From d3d6a95da74df48d66cfbc5eca4df72eacf85906 Mon Sep 17 00:00:00 2001 From: "huniya arif, xflowResearch" Date: Thu, 14 Sep 2017 11:05:20 +0500 Subject: Added protocol LISP. By Huniya Arif xFlow Research --- src/include/ndpi_define.h | 297 ++++++++++++++++++++++++++++++++++++++++ src/include/ndpi_protocol_ids.h | 3 +- src/include/ndpi_protocols.h | 2 + src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 8 ++ src/lib/protocols/lisp.c | 68 +++++++++ 6 files changed, 378 insertions(+), 1 deletion(-) create mode 100644 src/include/ndpi_define.h create mode 100644 src/lib/protocols/lisp.c (limited to 'src') diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h new file mode 100644 index 000000000..84155d027 --- /dev/null +++ b/src/include/ndpi_define.h @@ -0,0 +1,297 @@ +/* + * + * Copyright (C) 2011-17 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#ifndef __NDPI_DEFINE_INCLUDE_FILE__ +#define __NDPI_DEFINE_INCLUDE_FILE__ + +/* + gcc -E -dM - < /dev/null |grep ENDIAN +*/ + +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) +#include +#endif + +#ifdef __OpenBSD__ +#include +#define __BYTE_ORDER BYTE_ORDER +#if BYTE_ORDER == LITTLE_ENDIAN +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif/* BYTE_ORDER */ +#endif/* __OPENBSD__ */ + + +#if __BYTE_ORDER == __LITTLE_ENDIAN +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#endif +#else +#ifndef __BIG_ENDIAN__ +#define __BIG_ENDIAN__ +#endif +#endif + +#ifdef WIN32 +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ 1 +#endif +#endif + +#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) +#if defined(__mips__) +#undef __LITTLE_ENDIAN__ +#undef __LITTLE_ENDIAN +#define __BIG_ENDIAN__ +#endif + +/* Everything else */ +#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) +#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif +#endif + +#endif + +#define NDPI_USE_ASYMMETRIC_DETECTION 0 +#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t + +#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3) +#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4) +#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5) +#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6) +#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7) +#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8) +/* now combined detections */ + +/* v4 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + +/* v6 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + +/* v4 or v6 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +/* safe src/dst protocol check macros... */ + +#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0) + +#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0) + +#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol)) + +/** + * convenience macro to check for excluded protocol + * a protocol is excluded if the flow is known and either the protocol is not detected at all + * or the excluded bitmask contains the protocol + */ +#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \ + ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \ + NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) ) + +/* misc definitions */ +#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 + + +/* TODO: rebuild all memory areas to have a more aligned memory block here */ + +/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */ +#define NDPI_MAX_PARSE_LINES_PER_PACKET 64 + +#define MAX_PACKET_COUNTER 65000 +#define MAX_DEFAULT_PORTS 5 + +#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 +#define NDPI_IRC_CONNECTION_TIMEOUT 120 +#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 +#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 +#define NDPI_THUNDER_CONNECTION_TIMEOUT 30 +#define NDPI_RTSP_CONNECTION_TIMEOUT 5 +#define NDPI_TVANTS_CONNECTION_TIMEOUT 5 +#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 +#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 +#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 +#define NDPI_ZATTOO_FLASH_TIMEOUT 5 +#define NDPI_JABBER_STUN_TIMEOUT 30 +#define NDPI_JABBER_FT_TIMEOUT 5 +#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 + +#ifdef NDPI_ENABLE_DEBUG_MESSAGES +#define NDPI_LOG(proto, m, log_level, args...) \ + { \ + struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ + if(mod != NULL) { \ + mod->ndpi_debug_print_file=__FILE__; \ + mod->ndpi_debug_print_function=__FUNCTION__; \ + mod->ndpi_debug_print_line=__LINE__; \ + (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ + } \ + } +#else /* NDPI_ENABLE_DEBUG_MESSAGES */ +#ifdef WIN32 +#define NDPI_LOG(...) {} +#else +#define NDPI_LOG(proto, mod, log_level, args...) {} +#endif +#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ + +/** + * macro for getting the string len of a static string + * + * use it instead of strlen to avoid runtime calculations + */ +#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) + +/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ +#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ + ((((u_int64_t *)(x))[0]) < (((u_int64_t *)(y))[0]) || ( (((u_int64_t *)(x))[0]) == (((u_int64_t *)(y))[0]) && (((u_int64_t *)(x))[1]) < (((u_int64_t *)(y))[1])) ) + +#define NDPI_NUM_BITS 256 + +#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */ +#define howmanybits(x, y) (((x)+((y)-1))/(y)) + + +#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) +#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) + +#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS) + +#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t + +#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b) +#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b) +#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a) +#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a) +#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); } + +/* this is a very very tricky macro *g*, + * the compiler will remove all shifts here if the protocol is static... + */ +#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask,value) +#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask,value) +#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask,value) + +#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); } + + +#define ndpi_min(a,b) ((a < b) ? a : b) +#define ndpi_max(a,b) ((a > b) ? a : b) + +#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \ + if (packet->packet_lines_parsed_complete != 1) { \ + ndpi_parse_packet_line_info(ndpi_struct,flow); \ + } \ + +#define NDPI_IPSEC_PROTOCOL_ESP 50 +#define NDPI_IPSEC_PROTOCOL_AH 51 +#define NDPI_GRE_PROTOCOL_TYPE 0x2F +#define NDPI_ICMP_PROTOCOL_TYPE 0x01 +#define NDPI_IGMP_PROTOCOL_TYPE 0x02 +#define NDPI_EGP_PROTOCOL_TYPE 0x08 +#define NDPI_OSPF_PROTOCOL_TYPE 0x59 +#define NDPI_SCTP_PROTOCOL_TYPE 132 +#define NDPI_IPIP_PROTOCOL_TYPE 0x04 +#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a + +/* the get_uXX will return raw network packet bytes !! */ +#define get_u_int8_t(X,O) (*(u_int8_t *)(((u_int8_t *)X) + O)) +#define get_u_int16_t(X,O) (*(u_int16_t *)(((u_int8_t *)X) + O)) +#define get_u_int32_t(X,O) (*(u_int32_t *)(((u_int8_t *)X) + O)) +#define get_u_int64_t(X,O) (*(u_int64_t *)(((u_int8_t *)X) + O)) + +/* new definitions to get little endian from network bytes */ +#define get_ul8(X,O) get_u_int8_t(X,O) + + +#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) +#define get_l16(X,O) get_u_int16_t(X,O) +#define get_l32(X,O) get_u_int32_t(X,O) +#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN) +/* convert the bytes from big to little endian */ +# define get_l16(X,O) bswap_16(get_u_int16_t(X,O)) +# define get_l32(X,O) bswap_32(get_u_int32_t(X,O)) +#else +#error "__BYTE_ORDER MUST BE DEFINED !" +#endif /* __BYTE_ORDER */ + +/* define memory callback function */ +#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0) + +#if defined(WIN32) && !defined(snprintf) +#define snprintf _snprintf +#endif + +#define NDPI_MAX_DNS_REQUESTS 16 + +#define NDPI_MAJOR 2 +#define NDPI_MINOR 1 +#define NDPI_PATCH 0 + +#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 1ba8d3b89..bd0c8e999 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -273,9 +273,10 @@ #define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo */ #define NDPI_PROTOCOL_SOUNDCLOUD 234 #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ +#define NDPI_PROTOCOL_LISP 236 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_CSGO +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LISP #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index adfd19b17..ef248027a 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -53,6 +53,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st /* Applications and other protocols. */ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -209,6 +210,7 @@ void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_teredo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 740e3ee48..c2b4e4b13 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -71,6 +71,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/kontiki.c \ protocols/ldap.c \ protocols/lotus_notes.c \ + protocols/lisp.c \ protocols/mail_imap.c \ protocols/mail_pop.c \ protocols/mail_smtp.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ffb4ed909..f0b0407bb 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1390,6 +1390,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LISP, + no_master, + no_master, "LISP", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 4342, 4341, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ, no_master, no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK, @@ -2735,6 +2740,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* CSGO */ init_csgo_dissector(ndpi_struct, &a, detection_bitmask); + /* LISP */ + init_my_lisp_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ ndpi_struct->callback_buffer_size = a; diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c new file mode 100644 index 000000000..37077029c --- /dev/null +++ b/src/lib/protocols/lisp.c @@ -0,0 +1,68 @@ +#include "ndpi_api.h" +#ifdef NDPI_PROTOCOL_LISP + +#define LISP_PORT 4341 +#define LISP_PORT1 4342 + +static void ndpi_int_lisp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int8_t due_to_correlation) +{ + + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LISP, NDPI_PROTOCOL_UNKNOWN); +} + +static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + + struct ndpi_packet_struct *packet = &flow->packet; + u_int32_t payload_len = packet->payload_packet_len; + + if(packet->udp != NULL) { + + u_int16_t lisp_port = htons(LISP_PORT); + u_int16_t lisp_port1 = htons(LISP_PORT1); + + if(((packet->udp->source == lisp_port) + && (packet->udp->dest == lisp_port)) || + ((packet->udp->source == lisp_port1) + && (packet->udp->dest == lisp_port1)) ) { + + NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "Found lisp.\n"); + ndpi_int_lisp_add_connection(ndpi_struct, flow, 0); + return; + + } + } + + NDPI_LOG(NDPI_PROTOCOL_lisp, ndpi_struct, NDPI_LOG_DEBUG, "exclude lisp.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LISP); +} + +void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "lisp detection...\n"); + + /* skip marked packets */ + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_LISP) { + + ndpi_check_lisp(ndpi_struct, flow); + + } +} + + +void init_my_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("LISP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_LISP, + ndpi_search_lisp, + NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} + +#endif -- cgit v1.2.3 From d4d4f2a17c9fdd641f754305ef6de2711ab2c19f Mon Sep 17 00:00:00 2001 From: "huniya arif, xflowResearch" Date: Thu, 14 Sep 2017 11:38:31 +0500 Subject: Added LISP protocol. By Huniya Arif (xFlowResearch) --- src/include/ndpi_main.h | 2 +- src/lib/ndpi_main.c | 2 +- src/lib/protocols/lisp.