ + NDPI_PROTOCOL_KONTIKI = 32, + NDPI_PROTOCOL_OPENFT = 33, + NDPI_PROTOCOL_FASTTRACK = 34, + NDPI_PROTOCOL_GNUTELLA = 35, + NDPI_PROTOCOL_EDONKEY = 36, /* Tomasz Bujlow */ + NDPI_PROTOCOL_BITTORRENT = 37, + NDPI_PROTOCOL_SKYPE_CALL_OUT = 38, + NDPI_PROTOCOL_MUSICALLY = 39, -#define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN + NDPI_PROTOCOL_FREE_40 = 40, /* Free */ + NDPI_PROTOCOL_FREE_41 = 41, /* Free */ + NDPI_PROTOCOL_FREE_42 = 42, /* Free */ + NDPI_PROTOCOL_FREE_43 = 43, /* Free */ + NDPI_PROTOCOL_FREE_44 = 44, /* Free */ + NDPI_PROTOCOL_FREE_45 = 45, /* Free */ + NDPI_PROTOCOL_FREE_46 = 46, /* Free */ + + NDPI_PROTOCOL_XBOX = 47, + NDPI_PROTOCOL_QQ = 48, + NDPI_PROTOCOL_SKYPE_CALL_IN = 49, + NDPI_PROTOCOL_RTSP = 50, + NDPI_PROTOCOL_MAIL_IMAPS = 51, + NDPI_PROTOCOL_ICECAST = 52, + NDPI_PROTOCOL_PPLIVE = 53, /* Tomasz Bujlow */ + NDPI_PROTOCOL_PPSTREAM = 54, + NDPI_PROTOCOL_ZATTOO = 55, + NDPI_PROTOCOL_SHOUTCAST = 56, + NDPI_PROTOCOL_SOPCAST = 57, + NDPI_PROTOCOL_TVANTS = 58, + NDPI_PROTOCOL_TVUPLAYER = 59, + NDPI_PROTOCOL_HTTP_DOWNLOAD = 60, + NDPI_PROTOCOL_QQLIVE = 61, + NDPI_PROTOCOL_THUNDER = 62, + NDPI_PROTOCOL_SOULSEEK = 63, + NDPI_PROTOCOL_SSL_NO_CERT = 64, + NDPI_PROTOCOL_IRC = 65, + NDPI_PROTOCOL_AYIYA = 66, + NDPI_PROTOCOL_UNENCRYPTED_JABBER = 67, + NDPI_PROTOCOL_MSN = 68, + NDPI_PROTOCOL_OSCAR = 69, + NDPI_PROTOCOL_YAHOO = 70, + NDPI_PROTOCOL_BATTLEFIELD = 71, + NDPI_PROTOCOL_GOOGLE_PLUS = 72, + NDPI_PROTOCOL_IP_VRRP = 73, + NDPI_PROTOCOL_STEAM = 74, /* Tomasz Bujlow */ + NDPI_PROTOCOL_HALFLIFE2 = 75, + NDPI_PROTOCOL_WORLDOFWARCRAFT = 76, + NDPI_PROTOCOL_TELNET = 77, + NDPI_PROTOCOL_STUN = 78, + NDPI_PROTOCOL_IP_IPSEC = 79, + NDPI_PROTOCOL_IP_GRE = 80, + NDPI_PROTOCOL_IP_ICMP = 81, + NDPI_PROTOCOL_IP_IGMP = 82, + NDPI_PROTOCOL_IP_EGP = 83, + NDPI_PROTOCOL_IP_SCTP = 84, + NDPI_PROTOCOL_IP_OSPF = 85, + NDPI_PROTOCOL_IP_IP_IN_IP = 86, + NDPI_PROTOCOL_RTP = 87, + NDPI_PROTOCOL_RDP = 88, + NDPI_PROTOCOL_VNC = 89, + NDPI_PROTOCOL_PCANYWHERE = 90, + NDPI_PROTOCOL_SSL = 91, + NDPI_PROTOCOL_SSH = 92, + NDPI_PROTOCOL_USENET = 93, + NDPI_PROTOCOL_MGCP = 94, + NDPI_PROTOCOL_IAX = 95, + NDPI_PROTOCOL_TFTP = 96, + NDPI_PROTOCOL_AFP = 97, + NDPI_PROTOCOL_STEALTHNET = 98, + NDPI_PROTOCOL_AIMINI = 99, + NDPI_PROTOCOL_SIP = 100, + NDPI_PROTOCOL_TRUPHONE = 101, + NDPI_PROTOCOL_IP_ICMPV6 = 102, + NDPI_PROTOCOL_DHCPV6 = 103, + NDPI_PROTOCOL_ARMAGETRON = 104, + NDPI_PROTOCOL_CROSSFIRE = 105, + NDPI_PROTOCOL_DOFUS = 106, + NDPI_PROTOCOL_FIESTA = 107, + NDPI_PROTOCOL_FLORENSIA = 108, + NDPI_PROTOCOL_GUILDWARS = 109, + NDPI_PROTOCOL_HTTP_ACTIVESYNC = 110, + NDPI_PROTOCOL_KERBEROS = 111, + NDPI_PROTOCOL_LDAP = 112, + NDPI_PROTOCOL_MAPLESTORY = 113, + NDPI_PROTOCOL_MSSQL_TDS = 114, + NDPI_PROTOCOL_PPTP = 115, + NDPI_PROTOCOL_WARCRAFT3 = 116, + NDPI_PROTOCOL_WORLD_OF_KUNG_FU = 117, + NDPI_PROTOCOL_SLACK = 118, + NDPI_PROTOCOL_FACEBOOK = 119, + NDPI_PROTOCOL_TWITTER = 120, + NDPI_PROTOCOL_DROPBOX = 121, + NDPI_PROTOCOL_GMAIL = 122, + NDPI_PROTOCOL_GOOGLE_MAPS = 123, + NDPI_PROTOCOL_YOUTUBE = 124, + NDPI_PROTOCOL_SKYPE = 125, + NDPI_PROTOCOL_GOOGLE = 126, + NDPI_PROTOCOL_DCERPC = 127, + NDPI_PROTOCOL_NETFLOW = 128, + NDPI_PROTOCOL_SFLOW = 129, + NDPI_PROTOCOL_HTTP_CONNECT = 130, + NDPI_PROTOCOL_HTTP_PROXY = 131, + NDPI_PROTOCOL_CITRIX = 132, /* It also includes the old NDPI_PROTOCOL_CITRIX_ONLINE */ + NDPI_PROTOCOL_NETFLIX = 133, + NDPI_PROTOCOL_LASTFM = 134, + NDPI_PROTOCOL_WAZE = 135, + NDPI_PROTOCOL_YOUTUBE_UPLOAD = 136, /* Upload files to youtube */ + NDPI_PROTOCOL_GENERIC = 137, /* Generic protocol used for category matching */ + NDPI_PROTOCOL_CHECKMK = 138, + NDPI_PROTOCOL_AJP = 139, /* Leonn Paiva */ + NDPI_PROTOCOL_APPLE = 140, + NDPI_PROTOCOL_WEBEX = 141, + NDPI_PROTOCOL_WHATSAPP = 142, + NDPI_PROTOCOL_APPLE_ICLOUD = 143, + NDPI_PROTOCOL_VIBER = 144, + NDPI_PROTOCOL_APPLE_ITUNES = 145, + NDPI_PROTOCOL_RADIUS = 146, + NDPI_PROTOCOL_WINDOWS_UPDATE = 147, + NDPI_PROTOCOL_TEAMVIEWER = 148, /* xplico.org */ + NDPI_PROTOCOL_TUENTI = 149, + NDPI_PROTOCOL_LOTUS_NOTES = 150, + NDPI_PROTOCOL_SAP = 151, + NDPI_PROTOCOL_GTP = 152, + NDPI_PROTOCOL_UPNP = 153, + NDPI_PROTOCOL_LLMNR = 154, + NDPI_PROTOCOL_REMOTE_SCAN = 155, + NDPI_PROTOCOL_SPOTIFY = 156, + NDPI_PROTOCOL_MESSENGER = 157, + NDPI_PROTOCOL_H323 = 158, /* Remy Mudingay */ + NDPI_PROTOCOL_OPENVPN = 159, /* Remy Mudingay */ + NDPI_PROTOCOL_NOE = 160, /* Remy Mudingay */ + NDPI_PROTOCOL_CISCOVPN = 161, /* Remy Mudingay */ + NDPI_PROTOCOL_TEAMSPEAK = 162, /* Remy Mudingay */ + NDPI_PROTOCOL_TOR = 163, /* Remy Mudingay */ + NDPI_PROTOCOL_SKINNY = 164, /* Remy Mudingay */ + NDPI_PROTOCOL_RTCP = 165, /* Remy Mudingay */ + NDPI_PROTOCOL_RSYNC = 166, /* Remy Mudingay */ + NDPI_PROTOCOL_ORACLE = 167, /* Remy Mudingay */ + NDPI_PROTOCOL_CORBA = 168, /* Remy Mudingay */ + NDPI_PROTOCOL_UBUNTUONE = 169, /* Remy Mudingay */ + NDPI_PROTOCOL_WHOIS_DAS = 170, + NDPI_PROTOCOL_COLLECTD = 171, + NDPI_PROTOCOL_SOCKS = 172, /* Tomasz Bujlow */ + NDPI_PROTOCOL_NINTENDO = 173, + NDPI_PROTOCOL_RTMP = 174, /* Tomasz Bujlow */ + NDPI_PROTOCOL_FTP_DATA = 175, /* Tomasz Bujlow */ + NDPI_PROTOCOL_WIKIPEDIA = 176, /* Tomasz Bujlow */ + NDPI_PROTOCOL_ZMQ = 177, + NDPI_PROTOCOL_AMAZON = 178, /* Tomasz Bujlow */ + NDPI_PROTOCOL_EBAY = 179, /* Tomasz Bujlow */ + NDPI_PROTOCOL_CNN = 180, /* Tomasz Bujlow */ + NDPI_PROTOCOL_MEGACO = 181, /* Gianluca Costa */ + NDPI_PROTOCOL_REDIS = 182, + NDPI_PROTOCOL_PANDO = 183, /* Tomasz Bujlow */ + NDPI_PROTOCOL_VHUA = 184, + NDPI_PROTOCOL_TELEGRAM = 185, /* Gianluca Costa */ + NDPI_PROTOCOL_VEVO = 186, + NDPI_PROTOCOL_PANDORA = 187, + NDPI_PROTOCOL_QUIC = 188, /* Andrea Buscarinu - Michele Campus */ + NDPI_PROTOCOL_WHATSAPP_VOICE = 189, + NDPI_PROTOCOL_EAQ = 190, + NDPI_PROTOCOL_OOKLA = 191, + NDPI_PROTOCOL_AMQP = 192, + NDPI_PROTOCOL_KAKAOTALK = 193, /* KakaoTalk Chat (no voice call) */ + NDPI_PROTOCOL_KAKAOTALK_VOICE = 194, /* KakaoTalk Voice */ + NDPI_PROTOCOL_TWITCH = 195, /* Edoardo Dominici */ + NDPI_PROTOCOL_FREE_196 = 196, /* Free */ + NDPI_PROTOCOL_WECHAT = 197, + NDPI_PROTOCOL_MPEGTS = 198, + NDPI_PROTOCOL_SNAPCHAT = 199, + NDPI_PROTOCOL_SINA = 200, + NDPI_PROTOCOL_HANGOUT = 201, + NDPI_PROTOCOL_IFLIX = 202, /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ + NDPI_PROTOCOL_GITHUB = 203, + NDPI_PROTOCOL_BJNP = 204, + NDPI_PROTOCOL_FREE_205 = 205, /* Free */ + NDPI_PROTOCOL_VIDTO = 206, + NDPI_PROTOCOL_SMPP = 207, /* Damir Franusic */ + NDPI_PROTOCOL_DNSCRYPT = 208, + NDPI_PROTOCOL_TINC = 209, /* William Guglielmo */ + NDPI_PROTOCOL_DEEZER = 210, + NDPI_PROTOCOL_INSTAGRAM = 211, /* Andrea Buscarinu */ + NDPI_PROTOCOL_MICROSOFT = 212, + NDPI_PROTOCOL_STARCRAFT = 213, /* Matteo Bracci */ + NDPI_PROTOCOL_TEREDO = 214, + NDPI_PROTOCOL_HOTSPOT_SHIELD = 215, + NDPI_PROTOCOL_HEP = 216, /* sipcapture.org QXIP BV */ + NDPI_PROTOCOL_GOOGLE_DRIVE = 217, + NDPI_PROTOCOL_OCS = 218, + NDPI_PROTOCOL_OFFICE_365 = 219, + NDPI_PROTOCOL_CLOUDFLARE = 220, + NDPI_PROTOCOL_MS_ONE_DRIVE = 221, + NDPI_PROTOCOL_MQTT = 222, + NDPI_PROTOCOL_RX = 223, + NDPI_PROTOCOL_APPLESTORE = 224, + NDPI_PROTOCOL_OPENDNS = 225, + NDPI_PROTOCOL_GIT = 226, + NDPI_PROTOCOL_DRDA = 227, + NDPI_PROTOCOL_PLAYSTORE = 228, + NDPI_PROTOCOL_SOMEIP = 229, + NDPI_PROTOCOL_FIX = 230, + NDPI_PROTOCOL_PLAYSTATION = 231, + NDPI_PROTOCOL_PASTEBIN = 232, /* Paulo Angelo */ + NDPI_PROTOCOL_LINKEDIN = 233, /* Paulo Angelo */ + NDPI_PROTOCOL_SOUNDCLOUD = 234, + NDPI_PROTOCOL_CSGO = 235, /* Counter-Strike Global Offensive, Dota = 2 */ + NDPI_PROTOCOL_LISP = 236, + NDPI_PROTOCOL_DIAMETER = 237, + NDPI_PROTOCOL_APPLE_PUSH = 238, + NDPI_PROTOCOL_GOOGLE_SERVICES = 239, + NDPI_PROTOCOL_AMAZON_VIDEO = 240, + NDPI_PROTOCOL_GOOGLE_DOCS = 241, + NDPI_PROTOCOL_WHATSAPP_FILES = 242, /* Videos, pictures, voice messages... */ + /* + IMPORTANT + before allocating a new identifier please fill up + one of those named NDPI_PROTOCOL_FREE_XXX and not used + (placeholders to avoid protocol renumbering) + */ + + + /* IMPORTANT:NDPI_LAST_IMPLEMENTED_PROTOCOL MUST BE THE LAST ELEMENT */ + NDPI_LAST_IMPLEMENTED_PROTOCOL +} ndpi_protocol_ids; -#define NDPI_PROTOCOL_UNKNOWN 0 -#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MAIL_POP 2 -#define NDPI_PROTOCOL_MAIL_SMTP 3 -#define NDPI_PROTOCOL_MAIL_IMAP 4 -#define NDPI_PROTOCOL_DNS 5 -#define NDPI_PROTOCOL_IPP 6 -#define NDPI_PROTOCOL_HTTP 7 -#define NDPI_PROTOCOL_MDNS 8 -#define NDPI_PROTOCOL_NTP 9 -#define NDPI_PROTOCOL_NETBIOS 10 -#define NDPI_PROTOCOL_NFS 11 -#define NDPI_PROTOCOL_SSDP 12 -#define NDPI_PROTOCOL_BGP 13 -#define NDPI_PROTOCOL_SNMP 14 -#define NDPI_PROTOCOL_XDMCP 15 -#define NDPI_PROTOCOL_SMB 16 -#define NDPI_PROTOCOL_SYSLOG 17 -#define NDPI_PROTOCOL_DHCP 18 -#define NDPI_PROTOCOL_POSTGRES 19 -#define NDPI_PROTOCOL_MYSQL 20 -#define NDPI_PROTOCOL_HOTMAIL 21 -#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 -#define NDPI_PROTOCOL_MAIL_POPS 23 -#define NDPI_PROTOCOL_APPLEJUICE 24 -#define NDPI_PROTOCOL_DIRECTCONNECT 25 -#define NDPI_PROTOCOL_NTOP 26 -#define NDPI_PROTOCOL_COAP 27 -#define NDPI_PROTOCOL_VMWARE 28 -#define NDPI_PROTOCOL_MAIL_SMTPS 29 -#define NDPI_PROTOCOL_FBZERO 30 -#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ -#define NDPI_PROTOCOL_KONTIKI 32 -#define NDPI_PROTOCOL_OPENFT 33 -#define NDPI_PROTOCOL_FASTTRACK 34 -#define NDPI_PROTOCOL_GNUTELLA 35 -#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_BITTORRENT 37 -#define NDPI_PROTOCOL_SKYPE_CALL_OUT 38 -#define NDPI_PROTOCOL_MUSICALLY 39 - -/* 40..46 are free */ -#define NDPI_PROTOCOL_FREE_40 40 -#define NDPI_PROTOCOL_FREE_41 41 -#define NDPI_PROTOCOL_FREE_42 42 -#define NDPI_PROTOCOL_FREE_43 43 -#define NDPI_PROTOCOL_FREE_44 44 -#define NDPI_PROTOCOL_FREE_45 45 -#define NDPI_PROTOCOL_FREE_46 46 - -#define NDPI_PROTOCOL_XBOX 47 -#define NDPI_PROTOCOL_QQ 48 -#define NDPI_PROTOCOL_SKYPE_CALL_IN 49 -#define NDPI_PROTOCOL_RTSP 50 -#define NDPI_PROTOCOL_MAIL_IMAPS 51 -#define NDPI_PROTOCOL_ICECAST 52 -#define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_PPSTREAM 54 -#define NDPI_PROTOCOL_ZATTOO 55 -#define NDPI_PROTOCOL_SHOUTCAST 56 -#define NDPI_PROTOCOL_SOPCAST 57 -#define NDPI_PROTOCOL_TVANTS 58 -#define NDPI_PROTOCOL_TVUPLAYER 59 -#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 -#define NDPI_PROTOCOL_QQLIVE 61 -#define NDPI_PROTOCOL_THUNDER 62 -#define NDPI_PROTOCOL_SOULSEEK 63 -#define NDPI_PROTOCOL_SSL_NO_CERT 64 -#define NDPI_PROTOCOL_IRC 65 -#define NDPI_PROTOCOL_AYIYA 66 -#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 -#define NDPI_PROTOCOL_MSN 68 -#define NDPI_PROTOCOL_OSCAR 69 -#define NDPI_PROTOCOL_YAHOO 70 -#define NDPI_PROTOCOL_BATTLEFIELD 71 -#define NDPI_PROTOCOL_GOOGLE_PLUS 72 -#define NDPI_PROTOCOL_IP_VRRP 73 -#define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_HALFLIFE2 75 -#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 -#define NDPI_PROTOCOL_TELNET 77 -#define NDPI_PROTOCOL_STUN 78 -#define NDPI_PROTOCOL_IP_IPSEC 79 -#define NDPI_PROTOCOL_IP_GRE 80 -#define NDPI_PROTOCOL_IP_ICMP 81 -#define NDPI_PROTOCOL_IP_IGMP 82 -#define NDPI_PROTOCOL_IP_EGP 83 -#define NDPI_PROTOCOL_IP_SCTP 84 -#define NDPI_PROTOCOL_IP_OSPF 85 -#define NDPI_PROTOCOL_IP_IP_IN_IP 86 -#define NDPI_PROTOCOL_RTP 87 -#define NDPI_PROTOCOL_RDP 88 -#define NDPI_PROTOCOL_VNC 89 -#define NDPI_PROTOCOL_PCANYWHERE 90 -#define NDPI_PROTOCOL_SSL 91 -#define NDPI_PROTOCOL_SSH 92 -#define NDPI_PROTOCOL_USENET 93 -#define NDPI_PROTOCOL_MGCP 94 -#define NDPI_PROTOCOL_IAX 95 -#define NDPI_PROTOCOL_TFTP 96 -#define NDPI_PROTOCOL_AFP 97 -#define NDPI_PROTOCOL_STEALTHNET 98 -#define NDPI_PROTOCOL_AIMINI 99 -#define NDPI_PROTOCOL_SIP 100 -#define NDPI_PROTOCOL_TRUPHONE 101 -#define NDPI_PROTOCOL_IP_ICMPV6 102 -#define NDPI_PROTOCOL_DHCPV6 103 -#define NDPI_PROTOCOL_ARMAGETRON 104 -#define NDPI_PROTOCOL_CROSSFIRE 105 -#define NDPI_PROTOCOL_DOFUS 106 -#define NDPI_PROTOCOL_FIESTA 107 -#define NDPI_PROTOCOL_FLORENSIA 108 -#define NDPI_PROTOCOL_GUILDWARS 109 -#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 /*avoid large declarations in the future*/ -#define NDPI_PROTOCOL_KERBEROS 111 -#define NDPI_PROTOCOL_LDAP 112 -#define NDPI_PROTOCOL_MAPLESTORY 113 -#define NDPI_PROTOCOL_MSSQL_TDS 114 -#define NDPI_PROTOCOL_PPTP 115 -#define NDPI_PROTOCOL_WARCRAFT3 116 -#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 -#define NDPI_PROTOCOL_SLACK 118 -#define NDPI_PROTOCOL_FACEBOOK 119 -#define NDPI_PROTOCOL_TWITTER 120 -#define NDPI_PROTOCOL_DROPBOX 121 -#define NDPI_PROTOCOL_GMAIL 122 -#define NDPI_PROTOCOL_GOOGLE_MAPS 123 -#define NDPI_PROTOCOL_YOUTUBE 124 -#define NDPI_PROTOCOL_SKYPE 125 -#define NDPI_PROTOCOL_GOOGLE 126 -#define NDPI_PROTOCOL_DCERPC 127 -#define NDPI_PROTOCOL_NETFLOW 128 -#define NDPI_PROTOCOL_SFLOW 129 -#define NDPI_PROTOCOL_HTTP_CONNECT 130 -#define NDPI_PROTOCOL_HTTP_PROXY 131 -#define NDPI_PROTOCOL_CITRIX 132 /* It includes also the old NDPI_PROTOCOL_CITRIX_ONLINE */ -#define NDPI_PROTOCOL_NETFLIX 133 -#define NDPI_PROTOCOL_LASTFM 134 -#define NDPI_PROTOCOL_WAZE 135 -#define NDPI_PROTOCOL_YOUTUBE_UPLOAD 136 /* Upload files to youtube */ -#define NDPI_PROTOCOL_ICQ 137 -#define NDPI_PROTOCOL_CHECKMK 138 -#define NDPI_PROTOCOL_AJP 139 /* Leonn Paiva */ -#define NDPI_PROTOCOL_APPLE 140 -#define NDPI_PROTOCOL_WEBEX 141 -#define NDPI_PROTOCOL_WHATSAPP 142 -#define NDPI_PROTOCOL_APPLE_ICLOUD 143 -#define NDPI_PROTOCOL_VIBER 144 -#define NDPI_PROTOCOL_APPLE_ITUNES 145 -#define NDPI_PROTOCOL_RADIUS 146 -#define NDPI_PROTOCOL_WINDOWS_UPDATE 147 -#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ -#define NDPI_PROTOCOL_TUENTI 149 -#define NDPI_PROTOCOL_LOTUS_NOTES 150 -#define NDPI_PROTOCOL_SAP 151 -#define NDPI_PROTOCOL_GTP 152 -#define NDPI_PROTOCOL_UPNP 153 -#define NDPI_PROTOCOL_LLMNR 154 -#define NDPI_PROTOCOL_REMOTE_SCAN 155 -#define NDPI_PROTOCOL_SPOTIFY 156 -#define NDPI_PROTOCOL_MESSENGER 157 -#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ -#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ -#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ -#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ -#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ -#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay */ -#define NDPI_PROTOCOL_WHOIS_DAS 170 -#define NDPI_PROTOCOL_COLLECTD 171 -#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_NINTENDO 173 -#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_ZMQ 177 -#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ -#define NDPI_PROTOCOL_REDIS 182 -#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_VHUA 184 -#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ -#define NDPI_PROTOCOL_VEVO 186 -#define NDPI_PROTOCOL_PANDORA 187 -#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ -#define NDPI_PROTOCOL_WHATSAPP_VOICE 189 -#define NDPI_PROTOCOL_EAQ 190 -#define NDPI_PROTOCOL_OOKLA 191 -#define NDPI_PROTOCOL_AMQP 192 -#define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ -#define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ -#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ -#define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ -#define NDPI_PROTOCOL_WECHAT 197 -#define NDPI_PROTOCOL_MPEGTS 198 -#define NDPI_PROTOCOL_SNAPCHAT 199 -#define NDPI_PROTOCOL_SINA 200 -#define NDPI_PROTOCOL_HANGOUT 201 -#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ -#define NDPI_PROTOCOL_GITHUB 203 -#define NDPI_PROTOCOL_BJNP 204 -#define NDPI_PROTOCOL_1KXUN 205 -#define NDPI_PROTOCOL_IQIYI 206 -#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ -#define NDPI_PROTOCOL_DNSCRYPT 208 -#define NDPI_PROTOCOL_TINC 209 /* William Guglielmo */ -#define NDPI_PROTOCOL_DEEZER 210 -#define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ -#define NDPI_PROTOCOL_MICROSOFT 212 -#define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci */ -#define NDPI_PROTOCOL_TEREDO 214 -#define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 -#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ -#define NDPI_PROTOCOL_GOOGLE_DRIVE 217 -#define NDPI_PROTOCOL_OCS 218 -#define NDPI_PROTOCOL_OFFICE_365 219 -#define NDPI_PROTOCOL_CLOUDFLARE 220 -#define NDPI_PROTOCOL_MS_ONE_DRIVE 221 -#define NDPI_PROTOCOL_MQTT 222 -#define NDPI_PROTOCOL_RX 223 -#define NDPI_PROTOCOL_APPLESTORE 224 -#define NDPI_PROTOCOL_OPENDNS 225 -#define NDPI_PROTOCOL_GIT 226 -#define NDPI_PROTOCOL_DRDA 227 -#define NDPI_PROTOCOL_PLAYSTORE 228 -#define NDPI_PROTOCOL_SOMEIP 229 -#define NDPI_PROTOCOL_FIX 230 -#define NDPI_PROTOCOL_PLAYSTATION 231 -#define NDPI_PROTOCOL_PASTEBIN 232 /* Paulo Angelo */ -#define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo */ -#define NDPI_PROTOCOL_SOUNDCLOUD 234 -#define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ -#define NDPI_PROTOCOL_LISP 236 -#define NDPI_PROTOCOL_DIAMETER 237 -#define NDPI_PROTOCOL_APPLE_PUSH 238 -#define NDPI_PROTOCOL_GOOGLE_SERVICES 239 -#define NDPI_PROTOCOL_AMAZON_VIDEO 240 -#define NDPI_PROTOCOL_GOOGLE_DOCS 241 -#define NDPI_PROTOCOL_WHATSAPP_FILES 242 /* Videos, pictures, voice messages... */ -#define NDPI_PROTOCOL_VIDTO 243 /* VidTO streaming service */ -#define NDPI_PROTOCOL_RAPIDVIDEO 244 /* RapidVideo streaming */ -#define NDPI_PROTOCOL_SHOWMAX 245 /* showmax.com video streaming */ -/* IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT */ -/* */ -/* If you add new NDPI protocol defines after the last, DON'T forget */ -/* to update constant NDPI_LAST_IMPLEMENTED_PROTOCOL below !!! */ -/* */ -/* IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_SHOWMAX - -#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) -#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) +#define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN +#define NDPI_MAX_SUPPORTED_PROTOCOLS NDPI_LAST_IMPLEMENTED_PROTOCOL +#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) #endif diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 33b485263..be9009e8a 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -26,9 +26,6 @@ #include "ndpi_define.h" -#define BT_ANNOUNCE -#define SNAP_EXT - /* NDPI_LOG_LEVEL */ typedef enum { NDPI_LOG_ERROR, @@ -308,8 +305,7 @@ struct ndpi_icmphdr { /* ******************* ********************* ****************** */ /* ************************************************************ */ -#ifdef NDPI_PROTOCOL_BITTORRENT - +/* NDPI_PROTOCOL_BITTORRENT */ typedef struct spinlock { volatile int val; } spinlock_t; @@ -348,9 +344,8 @@ struct bt_announce { // 192 bytes u_int8_t name_len, name[192 - 4*10 - 2 - 1]; // 149 bytes }; -#endif -#ifdef NDPI_PROTOCOL_TINC +/* NDPI_PROTOCOL_TINC */ #define TINC_CACHE_MAX_SIZE 10 PACK_ON struct tinc_cache_entry { @@ -359,8 +354,6 @@ PACK_ON struct tinc_cache_entry { u_int16_t dst_port; } PACK_OFF; -#endif - typedef enum { HTTP_METHOD_UNKNOWN = 0, HTTP_METHOD_OPTIONS, @@ -381,227 +374,221 @@ struct ndpi_id_struct { to compare this, use: **/ NDPI_PROTOCOL_BITMASK detected_protocol_bitmask; -#ifdef NDPI_PROTOCOL_RTSP +/* NDPI_PROTOCOL_RTSP */ ndpi_ip_addr_t rtsp_ip_address; -#endif -#ifdef NDPI_PROTOCOL_SIP -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_video_lan_timer; -#endif -#endif + /* NDPI_PROTOCOL_IRC_MAXPORT % 2 must be 0 */ -#ifdef NDPI_PROTOCOL_IRC +/* NDPI_PROTOCOL_IRC */ #define NDPI_PROTOCOL_IRC_MAXPORT 8 u_int16_t irc_port[NDPI_PROTOCOL_IRC_MAXPORT]; u_int32_t last_time_port_used[NDPI_PROTOCOL_IRC_MAXPORT]; u_int32_t irc_ts; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int32_t gnutella_ts; -#endif -#ifdef NDPI_PROTOCOL_BATTLEFIELD + +/* NDPI_PROTOCOL_BATTLEFIELD */ u_int32_t battlefield_ts; -#endif -#ifdef NDPI_PROTOCOL_THUNDER + +/* NDPI_PROTOCOL_THUNDER */ u_int32_t thunder_ts; -#endif -#ifdef NDPI_PROTOCOL_RTSP + +/* NDPI_PROTOCOL_RTSP */ u_int32_t rtsp_timer; -#endif -#ifdef NDPI_PROTOCOL_OSCAR + +/* NDPI_PROTOCOL_OSCAR */ u_int32_t oscar_last_safe_access_time; -#endif -#ifdef NDPI_PROTOCOL_ZATTOO + +/* NDPI_PROTOCOL_ZATTOO */ u_int32_t zattoo_ts; -#endif -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + +/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */ u_int32_t jabber_stun_or_ft_ts; -#endif -#ifdef NDPI_PROTOCOL_DIRECTCONNECT + +/* NDPI_PROTOCOL_DIRECTCONNECT */ u_int32_t directconnect_last_safe_access_time; -#endif -#ifdef NDPI_PROTOCOL_SOULSEEK + +/* NDPI_PROTOCOL_SOULSEEK */ u_int32_t soulseek_last_safe_access_time; -#endif -#ifdef NDPI_PROTOCOL_DIRECTCONNECT + +/* NDPI_PROTOCOL_DIRECTCONNECT */ u_int16_t detected_directconnect_port; u_int16_t detected_directconnect_udp_port; u_int16_t detected_directconnect_ssl_port; -#endif -#ifdef NDPI_PROTOCOL_BITTORRENT + +/* NDPI_PROTOCOL_BITTORRENT */ #define NDPI_BT_PORTS 8 u_int16_t bt_port_t[NDPI_BT_PORTS]; u_int16_t bt_port_u[NDPI_BT_PORTS]; -#endif -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + +/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */ #define JABBER_MAX_STUN_PORTS 6 u_int16_t jabber_voice_stun_port[JABBER_MAX_STUN_PORTS]; u_int16_t jabber_file_transfer_port[2]; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int16_t detected_gnutella_port; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int16_t detected_gnutella_udp_port1; u_int16_t detected_gnutella_udp_port2; -#endif -#ifdef NDPI_PROTOCOL_SOULSEEK + +/* NDPI_PROTOCOL_SOULSEEK */ u_int16_t soulseek_listen_port; -#endif -#ifdef NDPI_PROTOCOL_IRC + +/* NDPI_PROTOCOL_IRC */ u_int8_t irc_number_of_port; -#endif -#ifdef NDPI_PROTOCOL_OSCAR + +/* NDPI_PROTOCOL_OSCAR */ u_int8_t oscar_ssl_session_id[33]; -#endif -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + +/* NDPI_PROTOCOL_UNENCRYPTED_JABBER */ u_int8_t jabber_voice_stun_used_ports; -#endif -#ifdef NDPI_PROTOCOL_SIP -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_SIP */ +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_video_lan_dir:1; -#endif -#endif -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_conf_logged_in:1; u_int32_t yahoo_voice_conf_logged_in:1; -#endif -#ifdef NDPI_PROTOCOL_RTSP + +/* NDPI_PROTOCOL_RTSP */ u_int32_t rtsp_ts_set:1; -#endif }; /* ************************************************** */ struct ndpi_flow_tcp_struct { -#ifdef NDPI_PROTOCOL_MAIL_SMTP +/* NDPI_PROTOCOL_MAIL_SMTP */ u_int16_t smtp_command_bitmask; -#endif -#ifdef NDPI_PROTOCOL_MAIL_POP + +/* NDPI_PROTOCOL_MAIL_POP */ u_int16_t pop_command_bitmask; -#endif -#ifdef NDPI_PROTOCOL_QQ + +/* NDPI_PROTOCOL_QQ */ u_int16_t qq_nxt_len; -#endif -#ifdef NDPI_PROTOCOL_TDS + +/* NDPI_PROTOCOL_TDS */ u_int8_t tds_login_version; -#endif -#ifdef NDPI_PROTOCOL_IRC + +/* NDPI_PROTOCOL_IRC */ u_int8_t irc_stage; u_int8_t irc_port; -#endif -#ifdef NDPI_PROTOCOL_H323 +/* NDPI_PROTOCOL_H323 */ u_int8_t h323_valid_packets; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int8_t gnutella_msg_id[3]; -#endif -#ifdef NDPI_PROTOCOL_IRC + +/* NDPI_PROTOCOL_IRC */ u_int32_t irc_3a_counter:3; u_int32_t irc_stage2:5; u_int32_t irc_direction:2; u_int32_t irc_0x1000_full:1; -#endif -#ifdef NDPI_PROTOCOL_SOULSEEK + +/* NDPI_PROTOCOL_SOULSEEK */ u_int32_t soulseek_stage:2; -#endif -#ifdef NDPI_PROTOCOL_TDS + +/* NDPI_PROTOCOL_TDS */ u_int32_t tds_stage:3; -#endif -#ifdef NDPI_PROTOCOL_USENET + +/* NDPI_PROTOCOL_USENET */ u_int32_t usenet_stage:2; -#endif -#ifdef NDPI_PROTOCOL_IMESH + +/* NDPI_PROTOCOL_IMESH */ u_int32_t imesh_stage:4; -#endif -#ifdef NDPI_PROTOCOL_HTTP + +/* NDPI_PROTOCOL_HTTP */ u_int32_t http_setup_dir:2; u_int32_t http_stage:2; u_int32_t http_empty_line_seen:1; u_int32_t http_wait_for_retransmission:1; -#endif -#ifdef NDPI_PROTOCOL_GNUTELLA + +/* NDPI_PROTOCOL_GNUTELLA */ u_int32_t gnutella_stage:2; // 0 - 2 -#endif -#ifdef NDPI_CONTENT_MMS + +/* NDPI_CONTENT_MMS */ u_int32_t mms_stage:2; -#endif -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_sip_comm:1; u_int32_t yahoo_http_proxy_stage:2; -#endif -#ifdef NDPI_PROTOCOL_MSN + +/* NDPI_PROTOCOL_MSN */ u_int32_t msn_stage:3; u_int32_t msn_ssl_ft:2; -#endif -#ifdef NDPI_PROTOCOL_SSH + +/* NDPI_PROTOCOL_SSH */ u_int32_t ssh_stage:3; -#endif -#ifdef NDPI_PROTOCOL_VNC + +/* NDPI_PROTOCOL_VNC */ u_int32_t vnc_stage:2; // 0 - 3 -#endif -#ifdef NDPI_PROTOCOL_TELNET + +/* NDPI_PROTOCOL_TELNET */ u_int32_t telnet_stage:2; // 0 - 2 -#endif -#ifdef NDPI_PROTOCOL_SSL + +/* NDPI_PROTOCOL_SSL */ u_int8_t ssl_stage:2, ssl_seen_client_cert:1, ssl_seen_server_cert:1; // 0 - 5 -#endif -#ifdef NDPI_PROTOCOL_POSTGRES + +/* NDPI_PROTOCOL_POSTGRES */ u_int32_t postgres_stage:3; -#endif -#ifdef NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK + +/* NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK */ u_int32_t ddlink_server_direction:1; -#endif u_int32_t seen_syn:1; u_int32_t seen_syn_ack:1; u_int32_t seen_ack:1; -#ifdef NDPI_PROTOCOL_ICECAST + +/* NDPI_PROTOCOL_ICECAST */ u_int32_t icecast_stage:1; -#endif -#ifdef NDPI_PROTOCOL_DOFUS + +/* NDPI_PROTOCOL_DOFUS */ u_int32_t dofus_stage:1; -#endif -#ifdef NDPI_PROTOCOL_FIESTA + +/* NDPI_PROTOCOL_FIESTA */ u_int32_t fiesta_stage:2; -#endif -#ifdef NDPI_PROTOCOL_WORLDOFWARCRAFT + +/* NDPI_PROTOCOL_WORLDOFWARCRAFT */ u_int32_t wow_stage:2; -#endif -#ifdef NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV + +/* NDPI_PROTOCOL_HTTP_APPLICATION_VEOHTV */ u_int32_t veoh_tv_stage:2; -#endif -#ifdef NDPI_PROTOCOL_SHOUTCAST + +/* NDPI_PROTOCOL_SHOUTCAST */ u_int32_t shoutcast_stage:2; -#endif -#ifdef NDPI_PROTOCOL_RTP + +/* NDPI_PROTOCOL_RTP */ u_int32_t rtp_special_packets_seen:1; -#endif -#ifdef NDPI_PROTOCOL_MAIL_POP + +/* NDPI_PROTOCOL_MAIL_POP */ u_int32_t mail_pop_stage:2; -#endif -#ifdef NDPI_PROTOCOL_MAIL_IMAP + +/* NDPI_PROTOCOL_MAIL_IMAP */ u_int32_t mail_imap_stage:3, mail_imap_starttls:2; -#endif -#ifdef NDPI_PROTOCOL_SKYPE + +/* NDPI_PROTOCOL_SKYPE */ u_int8_t skype_packet_id; -#endif -#ifdef NDPI_PROTOCOL_CITRIX + +/* NDPI_PROTOCOL_CITRIX */ u_int8_t citrix_packet_id; -#endif -#ifdef NDPI_PROTOCOL_LOTUS_NOTES + +/* NDPI_PROTOCOL_LOTUS_NOTES */ u_int8_t lotus_notes_packet_id; -#endif -#ifdef NDPI_PROTOCOL_TEAMVIEWER + +/* NDPI_PROTOCOL_TEAMVIEWER */ u_int8_t teamviewer_stage; -#endif -#ifdef NDPI_PROTOCOL_ZMQ + +/* NDPI_PROTOCOL_ZMQ */ u_int8_t prev_zmq_pkt_len; u_char prev_zmq_pkt[10]; -#endif -#ifdef NDPI_PROTOCOL_PPSTREAM + +/* NDPI_PROTOCOL_PPSTREAM */ u_int32_t ppstream_stage:3; -#endif } #ifndef WIN32 __attribute__ ((__packed__)) @@ -611,55 +598,54 @@ struct ndpi_flow_tcp_struct { /* ************************************************** */ struct ndpi_flow_udp_struct { -#ifdef NDPI_PROTOCOL_BATTLEFIELD +/* NDPI_PROTOCOL_BATTLEFIELD */ u_int32_t battlefield_msg_id; -#endif -#ifdef NDPI_PROTOCOL_SNMP + +/* NDPI_PROTOCOL_SNMP */ u_int32_t snmp_msg_id; -#endif -#ifdef NDPI_PROTOCOL_BATTLEFIELD + +/* NDPI_PROTOCOL_BATTLEFIELD */ u_int32_t battlefield_stage:3; -#endif -#ifdef NDPI_PROTOCOL_SNMP + +/* NDPI_PROTOCOL_SNMP */ u_int32_t snmp_stage:2; -#endif -#ifdef NDPI_PROTOCOL_PPSTREAM + +/* NDPI_PROTOCOL_PPSTREAM */ u_int32_t ppstream_stage:3; // 0 - 7 -#endif -#ifdef NDPI_PROTOCOL_HALFLIFE2 + +/* NDPI_PROTOCOL_HALFLIFE2 */ u_int32_t halflife2_stage:2; // 0 - 2 -#endif -#ifdef NDPI_PROTOCOL_TFTP + +/* NDPI_PROTOCOL_TFTP */ u_int32_t tftp_stage:1; -#endif -#ifdef NDPI_PROTOCOL_AIMINI + +/* NDPI_PROTOCOL_AIMINI */ u_int32_t aimini_stage:5; -#endif -#ifdef NDPI_PROTOCOL_XBOX + +/* NDPI_PROTOCOL_XBOX */ u_int32_t xbox_stage:1; -#endif -#ifdef NDPI_PROTOCOL_WINDOWS_UPDATE + +/* NDPI_PROTOCOL_WINDOWS_UPDATE */ u_int32_t wsus_stage:1; -#endif -#ifdef NDPI_PROTOCOL_SKYPE + +/* NDPI_PROTOCOL_SKYPE */ u_int8_t skype_packet_id; -#endif -#ifdef NDPI_PROTOCOL_TEAMVIEWER + +/* NDPI_PROTOCOL_TEAMVIEWER */ u_int8_t teamviewer_stage; -#endif -#ifdef NDPI_PROTOCOL_EAQ + +/* NDPI_PROTOCOL_EAQ */ u_int8_t eaq_pkt_id; u_int32_t eaq_sequence; -#endif -#ifdef NDPI_PROTOCOL_RX + +/* NDPI_PROTOCOL_RX */ u_int32_t rx_conn_epoch; u_int32_t rx_conn_id; -#endif } #ifndef WIN32 __attribute__ ((__packed__)) -#endif ; +#endif /* ************************************************** */ @@ -684,7 +670,6 @@ struct ndpi_packet_struct { u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; u_int8_t detected_subprotocol_stack[NDPI_PROTOCOL_SIZE]; - #ifndef WIN32 __attribute__ ((__packed__)) #endif @@ -799,7 +784,7 @@ typedef enum { NDPI_CONTENT_CATEGORY_WINDOWSMEDIA, NDPI_CONTENT_CATEGORY_WEBM, - /* Out custom categories */ + /* Some custom categories */ CUSTOM_CATEGORY_MINING = 99, CUSTOM_CATEGORY_MALWARE = 100, CUSTOM_CATEGORY_ADVERTISEMENT = 101, @@ -962,19 +947,18 @@ struct ndpi_detection_module_struct { char ip_string[NDPI_IP_STRING_SIZE]; #endif u_int8_t ip_version_limit; -#ifdef NDPI_PROTOCOL_BITTORRENT +/* NDPI_PROTOCOL_BITTORRENT */ struct hash_ip4p_table *bt_ht; #ifdef NDPI_DETECTION_SUPPORT_IPV6 struct hash_ip4p_table *bt6_ht; #endif -#ifdef BT_ANNOUNCE + +/* BT_ANNOUNCE */ struct bt_announce *bt_ann; int bt_ann_len; -#endif -#endif -#ifdef NDPI_PROTOCOL_TINC + +/* NDPI_PROTOCOL_TINC */ struct cache *tinc_cache; -#endif ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; @@ -986,7 +970,8 @@ struct ndpi_detection_module_struct { void *hyperscan; /* Intel Hyperscan */ }; -#endif + +#endif /* NDPI_LIB_COMPILATION */ struct ndpi_flow_struct { u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; @@ -1102,95 +1087,91 @@ struct ndpi_flow_struct { NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask; -#ifdef NDPI_PROTOCOL_REDIS +/* NDPI_PROTOCOL_REDIS */ u_int8_t redis_s2d_first_char, redis_d2s_first_char; -#endif + u_int16_t packet_counter; // can be 0 - 65000 u_int16_t packet_direction_counter[2]; u_int16_t byte_counter[2]; -#ifdef NDPI_PROTOCOL_BITTORRENT +/* NDPI_PROTOCOL_BITTORRENT */ u_int8_t bittorrent_stage; // can be 0 - 255 -#endif -#ifdef NDPI_PROTOCOL_DIRECTCONNECT + +/* NDPI_PROTOCOL_DIRECTCONNECT */ u_int32_t directconnect_stage:2; // 0 - 1 -#endif -#ifdef NDPI_PROTOCOL_SIP -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t sip_yahoo_voice:1; -#endif -#endif -#ifdef NDPI_PROTOCOL_HTTP + +/* NDPI_PROTOCOL_HTTP */ u_int32_t http_detected:1; -#endif -#ifdef NDPI_PROTOCOL_RTSP + +/* NDPI_PROTOCOL_RTSP */ u_int32_t rtsprdt_stage:2; u_int32_t rtsp_control_flow:1; -#endif -#ifdef NDPI_PROTOCOL_YAHOO + +/* NDPI_PROTOCOL_YAHOO */ u_int32_t yahoo_detection_finished:2; -#endif -#ifdef NDPI_PROTOCOL_ZATTOO + +/* NDPI_PROTOCOL_ZATTOO */ u_int32_t zattoo_stage:3; -#endif -#ifdef NDPI_PROTOCOL_QQ + +/* NDPI_PROTOCOL_QQ */ u_int32_t qq_stage:3; -#endif -#ifdef NDPI_PROTOCOL_THUNDER + +/* NDPI_PROTOCOL_THUNDER */ u_int32_t thunder_stage:2; // 0 - 3 -#endif -#ifdef NDPI_PROTOCOL_OSCAR + +/* NDPI_PROTOCOL_OSCAR */ u_int32_t oscar_ssl_voice_stage:3; u_int32_t oscar_video_voice:1; -#endif -#ifdef NDPI_PROTOCOL_FLORENSIA + +/* NDPI_PROTOCOL_FLORENSIA */ u_int32_t florensia_stage:1; -#endif -#ifdef NDPI_PROTOCOL_SOCKS + +/* NDPI_PROTOCOL_SOCKS */ u_int32_t socks5_stage:2; // 0 - 3 u_int32_t socks4_stage:2; // 0 - 3 -#endif -#ifdef NDPI_PROTOCOL_EDONKEY + +/* NDPI_PROTOCOL_EDONKEY */ u_int32_t edonkey_stage:2; // 0 - 3 -#endif -#ifdef NDPI_PROTOCOL_FTP_CONTROL + +/* NDPI_PROTOCOL_FTP_CONTROL */ u_int32_t ftp_control_stage:2; -#endif -#ifdef NDPI_PROTOCOL_RTMP + +/* NDPI_PROTOCOL_RTMP */ u_int32_t rtmp_stage:2; -#endif -#ifdef NDPI_PROTOCOL_PANDO + +/* NDPI_PROTOCOL_PANDO */ u_int32_t pando_stage:3; -#endif -#ifdef NDPI_PROTOCOL_STEAM + +/* NDPI_PROTOCOL_STEAM */ u_int32_t steam_stage:3; u_int32_t steam_stage1:3; // 0 - 4 u_int32_t steam_stage2:2; // 0 - 2 u_int32_t steam_stage3:2; // 0 - 2 -#endif -#ifdef NDPI_PROTOCOL_PPLIVE + +/* NDPI_PROTOCOL_PPLIVE */ u_int32_t pplive_stage1:3; // 0 - 6 u_int32_t pplive_stage2:2; // 0 - 2 u_int32_t pplive_stage3:2; // 0 - 2 -#endif -#ifdef NDPI_PROTOCOL_STARCRAFT + +/* NDPI_PROTOCOL_STARCRAFT */ u_int32_t starcraft_udp_stage : 3; // 0-7 -#endif -#ifdef NDPI_PROTOCOL_OPENVPN + +/* NDPI_PROTOCOL_OPENVPN */ u_int8_t ovpn_session_id[8]; u_int8_t ovpn_counter; -#endif -#ifdef NDPI_PROTOCOL_TINC + +/* NDPI_PROTOCOL_TINC */ u_int8_t tinc_state; struct tinc_cache_entry tinc_cache_entry; -#endif -#ifdef NDPI_PROTOCOL_CSGO + +/* NDPI_PROTOCOL_CSGO */ u_int8_t csgo_strid[18],csgo_state,csgo_s2; u_int32_t csgo_id2; -#endif -#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) +/* NDPI_PROTOCOL_1KXUN || NDPI_PROTOCOL_IQIYI */ u_int16_t kxun_counter, iqiyi_counter; -#endif /* internal structures to save functions calls */ struct ndpi_packet_struct packet; @@ -1212,4 +1193,4 @@ typedef struct { u_int8_t value; } ndpi_network; -#endif/* __NDPI_TYPEDEFS_H__ */ +#endif /* __NDPI_TYPEDEFS_H__ */ diff --git a/src/lib/Makefile b/src/lib/Makefile new file mode 100644 index 000000000..2beca4516 --- /dev/null +++ b/src/lib/Makefile @@ -0,0 +1,24 @@ +# +# Simple non-autotools dependent makefile +# +# ./autogen.sh +# cd src/lib +# make -f Makefile.simple +# +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION +RANLIB=ranlib + +OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o +HEADERS = $(wildcard ../include/*.h) + +all: libndpi.a + +libndpi.a: $(OBJECTS) + ar rc $@ $(OBJECTS) + $(RANLIB) $@ + +%.o: %.c $(HEADERS) Makefile + $(CC) $(CFLAGS) -c $< -o $@ + +clean: + /bin/rm -f libndpi.a $(OBJECTS) diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am deleted file mode 100644 index 10a54c719..000000000 --- a/src/lib/Makefile.am +++ /dev/null @@ -1,181 +0,0 @@ -lib_LTLIBRARIES = libndpi.la - -CFLAGS += -fPIC -DPIC -DNDPI_LIB_COMPILATION # --coverage -libndpi_la_CPPFLAGS = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/lib/third_party/include/ @HS_INC@ -libndpi_la_LDFLAGS = -version-info 1:0:0 -export-symbols $(top_srcdir)/libndpi.sym - -libndpi_la_includedir = $(includedir)/libndpi-@VERSION@/libndpi - -libndpi_la_include_HEADERS = ../include/ndpi_api.h \ - ../include/ndpi_define.h \ - ../include/ndpi_main.h \ - ../include/ndpi_includes.h \ - ../include/ndpi_config.h \ - ../include/ndpi_protocol_ids.h \ - ../include/ndpi_protocols.h \ - ../include/ndpi_typedefs.h \ - third_party/include/libcache.h - -libndpi_la_SOURCES = ndpi_content_match.c.inc \ - ndpi_main.c \ - protocols/afp.c \ - protocols/ajp.c \ - protocols/aimini.c \ - protocols/applejuice.c \ - protocols/apple_push.c \ - protocols/armagetron.c \ - protocols/ayiya.c \ - protocols/amqp.c \ - protocols/battlefield.c \ - protocols/bgp.c \ - protocols/bittorrent.c \ - protocols/bjnp.c \ - protocols/checkmk.c \ - protocols/ciscovpn.c \ - protocols/citrix.c \ - protocols/coap.c \ - protocols/collectd.c \ - protocols/corba.c \ - protocols/crossfire.c \ - protocols/csgo.c \ - protocols/dcerpc.c \ - protocols/dhcp.c \ - protocols/dhcpv6.c \ - protocols/diameter.c \ - protocols/directconnect.c \ - protocols/directdownloadlink.c \ - protocols/dns.c \ - protocols/dofus.c \ - protocols/drda.c \ - protocols/dropbox.c \ - protocols/eaq.c \ - protocols/edonkey.c \ - protocols/fasttrack.c \ - protocols/fbzero.c \ - protocols/fiesta.c \ - protocols/fix.c \ - protocols/florensia.c \ - protocols/ftp_control.c \ - protocols/ftp_data.c \ - protocols/git.c \ - protocols/gnutella.c \ - protocols/gtp.c \ - protocols/guildwars.c \ - protocols/hangout.c \ - protocols/h323.c \ - protocols/halflife2_and_mods.c \ - protocols/hep.c \ - protocols/http_activesync.c \ - protocols/http.c \ - protocols/iax.c \ - protocols/icecast.c \ - protocols/ipp.c \ - protocols/irc.c \ - protocols/jabber.c \ - protocols/kakaotalk_voice.c \ - protocols/kerberos.c \ - protocols/kontiki.c \ - protocols/ldap.c \ - protocols/lotus_notes.c \ - protocols/lisp.c \ - protocols/mail_imap.c \ - protocols/mail_pop.c \ - protocols/mail_smtp.c \ - protocols/maplestory.c \ - protocols/mdns.c \ - protocols/megaco.c \ - protocols/mgcp.c \ - protocols/mpegts.c \ - protocols/mqtt.c \ - protocols/msn.c \ - protocols/mssql_tds.c \ - protocols/mysql.c \ - protocols/netbios.c \ - protocols/netflow.c \ - protocols/nintendo.c \ - protocols/nfs.c \ - protocols/noe.c \ - protocols/non_tcp_udp.c \ - protocols/ntp.c \ - protocols/openft.c \ - protocols/openvpn.c \ - protocols/oracle.c \ - protocols/oscar.c \ - protocols/pando.c \ - protocols/pcanywhere.c \ - protocols/postgres.c \ - protocols/pplive.c \ - protocols/ppstream.c \ - protocols/pptp.c \ - protocols/qq.c \ - protocols/quic.c \ - protocols/radius.c \ - protocols/rdp.c \ - protocols/redis_net.c \ - protocols/rsync.c \ - protocols/rtcp.c \ - protocols/rtmp.c \ - protocols/rtp.c \ - protocols/rtsp.c \ - protocols/rx.c \ - protocols/sflow.c \ - protocols/shoutcast.c \ - protocols/sip.c \ - protocols/skinny.c \ - protocols/skype.c \ - protocols/smb.c \ - protocols/snmp.c \ - protocols/socks45.c \ - protocols/sopcast.c \ - protocols/soulseek.c \ - protocols/spotify.c \ - protocols/ssdp.c \ - protocols/ssh.c \ - protocols/ssl.c \ - protocols/starcraft.c \ - protocols/stealthnet.c \ - protocols/steam.c \ - protocols/stun.c \ - protocols/syslog.c \ - protocols/tcp_udp.c \ - protocols/teamspeak.c \ - protocols/teamviewer.c \ - protocols/telegram.c \ - protocols/telnet.c \ - protocols/tftp.c \ - protocols/thunder.c \ - protocols/tor.c \ - protocols/teredo.c \ - protocols/tvants.c \ - protocols/tvuplayer.c \ - protocols/ubntac2.c \ - protocols/usenet.c \ - protocols/viber.c \ - protocols/vhua.c \ - protocols/vmware.c \ - protocols/vnc.c \ - protocols/warcraft3.c \ - protocols/whoisdas.c \ - protocols/world_of_kung_fu.c \ - protocols/world_of_warcraft.c \ - protocols/xbox.c \ - protocols/xdmcp.c \ - protocols/yahoo.c \ - protocols/zattoo.c \ - protocols/zeromq.c \ - protocols/smpp.c \ - protocols/tinc.c \ - protocols/someip.c \ - protocols/whatsapp.c \ - third_party/include/actypes.h \ - third_party/include/ahocorasick.h \ - third_party/include/ndpi_patricia.h \ - third_party/include/node.h \ - third_party/include/sort.h \ - third_party/include/libcache.h \ - third_party/src/ahocorasick.c \ - third_party/src/node.c \ - third_party/src/sort.c \ - third_party/src/libcache.c - -EXTRA_DIST = third_party/src/ndpi_patricia.c diff --git a/src/lib/Makefile.simple b/src/lib/Makefile.simple deleted file mode 100644 index 1aae55636..000000000 --- a/src/lib/Makefile.simple +++ /dev/null @@ -1,22 +0,0 @@ -# -# Simple non-autotools dependent makefile -# -# ./autogen.sh -# cd src/lib -# make -f Makefile.simple -# -CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -RANLIB=ranlib - -OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o -HEADERS = $(wildcard ../include/*.h) - -libndpi.a: $(OBJECTS) - ar rc $@ $(OBJECTS) - $(RANLIB) $@ - -%.o: %.c $(HEADERS) Makefile - $(CC) $(CFLAGS) -c $< -o $@ - -clean: - /bin/rm -f libndpi.a $(OBJECTS) \ No newline at end of file diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 42031fc2b..38c8ef70f 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7946,9 +7946,8 @@ static ndpi_network host_protocol_list[] = { /* VidTO - */ - - { 0x51111030 /* 81.17.16.48/32 */, 32, NDPI_PROTOCOL_VIDTO }, + */ + { 0x51111030 /* 81.17.16.48/32 */, 32, NDPI_PROTOCOL_VIDTO }, { 0x5fb7329d /* 95.183.50.157/32 */, 32, NDPI_PROTOCOL_VIDTO }, { 0x577824f2 /* 87.120.36.242/32 */, 32, NDPI_PROTOCOL_VIDTO }, @@ -8212,8 +8211,6 @@ ndpi_protocol_match host_match[] = { { "static-cdn.jtvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "www-cdn.jtvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "quickplay.com", NULL, NULL, "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qq.com", NULL, NULL, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".gtimg.com", NULL, NULL, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, @@ -8316,17 +8313,6 @@ ndpi_protocol_match host_match[] = { { "githubusercontent.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".githubusercontent.