From b22d1d8e6a31ee878f1c205eb62b9e4bc3d03d9a Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 18 May 2015 12:48:13 +0200 Subject: File rename to avoid name clashes Cleaned up autogen.sh --- src/lib/protocols/redis.c | 92 -------------------------------------- src/lib/protocols/redis_net.c | 92 ++++++++++++++++++++++++++++++++++++++ src/lib/protocols/zeromq.c | 100 ++++++++++++++++++++++++++++++++++++++++++ src/lib/protocols/zmq.c | 100 ------------------------------------------ 4 files changed, 192 insertions(+), 192 deletions(-) delete mode 100644 src/lib/protocols/redis.c create mode 100644 src/lib/protocols/redis_net.c create mode 100644 src/lib/protocols/zeromq.c delete mode 100644 src/lib/protocols/zmq.c (limited to 'src/lib/protocols') diff --git a/src/lib/protocols/redis.c b/src/lib/protocols/redis.c deleted file mode 100644 index a47778b48..000000000 --- a/src/lib/protocols/redis.c +++ /dev/null @@ -1,92 +0,0 @@ -/* - * redis.c - * - * Copyright (C) 2011-15 - ntop.org - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ - - -#include "ndpi_api.h" - -#ifdef NDPI_PROTOCOL_REDIS - -static void ndpi_int_redis_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_REDIS, NDPI_REAL_PROTOCOL); -} - - -static void ndpi_check_redis(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; - u_int32_t payload_len = packet->payload_packet_len; - - if(payload_len == 0) return; /* Shouldn't happen */ - - /* Break after 20 packets. */ - if(flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude Redis.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_REDIS); - return; - } - - if(packet->packet_direction == 0) - flow->redis_s2d_first_char = packet->payload[0]; - else - flow->redis_d2s_first_char = packet->payload[0]; - - if((flow->redis_s2d_first_char != '\0') && (flow->redis_d2s_first_char != '\0')) { - /* - *1 - $4 - PING - +PONG - *3 - $3 - SET - $19 - dns.cache.127.0.0.1 - $9 - localhost - +OK - */ - - if(((flow->redis_s2d_first_char == '*') - && ((flow->redis_d2s_first_char == '+') || (flow->redis_d2s_first_char == ':'))) - || ((flow->redis_d2s_first_char == '*') - && ((flow->redis_s2d_first_char == '+') || (flow->redis_s2d_first_char == ':')))) { - NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Found Redis.\n"); - ndpi_int_redis_add_connection(ndpi_struct, flow); - } else { - NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude Redis.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_REDIS); - } - } else - return; /* Too early */ -} - -void ndpi_search_redis(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; - - NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Redis detection...\n"); - - /* skip marked packets */ - if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_REDIS) { - if (packet->tcp_retransmission == 0) { - ndpi_check_redis(ndpi_struct, flow); - } - } -} - -#endif diff --git a/src/lib/protocols/redis_net.c b/src/lib/protocols/redis_net.c new file mode 100644 index 000000000..a47778b48 --- /dev/null +++ b/src/lib/protocols/redis_net.c @@ -0,0 +1,92 @@ +/* + * redis.c + * + * Copyright (C) 2011-15 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_api.h" + +#ifdef NDPI_PROTOCOL_REDIS + +static void ndpi_int_redis_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_REDIS, NDPI_REAL_PROTOCOL); +} + + +static void ndpi_check_redis(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + u_int32_t payload_len = packet->payload_packet_len; + + if(payload_len == 0) return; /* Shouldn't happen */ + + /* Break after 20 packets. */ + if(flow->packet_counter > 20) { + NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude Redis.