From 503aac70bccfecfc920e30b5d7d32e252f0cae92 Mon Sep 17 00:00:00 2001
From: sharonenoch <52180175+sharonenoch@users.noreply.github.com>
Date: Sat, 1 Oct 2022 06:01:41 -0400
Subject: Line app support (#1759)

* Standard support for LINE app

* Added test pcap for LINE app

* make check result for LINE app

* Make check success as 1kxun has LINE packets

* Added the ASN inc file for LINE

* Removed extra lines as its effecting make check

* Editing the SNI required a new pcap output file for TLS.Line format

* Run Configure with --with-pcre --with-maxminddb to enable the generation of h323-overflow.pcap.out

Co-authored-by: Sharon Enoch <sharone@amzetta.com>
---
 src/lib/inc_generated/ndpi_asn_line.c.inc | 39 +++++++++++++++++++++++++++++++
 src/lib/ndpi_content_match.c.inc          |  2 ++
 src/lib/ndpi_main.c                       |  8 +++++++
 3 files changed, 49 insertions(+)
 create mode 100644 src/lib/inc_generated/ndpi_asn_line.c.inc

(limited to 'src/lib')

diff --git a/src/lib/inc_generated/ndpi_asn_line.c.inc b/src/lib/inc_generated/ndpi_asn_line.c.inc
new file mode 100644
index 000000000..dc131a722
--- /dev/null
+++ b/src/lib/inc_generated/ndpi_asn_line.c.inc
@@ -0,0 +1,39 @@
+/*
+ *
+ * This file is generated automatically and part of nDPI
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/* ****************************************************** */
+
+
+static ndpi_network ndpi_protocol_line_protocol_list[] = {
+ { 0x2BDF0000 /* 43.223.0.0/16 */, 16, NDPI_PROTOCOL_LINE },
+ { 0x67021C00 /* 103.2.28.0/24 */, 24, NDPI_PROTOCOL_LINE },
+ { 0x67021E00 /* 103.2.30.0/23 */, 23, NDPI_PROTOCOL_LINE },
+ { 0x77EBE000 /* 119.235.224.0/24 */, 24, NDPI_PROTOCOL_LINE },
+ { 0x77EBE800 /* 119.235.232.0/24 */, 24, NDPI_PROTOCOL_LINE },
+ { 0x77EBEB00 /* 119.235.235.0/24 */, 24, NDPI_PROTOCOL_LINE },
+ { 0x77EBEC00 /* 119.235.236.0/23 */, 23, NDPI_PROTOCOL_LINE },
+ { 0x935C8000 /* 147.92.128.0/17 */, 17, NDPI_PROTOCOL_LINE },
+ { 0xCB688000 /* 203.104.128.0/20 */, 20, NDPI_PROTOCOL_LINE },
+ { 0xCB689000 /* 203.104.144.0/21 */, 21, NDPI_PROTOCOL_LINE },
+ { 0xCB689800 /* 203.104.152.0/22 */, 22, NDPI_PROTOCOL_LINE },
+ { 0xCB689C00 /* 203.104.156.0/23 */, 23, NDPI_PROTOCOL_LINE },
+ { 0xCB689E00 /* 203.104.158.0/24 */, 24, NDPI_PROTOCOL_LINE },
+ /* End */
+ { 0x0, 0, 0 }
+};
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
index c2f32b48e..5adaa58ce 100644
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@@ -1725,6 +1725,8 @@ static ndpi_protocol_match host_match[] =
 
    { "discovery.syncthing.net", "Syncthing", NDPI_PROTOCOL_SYNCTHING, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL },
 
+   { ".line-apps.com",        "Line", NDPI_PROTOCOL_LINE, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL },
+   
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_content_match_host_match.c.inc"
 #endif
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 9871c6a59..b43cfd964 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -89,6 +89,8 @@
 #include "inc_generated/ndpi_asn_alibaba.c.inc"
 #include "inc_generated/ndpi_asn_avast.c.inc"
 #include "inc_generated/ndpi_asn_discord.c.inc"
+#include "inc_generated/ndpi_asn_line.c.inc"
+
 
 /* Third party libraries */
 #include "third_party/include/ndpi_patricia.h"
@@ -1994,6 +1996,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
                           "CryNetwork", NDPI_PROTOCOL_CATEGORY_GAME,
                           ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
                           ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+  ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LINE,
+                         "Line", NDPI_PROTOCOL_CATEGORY_CHAT,
+                          ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+                          ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main.c"
@@ -2650,6 +2657,7 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
       ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_alibaba_protocol_list);
       ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_avast_protocol_list);
       ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_discord_protocol_list);
+      ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_line_protocol_list);
     }
   }
 
-- 
cgit v1.2.3