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".iqiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".71.am", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - - { ".ppstream.com", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".pps.tv", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - - { ".1kxun.", NULL, NULL, "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", NULL, NULL, "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".steampowered.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".steamcontent.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -8353,8 +8339,6 @@ ndpi_protocol_match host_match[] = { { ".playstation.com", NULL, NULL, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".sonyentertainmentnetwork.com", NULL, NULL,"Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".pastebin.com", NULL, NULL, "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".linkedin.com", NULL, NULL, "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".licdn.com", NULL, NULL, "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8366,17 +8350,42 @@ ndpi_protocol_match host_match[] = { { "tdesktop.com", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { "tupdate.com", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".pastebin.com", NULL, NULL, "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + + { ".ppstream.com", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".pps.tv", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + + /* + VidTO streaming service + NOTE: this is a possible candidate for NDPI_PROTOCOL_GENERIC + */ + { ".vidto.me", NULL, NULL, "VidTO", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".vidto.se", NULL, NULL, "VidTO", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".vidto.me", NULL, NULL, "VidTO", NDPI_PROTOCOL_VIDTO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".vidto.se", NULL, NULL, "VidTO", NDPI_PROTOCOL_VIDTO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + /* + Not so popular services without a protocl dissector (and thus not worth a protocolId) that are handled/detected by categpory rather + than by protocol id. They are bound to a generic protocol (NDPI_PROTOCOL_GENERIC) and placed onto the right category + */ + { "quickplay.com", NULL, NULL, "QuickPlay", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".rapidvideo.com", NULL, NULL, "RapidVideo", NDPI_PROTOCOL_RAPIDVIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".playercdn.net", NULL, NULL, "RapidVideo", NDPI_PROTOCOL_RAPIDVIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".iqiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".71.am", NULL, NULL, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyipic.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + + { ".1kxun.", NULL, NULL, "1kxun", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "tcad.wedolook.com", NULL, NULL, "1kxun", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + + { ".icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + + /* RapidVideo streaming */ + { ".rapidvideo.com", NULL, NULL, "RapidVideo", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".playercdn.net", NULL, NULL, "RapidVideo", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "showmax.com", NULL, NULL, "Showmax", NDPI_PROTOCOL_SHOWMAX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "showmax.akamaized.net", NULL, NULL, "Showmax", NDPI_PROTOCOL_SHOWMAX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + /* showmax.com video streaming */ + { "showmax.com", NULL, NULL, "Showmax", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "showmax.akamaized.net", NULL, NULL, "Showmax", NDPI_PROTOCOL_GENERIC, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { NULL, NULL, NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index dc090b698..5396187cd 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1495,9 +1495,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Guildwars", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_ACTIVESYNC, no_master, - no_master, "HTTP_Application_ActiveSync", NDPI_PROTOCOL_CATEGORY_CLOUD, + no_master, "HTTP_ActiveSync", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KERBEROS, @@ -1917,8 +1917,6 @@ static int ac_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, void *param) { /* ******************************************************************** */ -#ifdef NDPI_PROTOCOL_TOR - static int fill_prefix_v4(prefix_t *p, struct in_addr *a, int b, int mb) { do { if(b < 0 || b > mb) @@ -1995,6 +1993,7 @@ static patricia_node_t* add_to_ptree(patricia_tree_t *tree, int family, return(node); } + /* ******************************************* */ static void ndpi_init_ptree_ipv4(struct ndpi_detection_module_struct *ndpi_str, @@ -2006,7 +2005,8 @@ static void ndpi_init_ptree_ipv4(struct ndpi_detection_module_struct *ndpi_str, patricia_node_t *node; pin.s_addr = htonl(host_list[i].network); - if((node = add_to_ptree(ptree, AF_INET, &pin, host_list[i].cidr /* bits */)) != NULL) + if((node = add_to_ptree(ptree, AF_INET, + &pin, host_list[i].cidr /* bits */)) != NULL) node->value.user_value = host_list[i].value; } } @@ -2036,8 +2036,6 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp return 0; } -#endif - void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)) { _ndpi_malloc = __ndpi_malloc; } void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)) { _ndpi_flow_malloc = __ndpi_flow_malloc; } @@ -2293,13 +2291,13 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct ndpi_free(ndpi_struct->proto_defaults[i].protoName); } -#ifdef NDPI_PROTOCOL_TINC +/* NDPI_PROTOCOL_TINC */ if(ndpi_struct->tinc_cache) cache_free((cache_t)(ndpi_struct->tinc_cache)); -#endif if(ndpi_struct->protocols_ptree) - ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, free_ptree_data); + ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, + free_ptree_data); if (ndpi_struct->udpRoot != NULL) ndpi_tdestroy(ndpi_struct->udpRoot, ndpi_free); @@ -2358,7 +2356,8 @@ int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_ u_int16_t** tcp_master_proto, u_int16_t** udp_master_proto) { if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) { - *tcp_master_proto = *udp_master_proto = NDPI_PROTOCOL_UNKNOWN; + *tcp_master_proto = ndpi_struct->proto_defaults[NDPI_PROTOCOL_UNKNOWN].master_tcp_protoId, + *udp_master_proto = ndpi_struct->proto_defaults[NDPI_PROTOCOL_UNKNOWN].master_udp_protoId; return(-1); } @@ -2566,12 +2565,12 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, else removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); } else if(is_ip) { -#ifdef NDPI_PROTOCOL_TOR +/* NDPI_PROTOCOL_TOR */ ndpi_add_host_ip_subprotocol(ndpi_mod, value, subprotocol_id); -#endif } else { if(do_add) - ndpi_add_host_url_subprotocol(ndpi_mod, value, subprotocol_id, NDPI_PROTOCOL_ACCEPTABLE); + ndpi_add_host_url_subprotocol(ndpi_mod, value, subprotocol_id, +NDPI_PROTOCOL_ACCEPTABLE); else ndpi_remove_host_url_subprotocol(ndpi_mod, value, subprotocol_id); } diff --git a/src/lib/protocols/afp.c b/src/lib/protocols/afp.c index ee8dc5973..ffe303cea 100644 --- a/src/lib/protocols/afp.c +++ b/src/lib/protocols/afp.c @@ -1,8 +1,8 @@ /* * afp.c * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2009-11 by ipoque GmbH + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_AFP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AFP #include "ndpi_api.h" @@ -100,5 +98,3 @@ void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c index fb439f817..dec8118c2 100644 --- a/src/lib/protocols/aimini.c +++ b/src/lib/protocols/aimini.c @@ -2,7 +2,7 @@ * aimini.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_AIMINI - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AIMINI #include "ndpi_api.h" @@ -293,5 +291,3 @@ void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/ajp.c b/src/lib/protocols/ajp.c index ed7bb83f7..7cae40f20 100644 --- a/src/lib/protocols/ajp.c +++ b/src/lib/protocols/ajp.c @@ -22,8 +22,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_AJP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AJP #include "ndpi_api.h" @@ -149,5 +147,3 @@ void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c index 6b530c16d..793b3699e 100644 --- a/src/lib/protocols/amqp.c +++ b/src/lib/protocols/amqp.c @@ -1,7 +1,7 @@ /* * amqp.c * - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_AMQP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AMQP #include "ndpi_api.h" @@ -87,4 +85,3 @@ void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c index 734be6e96..6930dba86 100644 --- a/src/lib/protocols/apple_push.c +++ b/src/lib/protocols/apple_push.c @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_APPLE_PUSH - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLE_PUSH #include "ndpi_api.h" @@ -76,6 +74,3 @@ void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - - -#endif diff --git a/src/lib/protocols/applejuice.c b/src/lib/protocols/applejuice.c index a80c39d7f..95e6b4458 100644 --- a/src/lib/protocols/applejuice.c +++ b/src/lib/protocols/applejuice.c @@ -2,7 +2,7 @@ * applejuice.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_APPLEJUICE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLEJUICE #include "ndpi_api.h" @@ -67,5 +65,3 @@ void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/armagetron.c b/src/lib/protocols/armagetron.c index 7f4fb9ec0..53c36a5f9 100644 --- a/src/lib/protocols/armagetron.c +++ b/src/lib/protocols/armagetron.c @@ -2,7 +2,7 @@ * armagetron.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_ARMAGETRON - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ARMAGETRON #include "ndpi_api.h" @@ -109,6 +107,3 @@ void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - - -#endif diff --git a/src/lib/protocols/attic/flash.c b/src/lib/protocols/attic/flash.c index bc47ee881..eb27807d7 100644 --- a/src/lib/protocols/attic/flash.c +++ b/src/lib/protocols/attic/flash.c @@ -2,7 +2,7 @@ * flash.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/attic/ftp.c b/src/lib/protocols/attic/ftp.c index 2e06aec9a..19604089c 100644 --- a/src/lib/protocols/attic/ftp.c +++ b/src/lib/protocols/attic/ftp.c @@ -2,7 +2,7 @@ * ftp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/attic/manolito.c b/src/lib/protocols/attic/manolito.c index 3b1db0df5..71fdaeaff 100644 --- a/src/lib/protocols/attic/manolito.c +++ b/src/lib/protocols/attic/manolito.c @@ -2,7 +2,7 @@ * manolito.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/attic/popo.c b/src/lib/protocols/attic/popo.c index 4bd040efe..c5b0447df 100644 --- a/src/lib/protocols/attic/popo.c +++ b/src/lib/protocols/attic/popo.c @@ -2,7 +2,7 @@ * popo.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/attic/secondlife.c b/src/lib/protocols/attic/secondlife.c index d475dc386..487c03597 100644 --- a/src/lib/protocols/attic/secondlife.c +++ b/src/lib/protocols/attic/secondlife.c @@ -2,7 +2,7 @@ * secondlife.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c index bc993cfe3..c44c723b5 100644 --- a/src/lib/protocols/ayiya.c +++ b/src/lib/protocols/ayiya.c @@ -1,7 +1,7 @@ /* * ayiya.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -28,8 +28,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_AYIYA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AYIYA #include "ndpi_api.h" @@ -85,5 +83,3 @@ void init_ayiya_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/battlefield.c b/src/lib/protocols/battlefield.c index 23a3749b2..b4ec74cfe 100644 --- a/src/lib/protocols/battlefield.c +++ b/src/lib/protocols/battlefield.c @@ -2,7 +2,7 @@ * battlefield.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_BATTLEFIELD - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BATTLEFIELD #include "ndpi_api.h" @@ -126,5 +124,3 @@ void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/bgp.c b/src/lib/protocols/bgp.c index f7896968b..aaa5730f7 100644 --- a/src/lib/protocols/bgp.c +++ b/src/lib/protocols/bgp.c @@ -1,7 +1,7 @@ /* * bgp.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_BGP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BGP #include "ndpi_api.h" @@ -67,5 +65,3 @@ void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index fceafc188..ad7de6b42 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_BITTORRENT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BITTORRENT #include "ndpi_api.h" @@ -503,5 +501,3 @@ void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c index f9f690308..759f810be 100644 --- a/src/lib/protocols/bjnp.c +++ b/src/lib/protocols/bjnp.c @@ -1,16 +1,14 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_BJNP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BJNP #include "ndpi_api.h" static void ndpi_int_bjnp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - u_int8_t due_to_correlation) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BJNP, NDPI_PROTOCOL_UNKNOWN); + u_int8_t due_to_correlation) { + ndpi_set_detected_protocol(ndpi_struct, flow, + NDPI_PROTOCOL_BJNP, NDPI_PROTOCOL_UNKNOWN); } @@ -61,7 +59,3 @@ void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ADD_TO_DETECTION_BITMASK); *id += 1; } - - - -#endif diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index 4a63ebc31..5992c1b28 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -1,7 +1,7 @@ /* * btlib.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * Contributed by Vitaly Lavrov * * This file is part of nDPI, an open source deep packet inspection diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c index 81ac543b6..991885fce 100644 --- a/src/lib/protocols/checkmk.c +++ b/src/lib/protocols/checkmk.c @@ -1,7 +1,7 @@ /* * checkmk.c * - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_CHECKMK - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CHECKMK #include "ndpi_api.h" @@ -82,6 +80,3 @@ void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, ADD_TO_DETECTION_BITMASK); *id += 1; } - - -#endif diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c index e04fba936..d98f91e02 100644 --- a/src/lib/protocols/ciscovpn.c +++ b/src/lib/protocols/ciscovpn.c @@ -6,8 +6,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_CISCOVPN - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CISCOVPN #include "ndpi_api.h" @@ -84,5 +82,3 @@ void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c index 7d6406bff..89e520815 100644 --- a/src/lib/protocols/citrix.c +++ b/src/lib/protocols/citrix.c @@ -1,7 +1,7 @@ /* * citrix.c * - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_CITRIX - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CITRIX #include "ndpi_api.h" @@ -95,5 +93,3 @@ void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c index 288d15f23..5ac8cb80e 100644 --- a/src/lib/protocols/coap.c +++ b/src/lib/protocols/coap.c @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_COAP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_COAP #include "ndpi_api.h" @@ -163,5 +161,3 @@ void init_coap_dissector (struct ndpi_detection_module_struct *ndpi_struct, *id +=1; } - -#endif // NDPI_PROTOCOL_COAP diff --git a/src/lib/protocols/collectd.c b/src/lib/protocols/collectd.c index 2d4a06bb3..6f96871ea 100644 --- a/src/lib/protocols/collectd.c +++ b/src/lib/protocols/collectd.c @@ -1,7 +1,7 @@ /* * collectd.c * - * Copyright (C) 2014 - ntop.org + * Copyright (C) 2014-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -21,8 +21,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_COLLECTD - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_COLLECTD #include "ndpi_api.h" @@ -54,5 +52,3 @@ void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, stru NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } - -#endif diff --git a/src/lib/protocols/corba.c b/src/lib/protocols/corba.c index 94e9f324a..ffb12fec1 100644 --- a/src/lib/protocols/corba.c +++ b/src/lib/protocols/corba.c @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_CORBA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CORBA #include "ndpi_api.h" @@ -60,4 +58,3 @@ void init_corba_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in ADD_TO_DETECTION_BITMASK); *id += 1; } -#endif diff --git a/src/lib/protocols/crossfire.c b/src/lib/protocols/crossfire.c index ea1dce66a..03f3b4264 100644 --- a/src/lib/protocols/crossfire.c +++ b/src/lib/protocols/crossfire.c @@ -1,7 +1,7 @@ /* * crossfire.c * - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_CROSSFIRE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CROSSFIRE #include "ndpi_api.h" @@ -88,5 +86,3 @@ void init_crossfire_dissector(struct ndpi_detection_module_struct *ndpi_struct, ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c index 3bf0b4fe9..7f4479419 100644 --- a/src/lib/protocols/csgo.c +++ b/src/lib/protocols/csgo.c @@ -22,8 +22,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_CSGO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CSGO #include "ndpi_api.h" @@ -122,5 +120,3 @@ void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif diff --git a/src/lib/protocols/dcerpc.c b/src/lib/protocols/dcerpc.c index 3aef077cd..ae1266a01 100644 --- a/src/lib/protocols/dcerpc.c +++ b/src/lib/protocols/dcerpc.c @@ -1,7 +1,7 @@ /* * dcerpc.c * - * Copyright (C) 2011-13 by ntop.org + * Copyright (C) 2011-18 by ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DCERPC - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DCERPC #include "ndpi_api.h" @@ -69,4 +67,3 @@ void init_dcerpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index 6ac07e832..52415946b 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -1,7 +1,7 @@ /* * dhcp.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DHCP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCP #include "ndpi_api.h" @@ -166,5 +164,3 @@ void init_dhcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/dhcpv6.c b/src/lib/protocols/dhcpv6.c index 98ed08cda..77be89e40 100644 --- a/src/lib/protocols/dhcpv6.c +++ b/src/lib/protocols/dhcpv6.c @@ -2,7 +2,7 @@ * dhcpv6.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DHCPV6 - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCPV6 #include "ndpi_api.h" @@ -68,5 +66,3 @@ void init_dhcpv6_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/diameter.c b/src/lib/protocols/diameter.c index f2f342914..7fb443c34 100644 --- a/src/lib/protocols/diameter.c +++ b/src/lib/protocols/diameter.c @@ -2,7 +2,6 @@ * diameter.c * * Copyright (C) 2018 - ntop.org - * Written by Michele Campus - * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -19,12 +18,12 @@ * * You should have received a copy of the GNU Lesser General Public License * along with nDPI. If not, see . - * + * + * Based on code of: + * Michele Campus - */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DIAMETER - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIAMETER #include "ndpi_api.h" @@ -128,5 +127,3 @@ void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } -#endif /* NDPI_PROTOCOL_DIAMETER */ - diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index 725e53348..6072c3697 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -2,7 +2,7 @@ * directconnect.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DIRECTCONNECT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECTCONNECT #include "ndpi_api.h" @@ -446,5 +444,3 @@ void init_directconnect_dissector(struct ndpi_detection_module_struct *ndpi_stru *id += 1; } - -#endif diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index 0a4d528f2..cd8243786 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -2,7 +2,7 @@ * directdownloadlink.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-14svn - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK #include "ndpi_api.h" @@ -731,4 +729,4 @@ void init_directdownloadlink_dissector(struct ndpi_detection_module_struct *ndpi *id += 1; } -#endif + diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 7b56c3c02..6ffa74a27 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -1,7 +1,7 @@ /* * dns.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DNS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DNS #include "ndpi_api.h" @@ -247,5 +245,3 @@ void init_dns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/dofus.c b/src/lib/protocols/dofus.c index baed6c262..997f999a0 100644 --- a/src/lib/protocols/dofus.c +++ b/src/lib/protocols/dofus.c @@ -2,7 +2,7 @@ * dofus.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DOFUS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DOFUS #include "ndpi_api.h" @@ -151,4 +149,4 @@ void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } -#endif + diff --git a/src/lib/protocols/drda.c b/src/lib/protocols/drda.c index 72d708d13..7dc24ffcc 100644 --- a/src/lib/protocols/drda.c +++ b/src/lib/protocols/drda.c @@ -1,7 +1,7 @@ /* * drda.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -19,8 +19,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DRDA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DRDA #include "ndpi_api.h" @@ -103,5 +101,3 @@ void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif /* NDPI_PROTOCOL_DRDA */ diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index 6e8a2dcb0..b987ba253 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -1,7 +1,7 @@ /* * dropbox.c * - * Copyright (C) 2012-16 by ntop.org + * Copyright (C) 2012-18 by ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DROPBOX - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DROPBOX #include "ndpi_api.h" @@ -91,7 +89,3 @@ void init_dropbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ADD_TO_DETECTION_BITMASK); *id += 1; } - - - -#endif diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c index 3929b4ef6..2082b5263 100644 --- a/src/lib/protocols/eaq.c +++ b/src/lib/protocols/eaq.c @@ -1,7 +1,7 @@ /* * eaq.c * - * Copyright (C) 2015 - ntop.org + * Copyright (C) 2015-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -27,8 +27,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_EAQ - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EAQ #include "ndpi_api.h" @@ -88,5 +86,3 @@ void init_eaq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c index 34276bbcb..3a4801ab1 100644 --- a/src/lib/protocols/edonkey.c +++ b/src/lib/protocols/edonkey.c @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_EDONKEY - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EDONKEY #include "ndpi_api.h" @@ -225,4 +223,3 @@ void init_edonkey_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c index 016a15621..074468558 100644 --- a/src/lib/protocols/fasttrack.c +++ b/src/lib/protocols/fasttrack.c @@ -2,7 +2,7 @@ * fasttrack.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_FASTTRACK - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FASTTRACK #include "ndpi_api.h" @@ -94,5 +92,3 @@ void init_fasttrack_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/fbzero.c b/src/lib/protocols/fbzero.c index 31acd0c9a..3048bff79 100644 --- a/src/lib/protocols/fbzero.c +++ b/src/lib/protocols/fbzero.c @@ -22,8 +22,6 @@ /* https://code.facebook.com/posts/608854979307125/building-zero-protocol-for-fast-secure-mobile-connections/ */ -#ifdef NDPI_PROTOCOL_FBZERO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FBZERO #include "ndpi_api.h" @@ -129,4 +127,3 @@ void init_fbzero_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/fiesta.c b/src/lib/protocols/fiesta.c index 9a9c78852..dc7a86fd4 100644 --- a/src/lib/protocols/fiesta.c +++ b/src/lib/protocols/fiesta.c @@ -2,7 +2,7 @@ * fiesta.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_FIESTA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FIESTA #include "ndpi_api.h" @@ -105,4 +103,3 @@ void init_fiesta_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/fix.c b/src/lib/protocols/fix.c index 4f3f9849b..3cc9e070c 100644 --- a/src/lib/protocols/fix.c +++ b/src/lib/protocols/fix.c @@ -1,7 +1,7 @@ /* * fix.c * - * Copyright (C) 2017 - ntop.org + * Copyright (C) 2017-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_FIX - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FIX #include "ndpi_api.h" @@ -75,6 +73,3 @@ void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 ADD_TO_DETECTION_BITMASK); *id += 1; } - - -#endif diff --git a/src/lib/protocols/florensia.c b/src/lib/protocols/florensia.c index 217874a6a..cca63485f 100644 --- a/src/lib/protocols/florensia.c +++ b/src/lib/protocols/florensia.c @@ -2,7 +2,7 @@ * florensia.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_FLORENSIA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FLORENSIA #include "ndpi_api.h" @@ -129,5 +127,3 @@ void init_florensia_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index f23476db0..893f83d68 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -1,7 +1,7 @@ /* * ftp_control.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_FTP_CONTROL - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FTP_CONTROL #include "ndpi_api.h" @@ -1014,5 +1012,3 @@ void init_ftp_control_dissector(struct ndpi_detection_module_struct *ndpi_struct *id += 1; } - -#endif diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c index ec1e8d7d8..8d3e6fa8c 100644 --- a/src/lib/protocols/ftp_data.c +++ b/src/lib/protocols/ftp_data.c @@ -1,7 +1,7 @@ /* * ftp_data.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * The signature is based on the Libprotoident library. * @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_FTP_DATA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FTP_DATA #include "ndpi_api.h" @@ -258,5 +256,3 @@ void init_ftp_data_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } - -#endif diff --git a/src/lib/protocols/git.c b/src/lib/protocols/git.c index 0b4192289..1e358d79b 100644 --- a/src/lib/protocols/git.c +++ b/src/lib/protocols/git.c @@ -1,7 +1,7 @@ /* * git.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_GIT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GIT #include @@ -73,7 +71,6 @@ void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, /* ***************************************************************** */ - void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { @@ -86,5 +83,3 @@ void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif /* NDPI_PROTOCOL_GIT */ diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c index 295cfaecd..5bc2980cc 100644 --- a/src/lib/protocols/gnutella.c +++ b/src/lib/protocols/gnutella.c @@ -2,7 +2,7 @@ * gnutella.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_GNUTELLA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GNUTELLA #include "ndpi_api.h" @@ -371,5 +369,3 @@ void init_gnutella_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } - -#endif diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c index 0bdc4d8ee..ffe2b2498 100644 --- a/src/lib/protocols/gtp.c +++ b/src/lib/protocols/gtp.c @@ -1,7 +1,7 @@ /* * gtp.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_GTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GTP #include "ndpi_api.h" @@ -89,5 +87,3 @@ void init_gtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/guildwars.c b/src/lib/protocols/guildwars.c index 7b6581851..1cf3888cf 100644 --- a/src/lib/protocols/guildwars.c +++ b/src/lib/protocols/guildwars.c @@ -2,7 +2,7 @@ * guildwars.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_GUILDWARS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GUILDWARS #include "ndpi_api.h" @@ -78,5 +76,3 @@ void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c index 31c353a27..ddbcdadf3 100644 --- a/src/lib/protocols/h323.c +++ b/src/lib/protocols/h323.c @@ -1,16 +1,13 @@ /* * h323.c * - * Copyright (C) 2015 ntop.org + * Copyright (C) 2015-18 ntop.org * Copyright (C) 2013 Remy Mudingay * */ - #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_H323 - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_H323 #include "ndpi_api.h" @@ -115,5 +112,3 @@ void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif diff --git a/src/lib/protocols/halflife2_and_mods.c b/src/lib/protocols/halflife2_and_mods.c index 5319424fa..446703220 100644 --- a/src/lib/protocols/halflife2_and_mods.c +++ b/src/lib/protocols/halflife2_and_mods.c @@ -2,7 +2,7 @@ * halflife2_and_mods.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_HALFLIFE2 - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HALFLIFE2 #include "ndpi_api.h" @@ -77,5 +75,3 @@ void init_halflife2_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index de35653ea..fc94aad5f 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -1,7 +1,7 @@ /* * hangout.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_HANGOUT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HANGOUT #include "ndpi_api.h" @@ -109,4 +107,3 @@ void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif /* NDPI_PROTOCOL_HANGOUT */ diff --git a/src/lib/protocols/hep.c b/src/lib/protocols/hep.c index 1c7617c88..02a559af8 100644 --- a/src/lib/protocols/hep.c +++ b/src/lib/protocols/hep.c @@ -2,7 +2,7 @@ * hep.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * Copyright (C) 2011-15 - QXIP BV * * This file is part of nDPI, an open source deep packet inspection @@ -26,8 +26,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_HEP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HEP #include "ndpi_api.h" @@ -45,16 +43,17 @@ void ndpi_search_hep(struct ndpi_detection_module_struct *ndpi_struct, struct nd const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - NDPI_LOG_DBG(ndpi_struct, "searching HEP\n"); - if (payload_len > 10) { - if (memcmp(packet_payload, "HEP3", 4) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found HEP3\n"); - ndpi_int_hep_add_connection(ndpi_struct, flow); - return; - } - } + NDPI_LOG_DBG(ndpi_struct, "searching HEP\n"); + + if(payload_len > 10) { + if(memcmp(packet_payload, "HEP3", 4) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found HEP3\n"); + ndpi_int_hep_add_connection(ndpi_struct, flow); + return; + } + } - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -69,5 +68,3 @@ void init_hep_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index ac5b9d173..e03b48710 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -1,7 +1,7 @@ /* * http.c * - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_HTTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP #include "ndpi_api.h" @@ -121,7 +119,6 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str } #endif -#ifdef NDPI_PROTOCOL_TEAMVIEWER static void teamviewer_check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -140,10 +137,7 @@ static void teamviewer_check_http_payload(struct ndpi_detection_module_struct *n ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TEAMVIEWER); } } -#endif - -#ifdef NDPI_PROTOCOL_RTSP static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -154,7 +148,6 @@ static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RTSP); } } -#endif static void setHttpUserAgent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *ua) { @@ -428,25 +421,20 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(packet->accept_line.ptr != NULL) { NDPI_LOG_DBG2(ndpi_struct, "Accept line found %.*s\n", packet->accept_line.len, packet->accept_line.ptr); -#ifdef NDPI_PROTOCOL_RTSP - if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_RTSP) != 0) { + if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, + NDPI_PROTOCOL_RTSP) != 0) { rtsp_parse_packet_acceptline(ndpi_struct, flow); } -#endif } /* search for line startin with "Icy-MetaData" */ -#ifdef NDPI_CONTENT_CATEGORY_MPEG - for (a = 0; a < packet->parsed_lines; a++) { + for (a = 0; a < packet->parsed_lines; a++) { if(packet->line[a].len > 11 && memcmp(packet->line[a].ptr, "Icy-MetaData", 12) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found MPEG: Icy-MetaData\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_CATEGORY_MPEG); - return; - } + NDPI_LOG_INFO(ndpi_struct, "found MPEG: Icy-MetaData\n"); + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_CATEGORY_MPEG); + return; + } } -#ifdef NDPI_CONTENT_CATEGORY_AVI -#endif -#endif if(packet->content_line.ptr != NULL && packet->content_line.len != 0) { NDPI_LOG_DBG2(ndpi_struct, "Content Type line found %.*s\n", @@ -471,10 +459,8 @@ static void check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_CONTENT_CATEGORY_AVI) != 0) avi_check_http_payload(ndpi_struct, flow); #endif -#ifdef NDPI_PROTOCOL_TEAMVIEWER - teamviewer_check_http_payload(ndpi_struct, flow); -#endif + teamviewer_check_http_payload(ndpi_struct, flow); } /** @@ -550,9 +536,8 @@ static void http_bitmask_exclude_other(struct ndpi_flow_struct *flow) #ifdef NDPI_CONTENT_CATEGORY_OGG NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_CATEGORY_OGG); #endif -#ifdef NDPI_PROTOCOL_XBOX + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_XBOX); -#endif } /*************************************************************************************************/ @@ -1007,7 +992,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ADD_TO_DETECTION_BITMASK); *id += 1; #endif -#ifdef NDPI_PROTOCOL_XBOX + ndpi_set_bitmask_protocol_detection("Xbox", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_XBOX, ndpi_search_http_tcp, @@ -1015,8 +1000,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_QQ + ndpi_set_bitmask_protocol_detection("QQ", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_QQ, ndpi_search_http_tcp, @@ -1024,7 +1008,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif + #ifdef NDPI_CONTENT_CATEGORY_AVI ndpi_set_bitmask_protocol_detection("AVI", ndpi_struct, detection_bitmask, *id, NDPI_CONTENT_CATEGORY_AVI, @@ -1069,7 +1053,4 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int a++; #endif - } - -#endif diff --git a/src/lib/protocols/http_activesync.c b/src/lib/protocols/http_activesync.c index 55451f6bf..0bf267290 100644 --- a/src/lib/protocols/http_activesync.c +++ b/src/lib/protocols/http_activesync.c @@ -2,7 +2,7 @@ * http_activesync.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -26,42 +26,39 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC - -#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP_ACTIVESYNC #include "ndpi_api.h" static void ndpi_int_activesync_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, NDPI_PROTOCOL_HTTP); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_ACTIVESYNC, NDPI_PROTOCOL_HTTP); } void ndpi_search_activesync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG_DBG(ndpi_struct, "search activesync\n"); - if (packet->tcp != NULL) { - - if (packet->payload_packet_len > 150 - && ((memcmp(packet->payload, "OPTIONS /Microsoft-Server-ActiveSync?", 37) == 0) - || (memcmp(packet->payload, "POST /Microsoft-Server-ActiveSync?", 34) == 0))) { - ndpi_int_activesync_add_connection(ndpi_struct, flow); - NDPI_LOG_INFO(ndpi_struct, "found ActiveSync \n"); - return; - } - } + NDPI_LOG_DBG(ndpi_struct, "search activesync\n"); + if (packet->tcp != NULL) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + if (packet->payload_packet_len > 150 + && ((memcmp(packet->payload, "OPTIONS /Microsoft-Server-ActiveSync?", 37) == 0) + || (memcmp(packet->payload, "POST /Microsoft-Server-ActiveSync?", 34) == 0))) { + ndpi_int_activesync_add_connection(ndpi_struct, flow); + NDPI_LOG_INFO(ndpi_struct, "found ActiveSync \n"); + return; + } + } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } - -void init_http_activesync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_http_activesync_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("HTTP_Application_ActiveSync", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, + NDPI_PROTOCOL_HTTP_ACTIVESYNC, ndpi_search_activesync, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, @@ -70,4 +67,3 @@ void init_http_activesync_dissector(struct ndpi_detection_module_struct *ndpi_st *id += 1; } -#endif diff --git a/src/lib/protocols/iax.c b/src/lib/protocols/iax.c index 7f6e960f1..104a59be4 100644 --- a/src/lib/protocols/iax.c +++ b/src/lib/protocols/iax.c @@ -2,7 +2,7 @@ * iax.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_IAX - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IAX #include "ndpi_api.h" @@ -107,5 +105,3 @@ void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/icecast.c b/src/lib/protocols/icecast.c index 23aca33e9..515d5b572 100644 --- a/src/lib/protocols/icecast.c +++ b/src/lib/protocols/icecast.c @@ -2,7 +2,7 @@ * icecast.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_ICECAST - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ICECAST #include "ndpi_api.h" @@ -42,13 +40,13 @@ void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, s NDPI_LOG_DBG(ndpi_struct, "search icecast\n"); - if ((packet->payload_packet_len < 500 && + if((packet->payload_packet_len < 500 && packet->payload_packet_len >= 7 && memcmp(packet->payload, "SOURCE ", 7) == 0) || flow->l4.tcp.icecast_stage) { ndpi_parse_packet_line_info_any(ndpi_struct, flow); NDPI_LOG_DBG2(ndpi_struct, "Icecast lines=%d\n", packet->parsed_lines); for (i = 0; i < packet->parsed_lines; i++) { - if (packet->line[i].ptr != NULL && packet->line[i].len > 4 + if(packet->line[i].ptr != NULL && packet->line[i].len > 4 && memcmp(packet->line[i].ptr, "ice-", 4) == 0) { NDPI_LOG_INFO(ndpi_struct, "found Icecast\n"); ndpi_int_icecast_add_connection(ndpi_struct, flow); @@ -56,28 +54,30 @@ void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, s } } - if (packet->parsed_lines < 1 && !flow->l4.tcp.icecast_stage) { + if(packet->parsed_lines < 1 && !flow->l4.tcp.icecast_stage) { flow->l4.tcp.icecast_stage = 1; return; } } -#ifdef NDPI_PROTOCOL_HTTP - if (NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct, flow, NDPI_PROTOCOL_HTTP)) { + + if(NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct, flow, NDPI_PROTOCOL_HTTP)) { goto icecast_exclude; } -#endif - if (packet->packet_direction == flow->setup_packet_direction && flow->packet_counter < 10) { + if((packet->packet_direction == flow->setup_packet_direction) + && (flow->packet_counter < 10)) { return; } - if (packet->packet_direction != flow->setup_packet_direction) { + if(packet->packet_direction != flow->setup_packet_direction) { /* server answer, now test Server for Icecast */ ndpi_parse_packet_line_info(ndpi_struct, flow); - if (packet->server_line.ptr != NULL && packet->server_line.len > NDPI_STATICSTRING_LEN("Icecast") && - memcmp(packet->server_line.ptr, "Icecast", NDPI_STATICSTRING_LEN("Icecast")) == 0) { + if((packet->server_line.ptr != NULL) + && (packet->server_line.len > NDPI_STATICSTRING_LEN("Icecast")) + && memcmp(packet->server_line.ptr, "Icecast", + NDPI_STATICSTRING_LEN("Icecast")) == 0) { /* TODO maybe store the previous protocol type as subtype? * e.g. ogg or mpeg */ @@ -103,5 +103,3 @@ void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } - -#endif diff --git a/src/lib/protocols/ipp.c b/src/lib/protocols/ipp.c index fcf25a758..4f4f2438f 100644 --- a/src/lib/protocols/ipp.c +++ b/src/lib/protocols/ipp.c @@ -2,7 +2,7 @@ * ipp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_IPP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IPP #include "ndpi_api.h" @@ -123,5 +121,3 @@ void init_ipp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index 7bdd543c3..12660b528 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -2,7 +2,7 @@ * irc.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_IRC - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IRC #include "ndpi_api.h" @@ -778,8 +776,8 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } } - -void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("IRC", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IRC, @@ -791,4 +789,3 @@ void init_irc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/jabber.c b/src/lib/protocols/jabber.c index 05950d8c5..3917b8b20 100644 --- a/src/lib/protocols/jabber.c +++ b/src/lib/protocols/jabber.c @@ -2,7 +2,7 @@ * jabber.