/*
* ndpi_main.c
*
* Copyright (C) 2011-24 - ntop.org
*
* This file is part of nDPI, an open source deep packet inspection
* library based on the OpenDPI and PACE technology by ipoque GmbH
*
* nDPI is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* nDPI is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with nDPI. If not, see .
*
*/
#include
#include
#include
#ifdef __APPLE__
#include
#endif
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNKNOWN
#include "ndpi_config.h"
#include "ndpi_api.h"
#include "ndpi_private.h"
#include "ahocorasick.h"
#include "libcache.h"
#ifdef USE_HOST_LIBGCRYPT
#include
#else
#include "gcrypt_light.h"
#endif
#include
#ifndef WIN32
#include
#include
#include
#else
#include "third_party/include/windows/dirent.h"
#endif
#ifndef TH_FIN
#define TH_FIN 0x01
#define TH_SYN 0x02
#define TH_RST 0x04
#define TH_PUSH 0x08
#define TH_ACK 0x10
#define TH_URG 0x20
#endif
#if defined __FreeBSD__ || defined __NetBSD__ || defined __OpenBSD__
#include
#endif
#include "ndpi_content_match.c.inc"
#include "ndpi_dga_match.c.inc"
#include "inc_generated/ndpi_azure_match.c.inc"
#include "inc_generated/ndpi_tor_match.c.inc"
#include "inc_generated/ndpi_whatsapp_match.c.inc"
#include "inc_generated/ndpi_amazon_aws_match.c.inc"
#include "inc_generated/ndpi_ethereum_match.c.inc"
#include "inc_generated/ndpi_zoom_match.c.inc"
#include "inc_generated/ndpi_cachefly_match.c.inc"
#include "inc_generated/ndpi_cloudflare_match.c.inc"
#include "inc_generated/ndpi_ms_office365_match.c.inc"
#include "inc_generated/ndpi_ms_onedrive_match.c.inc"
#include "inc_generated/ndpi_ms_outlook_match.c.inc"
#include "inc_generated/ndpi_ms_skype_teams_match.c.inc"
#include "inc_generated/ndpi_google_match.c.inc"
#include "inc_generated/ndpi_google_cloud_match.c.inc"
#include "inc_generated/ndpi_crawlers_match.c.inc"
#include "inc_generated/ndpi_icloud_private_relay_match.c.inc"
#include "inc_generated/ndpi_protonvpn_in_match.c.inc"
#include "inc_generated/ndpi_protonvpn_out_match.c.inc"
#include "inc_generated/ndpi_mullvad_match.c.inc"
#include "inc_generated/ndpi_asn_telegram.c.inc"
#include "inc_generated/ndpi_asn_apple.c.inc"
#include "inc_generated/ndpi_asn_twitter.c.inc"
#include "inc_generated/ndpi_asn_netflix.c.inc"
#include "inc_generated/ndpi_asn_webex.c.inc"
#include "inc_generated/ndpi_asn_teamviewer.c.inc"
#include "inc_generated/ndpi_asn_facebook.c.inc"
#include "inc_generated/ndpi_asn_tencent.c.inc"
#include "inc_generated/ndpi_asn_opendns.c.inc"
#include "inc_generated/ndpi_asn_dropbox.c.inc"
#include "inc_generated/ndpi_asn_starcraft.c.inc"
#include "inc_generated/ndpi_asn_ubuntuone.c.inc"
#include "inc_generated/ndpi_asn_twitch.c.inc"
#include "inc_generated/ndpi_asn_hotspotshield.c.inc"
#include "inc_generated/ndpi_asn_github.c.inc"
#include "inc_generated/ndpi_asn_steam.c.inc"
#include "inc_generated/ndpi_asn_bloomberg.c.inc"
#include "inc_generated/ndpi_asn_edgecast.c.inc"
#include "inc_generated/ndpi_asn_goto.c.inc"
#include "inc_generated/ndpi_asn_riotgames.c.inc"
#include "inc_generated/ndpi_asn_threema.c.inc"
#include "inc_generated/ndpi_asn_alibaba.c.inc"
#include "inc_generated/ndpi_asn_avast.c.inc"
#include "inc_generated/ndpi_asn_discord.c.inc"
#include "inc_generated/ndpi_asn_line.c.inc"
#include "inc_generated/ndpi_asn_vk.c.inc"
#include "inc_generated/ndpi_asn_yandex.c.inc"
#include "inc_generated/ndpi_asn_yandex_cloud.c.inc"
#include "inc_generated/ndpi_asn_disney_plus.c.inc"
#include "inc_generated/ndpi_asn_hulu.c.inc"
#include "inc_generated/ndpi_asn_epicgames.c.inc"
#include "inc_generated/ndpi_asn_nvidia.c.inc"
#include "inc_generated/ndpi_asn_roblox.c.inc"
/* Third party libraries */
#include "third_party/include/ndpi_patricia.h"
#include "third_party/include/ndpi_md5.h"
#include "third_party/include/ndpi_sha256.h"
#ifdef HAVE_NBPF
#include "nbpf.h"
#endif
/* #define MATCH_DEBUG 1 */
/* ****************************************** */
static void *(*_ndpi_flow_malloc)(size_t size);
static void (*_ndpi_flow_free)(void *ptr);
/* ****************************************** */
static ndpi_risk_info ndpi_known_risks[] = {
{ NDPI_NO_RISK, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_NO_ACCOUNTABILITY },
{ NDPI_URL_POSSIBLE_XSS, NDPI_RISK_SEVERE, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_URL_POSSIBLE_SQL_INJECTION, NDPI_RISK_SEVERE, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_URL_POSSIBLE_RCE_INJECTION, NDPI_RISK_SEVERE, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_BINARY_APPLICATION_TRANSFER, NDPI_RISK_SEVERE, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
{ NDPI_TLS_SELFSIGNED_CERTIFICATE, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
{ NDPI_TLS_OBSOLETE_VERSION, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_TLS_WEAK_CIPHER, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_TLS_CERTIFICATE_EXPIRED, NDPI_RISK_HIGH, CLIENT_LOW_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
{ NDPI_TLS_CERTIFICATE_MISMATCH, NDPI_RISK_HIGH, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
{ NDPI_HTTP_SUSPICIOUS_USER_AGENT, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_NUMERIC_IP_HOST, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_HTTP_SUSPICIOUS_URL, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_HTTP_SUSPICIOUS_HEADER, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_TLS_NOT_CARRYING_HTTPS, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_SUSPICIOUS_DGA_DOMAIN, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_MALFORMED_PACKET, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_SSH_OBSOLETE_CLIENT_VERSION_OR_CIPHER, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER, NDPI_RISK_MEDIUM, CLIENT_LOW_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
{ NDPI_SMB_INSECURE_VERSION, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_TLS_SUSPICIOUS_ESNI_USAGE, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_UNSAFE_PROTOCOL, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_BOTH_ACCOUNTABLE },
{ NDPI_DNS_SUSPICIOUS_TRAFFIC, NDPI_RISK_MEDIUM, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_TLS_MISSING_SNI, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_HTTP_SUSPICIOUS_CONTENT, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
{ NDPI_RISKY_ASN, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
{ NDPI_RISKY_DOMAIN, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
{ NDPI_MALICIOUS_JA3, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_MALICIOUS_SHA1_CERTIFICATE, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
{ NDPI_DESKTOP_OR_FILE_SHARING_SESSION, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_BOTH_ACCOUNTABLE },
{ NDPI_TLS_UNCOMMON_ALPN, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_TLS_CERT_VALIDITY_TOO_LONG, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
{ NDPI_TLS_SUSPICIOUS_EXTENSION, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_BOTH_ACCOUNTABLE },
{ NDPI_TLS_FATAL_ALERT, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_BOTH_ACCOUNTABLE },
{ NDPI_SUSPICIOUS_ENTROPY, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_BOTH_ACCOUNTABLE },
{ NDPI_CLEAR_TEXT_CREDENTIALS, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_DNS_LARGE_PACKET, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_DNS_FRAGMENTED, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_INVALID_CHARACTERS, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_POSSIBLE_EXPLOIT, NDPI_RISK_SEVERE, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE, NDPI_RISK_MEDIUM, CLIENT_LOW_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
{ NDPI_PUNYCODE_IDN, NDPI_RISK_LOW, CLIENT_LOW_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_ERROR_CODE_DETECTED, NDPI_RISK_LOW, CLIENT_LOW_RISK_PERCENTAGE, NDPI_BOTH_ACCOUNTABLE },
