From 667e77c609d842a9a41930b590de206fb2b917fe Mon Sep 17 00:00:00 2001 From: Luca Date: Sat, 21 Jul 2018 16:02:54 +0200 Subject: Major code cleanup Converted some not popular protocols to NDPI_PROTOCOL_GENERIC with category detection --- src/lib/protocols/lisp.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'src/lib/protocols/lisp.c') diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index e507be9f9..2c6d7b611 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -1,7 +1,5 @@ #include "ndpi_protocol_ids.h" -#ifdef NDPI_PROTOCOL_LISP - #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LISP #include "ndpi_api.h" @@ -68,4 +66,3 @@ void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int *id += 1; } -#endif -- cgit v1.2.3 From e240bbd4a4dfa34bd166ed5e9ae19a060ae42981 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 7 Nov 2018 22:43:33 +0100 Subject: Implemented UPnP dissector --- src/include/ndpi_protocols.h | 1 + src/lib/ndpi_main.c | 3 ++ src/lib/protocols/lisp.c | 22 ++++++++++++++- src/lib/protocols/upnp.c | 65 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 src/lib/protocols/upnp.c (limited to 'src/lib/protocols/lisp.c') diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 48e005ce1..8ac7d7247 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -325,6 +325,7 @@ void init_tor_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 void init_tvants_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_upnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_veohtv_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_vhua_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_viber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 519d6a1ad..7dd8777ec 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3170,6 +3170,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* REDIS */ init_redis_dissector(ndpi_struct, &a, detection_bitmask); + /* UPnP */ + init_upnp_dissector(ndpi_struct, &a, detection_bitmask); + /* VHUA */ init_vhua_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index 2c6d7b611..7343ca034 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -1,10 +1,30 @@ +/* + * list.c + * + * Copyright (C) 2017-18 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + #include "ndpi_protocol_ids.h" #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LISP #include "ndpi_api.h" -#define LISP_PORT 4341 +#define LISP_PORT 4341 #define LISP_PORT1 4342 static void ndpi_int_lisp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/upnp.c b/src/lib/protocols/upnp.c new file mode 100644 index 000000000..1706d021d --- /dev/null +++ b/src/lib/protocols/upnp.c @@ -0,0 +1,65 @@ +/* + * upnp.c + * + * Copyright (C) 2018 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UPNP + +#include "ndpi_api.h" + +#define UPNP_PORT 3702 + +void ndpi_search_upnp(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG_DBG(ndpi_struct, "search upnp\n"); + + if(packet->udp + && ( + (packet->iph && ((ntohl(packet->iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */)) +#ifdef NDPI_DETECTION_SUPPORT_IPV6 + || + (packet->iphv6 && ntohl(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0]) == 0xFF020000) +#endif + ) + && (ntohs(packet->udp->dest) == UPNP_PORT) + && (packet->payload_packet_len >= 40) + && (strncmp((char*)packet->payload, "