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNENCRYPTED_JABBER #include "ndpi_api.h" @@ -36,10 +34,8 @@ struct jabber_string { }; static struct jabber_string jabber_strings[] = { -#ifdef NDPI_PROTOCOL_TRUPHONE { "='im.truphone.com'", NDPI_PROTOCOL_TRUPHONE }, { "=\"im.truphone.com\"", NDPI_PROTOCOL_TRUPHONE }, -#endif { NULL, 0 } }; @@ -289,9 +285,8 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st NDPI_EXCLUDE_PROTO(ndpi_struct, flow); -#ifdef NDPI_PROTOCOL_TRUPHONE - ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TRUPHONE,__FILE__,__FUNCTION__,__LINE__); -#endif + ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TRUPHONE, + __FILE__,__FUNCTION__,__LINE__); } @@ -306,4 +301,4 @@ void init_jabber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif + diff --git a/src/lib/protocols/kakaotalk_voice.c b/src/lib/protocols/kakaotalk_voice.c index 87c1ef061..1869e06db 100644 --- a/src/lib/protocols/kakaotalk_voice.c +++ b/src/lib/protocols/kakaotalk_voice.c @@ -1,7 +1,7 @@ /* * kakaotalk_voice.c * - * Copyright (C) 2015 - ntop.org + * Copyright (C) 2015-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -26,8 +26,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_KAKAOTALK_VOICE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KAKAOTALK_VOICE #include "ndpi_api.h" @@ -66,7 +64,8 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struc } -void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("KakaoTalk_Voice", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_KAKAOTALK_VOICE, @@ -77,4 +76,3 @@ void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_st *id += 1; } -#endif diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index 71f4a8636..8b059a1a2 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -2,7 +2,7 @@ * kerberos.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_KERBEROS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KERBEROS #include "ndpi_api.h" @@ -80,4 +78,3 @@ void init_kerberos_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } -#endif diff --git a/src/lib/protocols/kontiki.c b/src/lib/protocols/kontiki.c index 425fd6b1b..4882c7797 100644 --- a/src/lib/protocols/kontiki.c +++ b/src/lib/protocols/kontiki.c @@ -2,7 +2,7 @@ * kontiki.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_KONTIKI - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KONTIKI #include "ndpi_api.h" @@ -66,7 +64,8 @@ void ndpi_search_kontiki(struct ndpi_detection_module_struct *ndpi_struct, struc } -void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("Kontiki", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_KONTIKI, @@ -78,4 +77,3 @@ void init_kontiki_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif diff --git a/src/lib/protocols/ldap.c b/src/lib/protocols/ldap.c index 4adb7c471..49b1a39d4 100644 --- a/src/lib/protocols/ldap.c +++ b/src/lib/protocols/ldap.c @@ -2,7 +2,7 @@ * ldap.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_LDAP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LDAP #include "ndpi_api.h" @@ -104,4 +102,3 @@ void init_ldap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index e507be9f9..2c6d7b611 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -1,7 +1,5 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_LISP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LISP #include "ndpi_api.h" @@ -68,4 +66,3 @@ void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/lotus_notes.c b/src/lib/protocols/lotus_notes.c index 5750c50cd..d5f8f1310 100644 --- a/src/lib/protocols/lotus_notes.c +++ b/src/lib/protocols/lotus_notes.c @@ -1,7 +1,7 @@ /* * lotus_notes.c * - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,13 +20,10 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_LOTUS_NOTES - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LOTUS_NOTES #include "ndpi_api.h" - /* ************************************ */ static void ndpi_check_lotus_notes(struct ndpi_detection_module_struct *ndpi_struct, @@ -84,4 +81,3 @@ void init_lotus_notes_dissector(struct ndpi_detection_module_struct *ndpi_struct *id += 1; } -#endif diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c index 2c3d3d2d7..65341cdc8 100644 --- a/src/lib/protocols/mail_imap.c +++ b/src/lib/protocols/mail_imap.c @@ -1,7 +1,7 @@ /* * mail_imap.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MAIL_IMAP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_IMAP #include "ndpi_api.h" @@ -48,12 +46,10 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_DBG(ndpi_struct, "search IMAP_IMAP\n"); if (flow->l4.tcp.mail_imap_starttls == 2) { -#ifdef NDPI_PROTOCOL_SSL NDPI_LOG_DBG2(ndpi_struct, "starttls detected\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_IMAP); NDPI_DEL_PROTOCOL_FROM_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSL); return; -#endif } if (packet->payload_packet_len >= 4 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) { @@ -320,5 +316,3 @@ void init_mail_imap_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c index 4f9a6ea5f..83847f1f8 100644 --- a/src/lib/protocols/mail_pop.c +++ b/src/lib/protocols/mail_pop.c @@ -2,7 +2,7 @@ * mail_pop.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MAIL_POP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_POP #include "ndpi_api.h" @@ -212,5 +210,3 @@ void init_mail_pop_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } - -#endif diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 252c74ffe..f7fbd337c 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -2,7 +2,7 @@ * mail_smtp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MAIL_SMTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_SMTP #include "ndpi_api.h" @@ -189,4 +187,3 @@ void init_mail_smtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/maplestory.c b/src/lib/protocols/maplestory.c index a55c2cc11..e45729b8b 100644 --- a/src/lib/protocols/maplestory.c +++ b/src/lib/protocols/maplestory.c @@ -2,7 +2,7 @@ * maplestory.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MAPLESTORY - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAPLESTORY #include "ndpi_api.h" @@ -94,5 +92,3 @@ void init_maplestory_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c index 17a6d921d..77bdf4208 100644 --- a/src/lib/protocols/mdns.c +++ b/src/lib/protocols/mdns.c @@ -1,7 +1,7 @@ /* * mdns.c * - * Copyright (C) 2016-17 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -22,8 +22,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MDNS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MDNS #include "ndpi_api.h" @@ -159,4 +157,3 @@ void init_mdns_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/megaco.c b/src/lib/protocols/megaco.c index bb317f5d5..e4b694ea6 100644 --- a/src/lib/protocols/megaco.c +++ b/src/lib/protocols/megaco.c @@ -2,7 +2,7 @@ * megaco.c * * Copyright (C) 2014 by Gianluca Costa http://www.capanalysis.net - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,14 +20,13 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MEGACO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MEGACO #include "ndpi_api.h" -void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -61,4 +60,3 @@ void init_megaco_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/mgcp.c b/src/lib/protocols/mgcp.c index 69fe33fac..86fadcb63 100644 --- a/src/lib/protocols/mgcp.c +++ b/src/lib/protocols/mgcp.c @@ -1,7 +1,7 @@ /* * mgcp.c * - * Copyright (C) 2017 - ntop.org + * Copyright (C) 2017-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,14 +23,10 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MGCP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MGCP #include "ndpi_api.h" - - static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -93,4 +89,3 @@ void init_mgpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/mpegts.c b/src/lib/protocols/mpegts.c index 3558bdce7..c1f227565 100644 --- a/src/lib/protocols/mpegts.c +++ b/src/lib/protocols/mpegts.c @@ -2,7 +2,7 @@ * mpegts.c (MPEG Transport Stream) * https://en.wikipedia.org/wiki/MPEG_transport_stream * - * Copyright (C) 2015 - ntop.org + * Copyright (C) 2015-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -21,8 +21,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MPEGTS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MPEGTS #include "ndpi_api.h" @@ -65,4 +63,3 @@ void init_mpegts_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c index 950dde5d1..b9f90c3b5 100644 --- a/src/lib/protocols/mqtt.c +++ b/src/lib/protocols/mqtt.c @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MQTT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MQTT #include "ndpi_api.h" @@ -255,5 +253,4 @@ void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct, *id +=1; } -#endif // NDPI_PROTOCOL_MQTT diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index ec090cf00..8ab45ad32 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -2,7 +2,7 @@ * msn.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,9 +24,6 @@ #include "ndpi_protocol_ids.h" - -#ifdef NDPI_PROTOCOL_MSN - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MSN #include "ndpi_api.h" @@ -65,7 +62,6 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct u_int16_t plen; u_int16_t status = 0; -#ifdef NDPI_PROTOCOL_SSL if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { NDPI_LOG_DBG2(ndpi_struct, "msn ssl ft test\n"); @@ -73,28 +69,32 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if(flow->packet_counter < 10) { if(flow->packet_counter == 7 && packet->payload_packet_len > 300) { if(memcmp(packet->payload + 24, "MSNSLP", 6) == 0 - || (get_u_int32_t(packet->payload, 0) == htonl(0x30000000) && get_u_int32_t(packet->payload, 4) == 0x00000000)) { + || (get_u_int32_t(packet->payload, 0) == htonl(0x30000000) + && get_u_int32_t(packet->payload, 4) == 0x00000000)) { NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer, ifdef ssl\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } } - if(flow->packet_counter >= 5 && flow->packet_counter <= 10 && (get_u_int32_t(packet->payload, 0) == htonl(0x18000000) - && get_u_int32_t(packet->payload, 4) == 0x00000000)) { + + if(flow->packet_counter >= 5 && flow->packet_counter <= 10 + && (get_u_int32_t(packet->payload, 0) == htonl(0x18000000) + && get_u_int32_t(packet->payload, 4) == 0x00000000)) { flow->l4.tcp.msn_ssl_ft++; NDPI_LOG_DBG2(ndpi_struct, - "increased msn ft ssl stage to: %u at packet nr: %u\n", flow->l4.tcp.msn_ssl_ft, + "increased msn ft ssl stage to: %u at packet nr: %u\n", + flow->l4.tcp.msn_ssl_ft, flow->packet_counter); if (flow->l4.tcp.msn_ssl_ft == 2) { NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer, ifdef ssl 2.\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); } + return; } } } -#endif /* we detect the initial connection only ! */ /* match: "VER " ..... "CVR" x 0x0d 0x0a @@ -103,15 +103,17 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct */ /* now we have a look at the first packet only. */ if(flow->packet_counter == 1 -#ifdef NDPI_PROTOCOL_SSL - || ((packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) && flow->packet_counter <= 3) -#endif + || ((packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) + && flow->packet_counter <= 3) ) { /* this part is working asymmetrically */ - if(packet->payload_packet_len > 32 && (packet->payload[0] == 0x02 || packet->payload[0] == 0x00) - && (ntohl(get_u_int32_t(packet->payload, 8)) == 0x2112a442 || ntohl(get_u_int32_t(packet->payload, 4)) == 0x2112a442) - && ((ntohl(get_u_int32_t(packet->payload, 24)) == 0x000f0004 && ntohl(get_u_int32_t(packet->payload, 28)) == 0x72c64bc6) + if(packet->payload_packet_len > 32 + && (packet->payload[0] == 0x02 || packet->payload[0] == 0x00) + && (ntohl(get_u_int32_t(packet->payload, 8)) == 0x2112a442 + || ntohl(get_u_int32_t(packet->payload, 4)) == 0x2112a442) + && ((ntohl(get_u_int32_t(packet->payload, 24)) == 0x000f0004 + && ntohl(get_u_int32_t(packet->payload, 28)) == 0x72c64bc6) || (ntohl(get_u_int32_t(packet->payload, 20)) == 0x000f0004 && ntohl(get_u_int32_t(packet->payload, 24)) == 0x72c64bc6))) { NDPI_LOG_INFO(ndpi_struct, @@ -145,10 +147,9 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct } } } + if( -#ifdef NDPI_PROTOCOL_HTTP packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP || -#endif ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "GET ") || ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "POST ")) { ndpi_parse_packet_line_info(ndpi_struct, flow); @@ -160,18 +161,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct return; } } -/* #ifdef NDPI_PROTOCOL_HTTP */ -/* /\* we have to examine two http packets *\/ */ -/* if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP) { */ -/* } */ -/* #endif */ + /* not seen this pattern in any trace */ /* now test for http login, at least 100 a bytes packet */ if(packet->payload_packet_len > 100) { if( -#ifdef NDPI_PROTOCOL_HTTP packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP || -#endif memcmp(packet->payload, "POST http://", 12) == 0) { /* scan packet if not already done... */ ndpi_parse_packet_line_info(ndpi_struct, flow); @@ -193,9 +188,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct /* for this case the asymmetric detection is asym (1) */ if(packet->payload_packet_len > 400) { if(( -#ifdef NDPI_PROTOCOL_HTTP packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP || -#endif (memcmp(packet->payload, "POST ", 5) == 0))) { u_int16_t c; if(memcmp(&packet->payload[5], "http://", 7) == 0) { @@ -259,9 +252,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct && packet->payload_packet_len > 100) { /* not necessary to check the length, because this has been done : >400. */ if( -#ifdef NDPI_PROTOCOL_HTTP packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP || -#endif ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "HTTP/1.0 200 OK") || ndpi_match_strprefix(packet->payload, packet->payload_packet_len, "HTTP/1.1 200 OK") ) { @@ -342,9 +333,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct packet->payload_packet_len > 100) { /* not necessary to check the length, because this has been done : >400. */ if( -#ifdef NDPI_PROTOCOL_HTTP packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP || -#endif (memcmp(packet->payload, "HTTP/1.0 200 OK", 15) == 0) || (memcmp(packet->payload, "HTTP/1.1 200 OK", 15) == 0)) { @@ -507,15 +496,9 @@ void ndpi_search_msn(struct ndpi_detection_module_struct *ndpi_struct, struct nd /* the detection can switch out the http or the ssl detection. In this case we need not check those protocols */ // need to do the ceck when protocol == http too (POST /gateway ...) if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN -#ifdef NDPI_PROTOCOL_HTTP || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP -#endif -#ifdef NDPI_PROTOCOL_SSL || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL -#endif -#ifdef NDPI_PROTOCOL_STUN || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN -#endif ) ndpi_search_msn_tcp(ndpi_struct, flow); } else if (packet->udp != NULL) { @@ -525,7 +508,8 @@ void ndpi_search_msn(struct ndpi_detection_module_struct *ndpi_struct, struct nd } -void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { NDPI_BITMASK_RESET(ndpi_struct->callback_buffer[*id].excluded_protocol_bitmask); @@ -540,4 +524,3 @@ void init_msn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c index 75507fd52..621ea2b0e 100644 --- a/src/lib/protocols/mssql_tds.c +++ b/src/lib/protocols/mssql_tds.c @@ -1,7 +1,7 @@ /* * mssql.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MSSQL_TDS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MSSQL_TDS #include "ndpi_api.h" @@ -83,5 +81,3 @@ void init_mssql_tds_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/mysql.c b/src/lib/protocols/mysql.c index d1e695e55..d1602a2fe 100644 --- a/src/lib/protocols/mysql.c +++ b/src/lib/protocols/mysql.c @@ -2,7 +2,7 @@ * mysql.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_MYSQL - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MYSQL #include "ndpi_api.h" @@ -85,5 +83,3 @@ void init_mysql_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index 634284121..4c5897c14 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -2,7 +2,7 @@ * netbios.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_NETBIOS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NETBIOS #include "ndpi_api.h" @@ -390,5 +388,3 @@ void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } - -#endif diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c index a553e4b6a..23c4bc587 100644 --- a/src/lib/protocols/netflow.c +++ b/src/lib/protocols/netflow.c @@ -1,7 +1,7 @@ /* * netflow.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_NETFLOW - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NETFLOW #include "ndpi_api.h" @@ -184,4 +182,3 @@ void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif diff --git a/src/lib/protocols/nfs.c b/src/lib/protocols/nfs.c index c074b9d3b..c9e3265a5 100644 --- a/src/lib/protocols/nfs.c +++ b/src/lib/protocols/nfs.c @@ -2,7 +2,7 @@ * nfs.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_NFS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NFS #include "ndpi_api.h" @@ -101,4 +99,3 @@ void init_nfs_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/nintendo.c b/src/lib/protocols/nintendo.c index 8b76f33a6..bbc87a495 100644 --- a/src/lib/protocols/nintendo.c +++ b/src/lib/protocols/nintendo.c @@ -1,7 +1,7 @@ /* * nintendo.c * - * Copyright (C) 2017 by ntop.org + * Copyright (C) 2017-18 by ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_NINTENDO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NINTENDO #include "ndpi_api.h" @@ -67,4 +65,3 @@ void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/noe.c b/src/lib/protocols/noe.c index 9899b056b..da572b6c0 100644 --- a/src/lib/protocols/noe.c +++ b/src/lib/protocols/noe.c @@ -7,8 +7,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_NOE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NOE #include "ndpi_api.h" @@ -21,7 +19,8 @@ static void ndpi_int_noe_add_connection(struct ndpi_detection_module_struct NDPI_LOG_INFO(ndpi_struct, "found noe\n"); } -void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -66,4 +65,3 @@ void init_noe_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c index 668a158d7..b7cc4a4d0 100644 --- a/src/lib/protocols/non_tcp_udp.c +++ b/src/lib/protocols/non_tcp_udp.c @@ -2,7 +2,7 @@ * non_tcp_udp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#if defined(NDPI_PROTOCOL_IP_IPSEC) || defined(NDPI_PROTOCOL_IP_GRE) || defined(NDPI_PROTOCOL_IP_ICMP) || defined(NDPI_PROTOCOL_IP_IGMP) || defined(NDPI_PROTOCOL_IP_EGP) || defined(NDPI_PROTOCOL_IP_SCTP) || defined(NDPI_PROTOCOL_IP_OSPF) || defined(NDPI_PROTOCOL_IP_IP_IN_IP) - #include "ndpi_api.h" #define set_protocol_and_bmask(nprot) \ @@ -52,57 +50,46 @@ void ndpi_search_in_non_tcp_udp(struct ndpi_detection_module_struct } switch (packet->l4_protocol) { -#ifdef NDPI_PROTOCOL_IP_IPSEC case NDPI_IPSEC_PROTOCOL_ESP: case NDPI_IPSEC_PROTOCOL_AH: set_protocol_and_bmask(NDPI_PROTOCOL_IP_IPSEC); break; -#endif /* NDPI_PROTOCOL_IP_IPSEC */ -#ifdef NDPI_PROTOCOL_IP_GRE + case NDPI_GRE_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_GRE); break; -#endif /* NDPI_PROTOCOL_IP_GRE */ -#ifdef NDPI_PROTOCOL_IP_ICMP + case NDPI_ICMP_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_ICMP); break; -#endif /* NDPI_PROTOCOL_IP_ICMP */ -#ifdef NDPI_PROTOCOL_IP_IGMP + case NDPI_IGMP_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_IGMP); break; -#endif /* NDPI_PROTOCOL_IP_IGMP */ -#ifdef NDPI_PROTOCOL_IP_EGP + case NDPI_EGP_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_EGP); break; -#endif /* NDPI_PROTOCOL_IP_EGP */ -#ifdef NDPI_PROTOCOL_IP_SCTP + case NDPI_SCTP_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_SCTP); break; -#endif /* NDPI_PROTOCOL_IP_SCTP */ -#ifdef NDPI_PROTOCOL_IP_OSPF + case NDPI_OSPF_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_OSPF); break; -#endif /* NDPI_PROTOCOL_IP_OSPF */ -#ifdef NDPI_PROTOCOL_IP_IP_IN_IP + case NDPI_IPIP_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_IP_IN_IP); break; -#endif /* NDPI_PROTOCOL_IP_IP_IN_IP */ -#ifdef NDPI_PROTOCOL_IP_ICMPV6 + case NDPI_ICMPV6_PROTOCOL_TYPE: set_protocol_and_bmask(NDPI_PROTOCOL_IP_ICMPV6); break; -#endif /* NDPI_PROTOCOL_IP_ICMPV6 */ -#ifdef NDPI_PROTOCOL_IP_VRRP + case 112: set_protocol_and_bmask(NDPI_PROTOCOL_IP_VRRP); break; -#endif /* NDPI_PROTOCOL_IP_VRRP */ } } @@ -113,7 +100,6 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct /* always add non tcp/udp if one protocol is compiled in */ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[*id].detection_bitmask, NDPI_PROTOCOL_UNKNOWN); -#ifdef NDPI_PROTOCOL_IP_IPSEC ndpi_set_bitmask_protocol_detection("IP_IPSEC", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_IPSEC, ndpi_search_in_non_tcp_udp, @@ -121,8 +107,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_GRE + ndpi_set_bitmask_protocol_detection("IP_GRE", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_GRE, ndpi_search_in_non_tcp_udp, @@ -130,8 +115,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_ICMP + ndpi_set_bitmask_protocol_detection("IP_ICMP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_ICMP, ndpi_search_in_non_tcp_udp, @@ -139,8 +123,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_IGMP + ndpi_set_bitmask_protocol_detection("IP_IGMP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_IGMP, ndpi_search_in_non_tcp_udp, @@ -148,8 +131,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_EGP + ndpi_set_bitmask_protocol_detection("IP_EGP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_EGP, ndpi_search_in_non_tcp_udp, @@ -157,8 +139,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_SCTP + ndpi_set_bitmask_protocol_detection("IP_SCTP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_SCTP, ndpi_search_in_non_tcp_udp, @@ -166,8 +147,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_OSPF + ndpi_set_bitmask_protocol_detection("IP_OSPF", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_OSPF, ndpi_search_in_non_tcp_udp, @@ -175,8 +155,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_IP_IN_IP + ndpi_set_bitmask_protocol_detection("IP_IP_IN_IP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_IP_IN_IP, ndpi_search_in_non_tcp_udp, @@ -184,8 +163,7 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif -#ifdef NDPI_PROTOCOL_IP_ICMPV6 + ndpi_set_bitmask_protocol_detection("IP_ICMPV6", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_IP_ICMPV6, ndpi_search_in_non_tcp_udp, @@ -193,8 +171,4 @@ void init_non_tcp_udp_dissector(struct ndpi_detection_module_struct *ndpi_struct NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -#endif - } - -#endif diff --git a/src/lib/protocols/ntp.c b/src/lib/protocols/ntp.c index 3b8eb3d7d..9290fbfb3 100644 --- a/src/lib/protocols/ntp.c +++ b/src/lib/protocols/ntp.c @@ -2,7 +2,7 @@ * ntp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_NTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NTP #include "ndpi_api.h" @@ -77,4 +75,3 @@ void init_ntp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/openft.c b/src/lib/protocols/openft.c index d0b50c8a2..30fb1c68f 100644 --- a/src/lib/protocols/openft.c +++ b/src/lib/protocols/openft.c @@ -2,7 +2,7 @@ * openft.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_OPENFT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENFT #include "ndpi_api.h" @@ -67,5 +65,3 @@ void init_openft_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/openvpn.c b/src/lib/protocols/openvpn.c index 6756c173d..6bd480ea1 100644 --- a/src/lib/protocols/openvpn.c +++ b/src/lib/protocols/openvpn.c @@ -1,7 +1,7 @@ /* * openvpn.c * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * OpenVPN TCP / UDP Detection - 128/160 hmac * @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_OPENVPN - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENVPN #include "ndpi_api.h" @@ -135,5 +133,3 @@ void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } - -#endif diff --git a/src/lib/protocols/oracle.c b/src/lib/protocols/oracle.c index 5fda78672..6ad6bac4c 100644 --- a/src/lib/protocols/oracle.c +++ b/src/lib/protocols/oracle.c @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_ORACLE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ORACLE #include "ndpi_api.h" @@ -75,5 +73,3 @@ void init_oracle_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/oscar.c b/src/lib/protocols/oscar.c index 6dec353a5..010a620e9 100644 --- a/src/lib/protocols/oscar.c +++ b/src/lib/protocols/oscar.c @@ -2,7 +2,7 @@ * oscar.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_OSCAR - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OSCAR #include "ndpi_api.h" @@ -816,5 +814,3 @@ void init_oscar_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/pando.c b/src/lib/protocols/pando.c index ccf1ee12d..ece78559d 100644 --- a/src/lib/protocols/pando.c +++ b/src/lib/protocols/pando.c @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_PANDO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PANDO #include "ndpi_api.h" @@ -167,5 +165,3 @@ void init_pando_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/pcanywhere.c b/src/lib/protocols/pcanywhere.c index 56b68b567..0d205d5f3 100644 --- a/src/lib/protocols/pcanywhere.c +++ b/src/lib/protocols/pcanywhere.c @@ -2,7 +2,7 @@ * pcanywhere.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_PCANYWHERE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PCANYWHERE #include "ndpi_api.h" @@ -67,4 +65,3 @@ void init_pcanywhere_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c index e23d316e4..089be4e31 100644 --- a/src/lib/protocols/postgres.c +++ b/src/lib/protocols/postgres.c @@ -2,7 +2,7 @@ * postgres.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_POSTGRES - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_POSTGRES #include "ndpi_api.h" @@ -131,4 +129,3 @@ void init_postgres_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } -#endif diff --git a/src/lib/protocols/pplive.c b/src/lib/protocols/pplive.c index 6f874d7b6..2e41d64f5 100644 --- a/src/lib/protocols/pplive.c +++ b/src/lib/protocols/pplive.c @@ -26,8 +26,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_PPLIVE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPLIVE #include "ndpi_api.h" @@ -232,4 +230,3 @@ void init_pplive_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c index 08d2f8ade..20eb0d428 100644 --- a/src/lib/protocols/ppstream.c +++ b/src/lib/protocols/ppstream.c @@ -1,7 +1,7 @@ /* * ppstream.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_PPSTREAM - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPSTREAM #include "ndpi_api.h" @@ -237,4 +235,3 @@ void init_ppstream_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } -#endif diff --git a/src/lib/protocols/pptp.c b/src/lib/protocols/pptp.c index 9bacdeded..cfe360b5b 100644 --- a/src/lib/protocols/pptp.c +++ b/src/lib/protocols/pptp.c @@ -2,7 +2,7 @@ * pptp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_PPTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPTP #include "ndpi_api.h" @@ -69,5 +67,3 @@ void init_pptp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif diff --git a/src/lib/protocols/qq.c b/src/lib/protocols/qq.c index f3b713132..077d385fa 100644 --- a/src/lib/protocols/qq.c +++ b/src/lib/protocols/qq.c @@ -2,7 +2,7 @@ * qq.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_QQ - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QQ #include "ndpi_api.h" @@ -636,17 +634,13 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct } } } -#ifdef NDPI_PROTOCOL_HTTP + if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP) != 0) { -#endif /* NDPI_PROTOCOL_HTTP */ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QQ); NDPI_LOG_DBG(ndpi_struct, "QQ tcp excluded; len %u\n", packet->payload_packet_len); - -#ifdef NDPI_PROTOCOL_HTTP } -#endif /* NDPI_PROTOCOL_HTTP */ } @@ -674,5 +668,3 @@ void init_qq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32 *id += 1; } - -#endif diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 6bf5cb0b2..4c838f41f 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -3,10 +3,6 @@ * * Copyright (C) 2012-18 - ntop.org * - * Based on code of: - * Andrea Buscarinu - - * Michele Campus - - * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by * the Free Software Foundation, either version 3 of the License, or @@ -20,12 +16,14 @@ * You should have received a copy of the GNU Lesser General Public License. * If not, see . * + * Based on code of: + * Andrea Buscarinu - + * Michele Campus - + * */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_QUIC - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QUIC #include "ndpi_api.h" @@ -148,5 +146,3 @@ void init_quic_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif /* NDPI_PROTOCOL_QUIC */ diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c index e0eb2657b..1c85f48d7 100644 --- a/src/lib/protocols/radius.c +++ b/src/lib/protocols/radius.c @@ -1,7 +1,7 @@ /* * radius.c * - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RADIUS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RADIUS #include "ndpi_api.h" @@ -79,5 +77,3 @@ void init_radius_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/rdp.c b/src/lib/protocols/rdp.c index 9ce692893..bc59ea1fb 100644 --- a/src/lib/protocols/rdp.c +++ b/src/lib/protocols/rdp.c @@ -2,7 +2,7 @@ * rdp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RDP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RDP #include "ndpi_api.h" @@ -69,5 +67,3 @@ void init_rdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/redis_net.c b/src/lib/protocols/redis_net.c index 4b51908fd..cb1e2e39b 100644 --- a/src/lib/protocols/redis_net.c +++ b/src/lib/protocols/redis_net.c @@ -1,7 +1,7 @@ /* * redis.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_REDIS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_REDIS #include "ndpi_api.h" @@ -103,5 +101,3 @@ void init_redis_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/rsync.c b/src/lib/protocols/rsync.c index 157b2e0e0..8cc3dd16d 100644 --- a/src/lib/protocols/rsync.c +++ b/src/lib/protocols/rsync.c @@ -2,7 +2,7 @@ * rsync.c * * Copyright (C) 2013 Remy Mudingay - * Copyright (C) 2016 ntop.org + * Copyright (C) 2016-18 ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -21,8 +21,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RSYNC - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RSYNC #include "ndpi_api.h" @@ -69,5 +67,3 @@ void init_rsync_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c index b924b476d..77903d6cc 100644 --- a/src/lib/protocols/rtcp.c +++ b/src/lib/protocols/rtcp.c @@ -6,8 +6,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RTCP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTCP #include "ndpi_api.h" @@ -15,10 +13,12 @@ static void ndpi_int_rtcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTCP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTCP, + NDPI_PROTOCOL_UNKNOWN); } -void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; @@ -79,5 +79,3 @@ void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif diff --git a/src/lib/protocols/rtmp.c b/src/lib/protocols/rtmp.c index 52492a290..9bf73fecd 100644 --- a/src/lib/protocols/rtmp.c +++ b/src/lib/protocols/rtmp.c @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RTMP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTMP #include "ndpi_api.h" @@ -105,4 +103,3 @@ void init_rtmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 38cd62504..0ccc08594 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -2,7 +2,7 @@ * rtp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTP #include "ndpi_api.h" @@ -308,13 +306,12 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, return; exclude_rtp: -#ifdef NDPI_PROTOCOL_STUN if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN || /* packet->real_protocol_read_only == NDPI_PROTOCOL_STUN */) { NDPI_LOG_DBG(ndpi_struct, "STUN: is detected, need next packet\n"); return; } -#endif /* NDPI_PROTOCOL_STUN */ + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -337,7 +334,7 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd "skipping STUN-like, special yahoo packets with payload[0] == 0x90.\n"); return; } -#ifdef NDPI_PROTOCOL_STUN + /* TODO the rtp detection sometimes doesn't exclude rtp * so for TCP flows only run the detection if STUN has been * detected (or RTP is already detected) @@ -360,6 +357,7 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd return; } } + if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN && flow->l4.tcp.rtp_special_packets_seen == 1) { if (packet->payload_packet_len >= 4 && ntohl(get_u_int32_t(packet->payload, 0)) + 4 == packet->payload_packet_len) { @@ -378,15 +376,13 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd } else { NDPI_LOG_DBG(ndpi_struct, "STUN not yet excluded, need next packet\n"); } -#else - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); -#endif } } #endif -void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("RTP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_RTP, @@ -398,6 +394,3 @@ void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif -/* NDPI_PROTOCOL_RTP */ - diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index e20c53065..9620dd504 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -2,7 +2,7 @@ * rtsp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,14 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RTSP - #ifndef NDPI_PROTOCOL_RTP - #error RTSP requires RTP detection to work correctly - #endif - #ifndef NDPI_PROTOCOL_RDP - #error RTSP requires RDP detection to work correctly - #endif - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTSP #include "ndpi_api.h" @@ -56,9 +48,7 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct NDPI_LOG_DBG(ndpi_struct, "search RTSP\n"); if (flow->rtsprdt_stage == 0 -#ifdef NDPI_PROTOCOL_RTCP && !(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_RTCP) -#endif ) { flow->rtsprdt_stage = 1 + packet->packet_direction; NDPI_LOG_DBG2(ndpi_struct, "maybe handshake 1; need next packet, return\n"); @@ -102,9 +92,7 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct } if (packet->udp != NULL && packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN && ((NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP) == 0) -#ifdef NDPI_PROTOCOL_RTCP || (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP) == 0) -#endif )) { NDPI_LOG_DBG2(ndpi_struct, "maybe RTSP RTP, RTSP RTCP, RDT; need next packet.\n"); @@ -127,5 +115,3 @@ void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index 6eb9bf149..522d9ef5c 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -1,7 +1,7 @@ /* * rx.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * Giovanni Mascellani * @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_RX - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RX #include "ndpi_api.h" @@ -227,4 +225,3 @@ void init_rx_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/sflow.c b/src/lib/protocols/sflow.c index 75b631abc..cb1acff8d 100644 --- a/src/lib/protocols/sflow.c +++ b/src/lib/protocols/sflow.c @@ -1,7 +1,7 @@ /* * sflow.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SFLOW - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SFLOW #include "ndpi_api.h" @@ -59,4 +57,3 @@ void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } -#endif diff --git a/src/lib/protocols/shoutcast.c b/src/lib/protocols/shoutcast.c index 2115c574f..10486c0bd 100644 --- a/src/lib/protocols/shoutcast.c +++ b/src/lib/protocols/shoutcast.c @@ -2,7 +2,7 @@ * shoutcast.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SHOUTCAST - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SHOUTCAST #include "ndpi_api.h" @@ -52,9 +50,7 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct return; } if (flow->packet_counter < 3 -#ifdef NDPI_PROTOCOL_HTTP && packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP -#endif ) { NDPI_LOG_DBG2(ndpi_struct, "http detected, need next packet for shoutcast detection.\n"); @@ -119,4 +115,4 @@ void init_shoutcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif + diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 5edd377c6..1436b2cec 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -2,7 +2,7 @@ * sip.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SIP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SIP #include "ndpi_api.h" @@ -59,12 +57,8 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct packet_payload += 4; } } -#ifndef NDPI_PROTOCOL_YAHOO - if (payload_len >= 14 && packet_payload[payload_len - 2] == 0x0d && packet_payload[payload_len - 1] == 0x0a) -#endif -#ifdef NDPI_PROTOCOL_YAHOO - if (payload_len >= 14) -#endif + + if (payload_len >= 14) { if ((memcmp(packet_payload, "NOTIFY ", 7) == 0 || memcmp(packet_payload, "notify ", 7) == 0) @@ -146,19 +140,18 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct NDPI_LOG_DBG2(ndpi_struct, "need next packet\n"); return; } -#ifdef NDPI_PROTOCOL_STUN + /* for STUN flows we need some more packets */ if (packet->udp != NULL && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN && flow->packet_counter < 40) { NDPI_LOG_DBG2(ndpi_struct, "need next STUN packet\n"); return; } -#endif if (payload_len == 4 && get_u_int32_t(packet_payload, 0) == 0) { NDPI_LOG_DBG2(ndpi_struct, "maybe sip. need next packet\n"); return; } -#ifdef NDPI_PROTOCOL_YAHOO + if (payload_len > 30 && packet_payload[0] == 0x90 && packet_payload[3] == payload_len - 20 && get_u_int32_t(packet_payload, 4) == 0 && get_u_int32_t(packet_payload, 8) == 0) { @@ -168,9 +161,8 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct if (flow->sip_yahoo_voice && flow->packet_counter < 10) { return; } -#endif - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_sip(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -200,4 +192,3 @@ void init_sip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/skinny.c b/src/lib/protocols/skinny.c index 0acebf271..5ec54dbdf 100644 --- a/src/lib/protocols/skinny.c +++ b/src/lib/protocols/skinny.c @@ -19,8 +19,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SKINNY - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SKINNY #include "ndpi_api.h" @@ -75,5 +73,3 @@ void init_skinny_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index ea571961f..698fff052 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -1,7 +1,7 @@ /* * skype.c * - * Copyright (C) 2017 - ntop.org + * Copyright (C) 2017-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -19,8 +19,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SKYPE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SKYPE #include "ndpi_api.h" @@ -112,5 +110,3 @@ void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c index 6ac7e282a..fa684eb66 100644 --- a/src/lib/protocols/smb.c +++ b/src/lib/protocols/smb.c @@ -1,7 +1,7 @@ /* * smb.