{ NDPI_HTTP_CRAWLER_BOT, NDPI_RISK_LOW, CLIENT_LOW_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_ANONYMOUS_SUBSCRIBER, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_UNIDIRECTIONAL_TRAFFIC, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_HTTP_OBSOLETE_SERVER, NDPI_RISK_MEDIUM, CLIENT_LOW_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE },
{ NDPI_PERIODIC_FLOW, NDPI_RISK_LOW, CLIENT_LOW_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_MINOR_ISSUES, NDPI_RISK_LOW, CLIENT_LOW_RISK_PERCENTAGE, NDPI_BOTH_ACCOUNTABLE },
{ NDPI_TCP_ISSUES, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_FULLY_ENCRYPTED, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_TLS_ALPN_SNI_MISMATCH, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_MALWARE_HOST_CONTACTED, NDPI_RISK_SEVERE, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_BINARY_DATA_TRANSFER, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
{ NDPI_PROBING_ATTEMPT, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE },
/* Leave this as last member */
{ NDPI_MAX_RISK, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_NO_ACCOUNTABILITY }
};
#if !defined(NDPI_CFFI_PREPROCESSING) && defined(__linux__)
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
_Static_assert(sizeof(ndpi_known_risks) / sizeof(ndpi_risk_info) == NDPI_MAX_RISK + 1,
"Invalid risks length. Do you need to update 'ndpi_known_risks' array?");
#endif
#endif
/* ****************************************** */
/* Forward */
static int addDefaultPort(struct ndpi_detection_module_struct *ndpi_str,
ndpi_port_range *range, ndpi_proto_defaults_t *def,
u_int8_t customUserProto, default_ports_tree_node_t **root,
const char *_func, int _line);
static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet);
static void ndpi_int_change_protocol(struct ndpi_flow_struct *flow,
u_int16_t upper_detected_protocol, u_int16_t lower_detected_protocol,
ndpi_confidence_t confidence);
static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str);
static void ndpi_enabled_callbacks_init(struct ndpi_detection_module_struct *ndpi_str,
const NDPI_PROTOCOL_BITMASK *dbm, int count_only);
static void set_default_config(struct ndpi_detection_module_config_struct *cfg);
/* ****************************************** */
ndpi_custom_dga_predict_fctn ndpi_dga_function = NULL;
/* ****************************************** */
static inline u_int8_t flow_is_proto(struct ndpi_flow_struct *flow, u_int16_t p) {
return((flow->detected_protocol_stack[0] == p) || (flow->detected_protocol_stack[1] == p));
}
/* ****************************************** */
void *ndpi_flow_malloc(size_t size) {
return(_ndpi_flow_malloc ? _ndpi_flow_malloc(size) : ndpi_malloc(size));
}
/* ****************************************** */
void ndpi_flow_free(void *ptr) {
if(_ndpi_flow_free)
_ndpi_flow_free(ptr);
else
ndpi_free_flow((struct ndpi_flow_struct *) ptr);
}
/* *********************************************************************************** */
u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void) {
return(sizeof(struct ndpi_flow_struct));
}
/* *********************************************************************************** */
u_int32_t ndpi_detection_get_sizeof_ndpi_flow_tcp_struct(void) {
return(sizeof(struct ndpi_flow_tcp_struct));
}
/* *********************************************************************************** */
u_int32_t ndpi_detection_get_sizeof_ndpi_flow_udp_struct(void) {
return(sizeof(struct ndpi_flow_udp_struct));
}
/* *********************************************************************************** */
char *ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_str, u_int id) {
if(!ndpi_str)
return NULL;
return((id >= ndpi_str->ndpi_num_supported_protocols) ? NULL : ndpi_str->proto_defaults[id].protoName);
}
/* *********************************************************************************** */
u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_str, const char *name) {
u_int16_t i, num = ndpi_get_num_supported_protocols(ndpi_str);
char *p;
if(!ndpi_str || !name)
return(NDPI_PROTOCOL_UNKNOWN);
for(i = 0; i < num; i++) {
p = ndpi_get_proto_by_id(ndpi_str, i);
if(p && strcasecmp(p, name) == 0)
return(i);
}
return(NDPI_PROTOCOL_UNKNOWN);
}
/* ************************************************************************************* */
/* ************************************************************************************* */
static void ndpi_add_user_proto_id_mapping(struct ndpi_detection_module_struct *ndpi_str,
u_int16_t ndpi_proto_id, u_int16_t user_proto_id) {
NDPI_LOG_DBG2(ndpi_str, "[DEBUG] *** %u (>= %u)-> %u\n",
ndpi_proto_id, NDPI_MAX_SUPPORTED_PROTOCOLS,
user_proto_id);
if(ndpi_proto_id >= NDPI_MAX_SUPPORTED_PROTOCOLS)
ndpi_str->ndpi_to_user_proto_id[ndpi_proto_id-NDPI_MAX_SUPPORTED_PROTOCOLS] = user_proto_id;
}
/* ************************************************************************************* */
/* Map a custom user protocol into an internal nDPI protocol id */
u_int16_t ndpi_map_user_proto_id_to_ndpi_id(struct ndpi_detection_module_struct *ndpi_str,
u_int16_t user_proto_id) {
#if 0 /* Too much verbose... */
NDPI_LOG_DBG2(ndpi_str, "[DEBUG] ***** %s(%u)\n", __FUNCTION__, user_proto_id);
#endif
if(!ndpi_str)
return(0);
if(user_proto_id < NDPI_MAX_SUPPORTED_PROTOCOLS)
return(user_proto_id);
else {
u_int idx, idx_max = ndpi_str->ndpi_num_supported_protocols - NDPI_MAX_SUPPORTED_PROTOCOLS;
/* TODO: improve it and remove linear scan */
for(idx = 0; idx < idx_max; idx++) {
if(ndpi_str->ndpi_to_user_proto_id[idx] == 0)
break;
else if(ndpi_str->ndpi_to_user_proto_id[idx] == user_proto_id) {
return(idx + NDPI_MAX_SUPPORTED_PROTOCOLS);
}
}
}
return(0);
}
/* ************************************************************************************* */
/* Map an internal nDPI protocol id to a custom user protocol */
u_int16_t ndpi_map_ndpi_id_to_user_proto_id(struct ndpi_detection_module_struct *ndpi_str,
u_int16_t ndpi_proto_id) {
#if 0 /* Too much verbose... */
NDPI_LOG_DBG2(ndpi_str, "[DEBUG] ***** %s(%u)\n", __FUNCTION__, ndpi_proto_id);
#endif
if(!ndpi_str)
return(0);
if(ndpi_proto_id < NDPI_MAX_SUPPORTED_PROTOCOLS)
return(ndpi_proto_id);
else if(ndpi_proto_id < ndpi_str->ndpi_num_supported_protocols) {
u_int id = ndpi_proto_id - NDPI_MAX_SUPPORTED_PROTOCOLS;
if(id < ndpi_str->ndpi_num_supported_protocols)
return(ndpi_str->ndpi_to_user_proto_id[id]);
}
return(0);
}
/* ************************************************************************************* */
ndpi_port_range *ndpi_build_default_ports(ndpi_port_range *ports, u_int16_t portA, u_int16_t portB, u_int16_t portC,
u_int16_t portD, u_int16_t portE) {
int i = 0;
ports[i].port_low = portA, ports[i].port_high = portA;
i++;
ports[i].port_low = portB, ports[i].port_high = portB;
i++;
ports[i].port_low = portC, ports[i].port_high = portC;
i++;
ports[i].port_low = portD, ports[i].port_high = portD;
i++;
ports[i].port_low = portE, ports[i].port_high = portE;
return(ports);
}
/* ********************************************************************************** */
void ndpi_set_proto_breed(struct ndpi_detection_module_struct *ndpi_str,
u_int16_t protoId, ndpi_protocol_breed_t breed) {
if(!ndpi_is_valid_protoId(protoId))
return;
else if(ndpi_str)
ndpi_str->proto_defaults[protoId].protoBreed = breed;
}
/* ********************************************************************************** */
void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_str, u_int16_t protoId,
ndpi_protocol_category_t protoCategory) {
if(!ndpi_is_valid_protoId(protoId))
return;
else if(ndpi_str)
ndpi_str->proto_defaults[protoId].protoCategory = protoCategory;
}
/* ********************************************************************************** */
/*
There are some (master) protocols that are informative, meaning that it shows
what is the subprotocol about, but also that the subprotocol isn't a real protocol.
