From 63d738d522b5dee70584d70c787ec8f97c89da39 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Tue, 20 Sep 2022 00:02:57 +0200 Subject: Improved NATPMP dissection. Signed-off-by: Toni Uhlig --- example/ndpiReader.c | 6 ++++++ example/reader_util.c | 8 ++++++++ example/reader_util.h | 7 +++++++ 3 files changed, 21 insertions(+) (limited to 'example') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index f80bc479a..b850496ed 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1508,6 +1508,12 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa } break; + case INFO_NATPMP: + fprintf(out, "[Result: %u][Internal Port: %u][External Port: %u][External Address: %s]", + flow->natpmp.result_code, flow->natpmp.internal_port, flow->natpmp.external_port, + flow->natpmp.ip); + break; + case INFO_FTP_IMAP_POP_SMTP: if (flow->ftp_imap_pop_smtp.username[0] != '\0') { diff --git a/example/reader_util.c b/example/reader_util.c index 37e5bf4b4..927d22ab2 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1107,6 +1107,14 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl ndpi_snprintf(flow->softether.fqdn, sizeof(flow->softether.fqdn), "%s", flow->ndpi_flow->protos.softether.fqdn); } + /* NATPMP */ + else if(is_ndpi_proto(flow, NDPI_PROTOCOL_NATPMP)) { + flow->info_type = INFO_NATPMP; + flow->natpmp.result_code = flow->ndpi_flow->protos.natpmp.result_code; + flow->natpmp.internal_port = flow->ndpi_flow->protos.natpmp.internal_port; + flow->natpmp.external_port = flow->ndpi_flow->protos.natpmp.external_port; + inet_ntop(AF_INET, &flow->ndpi_flow->protos.natpmp.external_address.ipv4, &flow->natpmp.ip[0], sizeof(flow->natpmp.ip)); + } /* DISCORD */ else if(is_ndpi_proto(flow, NDPI_PROTOCOL_DISCORD) && !is_ndpi_proto(flow, NDPI_PROTOCOL_TLS) && flow->ndpi_flow->protos.discord.client_ip[0] != '\0') { diff --git a/example/reader_util.h b/example/reader_util.h index 26510f700..703e33094 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -167,6 +167,7 @@ enum info_type { INFO_FTP_IMAP_POP_SMTP, INFO_TLS_QUIC_ALPN_VERSION, INFO_TLS_QUIC_ALPN_ONLY, + INFO_NATPMP, }; // flow tracking @@ -241,6 +242,12 @@ typedef struct ndpi_flow_info { char platform[32]; char services[48]; } tivoconnect; + struct { + uint16_t result_code; + uint16_t internal_port; + uint16_t external_port; + char ip[16]; + } natpmp; }; ndpi_serializer ndpi_flow_serializer; -- cgit v1.2.3