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -22,8 +22,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SMB - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SMB #include "ndpi_api.h" @@ -66,4 +64,3 @@ void init_smb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c index 1bd2a870b..444516cd3 100644 --- a/src/lib/protocols/smpp.c +++ b/src/lib/protocols/smpp.c @@ -2,7 +2,7 @@ * smpp.c * * Copyright (C) 2016 - Damir Franusic - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -22,8 +22,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SMPP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SMPP #include "ndpi_api.h" @@ -319,5 +317,3 @@ void init_smpp_dissector(struct ndpi_detection_module_struct* ndpi_struct, *id += 1; } - -#endif // NDPI_PROTOCOL_SMPP diff --git a/src/lib/protocols/snmp.c b/src/lib/protocols/snmp.c index 6a2f2624f..759d6bae0 100644 --- a/src/lib/protocols/snmp.c +++ b/src/lib/protocols/snmp.c @@ -2,7 +2,7 @@ * snmp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SNMP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SNMP #include "ndpi_api.h" @@ -141,4 +139,3 @@ void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c index 32c83934a..36c18ef54 100644 --- a/src/lib/protocols/socks45.c +++ b/src/lib/protocols/socks45.c @@ -1,7 +1,7 @@ /* * socks4.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * Copyright (C) 2014 Tomasz Bujlow * * The signature is based on the Libprotoident library. @@ -25,8 +25,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SOCKS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOCKS #include "ndpi_api.h" @@ -148,4 +146,3 @@ void init_socks_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } -#endif diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c index 604022714..e4ebc52ff 100644 --- a/src/lib/protocols/someip.c +++ b/src/lib/protocols/someip.c @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SOMEIP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOMEIP #include "ndpi_api.h" @@ -227,5 +225,4 @@ void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, *id +=1; } -#endif // NDPI_PROTOCOL_SOMEIP diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index 3e8009454..c40213bf7 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -2,7 +2,7 @@ * sopcast.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SOPCAST - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOPCAST #include "ndpi_api.h" @@ -226,4 +224,3 @@ void init_sopcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index 8f4bbb32c..82b7097af 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -1,7 +1,7 @@ /* * soulseek.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SOULSEEK - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOULSEEK #include "ndpi_api.h" @@ -278,5 +276,3 @@ void init_soulseek_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } - -#endif diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c index f3b23aadb..699d8f346 100644 --- a/src/lib/protocols/spotify.c +++ b/src/lib/protocols/spotify.c @@ -23,8 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SPOTIFY - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SPOTIFY #include "ndpi_api.h" @@ -140,4 +138,3 @@ void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif diff --git a/src/lib/protocols/ssdp.c b/src/lib/protocols/ssdp.c index ce681d9b6..9fd5005ae 100644 --- a/src/lib/protocols/ssdp.c +++ b/src/lib/protocols/ssdp.c @@ -2,7 +2,7 @@ * ssdp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SSDP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSDP #include "ndpi_api.h" @@ -80,4 +78,3 @@ void init_ssdp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 89b359040..1a20078c3 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -2,7 +2,7 @@ * ssh.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SSH - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSH #include "ndpi_api.h" @@ -99,4 +97,3 @@ void init_ssh_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 5c65b83c1..a277f8120 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -1,7 +1,7 @@ /* * ssl.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,9 +23,6 @@ #include "ndpi_protocol_ids.h" - -#ifdef NDPI_PROTOCOL_SSL - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSL #include "ndpi_api.h" @@ -65,9 +62,7 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st if((sport == 465) || (dport == 465) || (sport == 587) || (dport == 587)) protocol = NDPI_PROTOCOL_MAIL_SMTPS; else if((sport == 993) || (dport == 993) -#ifdef NDPI_PROTOCOL_MAIL_IMAP || (flow->l4.tcp.mail_imap_starttls) -#endif ) protocol = NDPI_PROTOCOL_MAIL_IMAPS; else if((sport == 995) || (dport == 995)) protocol = NDPI_PROTOCOL_MAIL_POPS; } @@ -386,10 +381,9 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); return(rc); /* Fix courtesy of Gianluca Costa */ } -#ifdef NDPI_PROTOCOL_TOR + if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0) return(rc); -#endif } if(((packet->ssl_certificate_num_checks >= 2) @@ -410,24 +404,22 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { -#if defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) struct ndpi_packet_struct *packet = &flow->packet; u_int32_t a; u_int32_t end; -#if defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) + if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER) != 0) goto check_for_ssl_payload; -#endif -#if defined(NDPI_PROTOCOL_OSCAR) + if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_OSCAR) != 0) goto check_for_ssl_payload; -#endif - goto no_check_for_ssl_payload; + else + goto no_check_for_ssl_payload; check_for_ssl_payload: end = packet->payload_packet_len - 20; for (a = 5; a < end; a++) { -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + if(packet->payload[a] == 't') { if(memcmp(&packet->payload[a], "talk.google.com", 15) == 0) { if(NDPI_COMPARE_PROTOCOL_TO_BITMASK @@ -438,8 +430,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct } } } -#endif -#ifdef NDPI_PROTOCOL_OSCAR + if(packet->payload[a] == 'A' || packet->payload[a] == 'k' || packet->payload[a] == 'c' || packet->payload[a] == 'h') { if(((a + 19) < packet->payload_packet_len && memcmp(&packet->payload[a], "America Online Inc.", 19) == 0) @@ -475,11 +466,9 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct return; } } -#endif } no_check_for_ssl_payload: -#endif if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { NDPI_LOG_DBG(ndpi_struct, "found ssl connection\n"); sslDetectProtocolFromCertificate(ndpi_struct, flow); @@ -726,5 +715,3 @@ void init_ssl_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/starcraft.c b/src/lib/protocols/starcraft.c index 73cdd0b12..8c344d78d 100644 --- a/src/lib/protocols/starcraft.c +++ b/src/lib/protocols/starcraft.c @@ -2,7 +2,7 @@ * starcraft.c * * Copyright (C) 2015 - Matteo Bracci -* Copyright (C) 2015 - ntop.org +* Copyright (C) 2015-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -21,8 +21,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_STARCRAFT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STARCRAFT #include "ndpi_api.h" @@ -155,4 +153,3 @@ void init_starcraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/stealthnet.c b/src/lib/protocols/stealthnet.c index 8bd75b1a3..00c7ba648 100644 --- a/src/lib/protocols/stealthnet.c +++ b/src/lib/protocols/stealthnet.c @@ -2,7 +2,7 @@ * stealthnet.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_STEALTHNET - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STEALTHNET #include "ndpi_api.h" @@ -69,4 +67,3 @@ void init_stealthnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c index 64eaa04fe..0a737baf9 100644 --- a/src/lib/protocols/steam.c +++ b/src/lib/protocols/steam.c @@ -25,8 +25,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_STEAM - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STEAM #include "ndpi_api.h" @@ -299,5 +297,3 @@ void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 8f374ff59..ad6a585f9 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -2,7 +2,7 @@ * stun.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_STUN - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STUN #include "ndpi_api.h" @@ -242,5 +240,3 @@ void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } - -#endif diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c index d83cd99f7..fc51fc065 100644 --- a/src/lib/protocols/syslog.c +++ b/src/lib/protocols/syslog.c @@ -2,7 +2,7 @@ * syslog.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_SYSLOG - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SYSLOG #include "ndpi_api.h" @@ -131,5 +129,3 @@ void init_syslog_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index 407d36b3b..2d28182df 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -1,7 +1,7 @@ /* * tcp_or_udp.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c index df13c9756..214a2fe99 100644 --- a/src/lib/protocols/teamspeak.c +++ b/src/lib/protocols/teamspeak.c @@ -19,8 +19,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TEAMSPEAK - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEAMSPEAK #include "ndpi_api.h" @@ -79,4 +77,3 @@ void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c index f06e40a73..1fa39ff43 100644 --- a/src/lib/protocols/teamviewer.c +++ b/src/lib/protocols/teamviewer.c @@ -2,7 +2,7 @@ * teamviewer.c * * Copyright (C) 2012 by Gianluca Costa xplico.org - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TEAMVIEWER - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEAMVIEWER #include "ndpi_api.h" @@ -116,4 +114,3 @@ void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/telegram.c b/src/lib/protocols/telegram.c index d80f5f6b5..79be38eae 100644 --- a/src/lib/protocols/telegram.c +++ b/src/lib/protocols/telegram.c @@ -2,7 +2,7 @@ * telegram.c * * Copyright (C) 2014 by Gianluca Costa xplico.org - * Copyright (C) 2012-15 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TELEGRAM - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TELEGRAM #include "ndpi_api.h" @@ -83,4 +81,3 @@ void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct, u *id += 1; } -#endif diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index 264e83aa1..33d19e1dc 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -2,7 +2,7 @@ * telnet.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TELNET - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TELNET #include "ndpi_api.h" @@ -117,5 +115,3 @@ void init_telnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c index 2439f997b..732b1d6c9 100644 --- a/src/lib/protocols/teredo.c +++ b/src/lib/protocols/teredo.c @@ -1,7 +1,7 @@ /* * teredo.c * - * Copyright (C) 2015 - ntop.org + * Copyright (C) 2015-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TEREDO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEREDO #include "ndpi_api.h" @@ -57,4 +55,3 @@ void init_teredo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } -#endif diff --git a/src/lib/protocols/tftp.c b/src/lib/protocols/tftp.c index 082e04326..f3da3463c 100644 --- a/src/lib/protocols/tftp.c +++ b/src/lib/protocols/tftp.c @@ -2,7 +2,7 @@ * tftp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TFTP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TFTP #include "ndpi_api.h" @@ -79,4 +77,3 @@ void init_tftp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index 384436f13..754f68f60 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -2,7 +2,7 @@ * thunder.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_THUNDER - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_THUNDER #include "ndpi_api.h" @@ -221,5 +219,3 @@ void init_thunder_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } - -#endif diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index 19bfa34aa..7ee4105e8 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -2,7 +2,7 @@ * tinc.c * * Copyright (C) 2017 - William Guglielmo - * Copyright (C) 2017 - ntop.org + * Copyright (C) 2017-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TINC - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TINC #include "ndpi_api.h" @@ -154,4 +152,3 @@ void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index 134f191c3..f1c6f586a 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -1,14 +1,12 @@ /* * tor.c * - * Copyright (C) 2016 ntop.org + * Copyright (C) 2016-18 ntop.org * Copyright (C) 2013 Remy Mudingay * */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TOR - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TOR #include "ndpi_api.h" @@ -132,4 +130,3 @@ void init_tor_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } -#endif diff --git a/src/lib/protocols/tvants.c b/src/lib/protocols/tvants.c index ceee278b9..eafce38c4 100644 --- a/src/lib/protocols/tvants.c +++ b/src/lib/protocols/tvants.c @@ -2,7 +2,7 @@ * tvants.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TVANTS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TVANTS #include "ndpi_api.h" @@ -85,5 +83,3 @@ void init_tvants_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/tvuplayer.c b/src/lib/protocols/tvuplayer.c index 2160a5afa..ce84c7de3 100644 --- a/src/lib/protocols/tvuplayer.c +++ b/src/lib/protocols/tvuplayer.c @@ -2,7 +2,7 @@ * tvuplayer.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_TVUPLAYER - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TVUPLAYER #include "ndpi_api.h" @@ -160,5 +158,3 @@ void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index d8392fda7..2e35d1d98 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -21,13 +21,10 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_UBNTAC2 - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UBNTAC2 #include "ndpi_api.h" - static void ndpi_int_ubntac2_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UBNTAC2, NDPI_PROTOCOL_UNKNOWN); @@ -94,5 +91,3 @@ void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ADD_TO_DETECTION_BITMASK); *id += 1; } - -#endif diff --git a/src/lib/protocols/usenet.c b/src/lib/protocols/usenet.c index 0a995d6f8..6a2970d6e 100644 --- a/src/lib/protocols/usenet.c +++ b/src/lib/protocols/usenet.c @@ -2,7 +2,7 @@ * usenet.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_USENET - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_USENET #include "ndpi_api.h" @@ -104,5 +102,3 @@ void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/vhua.c b/src/lib/protocols/vhua.c index 844eaf84f..eef5c065f 100644 --- a/src/lib/protocols/vhua.c +++ b/src/lib/protocols/vhua.c @@ -1,7 +1,7 @@ /* * vhua.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * nDPI is free software: you can vhuatribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -19,8 +19,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_VHUA - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VHUA #include "ndpi_api.h" @@ -79,4 +77,3 @@ void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c index 517b74b91..65e227234 100644 --- a/src/lib/protocols/viber.c +++ b/src/lib/protocols/viber.c @@ -2,7 +2,7 @@ * viber.c * * Copyright (C) 2013 Remy Mudingay - * Copyright (C) 2013 - 2014 ntop.org + * Copyright (C) 2013-18 - ntop.org * * This module is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_VIBER - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VIBER #include "ndpi_api.h" @@ -61,5 +59,3 @@ void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/vmware.c b/src/lib/protocols/vmware.c index 34fe84ab9..138d09bbc 100644 --- a/src/lib/protocols/vmware.c +++ b/src/lib/protocols/vmware.c @@ -1,7 +1,7 @@ /* * vmware.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_VMWARE - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VMWARE #include "ndpi_api.h" @@ -56,5 +54,3 @@ void init_vmware_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/vnc.c b/src/lib/protocols/vnc.c index 6bbb26c6d..65988bce6 100644 --- a/src/lib/protocols/vnc.c +++ b/src/lib/protocols/vnc.c @@ -1,7 +1,7 @@ /* * vnc.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -22,8 +22,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_VNC - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VNC #include "ndpi_api.h" @@ -76,5 +74,3 @@ void init_vnc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif diff --git a/src/lib/protocols/warcraft3.c b/src/lib/protocols/warcraft3.c index bbc1d8388..3f970bd25 100644 --- a/src/lib/protocols/warcraft3.c +++ b/src/lib/protocols/warcraft3.c @@ -2,7 +2,7 @@ * warcraft3.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_WARCRAFT3 - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WARCRAFT3 #include "ndpi_api.h" @@ -106,4 +104,3 @@ void init_warcraft3_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } -#endif diff --git a/src/lib/protocols/whatsapp.c b/src/lib/protocols/whatsapp.c index b079dcd01..6a98eac6b 100644 --- a/src/lib/protocols/whatsapp.c +++ b/src/lib/protocols/whatsapp.c @@ -19,8 +19,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_WHATSAPP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WHATSAPP #include "ndpi_api.h" @@ -56,5 +54,3 @@ void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/whoisdas.c b/src/lib/protocols/whoisdas.c index 291ae15ca..335aa6f65 100644 --- a/src/lib/protocols/whoisdas.c +++ b/src/lib/protocols/whoisdas.c @@ -1,7 +1,7 @@ /* * whoisdas.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -20,8 +20,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_WHOIS_DAS - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WHOIS_DAS #include "ndpi_api.h" @@ -75,5 +73,3 @@ void init_whois_das_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id += 1; } - -#endif diff --git a/src/lib/protocols/world_of_kung_fu.c b/src/lib/protocols/world_of_kung_fu.c index 534addc7d..d179ef526 100644 --- a/src/lib/protocols/world_of_kung_fu.c +++ b/src/lib/protocols/world_of_kung_fu.c @@ -2,7 +2,7 @@ * world_of_kung_fu.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,7 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_WORLD_OF_KUNG_FU #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WORLD_OF_KUNG_FU #include "ndpi_api.h" @@ -64,5 +63,3 @@ void init_world_of_kung_fu_dissector(struct ndpi_detection_module_struct *ndpi_s *id += 1; } - -#endif diff --git a/src/lib/protocols/world_of_warcraft.c b/src/lib/protocols/world_of_warcraft.c index bfcf3f4e1..acb010a85 100644 --- a/src/lib/protocols/world_of_warcraft.c +++ b/src/lib/protocols/world_of_warcraft.c @@ -2,7 +2,7 @@ * world_of_warcraft.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,8 +23,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_WORLDOFWARCRAFT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WORLDOFWARCRAFT #include "ndpi_api.h" @@ -215,4 +213,3 @@ void init_world_of_warcraft_dissector(struct ndpi_detection_module_struct *ndpi_ *id += 1; } -#endif diff --git a/src/lib/protocols/xbox.c b/src/lib/protocols/xbox.c index 3182c191c..5d1f64d43 100644 --- a/src/lib/protocols/xbox.c +++ b/src/lib/protocols/xbox.c @@ -1,7 +1,7 @@ /* * xbox.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -23,7 +23,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_XBOX #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XBOX #include "ndpi_api.h" @@ -84,9 +83,7 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n } /* exclude here all non matched udp traffic, exclude here tcp only if http has been excluded, because xbox could use http */ -#ifdef NDPI_PROTOCOL_HTTP if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP) != 0) { -#endif NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } @@ -106,4 +103,3 @@ void init_xbox_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif diff --git a/src/lib/protocols/xdmcp.c b/src/lib/protocols/xdmcp.c index 71bcd9c69..35b08b91b 100644 --- a/src/lib/protocols/xdmcp.c +++ b/src/lib/protocols/xdmcp.c @@ -2,7 +2,7 @@ * xdmcp.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -24,8 +24,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_XDMCP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XDMCP #include "ndpi_api.h" @@ -77,5 +75,3 @@ void init_xdmcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } - -#endif diff --git a/src/lib/protocols/yahoo.c b/src/lib/protocols/yahoo.c index 1144fb4ef..3be953939 100644 --- a/src/lib/protocols/yahoo.c +++ b/src/lib/protocols/yahoo.c @@ -1,7 +1,7 @@ /* * yahoo.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -22,11 +22,9 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_YAHOO #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_YAHOO -#include "ndpi_api.h" - +#include "ndpi_api.h" struct ndpi_yahoo_header { u_int8_t YMSG_str[4]; @@ -313,9 +311,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru } } /* detect YAHOO over HTTP proxy */ -#ifdef NDPI_PROTOCOL_HTTP if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP) -#endif { if (flow->l4.tcp.yahoo_http_proxy_stage == 0) { @@ -370,12 +366,8 @@ void ndpi_search_yahoo(struct ndpi_detection_module_struct *ndpi_struct, struct if(packet->tcp != NULL && packet->tcp_retransmission == 0) { if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN -#ifdef NDPI_PROTOCOL_HTTP || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP -#endif -#ifdef NDPI_PROTOCOL_SSL || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { -#endif /* search over TCP */ ndpi_search_yahoo_tcp(ndpi_struct, flow); } @@ -412,4 +404,3 @@ void init_yahoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in *id += 1; } -#endif diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index c3e514dda..3b0c02d80 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -1,7 +1,7 @@ /* * zattoo.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -22,8 +22,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_ZATTOO - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ZATTOO #include "ndpi_api.h" @@ -240,5 +238,3 @@ void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i *id += 1; } - -#endif diff --git a/src/lib/protocols/zeromq.c b/src/lib/protocols/zeromq.c index c7c8e9519..aa73d4a6d 100644 --- a/src/lib/protocols/zeromq.c +++ b/src/lib/protocols/zeromq.c @@ -1,7 +1,7 @@ /* * zmq.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-18 - ntop.org * * nDPI is free software: you can zmqtribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -19,7 +19,6 @@ */ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_ZMQ #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ZMQ #include "ndpi_api.h" @@ -109,5 +108,3 @@ void init_zmq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 *id += 1; } - -#endif -- cgit v1.2.3 From 5246656ae000916464541ffb5b6f61077ee281e7 Mon Sep 17 00:00:00 2001 From: Luca Date: Sat, 21 Jul 2018 16:27:05 +0200 Subject: Fixed required library prefix --- example/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'example') diff --git a/example/Makefile.am b/example/Makefile.am index 9eedc21d8..e50d8c05c 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -3,7 +3,7 @@ bin_PROGRAMS = ndpiReader AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ @HS_INC@ AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage -LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ @HS_LIB@ -lm +LDADD = $(top_builddir)/src/lib/libndpi.a @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ @HS_LIB@ -lm AM_LDFLAGS = -static @DL_LIB@ @HS_LIB@ ndpiReader_SOURCES = ndpiReader.c ndpi_util.c ndpi_util.h uthash.h -- cgit v1.2.3 From 01bf295a19c19dc4f521ee40f0c478c794e1b5e4 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 16 Aug 2018 14:57:44 +0200 Subject: Completed custom category implementation --- example/ndpiReader.c | 81 +++++++++++++++++---------- src/include/ndpi_api.h | 6 ++ src/include/ndpi_main.h | 60 ++++++++++++++------ src/include/ndpi_typedefs.h | 9 ++- src/lib/Makefile | 2 +- src/lib/ndpi_main.c | 108 +++++++++++++++++++++++++----------- src/lib/protocols/dns.c | 8 ++- src/lib/protocols/fbzero.c | 4 +- src/lib/protocols/http.c | 27 ++++++--- src/lib/protocols/quic.c | 2 + src/lib/protocols/ssl.c | 67 +++++++++++----------- tests/result/pps.pcap.out | 4 +- tests/result/webex.pcap.out | 58 +++++++++---------- tests/result/whatsappfiles.pcap.out | 4 +- 14 files changed, 283 insertions(+), 157 deletions(-) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 39748cd90..faa453ee2 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -111,7 +111,6 @@ struct flow_info { static struct flow_info *all_flows; - struct info_pair { u_int32_t addr; u_int8_t version; /* IP version */ @@ -135,16 +134,15 @@ struct port_stats { u_int32_t cumulative_addr; /*cumulative some of IP addresses */ addr_node *addr_tree; /* tree of distinct IP addresses */ struct info_pair top_ip_addrs[MAX_NUM_IP_ADDRESS]; - u_int8_t hasTopHost; /* as boolean flag*/ - u_int32_t top_host; /*host that is contributed to > 95% of traffic*/ - u_int8_t version; /* top host's ip version */ - char proto[16]; /*application level protocol of top host */ - UT_hash_handle hh; /* makes this structure hashable */ + u_int8_t hasTopHost; /* as boolean flag */ + u_int32_t top_host; /* host that is contributed to > 95% of traffic */ + u_int8_t version; /* top host's ip version */ + char proto[16]; /* application level protocol of top host */ + UT_hash_handle hh; /* makes this structure hashable */ }; struct port_stats *srcStats = NULL, *dstStats = NULL; - // struct to hold count of flows received by destination ports struct port_flow_info { u_int32_t port; /* key */ @@ -349,6 +347,8 @@ struct ndpi_proto_sorter { char name[16]; }; +/* ********************************** */ + int cmpProto(const void *_a, const void *_b) { struct ndpi_proto_sorter *a = (struct ndpi_proto_sorter*)_a; struct ndpi_proto_sorter *b = (struct ndpi_proto_sorter*)_b; @@ -356,6 +356,8 @@ int cmpProto(const void *_a, const void *_b) { return(strcmp(a->name, b->name)); } +/* ********************************** */ + int cmpFlows(const void *_a, const void *_b) { struct ndpi_flow_info *fa = ((struct flow_info*)_a)->flow; struct ndpi_flow_info *fb = ((struct flow_info*)_b)->flow; @@ -375,6 +377,8 @@ int cmpFlows(const void *_a, const void *_b) { return(0); } +/* ********************************** */ + void extcap_config() { int i, argidx = 0; struct ndpi_proto_sorter *protos; @@ -656,12 +660,12 @@ static void parseOptions(int argc, char **argv) { #endif } +/* ********************************** */ /** * @brief From IPPROTO to string NAME */ static char* ipProto2Name(u_int16_t proto_id) { - static char proto[8]; switch(proto_id) { @@ -689,12 +693,12 @@ static char* ipProto2Name(u_int16_t proto_id) { return(proto); } +/* ********************************** */ /** * @brief A faster replacement for inet_ntoa(). */ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) { - char *cp, *retStr; uint byte; int n; @@ -723,6 +727,8 @@ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) { return(retStr); } +/* ********************************** */ + /** * @brief Print the flow */ @@ -792,16 +798,20 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa json_object_object_add(jObj,"host_b.port",json_object_new_int(ntohs(flow->dst_port))); if(flow->detected_protocol.master_protocol) - json_object_object_add(jObj,"detected.master_protocol",json_object_new_int(flow->detected_protocol.master_protocol)); + json_object_object_add(jObj,"detected.master_protocol", + json_object_new_int(flow->detected_protocol.master_protocol)); - json_object_object_add(jObj,"detected.app_protocol",json_object_new_int(flow->detected_protocol.app_protocol)); + json_object_object_add(jObj,"detected.app_protocol", + json_object_new_int(flow->detected_protocol.app_protocol)); if(flow->detected_protocol.master_protocol) { char tmp[256]; snprintf(tmp, sizeof(tmp), "%s.%s", - ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.master_protocol), - ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); + ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.master_protocol), + ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.app_protocol)); json_object_object_add(jObj,"detected.protocol.name", json_object_new_string(tmp)); @@ -836,12 +846,13 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa } } +/* ********************************** */ /** * @brief Unknown Proto Walker */ -static void node_print_unknown_proto_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - +static void node_print_unknown_proto_walker(const void *node, + ndpi_VISIT which, int depth, void *user_data) { struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node; u_int16_t thread_id = *((u_int16_t*)user_data); @@ -854,11 +865,13 @@ static void node_print_unknown_proto_walker(const void *node, ndpi_VISIT which, } } +/* ********************************** */ + /** * @brief Known Proto Walker */ -static void node_print_known_proto_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - +static void node_print_known_proto_walker(const void *node, + ndpi_VISIT which, int depth, void *user_data) { struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node; u_int16_t thread_id = *((u_int16_t*)user_data); @@ -871,6 +884,7 @@ static void node_print_known_proto_walker(const void *node, ndpi_VISIT which, in } } +/* ********************************** */ /** * @brief Guess Undetected Protocol @@ -890,6 +904,7 @@ static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi return(flow->detected_protocol.app_protocol); } +/* ********************************** */ /** * @brief Proto Guess Walker @@ -909,6 +924,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept } process_ndpi_collected_info(ndpi_thread_info[thread_id].workflow, flow); + ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.app_protocol] += flow->src2dst_packets + flow->dst2src_packets; ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.app_protocol] += flow->src2dst_bytes + flow->dst2src_bytes; ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.app_protocol]++; @@ -1354,7 +1370,6 @@ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, voi * @brief Idle Scan Walker */ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { - struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; u_int16_t thread_id = *((u_int16_t *) user_data); @@ -1386,7 +1401,6 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, static void on_protocol_discovered(struct ndpi_workflow * workflow, struct ndpi_flow_info * flow, void * udata) { - const u_int16_t thread_id = (uintptr_t) udata; if(verbose > 1) { @@ -1446,7 +1460,6 @@ static void debug_printf(u_int32_t protocol, void *id_struct, * @brief Setup for detection begin */ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { - NDPI_PROTOCOL_BITMASK all; struct ndpi_workflow_prefs prefs; @@ -1468,16 +1481,20 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { ndpi_pref_enable_category_substring_match, 1); ndpi_workflow_set_flow_detected_callback(ndpi_thread_info[thread_id].workflow, - on_protocol_discovered, (void *)(uintptr_t)thread_id); + on_protocol_discovered, + (void *)(uintptr_t)thread_id); // enable all protocols NDPI_BITMASK_SET_ALL(all); ndpi_set_protocol_detection_bitmask2(ndpi_thread_info[thread_id].workflow->ndpi_struct, &all); // clear memory for results - memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter, 0, sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter)); - memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes, 0, sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes)); - memset(ndpi_thread_info[thread_id].workflow->stats.protocol_flows, 0, sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_flows)); + memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter, 0, + sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter)); + memset(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes, 0, + sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes)); + memset(ndpi_thread_info[thread_id].workflow->stats.protocol_flows, 0, + sizeof(ndpi_thread_info[thread_id].workflow->stats.protocol_flows)); if(_protoFilePath != NULL) ndpi_load_protocols_file(ndpi_thread_info[thread_id].workflow->ndpi_struct, _protoFilePath); @@ -1608,7 +1625,9 @@ static void json_open_stats_file() { static void json_close_stats_file() { json_object *jObjFinal = json_object_new_object(); - json_object_object_add(jObjFinal,"duration.in.seconds",json_object_new_int(pcap_analysis_duration)); + + json_object_object_add(jObjFinal,"duration.in.seconds", + json_object_new_int(pcap_analysis_duration)); json_object_object_add(jObjFinal,"statistics", jArray_topStats); fprintf(stats_fp,"%s\n",json_object_to_json_string(jObjFinal)); fclose(stats_fp); @@ -1910,8 +1929,10 @@ static void printResults(u_int64_t tot_usec) { continue; for(i=0; indpi_flows_root[i], node_proto_guess_walker, &thread_id); - if(verbose == 3 || stats_flag) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); + ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], + node_proto_guess_walker, &thread_id); + if(verbose == 3 || stats_flag) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], + port_stats_walker, &thread_id); } /* Stats aggregation */ @@ -2396,11 +2417,11 @@ static void pcap_process_packet(u_char *args, if(live_capture) { if(ndpi_thread_info[thread_id].last_idle_scan_time + IDLE_SCAN_PERIOD < ndpi_thread_info[thread_id].workflow->last_time) { /* scan for idle flows */ - ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], node_idle_scan_walker, &thread_id); + ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], + node_idle_scan_walker, &thread_id); /* remove idle flows (unfortunately we cannot do this inline) */ - while (ndpi_thread_info[thread_id].num_idle_flows > 0) { - + while(ndpi_thread_info[thread_id].num_idle_flows > 0) { /* search and delete the idle flow from the "ndpi_flow_root" (see struct reader thread) - here flows are the node of a b-tree */ ndpi_tdelete(ndpi_thread_info[thread_id].idle_flows[--ndpi_thread_info[thread_id].num_idle_flows], &ndpi_thread_info[thread_id].workflow->ndpi_flows_root[ndpi_thread_info[thread_id].idle_scan_idx], diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 358c0491c..3fefc8e4b 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -346,6 +346,7 @@ extern "C" { * @par ndpi_struct = the detection module * @par string_to_match = the string to match * @par string_to_match_len = the length of the string + * @par ret_match = completed returned match information * @par is_host_match = value of the second field of struct ndpi_automa * @return the ID of the matched subprotocol * @@ -353,6 +354,7 @@ extern "C" { int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int8_t is_host_match); /** * Check if the host passed match with a protocol @@ -361,6 +363,7 @@ extern "C" { * @par flow = the flow where match the host * @par string_to_match = the string to match * @par string_to_match_len = the length of the string + * @par ret_match = completed returned match information * @par master_protocol_id = value of the ID associated to the master protocol detected * @return the ID of the matched subprotocol * @@ -369,6 +372,7 @@ extern "C" { struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id); @@ -379,6 +383,7 @@ extern "C" { * @par flow = the flow where match the host * @par string_to_match = the string to match * @par string_to_match_len = the length of the string + * @par ret_match = completed returned match information * @par master_protocol_id = value of the ID associated to the master protocol detected * @return the ID of the matched subprotocol * @@ -387,6 +392,7 @@ extern "C" { struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id); /** * Exclude protocol from search diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index b18efa21a..3517d45b2 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -53,34 +53,55 @@ extern "C" { extern u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst, u_int32_t net, u_int32_t num_bits); - u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - - u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); - u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, u_int16_t * bytes_read); + u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, + u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + + u_int32_t ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int64_t ndpi_bytestream_to_number64(const u_int8_t * str, u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int32_t ndpi_bytestream_dec_or_hex_to_number(const u_int8_t * str, + u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int64_t ndpi_bytestream_dec_or_hex_to_number64(const u_int8_t * str, + u_int16_t max_chars_to_read, + u_int16_t * bytes_read); + u_int32_t ndpi_bytestream_to_ipv4(const u_int8_t * str, u_int16_t max_chars_to_read, + u_int16_t * bytes_read); void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); - extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); + extern void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); + extern void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); - extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t counter); + extern u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int16_t counter); - extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, + extern void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, + extern void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol); - extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t protoBreed, u_int16_t protoId, - u_int16_t tcp_alias_protoId[2], u_int16_t udp_alias_protoId[2], char *protoName, + extern void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + ndpi_protocol_category_t protocol_category); + + extern void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_breed_t protoBreed, u_int16_t protoId, + u_int16_t tcp_alias_protoId[2], + u_int16_t udp_alias_protoId[2], char *protoName, ndpi_protocol_category_t protoCategory, - ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts); + ndpi_port_range *tcpDefPorts, + ndpi_port_range *udpDefPorts); extern void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet); extern void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow); @@ -90,8 +111,10 @@ extern "C" { extern void ndpi_packet_src_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); extern void ndpi_packet_dst_ip_get(const struct ndpi_packet_struct *packet, ndpi_ip_addr_t * ip); - extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const ndpi_ip_addr_t * ip); - extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, const struct ndpi_packet_struct *packet); + extern char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, + const ndpi_ip_addr_t * ip); + extern char *ndpi_get_packet_src_ip_string(struct ndpi_detection_module_struct *ndpi_struct, + const struct ndpi_packet_struct *packet); extern char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id); u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name); @@ -102,7 +125,8 @@ extern "C" { extern u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto); extern u_int16_t ndpi_get_lower_proto(ndpi_protocol p); - extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id, + extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, + u_int16_t protocol_id, u_int16_t** tcp_master_proto, u_int16_t** udp_master_proto); #/* NDPI_PROTOCOL_NETBIOS */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 244074044..3d0eccab7 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1099,8 +1099,9 @@ struct ndpi_flow_struct { /* protocols which have marked a connection as this connection cannot be protocol XXX, multiple u_int64_t */ NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask; - + ndpi_protocol_category_t category; + /* NDPI_PROTOCOL_REDIS */ u_int8_t redis_s2d_first_char, redis_d2s_first_char; @@ -1207,4 +1208,10 @@ typedef struct { u_int8_t value; } ndpi_network; +typedef struct { + int protocol_id; + ndpi_protocol_category_t protocol_category; + ndpi_protocol_breed_t protocol_breed; +} ndpi_protocol_match_result; + #endif /* __NDPI_TYPEDEFS_H__ */ diff --git a/src/lib/Makefile b/src/lib/Makefile index c9f317931..19c6f1cfe 100644 --- a/src/lib/Makefile +++ b/src/lib/Makefile @@ -6,7 +6,7 @@ # make -f Makefile.simple # CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g -RANLIB=ranlib +RANLIB = ranlib OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o HEADERS = $(wildcard ../include/*.h) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 494c93bd0..952026ce6 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -413,15 +413,13 @@ u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void) { return sizeof(struct /* *********************************************************************************** */ -char * ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id) -{ +char * ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id) { return((id >= ndpi_mod->ndpi_num_supported_protocols) ? NULL : ndpi_mod->proto_defaults[id].protoName); } /* *********************************************************************************** */ -u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) -{ +u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) { u_int16_t i, num = ndpi_get_num_supported_protocols(ndpi_mod); for(i = 0; i < num; i++) @@ -438,8 +436,7 @@ ndpi_port_range * ndpi_build_default_ports_range(ndpi_port_range *ports, u_int16_t portB_low, u_int16_t portB_high, u_int16_t portC_low, u_int16_t portC_high, u_int16_t portD_low, u_int16_t portD_high, - u_int16_t portE_low, u_int16_t portE_high) -{ + u_int16_t portE_low, u_int16_t portE_high) { int i = 0; ports[i].port_low = portA_low, ports[i].port_high = portA_high; i++; @@ -458,8 +455,7 @@ ndpi_port_range * ndpi_build_default_ports(ndpi_port_range *ports, u_int16_t portB, u_int16_t portC, u_int16_t portD, - u_int16_t portE) -{ + u_int16_t portE) { int i = 0; ports[i].port_low = portA, ports[i].port_high = portA; i++; @@ -753,8 +749,7 @@ static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct /* ******************************************************************** */ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, - ndpi_protocol_match *match) -{ + ndpi_protocol_match *match) { u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; static u_int16_t generic_id = NDPI_LAST_IMPLEMENTED_PROTOCOL; @@ -2634,7 +2629,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, else removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); } else if(is_ip) { -/* NDPI_PROTOCOL_TOR */ + /* NDPI_PROTOCOL_TOR */ ndpi_add_host_ip_subprotocol(ndpi_mod, value, subprotocol_id); } else { if(do_add) @@ -4172,6 +4167,11 @@ int ndpi_enable_loaded_categories(struct ndpi_detection_module_struct *ndpi_str) void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, ndpi_protocol *ret) { + if(flow->category != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED) { + ret->category = flow->category; + return; + } + if(ndpi_struct->custom_categories.categories_loaded) { if(flow->packet.iph) { prefix_t prefix; @@ -4189,7 +4189,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc } if(node) { - ret->category = (ndpi_protocol_category_t)node->value.user_value; + flow->category = ret->category = (ndpi_protocol_category_t)node->value.user_value; return; } } @@ -4199,7 +4199,7 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->host_server_name, &id); if(rc == 0) { - ret->category = (ndpi_protocol_category_t)id; + flow->category = ret->category = (ndpi_protocol_category_t)id; return; } } @@ -4209,13 +4209,13 @@ void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struc int rc = ndpi_match_custom_category(ndpi_struct, (char *)flow->protos.stun_ssl.ssl.server_certificate, &id); if(rc == 0) { - ret->category = (ndpi_protocol_category_t)id; + flow->category = ret->category = (ndpi_protocol_category_t)id; return; } } } - ret->category = ndpi_get_proto_category(ndpi_struct, *ret); + flow->category = ret->category = ndpi_get_proto_category(ndpi_struct, *ret); } /* ********************************************************************************* */ @@ -4347,6 +4347,19 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->guessed_host_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { /* This is a custom protocol and it has priority over everything else */ ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_host_protocol_id; + + if(flow->packet.tcp) { + /* Minimal guess for HTTP/SSL-based protocols */ + switch(ntohs(flow->packet.tcp->dest)) { + case 80: + ret.master_protocol = NDPI_PROTOCOL_HTTP; + break; + case 443: + ret.master_protocol = NDPI_PROTOCOL_SSL; /* QUIC could also match */ + break; + } + } + ndpi_check_flow_func(ndpi_struct, flow, &ndpi_selection_packet); ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); @@ -4921,10 +4934,11 @@ void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct /* ********************************************************************************* */ -u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_int8_t ** l4_return, u_int16_t * l4_len_return, - u_int8_t * l4_protocol_return, u_int32_t flags) -{ - return ndpi_detection_get_l4_internal(NULL, l3, l3_len, l4_return, l4_len_return, l4_protocol_return, flags); +u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, + const u_int8_t ** l4_return, u_int16_t * l4_len_return, + u_int8_t * l4_protocol_return, u_int32_t flags) { + return ndpi_detection_get_l4_internal(NULL, l3, l3_len, + l4_return, l4_len_return, l4_protocol_return, flags); } /* ********************************************************************************* */ @@ -4932,8 +4946,7 @@ u_int8_t ndpi_detection_get_l4(const u_int8_t * l3, u_int16_t l3_len, const u_in void ndpi_set_detected_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int16_t upper_detected_protocol, - u_int16_t lower_detected_protocol) -{ + u_int16_t lower_detected_protocol) { struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; @@ -4969,7 +4982,8 @@ void ndpi_int_change_flow_protocol(struct ndpi_detection_module_struct *ndpi_str u_int16_t lower_detected_protocol) { if(!flow) return; - flow->detected_protocol_stack[0] = upper_detected_protocol, flow->detected_protocol_stack[1] = lower_detected_protocol; + flow->detected_protocol_stack[0] = upper_detected_protocol, + flow->detected_protocol_stack[1] = lower_detected_protocol; } /* ********************************************************************************* */ @@ -5018,6 +5032,14 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************* */ +void ndpi_int_change_category(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + ndpi_protocol_category_t protocol_category) { + flow->category = protocol_category; +} + +/* ********************************************************************************* */ + /* change protocol only if guessing is active */ /* void ndpi_guess_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, */ /* struct ndpi_flow_struct *flow) */ @@ -5600,22 +5622,29 @@ int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int8_t is_host_match) { - AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; AC_TEXT_t ac_input_text; - ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa; - - if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN); + ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : + &ndpi_struct->content_automa; + AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED }; + + if((automa->ac_automa == NULL) || (string_to_match_len == 0)) + return(NDPI_PROTOCOL_UNKNOWN); if(!automa->ac_automa_finalized) { ac_automata_finalize((AC_AUTOMATA_t*)automa->ac_automa); automa->ac_automa_finalized = 1; } - + ac_input_text.astring = string_to_match, ac_input_text.length = string_to_match_len; ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, &match); ac_automata_reset(((AC_AUTOMATA_t*)automa->ac_automa)); - + + ret_match->protocol_id = match.number, + ret_match->protocol_category = match.category, + ret_match->protocol_breed = match.breed; + return(match.number); } @@ -5627,10 +5656,15 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, u_int16_t master_protocol_id, + ndpi_protocol_match_result *ret_match, u_int8_t is_host_match) { - int matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match, string_to_match_len, is_host_match); + int matching_protocol_id; struct ndpi_packet_struct *packet = &flow->packet; + matching_protocol_id = ndpi_match_string_subprotocol(ndpi_struct, string_to_match, + string_to_match_len, ret_match, + is_host_match); + #ifdef DEBUG { char m[256]; @@ -5650,8 +5684,9 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str packet->detected_protocol_stack[0] = matching_protocol_id; flow->detected_protocol_stack[0] = packet->detected_protocol_stack[0], - flow->detected_protocol_stack[1] = packet->detected_protocol_stack[1]; - + flow->detected_protocol_stack[1] = packet->detected_protocol_stack[1], + flow->category = ret_match->protocol_category; + return(packet->detected_protocol_stack[0]); } @@ -5679,10 +5714,15 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, u_int16_t master_protocol_id, + ndpi_automa_match_string_subprotocol *ret_match, u_int8_t is_host_match) { int rv = NDPI_PROTOCOL_UNKNOWN; struct hs *hs = (struct hs*)ndpi_struct->hyperscan; + /* + TODO HYPERSCAN + In case of match fill up ret_match and set flow protocol + category + */ if(hs_scan(hs->database, string_to_match, string_to_match_len, 0, hs->scratch, hyperscanEventHandler, &rv) != HS_SUCCESS) @@ -5698,10 +5738,11 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id) { return(ndpi_automa_match_string_subprotocol(ndpi_struct, flow, string_to_match, string_to_match_len, - master_protocol_id, 1)); + master_protocol_id, ret_match, 1)); } /* ****************************************************** */ @@ -5709,10 +5750,11 @@ int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct int ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, + ndpi_protocol_match_result *ret_match, u_int16_t master_protocol_id) { return(ndpi_automa_match_string_subprotocol(ndpi_struct, flow, string_to_match, string_to_match_len, - master_protocol_id, 0)); + master_protocol_id, ret_match, 0)); } /* ****************************************************** */ diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 6ffa74a27..90be9544c 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -207,12 +207,16 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries, flow->protos.dns.num_answers = (u_int8_t) (dns_header.num_answers + dns_header.authority_rrs + dns_header.additional_rrs); - if(j > 0) + if(j > 0) { + ndpi_protocol_match_result ret_match; + ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char*)flow->host_server_name), + &ret_match, NDPI_PROTOCOL_DNS); - + } + #ifdef DNS_DEBUG NDPI_LOG_DBG2(ndpi_struct, "[num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n", flow->protos.dns.num_queries, flow->protos.dns.num_answers, diff --git a/src/lib/protocols/fbzero.c b/src/lib/protocols/fbzero.c index 3048bff79..6c818e3c7 100644 --- a/src/lib/protocols/fbzero.c +++ b/src/lib/protocols/fbzero.c @@ -84,7 +84,8 @@ void ndpi_search_fbzero(struct ndpi_detection_module_struct *ndpi_struct, && (t->tag[2] == 'I') && (t->tag[3] == '\0')) { char *value = (char*)&packet->payload[data_offset + data_prev_offset]; u_int tag_len = t->tag_offset_len-data_prev_offset, max_len; - + ndpi_protocol_match_result ret_match; + max_len = ndpi_min(tag_len, sizeof(flow->host_server_name)-1); strncpy((char*)flow->host_server_name, value, max_len); @@ -99,6 +100,7 @@ void ndpi_search_fbzero(struct ndpi_detection_module_struct *ndpi_struct, ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char *)flow->host_server_name), + &ret_match, NDPI_PROTOCOL_FBZERO); return; } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index e03b48710..94d918e76 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -172,7 +172,8 @@ static void setHttpUserAgent(struct ndpi_detection_module_struct *ndpi_struct, static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { if((flow->l4.tcp.http_stage == 0) || (flow->http.url && flow->http_detected)) { char *double_col = strchr((char*)flow->host_server_name, ':'); - + ndpi_protocol_match_result ret_match; + if(double_col) double_col[0] = '\0'; /** @@ -182,6 +183,7 @@ static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struc */ ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char *)flow->host_server_name), + &ret_match, NDPI_PROTOCOL_HTTP); } } @@ -349,12 +351,16 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ packet->host_line.len, packet->host_line.ptr); /* call ndpi_match_host_subprotocol to see if there is a match with known-host HTTP subprotocol */ - if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) + if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) { + ndpi_protocol_match_result ret_match; + ndpi_match_host_subprotocol(ndpi_struct, flow, (char*)packet->host_line.ptr, packet->host_line.len, + &ret_match, NDPI_PROTOCOL_HTTP); - + } + /* Copy result for nDPI apps */ if(!ndpi_struct->disable_metadata_export) { len = ndpi_min(packet->host_line.len, sizeof(flow->host_server_name)-1); @@ -395,12 +401,16 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected) - && (packet->http_origin.len > 0)) + && (packet->http_origin.len > 0)) { + ndpi_protocol_match_result ret_match; + ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)packet->http_origin.ptr, packet->http_origin.len, + &ret_match, NDPI_PROTOCOL_HTTP); - + } + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) { NDPI_LOG_INFO(ndpi_struct, "found HTTP/%s\n", @@ -440,10 +450,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_LOG_DBG2(ndpi_struct, "Content Type line found %.*s\n", packet->content_line.len, packet->content_line.ptr); - if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) + if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) { + ndpi_protocol_match_result ret_match; + ndpi_match_content_subprotocol(ndpi_struct, flow, (char*)packet->content_line.ptr, packet->content_line.len, - NDPI_PROTOCOL_HTTP); + &ret_match, NDPI_PROTOCOL_HTTP); + } } } diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 4c838f41f..e28db634a 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -107,6 +107,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, if((sni_offset+len) < udp_len) { if(!ndpi_struct->disable_metadata_export) { int max_len = sizeof(flow->host_server_name)-1, j = 0; + ndpi_protocol_match_result ret_match; if(len > max_len) len = max_len; @@ -118,6 +119,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, ndpi_match_host_subprotocol(ndpi_struct, flow, (char *)flow->host_server_name, strlen((const char*)flow->host_server_name), + &ret_match, NDPI_PROTOCOL_QUIC); } } diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index a277f8120..b8c36976b 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -327,13 +327,13 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi } /* Client hello, Server Hello, and certificate packets probably all checked in this case */ if ((packet->ssl_certificate_num_checks >= 3) - && (flow->l4.tcp.seen_syn) - && (flow->l4.tcp.seen_syn_ack) - && (flow->l4.tcp.seen_ack) /* We have seen the 3-way handshake */) - { - /* We're done processing extra packets since we've probably checked all possible cert packets */ - return 0; - } + && (flow->l4.tcp.seen_syn) + && (flow->l4.tcp.seen_syn_ack) + && (flow->l4.tcp.seen_ack) /* We have seen the 3-way handshake */) + { + /* We're done processing extra packets since we've probably checked all possible cert packets */ + return 0; + } } /* 1 means keep looking for more packets */ return 1; @@ -368,22 +368,27 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s #ifdef CERTIFICATE_DEBUG NDPI_LOG_DBG2(ndpi_struct, "***** [SSL] %s\n", certificate); #endif + ndpi_protocol_match_result ret_match; u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, - strlen(certificate), NDPI_PROTOCOL_SSL); + strlen(certificate), + &ret_match, + NDPI_PROTOCOL_SSL); + if(subproto != NDPI_PROTOCOL_UNKNOWN) { - /* If we've detected the subprotocol from client certificate but haven't had a chance - * to see the server certificate yet, set up extra packet processing to wait - * a few more packets. */ - if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0')) { - sslInitExtraPacketProcessing(0, flow); - } - ndpi_set_detected_protocol(ndpi_struct, flow, subproto, - ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); - return(rc); /* Fix courtesy of Gianluca Costa */ - } + /* If we've detected the subprotocol from client certificate but haven't had a chance + * to see the server certificate yet, set up extra packet processing to wait + * a few more packets. */ + if((flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') && (flow->protos.stun_ssl.ssl.server_certificate[0] == '\0')) { + sslInitExtraPacketProcessing(0, flow); + } + + ndpi_set_detected_protocol(ndpi_struct, flow, subproto, + ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); + return(rc); /* Fix courtesy of Gianluca Costa */ + } - if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0) - return(rc); + if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0) + return(rc); } if(((packet->ssl_certificate_num_checks >= 2) @@ -394,9 +399,9 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s /* || (flow->protos.stun_ssl.ssl.client_certificate[0] != '\0') */ ) { ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); - } + } + } } - } return(0); } @@ -480,7 +485,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL_NO_CERT); } else NDPI_LOG_INFO(ndpi_struct, "found ssl\n"); - ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); + ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); } } @@ -516,16 +521,16 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct u_int32_t cert_start; NDPI_LOG_DBG2(ndpi_struct, - "maybe SSLv3 server hello split into smaller packets\n"); + "maybe SSLv3 server hello split into smaller packets\n"); /* lets hope at least the server hello and the start of the certificate block are in the first packet */ cert_start = ntohs(get_u_int16_t(packet->payload, 7)) + 5 + 4; NDPI_LOG_DBG2(ndpi_struct, "suspected start of certificate: %u\n", - cert_start); + cert_start); if(cert_start < packet->payload_packet_len && packet->payload[cert_start] == 0x0b) { NDPI_LOG_DBG2(ndpi_struct, - "found 0x0b at suspected start of certificate block\n"); + "found 0x0b at suspected start of certificate block\n"); return 2; } } @@ -536,16 +541,16 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct u_int32_t cert_start; NDPI_LOG_DBG2(ndpi_struct, - "maybe SSLv3 server hello split into smaller packets but with seperate record for the certificate\n"); + "maybe SSLv3 server hello split into smaller packets but with seperate record for the certificate\n"); /* lets hope at least the server hello record and the start of the certificate record are in the first packet */ cert_start = ntohs(get_u_int16_t(packet->payload, 7)) + 5 + 5 + 4; NDPI_LOG_DBG2(ndpi_struct, "suspected start of certificate: %u\n", - cert_start); + cert_start); if(cert_start < packet->payload_packet_len && packet->payload[cert_start] == 0x0b) { NDPI_LOG_DBG2(ndpi_struct, - "found 0x0b at suspected start of certificate block\n"); + "found 0x0b at suspected start of certificate block\n"); return 2; } } @@ -603,7 +608,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc * so go on checking for certificate patterns for a couple more packets */ NDPI_LOG_DBG2(ndpi_struct, - "ssl flow but check another packet for patterns\n"); + "ssl flow but check another packet for patterns\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { /* still ssl so check another packet */ @@ -685,7 +690,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc return; } else if(ret == 2) { NDPI_LOG_DBG2(ndpi_struct, - "sslv3 server len match with split packet -> check some more packets for SSL patterns\n"); + "sslv3 server len match with split packet -> check some more packets for SSL patterns\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { flow->l4.tcp.ssl_stage = 3; diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 5b3c3e7ce..a8259c514 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -23,11 +23,11 @@ GenericProtocol 1429 1780307 49 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] - 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] + 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] - 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] + 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index fbf341918..ecd0f6432 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -6,36 +6,36 @@ Google 17 6375 1 Webex 1380 818407 43 Amazon 3 174 1 - 1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][server: *.webex.com] - 2 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com] - 3 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com][server: *.webex.com] - 4 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][server: *.webex.com] - 5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][server: *.webex.com] - 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][server: *.webex.com] - 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][server: *.webex.com] + 1 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][256 pkts/14707 bytes <-> 257 pkts/329379 bytes][server: *.webex.com] + 2 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][28 pkts/4815 bytes <-> 28 pkts/104881 bytes][client: radcom.webex.com] + 3 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][48 pkts/11540 bytes <-> 47 pkts/80696 bytes][client: radcom.webex.com][server: *.webex.com] + 4 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][19 pkts/2005 bytes <-> 19 pkts/40477 bytes][server: *.webex.com] + 5 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][12 pkts/1531 bytes <-> 12 pkts/34357 bytes][server: *.webex.com] + 6 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][13 pkts/2145 bytes <-> 13 pkts/24239 bytes][server: *.webex.com] + 7 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][55 pkts/12583 bytes <-> 50 pkts/6703 bytes][server: *.webex.com] 8 UDP 10.8.0.1:64538 -> 172.16.1.75:5060 [proto: 100/SIP][cat: VoIP/10][22 pkts/15356 bytes -> 0 pkts/0 bytes] - 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][server: *.webex.com] + 9 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][29 pkts/4559 bytes <-> 21 pkts/5801 bytes][server: *.webex.com] 10 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][cat: Web/5][16 pkts/1984 bytes <-> 14 pkts/7584 bytes][client: api.crittercism.com][server: *.crittercism.com] - 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][server: *.webex.com] - 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][server: *.webex.com] - 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] - 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com] - 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com] - 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] - 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] - 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com] - 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com] - 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com] - 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] - 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] - 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 11 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1417 bytes <-> 8 pkts/6984 bytes][server: *.webex.com] + 12 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1309 bytes <-> 7 pkts/6930 bytes][server: *.webex.com] + 13 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6621 bytes][server: *.webex.com] + 14 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 8 pkts/6600 bytes][server: *.webex.com] + 15 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/6653 bytes][server: *.webex.com] + 16 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 17 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1261 bytes <-> 7 pkts/6535 bytes][server: *.webex.com] + 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/1369 bytes <-> 9 pkts/5838 bytes][server: *.webex.com] + 19 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/1315 bytes <-> 8 pkts/5784 bytes][server: *.webex.com] + 20 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1830 bytes <-> 12 pkts/4811 bytes][server: *.webex.com] + 21 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 22 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] + 23 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][11 pkts/1798 bytes <-> 11 pkts/4757 bytes][server: *.webex.com] 24 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][cat: Web/5][9 pkts/1540 bytes <-> 8 pkts/4835 bytes][client: ssl.google-analytics.com][server: *.google-analytics.com] - 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com] - 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] - 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] - 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com] - 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][7 pkts/461 bytes <-> 6 pkts/4231 bytes][server: *.webex.com] - 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][6 pkts/407 bytes <-> 5 pkts/4177 bytes][server: *.webex.com] + 25 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][9 pkts/895 bytes <-> 8 pkts/4398 bytes][server: *.webex.com] + 26 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] + 27 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][8 pkts/841 bytes <-> 7 pkts/4376 bytes][server: *.webex.com] + 28 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/1181 bytes <-> 7 pkts/4021 bytes][server: www.webex.com] + 29 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][7 pkts/461 bytes <-> 6 pkts/4231 bytes][server: *.webex.com] + 30 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/407 bytes <-> 5 pkts/4177 bytes][server: *.webex.com] 31 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][10 pkts/1465 bytes <-> 11 pkts/1065 bytes] 32 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][10 pkts/1388 bytes <-> 10 pkts/1087 bytes] 33 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][9 pkts/1357 bytes <-> 9 pkts/615 bytes] @@ -44,8 +44,8 @@ Amazon 3 174 1 36 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][cat: Web/5][7 pkts/1280 bytes <-> 6 pkts/453 bytes] 37 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][cat: Web/5][5 pkts/624 bytes <-> 5 pkts/767 bytes][Host: cp.pushwoosh.com] 38 UDP 10.8.0.1:51772 <-> 62.109.229.158:9000 [proto: 141/Webex][14 pkts/1071 bytes <-> 2 pkts/100 bytes] - 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com] - 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: Collaborative/15][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com] + 39 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][6 pkts/614 bytes <-> 5 pkts/399 bytes][client: radcom.webex.com] + 40 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][cat: VoIP/10][5 pkts/560 bytes <-> 4 pkts/345 bytes][client: radcom.webex.com] 41 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][7 pkts/501 bytes <-> 4 pkts/216 bytes] 42 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] 43 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][6 pkts/427 bytes <-> 5 pkts/270 bytes] diff --git a/tests/result/whatsappfiles.pcap.out b/tests/result/whatsappfiles.pcap.out index e6e8f0fa7..40d4fa391 100644 --- a/tests/result/whatsappfiles.pcap.out +++ b/tests/result/whatsappfiles.pcap.out @@ -1,4 +1,4 @@ WhatsAppFiles 620 452233 2 - 1 TCP 192.168.2.29:49698 <-> 185.60.216.53:443 [proto: 242/WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][132 pkts/9906 bytes <-> 178 pkts/237405 bytes] - 2 TCP 192.168.2.29:49674 <-> 185.60.216.53:443 [proto: 242/WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][161 pkts/189194 bytes <-> 149 pkts/15728 bytes] + 1 TCP 192.168.2.29:49698 <-> 185.60.216.53:443 [proto: 91.242/SSL.WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][132 pkts/9906 bytes <-> 178 pkts/237405 bytes] + 2 TCP 192.168.2.29:49674 <-> 185.60.216.53:443 [proto: 91.242/SSL.WhatsAppFiles][cat: Download-FileTransfer-FileSharing/7][161 pkts/189194 bytes <-> 149 pkts/15728 bytes] -- cgit v1.2.3 From f948f3525fddaae23eef0b88680e2c4e17c050ae Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 30 Aug 2018 09:59:39 +0200 Subject: Cleaned up makefile Used clang instead of gcc on MacOS --- example/Makefile.am | 12 ------------ src/lib/Makefile.in | 14 ++++++++++---- 2 files changed, 10 insertions(+), 16 deletions(-) delete mode 100644 example/Makefile.am (limited to 'example') diff --git a/example/Makefile.am b/example/Makefile.am deleted file mode 100644 index e50d8c05c..000000000 --- a/example/Makefile.am +++ /dev/null @@ -1,12 +0,0 @@ -bin_PROGRAMS = ndpiReader - -AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ @HS_INC@ -AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage - -LDADD = $(top_builddir)/src/lib/libndpi.a @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ @HS_LIB@ -lm -AM_LDFLAGS = -static @DL_LIB@ @HS_LIB@ - -ndpiReader_SOURCES = ndpiReader.c ndpi_util.c ndpi_util.h uthash.h - -ndpiReader.o: ndpiReader.c - diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 1bbc4095e..62f1b12a2 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -6,15 +6,17 @@ # make Makefile # +OS := $(shell uname -s) + # # Installation directories # prefix = /usr/local libdir = ${prefix}/lib includedir = ${prefix}/include/ndpi - -CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g -RANLIB = ranlib +CC = gcc +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -g +RANLIB = ranlib OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o HEADERS = $(wildcard ../include/*.h) @@ -23,6 +25,10 @@ NDPI_LIB_SHARED_BASE = libndpi.so NDPI_LIB_SHARED = $(NDPI_LIB_SHARED_BASE).@NDPI_VERSION_SHORT@ NDPI_LIBS = $(NDPI_LIB_STATIC) $(NDPI_LIB_SHARED) +ifeq ($(OS),Darwin) +CC=clang +endif + all: $(NDPI_LIBS) ndpi_main.c: ndpi_content_match.c.inc @@ -32,7 +38,7 @@ $(NDPI_LIB_STATIC): $(OBJECTS) $(RANLIB) $@ $(NDPI_LIB_SHARED): $(OBJECTS) - gcc -shared -fPIC -o $@ $(OBJECTS) + $(CC) -shared -fPIC -o $@ $(OBJECTS) ln -Fs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) %.o: %.c $(HEADERS) Makefile -- cgit v1.2.3 From 33d6f2d52fe38d9fa305bc67a8678567c759b414 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 30 Aug 2018 11:17:19 +0200 Subject: Added missing file --- example/Makefile.in | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 example/Makefile.in (limited to 'example') diff --git a/example/Makefile.in b/example/Makefile.in new file mode 100644 index 000000000..5aa175309 --- /dev/null +++ b/example/Makefile.in @@ -0,0 +1,20 @@ +CC=@CC@ +CFLAGS=-g -I../src/include @CFLAGS@ +LIBNDPI=../src/lib/libndpi.a +LDFLAGS=$(LIBNDPI) -lpcap @LDFLAGS@ +OBJS=ndpiReader.o ndpi_util.o + +all: ndpiReader + +ndpiReader: $(OBJS) $(LIBNDPI) + $(CC) $(CFLAGS) $(OBJS) -o $@ $(LDFLAGS) + +%.o: %.c $(HEADERS) Makefile + $(CC) $(CFLAGS) -c $< -o $@ + +install: + cp ndpiReader /usr/local/bin + +clean: + /bin/rm *.o ndpiReader + -- cgit v1.2.3 From ed5b04791ef1e8910fcdae7c6787510ad1cd287c Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 30 Aug 2018 11:26:49 +0200 Subject: Added missing -lpthread --- example/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'example') diff --git a/example/Makefile.in b/example/Makefile.in index 5aa175309..b515fa42a 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -1,7 +1,7 @@ CC=@CC@ CFLAGS=-g -I../src/include @CFLAGS@ LIBNDPI=../src/lib/libndpi.a -LDFLAGS=$(LIBNDPI) -lpcap @LDFLAGS@ +LDFLAGS=$(LIBNDPI) -lpcap -lpthread @LDFLAGS@ OBJS=ndpiReader.o ndpi_util.o all: ndpiReader -- cgit v1.2.3 From 6ac83ce7eb9961785bb2b7ba4c3788524591b30f Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Tue, 11 Sep 2018 10:43:04 +0200 Subject: Fixes broken hyperscan compilation --- configure.seed | 1 + example/Makefile.in | 2 +- src/include/ndpi_typedefs.h | 2 ++ src/lib/ndpi_main.c | 4 ---- 4 files changed, 4 insertions(+), 5 deletions(-) (limited to 'example') diff --git a/configure.seed b/configure.seed index 8f8817f24..548cffc83 100644 --- a/configure.seed +++ b/configure.seed @@ -74,6 +74,7 @@ if test "${with_hyperscan+set}" = set; then AC_CHECK_LIB([stdc++], [main]) HS_INC=`pkg-config --cflags libhs` HS_LIB=`pkg-config --libs libhs` + LDFLAGS="$LDFLAGS $HS_LIB" else AC_MSG_RESULT([Intel Hyperscan not found, exiting. See https://github.com/intel/hyperscan/blob/master/doc/dev-reference/getting_started.rst for install/build instructions]) exit 1 diff --git a/example/Makefile.in b/example/Makefile.in index b515fa42a..7f465bdde 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -7,7 +7,7 @@ OBJS=ndpiReader.o ndpi_util.o all: ndpiReader ndpiReader: $(OBJS) $(LIBNDPI) - $(CC) $(CFLAGS) $(OBJS) -o $@ $(LDFLAGS) + $(CXX) $(CFLAGS) $(OBJS) -o $@ $(LDFLAGS) %.o: %.c $(HEADERS) Makefile $(CC) $(CFLAGS) -c $< -o $@ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c4df5b030..385c330f4 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -858,6 +858,8 @@ typedef struct ndpi_proto { #include "ndpi_config.h" #ifdef HAVE_HYPERSCAN +#include + struct hs_list { char *expression; unsigned int id; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b00225c7c..b4fa7a9bc 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -47,10 +47,6 @@ #include "third_party/include/hash.h" /* #include "third_party/src/hash.c" */ -#ifdef HAVE_HYPERSCAN -#include -#endif - #define NDPI_CONST_GENERIC_PROTOCOL_NAME "GenericProtocol" static int _ndpi_debug_callbacks = 0; -- cgit v1.2.3 From 1d56c9aa1b4d8279a56baa3238f67e61ea901589 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 2 Oct 2018 23:54:01 +0800 Subject: fix remake --- example/Makefile.in | 2 +- src/lib/Makefile.in | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'example') diff --git a/example/Makefile.in b/example/Makefile.in index 7f465bdde..d3d4aed20 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -16,5 +16,5 @@ install: cp ndpiReader /usr/local/bin clean: - /bin/rm *.o ndpiReader + /bin/rm -f *.o ndpiReader diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index ca2900171..af7206ad0 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -38,7 +38,7 @@ $(NDPI_LIB_STATIC): $(OBJECTS) $(NDPI_LIB_SHARED): $(OBJECTS) $(CC) -shared -fPIC -o $@ $(OBJECTS) - ln -Fs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) + ln -Ffs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) %.o: %.c $(HEADERS) Makefile $(CC) $(CFLAGS) -c $< -o $@ @@ -49,6 +49,6 @@ clean: install: $(NDPI_LIBS) mkdir -p $(DESTDIR)$(libdir) cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/ - ln -Fs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) + ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) mkdir -p $(DESTDIR)$(includedir) cp ../include/*.h $(DESTDIR)$(includedir) -- cgit v1.2.3 From b7b12d5b4eda3433cfbe0ae8c9025a031e79f96e Mon Sep 17 00:00:00 2001 From: Guido Falsi Date: Fri, 12 Oct 2018 17:22:13 +0200 Subject: Make the examples Makefile respect DESTDIR and PREFIX env vars. --- example/Makefile.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'example') diff --git a/example/Makefile.in b/example/Makefile.in index d3d4aed20..8c18f94dc 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -3,6 +3,7 @@ CFLAGS=-g -I../src/include @CFLAGS@ LIBNDPI=../src/lib/libndpi.a LDFLAGS=$(LIBNDPI) -lpcap -lpthread @LDFLAGS@ OBJS=ndpiReader.o ndpi_util.o +PREFIX?