Example:
- DNS is informative as if we see a DNS request for www.facebook.com, the
returned protocol is DNS.Facebook, but Facebook isn't a real subprotocol but
rather it indicates a query for Facebook and not Facebook traffic.
- HTTP/SSL are NOT informative as SSL.Facebook (likely) means that this is
SSL (HTTPS) traffic containg Facebook traffic.
*/
u_int8_t ndpi_is_subprotocol_informative(u_int16_t protoId) {
if(!ndpi_is_valid_protoId(protoId))
return(0);
switch(protoId) {
/* All dissectors that have calls to ndpi_match_host_subprotocol() */
case NDPI_PROTOCOL_DNS:
return(1);
default:
return(0);
}
}
/* ********************************************************************************** */
void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
u_int16_t protocol_id, const char *_file, const char *_func, int _line) {
if(ndpi_is_valid_protoId(protocol_id)) {
#ifdef NDPI_ENABLE_DEBUG_MESSAGES
if(ndpi_str && ndpi_str->cfg.log_level >= NDPI_LOG_DEBUG && ndpi_str->ndpi_debug_printf != NULL) {
(*(ndpi_str->ndpi_debug_printf))(protocol_id, ndpi_str, NDPI_LOG_DEBUG, _file, _func, _line, "exclude %s\n",
ndpi_get_proto_name(ndpi_str, protocol_id));
}
#else
(void)ndpi_str;
(void)_file;
(void)_func;
(void)_line;
#endif
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, protocol_id);
}
}
/* ********************************************************************************** */
static int is_proto_enabled(struct ndpi_detection_module_struct *ndpi_str, int protoId)
{
/* Custom protocols are always enabled */
if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS)
return 1;
if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_str->detection_bitmask, protoId) == 0)
return 0;
return 1;
}
/* ********************************************************************************** */
void ndpi_set_proto_subprotocols(struct ndpi_detection_module_struct *ndpi_str, int protoId, ...)
{
va_list ap;
int current_arg = protoId;
size_t i = 0;
if(!is_proto_enabled(ndpi_str, protoId)) {
NDPI_LOG_DBG(ndpi_str, "[NDPI] Skip subprotocols for %d (disabled)\n", protoId);
return;
}
va_start(ap, protoId);
while (current_arg != NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS) {
if(!is_proto_enabled(ndpi_str, current_arg)) {
NDPI_LOG_DBG(ndpi_str, "[NDPI] Skip subprotocol %d (disabled)\n", protoId);
} else {
ndpi_str->proto_defaults[protoId].subprotocol_count++;
}
current_arg = va_arg(ap, int);
}
va_end(ap);
ndpi_str->proto_defaults[protoId].subprotocols = NULL;
/* The last protocol is not a subprotocol. */
ndpi_str->proto_defaults[protoId].subprotocol_count--;
/* No subprotocol was set before NDPI_NO_MORE_SUBPROTOCOLS. */
if(ndpi_str->proto_defaults[protoId].subprotocol_count == 0) {
return;
}
ndpi_str->proto_defaults[protoId].subprotocols =
ndpi_malloc(sizeof(protoId) * ndpi_str->proto_defaults[protoId].subprotocol_count);
if(!ndpi_str->proto_defaults[protoId].subprotocols) {
ndpi_str->proto_defaults[protoId].subprotocol_count = 0;
return;
}
va_start(ap, protoId);
current_arg = va_arg(ap, int);
while (current_arg != NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS) {
if(is_proto_enabled(ndpi_str, current_arg)) {
ndpi_str->proto_defaults[protoId].subprotocols[i++] = current_arg;
}
current_arg = va_arg(ap, int);
}
va_end(ap);
}
/* ********************************************************************************** */
void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_str,
u_int8_t is_cleartext, u_int8_t is_app_protocol,
ndpi_protocol_breed_t breed,
u_int16_t protoId, char *protoName,
ndpi_protocol_category_t protoCategory,
ndpi_port_range *tcpDefPorts,
ndpi_port_range *udpDefPorts) {
char *name;
int j;
if(!ndpi_str || !protoName)
return;
if(!ndpi_is_valid_protoId(protoId)) {
NDPI_LOG_ERR(ndpi_str, "[NDPI] %s/protoId=%d: INTERNAL ERROR\n", protoName, protoId);
return;
}
if(ndpi_str->proto_defaults[protoId].protoName != NULL) {
NDPI_LOG_DBG2(ndpi_str, "[NDPI] %s/protoId=%d: already initialized. Ignoring it\n", protoName, protoId);
return;
}
name = ndpi_strdup(protoName);
if(!name) {
NDPI_LOG_ERR(ndpi_str, "[NDPI] %s/protoId=%d: mem allocation error\n", protoName, protoId);
return;
}
ndpi_str->proto_defaults[protoId].isClearTextProto = is_cleartext;
/*
is_appprotocol=1 means that this is only an application protocol layered
on top of a network protocol. Example WhatsApp=1, TLS=0
*/
ndpi_str->proto_defaults[protoId].isAppProtocol = is_app_protocol;
ndpi_str->proto_defaults[protoId].protoName = name;
ndpi_str->proto_defaults[protoId].protoCategory = protoCategory;
ndpi_str->proto_defaults[protoId].protoId = protoId;
ndpi_str->proto_defaults[protoId].protoBreed = breed;
ndpi_str->proto_defaults[protoId].subprotocols = NULL;
ndpi_str->proto_defaults[protoId].subprotocol_count = 0;
if(!is_proto_enabled(ndpi_str, protoId)) {
NDPI_LOG_DBG(ndpi_str, "[NDPI] Skip default ports for %s/protoId=%d: disabled\n", protoName, protoId);
return;
}
for(j = 0; j < MAX_DEFAULT_PORTS; j++) {
if(udpDefPorts[j].port_low != 0)
addDefaultPort(ndpi_str, &udpDefPorts[j], &ndpi_str->proto_defaults[protoId], 0, &ndpi_str->udpRoot,
__FUNCTION__, __LINE__);
if(tcpDefPorts[j].port_low != 0)
addDefaultPort(ndpi_str, &tcpDefPorts[j], &ndpi_str->proto_defaults[protoId], 0, &ndpi_str->tcpRoot,
__FUNCTION__, __LINE__);
/* No port range, just the lower port */
ndpi_str->proto_defaults[protoId].tcp_default_ports[j] = tcpDefPorts[j].port_low;
ndpi_str->proto_defaults[protoId].udp_default_ports[j] = udpDefPorts[j].port_low;
}
}
/* ******************************************************************** */
static int default_ports_tree_node_t_cmp(const void *a, const void *b) {
default_ports_tree_node_t *fa = (default_ports_tree_node_t *) a;
default_ports_tree_node_t *fb = (default_ports_tree_node_t *) b;
//printf("[NDPI] %s(%d, %d)\n", __FUNCTION__, fa->default_port, fb->default_port);
return((fa->default_port == fb->default_port) ? 0 : ((fa->default_port < fb->default_port) ? -1 : 1));
}
/* ******************************************************************** */
static int addDefaultPort(struct ndpi_detection_module_struct *ndpi_str,
ndpi_port_range *range,
ndpi_proto_defaults_t *def,
u_int8_t customUserProto,
default_ports_tree_node_t **root,
const char *_func,
int _line) {
(void)_func;
(void)_line;
u_int32_t port;
for(port = range->port_low; port <= range->port_high; port++) {
default_ports_tree_node_t *node =
(default_ports_tree_node_t *) ndpi_malloc(sizeof(default_ports_tree_node_t));
default_ports_tree_node_t *ret;
if(!node) {
NDPI_LOG_ERR(ndpi_str, "%s:%d not enough memory\n", _func, _line);
break;
}
node->proto = def, node->default_port = port, node->customUserProto = customUserProto;
ret = (default_ports_tree_node_t *) ndpi_tsearch(node,
(void *) root,
default_ports_tree_node_t_cmp); /* Add it to the tree */
if(ret == NULL) {
NDPI_LOG_DBG(ndpi_str, "[NDPI] %s:%d error searching for port %u\n", _func, _line, port);
ndpi_free(node);
break;
}
if(ret != node) {
NDPI_LOG_DBG(ndpi_str, "[NDPI] %s:%d found duplicate for port %u: overwriting it with new value\n",
_func, _line, port);
ret->proto = def;
ndpi_free(node);
return(-1); /* Duplicates found */
}
}
return(0);
}
/* ****************************************************** */
/*
This is a function used to see if we need to
add a trailer $ in case the string is complete
or is a string that can be matched in the
middle of a domain name
Example:
microsoft.com -> microsoft.com$
apple. -> apple.