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 24bdcb171..79eeab8f1 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -28,8 +28,8 @@ #include "ndpi_define.h" #include "ndpi_protocol_ids.h" #include "ndpi_typedefs.h" -#include "ndpi_protocols.h" #include "ndpi_api.h" +#include "ndpi_protocols.h" #ifdef __cplusplus extern "C" { diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f0b0407bb..26983f0a8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2741,7 +2741,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n init_csgo_dissector(ndpi_struct, &a, detection_bitmask); /* LISP */ - init_my_lisp_dissector(ndpi_struct, &a, detection_bitmask); + init_lisp_dissector(ndpi_struct, &a, detection_bitmask); /* ----------------------------------------------------------------- */ diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index 37077029c..531f7f68f 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -54,7 +54,7 @@ void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct n } -void init_my_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("LISP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_LISP, -- cgit v1.2.3 From f7e9264c36d0e94844a645588cddaafa192fd48d Mon Sep 17 00:00:00 2001 From: "huniya arif, xflowResearch" Date: Thu, 14 Sep 2017 12:52:18 +0500 Subject: LISP PROTOCOL by Huniya Arif (xFlowResearch) --- configure.ac | 116 ------------------ src/include/ndpi_define.h | 297 ---------------------------------------------- 2 files changed, 413 deletions(-) delete mode 100644 configure.ac delete mode 100644 src/include/ndpi_define.h (limited to 'src') diff --git a/configure.ac b/configure.ac deleted file mode 100644 index 5e54d7813..000000000 --- a/configure.ac +++ /dev/null @@ -1,116 +0,0 @@ -AC_INIT([libndpi], [2.1.0]) - -AC_CONFIG_MACRO_DIR([m4]) - -AM_INIT_AUTOMAKE([foreign subdir-objects]) - -LT_INIT - -AC_PROG_CC -AM_PROG_CC_C_O -AX_PTHREAD - -NDPI_MAJOR="2" -NDPI_MINOR="1" -NDPI_PATCH="0" - -AC_DEFINE_UNQUOTED(NDPI_MAJOR_RELEASE, "${NDPI_MAJOR}", [nDPI major release]) -AC_DEFINE_UNQUOTED(NDPI_MINOR_RELEASE, "${NDPI_MINOR}", [nDPI minor release]) -AC_DEFINE_UNQUOTED(NDPI_PATCH_LEVEL, "${NDPI_PATCH}", [nDPI patch level]) - -if test -d ".git"; then : - GIT_TAG=`git log -1 --format=%h` - GIT_DATE=`git log -1 --format=%cd` - # - # On CentOS 6 `git rev-list HEAD --count` does not work - # - # - GIT_NUM=`git log --pretty=oneline | wc -l | tr -d '[[:space:]]'` - GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}" -else - GIT_RELEASE="${PACKAGE_VERSION}" - GIT_DATE=`date` -fi - -AC_DEFINE_UNQUOTED(NDPI_GIT_RELEASE, "${GIT_RELEASE}", [GIT Release]) -AC_DEFINE_UNQUOTED(NDPI_GIT_DATE, "${GIT_DATE}", [Last GIT change]) - -AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) - -PCAP_HOME=$HOME/PF_RING/userland - -if test -d $PCAP_HOME; then : - echo -n "" -else - PCAP_HOME=`pwd`/../../PF_RING/userland -fi -SHORT_MACHINE=`uname -m | cut -b1-3` -if test $SHORT_MACHINE = "arm"; then - LIBNUMA="" -else - AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) -fi - -if test -f $PCAP_HOME/libpcap/libpcap.a; then : - echo "Using libpcap from $PCAP_HOME" - PCAP_INC="-I $PCAP_HOME/libpcap" - PCAP_LIB="$PCAP_HOME/libpcap/libpcap.a $PCAP_HOME/lib/libpfring.a $LIBNUMA `$PCAP_HOME/lib/pfring_config --libs`" - - AC_CHECK_LIB([rt], [clock_gettime], [PCAP_LIB="$PCAP_LIB -lrt"]) - AC_CHECK_LIB([nl], [nl_handle_alloc], [PCAP_LIB="$PCAP_LIB -lnl"]) - # The dlopen() function is in libdl on GLIBC-based systems - # and in the C library for *BSD systems - AC_CHECK_LIB([dl], [dlopen, dlsym], [DL_LIB="-ldl"], - [AC_CHECK_LIB([c], [dlopen, dlsym], [DL_LIB="-lc"], - [AC_MSG_ERROR([unable to find the dlopen(), dlsym() functions]) ]) ]) -else - AC_CHECK_LIB([pcap], [pcap_open_live], [PCAP_LIB="-lpcap"]) - - if test $ac_cv_lib_pcap_pcap_open_live = "no"; then : - echo "" - echo "ERROR: Missing libpcap(-dev) library required to compile the example application" - echo "ERROR: Please install it and try again" - exit - fi -fi - -dnl> https://github.com/json-c/json-c -AC_ARG_ENABLE([json-c], - AS_HELP_STRING([--disable-json-c], [Disable json-c support])) - -AS_IF([test "x$enable_json_c" != "xno"], [ - PKG_CONFIG_PATH=/usr/local/share/pkgconfig:$PKG_CONFIG_PATH - pkg-config --exists json-c - AS_IF([test "$?" == "0"], - [ - CFLAGS="$CFLAGS $(pkg-config --cflags json-c)" - LDFLAGS="$LDFLAGS $(pkg-config --libs json-c)" - AC_CHECK_LIB(json-c, json_object_new_object, AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present])) - ], - [ - JSONC_HOME="$HOME/json-c" - if