=/usr/local all: ndpiReader @@ -13,7 +14,7 @@ ndpiReader: $(OBJS) $(LIBNDPI) $(CC) $(CFLAGS) -c $< -o $@ install: - cp ndpiReader /usr/local/bin + cp ndpiReader $(DESTDIR)$(PREFIX)/bin clean: /bin/rm -f *.o ndpiReader -- cgit v1.2.3 From f7e7ef2f30620e604b3ecaeec1c166ad36da59a9 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 3 Nov 2018 10:05:13 +0100 Subject: Improved SSL decoding --- example/ndpi_util.h | 2 +- src/include/ndpi_typedefs.h | 2 +- src/lib/protocols/ssl.c | 15 +++++++++++++-- tests/result/bitcoin.pcap.out | 12 ++++++------ tests/result/ethereum.pcap.out | 4 ++-- tests/result/monero.pcap.out | 4 ++-- tests/result/nintendo.pcap.out | 4 ++-- tests/result/pps.pcap.out | 4 ++-- tests/result/zcash.pcap.out | 2 +- 9 files changed, 30 insertions(+), 19 deletions(-) (limited to 'example') diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 0ea174aa5..d1d461490 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -79,7 +79,7 @@ typedef struct ndpi_flow_info { char bittorent_hash[41]; struct { - char client_info[48], server_info[48]; + char client_info[64], server_info[64]; } ssh_ssl; void *src_id, *dst_id; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index f0b47b358..51681e60e 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1080,7 +1080,7 @@ struct ndpi_flow_struct { struct { struct { - char client_certificate[48], server_certificate[48]; + char client_certificate[64], server_certificate[64]; } ssl; struct { diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 59aedcb45..979d234b9 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -284,9 +284,18 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, #endif if(extension_id == 0) { - u_int begin = 0,len; +#if 1 + u_int16_t len; + + len = (packet->payload[offset+extension_offset+3] << 8) + packet->payload[offset+extension_offset+4]; + len = (u_int)ndpi_min(len, buffer_len-1); + strncpy(buffer, (char*)&packet->payload[offset+extension_offset+5], len); + buffer[len] = '\0'; +#else + /* old code */ + u_int begin = 0; char *server_name = (char*)&packet->payload[offset+extension_offset]; - + while(begin < extension_len) { if((!ndpi_isprint(server_name[begin])) || ndpi_ispunct(server_name[begin]) @@ -299,6 +308,8 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, len = (u_int)ndpi_min(extension_len-begin, buffer_len-1); strncpy(buffer, &server_name[begin], len); buffer[len] = '\0'; +#endif + stripCertificateTrailer(buffer, buffer_len); if(!ndpi_struct->disable_metadata_export) { diff --git a/tests/result/bitcoin.pcap.out b/tests/result/bitcoin.pcap.out index d10fa583d..3b0e89dd0 100644 --- a/tests/result/bitcoin.pcap.out +++ b/tests/result/bitcoin.pcap.out @@ -1,8 +1,8 @@ Mining 637 581074 6 - 1 TCP 192.168.1.142:55328 <-> 69.118.54.122:8333 [proto: 42/Mining][cat: Unspecified/99][2 pkts/281 bytes <-> 137 pkts/191029 bytes] - 2 TCP 192.168.1.142:55348 <-> 74.89.181.229:8333 [proto: 42/Mining][cat: Unspecified/99][55 pkts/28663 bytes <-> 117 pkts/134830 bytes] - 3 TCP 192.168.1.142:55383 <-> 66.68.83.22:8333 [proto: 42/Mining][cat: Unspecified/99][65 pkts/45271 bytes <-> 96 pkts/70339 bytes] - 4 TCP 192.168.1.142:55400 <-> 195.218.16.178:8333 [proto: 42/Mining][cat: Unspecified/99][47 pkts/26824 bytes <-> 72 pkts/55927 bytes] - 5 TCP 192.168.1.142:55317 <-> 188.165.213.169:8333 [proto: 42/Mining][cat: Unspecified/99][16 pkts/21673 bytes <-> 3 pkts/1771 bytes] - 6 TCP 192.168.1.142:55487 <-> 184.58.165.119:8333 [proto: 42/Mining][cat: Unspecified/99][24 pkts/3082 bytes <-> 3 pkts/1384 bytes] + 1 TCP 192.168.1.142:55328 <-> 69.118.54.122:8333 [proto: 42/Mining][cat: Mining/99][2 pkts/281 bytes <-> 137 pkts/191029 bytes] + 2 TCP 192.168.1.142:55348 <-> 74.89.181.229:8333 [proto: 42/Mining][cat: Mining/99][55 pkts/28663 bytes <-> 117 pkts/134830 bytes] + 3 TCP 192.168.1.142:55383 <-> 66.68.83.22:8333 [proto: 42/Mining][cat: Mining/99][65 pkts/45271 bytes <-> 96 pkts/70339 bytes] + 4 TCP 192.168.1.142:55400 <-> 195.218.16.178:8333 [proto: 42/Mining][cat: Mining/99][47 pkts/26824 bytes <-> 72 pkts/55927 bytes] + 5 TCP 192.168.1.142:55317 <-> 188.165.213.169:8333 [proto: 42/Mining][cat: Mining/99][16 pkts/21673 bytes <-> 3 pkts/1771 bytes] + 6 TCP 192.168.1.142:55487 <-> 184.58.165.119:8333 [proto: 42/Mining][cat: Mining/99][24 pkts/3082 bytes <-> 3 pkts/1384 bytes] diff --git a/tests/result/ethereum.pcap.out b/tests/result/ethereum.pcap.out index a4c607d2d..2afe0fad1 100644 --- a/tests/result/ethereum.pcap.out +++ b/tests/result/ethereum.pcap.out @@ -1,4 +1,4 @@ Mining 819 134165 2 - 1 TCP 192.168.2.92:57726 <-> 94.23.36.128:4444 [proto: 42/Mining][cat: Unspecified/99][478 pkts/52883 bytes <-> 308 pkts/76667 bytes] - 2 TCP 192.168.2.92:41680 <-> 91.121.222.33:4444 [proto: 42/Mining][cat: Unspecified/99][20 pkts/2159 bytes <-> 13 pkts/2456 bytes] + 1 TCP 192.168.2.92:57726 <-> 94.23.36.128:4444 [proto: 42/Mining][cat: Mining/99][478 pkts/52883 bytes <-> 308 pkts/76667 bytes] + 2 TCP 192.168.2.92:41680 <-> 91.121.222.33:4444 [proto: 42/Mining][cat: Mining/99][20 pkts/2159 bytes <-> 13 pkts/2456 bytes] diff --git a/tests/result/monero.pcap.out b/tests/result/monero.pcap.out index 732ada2ed..d37beae60 100644 --- a/tests/result/monero.pcap.out +++ b/tests/result/monero.pcap.out @@ -1,4 +1,4 @@ Mining 319 166676 2 - 1 TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][cat: Unspecified/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes] - 2 TCP 192.168.2.148:53846 <-> 116.211.167.195:3333 [proto: 42/Mining][cat: Unspecified/99][24 pkts/4455 bytes <-> 23 pkts/5862 bytes] + 1 TCP 192.168.2.148:46838 <-> 94.23.199.191:3333 [proto: 42/Mining][cat: Mining/99][159 pkts/143155 bytes <-> 113 pkts/13204 bytes] + 2 TCP 192.168.2.148:53846 <-> 116.211.167.195:3333 [proto: 42/Mining][cat: Mining/99][24 pkts/4455 bytes <-> 23 pkts/5862 bytes] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index 025c468b3..e6f3b10fb 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -6,8 +6,8 @@ Amazon 76 10811 7 2 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][cat: Game/8][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] 3 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][cat: Game/8][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] 4 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][cat: Web/5][34 pkts/4466 bytes <-> 20 pkts/4021 bytes] - 5 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][cat: Game/8][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] - 6 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][cat: Game/8][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] + 5 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][cat: Game/8][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.][server: *.baas.nintendo.com] + 6 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][cat: Game/8][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.][server: *.baas.nintendo.com] 7 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][cat: Game/8][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] 8 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][cat: Game/8][8 pkts/1024 bytes <-> 8 pkts/1024 bytes] 9 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][cat: Game/8][8 pkts/1040 bytes <-> 7 pkts/922 bytes] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index dd6d1710b..778aa1197 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -23,11 +23,11 @@ GenericProtocol 1429 1780307 49 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] - 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Web/5][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] + 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] - 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Web/5][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] + 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] diff --git a/tests/result/zcash.pcap.out b/tests/result/zcash.pcap.out index eb3e155ee..f144e4f21 100644 --- a/tests/result/zcash.pcap.out +++ b/tests/result/zcash.pcap.out @@ -1,3 +1,3 @@ Mining 145 20644 1 - 1 TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][cat: Unspecified/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes] + 1 TCP 192.168.2.92:55190 <-> 178.32.196.217:9050 [proto: 42/Mining][cat: Mining/99][83 pkts/11785 bytes <-> 62 pkts/8859 bytes] -- cgit v1.2.3 From 71b2c19cf28f72ad2e876719af88c7841c2aea84 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 10 Nov 2018 16:10:22 +0100 Subject: Added DPDK support to ndpiReader --- configure.seed | 11 ++++- example/Makefile.dpdk.in | 27 ++++++++++++ example/Makefile.in | 5 ++- example/README.DPDK | 31 ++++++++++++++ example/ndpiReader.c | 106 ++++++++++++++++++++++++++++++++++++++--------- example/ndpi_util.c | 78 ++++++++++++++++++++++++++++------ example/ndpi_util.h | 18 ++++++++ 7 files changed, 242 insertions(+), 34 deletions(-) create mode 100644 example/Makefile.dpdk.in create mode 100644 example/README.DPDK (limited to 'example') diff --git a/configure.seed b/configure.seed index f3b267904..11220f885 100644 --- a/configure.seed +++ b/configure.seed @@ -40,6 +40,14 @@ AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) PCAP_HOME=$HOME/PF_RING/userland +DPDK_TARGET= +if test -d $HOME/DPDK; then : + echo "Enabling DPDK support in ndpiReader" + DPDK_TARGET=dpdk +else + echo "DPDK support disabled (missing $HOME/DPDK)" +fi + if test -d $PCAP_HOME; then : echo -n "" else @@ -138,7 +146,7 @@ AC_ARG_ENABLE([debug-messages], AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) -AC_CONFIG_FILES([Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h src/lib/Makefile]) +AC_CONFIG_FILES([Makefile example/Makefile example/Makefile.dpdk tests/Makefile libndpi.pc src/include/ndpi_define.h src/lib/Makefile]) AC_CONFIG_HEADERS(src/include/ndpi_config.h) AC_SUBST(GIT_RELEASE) AC_SUBST(NDPI_MAJOR) @@ -152,6 +160,7 @@ AC_SUBST(PCAP_LIB) AC_SUBST(DL_LIB) AC_SUBST(HS_LIB) AC_SUBST(HS_INC) +AC_SUBST(DPDK_TARGET) AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) AC_OUTPUT diff --git a/example/Makefile.dpdk.in b/example/Makefile.dpdk.in new file mode 100644 index 000000000..8519d7d0e --- /dev/null +++ b/example/Makefile.dpdk.in @@ -0,0 +1,27 @@ +# +# Run 'make -f Makefile.dpdk' to compile the DPDK examples +# +# See http://core.dpdk.org/doc/quick-start/ for DPDK installation and setup +# +ifeq ($(RTE_SDK),) +#$(error "Please define RTE_SDK environment variable") +RTE_SDK = $(HOME)/DPDK +RTE_TARGET = build +endif + +# Default target, can be overridden by command line or environment +RTE_TARGET ?= x86_64-native-linuxapp-gcc + +include $(RTE_SDK)/mk/rte.vars.mk + +APP = ndpiReader +LIBNDPI = $(PWD)/../src/lib/libndpi.a + +SRCS-y := ndpi_util.c ndpiReader.c + +CFLAGS += -g +CFLAGS += -Wno-strict-prototypes -Wno-missing-prototypes -Wno-missing-declarations -Wno-unused-parameter -I $(PWD)/../src/include @CFLAGS@ -DUSE_DPDK +LDLIBS = $(LIBNDPI) -lpthread @LDFLAGS@ + +include $(RTE_SDK)/mk/rte.extapp.mk + diff --git a/example/Makefile.in b/example/Makefile.in index 8c18f94dc..a5ca6acce 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -5,7 +5,7 @@ LDFLAGS=$(LIBNDPI) -lpcap -lpthread @LDFLAGS@ OBJS=ndpiReader.o ndpi_util.o PREFIX?=/usr/local -all: ndpiReader +all: ndpiReader @DPDK_TARGET@ ndpiReader: $(OBJS) $(LIBNDPI) $(CXX) $(CFLAGS) $(OBJS) -o $@ $(LDFLAGS) @@ -16,6 +16,9 @@ ndpiReader: $(OBJS) $(LIBNDPI) install: cp ndpiReader $(DESTDIR)$(PREFIX)/bin +dpdk: + make -f Makefile.dpdk + clean: /bin/rm -f *.o ndpiReader diff --git a/example/README.DPDK b/example/README.DPDK new file mode 100644 index 000000000..472597c3f --- /dev/null +++ b/example/README.DPDK @@ -0,0 +1,31 @@ +Prerequisites +------------- + +You need to install and compile DPDK in your HOME directory as explained in +See http://core.dpdk.org/doc/quick-start/ for DPDK installation and setup + +Once DPDK is built make sure to create a symbolic link + +$ cd +$ ln -s dpdk-18.08 DPDK + +so the build process will use the DPDK directory letting you have multiple +DPDK versions available on your system + + +Build +----- +Everything will happen automagically but if you want to do it by hand +do: make -f Makefile.dpdk + + +Run Application +--------------- +Supposing to capture packets from device eno1 you can start the +application as follows: + +sudo ./build/ndpiReader -c 1 --vdev=net_pcap0,iface=eno1 -- -v 1 + +NOTE: +- ndpiReader without DPDK support sits in this directory +- ndpiReader with DPDK support can be found inside the ./build directory diff --git a/example/ndpiReader.c b/example/ndpiReader.c index faa453ee2..89f5714a8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -204,7 +204,9 @@ typedef struct ndpi_id { // used memory counters u_int32_t current_ndpi_memory = 0, max_ndpi_memory = 0; - +#ifdef USE_DPDK +static int dpdk_port_id = 0, dpdk_run_capture = 1; +#endif void test_lib(); /* Forward */ @@ -227,7 +229,11 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle); static void help(u_int long_help) { printf("Welcome to nDPI %s\n\n", ndpi_revision()); - printf("ndpiReader -i [-f ][-s ][-m ]\n" + printf("ndpiReader " +#ifndef USE_DPDK + "-i " +#endif + "[-f ][-s ][-m ]\n" " [-p ][-l [-q][-d][-h][-t][-v ]\n" " [-n ][-w ][-c ][-j ][-x ]\n\n" "Usage:\n" @@ -457,7 +463,18 @@ static void parseOptions(int argc, char **argv) { if(trace) fprintf(trace, " #### %s #### \n", __FUNCTION__); #endif - while ((opt = getopt_long(argc, argv, "c:df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:b:x:", longopts, &option_idx)) != EOF) { +#ifdef USE_DPDK + { + int ret = rte_eal_init(argc, argv); + + if(ret < 0) + rte_exit(EXIT_FAILURE, "Error with EAL initialization\n"); + + argc -= ret, argv += ret; + } +#endif + + while((opt = getopt_long(argc, argv, "c:df:g:i:hp:l:s:tv:V:n:j:rp:w:q0123:456:7:89:m:b:x:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### -%c [%s] #### \n", opt, optarg ? optarg : ""); #endif @@ -603,7 +620,7 @@ static void parseOptions(int argc, char **argv) { case '9': extcap_packet_filter = ndpi_get_proto_by_name(ndpi_info_mod, optarg); - if (extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg); + if(extcap_packet_filter == NDPI_PROTOCOL_UNKNOWN) extcap_packet_filter = atoi(optarg); break; case 257: @@ -616,6 +633,7 @@ static void parseOptions(int argc, char **argv) { } } +#ifndef USE_DPDK if(!bpf_filter_flag) { if(do_capture) { quiet_mode = 1; @@ -630,7 +648,7 @@ static void parseOptions(int argc, char **argv) { if(strchr(_pcap_file[0], ',')) { /* multiple ingress interfaces */ num_threads = 0; /* setting number of threads = number of interfaces */ __pcap_file = strtok(_pcap_file[0], ","); - while (__pcap_file != NULL && num_threads < MAX_NUM_READER_THREADS) { + while(__pcap_file != NULL && num_threads < MAX_NUM_READER_THREADS) { _pcap_file[num_threads++] = __pcap_file; __pcap_file = strtok(NULL, ","); } @@ -647,13 +665,14 @@ static void parseOptions(int argc, char **argv) { if(num_cores > 1 && bind_mask != NULL) { char *core_id = strtok(bind_mask, ":"); thread_id = 0; - while (core_id != NULL && thread_id < num_threads) { + while(core_id != NULL && thread_id < num_threads) { core_affinity[thread_id++] = atoi(core_id) % num_cores; core_id = strtok(NULL, ":"); } } #endif } +#endif #ifdef DEBUG_TRACE if(trace) fclose(trace); @@ -719,7 +738,7 @@ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) { } *--cp = '.'; addr >>= 8; - } while (--n > 0); + } while(--n > 0); /* Convert the string to lowercase */ retStr = (char*)(cp+1); @@ -769,7 +788,7 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); if(flow->detected_protocol.category != 0) - fprintf(out, "[cat: %s/%u]", + fprintf(out, "[cat: %s/%u]", ndpi_category_get_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.category), (unsigned int)flow->detected_protocol.category); @@ -924,7 +943,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept } process_ndpi_collected_info(ndpi_thread_info[thread_id].workflow, flow); - + ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.app_protocol] += flow->src2dst_packets + flow->dst2src_packets; ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.app_protocol] += flow->src2dst_bytes + flow->dst2src_bytes; ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.app_protocol]++; @@ -985,7 +1004,7 @@ int updateIpTree(u_int32_t key, u_int8_t version, if(rootp == (addr_node **)0) return 0; - while (*rootp != (addr_node *)0) { + while(*rootp != (addr_node *)0) { /* Knuth's T1: */ if((version == (*rootp)->version) && (key == (*rootp)->addr)) { /* T2: */ @@ -1015,7 +1034,7 @@ int updateIpTree(u_int32_t key, u_int8_t version, /* *********************************************** */ void freeIpTree(addr_node *root) { - if (root == NULL) + if(root == NULL) return; freeIpTree(root->left); @@ -1210,9 +1229,9 @@ static void deleteReceivers(struct receiver *receivers) { /* *********************************************** */ /* implementation of: https://jeroen.massar.ch/presentations/files/FloCon2010-TopK.pdf * - * if (table1.size < max1 || acceptable){ + * if(table1.size < max1 || acceptable){ * create new element and add to the table1 - * if (table1.size > max2) { + * if(table1.size > max2) { * cut table1 back to max1 * merge table 1 to table2 * if(table2.size > max1) @@ -2266,9 +2285,13 @@ free_stats: * @brief Force a pcap_dispatch() or pcap_loop() call to return */ static void breakPcapLoop(u_int16_t thread_id) { +#ifdef USE_DPDK + dpdk_run_capture = 0; +#else if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) { pcap_breakloop(ndpi_thread_info[thread_id].workflow->pcap_handle); } +#endif } /** @@ -2335,15 +2358,26 @@ static void configurePcapHandle(pcap_t * pcap_handle) { * @brief Open a pcap file or a specified device - Always returns a valid pcap_t */ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_file) { - u_int snaplen = 1536; int promisc = 1; char pcap_error_buffer[PCAP_ERRBUF_SIZE]; pcap_t * pcap_handle = NULL; /* trying to open a live interface */ - if((pcap_handle = pcap_open_live((char*)pcap_file, snaplen, promisc, - 500, pcap_error_buffer)) == NULL) { +#ifdef USE_DPDK + struct rte_mempool *mbuf_pool = rte_pktmbuf_pool_create("MBUF_POOL", NUM_MBUFS, + MBUF_CACHE_SIZE, 0, + RTE_MBUF_DEFAULT_BUF_SIZE, + rte_socket_id()); + + if(mbuf_pool == NULL) + rte_exit(EXIT_FAILURE, "Cannot create mbuf pool: are hugepages ok?\n"); + + if(dpdk_port_init(dpdk_port_id, mbuf_pool) != 0) + rte_exit(EXIT_FAILURE, "DPDK: Cannot init port %u: please see README.dpdk\n", dpdk_port_id); +#else + if((pcap_handle = pcap_open_live((char*)pcap_file, snaplen, + promisc, 500, pcap_error_buffer)) == NULL) { capture_for = capture_until = 0; live_capture = 0; @@ -2370,11 +2404,17 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi } else { live_capture = 1; - if((!json_flag) && (!quiet_mode)) + if((!json_flag) && (!quiet_mode)) { +#ifdef USE_DPDK + printf("Capturing from DPDK (port 0)...\n"); +#else printf("Capturing live traffic from device %s...\n", pcap_file); +#endif + } } configurePcapHandle(pcap_handle); +#endif /* !DPDK */ if(capture_for > 0) { if((!json_flag) && (!quiet_mode)) @@ -2520,13 +2560,13 @@ static void runPcapLoop(u_int16_t thread_id) { * @brief Process a running thread */ void * processing_thread(void *_thread_id) { - long thread_id = (long) _thread_id; char pcap_error_buffer[PCAP_ERRBUF_SIZE]; #if defined(linux) && defined(HAVE_PTHREAD_SETAFFINITY_NP) if(core_affinity[thread_id] >= 0) { cpu_set_t cpuset; + CPU_ZERO(&cpuset); CPU_SET(core_affinity[thread_id], &cpuset); @@ -2539,6 +2579,33 @@ void * processing_thread(void *_thread_id) { #endif if((!json_flag) && (!quiet_mode)) printf("Running thread %ld...\n", thread_id); +#ifdef USE_DPDK + while(dpdk_run_capture) { + struct rte_mbuf *bufs[BURST_SIZE]; + u_int16_t num = rte_eth_rx_burst(dpdk_port_id, 0, bufs, BURST_SIZE); + u_int i; + + if(num == 0) { + usleep(1); + continue; + } + + for(i = 0; i < PREFETCH_OFFSET && i < num; i++) + rte_prefetch0(rte_pktmbuf_mtod(bufs[i], void *)); + + for(i = 0; i < num; i++) { + char *data = rte_pktmbuf_mtod(bufs[i], char *); + int len = rte_pktmbuf_pkt_len(bufs[i]); + struct pcap_pkthdr h; + + h.len = h.caplen = len; + gettimeofday(&h.ts, NULL); + + pcap_process_packet((u_char*)&thread_id, &h, (const u_char *)data); + rte_pktmbuf_free(bufs[i]); + } + } +#else pcap_loop: runPcapLoop(thread_id); @@ -2551,6 +2618,7 @@ pcap_loop: goto pcap_loop; } } +#endif return NULL; } @@ -3239,7 +3307,7 @@ int orginal_main(int argc, char **argv) { automataUnitTest(); ndpi_info_mod = ndpi_init_detection_module(); - if (ndpi_info_mod == NULL) return -1; + if(ndpi_info_mod == NULL) return -1; memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info)); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 977a246ec..1a0d45914 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -219,7 +219,7 @@ void ndpi_flow_info_freer(void *node) { /* ***************************************************** */ void ndpi_workflow_free(struct ndpi_workflow * workflow) { - int i; + u_int i; for(i=0; iprefs.num_roots; i++) ndpi_tdestroy(workflow->ndpi_flows_root[i], ndpi_flow_info_freer); @@ -232,8 +232,8 @@ void ndpi_workflow_free(struct ndpi_workflow * workflow) { /* ***************************************************** */ int ndpi_workflow_node_cmp(const void *a, const void *b) { - struct ndpi_flow_info *fa = (struct ndpi_flow_info*)a; - struct ndpi_flow_info *fb = (struct ndpi_flow_info*)b; + const struct ndpi_flow_info *fa = (const struct ndpi_flow_info*)a; + const struct ndpi_flow_info *fb = (const struct ndpi_flow_info*)b; if(fa->hashval < fb->hashval) return(-1); else if(fa->hashval > fb->hashval) return(1); @@ -307,7 +307,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow u_int32_t idx, l4_offset, hashval; struct ndpi_flow_info flow; void *ret; - u_int8_t *l3, *l4; + const u_int8_t *l3, *l4; /* Note: to keep things simple (ndpiReader is just a demo app) @@ -322,10 +322,10 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow return NULL; l4_offset = iph->ihl * 4; - l3 = (u_int8_t*)iph; + l3 = (const u_int8_t*)iph; } else { l4_offset = sizeof(struct ndpi_ipv6hdr); - l3 = (u_int8_t*)iph6; + l3 = (const u_int8_t*)iph6; } if(l4_packet_len < 64) @@ -345,7 +345,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow workflow->stats.max_packet_len = l4_packet_len; *proto = iph->protocol; - l4 = ((u_int8_t *) l3 + l4_offset); + l4 = ((const u_int8_t *) l3 + l4_offset); if(iph->protocol == IPPROTO_TCP && l4_packet_len >= 20) { u_int tcp_len; @@ -355,7 +355,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow *tcph = (struct ndpi_tcphdr *)l4; *sport = ntohs((*tcph)->source), *dport = ntohs((*tcph)->dest); tcp_len = ndpi_min(4*(*tcph)->doff, l4_packet_len); - *payload = &l4[tcp_len]; + *payload = (u_int8_t*)&l4[tcp_len]; *payload_len = ndpi_max(0, l4_packet_len-4*(*tcph)->doff); } else if(iph->protocol == IPPROTO_UDP && l4_packet_len >= 8) { // udp @@ -363,8 +363,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow workflow->stats.udp_count++; *udph = (struct ndpi_udphdr *)l4; *sport = ntohs((*udph)->source), *dport = ntohs((*udph)->dest); - *payload = &l4[sizeof(struct ndpi_udphdr)]; - *payload_len = ndpi_max(0, l4_packet_len-sizeof(struct ndpi_udphdr)); + *payload = (u_int8_t*)&l4[sizeof(struct ndpi_udphdr)]; + *payload_len = (l4_packet_len > sizeof(struct ndpi_udphdr)) ? l4_packet_len-sizeof(struct ndpi_udphdr) : 0; } else { // non tcp/udp protocols *sport = *dport = 0; @@ -507,7 +507,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo iph.protocol = iph6->ip6_hdr.ip6_un1_nxt; if(iph.protocol == IPPROTO_DSTOPTS /* IPv6 destination option */) { - u_int8_t *options = (u_int8_t*)iph6 + sizeof(const struct ndpi_ipv6hdr); + const u_int8_t *options = (const u_int8_t*)iph6 + sizeof(const struct ndpi_ipv6hdr); iph.protocol = options[0]; } @@ -530,7 +530,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl /* BITTORRENT */ if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) { - int i, j, n = 0; + u_int i, j, n = 0; for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { sprintf(&flow->bittorent_hash[j], "%02x", @@ -751,8 +751,14 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, workflow->last_time = time; /*** check Data Link type ***/ - const int datalink_type = pcap_datalink(workflow->pcap_handle); + int datalink_type; +#ifdef USE_DPDK + datalink_type = DLT_EN10MB; +#else + datalink_type = (int)pcap_datalink(workflow->pcap_handle); +#endif + datalink_check: switch(datalink_type) { case DLT_NULL: @@ -1076,3 +1082,49 @@ u_int32_t ethernet_crc32(const void* data, size_t n_bytes) { __crc32(data, n_bytes, &crc); return crc; } + +/* *********************************************** */ + +#ifdef USE_DPDK + +static const struct rte_eth_conf port_conf_default = { + .rxmode = { .max_rx_pkt_len = ETHER_MAX_LEN } +}; + +/* ************************************ */ + +int dpdk_port_init(int port, struct rte_mempool *mbuf_pool) { + struct rte_eth_conf port_conf = port_conf_default; + const u_int16_t rx_rings = 1, tx_rings = 1; + int retval; + u_int16_t q; + + /* 1 RX queue */ + retval = rte_eth_dev_configure(port, rx_rings, tx_rings, &port_conf); + + if(retval != 0) + return retval; + + for (q = 0; q < rx_rings; q++) { + retval = rte_eth_rx_queue_setup(port, q, RX_RING_SIZE, rte_eth_dev_socket_id(port), NULL, mbuf_pool); + if(retval < 0) + return retval; + } + + for (q = 0; q < tx_rings; q++) { + retval = rte_eth_tx_queue_setup(port, q, TX_RING_SIZE, rte_eth_dev_socket_id(port), NULL); + if(retval < 0) + return retval; + } + + retval = rte_eth_dev_start(port); + + if(retval < 0) + return retval; + + rte_eth_promiscuous_enable(port); + + return 0; +} + +#endif diff --git a/example/ndpi_util.h b/example/ndpi_util.h index d1d461490..eb9ab8e65 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -31,6 +31,24 @@ #include +#ifdef USE_DPDK +#include +#include +#include +#include +#include +#include + +#define RX_RING_SIZE 128 +#define TX_RING_SIZE 512 +#define NUM_MBUFS 8191 +#define MBUF_CACHE_SIZE 250 +#define BURST_SIZE 32 +#define PREFETCH_OFFSET 3 + +extern int dpdk_port_init(int port, struct rte_mempool *mbuf_pool); +#endif + #define MAX_NUM_READER_THREADS 16 #define IDLE_SCAN_PERIOD 10 /* msec (use TICK_RESOLUTION = 1000) */ #define MAX_IDLE_TIME 30000 -- cgit v1.2.3 From 0ee451040d57610f1965ef2a78dd4a2e8f5b3442 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Sun, 18 Nov 2018 12:50:53 +0100 Subject: Warning fix --- example/ndpiReader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 89f5714a8..d9e150be7 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2703,7 +2703,7 @@ void test_lib() { void automataUnitTest() { void *automa; - assert(automa = ndpi_init_automa()); + assert((automa = ndpi_init_automa())); assert(ndpi_add_string_to_automa(automa, "hello") == 0); assert(ndpi_add_string_to_automa(automa, "world") == 0); ndpi_finalize_automa(automa); -- cgit v1.2.3 From 153766917891cd0d4abebc9035bbb427d3a9fbc1 Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Mon, 19 Nov 2018 18:02:06 +0100 Subject: rpm package --- example/Makefile.in | 2 +- packages/etc/ld.so.conf.d/ndpi.conf | 1 + packages/rpm/configure | 2869 +++++++++++++++++++++++++++++++++++ packages/rpm/rpm-sign.exp | 10 + packages/ubuntu/configure | 18 +- packages/ubuntu/configure.in | 4 +- packages/ubuntu/debian/changelog.in | 2 +- src/lib/Makefile.in | 4 +- 8 files changed, 2889 insertions(+), 21 deletions(-) create mode 100644 packages/etc/ld.so.conf.d/ndpi.conf create mode 100755 packages/rpm/configure create mode 100755 packages/rpm/rpm-sign.exp (limited to 'example') diff --git a/example/Makefile.in b/example/Makefile.in index a5ca6acce..5ee981bd1 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -14,7 +14,7 @@ ndpiReader: $(OBJS) $(LIBNDPI) $(CC) $(CFLAGS) -c $< -o $@ install: - cp ndpiReader $(DESTDIR)$(PREFIX)/bin + cp ndpiReader $(DESTDIR)$(PREFIX)/bin/ dpdk: make -f Makefile.dpdk diff --git a/packages/etc/ld.so.conf.d/ndpi.conf b/packages/etc/ld.so.conf.d/ndpi.conf new file mode 100644 index 000000000..e8e4bdcd4 --- /dev/null +++ b/packages/etc/ld.so.conf.d/ndpi.conf @@ -0,0 +1 @@ +/usr/local/lib diff --git a/packages/rpm/configure b/packages/rpm/configure new file mode 100755 index 000000000..45e05620f --- /dev/null +++ b/packages/rpm/configure @@ -0,0 +1,2869 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.69 for Makefile.in 1.0. +# +# +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +as_fn_exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1 +test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, +$0: including any error possibly output before this +$0: message. Then install a modern shell, or manually run +$0: the script under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='Makefile.in' +PACKAGE_TARNAME='makefile-in' +PACKAGE_VERSION='1.0' +PACKAGE_STRING='Makefile.in 1.0' +PACKAGE_BUGREPORT='' +PACKAGE_URL='' + +ac_subst_vars='LTLIBOBJS +LIBOBJS +GIT_REVISION +GIT_RELEASE +KERNEL +DATE +EXTN +MACHINE +PLATFORM +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +' + ac_precious_vars='build_alias +host_alias +target_alias' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures Makefile.in 1.0 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/makefile-in] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of Makefile.in 1.0:";; + esac + cat <<\_ACEOF + +Report bugs to the package provider. +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +Makefile.in configure 1.0 +generated by GNU Autoconf 2.69 + +Copyright (C) 2012 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by Makefile.in $as_me 1.0, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + +DATE=`date -R` +KERNEL=`uname -r` +PLATFORM=`uname -p` +MACHINE=`uname -m` +SHORT_MACHINE=`uname -m | cut -b1-3` + +EXTN="" +if test $MACHINE = "x86_64"; then + EXTN="amd64" +else + if test $SHORT_MACHINE = "aar"; then + EXTN="arm64" + else + if test $SHORT_MACHINE = "arm"; then + EXTN="armhf" + else + if test $SHORT_MACHINE = "mip"; then + EXTN="mips" + else + EXTN="i386" + fi + fi + fi +fi + +PACKAGE_VERSION=`cat ../../configure.ac|grep C_INIT|cut -c 21-|rev|cut -c 3-|rev` +GIT_RELEASE=`git rev-parse HEAD` +GIT_REVISION=`git rev-list --all |wc -l | tr -d '[:space:]'` + +ac_config_files="$ac_config_files Makefile ndpi.spec" + + + + + + + + + + + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Transform confdefs.h into DEFS. +# Protect against shell expansion while executing Makefile rules. +# Protect against Makefile macro expansion. +# +# If the first sed substitution is executed (which looks for macros that +# take arguments), then branch to the quote section. Otherwise, +# look for a macro that doesn't take arguments. +ac_script=' +:mline +/\\$/{ + N + s,\\\n,, + b mline +} +t clear +:clear +s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g +t quote +s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g +t quote +b any +:quote +s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g +s/\[/\\&/g +s/\]/\\&/g +s/\$/$$/g +H +:any +${ + g + s/^\n// + s/\n/ /g + p +} +' +DEFS=`sed -n "$ac_script" confdefs.h` + + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by Makefile.in $as_me 1.0, which was +generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + +Configuration files: +$config_files + +Report bugs to the package provider." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +Makefile.in config.status 1.0 +configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2012 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h | --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "ndpi.spec") CONFIG_FILES="$CONFIG_FILES ndpi.spec" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + + +eval set X " :F $CONFIG_FILES " +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + + + + esac + +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + + diff --git a/packages/rpm/rpm-sign.exp b/packages/rpm/rpm-sign.exp new file mode 100755 index 000000000..04e424014 --- /dev/null +++ b/packages/rpm/rpm-sign.exp @@ -0,0 +1,10 @@ +#!/usr/bin/expect -f + +### rpm-sign.exp -- Sign RPMs by sending the passphrase. + +spawn rpm --addsign {*}$argv + expect -exact "Enter pass phrase: " + send -- "\r" + expect eof + +## end of rpm-sign.exp \ No newline at end of file diff --git a/packages/ubuntu/configure b/packages/ubuntu/configure index ab2436b40..77b5b7164 100755 --- a/packages/ubuntu/configure +++ b/packages/ubuntu/configure @@ -583,7 +583,7 @@ PACKAGE_URL='' ac_subst_vars='LTLIBOBJS LIBOBJS -GIT_COMMITS +GIT_REVISION GIT_RELEASE KERNEL DATE @@ -609,7 +609,6 @@ infodir docdir oldincludedir includedir -runstatedir localstatedir sharedstatedir sysconfdir @@ -674,7 +673,6 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' -runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -927,15 +925,6 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; - -runstatedir | --runstatedir | --runstatedi | --runstated \ - | --runstate | --runstat | --runsta | --runst | --runs \ - | --run | --ru | --r) - ac_prev=runstatedir ;; - -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ - | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ - | --run=* | --ru=* | --r=*) - runstatedir=$ac_optarg ;; - -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1073,7 +1062,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir runstatedir + libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1226,7 +1215,6 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] - --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1707,7 +1695,7 @@ fi NDPI_VERS=`cat ../../configure.ac|grep C_INIT|cut -c 21-|rev|cut -c 3-|rev` GIT_RELEASE=`git rev-parse HEAD` -GIT_COMMITS=`git rev-list --all |wc -l | tr -d '[:space:]'` +GIT_REVISION=`git rev-list --all |wc -l | tr -d '[:space:]'` ac_config_files="$ac_config_files Makefile debian/changelog debian/files debian/control" diff --git a/packages/ubuntu/configure.in b/packages/ubuntu/configure.in index 88a5788be..0193b6e78 100644 --- a/packages/ubuntu/configure.in +++ b/packages/ubuntu/configure.in @@ -26,7 +26,7 @@ fi NDPI_VERS=`cat ../../configure.ac|grep C_INIT|cut -c 21-|rev|cut -c 3-|rev` GIT_RELEASE=`git rev-parse HEAD` -GIT_COMMITS=`git rev-list --all |wc -l | tr -d '[[:space:]]'` +GIT_REVISION=`git rev-list --all |wc -l | tr -d '[[:space:]]'` AC_CONFIG_FILES([Makefile debian/changelog debian/files debian/control]) @@ -36,6 +36,6 @@ AC_SUBST(EXTN) AC_SUBST(DATE) AC_SUBST(KERNEL) AC_SUBST(GIT_RELEASE) -AC_SUBST(GIT_COMMITS) +AC_SUBST(GIT_REVISION) AC_OUTPUT diff --git a/packages/ubuntu/debian/changelog.in b/packages/ubuntu/debian/changelog.in index a5ed21450..bf80f34a9 100644 --- a/packages/ubuntu/debian/changelog.in +++ b/packages/ubuntu/debian/changelog.in @@ -1,4 +1,4 @@ -ndpi (@NDPI_VERS@-@GIT_COMMITS@) stable; urgency=high +ndpi (@NDPI_VERS@-@GIT_REVISION@) stable; urgency=high * Last packaged version -- Luca Deri @DATE@ diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 1f07773e9..aad90d486 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -46,7 +46,7 @@ $(NDPI_LIB_STATIC): $(OBJECTS) $(NDPI_LIB_SHARED): $(OBJECTS) $(CC) -shared -fPIC $(SONAME_FLAG) -o $@ $(OBJECTS) - ln -Ffs $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) + ln -Ffsr $(NDPI_LIB_SHARED) $(NDPI_LIB_SHARED_BASE) %.o: %.c $(HEADERS) Makefile $(CC) $(CFLAGS) -c $< -o $@ @@ -57,6 +57,6 @@ clean: install: $(NDPI_LIBS) mkdir -p $(DESTDIR)$(libdir) cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/ - ln -Ffs $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) + ln -Ffsr $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED) $(DESTDIR)$(libdir)/$(NDPI_LIB_SHARED_BASE) mkdir -p $(DESTDIR)$(includedir) cp ../include/*.h $(DESTDIR)$(includedir) -- cgit v1.2.3 From 582da8d4bb00ed6be656451fbd6ebde6719c5ce2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 19 Nov 2018 18:24:33 +0100 Subject: Improved WeChat support Removed Musical.ly protocol as the service has been merged with another one and thus it is no longer used Improved guess for UDP protocols --- example/ndpiReader.c | 1 + src/include/ndpi_api.h | 2 + src/include/ndpi_main.h | 1 + src/include/ndpi_protocol_ids.h | 2 +- src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_content_match.c.inc | 13 +++--- src/lib/ndpi_main.c | 93 ++++++++++++++++++++++++---------------- src/lib/protocols/dropbox.c | 26 +++++++---- src/lib/protocols/eaq.c | 10 +++-- src/lib/protocols/skype.c | 17 ++++++-- 10 files changed, 107 insertions(+), 60 deletions(-) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index d9e150be7..cb3238a88 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -911,6 +911,7 @@ static void node_print_known_proto_walker(const void *node, static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi_flow_info *flow) { flow->detected_protocol = ndpi_guess_undetected_protocol(ndpi_thread_info[thread_id].workflow->ndpi_struct, + NULL, flow->protocol, ntohl(flow->src_ip), ntohs(flow->src_port), diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index d010577a5..c7ed7cd17 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -326,6 +326,7 @@ extern "C" { * Search and return the protocol guessed that is undetected * * @par ndpi_struct = the detection module + * @par flow = the flow we're trying to guess, NULL if not available * @par proto = the l4 protocol number * @par shost = source address in host byte order * @par sport = source port number @@ -335,6 +336,7 @@ extern "C" { * */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int32_t shost, u_int16_t sport, diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 3517d45b2..41280fb8e 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -119,6 +119,7 @@ extern "C" { u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name); extern u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto); diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 0d2712d20..aefb0fce2 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -73,7 +73,7 @@ typedef enum { NDPI_PROTOCOL_EDONKEY = 36, /* Tomasz Bujlow */ NDPI_PROTOCOL_BITTORRENT = 37, NDPI_PROTOCOL_SKYPE_CALL_OUT = 38, - NDPI_PROTOCOL_MUSICALLY = 39, + NDPI_PROTOCOL_FREE_39 = 39, /* Free */ NDPI_PROTOCOL_MEMCACHED = 40, /* Memcached - Darryl Sokoloski */ NDPI_PROTOCOL_SMBV23 = 41, /* SMB version 2/3 */ NDPI_PROTOCOL_MINING = 42, /* Bitcoin, Ethereum, ZCash, Monero */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 51681e60e..4b69c2b7b 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -826,7 +826,7 @@ typedef enum { ndpi_pref_dns_dissect_response, ndpi_pref_direction_detect_disable, ndpi_pref_disable_metadata_export, - ndpi_pref_enable_category_substring_match, + ndpi_pref_enable_category_substring_match } ndpi_detection_preference; /* ntop extensions */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 71e236d37..4bfdde983 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -21,7 +21,6 @@ /* ****************************************************** */ static ndpi_network host_protocol_list[] = { - /* SoundCloud */ @@ -111,11 +110,14 @@ static ndpi_network host_protocol_list[] = { WeChat origin AS132203, AS132591, AS45090 */ - { 0xCBCD93AB /* 203.205.147.171/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0xCBCD93AD /* 203.205.147.173/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0xCBCD97A2 /* 203.205.151.162/32 */, 32, NDPI_PROTOCOL_WECHAT }, - { 0x67071E25 /* 103.7.30.37/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0x67071E25 /* 103.7.30.37/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0XCBCDB000 /* 203.205.176.0/20 */, 20, NDPI_PROTOCOL_WECHAT }, + { 0XCBCDC000 /* 203.205.192.0/18 */, 18, NDPI_PROTOCOL_WECHAT }, + + /* OpenDNS, LLC @@ -8327,10 +8329,7 @@ ndpi_protocol_match host_match[] = { /* Detected "slack-assets2.s3-us-west-2.amazonaws.com.". Omitted "*amazonaws.com" CDN, but no generic pattern to use on first part */ { "slack-assets2.s3-", NULL, "slack-assets2\\.s3-", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "zhiliaoapp.com", NULL, "zhiliaoapp" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "muscdn.com", NULL, "muscdn" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "livelycdn.com", NULL, "livelycdn" TLD, "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "direct.ly", NULL, "direct\\.ly$", "Musical.ly", NDPI_PROTOCOL_MUSICALLY, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "wechat.com", NULL, "wechat\\.com" TLD, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "github.com", NULL, "github" TLD, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".github.com", NULL, "\\.github" TLD, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3a6cd84ef..02ad31a5e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -517,7 +517,6 @@ void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct, (*(ndpi_struct->ndpi_debug_printf))(protocol_id, ndpi_struct, NDPI_LOG_DEBUG, _file, _func, _line, "exclude %s\n",ndpi_get_proto_name(ndpi_struct, protocol_id)); - } #endif NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, protocol_id); @@ -1205,9 +1204,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 3544, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MUSICALLY, - no_master, - no_master, "Musical.ly", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WECHAT, + no_master, /* wechat.com */ + no_master, "WeChat", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEMCACHED, @@ -1245,7 +1244,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_196, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_39, + no_master, + no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_39, no_master, no_master, "Free", NDPI_PROTOCOL_CATEGORY_CUSTOM_1 /* dummy */, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -2523,6 +2527,7 @@ static ndpi_default_ports_tree_node_t* ndpi_get_guessed_protocol_id(struct ndpi_ /* ****************************************************** */ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto) { @@ -2531,8 +2536,17 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struc ndpi_default_ports_tree_node_t *found = ndpi_get_guessed_protocol_id(ndpi_struct, proto, sport, dport); if(found != NULL) { - *user_defined_proto = found->customUserProto; - return(found->proto->protoId); + u_int16_t guessed_proto = found->proto->protoId; + + /* We need to check if the guessed protocol isn't excluded by nDPI */ + if(flow + && (proto == IPPROTO_UDP) + && (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, guessed_proto))) + return(NDPI_PROTOCOL_UNKNOWN); + else { + *user_defined_proto = found->customUserProto; + return(guessed_proto); + } } } else { /* No TCP/UDP */ @@ -3956,18 +3970,17 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st && (flow->l4.tcp.ssl_stage > 1)) flow->guessed_protocol_id = NDPI_PROTOCOL_SSL_NO_CERT; - guessed_protocol_id = flow->guessed_protocol_id, - guessed_host_protocol_id = flow->guessed_host_protocol_id; + guessed_protocol_id = flow->guessed_protocol_id, guessed_host_protocol_id = flow->guessed_host_protocol_id; if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) - guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; - + && ((flow->packet.l4_protocol == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) + flow->guessed_host_protocol_id = guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; + /* Ignore guessed protocol if they have been discarded */ if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) - && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id))) - guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; + // && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + && (flow->packet.l4_protocol == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id)) + flow->guessed_protocol_id = guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { @@ -4394,7 +4407,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct else sport = dport = 0; /* guess protocol */ - flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); + flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, flow, protocol, sport, dport, &user_defined_proto); flow->guessed_host_protocol_id = ndpi_guess_host_protocol_id(ndpi_struct, flow); if(flow->guessed_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { @@ -5356,6 +5369,7 @@ u_int16_t ndpi_get_lower_proto(ndpi_protocol proto) { /* ****************************************************** */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t proto, u_int32_t shost /* host byte order */, u_int16_t sport, u_int32_t dhost /* host byte order */, u_int16_t dport) { @@ -5365,30 +5379,37 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct u_int8_t user_defined_proto; if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) { - rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto, - shost, dhost, sport, dport); + rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto, shost, dhost, sport, dport); if(rc != NDPI_PROTOCOL_UNKNOWN) { - ret.app_protocol = rc, - ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, - dport, &user_defined_proto); - - if(ret.app_protocol == ret.master_protocol) - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; - - ret.category = ndpi_get_proto_category(ndpi_struct, ret); - return(ret); + if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)) + ; + else { + ret.app_protocol = rc, + ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, + dport, &user_defined_proto); + + if(ret.app_protocol == ret.master_protocol) + ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; + + ret.category = ndpi_get_proto_category(ndpi_struct, ret); + return(ret); + } } - rc = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); + rc = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, dport, &user_defined_proto); if(rc != NDPI_PROTOCOL_UNKNOWN) { - ret.app_protocol = rc; - - if(rc == NDPI_PROTOCOL_SSL) - goto check_guessed_skype; + if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)) + ; else { - ret.category = ndpi_get_proto_category(ndpi_struct, ret); - return(ret); + ret.app_protocol = rc; + + if(rc == NDPI_PROTOCOL_SSL) + goto check_guessed_skype; + else { + ret.category = ndpi_get_proto_category(ndpi_struct, ret); + return(ret); + } } } @@ -5402,10 +5423,10 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct ret.app_protocol = NDPI_PROTOCOL_SKYPE; } } else - ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, + ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, dport, &user_defined_proto); - ret.category = ndpi_get_proto_category(ndpi_struct, ret); + ret.category = ndpi_get_proto_category(ndpi_struct, ret); return(ret); } diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index d981c76b3..39bb96ff2 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -48,14 +48,24 @@ static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, if(packet->udp != NULL) { u_int16_t dropbox_port = htons(DB_LSP_PORT); - if((packet->udp->source == dropbox_port) - && (packet->udp->dest == dropbox_port)) { - if(payload_len > 2) { - if(strstr((const char *)packet->payload, "\"host_int\"") != NULL) { - - NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); - ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); - return; + if(packet->udp->dest == dropbox_port) { + if(packet->udp->source == dropbox_port) { + if(payload_len > 10) { + if(ndpi_strnstr((const char *)packet->payload, "\"host_int\"", payload_len) != NULL) { + + NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); + ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); + return; + } + } + } else { + if(payload_len > 10) { + if(ndpi_strnstr((const char *)packet->payload, "Bus17Cmd", payload_len) != NULL) { + + NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); + ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); + return; + } } } } diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c index 2082b5263..8768cac6f 100644 --- a/src/lib/protocols/eaq.c +++ b/src/lib/protocols/eaq.c @@ -53,12 +53,15 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd if(packet->udp != NULL) { u_int32_t seq = (packet->payload[0] * 1000) + (packet->payload[1] * 100) + (packet->payload[2] * 10) + packet->payload[3]; - + if(flow->l4.udp.eaq_pkt_id == 0) flow->l4.udp.eaq_sequence = seq; else { if( (flow->l4.udp.eaq_sequence != seq) && - ((flow->l4.udp.eaq_sequence+1) != seq)) break; + ((flow->l4.udp.eaq_sequence+1) != seq)) + break; + else + flow->l4.udp.eaq_sequence = seq; } if(++flow->l4.udp.eaq_pkt_id == 4) { @@ -66,7 +69,8 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd NDPI_LOG_INFO(ndpi_struct, "found eaq\n"); ndpi_int_eaq_add_connection(ndpi_struct, flow); return; - } + } else + return; } } while(0); diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index e544724a5..8a4eafca4 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -31,13 +31,16 @@ static void ndpi_skype_report_protocol(struct ndpi_detection_module_struct *ndpi NDPI_LOG_INFO(ndpi_struct, "found skype\n"); ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_SKYPE); } - + +static int is_port(u_int16_t a, u_int16_t b, u_int16_t c) { + return(((a == c) || (b == c)) ? 