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_REDIS); + return; + } + + if(packet->packet_direction == 0) + flow->redis_s2d_first_char = packet->payload[0]; + else + flow->redis_d2s_first_char = packet->payload[0]; + + if((flow->redis_s2d_first_char != '\0') && (flow->redis_d2s_first_char != '\0')) { + /* + *1 + $4 + PING + +PONG + *3 + $3 + SET + $19 + dns.cache.127.0.0.1 + $9 + localhost + +OK + */ + + if(((flow->redis_s2d_first_char == '*') + && ((flow->redis_d2s_first_char == '+') || (flow->redis_d2s_first_char == ':'))) + || ((flow->redis_d2s_first_char == '*') + && ((flow->redis_s2d_first_char == '+') || (flow->redis_s2d_first_char == ':')))) { + NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Found Redis.\n"); + ndpi_int_redis_add_connection(ndpi_struct, flow); + } else { + NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude Redis.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_REDIS); + } + } else + return; /* Too early */ +} + +void ndpi_search_redis(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Redis detection...\n"); + + /* skip marked packets */ + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_REDIS) { + if (packet->tcp_retransmission == 0) { + ndpi_check_redis(ndpi_struct, flow); + } + } +} + +#endif diff --git a/src/lib/protocols/zeromq.c b/src/lib/protocols/zeromq.c new file mode 100644 index 000000000..12548a2ed --- /dev/null +++ b/src/lib/protocols/zeromq.c @@ -0,0 +1,100 @@ +/* + * zmq.c + * + * Copyright (C) 2011-15 - ntop.org + * + * nDPI is free software: you can zmqtribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_api.h" + +#ifdef NDPI_PROTOCOL_ZMQ + +static void ndpi_int_zmq_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_ZMQ, NDPI_REAL_PROTOCOL); + NDPI_LOG(NDPI_PROTOCOL_ZMQ, ndpi_struct, NDPI_LOG_TRACE, "ZMQ Found.\n"); +} + + +static void ndpi_check_zmq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + u_int32_t payload_len = packet->payload_packet_len; + u_char p0[] = { 0x00, 0x00, 0x00, 0x05, 0x01, 0x66, 0x6c, 0x6f, 0x77 }; + u_char p1[] = { 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x7f }; + u_char p2[] = { 0x28, 0x66, 0x6c, 0x6f, 0x77, 0x00 }; + + if(payload_len == 0) return; /* Shouldn't happen */ + + /* Break after 17 packets. */ + if(flow->packet_counter > 17) { + NDPI_LOG(NDPI_PROTOCOL_ZMQ, ndpi_struct, NDPI_LOG_TRACE, "Exclude ZMQ.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ZMQ); + return; + } + + if(flow->l4.tcp.prev_zmq_pkt_len == 0) { + flow->l4.tcp.prev_zmq_pkt_len = ndpi_min(packet->payload_packet_len, 10); + memcpy(flow->l4.tcp.prev_zmq_pkt, packet->payload, flow->l4.tcp.prev_zmq_pkt_len); + return; /* Too early */ + } + + if(payload_len == 2) { + if(flow->l4.tcp.prev_zmq_pkt_len == 2) { + if((memcmp(packet->payload, "\01\01", 2) == 0) + && (memcmp(flow->l4.tcp.prev_zmq_pkt, "\01\02", 2) == 0)) { + ndpi_int_zmq_add_connection(ndpi_struct, flow); + return; + } + } else if(flow->l4.tcp.prev_zmq_pkt_len == 9) { + if((memcmp(packet->payload, "\00\00", 2) == 0) + && (memcmp(flow->l4.tcp.prev_zmq_pkt, p0, 9) == 0)) { + ndpi_int_zmq_add_connection(ndpi_struct, flow); + return; + } + } else if(flow->l4.tcp.prev_zmq_pkt_len == 10) { + if((memcmp(packet->payload, "\01\02", 2) == 0) + && (memcmp(flow->l4.tcp.prev_zmq_pkt, p1, 10) == 0)) { + ndpi_int_zmq_add_connection(ndpi_struct, flow); + return; + } + } + } else if(payload_len >= 10) { + if(flow->l4.tcp.prev_zmq_pkt_len == 10) { + if(((memcmp(packet->payload, p1, 10) == 0) + && (memcmp(flow->l4.tcp.prev_zmq_pkt, p1, 10) == 0)) + || ((memcmp(&packet->payload[1], p2, sizeof(p2)) == 0) + && (memcmp(&flow->l4.tcp.prev_zmq_pkt[1], p2, sizeof(p2)) == 0))) { + ndpi_int_zmq_add_connection(ndpi_struct, flow); + return; + } + } + } +} + +void ndpi_search_zmq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG(NDPI_PROTOCOL_ZMQ, ndpi_struct, NDPI_LOG_TRACE, "ZMQ detection...