From d8d525fff2dc34db62de2598767046de813e4f0d Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Wed, 27 Jul 2022 11:46:45 +0200 Subject: Update the protocol bitmask for some protocols (#1675) Tcp retransmissions should be ignored. Remove some unused protocol bitmasks. Update script to download Whatsapp IP list. --- src/include/ndpi_define.h.in | 9 ------ src/lib/inc_generated/ndpi_whatsapp_match.c.inc | 39 +++++++++++++++++++++++-- src/lib/ndpi_main.c | 6 ++-- src/lib/protocols/aimini.c | 2 +- src/lib/protocols/ajp.c | 2 +- src/lib/protocols/amazon_video.c | 2 +- src/lib/protocols/amqp.c | 2 +- src/lib/protocols/apple_push.c | 2 +- src/lib/protocols/bittorrent.c | 2 -- src/lib/protocols/cassandra.c | 2 +- src/lib/protocols/ciscovpn.c | 2 +- src/lib/protocols/directdownloadlink.c | 2 +- src/lib/protocols/dnscrypt.c | 2 +- src/lib/protocols/edonkey.c | 7 +---- src/lib/protocols/h323.c | 2 +- src/lib/protocols/hangout.c | 2 +- src/lib/protocols/http.c | 2 +- src/lib/protocols/icecast.c | 2 +- src/lib/protocols/memcached.c | 2 +- src/lib/protocols/mongodb.c | 2 +- src/lib/protocols/mqtt.c | 2 +- src/lib/protocols/nest_log_sink.c | 2 +- src/lib/protocols/ookla.c | 2 +- src/lib/protocols/openvpn.c | 2 +- src/lib/protocols/ppstream.c | 2 +- src/lib/protocols/rtcp.c | 2 +- src/lib/protocols/rtsp.c | 2 +- src/lib/protocols/soap.c | 2 +- src/lib/protocols/someip.c | 2 +- src/lib/protocols/sopcast.c | 2 +- src/lib/protocols/steam.c | 2 +- src/lib/protocols/teamspeak.c | 2 +- src/lib/protocols/teamviewer.c | 2 +- src/lib/protocols/telegram.c | 5 +--- src/lib/protocols/tvuplayer.c | 2 +- src/lib/protocols/ultrasurf.c | 2 +- src/lib/protocols/warcraft3.c | 2 +- src/lib/protocols/websocket.c | 4 +-- src/lib/protocols/zattoo.c | 2 +- 39 files changed, 77 insertions(+), 59 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index 70107cae9..e591f3eda 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -107,20 +107,11 @@ #define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) #define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - /* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ #define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) #define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) #define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - #define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) #define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) #define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) diff --git a/src/lib/inc_generated/ndpi_whatsapp_match.c.inc b/src/lib/inc_generated/ndpi_whatsapp_match.c.inc index 4b5651f13..c19098f48 100644 --- a/src/lib/inc_generated/ndpi_whatsapp_match.c.inc +++ b/src/lib/inc_generated/ndpi_whatsapp_match.c.inc @@ -21,8 +21,11 @@ static ndpi_network ndpi_protocol_whatsapp_protocol_list[] = { - { 0x1F0D4033 /* 31.13.64.51/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, - { 0x1F0D4035 /* 31.13.64.53/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, + { 0x0321DD30 /* 3.33.221.48/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, + { 0x0321FC3D /* 3.33.252.61/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, + { 0x0FC5CED9 /* 15.197.206.217/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, + { 0x0FC5D2D0 /* 15.197.210.208/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, + { 0x1F0D403C /* 31.13.64.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, { 0x1F0D4131 /* 31.13.65.49/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, { 0x1F0D4132 /* 31.13.65.50/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, { 0x1F0D4233 /* 31.13.66.51/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, @@ -201,6 +204,38 @@ static ndpi_network ndpi_protocol_whatsapp_protocol_list[] = { { 0x9DF0FC3C /* 157.240.252.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, { 0x9DF0FD3C /* 157.240.253.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, { 0x9DF0FE3C /* 157.240.254.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346803C /* 163.70.128.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346813C /* 163.70.129.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346823C /* 163.70.130.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346833C /* 163.70.131.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346843C /* 163.70.132.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346853C /* 163.70.133.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346863C /* 163.70.134.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346873C /* 163.70.135.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346883C /* 163.70.136.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346893C /* 163.70.137.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3468A3C /* 163.70.138.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3468B3C /* 163.70.139.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3468C3C /* 163.70.140.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3468D3C /* 163.70.141.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3468E3C /* 163.70.142.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3468F3C /* 163.70.143.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346903C /* 163.70.144.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346913C /* 163.70.145.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346923C /* 163.70.146.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346933C /* 163.70.147.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346943C /* 163.70.148.