1 : 0); +} + static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - if(flow->host_server_name[0] != '\0') return; @@ -46,10 +49,15 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s flow->l4.udp.skype_packet_id++; if(flow->l4.udp.skype_packet_id < 5) { + u_int16_t sport = ntohs(packet->udp->source); u_int16_t dport = ntohs(packet->udp->dest); /* skype-to-skype */ - if(dport != 1119) /* It can be confused with battle.net */ { + if(is_port(sport, dport, 1119) /* It can be confused with battle.net */ + || is_port(sport, dport, 80) /* No HTTP-like protocols UDP/80 */ + ) { + ; + } else { if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d)) || ((payload_len >= 16) && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */ @@ -57,11 +65,12 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s ndpi_skype_report_protocol(ndpi_struct, flow); } } + return; } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; - // TCP check } else if(packet->tcp != NULL) { flow->l4.tcp.skype_packet_id++; -- cgit v1.2.3 From 21504c849233d69b896fdff364b3933e8ec997d3 Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Mon, 19 Nov 2018 19:01:53 +0100 Subject: rpm spec file --- example/Makefile.in | 2 +- packages/rpm/Makefile.in | 38 +++++++++++++++++++++ packages/rpm/configure.in | 44 ++++++++++++++++++++++++ packages/rpm/ndpi.spec.in | 87 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 170 insertions(+), 1 deletion(-) create mode 100644 packages/rpm/Makefile.in create mode 100644 packages/rpm/configure.in create mode 100644 packages/rpm/ndpi.spec.in (limited to 'example') diff --git a/example/Makefile.in b/example/Makefile.in index 5ee981bd1..3e0f25d91 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -13,7 +13,7 @@ ndpiReader: $(OBJS) $(LIBNDPI) %.o: %.c $(HEADERS) Makefile $(CC) $(CFLAGS) -c $< -o $@ -install: +install: ndpiReader cp ndpiReader $(DESTDIR)$(PREFIX)/bin/ dpdk: diff --git a/packages/rpm/Makefile.in b/packages/rpm/Makefile.in new file mode 100644 index 000000000..1621b66e9 --- /dev/null +++ b/packages/rpm/Makefile.in @@ -0,0 +1,38 @@ +# +# RPM Build Process +# +APPL=ndpi +PLATFORM=@PLATFORM@ +GIT_REVISION=@GIT_REVISION@ +PACKAGE_VERSION=@PACKAGE_VERSION@ +PACKAGE=$(APPL)-$(PACKAGE_VERSION)-$(GIT_REVISION).$(PLATFORM).rpm +DEV_PACKAGE=$(APPL)-dev-$(PACKAGE_VERSION)-$(GIT_REVISION).$(PLATFORM).rpm +PACKAGE_PATH=$(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(PACKAGE) + +package: build-rpm + +cleanup-src: + cd ../..; ./autogen.sh; ./configure; make clean + +cleanup-rpm: + rm -rf $(HOME)/rpmbuild/BUILD/ndpi* $(HOME)/rpmbuild/SOURCES/ndpi* + +build-rpm: cleanup-src cleanup-rpm + -rm -rf ndpi-@PACKAGE_VERSION@ + mkdir -p ndpi-@PACKAGE_VERSION@/packages + cp ndpi.spec.in ndpi-@PACKAGE_VERSION@/packages + cp ../../Makefile.* ../../libtool ../../configure* ../../config.* ../../install-sh ../../autogen.sh ndpi-@PACKAGE_VERSION@ + cp -rf ../../src ndpi-@PACKAGE_VERSION@ + cp ../../CHANGELOG.md ../../COPYING ndpi-@PACKAGE_VERSION@ + \rm -f ndpi-@PACKAGE_VERSION@/config.status + mkdir -p $(HOME)/rpmbuild/SOURCES + tar cvfz $(HOME)/rpmbuild/SOURCES/ndpi-@PACKAGE_VERSION@.tgz ndpi-@PACKAGE_VERSION@ + @rm -f $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(PACKAGE) + @rpmbuild -bb ./$(APPL).spec --define "buildnumber $(GIT_REVISION)" + @if [[ $EUID -ne 0 ]]; then ./rpm-sign.exp $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(PACKAGE); fi + @if [[ $EUID -ne 0 ]]; then ./rpm-sign.exp $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(DEV_PACKAGE); fi + @echo "" + @echo "Package contents:" + @rpm -qpl $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(PACKAGE) + @echo "The package is now available in $(HOME)/rpmbuild/RPMS/$(PLATFORM)/$(PACKAGE)" + diff --git a/packages/rpm/configure.in b/packages/rpm/configure.in new file mode 100644 index 000000000..84454923a --- /dev/null +++ b/packages/rpm/configure.in @@ -0,0 +1,44 @@ +AC_INIT([Makefile.in], 1.0) + +DATE=`date -R` +KERNEL=`uname -r` +PLATFORM=`uname -p` +MACHINE=`uname -m` +SHORT_MACHINE=`uname -m | cut -b1-3` + +EXTN="" +if test $MACHINE = "x86_64"; then + EXTN="amd64" +else + if test $SHORT_MACHINE = "aar"; then + EXTN="arm64" + else + if test $SHORT_MACHINE = "arm"; then + EXTN="armhf" + else + if test $SHORT_MACHINE = "mip"; then + EXTN="mips" + else + EXTN="i386" + fi + fi + fi +fi + +PACKAGE_VERSION=`cat ../../configure.ac|grep C_INIT|cut -c 21-|rev|cut -c 3-|rev` +GIT_RELEASE=`git rev-parse HEAD` +GIT_REVISION=`git rev-list --all |wc -l | tr -d '[[:space:]]'` + +AC_CONFIG_FILES([Makefile ndpi.spec]) + +AC_SUBST(PACKAGE_VERSION) +AC_SUBST(PLATFORM) +AC_SUBST(MACHINE) +AC_SUBST(EXTN) +AC_SUBST(DATE) +AC_SUBST(KERNEL) +AC_SUBST(GIT_RELEASE) +AC_SUBST(GIT_REVISION) + +AC_OUTPUT + diff --git a/packages/rpm/ndpi.spec.in b/packages/rpm/ndpi.spec.in new file mode 100644 index 000000000..5d8f21a01 --- /dev/null +++ b/packages/rpm/ndpi.spec.in @@ -0,0 +1,87 @@ +Summary: L7 DPI library +Name: ndpi +Version: @PACKAGE_VERSION@ +Release: %{buildnumber} +License: LGPL +Group: Networking/Utilities +Conflicts: nprobe-dev +URL: http://www.ntop.org/products/deep-packet-inspection/ndpi/ +Source: ndpi-%{version}.tgz +Packager: Luca Deri +BuildRoot: %{_tmppath}/%{name}-%{version}-root +%{?el7:Requires: glibc >= 2.3.4 numactl coreutils } +%{?el6:Requires: glibc >= 2.3.4 numactl coreutils } +AutoReqProv: no + +%description +nDPI Open and Extensible LGPLv3 Deep Packet Inspection Library. + +%package dev +Summary: Header files and development libraries for %{name} +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description dev +This package contains the header files and development libraries +for %{name}. If you like to develop programs using %{name}, +you will need to install %{name}-dev. + +%prep + +%setup -q + +# Execution order: +# install: pre -> (copy) -> post +# upgrade: pre -> (copy) -> post -> preun (old) -> (delete old) -> postun (old) +# un-install: preun -> (delete) -> postun + +%pre + +%post + +%build +PATH=/usr/bin:/bin:/usr/sbin:/sbin + +%define includedir /usr/local/include/ndpi +%define libdir /usr/local/lib +%define bindir /usr/local/bin + +%install +PATH=/usr/bin:/bin:/usr/sbin:/sbin +if [ -d $RPM_BUILD_ROOT ]; then + \rm -rf $RPM_BUILD_ROOT +fi +mkdir -p $RPM_BUILD_ROOT%{includedir} +mkdir -p $RPM_BUILD_ROOT%{libdir} +mkdir -p $RPM_BUILD_ROOT%{bindir} +cd $HOME/nDPI; make DESTDIR=$RPM_BUILD_ROOT install; +rm $RPM_BUILD_ROOT%{libdir}/libndpi.so +ln -sr $RPM_BUILD_ROOT%{libdir}/libndpi.so.@PACKAGE_VERSION@ $RPM_BUILD_ROOT%{libdir}/libndpi.so +mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d +cp $HOME/nDPI/packages/etc/ld.so.conf.d/ndpi.conf $RPM_BUILD_ROOT/etc/ld.so.conf.d +strip $RPM_BUILD_ROOT%{bindir}/* +rm -fr %{buildroot}%{includedir}/ndpi_win32.h + +%clean +rm -fr $RPM_BUILD_ROOT + +%files +%defattr(-, root, root) + +/usr/local/lib/libndpi.so +/usr/local/lib/libndpi.so.@PACKAGE_VERSION@ +/usr/local/bin/ndpiReader +/etc/ld.so.conf.d/ndpi.conf +/usr/local/libdata/pkgconfig/libndpi.pc + +%preun + +%files dev +%defattr(-,root,root,-) + +%{includedir} +%{libdir}/libndpi.a + +%changelog +* Mon Nov 19 2018 Alfredo Cardigliano 2.5 +- Initial package version -- cgit v1.2.3 From 669fdf6b5f3657c638ffa8df6ff1baebf5b311b1 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 21 Nov 2018 00:32:32 +0100 Subject: Improved skype, teredo, netbios heuristics Changed ndpi_detection_giveup() API: guess is now part of the call --- example/ndpiReader.c | 51 +----- example/ndpi_util.c | 7 +- src/include/ndpi_api.h | 4 +- src/lib/ndpi_main.c | 77 ++++++-- src/lib/protocols/netbios.c | 5 +- src/lib/protocols/skype.c | 2 +- src/lib/protocols/teredo.c | 2 +- tests/do.sh | 5 +- tests/result/pps.pcap.out | 193 ++++++++++---------- tests/result/skype.pcap.out | 310 ++++++++++++++++---------------- tests/result/skype_no_unknown.pcap.out | 316 ++++++++++++++++----------------- tests/result/viber.pcap.out | 42 +++-- tests/result/waze.pcap.out | 27 ++- 13 files changed, 531 insertions(+), 510 deletions(-) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index cb3238a88..78d95a76d 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -81,7 +81,8 @@ static json_object *jArray_topStats; static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; /** User preferences **/ -static u_int8_t enable_protocol_guess = 1, verbose = 0, json_flag = 0; +u_int8_t enable_protocol_guess = 1; +static u_int8_t verbose = 0, json_flag = 0; int nDPI_LogLevel = 0; char *_debug_protocols = NULL; static u_int8_t stats_flag = 0, bpf_filter_flag = 0; @@ -97,7 +98,7 @@ static struct timeval begin, end; #ifdef linux static int core_affinity[MAX_NUM_READER_THREADS]; #endif -static struct timeval pcap_start, pcap_end; +static struct timeval pcap_start = { 0, 0}, pcap_end = { 0, 0 }; /** Detection parameters **/ static time_t capture_for = 0; static time_t capture_until = 0; @@ -905,27 +906,6 @@ static void node_print_known_proto_walker(const void *node, /* ********************************** */ -/** - * @brief Guess Undetected Protocol - */ -static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi_flow_info *flow) { - - flow->detected_protocol = ndpi_guess_undetected_protocol(ndpi_thread_info[thread_id].workflow->ndpi_struct, - NULL, - flow->protocol, - ntohl(flow->src_ip), - ntohs(flow->src_port), - ntohl(flow->dst_ip), - ntohs(flow->dst_port)); - // printf("Guess state: %u\n", flow->detected_protocol); - if(flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) - ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols++; - - return(flow->detected_protocol.app_protocol); -} - -/* ********************************** */ - /** * @brief Proto Guess Walker */ @@ -935,13 +915,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ if((!flow->detection_completed) && flow->ndpi_flow) - flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].workflow->ndpi_struct, flow->ndpi_flow); - - if(enable_protocol_guess) { - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { - node_guess_undetected_protocol(thread_id, flow); - } - } + flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].workflow->ndpi_struct, flow->ndpi_flow, enable_protocol_guess); process_ndpi_collected_info(ndpi_thread_info[thread_id].workflow, flow); @@ -1416,23 +1390,12 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, /** - * @brief On Protocol Discover - call node_guess_undetected_protocol() for protocol + * @brief On Protocol Discover - demo callback */ static void on_protocol_discovered(struct ndpi_workflow * workflow, struct ndpi_flow_info * flow, void * udata) { - const u_int16_t thread_id = (uintptr_t) udata; - - if(verbose > 1) { - if(enable_protocol_guess) { - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { - flow->detected_protocol.app_protocol = node_guess_undetected_protocol(thread_id, flow), - flow->detected_protocol.master_protocol = NDPI_PROTOCOL_UNKNOWN; - } - } - - // printFlow(thread_id, flow); - } + ; } #if 0 @@ -2026,8 +1989,10 @@ static void printResults(u_int64_t tot_usec) { float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)tot_usec; float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)tot_usec; float traffic_duration; + if(live_capture) traffic_duration = tot_usec; else traffic_duration = (pcap_end.tv_sec*1000000 + pcap_end.tv_usec) - (pcap_start.tv_sec*1000000 + pcap_start.tv_usec); + printf("\tnDPI throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)traffic_duration; b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)traffic_duration; diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 1a0d45914..58dc896b1 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -74,6 +74,8 @@ #include "ndpi_main.h" #include "ndpi_util.h" +extern u_int8_t enable_protocol_guess; + /* ***************************************************** */ void ndpi_free_flow_info_half(struct ndpi_flow_info *flow) { @@ -677,8 +679,9 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, flow->check_extra_packets = 1; if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) - flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, - flow->ndpi_flow); + flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow, + enable_protocol_guess); + process_ndpi_collected_info(workflow, flow); } diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index c7ed7cd17..5bee25f5b 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -213,11 +213,13 @@ extern "C" { * * @par ndpi_struct = the detection module * @par flow = the flow given for the detection module + * @par enable_guess = guess protocol if unknown * @return the detected protocol even if the flow is not completed; * */ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow); + struct ndpi_flow_struct *flow, + u_int8_t enable_guess); /** * Processes an extra packet in order to get more information for a given protocol diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index fcfaec713..c7d9e237e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2526,6 +2526,25 @@ static ndpi_default_ports_tree_node_t* ndpi_get_guessed_protocol_id(struct ndpi_ /* ****************************************************** */ +/* + These are UDP protocols that must fit a single packet + and thus that if have NOT been detected they cannot be guessed + as they have been excluded + */ +u_int8_t is_udp_guessable_protocol(u_int16_t l7_guessed_proto) { + switch(l7_guessed_proto) { + case NDPI_PROTOCOL_QUIC: + case NDPI_PROTOCOL_SNMP: + case NDPI_PROTOCOL_NETFLOW: + /* TODO: add more protocols (if any missing) */ + return(1); + } + + return(0); +} + +/* ****************************************************** */ + u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t proto, u_int16_t sport, u_int16_t dport, @@ -2541,7 +2560,9 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_struc /* We need to check if the guessed protocol isn't excluded by nDPI */ if(flow && (proto == IPPROTO_UDP) - && (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, guessed_proto))) + && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, guessed_proto) + && is_udp_guessable_protocol(guessed_proto) + ) return(NDPI_PROTOCOL_UNKNOWN); else { *user_defined_proto = found->customUserProto; @@ -3397,7 +3418,7 @@ static int ndpi_handle_ipv6_extension_headers(struct ndpi_detection_module_struc } return 0; } -#endif /* NDPI_DETECTION_SUPPORT_IPV6 */ +#endif /* NDPI_DETECTION_SUPPORT_IPV6 */ static u_int8_t ndpi_iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *iph, const u_int16_t ipsize) @@ -3605,13 +3626,18 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str && flow->init_finished != 0 && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { u_int8_t backup; + u_int16_t backup1, backup2; if(flow->http.url) ndpi_free(flow->http.url); if(flow->http.content_type) ndpi_free(flow->http.content_type); - backup = flow->num_processed_pkts; + backup = flow->num_processed_pkts; + backup1 = flow->guessed_protocol_id; + backup2 = flow->guessed_host_protocol_id; memset(flow, 0, sizeof(*(flow))); flow->num_processed_pkts = backup; + flow->guessed_protocol_id = backup1; + flow->guessed_host_protocol_id = backup2; NDPI_LOG_DBG(ndpi_struct, "tcp syn packet for unknown protocol, reset detection state\n"); @@ -3785,9 +3811,8 @@ void check_ndpi_other_flow_func(struct ndpi_detection_module_struct *ndpi_struct ndpi_struct->callback_buffer_non_tcp_udp[a].ndpi_selection_bitmask && (flow == NULL || - NDPI_BITMASK_COMPARE - (flow->excluded_protocol_bitmask, - ndpi_struct->callback_buffer_non_tcp_udp[a].excluded_protocol_bitmask) == 0) + NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, + ndpi_struct->callback_buffer_non_tcp_udp[a].excluded_protocol_bitmask) == 0) && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_non_tcp_udp[a].detection_bitmask, detection_bitmask) != 0) { @@ -3905,8 +3930,7 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, && (ndpi_struct->callback_buffer_tcp_no_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) == ndpi_struct->callback_buffer_tcp_no_payload[a].ndpi_selection_bitmask && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, - ndpi_struct-> - callback_buffer_tcp_no_payload[a].excluded_protocol_bitmask) == 0 + ndpi_struct->callback_buffer_tcp_no_payload[a].excluded_protocol_bitmask) == 0 && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_tcp_no_payload[a].detection_bitmask, detection_bitmask) != 0) { ndpi_struct->callback_buffer_tcp_no_payload[a].func(ndpi_struct, flow); @@ -3951,7 +3975,7 @@ static u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct /* ********************************************************************************* */ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) { + struct ndpi_flow_struct *flow, u_int8_t enable_guess) { ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED }; if(flow == NULL) return(ret); @@ -3973,13 +3997,18 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st guessed_protocol_id = flow->guessed_protocol_id, guessed_host_protocol_id = flow->guessed_host_protocol_id; if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && ((flow->packet.l4_protocol == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) + && ((flow->packet.l4_protocol == IPPROTO_UDP) + && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id) + && is_udp_guessable_protocol(guessed_host_protocol_id) + )) flow->guessed_host_protocol_id = guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; /* Ignore guessed protocol if they have been discarded */ if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) // && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) - && (flow->packet.l4_protocol == IPPROTO_UDP) && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id)) + && (flow->packet.l4_protocol == IPPROTO_UDP) + && NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id) + && is_udp_guessable_protocol(guessed_protocol_id)) flow->guessed_protocol_id = guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) @@ -4026,6 +4055,20 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st ret.app_protocol = NDPI_PROTOCOL_HANGOUT; } + if(enable_guess + && (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) + && flow->packet.iph /* Guess only IPv4 */ + && (flow->packet.tcp || flow->packet.udp) + ) + ret = ndpi_guess_undetected_protocol(ndpi_struct, + flow, + flow->packet.l4_protocol, + ntohl(flow->packet.iph->saddr), + ntohs(flow->packet.udp ? flow->packet.udp->source : flow->packet.tcp->source), + ntohl(flow->packet.iph->daddr), + ntohs(flow->packet.udp ? flow->packet.udp->dest : flow->packet.tcp->dest) + ); + ndpi_fill_protocol_category(ndpi_struct, flow, &ret); return(ret); @@ -4421,7 +4464,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->packet.iph) { if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) { /* ret.master_protocol = flow->guessed_protocol_id , ret.app_protocol = flow->guessed_host_protocol_id; /\* ****** *\/ */ - ret = ndpi_detection_giveup(ndpi_struct, flow); + ret = ndpi_detection_giveup(ndpi_struct, flow, 0); } ndpi_fill_protocol_category(ndpi_struct, flow, &ret); @@ -4499,7 +4542,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct We don't see how future packets can match anything hence we giveup here */ - ret = ndpi_detection_giveup(ndpi_struct, flow); + ret = ndpi_detection_giveup(ndpi_struct, flow, 0); } return(ret); @@ -5382,7 +5425,9 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto, shost, dhost, sport, dport); if(rc != NDPI_PROTOCOL_UNKNOWN) { - if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)) + if(flow && (proto == IPPROTO_UDP) + && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc) + && is_udp_guessable_protocol(rc)) ; else { ret.app_protocol = rc, @@ -5399,7 +5444,9 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct rc = ndpi_guess_protocol_id(ndpi_struct, NULL, proto, sport, dport, &user_defined_proto); if(rc != NDPI_PROTOCOL_UNKNOWN) { - if(flow && (proto == IPPROTO_UDP) && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc)) + if(flow && (proto == IPPROTO_UDP) + && NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc) + && is_udp_guessable_protocol(rc)) ; else { ret.app_protocol = rc; diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index 4c5897c14..925b864ad 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -330,9 +330,8 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG_DBG2(ndpi_struct, "found netbios port 138 and payload length >= 112 \n"); - if(packet->payload[0] >= 0x11 && packet->payload[0] <= 0x16) { - - NDPI_LOG_DBG2(ndpi_struct, "found netbios with MSG-type 0x11,0x12,0x13,0x14,0x15 or 0x16\n"); + if(packet->payload[0] >= 0x10 && packet->payload[0] <= 0x16) { + NDPI_LOG_DBG2(ndpi_struct, "found netbios with MSG-type 0x10,0x11,0x12,0x13,0x14,0x15 or 0x16\n"); if(ntohl(get_u_int32_t(packet->payload, 4)) == ntohl(packet->iph->saddr)) { NDPI_LOG_INFO(ndpi_struct, "found netbios with checked ip-address\n"); diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 8a4eafca4..faeac17c5 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -66,7 +66,7 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s } } - return; + // return; } NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c index 732b1d6c9..e377d09a4 100644 --- a/src/lib/protocols/teredo.c +++ b/src/lib/protocols/teredo.c @@ -32,7 +32,7 @@ void ndpi_search_teredo(struct ndpi_detection_module_struct *ndpi_struct, struct NDPI_LOG_DBG(ndpi_struct,"search teredo\n"); if(packet->udp && packet->iph - && ((ntohl(packet->iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */) + && ((ntohl(packet->iph->daddr) & 0xF0000000) != 0xE0000000 /* Not a multicast address */) && ((ntohs(packet->udp->source) == 3544) || (ntohs(packet->udp->dest) == 3544)) && (packet->payload_packet_len >= 40 /* IPv6 header */)) { NDPI_LOG_INFO(ndpi_struct,"found teredo\n"); diff --git a/tests/do.sh b/tests/do.sh index 7516e5997..a17878fb5 100755 --- a/tests/do.sh +++ b/tests/do.sh @@ -7,7 +7,10 @@ build_results() { for f in $PCAPS; do #echo $f # create result files if not present - [ ! -f result/$f.out ] && $READER -q -i pcap/$f -w result/$f.out -v 1 + if [ ! -f result/$f.out ]; then + CMD="$READER -q -i pcap/$f -w result/$f.out -v 1" + $CMD + fi done } diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 778aa1197..baad4b4e6 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -1,9 +1,10 @@ -Unknown 990 378832 34 +Unknown 985 375351 33 HTTP 47 42014 11 SSDP 63 17143 10 HTTP_Download 26 27222 2 Google 2 1093 1 GenericProtocol 1429 1780307 49 +QUIC 5 3481 1 1 TCP 192.168.115.8:50780 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 541 pkts/710082 bytes][Host: preimage1.qiyipic.com] 2 TCP 192.168.115.8:50778 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes <-> 528 pkts/692658 bytes][Host: preimage1.qiyipic.com] @@ -12,72 +13,73 @@ GenericProtocol 1429 1780307 49 5 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com] 6 UDP 192.168.5.38:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][18 pkts/9327 bytes -> 0 pkts/0 bytes] 7 TCP 192.168.115.8:50476 <-> 101.227.32.39:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/656 bytes <-> 4 pkts/3897 bytes][Host: cache.video.iqiyi.com] - 8 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am] - 9 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes] - 10 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com] - 11 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] - 12 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] - 13 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 14 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] - 15 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] - 16 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 17 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] - 19 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] - 20 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] - 21 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 22 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] - 23 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] - 24 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] - 25 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 26 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] - 27 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 28 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 29 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 30 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 31 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 32 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 33 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] - 34 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 35 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] - 36 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes] - 37 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] - 38 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] - 39 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] - 40 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] - 41 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] - 42 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 43 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes] - 44 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] - 45 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 46 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 47 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 48 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 49 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 50 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] - 51 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com] - 52 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] - 53 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] - 54 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] - 55 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] - 56 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] - 57 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] - 58 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 59 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] - 60 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 61 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] - 62 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 63 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] - 64 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] - 65 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes] - 66 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes] - 67 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes] - 68 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com] - 69 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes] - 70 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes] - 71 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes] - 72 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes -> 0 pkts/0 bytes] - 73 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 188/QUIC][cat: Web/5][2 pkts/158 bytes <-> 3 pkts/3323 bytes] + 9 TCP 192.168.115.8:50495 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][3 pkts/2844 bytes <-> 3 pkts/597 bytes][Host: msg.71.am] + 10 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][cat: Web/5][4 pkts/2953 bytes <-> 1 pkts/356 bytes] + 11 TCP 192.168.115.8:50767 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][4 pkts/800 bytes <-> 4 pkts/2112 bytes][Host: static.qiyi.com] + 12 TCP 192.168.115.8:50488 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/311 bytes <-> 2 pkts/2035 bytes][Host: meta.video.qiyi.com] + 13 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] + 14 TCP 192.168.115.8:50501 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1893 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 15 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 16 TCP 192.168.115.8:50496 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] + 17 TCP 192.168.115.8:50779 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][2 pkts/1438 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 18 UDP 192.168.5.38:58897 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1575 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.115.1:50945 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][9 pkts/1539 bytes -> 0 pkts/0 bytes] + 20 TCP 192.168.115.8:50464 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/707 bytes <-> 1 pkts/744 bytes][Host: click.hm.baidu.com] + 21 TCP 192.168.115.8:50492 <-> 111.206.13.3:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/389 bytes <-> 2 pkts/1034 bytes][Host: pdata.video.qiyi.com] + 22 TCP 192.168.115.8:50777 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1186 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 23 TCP 192.168.115.8:50494 <-> 223.26.106.66:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][2 pkts/887 bytes <-> 1 pkts/443 bytes][Host: 223.26.106.66] + 24 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] + 25 TCP 192.168.115.8:50499 <-> 111.206.22.76:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1097 bytes <-> 1 pkts/199 bytes][Host: msg.iqiyi.com] + 26 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 27 TCP 192.168.115.8:50507 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/212 bytes <-> 1 pkts/1063 bytes][Host: static.qiyi.com] + 28 TCP 192.168.115.8:50485 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 29 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 30 TCP 192.168.115.8:50493 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 31 TCP 192.168.115.8:50771 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 32 TCP 192.168.115.8:50473 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/944 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 33 TCP 192.168.115.8:50475 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/941 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 34 TCP 192.168.115.8:50500 <-> 23.41.133.163:80 [proto: 7/HTTP][cat: Web/5][1 pkts/289 bytes <-> 1 pkts/839 bytes][Host: s1.symcb.com] + 35 TCP 192.168.115.8:50773 <-> 202.108.14.221:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/919 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 36 TCP 192.168.115.8:50466 <-> 203.66.182.24:80 [proto: 7.126/HTTP.Google][cat: Web/5][1 pkts/280 bytes <-> 1 pkts/813 bytes][Host: clients1.google.com] + 37 UDP 192.168.5.50:52529 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1074 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.5.28:60023 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 39 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][6 pkts/1050 bytes -> 0 pkts/0 bytes] + 40 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 41 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] + 42 TCP 192.168.115.8:50498 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/694 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] + 43 TCP 192.168.115.8:50503 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 44 UDP 192.168.5.41:50374 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][5 pkts/875 bytes -> 0 pkts/0 bytes] + 45 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] + 46 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 47 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 48 TCP 192.168.115.8:50477 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/614 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 49 TCP 192.168.115.8:50774 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/587 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 50 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 51 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7/HTTP][cat: Web/5][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] + 52 TCP 192.168.115.8:50768 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/526 bytes][Host: static.qiyi.com] + 53 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 54 TCP 192.168.115.8:50509 <-> 106.38.219.107:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/163 bytes <-> 2 pkts/557 bytes][Host: iplocation.geo.qiyi.com] + 55 TCP 192.168.5.15:65127 <-> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/323 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] + 56 TCP 192.168.115.8:50766 <-> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/493 bytes][Host: static.qiyi.com] + 57 TCP 192.168.115.8:50487 -> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/683 bytes -> 0 pkts/0 bytes][Host: msg.71.am] + 58 TCP 192.168.115.8:50489 <-> 119.188.13.188:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/253 bytes <-> 1 pkts/430 bytes][Host: pdata.video.qiyi.com] + 59 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 60 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] + 61 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 62 TCP 192.168.115.8:50508 <-> 223.26.106.19:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/198 bytes <-> 1 pkts/420 bytes][Host: static.qiyi.com] + 63 TCP 192.168.115.8:50483 <-> 202.108.14.219:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/417 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] + 64 TCP 192.168.115.8:50776 <-> 111.206.22.77:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/394 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] + 65 TCP 192.168.115.8:50765 <-> 36.110.220.15:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/264 bytes <-> 1 pkts/199 bytes][Host: msg.video.qiyi.com] + 66 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][cat: Web/5][2 pkts/398 bytes -> 0 pkts/0 bytes] + 67 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][2 pkts/358 bytes -> 0 pkts/0 bytes] + 68 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][cat: Web/5][1 pkts/347 bytes -> 0 pkts/0 bytes] + 69 TCP 192.168.115.8:50781 -> 223.26.106.20:80 [proto: 7.137/HTTP.GenericProtocol][cat: Streaming/17][1 pkts/303 bytes -> 