*/
static u_int8_t ndpi_is_middle_string_char(char c) {
switch(c) {
case '.':
case '-':
return(1);
default:
return(0);
}
}
/*******************************************************/
static const u_int8_t ndpi_domain_level_automat[4][4]= {
/* symbol,'.','-',inc */
{ 2,1,2,0 }, // start state
{ 2,0,0,0 }, // first char is '.'; disable .. or .-
{ 2,3,2,0 }, // part of domain name
{ 2,0,0,1 } // next level domain name; disable .. or .-
};
/*
* domain level
* a. = 1
* .a. = 1
* a.b = 2
*/
static u_int8_t ndpi_domain_level(const char *name) {
u_int8_t level = 1, state = 0;
char c;
while((c = *name++) != '\0') {
c = c == '-' ? 2 : (c == '.' ? 1:0);
level += ndpi_domain_level_automat[state][3];
state = ndpi_domain_level_automat[state][(u_int8_t)c];
if(!state) break;
}
return state >= 2 ? level:0;
}
/* ****************************************************** */
static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_str,
AC_AUTOMATA_t *ac_automa, const char *value,
u_int16_t protocol_id, ndpi_protocol_category_t category,
ndpi_protocol_breed_t breed, u_int8_t level,
u_int8_t add_ends_with) {
AC_PATTERN_t ac_pattern;
AC_ERROR_t rc;
u_int len;
char *value_dup = NULL;
if(!ndpi_is_valid_protoId(protocol_id)) {
NDPI_LOG_ERR(ndpi_str, "[NDPI] protoId=%d: INTERNAL ERROR\n", protocol_id);
return(-1);
}
if((ac_automa == NULL) || (value == NULL) || !*value)
return(-2);
value_dup = ndpi_strdup(value);
if(!value_dup)
return(-1);
memset(&ac_pattern, 0, sizeof(ac_pattern));
len = strlen(value);
ac_pattern.astring = value_dup;
ac_pattern.length = len;
ac_pattern.rep.number = protocol_id;
ac_pattern.rep.category = (u_int16_t) category;
ac_pattern.rep.breed = (u_int16_t) breed;
ac_pattern.rep.level = level ? level : ndpi_domain_level(value);
ac_pattern.rep.at_end = add_ends_with && !ndpi_is_middle_string_char(value[len-1]); /* len != 0 */
ac_pattern.rep.dot = memchr(value,'.',len) != NULL;
#ifdef MATCH_DEBUG
printf("Adding to %s %lx [%s%s][protocol_id: %u][category: %u][breed: %u][level: %u]\n",
ac_automa->name,(unsigned long int)ac_automa,
ac_pattern.astring,ac_pattern.rep.at_end? "$":"", protocol_id, category, breed,ac_pattern.rep.level);
#endif
rc = ac_automata_add(ac_automa, &ac_pattern);
if(rc != ACERR_SUCCESS) {
ndpi_free(value_dup);
if(rc != ACERR_DUPLICATE_PATTERN)
return (-2);
}
return(0);
}
/* ****************************************************** */
static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_str,
char *value, int protocol_id,
ndpi_protocol_category_t category,
ndpi_protocol_breed_t breed, u_int8_t level) {
#ifndef NDPI_ENABLE_DEBUG_MESSAGES
NDPI_LOG_DBG2(ndpi_str, "[NDPI] Adding [%s][%d]\n", value, protocol_id);
#endif
return ndpi_string_to_automa(ndpi_str, (AC_AUTOMATA_t *)ndpi_str->host_automa.ac_automa,
value, protocol_id, category, breed, level, 1);
}
/* ******************************************************************** */
int ndpi_init_empty_app_protocol(ndpi_protocol_match const * const hostname_list,
ndpi_protocol_match * const empty_app_protocol) {
if (hostname_list[0].proto_name == NULL)
return 1;
memset(empty_app_protocol, 0, sizeof(*empty_app_protocol));
empty_app_protocol->proto_name = hostname_list[0].proto_name;
empty_app_protocol->protocol_id = hostname_list[0].protocol_id;
empty_app_protocol->protocol_category = hostname_list[0].protocol_category;
empty_app_protocol->protocol_breed = hostname_list[0].protocol_breed;
empty_app_protocol->level = hostname_list[0].level;
return 0;
}
/* ******************************************************************** */
int ndpi_init_app_protocol(struct ndpi_detection_module_struct *ndpi_str,
ndpi_protocol_match const * const match) {
ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS];
if(ndpi_str->proto_defaults[match->protocol_id].protoName == NULL) {
ndpi_str->proto_defaults[match->protocol_id].protoName = ndpi_strdup(match->proto_name);
if(!ndpi_str->proto_defaults[match->protocol_id].protoName)
return 1;
ndpi_str->proto_defaults[match->protocol_id].isAppProtocol = 1;
ndpi_str->proto_defaults[match->protocol_id].protoId = match->protocol_id;
ndpi_str->proto_defaults[match->protocol_id].protoCategory = match->protocol_category;
ndpi_str->proto_defaults[match->protocol_id].protoBreed = match->protocol_breed;
ndpi_set_proto_defaults(ndpi_str,
ndpi_str->proto_defaults[match->protocol_id].isClearTextProto,
ndpi_str->proto_defaults[match->protocol_id].isAppProtocol,
ndpi_str->proto_defaults[match->protocol_id].protoBreed,
ndpi_str->proto_defaults[match->protocol_id].protoId,
ndpi_str->proto_defaults[match->protocol_id].protoName,
ndpi_str->proto_defaults[match->protocol_id].protoCategory,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
}
if(!is_proto_enabled(ndpi_str, match->protocol_id)) {
NDPI_LOG_DBG(ndpi_str, "[NDPI] Skip protocol match for %s/protoId=%d: disabled\n",
match->string_to_match, match->protocol_id);
return 1;
}
return 0;
}
/* ******************************************************************** */
void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_str,
ndpi_protocol_match const * const match) {
if (ndpi_init_app_protocol(ndpi_str, match) == 0) {
ndpi_add_host_url_subprotocol(ndpi_str, match->string_to_match,
match->protocol_id, match->protocol_category,
match->protocol_breed, match->level);
}
}
/* ******************************************************************** */
/* Self check function to be called only for testing purposes */
void ndpi_self_check_host_match(FILE *error_out) {
u_int32_t i, j;
for(i = 0; host_match[i].string_to_match != NULL; i++) {
if(host_match[i].string_to_match[0] == '.') {
if (error_out != NULL) {
fprintf(error_out,
"[NDPI] INTERNAL ERROR Invalid string detected '%s'. It can not start with '.'\n",
host_match[i].string_to_match);
fprintf(error_out, "\nPlease fix host_match[] in ndpi_content_match.c.inc\n");
}
abort();
}
for(j = 0; host_match[j].string_to_match != NULL; j++) {
if((i != j) && (strcmp(host_match[i].string_to_match, host_match[j].string_to_match) == 0)) {
if (error_out != NULL) {
fprintf(error_out,
"[NDPI] INTERNAL ERROR duplicate string detected '%s' [id: %u, id %u]\n",
host_match[i].string_to_match, i, j);
fprintf(error_out, "\nPlease fix host_match[] in ndpi_content_match.c.inc\n");
}
abort();
}
}
}
}
/* ******************************************************************** */
#define XGRAMS_C 26
static int ndpi_xgrams_inited = 0;
static unsigned int bigrams_bitmap[(XGRAMS_C*XGRAMS_C+31)/32];
static unsigned int impossible_bigrams_bitmap[(XGRAMS_C*XGRAMS_C+31)/32];
static unsigned int trigrams_bitmap[(XGRAMS_C*XGRAMS_C*XGRAMS_C+31)/32];
static void ndpi_xgrams_init(struct ndpi_detection_module_struct *ndpi_str,
unsigned int *dst, size_t dn,
const char **src, size_t sn,
unsigned int l)
{
unsigned int i,j,c;
for(i=0;i < sn && src[i]; i++) {
for(j=0,c=0; j < l; j++) {
unsigned char a = (unsigned char)src[i][j];
if(a < 'a' || a > 'z') {
NDPI_LOG_ERR(ndpi_str,
"[NDPI] INTERNAL ERROR ndpi_xgrams_init %u: c%u %c\n",
i,j,a);
abort();
}
c *= XGRAMS_C;
c += a - 'a';
}
if(src[i][l]) {
NDPI_LOG_ERR(ndpi_str,
"[NDPI] INTERNAL ERROR ndpi_xgrams_init %u: c[%d] != 0\n",
i,l);
abort();
}
if((c >> 3) >= dn) abort();
dst[c >> 5] |= 1u << (c & 0x1f);
}
}
/* ******************************************************************** */
static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_str) {
int i;
for(i = 0; host_match[i].string_to_match != NULL; i++)
ndpi_init_protocol_match(ndpi_str, &host_match[i]);
/* ************************ */
for(i = 0; tls_certificate_match[i].string_to_match != NULL; i++) {
if(!is_proto_enabled(ndpi_str, tls_certificate_match[i].protocol_id)) {
NDPI_LOG_DBG(ndpi_str, "[NDPI] Skip tls cert match for %s/protoId=%d: disabled\n",
tls_certificate_match[i].string_to_match, tls_certificate_match[i].protocol_id);
continue;
}
/* Note: string_to_match is not malloc'ed here as ac_automata_release is
* called with free_pattern = 0 */
ndpi_add_string_value_to_automa(ndpi_str->tls_cert_subject_automa.ac_automa,
tls_certificate_match[i].string_to_match,
tls_certificate_match[i].protocol_id);
}
/* ************************ */
//ndpi_enable_loaded_categories(ndpi_str);
if(!ndpi_xgrams_inited) {
ndpi_xgrams_inited = 1;
ndpi_xgrams_init(ndpi_str,bigrams_bitmap,sizeof(bigrams_bitmap),
ndpi_en_bigrams,sizeof(ndpi_en_bigrams)/sizeof(ndpi_en_bigrams[0]), 2);
ndpi_xgrams_init(ndpi_str,impossible_bigrams_bitmap,sizeof(impossible_bigrams_bitmap),
ndpi_en_impossible_bigrams,sizeof(ndpi_en_impossible_bigrams)/sizeof(ndpi_en_impossible_bigrams[0]), 2);
ndpi_xgrams_init(ndpi_str,trigrams_bitmap,sizeof(trigrams_bitmap),
ndpi_en_trigrams,sizeof(ndpi_en_trigrams)/sizeof(ndpi_en_trigrams[0]), 3);
}
}
/* ******************************************************************** */
static void ndpi_validate_protocol_initialization(struct ndpi_detection_module_struct *ndpi_str) {
u_int i;
for(i = 0; i < ndpi_str->ndpi_num_supported_protocols; i++) {
if(ndpi_str->proto_defaults[i].protoName == NULL) {
NDPI_LOG_ERR(ndpi_str,
"[NDPI] INTERNAL ERROR missing protoName initialization for [protoId=%d]: recovering\n", i);
} else {
if((i != NDPI_PROTOCOL_UNKNOWN) &&
(ndpi_str->proto_defaults[i].protoCategory == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) {
NDPI_LOG_ERR(ndpi_str,
"[NDPI] INTERNAL ERROR missing category [protoId=%d/%s] initialization: recovering\n", i,
ndpi_str->proto_defaults[i].protoName ? ndpi_str->proto_defaults[i].protoName : "???");
}
}
}
}
/* ******************************************************************** */
/* This function is used to map protocol name and default ports and it MUST
be updated whenever a new protocol is added to NDPI.
Do NOT add web services (NDPI_SERVICE_xxx) here.
*/
static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_str) {
ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS];
/* Reset all settings */
memset(ndpi_str->proto_defaults, 0, sizeof(ndpi_str->proto_defaults));
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_UNKNOWN,
"Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL,
"FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_DATA,
"FTP_DATA", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP,