test -d "$JSONC_HOME"; then : - CFLAGS="$CFLAGS -I $JSONC_HOME" - LDFLAGS="$LDFLAGS $JSONC_HOME/.libs/libjson-c.a" - AC_MSG_RESULT([Found json-c in $JSONC_HOME]) - AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present]) - fi - ]) - ]) - -AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) - -AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) -AC_CONFIG_HEADERS(config.h) -AC_SUBST(GIT_RELEASE) -AC_SUBST(NDPI_MAJOR) -AC_SUBST(NDPI_MINOR) -AC_SUBST(NDPI_PATCH) -AC_SUBST(SVN_DATE) -AC_SUBST(JSON_C_LIB) -AC_SUBST(PCAP_INC) -AC_SUBST(PCAP_LIB) -AC_SUBST(DL_LIB) -AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) - -AC_OUTPUT diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h deleted file mode 100644 index 84155d027..000000000 --- a/src/include/ndpi_define.h +++ /dev/null @@ -1,297 +0,0 @@ -/* - * - * Copyright (C) 2011-17 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ - -#ifndef __NDPI_DEFINE_INCLUDE_FILE__ -#define __NDPI_DEFINE_INCLUDE_FILE__ - -/* - gcc -E -dM - < /dev/null |grep ENDIAN -*/ - -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) -#include -#endif - -#ifdef __OpenBSD__ -#include -#define __BYTE_ORDER BYTE_ORDER -#if BYTE_ORDER == LITTLE_ENDIAN -#define __LITTLE_ENDIAN__ -#else -#define __BIG_ENDIAN__ -#endif/* BYTE_ORDER */ -#endif/* __OPENBSD__ */ - - -#if __BYTE_ORDER == __LITTLE_ENDIAN -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#endif -#else -#ifndef __BIG_ENDIAN__ -#define __BIG_ENDIAN__ -#endif -#endif - -#ifdef WIN32 -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ 1 -#endif -#endif - -#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) -#if defined(__mips__) -#undef __LITTLE_ENDIAN__ -#undef __LITTLE_ENDIAN -#define __BIG_ENDIAN__ -#endif - -/* Everything else */ -#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) -#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#else -#define __BIG_ENDIAN__ -#endif -#endif - -#endif - -#define NDPI_USE_ASYMMETRIC_DETECTION 0 -#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t - -#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3) -#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4) -#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5) -#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6) -#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7) -#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8) -/* now combined detections */ - -/* v4 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - -/* v6 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - -/* v4 or v6 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -/* safe src/dst protocol check macros... */ - -#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0) - -#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0) - -#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol)) - -/** - * convenience macro to check for excluded protocol - * a protocol is excluded if the flow is known and either the protocol is not detected at all - * or the excluded bitmask contains the protocol - */ -#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \ - ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \ - NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) ) - -/* misc definitions */ -#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 - - -/* TODO: rebuild all memory areas to have a more aligned memory block here */ - -/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */ -#define NDPI_MAX_PARSE_LINES_PER_PACKET 64 - -#define MAX_PACKET_COUNTER 65000 -#define MAX_DEFAULT_PORTS 5 - -#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 -#define NDPI_IRC_CONNECTION_TIMEOUT 120 -#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 -#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 -#define NDPI_THUNDER_CONNECTION_TIMEOUT 30 -#define NDPI_RTSP_CONNECTION_TIMEOUT 5 -#define NDPI_TVANTS_CONNECTION_TIMEOUT 5 -#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 -#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 -#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 -#define NDPI_ZATTOO_FLASH_TIMEOUT 