\n"); + + /* skip marked packets */ + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_ZMQ) { + if (packet->tcp_retransmission == 0) { + ndpi_check_zmq(ndpi_struct, flow); + } + } +} + +#endif diff --git a/src/lib/protocols/zmq.c b/src/lib/protocols/zmq.c deleted file mode 100644 index 12548a2ed..000000000 --- a/src/lib/protocols/zmq.c +++ /dev/null @@ -1,100 +0,0 @@ -/* - * zmq.c - * - * Copyright (C) 2011-15 - ntop.org - * - * nDPI is free software: you can zmqtribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ - - -#include "ndpi_api.h" - -#ifdef NDPI_PROTOCOL_ZMQ - -static void ndpi_int_zmq_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_ZMQ, NDPI_REAL_PROTOCOL); - NDPI_LOG(NDPI_PROTOCOL_ZMQ, ndpi_struct, NDPI_LOG_TRACE, "ZMQ Found.\n"); -} - - -static void ndpi_check_zmq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; - u_int32_t payload_len = packet->payload_packet_len; - u_char p0[] = { 0x00, 0x00, 0x00, 0x05, 0x01, 0x66, 0x6c, 0x6f, 0x77 }; - u_char p1[] = { 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x7f }; - u_char p2[] = { 0x28, 0x66, 0x6c, 0x6f, 0x77, 0x00 }; - - if(payload_len == 0) return; /* Shouldn't happen */ - - /* Break after 17 packets. */ - if(flow->packet_counter > 17) { - NDPI_LOG(NDPI_PROTOCOL_ZMQ, ndpi_struct, NDPI_LOG_TRACE, "Exclude ZMQ.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ZMQ); - return; - } - - if(flow->l4.tcp.prev_zmq_pkt_len == 0) { - flow->l4.tcp.prev_zmq_pkt_len = ndpi_min(packet->payload_packet_len, 10); - memcpy(flow->l4.tcp.prev_zmq_pkt, packet->payload, flow->l4.tcp.prev_zmq_pkt_len); - return; /* Too early */ - } - - if(payload_len == 2) { - if(flow->l4.tcp.prev_zmq_pkt_len == 2) { - if((memcmp(packet->payload, "\01\01", 2) == 0) - && (memcmp(flow->l4.tcp.prev_zmq_pkt, "\01\02", 2) == 0)) { - ndpi_int_zmq_add_connection(ndpi_struct, flow); - return; - } - } else if(flow->l4.tcp.prev_zmq_pkt_len == 9) { - if((memcmp(packet->payload, "\00\00", 2) == 0) - && (memcmp(flow->l4.tcp.prev_zmq_pkt, p0, 9) == 0)) { - ndpi_int_zmq_add_connection(ndpi_struct, flow); - return; - } - } else if(flow->l4.tcp.prev_zmq_pkt_len == 10) { - if((memcmp(packet->payload, "\01\02", 2) == 0) - && (memcmp(flow->l4.tcp.prev_zmq_pkt, p1, 10) == 0)) { - ndpi_int_zmq_add_connection(ndpi_struct, flow); - return; - } - } - } else if(payload_len >= 10) { - if(flow->l4.tcp.prev_zmq_pkt_len == 10) { - if(((memcmp(packet->payload, p1, 10) == 0) - && (memcmp(flow->l4.tcp.prev_zmq_pkt, p1, 10) == 0)) - || ((memcmp(&packet->payload[1], p2, sizeof(p2)) == 0) - && (memcmp(&flow->l4.tcp.prev_zmq_pkt[1], p2, sizeof(p2)) == 0))) { - ndpi_int_zmq_add_connection(ndpi_struct, flow); - return; - } - } - } -} - -void ndpi_search_zmq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; - - NDPI_LOG(NDPI_PROTOCOL_ZMQ, ndpi_struct, NDPI_LOG_TRACE, "ZMQ detection...\n"); - - /* skip marked packets */ - if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_ZMQ) { - if (packet->tcp_retransmission == 0) { - ndpi_check_zmq(ndpi_struct, flow); - } - } -} - -#endif -- cgit v1.2.3 From 079a42c7525f14bb6dd3c39e9308c3f6600cd4f0 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 18 May 2015 16:09:57 +0200 Subject: Minor code cleanup --- src/lib/ndpi_main.c | 4 ++-- src/lib/protocols/dns.c | 2 +- src/lib/third_party/include/ndpi_patricia.h | 10 +++++----- src/lib/third_party/src/ndpi_patricia.c | 6 +++--- 4 files changed, 11 insertions(+), 11 deletions(-) (limited to 'src/lib/protocols') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b175ffe1b..722984953 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -49,8 +49,8 @@ #endif #include "ndpi_content_match.c.inc" -#include "third_party/include/patricia.h" -#include "third_party/src/patricia.c" +#include "third_party/include/ndpi_patricia.h" +#include "third_party/src/ndpi_patricia.c" #ifdef WIN32 /* http://social.msdn.microsoft.com/Forums/uk/vcgeneral/thread/963aac07-da1a-4612-be4a-faac3f1d65ca */ diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 071039340..631514afd 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -246,7 +246,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd j++, i++; } - if(a_record != 0) { + if(a_record[0] != 0) { char a_buf[32]; int i; diff --git a/src/lib/third_party/include/ndpi_patricia.h b/src/lib/third_party/include/ndpi_patricia.h index c369bd3a7..bf4a86259 100644 --- a/src/lib/third_party/include/ndpi_patricia.h +++ b/src/lib/third_party/include/ndpi_patricia.h @@ -1,5 +1,5 @@ /* - * $Id: patricia.h,v 1.6 2005/12/07 20:53:01 dplonka Exp $ + * $Id: ndpi_patricia.h,v 1.6 2005/12/07 20:53:01 dplonka Exp $ * Dave Plonka * * This product includes software developed by the University of Michigan, @@ -7,7 +7,7 @@ * * This file had been called "radix.h" in the MRT sources. * - * I renamed it to "patricia.h" since it's not an implementation of a general + * I renamed it to "ndpi_patricia.h" since it's not an implementation of a general * radix trie. Also, pulled in various requirements from "mrt.h" and added * some other things it could be used as a standalone API. @@ -38,8 +38,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef _PATRICIA_H -#define _PATRICIA_H +#ifndef _NDPI_PATRICIA_H +#define _NDPI_PATRICIA_H #ifndef WIN32 #define PATRICIA_IPV6 HAVE_IPV6 @@ -189,7 +189,7 @@ void ndpi_patricia_process (patricia_tree_t *patricia, void_fn2_t func); } \ } while (0) -#endif /* _PATRICIA_H */ +#endif /* _NDPI_PATRICIA_H */ /************************* diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index 7a95a8765..59d17e556 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -58,7 +58,7 @@ #define assert(a) ; #endif /* __KERNEL__ */ -#include "patricia.h" +#include "ndpi_patricia.h" #ifdef __KERNEL__ @@ -196,7 +196,7 @@ ndpi_my_inet_pton (int af, const char *src, void *dst) * thread safe and (almost) re-entrant implementation */ char * -ndpi_ndpi_prefix_toa2x (prefix_t *prefix, char *buff, int with_len) +ndpi_prefix_toa2x (prefix_t *prefix, char *buff, int with_len) { if(prefix == NULL) return ((char*)"(Null)"); @@ -257,7 +257,7 @@ ndpi_ndpi_prefix_toa2x (prefix_t *prefix, char *buff, int with_len) char * ndpi_prefix_toa2 (prefix_t *prefix, char *buff) { - return (ndpi_ndpi_prefix_toa2x (prefix, buff, 0)); + return (ndpi_prefix_toa2x (prefix, buff, 0)); } /* ndpi_prefix_toa -- cgit v1.2.3 From 167c83121262c4621b56f1cb3927bf5f8a5f9a69 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 18 May 2015 18:29:22 +0200 Subject: Fixed compilation warnings --- src/lib/ndpi_main.c | 2 +- src/lib/protocols/warcraft3.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib/protocols') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 722984953..7719f766e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4212,7 +4212,7 @@ unsigned int ndpi_detection_process_packet(struct ndpi_detection_module_struct * flow->packet.tick_timestamp = d; } #else - flow->packet.tick_timestamp = current_tick_l/1000; + flow->packet.tick_timestamp = (u_int32_t)current_tick_l/1000; #endif /* parse packet */ diff --git a/src/lib/protocols/warcraft3.c b/src/lib/protocols/warcraft3.c index 7780dbf6e..39c93378e 100644 --- a/src/lib/protocols/warcraft3.c +++ b/src/lib/protocols/warcraft3.c @@ -43,7 +43,7 @@ void ndpi_search_warcraft3(struct ndpi_detection_module_struct // struct ndpi_id_struct *src=ndpi_struct->src; // struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int32_t l; /* + u_int16_t l; /* Leave it as u_int32_t because otherwise 'u_int16_t temp' might overflood it and thus generate an infinite loop */ -- cgit v1.2.3 From 8f3b8ff4dfb5b7674b6d87c78c1bdb275f178d4d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 20 May 2015 09:27:04 +0200 Subject: Added fix to harden quic detection and limit it to port 80/443 UDP --- src/lib/protocols/quic.c | 193 +++++++++++++++++++++++---------------------- tests/do.sh | 5 +- tests/result/quic.pcap.out | 2 +- 3 files changed, 105 insertions(+), 95 deletions(-) (limited