"POP3", NDPI_PROTOCOL_CATEGORY_MAIL,
ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_POPS,
"POPS", NDPI_PROTOCOL_CATEGORY_MAIL,
ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_SMTP,
"SMTP", NDPI_PROTOCOL_CATEGORY_MAIL,
ndpi_build_default_ports(ports_a, 25, 587, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_SMTPS,
"SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL,
ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP,
"IMAP", NDPI_PROTOCOL_CATEGORY_MAIL,
ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_IMAPS,
"IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL,
ndpi_build_default_ports(ports_a, 993, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS,
"DNS", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 53, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 53, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_subprotocols(ndpi_str, NDPI_PROTOCOL_DNS,
NDPI_PROTOCOL_MATCHED_BY_CONTENT,
NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS); /* NDPI_PROTOCOL_DNS can have (content-matched) subprotocols */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IPP,
"IPP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IMO,
"IMO", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP,
"HTTP", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 80, 0 /* ntop */, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_subprotocols(ndpi_str, NDPI_PROTOCOL_HTTP,
NDPI_PROTOCOL_CROSSFIRE, NDPI_PROTOCOL_SOAP,
NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_GNUTELLA,
NDPI_PROTOCOL_MAPLESTORY, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_WORLDOFWARCRAFT,
NDPI_PROTOCOL_IRC,
NDPI_PROTOCOL_IPP,
NDPI_PROTOCOL_MPEGDASH,
NDPI_PROTOCOL_RTSP,
NDPI_PROTOCOL_APACHE_THRIFT,
NDPI_PROTOCOL_JSON_RPC,
NDPI_PROTOCOL_HL7,
NDPI_PROTOCOL_MATCHED_BY_CONTENT,
NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS); /* NDPI_PROTOCOL_HTTP can have (content-matched) subprotocols */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MDNS,
"MDNS", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 5353, 5354, 0, 0, 0) /* UDP */);
ndpi_set_proto_subprotocols(ndpi_str, NDPI_PROTOCOL_MDNS,
NDPI_PROTOCOL_MATCHED_BY_CONTENT,
NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS); /* NDPI_PROTOCOL_MDNS can have (content-matched) subprotocols */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NTP,
"NTP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 123, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETBIOS,
"NetBIOS", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 139, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 137, 138, 139, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NFS,
"NFS", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
ndpi_build_default_ports(ports_a, 2049, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 2049, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSDP,
"SSDP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP,
"BGP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 179, 2605, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP,
"SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 161, 162, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XDMCP,
"XDMCP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
ndpi_build_default_ports(ports_a, 177, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_DANGEROUS, NDPI_PROTOCOL_SMBV1,
"SMBv1", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG,
"Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 514, 601, 6514, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 514, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP,
"DHCP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 67, 68, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_POSTGRES,
"PostgreSQL", NDPI_PROTOCOL_CATEGORY_DATABASE,
ndpi_build_default_ports(ports_a, 5432, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MYSQL,
"MySQL", NDPI_PROTOCOL_CATEGORY_DATABASE,
ndpi_build_default_ports(ports_a, 3306, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NATS,
"Nats", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AMONG_US,
"AmongUs", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 22023, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_NTOP,
"ntop", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VMWARE,
"VMware", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
ndpi_build_default_ports(ports_a, 903, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA,
"Gnutella", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_EDONKEY,
"eDonkey", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT,
"BitTorrent", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE_TEAMS,
"Skype_Teams", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GOOGLE,
"Google", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE_TEAMS_CALL,
"Skype_TeamsCall", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TIKTOK,
"TikTok", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO,
"Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WECHAT,
"WeChat", NDPI_PROTOCOL_CATEGORY_CHAT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEMCACHED,
"Memcached", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 11211, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 11211, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMBV23,
"SMBv23", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MINING,
"Mining", CUSTOM_CATEGORY_MINING,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NEST_LOG_SINK,
"NestLogSink", NDPI_PROTOCOL_CATEGORY_CLOUD,
ndpi_build_default_ports(ports_a, 11095, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MODBUS,
"Modbus", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 502, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_CALL,
"WhatsAppCall", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DATASAVER,
"DataSaver", NDPI_PROTOCOL_CATEGORY_WEB /* dummy */,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SIGNAL,
"Signal", NDPI_PROTOCOL_CATEGORY_CHAT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DOH_DOT,
"DoH_DoT", NDPI_PROTOCOL_CATEGORY_NETWORK /* dummy */,
ndpi_build_default_ports(ports_a, 853, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 784, 853, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_REDDIT,
"Reddit", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WIREGUARD,
"WireGuard", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 51820, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_XBOX,
"Xbox", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PLAYSTATION,
"Playstation", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQ,
"QQ", NDPI_PROTOCOL_CATEGORY_CHAT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_RTSP,
"RTSP", NDPI_PROTOCOL_CATEGORY_MEDIA,
ndpi_build_default_ports(ports_a, 554, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 554, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ICECAST,
"IceCast", NDPI_PROTOCOL_CATEGORY_MEDIA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CPHA,
"CPHA", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 8116, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ZATTOO,
"Zattoo", NDPI_PROTOCOL_CATEGORY_VIDEO,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DISCORD,
"Discord", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PLURALSIGHT,
"Pluralsight", NDPI_PROTOCOL_CATEGORY_VIDEO,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OCSP,
"OCSP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VXLAN,
"VXLAN", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 4789, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_IRC,
"IRC", NDPI_PROTOCOL_CATEGORY_CHAT,
ndpi_build_default_ports(ports_a, 194, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 194, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MERAKI_CLOUD,
"MerakiCloud", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_JABBER,
"Jabber", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DISNEYPLUS,
"DisneyPlus", NDPI_PROTOCOL_CATEGORY_STREAMING,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_VRRP,
"VRRP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STEAM,
"Steam", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HALFLIFE2,
"HalfLife2", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLDOFWARCRAFT,
"WorldOfWarcraft", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_HOTSPOT_SHIELD,
"HotspotShield", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_TELNET,
"Telnet", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
ndpi_build_default_ports(ports_a, 23, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN,
"STUN", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 3478, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_IPSEC,
"IPSec", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 500, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 500, 4500, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_GRE,
"GRE", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMP,
"ICMP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IGMP,
"IGMP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_EGP,
"EGP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_PGM,
"PGM", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_SCTP,
"SCTP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_OSPF,
"OSPF", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 2604, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IP_IN_IP,
"IP_in_IP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTP,
"RTP", NDPI_PROTOCOL_CATEGORY_MEDIA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RDP,
"RDP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
ndpi_build_default_ports(ports_a, 3389, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 3389, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VNC,
"VNC", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
ndpi_build_default_ports(ports_a, 5900, 5901, 5800, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TUMBLR,
"Tumblr", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZOOM,
"Zoom", NDPI_PROTOCOL_CATEGORY_VIDEO,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_FILES,