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346953C /* 163.70.149.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346963C /* 163.70.150.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346973C /* 163.70.151.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346983C /* 163.70.152.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA346993C /* 163.70.153.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3469A3C /* 163.70.154.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3469B3C /* 163.70.155.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3469C3C /* 163.70.156.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3469D3C /* 163.70.157.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3469E3C /* 163.70.158.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, + { 0xA3469F3C /* 163.70.159.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, { 0xB33CC031 /* 179.60.192.49/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, { 0xB33CC033 /* 179.60.192.51/32 */, 32, NDPI_PROTOCOL_WHATSAPP }, { 0xB33CC13C /* 179.60.193.60/31 */, 31, NDPI_PROTOCOL_WHATSAPP }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5f6ff9aa5..9337d003f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -6383,8 +6383,10 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct flow->tree_risk_checked = 1; } - /* It is common to not trigger any dissectors for pure TCP ACK packets */ - if(num_calls == 0 && packet->payload_packet_len != 0) + /* It is common to don't trigger any dissectors for pure TCP ACKs + and for for retransmissions */ + if(num_calls == 0 && + (packet->tcp_retransmission == 0 && packet->payload_packet_len != 0)) flow->fail_with_unknown = 1; flow->num_dissector_calls += num_calls; diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c index 297d180bc..b6ddb78ee 100644 --- a/src/lib/protocols/aimini.c +++ b/src/lib/protocols/aimini.c @@ -262,7 +262,7 @@ void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ndpi_set_bitmask_protocol_detection("Aimini", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_AIMINI, ndpi_search_aimini, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/ajp.c b/src/lib/protocols/ajp.c index 0afe8736b..f2a9ec920 100644 --- a/src/lib/protocols/ajp.c +++ b/src/lib/protocols/ajp.c @@ -139,7 +139,7 @@ void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct, { ndpi_set_bitmask_protocol_detection("AJP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_AJP, ndpi_search_ajp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/amazon_video.c b/src/lib/protocols/amazon_video.c index 6250962bd..afe1e2095 100644 --- a/src/lib/protocols/amazon_video.c +++ b/src/lib/protocols/amazon_video.c @@ -71,7 +71,7 @@ void init_amazon_video_dissector(struct ndpi_detection_module_struct *ndpi_struc ndpi_set_bitmask_protocol_detection("AMAZON_VIDEO", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_AMAZON_VIDEO, ndpi_search_amazon_video, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c index 082df1a10..890c113b6 100644 --- a/src/lib/protocols/amqp.c +++ b/src/lib/protocols/amqp.c @@ -78,7 +78,7 @@ void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("AMQP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_AMQP, ndpi_search_amqp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c index fab5dc85f..04fa11a80 100644 --- a/src/lib/protocols/apple_push.c +++ b/src/lib/protocols/apple_push.c @@ -100,7 +100,7 @@ void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("APPLE_PUSH", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_APPLE_PUSH, ndpi_search_apple_push, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index 435dc1089..505f2ad16 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -477,8 +477,6 @@ static void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_str } if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_BITTORRENT) { - /* check for tcp retransmission here */ - if(packet->tcp != NULL) { ndpi_int_search_bittorrent_tcp(ndpi_struct, flow); } else if(packet->udp != NULL) { diff --git a/src/lib/protocols/cassandra.c b/src/lib/protocols/cassandra.c index 058590ba9..154882f81 100644 --- a/src/lib/protocols/cassandra.c +++ b/src/lib/protocols/cassandra.c @@ -142,7 +142,7 @@ void init_cassandra_dissector(struct ndpi_detection_module_struct *ndpi_struct, *id, NDPI_PROTOCOL_CASSANDRA, ndpi_search_cassandra, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c index a356dd6cf..d33fedbef 100644 --- a/src/lib/protocols/ciscovpn.c +++ b/src/lib/protocols/ciscovpn.c @@ -75,7 +75,7 @@ void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u ndpi_set_bitmask_protocol_detection("CiscoVPN", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_CISCOVPN, ndpi_search_ciscovpn, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index 404f447e6..e11498c51 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -717,7 +717,7 @@ void init_directdownloadlink_dissector(struct ndpi_detection_module_struct *ndpi ndpi_set_bitmask_protocol_detection("Direct_Download_Link", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_search_direct_download_link_tcp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/dnscrypt.c b/src/lib/protocols/dnscrypt.c index 1480abd62..3191c305b 100644 --- a/src/lib/protocols/dnscrypt.c +++ b/src/lib/protocols/dnscrypt.c @@ -71,7 +71,7 @@ void init_dnscrypt_dissector(struct ndpi_detection_module_struct *ndpi_struct, u { ndpi_set_bitmask_protocol_detection( "DNScrypt", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_DNSCRYPT, ndpi_search_dnscrypt, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_PROTOCOL_DNSCRYPT, ndpi_search_dnscrypt, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; } diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c index 5dfb9b6bd..54ccbbeca 100644 --- a/src/lib/protocols/edonkey.c +++ b/src/lib/protocols/edonkey.c @@ -165,11 +165,6 @@ static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, return; } - if(payload_len == 0) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - return; - } - /* Check if we so far detected the protocol in the request or not. */ if(flow->edonkey_stage == 0) { NDPI_LOG_DBG2(ndpi_struct, "EDONKEY stage 0: \n"); @@ -218,7 +213,7 @@ void init_edonkey_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ndpi_set_bitmask_protocol_detection("eDonkey", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_EDONKEY, ndpi_search_edonkey, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c index c52ddb0f6..8cb819448 100644 --- a/src/lib/protocols/h323.c +++ b/src/lib/protocols/h323.c @@ -122,7 +122,7 @@ void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("H323", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_H323, ndpi_search_h323, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index 35ca5c630..3c463bbc6 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -129,7 +129,7 @@ void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ndpi_set_bitmask_protocol_detection("GoogleHangout", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_HANGOUT_DUO, ndpi_search_hangout, - NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, /* TODO: IPv6? */ + NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, /* TODO: IPv6? */ SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index dd63c27a4..6e2cf924b 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -1470,7 +1470,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("HTTP",ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_HTTP, ndpi_search_http_tcp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/icecast.c b/src/lib/protocols/icecast.c index c8dac6b48..fa7ecaa2b 100644 --- a/src/lib/protocols/icecast.c +++ b/src/lib/protocols/icecast.c @@ -92,7 +92,7 @@ void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ndpi_set_bitmask_protocol_detection("IceCast", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_ICECAST, ndpi_search_icecast_tcp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/memcached.c b/src/lib/protocols/memcached.c index 6c8514f76..fa988bf3e 100644 --- a/src/lib/protocols/memcached.c +++ b/src/lib/protocols/memcached.c @@ -185,7 +185,7 @@ void init_memcached_dissector( ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_MEMCACHED, ndpi_search_memcached, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/mongodb.c b/src/lib/protocols/mongodb.c index 1f09efd63..1f1619141 100644 --- a/src/lib/protocols/mongodb.c +++ b/src/lib/protocols/mongodb.c @@ -150,7 +150,7 @@ void init_mongodb_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("MongoDB", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_MONGODB, ndpi_search_mongodb, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c index 4d6773abe..25594ad33 100644 --- a/src/lib/protocols/mqtt.c +++ b/src/lib/protocols/mqtt.c @@ -268,7 +268,7 @@ void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection ("MQTT", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_MQTT, ndpi_search_mqtt, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id +=1; } diff --git a/src/lib/protocols/nest_log_sink.c b/src/lib/protocols/nest_log_sink.c index 2f6a9f7a9..01bce9e64 100644 --- a/src/lib/protocols/nest_log_sink.c +++ b/src/lib/protocols/nest_log_sink.c @@ -71,7 +71,7 @@ void init_nest_log_sink_dissector( ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_NEST_LOG_SINK, ndpi_search_nest_log_sink, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/ookla.c b/src/lib/protocols/ookla.c index 968f3e1c8..5f4c170bf 100644 --- a/src/lib/protocols/ookla.c +++ b/src/lib/protocols/ookla.c @@ -141,7 +141,7 @@ void init_ookla_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("Ookla", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_OOKLA, ndpi_search_ookla, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/openvpn.c b/src/lib/protocols/openvpn.c index 4a7c6567d..0ecef5cc8 100644 --- a/src/lib/protocols/openvpn.c +++ b/src/lib/protocols/openvpn.c @@ -181,7 +181,7 @@ void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("OpenVPN", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_OPENVPN, ndpi_search_openvpn, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c index 069991feb..b5af62e5c 100644 --- a/src/lib/protocols/ppstream.c +++ b/src/lib/protocols/ppstream.c @@ -228,7 +228,7 @@ void init_ppstream_dissector(struct ndpi_detection_module_struct *ndpi_struct, u ndpi_set_bitmask_protocol_detection("PPStream", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_PPSTREAM, ndpi_search_ppstream, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c index eb4a7ce79..be0fb48ce 100644 --- a/src/lib/protocols/rtcp.c +++ b/src/lib/protocols/rtcp.c @@ -76,7 +76,7 @@ void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("RTCP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_RTCP, ndpi_search_rtcp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index 0e08157ff..c6a8b1f26 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -109,7 +109,7 @@ void