to 'src/lib/protocols') diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 2e1ad6628..cbc95519d 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -46,111 +46,118 @@ static void ndpi_int_quic_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_REAL_PROTOCOL); + ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_REAL_PROTOCOL); } int connect_id(const unsigned char pflags) { - u_int cid_len; + u_int cid_len; - // Check CID length. - switch (pflags & QUIC_CID_MASK) - { - case CID_LEN_8: cid_len = 8; break; - case CID_LEN_4: cid_len = 4; break; - case CID_LEN_1: cid_len = 1; break; - case CID_LEN_0: cid_len = 0; break; - default: - return -1; - - } - // Return offset. - return cid_len + 1; + // Check CID length. + switch (pflags & QUIC_CID_MASK) + { + case CID_LEN_8: cid_len = 8; break; + case CID_LEN_4: cid_len = 4; break; + case CID_LEN_1: cid_len = 1; break; + case CID_LEN_0: cid_len = 0; break; + default: + return -1; + + } + // Return offset. + return cid_len + 1; } int sequence(const unsigned char *payload) { - unsigned char conv[6] = {0}; - u_int seq_value = -1; - u_int seq_lens; - u_int cid_offs; - int i; - - // Search SEQ bytes length. - switch (payload[0] & QUIC_SEQ_MASK) - { - case SEQ_LEN_6: seq_lens = 6; break; - case SEQ_LEN_4: seq_lens = 4; break; - case SEQ_LEN_2: seq_lens = 2; break; - case SEQ_LEN_1: seq_lens = 1; break; - default: - return -1; - } - // Retrieve SEQ offset. - cid_offs = connect_id(payload[0]); - - if (cid_offs >= 0 && seq_lens > 0) - { - for (i = 0; i < seq_lens; i++) - conv[i] = payload[cid_offs + i]; - - seq_value = SEQ_CONV(conv); - } - // Return SEQ dec value; - return seq_value; + unsigned char conv[6] = {0}; + u_int seq_value = -1; + u_int seq_lens; + u_int cid_offs; + int i; + + // Search SEQ bytes length. + switch (payload[0] & QUIC_SEQ_MASK) + { + case SEQ_LEN_6: seq_lens = 6; break; + case SEQ_LEN_4: seq_lens = 4; break; + case SEQ_LEN_2: seq_lens = 2; break; + case SEQ_LEN_1: seq_lens = 1; break; + default: + return -1; + } + // Retrieve SEQ offset. + cid_offs = connect_id(payload[0]); + + if (cid_offs >= 0 && seq_lens > 0) + { + for (i = 0; i < seq_lens; i++) + conv[i] = payload[cid_offs + i]; + + seq_value = SEQ_CONV(conv); + } + // Return SEQ dec value; + return seq_value; } void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; - u_int ver_offs; - - if(packet->udp != NULL) { - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "calculating quic over udp.\n"); - - // Settings without version. First check if PUBLIC FLAGS & SEQ bytes are 0x0. SEQ must be 1 at least. - if ((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || ((packet->payload[0] & QUIC_NO_V_RES_RSV) == 0)) - { - if (sequence(packet->payload) < 1) - { - - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); - } - - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); - ndpi_int_quic_add_connection(ndpi_struct, flow); - } - - // Check if version, than the CID length. - else if (packet->payload[0] & QUIC_VER_MASK) - { - // Skip CID length. - ver_offs = connect_id(packet->payload[0]); - - if (ver_offs >= 0){ - unsigned char vers[] = {packet->payload[ver_offs], packet->payload[ver_offs + 1], - packet->payload[ver_offs + 2], packet->payload[ver_offs + 3]}; - - // Version Match. - if (vers[0] == 'Q' && vers[1] == '0' && - (vers[2] == '2' && (vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || - vers[3] == '1' || vers[3] == '0')) || - (vers[2] == '1' && (vers[3] == '9' || vers[3] == '8' || vers[3] == '7' || vers[3] == '6' || - vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || - vers[3] == '1' || vers[3] == '0')) || - (vers[2] == '0' && vers[3] == '9')) - - { - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); - ndpi_int_quic_add_connection(ndpi_struct, flow); - } - } - } else - { - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); - } - } + struct ndpi_packet_struct *packet = &flow->packet; + u_int ver_offs; + + if(packet->udp != NULL) { + u_int16_t sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); + + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "calculating quic over udp.