0 pkts/0 bytes][Host: preimage1.qiyipic.com] + 70 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][cat: Web/5][1 pkts/199 bytes -> 0 pkts/0 bytes] + 71 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/165 bytes -> 0 pkts/0 bytes] + 72 UDP 192.168.5.63:39383 -> 239.255.255.250:1900 [proto: 12/SSDP][cat: System/18][1 pkts/130 bytes -> 0 pkts/0 bytes] + 73 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes -> 0 pkts/0 bytes] + 74 TCP 192.168.5.15:65125 -> 68.233.253.133:80 [proto: 7/HTTP][cat: Web/5][1 pkts/66 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -86,32 +88,31 @@ Undetected flows: 3 UDP 118.171.15.56:5544 <-> 192.168.115.8:22793 [proto: 0/Unknown][30 pkts/33210 bytes <-> 71 pkts/5609 bytes] 4 UDP 192.168.115.8:22793 <-> 219.228.107.156:1250 [proto: 0/Unknown][34 pkts/2686 bytes <-> 11 pkts/12177 bytes] 5 UDP 192.168.115.8:22793 <-> 222.197.138.12:6956 [proto: 0/Unknown][30 pkts/2370 bytes <-> 10 pkts/10042 bytes] - 6 UDP 192.168.115.8:22793 <-> 202.198.7.89:16039 [proto: 0/Unknown][2 pkts/158 bytes <-> 3 pkts/3323 bytes] - 7 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] - 9 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 11 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] - 13 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][1 pkts/87 bytes <-> 2 pkts/170 bytes] - 14 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 20 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 21 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 22 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 23 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 24 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 26 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 27 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 28 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 29 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 31 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 32 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 33 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.115.8:22793 -> 1.169.136.116:17951 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.115.8:22793 -> 114.41.144.153:10492 [proto: 0/Unknown][4 pkts/512 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.115.8:22793 -> 218.61.39.103:17788 [proto: 0/Unknown][2 pkts/300 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.115.8:22793 -> 119.188.133.182:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.115.8:22793 -> 183.61.167.104:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.115.8:22793 -> 218.61.39.87:17788 [proto: 0/Unknown][2 pkts/260 bytes -> 0 pkts/0 bytes] + 12 UDP 183.228.182.44:13913 <-> 192.168.115.8:22793 [proto: 0/Unknown][1 pkts/87 bytes <-> 2 pkts/170 bytes] + 13 UDP 192.168.115.8:22793 -> 183.61.167.82:17788 [proto: 0/Unknown][2 pkts/188 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.115.8:22793 -> 220.130.154.23:35941 [proto: 0/Unknown][2 pkts/174 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.115.8:22793 -> 111.249.53.196:32443 [proto: 0/Unknown][2 pkts/158 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.115.8:22793 -> 1.175.128.104:5185 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.115.8:22793 -> 36.233.39.81:18590 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.115.8:22793 -> 36.237.154.69:4316 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.115.8:22793 -> 61.223.204.67:11102 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.115.8:22793 -> 61.227.170.88:20227 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 21 UDP 192.168.115.8:22793 -> 111.117.101.81:10162 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 22 UDP 192.168.115.8:22793 -> 111.250.102.66:1107 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 23 UDP 192.168.115.8:22793 -> 114.37.142.173:1074 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.115.8:22793 -> 114.47.91.129:22576 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 25 UDP 192.168.115.8:22793 -> 115.157.62.243:29006 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 26 UDP 192.168.115.8:22793 -> 121.248.133.93:12757 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.115.8:22793 -> 202.112.31.89:29072 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 28 UDP 192.168.115.8:22793 -> 210.44.171.1:29702 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.115.8:22793 -> 210.44.232.243:21044 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 30 UDP 192.168.115.8:22793 -> 210.47.12.19:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 31 UDP 192.168.115.8:22793 -> 210.47.12.20:33738 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 32 UDP 192.168.115.8:22793 -> 222.26.74.190:1037 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] + 33 UDP 192.168.115.8:22793 -> 222.26.193.119:7133 [proto: 0/Unknown][2 pkts/132 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 4d09243a3..ddb00deaa 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 175 20913 11 +Unknown 171 20697 10 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -9,7 +9,7 @@ IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 Skype 584 56659 57 -Apple 3 168 1 +Apple 7 384 2 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 @@ -146,157 +146,158 @@ ApplePush 12 1877 1 129 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][5 pkts/300 bytes -> 0 pkts/0 bytes] 130 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][cat: Network/14][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 131 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][cat: Web/5][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 132 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] - 133 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 134 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 135 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] - 136 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes] - 137 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 249 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 251 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 256 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 257 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 264 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 265 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 269 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 270 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 271 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 272 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 273 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 274 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 275 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 276 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 277 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 278 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 279 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 280 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 281 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 282 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 140/Apple][cat: Web/5][4 pkts/216 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 134 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 135 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 136 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] + 137 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][cat: Web/5][2 pkts/108 bytes <-> 1 pkts/60 bytes] + 138 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][2 pkts/92 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 256 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 257 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 269 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 270 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 271 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 272 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 273 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 274 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 275 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 276 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 277 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 278 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 279 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 280 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 281 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 282 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 283 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -309,5 +310,4 @@ Undetected flows: 7 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] 8 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] 9 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 10 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 1c43d3161..a278e42eb 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 186 61791 12 +Unknown 183 61585 11 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -8,7 +8,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 607 129455 45 +Skype 610 129661 46 Apple 76 19581 1 MS_OneDrive 348 181687 1 ApplePush 8 1118 1 @@ -114,160 +114,161 @@ ApplePush 8 1118 1 99 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][cat: Network/14][2 pkts/258 bytes -> 0 pkts/0 bytes] 100 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][cat: System/18][1 pkts/216 bytes -> 0 pkts/0 bytes] 101 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][cat: VoIP/10][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 102 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 103 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 104 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] - 105 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] - 106 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] - 107 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] - 108 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 109 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 110 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 111 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 112 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 114 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 115 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 117 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 118 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 119 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 130 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 131 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 132 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 135 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] - 203 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 205 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 206 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 207 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] - 208 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 209 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 211 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 215 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 223 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 224 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 227 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 233 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] - 247 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 248 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 249 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] - 250 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 251 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 252 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] - 255 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] + 102 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 125/Skype][cat: VoIP/10][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 103 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 104 UDP 192.168.1.34:63661 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 105 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] + 106 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] + 107 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][cat: System/18][1 pkts/92 bytes -> 0 pkts/0 bytes] + 108 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][cat: VoIP/10][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] + 109 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 110 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 111 UDP 192.168.1.34:13021 -> 65.55.223.27:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 112 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 114 UDP 192.168.1.34:13021 -> 111.221.77.173:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 115 UDP 192.168.1.34:13021 -> 157.55.56.147:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 117 UDP 192.168.1.34:13021 -> 157.55.235.144:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 118 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 119 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/79 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 111.221.74.28:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 157.56.52.39:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 213.199.179.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 213.199.179.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/78 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:13021 -> 65.55.223.24:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 131 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 135 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 157.55.235.168:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 157.56.52.20:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 213.199.179.160:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/77 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 111.221.77.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 157.55.130.165:40028 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 157.55.130.170:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/76 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 64.4.23.165:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 111.221.77.149:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.56.52.13:40021 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.56.52.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 157.56.52.42:40005 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/75 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 65.55.223.22:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/74 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 213.199.179.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/73 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 111.221.74.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.56.145:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.130.152:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 157.56.52.27:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/72 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 64.4.23.149:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 65.55.223.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 111.221.74.15:40026 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.56.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.130.171:40012 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/71 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 64.4.23.154:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 65.55.223.17:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 65.55.223.65:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:13021 -> 111.221.77.160:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 202 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/70 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 207 UDP 192.168.1.34:13021 -> 157.55.235.172:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 208 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/69 bytes -> 0 pkts/0 bytes] + 209 UDP 192.168.1.34:13021 -> 111.221.77.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 210 UDP 192.168.1.34:13021 -> 157.55.56.150:40014 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 211 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.34:13021 -> 157.55.235.160:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 213 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/68 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 65.55.223.18:40025 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 111.221.74.42:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 157.55.56.167:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:13021 -> 157.55.130.144:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 226 UDP 192.168.1.34:13021 -> 157.55.130.160:40008 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 227 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:13021 -> 157.56.52.12:40031 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/67 bytes -> 0 pkts/0 bytes] + 230 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 231 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:13021 -> 65.55.223.20:40023 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 157.55.56.143:40018 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 235 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 157.55.235.171:40006 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/66 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 111.221.77.171:40030 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 157.55.130.159:40016 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 157.56.52.40:40017 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 213.199.179.145:40024 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/64 bytes -> 0 pkts/0 bytes] + 248 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 249 IGMP 192.168.1.219:0 -> 233.89.188.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 250 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][cat: Network/14][1 pkts/60 bytes -> 0 pkts/0 bytes] + 251 UDP 192.168.1.34:13021 -> 111.221.74.14:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 252 UDP 192.168.1.34:13021 -> 133.236.67.25:49195 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 157.55.235.141:443 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.34:13021 -> 189.138.161.88:19521 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125.49/Skype.SkypeCallIn][cat: VoIP/10][1 pkts/60 bytes -> 0 pkts/0 bytes] + 256 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][cat: Network/14][1 pkts/46 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -281,5 +282,4 @@ Undetected flows: 8 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] 9 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes] 10 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 12 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 738169827..0c85aae9e 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -1,3 +1,4 @@ +Unknown 93 13829 4 DNS 8 1267 4 MDNS 4 412 1 ICMP 2 3028 1 @@ -5,7 +6,7 @@ SSL 129 42221 7 ICMPV6 2 140 1 Facebook 2 281 1 Google 2 164 1 -Viber 268 99524 9 +Viber 175 85695 5 QUIC 3 194 1 1 TCP 192.168.0.17:53934 <-> 54.230.93.53:443 [proto: 91.144/SSL.Viber][cat: Chat/9][43 pkts/4571 bytes <-> 46 pkts/60087 bytes][client: dl-media.viber.com][server: *.viber.com] @@ -16,21 +17,24 @@ QUIC 3 194 1 6 TCP 192.168.0.17:36986 <-> 54.69.166.226:443 [proto: 91/SSL][cat: Web/5][11 pkts/1437 bytes <-> 11 pkts/6412 bytes][client: mapi.apptimize.com][server: *.apptimize.com] 7 TCP 192.168.0.17:55746 <-> 151.101.1.130:443 [proto: 91/SSL][cat: Web/5][10 pkts/1534 bytes <-> 9 pkts/6239 bytes][client: venetia.iad.appboy.com][server: y.ssl.fastly.net] 8 TCP 192.168.0.17:36988 <-> 54.69.166.226:443 [proto: 91/SSL][cat: Web/5][11 pkts/1462 bytes <-> 11 pkts/6163 bytes][client: mapi.apptimize.com][server: *.apptimize.com] - 9 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 144/Viber][cat: Chat/9][24 pkts/5035 bytes <-> 22 pkts/2302 bytes] - 10 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 144/Viber][cat: Chat/9][25 pkts/4344 bytes <-> 18 pkts/1872 bytes] - 11 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes] - 12 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Host: mapi.apptimize.com] - 13 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 14 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] - 15 UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Host: app.adjust.com] - 17 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Host: graph.facebook.com] - 18 UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Host: venetia.iad.appboy.com] - 19 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Host: media.cdn.viber.com] - 20 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Host: dl-media.viber.com] - 21 UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 188/QUIC][cat: Web/5][2 pkts/130 bytes <-> 1 pkts/64 bytes] - 22 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Host: app-measurement.com] - 23 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Host: www.google.com] - 24 ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 144/Viber][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/62 bytes] - 26 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 144/Viber][cat: Chat/9][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 9 ICMP 192.168.0.17:0 <-> 192.168.0.15:0 [proto: 81/ICMP][cat: Network/14][1 pkts/1514 bytes <-> 1 pkts/1514 bytes] + 10 UDP 192.168.0.17:62872 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/78 bytes <-> 1 pkts/373 bytes][Host: mapi.apptimize.com] + 11 TCP 192.168.0.17:33744 <-> 18.201.4.3:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 12 TCP 192.168.0.17:45424 <-> 18.201.4.32:443 [proto: 91/SSL][cat: Web/5][4 pkts/272 bytes <-> 2 pkts/140 bytes] + 13 UDP 192.168.0.17:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][cat: Network/14][4 pkts/412 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.0.17:35283 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/74 bytes <-> 1 pkts/303 bytes][Host: app.adjust.com] + 15 UDP 192.168.0.17:45743 <-> 192.168.0.15:53 [proto: 5.119/DNS.Facebook][cat: SocialNetwork/6][1 pkts/78 bytes <-> 1 pkts/203 bytes][Host: graph.facebook.com] + 16 UDP 192.168.0.17:44376 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/82 bytes <-> 1 pkts/183 bytes][Host: venetia.iad.appboy.com] + 17 UDP 192.168.0.17:37418 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/79 bytes <-> 1 pkts/185 bytes][Host: media.cdn.viber.com] + 18 UDP 192.168.0.17:40445 <-> 192.168.0.15:53 [proto: 5.144/DNS.Viber][cat: Chat/9][1 pkts/78 bytes <-> 1 pkts/185 bytes][Host: dl-media.viber.com] + 19 UDP 192.168.0.17:41993 <-> 172.217.23.106:443 [proto: 188/QUIC][cat: Web/5][2 pkts/130 bytes <-> 1 pkts/64 bytes] + 20 UDP 192.168.0.17:35331 <-> 192.168.0.15:53 [proto: 5/DNS][cat: Network/14][1 pkts/79 bytes <-> 1 pkts/95 bytes][Host: app-measurement.com] + 21 UDP 192.168.0.17:50097 <-> 192.168.0.15:53 [proto: 5.126/DNS.Google][cat: Web/5][1 pkts/74 bytes <-> 1 pkts/90 bytes][Host: www.google.com] + 22 ICMPV6 [fe80::3207:4dff:fea3:5fa7]:0 -> [ff02::2]:0 [proto: 102/ICMPV6][cat: Network/14][2 pkts/140 bytes -> 0 pkts/0 bytes] + + +Undetected flows: + 1 UDP 192.168.0.17:47171 <-> 18.201.4.32:7985 [proto: 0/Unknown][24 pkts/5035 bytes <-> 22 pkts/2302 bytes] + 2 UDP 192.168.0.17:38190 <-> 18.201.4.3:7985 [proto: 0/Unknown][25 pkts/4344 bytes <-> 18 pkts/1872 bytes] + 3 UDP 192.168.0.17:38190 <-> 18.201.4.3:7987 [proto: 0/Unknown][1 pkts/76 bytes <-> 1 pkts/62 bytes] + 4 UDP 192.168.0.17:47171 <-> 18.201.4.32:7987 [proto: 0/Unknown][1 pkts/76 bytes <-> 1 pkts/62 bytes] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 5b183ea2c..bdb4acf91 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -1,4 +1,3 @@ -Unknown 10 786 1 HTTP 28 1572 7 NTP 2 180 1 HTTP_Download 37 63205 1 @@ -6,6 +5,7 @@ SSL_No_Cert 13 2142 1 SSL 8 432 2 Waze 484 289335 19 WhatsApp 15 1341 1 +Amazon 10 786 1 1 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][cat: Web/5][52 pkts/10860 bytes <-> 55 pkts/74852 bytes][server: *.world.waze.com] 2 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTP_Download][cat: Download-FileTransfer-FileSharing/7][19 pkts/1309 bytes <-> 18 pkts/61896 bytes][Host: xtra1.gpsonextra.net] @@ -29,17 +29,14 @@ WhatsApp 15 1341 1 20 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/552 bytes <-> 7 pkts/771 bytes][Host: cres.waze.com] 21 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/550 bytes <-> 7 pkts/769 bytes][Host: cres.waze.com] 22 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][cat: Web/5][7 pkts/553 bytes <-> 7 pkts/733 bytes][Host: roadshields.waze.com] - 23 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 24 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 25 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 26 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 27 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] - 28 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 29 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 30 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 31 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] - 32 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] - - -Undetected flows: - 1 TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 0/Unknown][8 pkts/678 bytes <-> 2 pkts/108 bytes] + 23 TCP 10.16.37.157:42256 <-> 174.37.231.81:5222 [proto: 91.178/SSL.Amazon][cat: Web/5][8 pkts/678 bytes <-> 2 pkts/108 bytes] + 24 TCP 10.16.37.157:41823 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 25 TCP 10.16.37.157:43991 <-> 200.160.4.31:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 26 TCP 10.16.37.157:46473 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 27 TCP 10.16.37.157:52746 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 28 TCP 10.16.37.157:52953 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/120 bytes <-> 2 pkts/108 bytes] + 29 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 30 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 31 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 32 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][cat: Web/5][2 pkts/108 bytes <-> 2 pkts/108 bytes] + 33 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][cat: System/18][1 pkts/90 bytes <-> 1 pkts/90 bytes] -- cgit v1.2.3 From e9dd5985b3d3f1ac462b9145c20f32c4ed7869b7 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 21 Nov 2018 17:22:15 +0100 Subject: Made configure more friendly Added time measurement in ndpiReader (processing and setup time) --- configure.seed | 1 + example/ndpiReader.c | 40 +++++++++++++++++++++++----------------- 2 files changed, 24 insertions(+), 17 deletions(-) (limited to 'example') diff --git a/configure.seed b/configure.seed index 11220f885..1aa68f17c 100644 --- a/configure.seed +++ b/configure.seed @@ -87,6 +87,7 @@ if test "${with_hyperscan+set}" = set; then HS_INC=`pkg-config --cflags libhs` HS_LIB=`pkg-config --libs libhs` LDFLAGS="$LDFLAGS $HS_LIB" + AC_MSG_RESULT([compiling with Intel Hyperscan]) else AC_MSG_RESULT([Intel Hyperscan not found, exiting. See https://github.com/intel/hyperscan/blob/master/doc/dev-reference/getting_started.rst for install/build instructions]) exit 1 diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 78d95a76d..2885399d2 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -94,7 +94,7 @@ static u_int16_t decode_tunnels = 0; static u_int16_t num_loops = 1; static u_int8_t shutdown_app = 0, quiet_mode = 0; static u_int8_t num_threads = 1; -static struct timeval begin, end; +static struct timeval startup_time, begin, end; #ifdef linux static int core_affinity[MAX_NUM_READER_THREADS]; #endif @@ -1890,7 +1890,7 @@ void printPortStats(struct port_stats *stats) { /** * @brief Print result */ -static void printResults(u_int64_t tot_usec) { +static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_usec) { u_int32_t i; u_int64_t total_flow_bytes = 0; u_int32_t avg_pkt_size = 0; @@ -1953,7 +1953,9 @@ static void printResults(u_int64_t tot_usec) { printf("\tFlow Memory (per flow): %-13s\n", formatBytes(sizeof(struct ndpi_flow_struct), buf, sizeof(buf))); printf("\tActual Memory: %-13s\n", formatBytes(current_ndpi_memory, buf, sizeof(buf))); printf("\tPeak Memory: %-13s\n", formatBytes(max_ndpi_memory, buf, sizeof(buf))); - + printf("\tSetup Time: %lu msec\n", setup_time_usec/1000); + printf("\tPacket Processing Time: %lu msec\n", processing_time_usec/1000); + if(!json_flag) { printf("\nTraffic statistics:\n"); printf("\tEthernet bytes: %-13llu (includes ethernet CRC/IFC/trailer)\n", @@ -1984,13 +1986,13 @@ static void printResults(u_int64_t tot_usec) { printf("\tPacket Len 1024-1500: %-13lu\n", (unsigned long)cumulative_stats.packet_len[4]); printf("\tPacket Len > 1500: %-13lu\n", (unsigned long)cumulative_stats.packet_len[5]); - if(tot_usec > 0) { + if(processing_time_usec > 0) { char buf[32], buf1[32], when[64]; - float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)tot_usec; - float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)tot_usec; + float t = (float)(cumulative_stats.ip_packet_count*1000000)/(float)processing_time_usec; + float b = (float)(cumulative_stats.total_wire_bytes * 8 *1000000)/(float)processing_time_usec; float traffic_duration; - if(live_capture) traffic_duration = tot_usec; + if(live_capture) traffic_duration = processing_time_usec; else traffic_duration = (pcap_end.tv_sec*1000000 + pcap_end.tv_usec) - (pcap_start.tv_sec*1000000 + pcap_start.tv_usec); printf("\tnDPI throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); @@ -2002,7 +2004,7 @@ static void printResults(u_int64_t tot_usec) { strftime(when, sizeof(when), "%d/%b/%Y %H:%M:%S", localtime(&pcap_end.tv_sec)); printf("\tAnalysis end: %s\n", when); printf("\tTraffic throughput: %s pps / %s/sec\n", formatPackets(t, buf), formatTraffic(b, 1, buf1)); - printf("\tTraffic duration: %.3f sec\n", traffic_duration/1000000); + printf("\tTraffic duration: %.3f sec\n", traffic_duration/1000000); } if(enable_protocol_guess) @@ -2491,12 +2493,13 @@ static void pcap_process_packet(u_char *args, if((pcap_end.tv_sec-pcap_start.tv_sec) > pcap_analysis_duration) { int i; - u_int64_t tot_usec; + u_int64_t processing_time_usec, setup_time_usec; gettimeofday(&end, NULL); - tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); - - printResults(tot_usec); + processing_time_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); + setup_time_usec = begin.tv_sec*1000000 + begin.tv_usec - (startup_time.tv_sec*1000000 + startup_time.tv_usec); + + printResults(processing_time_usec, setup_time_usec); for(i=0; iprefs.num_roots; i++) { ndpi_tdestroy(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], ndpi_flow_info_freer); @@ -2595,7 +2598,7 @@ pcap_loop: */ void test_lib() { struct timeval end; - u_int64_t tot_usec; + u_int64_t processing_time_usec, setup_time_usec; long thread_id; #ifdef HAVE_JSON_C @@ -2647,10 +2650,11 @@ void test_lib() { } gettimeofday(&end, NULL); - tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); + processing_time_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec); + setup_time_usec = begin.tv_sec*1000000 + begin.tv_usec - (startup_time.tv_sec*1000000 + startup_time.tv_usec); /* Printing cumulative results */ - printResults(tot_usec); + printResults(processing_time_usec, setup_time_usec); if(stats_flag) { #ifdef HAVE_JSON_C @@ -3263,8 +3267,8 @@ int orginal_main(int argc, char **argv) { #else int main(int argc, char **argv) { #endif - int i; - + int i; + if(ndpi_get_api_version() != NDPI_API_VERSION) { printf("nDPI Library version mismatch: please make sure this code and the nDPI library are in sync\n"); return(-1); @@ -3272,7 +3276,9 @@ int orginal_main(int argc, char **argv) { automataUnitTest(); + gettimeofday(&startup_time, NULL); ndpi_info_mod = ndpi_init_detection_module(); + if(ndpi_info_mod == NULL) return -1; memset(ndpi_thread_info, 0, sizeof(ndpi_thread_info)); -- cgit v1.2.3 From f15aed6c46461779459031058f0e9f076a3186bc Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 21 Nov 2018 23:25:27 +0100 Subject: Renamed internal function --- example/ndpiReader.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 2885399d2..29d07e299 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2400,7 +2400,7 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi /** * @brief Check pcap packet */ -static void pcap_process_packet(u_char *args, +static void ndpi_process_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) { struct ndpi_proto p; @@ -2522,7 +2522,7 @@ static void pcap_process_packet(u_char *args, */ static void runPcapLoop(u_int16_t thread_id) { if((!shutdown_app) && (ndpi_thread_info[thread_id].workflow->pcap_handle != NULL)) - pcap_loop(ndpi_thread_info[thread_id].workflow->pcap_handle, -1, &pcap_process_packet, (u_char*)&thread_id); + pcap_loop(ndpi_thread_info[thread_id].workflow->pcap_handle, -1, &ndpi_process_packet, (u_char*)&thread_id); } /** @@ -2570,7 +2570,7 @@ void * processing_thread(void *_thread_id) { h.len = h.caplen = len; gettimeofday(&h.ts, NULL); - pcap_process_packet((u_char*)&thread_id, &h, (const u_char *)data); + ndpi_process_packet((u_char*)&thread_id, &h, (const u_char *)data); rte_pktmbuf_free(bufs[i]); } } -- cgit v1.2.3 From ea7e7c753b20bfdb4edd97499362a3a331631e04 Mon Sep 17 00:00:00 2001 From: Vitaliy Ivanov Date: Wed, 28 Nov 2018 16:40:34 +0200 Subject: build: correct example dpdk linking with pcap. - take libpcap from configure information. - clean up distclean. Signed-off-by: Vitaliy Ivanov --- example/Makefile.dpdk.in | 4 ++-- example/Makefile.in | 6 +++++- src/lib/Makefile.in | 3 +++ 3 files changed, 10 insertions(+), 3 deletions(-) (limited to 'example') diff --git a/example/Makefile.dpdk.in b/example/Makefile.dpdk.in index 8519d7d0e..d96975483 100644 --- a/example/Makefile.dpdk.in +++ b/example/Makefile.dpdk.in @@ -14,14 +14,14 @@ RTE_TARGET ?= x86_64-native-linuxapp-gcc include $(RTE_SDK)/mk/rte.vars.mk -APP = ndpiReader +APP = ndpiReader.dpdk LIBNDPI = $(PWD)/../src/lib/libndpi.a SRCS-y := ndpi_util.c ndpiReader.c CFLAGS += -g CFLAGS += -Wno-strict-prototypes -Wno-missing-prototypes -Wno-missing-declarations -Wno-unused-parameter -I $(PWD)/../src/include @CFLAGS@ -DUSE_DPDK -LDLIBS = $(LIBNDPI) -lpthread @LDFLAGS@ +LDLIBS = $(LIBNDPI) @PCAP_LIB@ -lpthread @LDFLAGS@ include $(RTE_SDK)/mk/rte.extapp.mk diff --git a/example/Makefile.in b/example/Makefile.in index 3e0f25d91..84f3f3623 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -1,7 +1,7 @@ CC=@CC@ CFLAGS=-g -I../src/include @CFLAGS@ LIBNDPI=../src/lib/libndpi.a -LDFLAGS=$(LIBNDPI) -lpcap -lpthread @LDFLAGS@ +LDFLAGS=$(LIBNDPI) @PCAP_LIB@ -lpthread @LDFLAGS@ OBJS=ndpiReader.o ndpi_util.o PREFIX?=/usr/local @@ -21,4 +21,8 @@ dpdk: clean: /bin/rm -f *.o ndpiReader + /bin/rm -rf build +distclean: clean + /bin/rm -f Makefile.dpdk + /bin/rm -f Makefile diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 1f07773e9..c22aa1a36 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -54,6 +54,9 @@ $(NDPI_LIB_SHARED): $(OBJECTS) clean: /bin/rm -f $(NDPI_LIB_STATIC) $(OBJECTS) *.o *.so *.lo +distclean: clean + /bin/rm -f Makefile + install: $(NDPI_LIBS) mkdir -p $(DESTDIR)$(libdir) cp $(NDPI_LIBS) $(DESTDIR)$(libdir)/ -- cgit v1.2.3 From 8df6b5c1bf453939a2d84cfa76b46dff6a3a6a42 Mon Sep 17 00:00:00 2001 From: Vitaliy Ivanov Date: Wed, 28 Nov 2018 17:39:14 +0200 Subject: build: install example binaries to dst dir. make install DESTDIR=/build/nDPI/ Signed-off-by: Vitaliy Ivanov --- example/Makefile.in | 2 ++ 1 file changed, 2 insertions(+) (limited to 'example') diff --git a/example/Makefile.in b/example/Makefile.in index 84f3f3623..96be6eacf 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -14,7 +14,9 @@ ndpiReader: $(OBJS) $(LIBNDPI) $(CC) $(CFLAGS) -c $< -o $@ install: ndpiReader + mkdir -p $(DESTDIR)$(PREFIX)/bin/ cp ndpiReader $(DESTDIR)$(PREFIX)/bin/ + [ -f build/app/ndpiReader.dpdk ] && cp build/app/ndpiReader.dpdk $(DESTDIR)$(PREFIX)/bin/ dpdk: make -f Makefile.dpdk -- cgit v1.2.3 From a3abbc3ebb851c7316b6694efc5036d40324d103 Mon Sep 17 00:00:00 2001 From: Vitaliy Ivanov Date: Wed, 28 Nov 2018 19:23:27 +0200 Subject: build: do not fail if example app is not present. Signed-off-by: Vitaliy Ivanov --- example/Makefile.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'example') diff --git a/example/Makefile.in b/example/Makefile.in index 96be6eacf..050cac8e1 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -16,7 +16,8 @@ ndpiReader: $(OBJS) $(LIBNDPI) install: ndpiReader mkdir -p $(DESTDIR)$(PREFIX)/bin/ cp ndpiReader $(DESTDIR)$(PREFIX)/bin/ - [ -f build/app/ndpiReader.dpdk ] && cp build/app/ndpiReader.dpdk $(DESTDIR)$(PREFIX)/bin/ + [ -f build/app/ndpiReader.dpdk ] && cp build/app/ndpiReader.dpdk $(DESTDIR)$(PREFIX)/bin/ || true + [ -f ndpiReader.dpdk ] && cp ndpiReader.dpdk $(DESTDIR)$(PREFIX)/bin/ || true dpdk: make -f Makefile.dpdk -- cgit v1.2.3 From 622519e90ec2327ce8507783fb3858397bd42c07 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 29 Nov 2018 07:53:41 +0100 Subject: Warning fix --- example/ndpiReader.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 29d07e299..6c3dfeee8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1953,8 +1953,8 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us printf("\tFlow Memory (per flow): %-13s\n", formatBytes(sizeof(struct ndpi_flow_struct), buf, sizeof(buf))); printf("\tActual Memory: %-13s\n", formatBytes(current_ndpi_memory, buf, sizeof(buf))); printf("\tPeak Memory: %-13s\n", formatBytes(max_ndpi_memory, buf, sizeof(buf))); - printf("\tSetup Time: %lu msec\n", setup_time_usec/1000); - printf("\tPacket Processing Time: %lu msec\n", processing_time_usec/1000); + printf("\tSetup Time: %lu msec\n", (unsigned long)(setup_time_usec/1000)); + printf("\tPacket Processing Time: %lu msec\n", (unsigned long)(processing_time_usec/1000)); if(!json_flag) { printf("\nTraffic statistics:\n"); -- cgit v1.2.3 From fd963538f3c93800b870283b31313257930af715 Mon Sep 17 00:00:00 2001 From: Vitaliy Ivanov Date: Thu, 29 Nov 2018 13:40:37 +0200 Subject: build: cleanup of dpdk examples. - clean install dependencies on example binary - add more rules to clean command Signed-off-by: Vitaliy Ivanov --- example/Makefile.in | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'example') diff --git a/example/Makefile.in b/example/Makefile.in index 050cac8e1..bf218f503 100644 --- a/example/Makefile.in +++ b/example/Makefile.in @@ -13,7 +13,7 @@ ndpiReader: $(OBJS) $(LIBNDPI) %.o: %.c $(HEADERS) Makefile $(CC) $(CFLAGS) -c $< -o $@ -install: ndpiReader +install: mkdir -p $(DESTDIR)$(PREFIX)/bin/ cp ndpiReader $(DESTDIR)$(PREFIX)/bin/ [ -f build/app/ndpiReader.dpdk ] && cp build/app/ndpiReader.dpdk $(DESTDIR)$(PREFIX)/bin/ || true @@ -23,7 +23,9 @@ dpdk: make -f Makefile.dpdk clean: - /bin/rm -f *.o ndpiReader + /bin/rm -f *.o ndpiReader ndpiReader.dpdk + /bin/rm -f .*.dpdk.cmd .*.o.cmd *.dpdk.map .*.o.d + /bin/rm -f _install _postbuild _postinstall _preinstall /bin/rm -rf build distclean: clean -- cgit v1.2.3