"WhatsAppFiles", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP,
"WhatsApp", NDPI_PROTOCOL_CATEGORY_CHAT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_TLS,
"TLS", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 443, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_subprotocols(ndpi_str, NDPI_PROTOCOL_TLS,
NDPI_PROTOCOL_MATCHED_BY_CONTENT,
NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS); /* NDPI_PROTOCOL_TLS can have (content-matched) subprotocols */
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DTLS,
"DTLS", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_subprotocols(ndpi_str, NDPI_PROTOCOL_DTLS,
NDPI_PROTOCOL_MATCHED_BY_CONTENT,
NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS); /* NDPI_PROTOCOL_DTLS can have (content-matched) subprotocols */
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSH,
"SSH", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
ndpi_build_default_ports(ports_a, 22, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_USENET,
"Usenet", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MGCP,
"MGCP", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IAX,
"IAX", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 4569, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP,
"AFP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HULU,
"Hulu", NDPI_PROTOCOL_CATEGORY_STREAMING,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CHECKMK,
"CHECKMK", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
ndpi_build_default_ports(ports_a, 6556, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP,
"SIP", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 5060, 5061, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 5060, 5061, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE,
"TruPhone", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMPV6,
"ICMPV6", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCPV6,
"DHCPV6", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ARMAGETRON,
"Armagetron", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CROSSFIRE,
"Crossfire", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOFUS,
"Dofus", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS,
"Guildwars", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMAZON_ALEXA,
"AmazonAlexa", NDPI_PROTOCOL_CATEGORY_VIRTUAL_ASSISTANT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KERBEROS,
"Kerberos", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 88, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 88, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LDAP,
"LDAP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 389, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 389, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MAPLESTORY,
"MapleStory", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MSSQL_TDS,
"MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE,
ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP,
"PPTP", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WARCRAFT3,
"Warcraft3", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLD_OF_KUNG_FU,
"WorldOfKungFu", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MS_RPCH,
"MS-RPCH", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW,
"NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 2055, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SFLOW,
"sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 6343, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_CONNECT,
"HTTP_Connect", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 8080, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_subprotocols(ndpi_str, NDPI_PROTOCOL_HTTP_CONNECT,
NDPI_PROTOCOL_MATCHED_BY_CONTENT,
NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS); /* NDPI_PROTOCOL_HTTP_CONNECT can have (content-matched) subprotocols */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_PROXY,
"HTTP_Proxy", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 8080, 3128, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_subprotocols(ndpi_str, NDPI_PROTOCOL_HTTP_PROXY,
NDPI_PROTOCOL_MATCHED_BY_CONTENT,
NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS); /* NDPI_PROTOCOL_HTTP_PROXY can have (content-matched) subprotocols */
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX,
"Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WEBEX,
"Webex", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS,
"Radius", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 1812, 1813, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 1812, 1813, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER,
"TeamViewer", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
ndpi_build_default_ports(ports_a, 5938, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 5938, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LOTUS_NOTES,
"LotusNotes", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE,
ndpi_build_default_ports(ports_a, 1352, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SAP,
"SAP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 3201, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP,
"GTP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 2152, 2123, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP_C,
"GTP_C", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP_U,
"GTP_U", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP_PRIME,
"GTP_PRIME", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HSRP,
"HSRP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 1985, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WSD,
"WSD", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 3702, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ETHERNET_IP,
"EthernetIP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 44818, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TELEGRAM,
"Telegram", NDPI_PROTOCOL_CATEGORY_CHAT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_QUIC,
"QUIC", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 443, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_subprotocols(ndpi_str, NDPI_PROTOCOL_QUIC,
NDPI_PROTOCOL_MATCHED_BY_CONTENT,
NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS); /* NDPI_PROTOCOL_QUIC can have (content-matched) subprotocols */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DIAMETER,
"Diameter", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 3868, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_APPLE_PUSH,
"ApplePush", NDPI_PROTOCOL_CATEGORY_CLOUD,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX,
"Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SPOTIFY,
"Spotify", NDPI_PROTOCOL_CATEGORY_MUSIC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LISP,
"LISP", NDPI_PROTOCOL_CATEGORY_CLOUD,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 4342, 4341, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ,
"EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 6000, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KAKAOTALK_VOICE,
"KakaoTalk_Voice", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MPEGTS,
"MPEG_TS", NDPI_PROTOCOL_CATEGORY_MEDIA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
/* http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LLMNR,
"LLMNR", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 5355, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 5355, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TOCA_BOCA,
"TocaBoca", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 5055, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_H323,
"H323", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 1719, 1720, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 1719, 1720, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OPENVPN,
"OpenVPN", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 1194, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 1194, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NOE,
"NOE", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CISCOVPN,
"CiscoVPN", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 10000, 8008, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TEAMSPEAK,
"TeamSpeak", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_TOR,
"Tor", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKINNY,
"CiscoSkinny", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 2000, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTCP,
"RTCP", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RSYNC,
"RSYNC", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
ndpi_build_default_ports(ports_a, 873, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ORACLE,
"Oracle", NDPI_PROTOCOL_CATEGORY_DATABASE,
ndpi_build_default_ports(ports_a, 1521, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CORBA,
"Corba", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UBUNTUONE,
"UbuntuONE", NDPI_PROTOCOL_CATEGORY_CLOUD,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHOIS_DAS,
"Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 43, 4343, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SD_RTN,
"SD-RTN", NDPI_PROTOCOL_CATEGORY_MEDIA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS,
"SOCKS", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 1080, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 1080, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP,
"TFTP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 69, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP,
"RTMP", NDPI_PROTOCOL_CATEGORY_MEDIA,
ndpi_build_default_ports(ports_a, 1935, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PINTEREST,
"Pinterest", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEGACO,
"Megaco", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 2944, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RESP,
"RESP", NDPI_PROTOCOL_CATEGORY_DATABASE,
ndpi_build_default_ports(ports_a, 6379, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZMQ,
"ZeroMQ", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VHUA,