\n"); + + if(((packet->payload[0] & 0xF0) != 0) + || (!(sport == 80 || dport == 80 || sport == 443 || dport == 443))) + goto exclude_quic; + + // Settings without version. First check if PUBLIC FLAGS & SEQ bytes are 0x0. SEQ must be 1 at least. + if ((packet->payload[0] == 0x00 && packet->payload[1] != 0x00) || ((packet->payload[0] & QUIC_NO_V_RES_RSV) == 0)) + { + if (sequence(packet->payload) < 1) + { + + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); + } + + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); + ndpi_int_quic_add_connection(ndpi_struct, flow); + } + + // Check if version, than the CID length. + else if (packet->payload[0] & QUIC_VER_MASK) + { + // Skip CID length. + ver_offs = connect_id(packet->payload[0]); + + if (ver_offs >= 0){ + unsigned char vers[] = {packet->payload[ver_offs], packet->payload[ver_offs + 1], + packet->payload[ver_offs + 2], packet->payload[ver_offs + 3]}; + + // Version Match. + if (vers[0] == 'Q' && vers[1] == '0' && + (vers[2] == '2' && (vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || + vers[3] == '1' || vers[3] == '0')) || + (vers[2] == '1' && (vers[3] == '9' || vers[3] == '8' || vers[3] == '7' || vers[3] == '6' || + vers[3] == '5' || vers[3] == '4' || vers[3] == '3' || vers[3] == '2' || + vers[3] == '1' || vers[3] == '0')) || + (vers[2] == '0' && vers[3] == '9')) + + { + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found quic.\n"); + ndpi_int_quic_add_connection(ndpi_struct, flow); + } + } + } else + { + exclude_quic: + NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude quic.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); + } + } } #endif diff --git a/tests/do.sh b/tests/do.sh index 4f81906f7..e7d28aa9c 100755 --- a/tests/do.sh +++ b/tests/do.sh @@ -15,13 +15,16 @@ build_results() { check_results() { for f in $PCAPS; do if [ -f result/$f.out ]; then - $READER -q -i pcap/$f -w /tmp/reader.out + CMD="$READER -q -i pcap/$f -w /tmp/reader.out" + $CMD NUM_DIFF=`diff result/$f.out /tmp/reader.out | wc -l` if [ $NUM_DIFF -eq 0 ]; then echo "$f\t OK" else echo "$f\t ERROR" + echo "$CMD" + diff result/$f.out /tmp/reader.out fi /bin/rm /tmp/reader.out diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index 283fb04d2..900864e4d 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -1 +1 @@ -Unknown 413 254874 1 +Quic 413 254874 1 -- cgit v1.2.3 From e4923a589c04584a2faa7d9ce35e9875f41b1153 Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 20 May 2015 16:48:36 +0200 Subject: Fixed warning --- src/lib/protocols/quic.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src/lib/protocols') diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index cbc95519d..3180ef28b 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -49,7 +49,7 @@ static void ndpi_int_quic_add_connection(struct ndpi_detection_module_struct ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_REAL_PROTOCOL); } -int connect_id(const unsigned char pflags) +static int connect_id(const unsigned char pflags) { u_int cid_len; @@ -68,12 +68,12 @@ int connect_id(const unsigned char pflags) return cid_len + 1; } -int sequence(const unsigned char *payload) +static int sequence(const unsigned char *payload) { unsigned char conv[6] = {0}; u_int seq_value = -1; - u_int seq_lens; - u_int cid_offs; + int seq_lens; + int cid_offs; int i; // Search SEQ bytes length. @@ -103,7 +103,7 @@ int sequence(const unsigned char *payload) void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - u_int ver_offs; + int ver_offs; if(packet->udp != NULL) { u_int16_t sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); -- cgit v1.2.3