init_rtsp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("RTSP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_RTSP, ndpi_search_rtsp_tcp_udp, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; diff --git a/src/lib/protocols/soap.c b/src/lib/protocols/soap.c index 8ba885974..a2504f15c 100644 --- a/src/lib/protocols/soap.c +++ b/src/lib/protocols/soap.c @@ -89,7 +89,7 @@ void init_soap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int { ndpi_set_bitmask_protocol_detection( "SOAP", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_SOAP, ndpi_search_soap, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_PROTOCOL_SOAP, ndpi_search_soap, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; } diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c index c99e8d27c..6409f175d 100644 --- a/src/lib/protocols/someip.c +++ b/src/lib/protocols/someip.c @@ -207,7 +207,7 @@ void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection ("SOME/IP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_SOMEIP, ndpi_search_someip, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id +=1; } diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index b4f36ef94..789e662e1 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -217,7 +217,7 @@ void init_sopcast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ ndpi_set_bitmask_protocol_detection("Sopcast", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_SOPCAST, ndpi_search_sopcast, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c index 5d35260a6..3a2c47db5 100644 --- a/src/lib/protocols/steam.c +++ b/src/lib/protocols/steam.c @@ -304,7 +304,7 @@ void init_steam_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("Steam", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_STEAM, ndpi_search_steam, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c index cadd9f983..6dfe89f75 100644 --- a/src/lib/protocols/teamspeak.c +++ b/src/lib/protocols/teamspeak.c @@ -65,7 +65,7 @@ void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("TeamSpeak", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_TEAMSPEAK, ndpi_search_teamspeak, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c index 53b78f8a4..b40f6d1fc 100644 --- a/src/lib/protocols/teamviewer.c +++ b/src/lib/protocols/teamviewer.c @@ -110,7 +110,7 @@ void init_teamviewer_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("TeamViewer", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_TEAMVIEWER, ndpi_search_teamview, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/telegram.c b/src/lib/protocols/telegram.c index d4f660374..93c308304 100644 --- a/src/lib/protocols/telegram.c +++ b/src/lib/protocols/telegram.c @@ -49,9 +49,6 @@ void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG_DBG(ndpi_struct, "search telegram\n"); - if(packet->payload_packet_len == 0) - return; - if(packet->tcp != NULL) { if(packet->payload_packet_len > 56) { u_int16_t dport = ntohs(packet->tcp->dest); @@ -112,7 +109,7 @@ void init_telegram_dissector(struct ndpi_detection_module_struct *ndpi_struct, u ndpi_set_bitmask_protocol_detection("Telegram", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_TELEGRAM, ndpi_search_telegram, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/tvuplayer.c b/src/lib/protocols/tvuplayer.c index 24c1d870c..3843c153b 100644 --- a/src/lib/protocols/tvuplayer.c +++ b/src/lib/protocols/tvuplayer.c @@ -152,7 +152,7 @@ void init_tvuplayer_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("TVUplayer", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_TVUPLAYER, ndpi_search_tvuplayer, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/ultrasurf.c b/src/lib/protocols/ultrasurf.c index a0c7cdd4e..cac25f84e 100644 --- a/src/lib/protocols/ultrasurf.c +++ b/src/lib/protocols/ultrasurf.c @@ -63,7 +63,7 @@ void init_ultrasurf_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("UltraSurf", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_ULTRASURF, ndpi_search_ultrasurf, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK ); diff --git a/src/lib/protocols/warcraft3.c b/src/lib/protocols/warcraft3.c index dd9e3a6bc..22311d157 100644 --- a/src/lib/protocols/warcraft3.c +++ b/src/lib/protocols/warcraft3.c @@ -97,7 +97,7 @@ void init_warcraft3_dissector(struct ndpi_detection_module_struct *ndpi_struct, ndpi_set_bitmask_protocol_detection("Warcraft3", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_WARCRAFT3, ndpi_search_warcraft3, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); diff --git a/src/lib/protocols/websocket.c b/src/lib/protocols/websocket.c index eef20ade5..e009e7916 100644 --- a/src/lib/protocols/websocket.c +++ b/src/lib/protocols/websocket.c @@ -122,8 +122,8 @@ void init_websocket_dissector(struct ndpi_detection_module_struct *ndpi_struct, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("WEBSOCKET", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_WEBSOCKET, - ndpi_search_websocket, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); + ndpi_search_websocket, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; } diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 74d3d7bbe..dc7d1ae5a 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -223,7 +223,7 @@ void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i ndpi_set_bitmask_protocol_detection("Zattoo", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_ZATTOO, ndpi_search_zattoo, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); -- cgit v1.2.3