From 667e77c609d842a9a41930b590de206fb2b917fe Mon Sep 17 00:00:00 2001 From: Luca Date: Sat, 21 Jul 2018 16:02:54 +0200 Subject: Major code cleanup Converted some not popular protocols to NDPI_PROTOCOL_GENERIC with category detection --- src/lib/protocols/directconnect.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'src/lib/protocols/directconnect.c') diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index 725e53348..6072c3697 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -2,7 +2,7 @@ * directconnect.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -25,8 +25,6 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_DIRECTCONNECT - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECTCONNECT #include "ndpi_api.h" @@ -446,5 +444,3 @@ void init_directconnect_dissector(struct ndpi_detection_module_struct *ndpi_stru *id += 1; } - -#endif -- cgit v1.2.3 From 3091dc3c4880d3d51cc5a0df6004e941c24f9e28 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 16 Aug 2018 15:23:30 +0200 Subject: Fix for #400 --- src/include/ndpi_typedefs.h | 3 +++ src/lib/protocols/directconnect.c | 3 +-- src/lib/protocols/whatsapp.c | 23 ++++++++++++++++++++--- 3 files changed, 24 insertions(+), 5 deletions(-) (limited to 'src/lib/protocols/directconnect.c') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 3d0eccab7..1a9924d36 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -475,6 +475,9 @@ struct ndpi_flow_tcp_struct { /* NDPI_PROTOCOL_QQ */ u_int16_t qq_nxt_len; + /* NDPI_PROTOCOL_WHATSAPP */ + u_int8_t wa_matched_so_far; + /* NDPI_PROTOCOL_TDS */ u_int8_t tds_login_version; diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index 6072c3697..5088685e4 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -78,8 +78,7 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s const u_int8_t connection_type) { - struct ndpi_packet_struct *packet = &flow->packet; - + struct ndpi_packet_struct *packet = &flow->packet; struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; diff --git a/src/lib/protocols/whatsapp.c b/src/lib/protocols/whatsapp.c index 6a98eac6b..6964a8e0e 100644 --- a/src/lib/protocols/whatsapp.c +++ b/src/lib/protocols/whatsapp.c @@ -33,12 +33,30 @@ void ndpi_search_whatsapp(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_DBG(ndpi_struct, "search WhatsApp\n"); + if(flow->l4.tcp.wa_matched_so_far == 0) { + if(memcmp(packet->payload, whatsapp_sequence, packet->payload_packet_len)) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } else + flow->l4.tcp.wa_matched_so_far = packet->payload_packet_len; + + return; + } else { + if(memcmp(packet->payload, &whatsapp_sequence[flow->l4.tcp.wa_matched_so_far], + sizeof(whatsapp_sequence)-flow->l4.tcp.wa_matched_so_far)) + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + else + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); + + return; + } + if((packet->payload_packet_len > 240) && (memcmp(packet->payload, whatsapp_sequence, sizeof(whatsapp_sequence)) == 0)) { NDPI_LOG_INFO(ndpi_struct, "found WhatsApp\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); - } else - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -53,4 +71,3 @@ void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct, ADD_TO_DETECTION_BITMASK); *id += 1; } - -- cgit v1.2.3