"VHUA", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 58267, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STARCRAFT,
"Starcraft", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 1119, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2,
"UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VIBER,
"Viber", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 7985, 5242, 5243, 4244, 0), /* TCP */
ndpi_build_default_ports(ports_b, 7985, 7987, 5242, 5243, 4244)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_COAP,
"COAP", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 5683, 5684, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MQTT,
"MQTT", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP,
"SOMEIP", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 30491, 30501, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 30491, 30501, 30490, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX,
"RX", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_GIT,
"Git", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE,
ndpi_build_default_ports(ports_a, 9418, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DRDA,
"DRDA", NDPI_PROTOCOL_CATEGORY_DATABASE,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GOOGLE_MEET,
"GoogleMeet", NDPI_PROTOCOL_CATEGORY_CHAT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GOOGLE_CALL,
"GoogleCall", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP,
"BJNP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP,
"SMPP", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA,
"Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMQP,
"AMQP", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNSCRYPT,
"DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TINC,
"TINC", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FIX,
"FIX", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_NINTENDO,
"Nintendo", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VALVE_SDR,
"SteamDatagramRelay", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AJP,
"AJP", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 8009, 8010, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TARGUS_GETDATA,
"TargusDataspeed", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 5001, 5201, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 5001, 5201, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AMAZON_VIDEO,
"AmazonVideo", NDPI_PROTOCOL_CATEGORY_CLOUD,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNP3,
"DNP3", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 20000, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IEC60870,
"IEC60870", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 2404, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BLOOMBERG,
"Bloomberg", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CAPWAP,
"CAPWAP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 5246, 5247, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZABBIX,
"Zabbix", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 10050, 10051, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_S7COMM,
"S7Comm", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MSTEAMS,
"Teams", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WEBSOCKET,
"WebSocket", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ANYDESK,
"AnyDesk", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOAP,
"SOAP", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MONGODB,
"MongoDB", NDPI_PROTOCOL_CATEGORY_DATABASE,
ndpi_build_default_ports(ports_a, 27017, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_APPLE_SIRI,
"AppleSiri", NDPI_PROTOCOL_CATEGORY_VIRTUAL_ASSISTANT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNAPCHAT_CALL,
"SnapchatCall", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HPVIRTGRP,
"HP_VIRTGRP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GENSHIN_IMPACT,
"GenshinImpact", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 22102, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ACTIVISION,
"Activision", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FORTICLIENT,
"FortiClient", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 8013, 8014, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_Z3950,
"Z3950", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 210, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_LIKEE,
"Likee", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GITLAB,
"GitLab", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_AVAST_SECUREDNS,
"AVASTSecureDNS", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CASSANDRA,
"Cassandra", NDPI_PROTOCOL_CATEGORY_DATABASE,
ndpi_build_default_ports(ports_a, 7000, 9042, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FACEBOOK_VOIP,
"FacebookVoip", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIGNAL_VOIP,
"SignalVoip", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MICROSOFT_AZURE,
"Azure", NDPI_PROTOCOL_CATEGORY_CLOUD,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GOOGLE_CLOUD,
"GoogleCloud", NDPI_PROTOCOL_CATEGORY_CLOUD,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TENCENT,
"Tencent", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_RAKNET,
"RakNet", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XIAOMI,
"Xiaomi", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EDGECAST,
"Edgecast", NDPI_PROTOCOL_CATEGORY_CLOUD,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CACHEFLY,
"Cachefly", NDPI_PROTOCOL_CATEGORY_CLOUD,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOFTETHER,
"Softether", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MPEGDASH,
"MpegDash", NDPI_PROTOCOL_CATEGORY_MEDIA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
/*
Note: removed RSH port 514 as TCP/514 is often used for syslog and RSH is as such on;y
if both source and destination ports are 514. So we removed the default for RSH and used with syslog
*/
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_RSH,
"RSH", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_PIM,
"IP_PIM", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD,
"collectd", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_I3D,
"i3D", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_RIOTGAMES,
"RiotGames", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ULTRASURF,
"UltraSurf", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THREEMA,
"Threema", NDPI_PROTOCOL_CATEGORY_CHAT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ALICLOUD,
"AliCloud", NDPI_PROTOCOL_CATEGORY_CLOUD,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_AVAST,
"AVAST", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TIVOCONNECT,
"TiVoConnect", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 2190, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 2190, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KISMET,
"Kismet", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FASTCGI,
"FastCGI", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTPS,
"FTPS", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NATPMP,
"NAT-PMP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 5351, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SYNCTHING,
"Syncthing", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CRYNET,
"CryNetwork", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LINE,
"Line", NDPI_PROTOCOL_CATEGORY_CHAT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LINE_CALL,
"LineCall", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MUNIN,
"Munin", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 4949, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ELASTICSEARCH,
"Elasticsearch", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TUYA_LP,
"TuyaLP", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 6667, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TPLINK_SHP,
"TPLINK_SHP", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 9999, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 9999, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TAILSCALE,
"Tailscale", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 41641, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOURCE_ENGINE,
"Source_Engine", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 27015, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_BACNET,
"BACnet", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 47808, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OICQ,
"OICQ", NDPI_PROTOCOL_CATEGORY_CHAT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 8000, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HOTS,
"Heroes_of_the_Storm", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SRTP,
"SRTP", NDPI_PROTOCOL_CATEGORY_MEDIA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITCOIN,
"BITCOIN", NDPI_PROTOCOL_CATEGORY_CRYPTO_CURRENCY,
ndpi_build_default_ports(ports_a, 8333, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PROTONVPN,
"ProtonVPN", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_APACHE_THRIFT,
"Thrift", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ROBLOX,
"Roblox", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SERVICE_LOCATION,
"Service_Location_Protocol", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 427, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 427, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MULLVAD,
"Mullvad", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OPERA_VPN,
"OperaVPN", NDPI_PROTOCOL_CATEGORY_VPN,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_HTTP2,
"HTTP2", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_HAPROXY,
"HAProxy", NDPI_PROTOCOL_CATEGORY_WEB,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_RMCP,
"RMCP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 623, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_CAN,
"Controller_Area_Network", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_PROTOBUF,
"Protobuf", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ETHEREUM,
"ETHEREUM", NDPI_PROTOCOL_CATEGORY_CRYPTO_CURRENCY,
ndpi_build_default_ports(ports_a, 30303, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TELEGRAM_VOIP,