5 -#define NDPI_JABBER_STUN_TIMEOUT 30 -#define NDPI_JABBER_FT_TIMEOUT 5 -#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 - -#ifdef NDPI_ENABLE_DEBUG_MESSAGES -#define NDPI_LOG(proto, m, log_level, args...) \ - { \ - struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ - if(mod != NULL) { \ - mod->ndpi_debug_print_file=__FILE__; \ - mod->ndpi_debug_print_function=__FUNCTION__; \ - mod->ndpi_debug_print_line=__LINE__; \ - (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ - } \ - } -#else /* NDPI_ENABLE_DEBUG_MESSAGES */ -#ifdef WIN32 -#define NDPI_LOG(...) {} -#else -#define NDPI_LOG(proto, mod, log_level, args...) {} -#endif -#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ - -/** - * macro for getting the string len of a static string - * - * use it instead of strlen to avoid runtime calculations - */ -#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) - -/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ -#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ - ((((u_int64_t *)(x))[0]) < (((u_int64_t *)(y))[0]) || ( (((u_int64_t *)(x))[0]) == (((u_int64_t *)(y))[0]) && (((u_int64_t *)(x))[1]) < (((u_int64_t *)(y))[1])) ) - -#define NDPI_NUM_BITS 256 - -#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */ -#define howmanybits(x, y) (((x)+((y)-1))/(y)) - - -#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) -#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) - -#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS) - -#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t - -#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b) -#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b) -#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a) -#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a) -#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); } - -/* this is a very very tricky macro *g*, - * the compiler will remove all shifts here if the protocol is static... - */ -#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask,value) -#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask,value) -#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask,value) - -#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); } - - -#define ndpi_min(a,b) ((a < b) ? a : b) -#define ndpi_max(a,b) ((a > b) ? a : b) - -#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \ - if (packet->packet_lines_parsed_complete != 1) { \ - ndpi_parse_packet_line_info(ndpi_struct,flow); \ - } \ - -#define NDPI_IPSEC_PROTOCOL_ESP 50 -#define NDPI_IPSEC_PROTOCOL_AH 51 -#define NDPI_GRE_PROTOCOL_TYPE 0x2F -#define NDPI_ICMP_PROTOCOL_TYPE 0x01 -#define NDPI_IGMP_PROTOCOL_TYPE 0x02 -#define NDPI_EGP_PROTOCOL_TYPE 0x08 -#define NDPI_OSPF_PROTOCOL_TYPE 0x59 -#define NDPI_SCTP_PROTOCOL_TYPE 132 -#define NDPI_IPIP_PROTOCOL_TYPE 0x04 -#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a - -/* the get_uXX will return raw network packet bytes !! */ -#define get_u_int8_t(X,O) (*(u_int8_t *)(((u_int8_t *)X) + O)) -#define get_u_int16_t(X,O) (*(u_int16_t *)(((u_int8_t *)X) + O)) -#define get_u_int32_t(X,O) (*(u_int32_t *)(((u_int8_t *)X) + O)) -#define get_u_int64_t(X,O) (*(u_int64_t *)(((u_int8_t *)X) + O)) - -/* new definitions to get little endian from network bytes */ -#define get_ul8(X,O) get_u_int8_t(X,O) - - -#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) -#define get_l16(X,O) get_u_int16_t(X,O) -#define get_l32(X,O) get_u_int32_t(X,O) -#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN) -/* convert the bytes from big to little endian */ -# define get_l16(X,O) bswap_16(get_u_int16_t(X,O)) -# define get_l32(X,O) bswap_32(get_u_int32_t(X,O)) -#else -#error "__BYTE_ORDER MUST BE DEFINED !" -#endif /* __BYTE_ORDER */ - -/* define memory callback function */ -#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0) - -#if defined(WIN32) && !defined(snprintf) -#define snprintf _snprintf -#endif - -#define NDPI_MAX_DNS_REQUESTS 16 - -#define NDPI_MAJOR 2 -#define NDPI_MINOR 1 -#define NDPI_PATCH 0 - -#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ -- cgit v1.2.3