From b04040768323a7666bcf588f2323054082883d75 Mon Sep 17 00:00:00 2001
From: Toni <matzeton@googlemail.com>
Date: Tue, 23 Mar 2021 11:46:12 +0100
Subject: Refactored nDPI subprotocol handling and aimini protocol detection.
 (#1156)

* Refactored and merged callback buffer routines for non-udp-tcp / udp / tcp / tcp-wo-payload.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Try to detect one subprotocol if a detected protocol can have one.

 * This adds a performance overhead due to much more protocol detection routine calls.
   See #1148 for more information.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Refactor subprotocol handling (1/2).

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Refactor subprotocol handling (2/2).

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Prevent some code duplication by using macros for ndpi_int_one_line_struct string comparision.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Refactored aimini HTTP detection parts (somehow related to #1148).

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Added aimini client/server test pcap.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

* Removed master protocol as it was only used for STUN and via also removed API function ndpi_get_protocol_id_master_proto

 * Adjusted Python code to conform to the changes made during the refactoring process.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 tests/pcap/aimini-http.pcap       | Bin 0 -> 91784 bytes
 tests/result/aimini-http.pcap.out |   6 ++++++
 2 files changed, 6 insertions(+)
 create mode 100644 tests/pcap/aimini-http.pcap
 create mode 100644 tests/result/aimini-http.pcap.out

(limited to 'tests')

diff --git a/tests/pcap/aimini-http.pcap b/tests/pcap/aimini-http.pcap
new file mode 100644
index 000000000..e844cd094
Binary files /dev/null and b/tests/pcap/aimini-http.pcap differ
diff --git a/tests/result/aimini-http.pcap.out b/tests/result/aimini-http.pcap.out
new file mode 100644
index 000000000..d9c1e7bfa
--- /dev/null
+++ b/tests/result/aimini-http.pcap.out
@@ -0,0 +1,6 @@
+HTTP	133	86722	4
+
+	1	TCP 10.101.0.2:28501 <-> 10.102.0.2:80 [proto: 99.7/Aimini.HTTP][cat: Web/5][38 pkts/36756 bytes <-> 34 pkts/28010 bytes][Goodput ratio: 94/93][0.00 sec][Host: www.aimini.net][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 967/824 1514/1514 664/699][URL: www.aimini.net/member/signup/][StatusCode: 0][User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17][PLAIN TEXT (GET /member/signup/ HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,83,0,0]
+	2	TCP 10.101.0.2:28503 <-> 10.102.0.2:80 [proto: 7/HTTP][cat: Web/5][12 pkts/1920 bytes <-> 18 pkts/13384 bytes][Goodput ratio: 63/92][0.00 sec][Host: www.aimini.net][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 160/744 658/1514 223/696][URL: www.aimini.net/search/?q=pictures&sca=][StatusCode: 200][User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17][PLAIN TEXT (GET /search/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,67,0,0]
+	3	TCP 10.101.0.2:28502 <-> 10.102.0.2:80 [proto: 7/HTTP][cat: Web/5][10 pkts/2690 bytes <-> 8 pkts/1544 bytes][Goodput ratio: 78/70][0.00 sec][Host: www.aimini.com][bytes ratio: 0.271 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 269/193 585/339 255/132][URL: www.aimini.com/webcounter/w.php?___hm=.net_SignUp_&_lh_=http://www.aimini.net/member/signup/&__Refer_=http://www.aimini.net/][StatusCode: 200][User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17][PLAIN TEXT (GET /webcounter/w.php)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 10.101.0.2:28504 <-> 10.102.0.2:80 [proto: 7/HTTP][cat: Web/5][8 pkts/1556 bytes <-> 5 pkts/862 bytes][Goodput ratio: 70/66][0.00 sec][Host: www.aimini.com][bytes ratio: 0.287 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 194/172 596/339 232/136][URL: www.aimini.com/webcounter/w.php?___hm=.net_Search_&_lh_=http://www.aimini.net/search/?q=pictures&sca=&__Refer_=http://www.aimini.net/][StatusCode: 200][User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17][PLAIN TEXT (GET /webcounter/w.php)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-- 
cgit v1.2.3