"TelegramVoip", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TESLA_SERVICES,
"TeslaServices", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PTPV2,
"PTPv2", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 319, 320, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HART_IP,
"HART-IP", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 5094, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTPS,
"RTPS", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 7401, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OPC_UA,
"OPC-UA", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 4840, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_S7COMM_PLUS,
"S7CommPlus", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FINS,
"FINS", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 9600, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 9600, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ETHERSIO,
"EtherSIO", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 6060, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UMAS,
"UMAS", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BECKHOFF_ADS,
"BeckhoffADS", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 48898, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ISO9506_1_MMS,
"ISO9506-1-MMS", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IEEE_C37118,
"IEEE-C37118", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 4712, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 4713, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ETHERSBUS,
"Ether-S-Bus", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 5050, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MONERO,
"Monero", NDPI_PROTOCOL_CATEGORY_CRYPTO_CURRENCY,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DCERPC,
"DCERPC", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 135, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 135, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_subprotocols(ndpi_str, NDPI_PROTOCOL_DCERPC,
NDPI_PROTOCOL_PROFINET_IO,
NDPI_PROTOCOL_MATCHED_BY_CONTENT,
NDPI_PROTOCOL_NO_MORE_SUBPROTOCOLS);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PROFINET_IO,
"PROFINET_IO", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HISLIP,
"HiSLIP", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 4880, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UFTP,
"UFTP", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 1044, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OPENFLOW,
"OpenFlow", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 6653, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_JSON_RPC,
"JSON-RPC", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WEBDAV,
"WebDAV", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_APACHE_KAFKA,
"Kafka", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 9092, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NOMACHINE,
"NoMachine", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
ndpi_build_default_ports(ports_a, 4000, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 4000, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IEC62056,
"IEC62056", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 4059, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 4059, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HL7,
"HL7", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 2575, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CEPH,
"Ceph", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER,
ndpi_build_default_ports(ports_a, 3300, 6789, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ROUGHTIME,
"Roughtime", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS,
ndpi_build_default_ports(ports_a, 2002, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 2002, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KCP,
"KCP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MUMBLE,
"Mumble", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_YOJIMBO,
"Yojimbo", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STOMP,
"STOMP", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 61613, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADMIN,
"Radmin", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS,
ndpi_build_default_ports(ports_a, 4899, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RAFT,
"Raft", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CIP,
"CIP", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 2222, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GEARMAN,
"Gearman", NDPI_PROTOCOL_CATEGORY_RPC,
ndpi_build_default_ports(ports_a, 4730, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TENCENTGAMES,
"TencentGames", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GAIJIN,
"GaijinEntertainment", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 20011, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_C1222,
"ANSI_C1222", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 1153, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 1153, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DLEP,
"DLEP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 854, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 854, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BFD,
"BFD", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 3784, 3785, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_NETEASE_GAMES,
"NetEaseGames", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PATHOFEXILE,
"PathofExile", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PFCP,
"PFCP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 8805, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FLUTE,
"FLUTE", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_LOLWILDRIFT,
"LoLWildRift", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TESO,
"TES_Online", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LDP,
"LDP", NDPI_PROTOCOL_CATEGORY_NETWORK,
ndpi_build_default_ports(ports_a, 646, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 646, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KNXNET_IP,
"KNXnet_IP", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 3671, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 3671, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EGD,
"EthernetGlobalData", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BFCP,
"BFCP", NDPI_PROTOCOL_CATEGORY_VIDEO,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_IQIYI,
"iQIYI", NDPI_PROTOCOL_CATEGORY_STREAMING,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER_VOIP,
"ViberVoip", NDPI_PROTOCOL_CATEGORY_VOIP,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_COD_MOBILE,
"CoD_Mobile", NDPI_PROTOCOL_CATEGORY_GAME,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZUG,
"ZUG", NDPI_PROTOCOL_CATEGORY_CRYPTO_CURRENCY,
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_main.c"
#endif
/* calling function for host and content matched protocols */
init_string_based_protocols(ndpi_str);
ndpi_validate_protocol_initialization(ndpi_str);
}
/* ****************************************************** */
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_protocols.c"
#endif
/* ****************************************************** */
#ifdef NDPI_ENABLE_DEBUG_MESSAGES
#define MATCH_DEBUG_INFO(fmt, ...) if(txt->option & AC_FEATURE_DEBUG) printf(fmt, ##__VA_ARGS__)
#else
#define MATCH_DEBUG_INFO(fmt, ...)
#endif
/* No static because it is used by fuzzer, too */
int ac_domain_match_handler(AC_MATCH_t *m, AC_TEXT_t *txt, AC_REP_t *match) {
AC_PATTERN_t *pattern = m->patterns;
int i,start,end = m->position;
for(i=0; i < m->match_num && i < 32; i++,pattern++) {
/*
* See ac_automata_exact_match()
* The bit is set if the pattern exactly matches AND
* the length of the pattern is longer than that of the previous one.
* Skip shorter (less precise) templates.
*/
if(!(m->match_map & (1u << i)))
continue;
start = end - pattern->length;
MATCH_DEBUG_INFO("[NDPI] Searching: [to search: %.*s/%u][pattern: %s%.*s%s/%u l:%u] %d-%d\n",
txt->length, txt->astring,(unsigned int) txt->length,
m->patterns[0].rep.from_start ? "^":"",
(unsigned int) pattern->length, pattern->astring,
m->patterns[0].rep.at_end ? "$":"", (unsigned int) pattern->length,m->patterns[0].rep.level,
start,end);
if(start == 0 && end == txt->length) {
*match = pattern->rep; txt->match.last = pattern;
MATCH_DEBUG_INFO("[NDPI] Searching: Found exact match. Proto %d \n",pattern->rep.number);
return 1;
}
/* pattern is DOMAIN.NAME and string x.DOMAIN.NAME ? */
if(start >= 1 && !ndpi_is_middle_string_char(pattern->astring[0])) {
/*
The patch below allows in case of pattern ws.amazon.com
to avoid matching aws.amazon.com whereas a.ws.amazon.com
has to match
*/
if(txt->astring[start-1] == '.') {
if(!txt->match.last || txt->match.last->rep.level < pattern->rep.level) {
txt->match.last = pattern; *match = pattern->rep;
MATCH_DEBUG_INFO("[NDPI] Searching: Found domain match (pre). Proto %d \n",pattern->rep.number);
}
}
continue;
}
/* pattern is -DOMAIN.NAME and string x-DOMAIN.NAME ? */
if(start >= 1 && pattern->astring[0] == '-') {
if(txt->astring[start] == '-') {
if(!txt->match.last || txt->match.last->rep.level < pattern->rep.level) {
txt->match.last = pattern; *match = pattern->rep;
MATCH_DEBUG_INFO("[NDPI] Searching: Found domain match (pre -). Proto %d \n",pattern->rep.number);
}
}
continue;
}
/* pattern is DOMAIN. and string DOMAIN.SOMETHING ? or
DOMAIN- and DOMAIN-SOMETHING */
if(start == 0 && ndpi_is_middle_string_char(pattern->astring[pattern->length - 1])) {
if(!txt->match.last || txt->match.last->rep.level < pattern->rep.level) {
txt->match.last = pattern; *match = pattern->rep;
MATCH_DEBUG_INFO("[NDPI] Searching: Found domain match (post). Proto %d \n",pattern->rep.number);
}
continue;
}
}
return 0;
}
/* ******************************************************************** */
u_int16_t ndpi_patricia_get_maxbits(ndpi_patricia_tree_t *tree) {
if(!tree)
return 0;
return(tree->maxbits);
}
/* ******************************************************************** */
void ndpi_patricia_get_stats(ndpi_patricia_tree_t *tree, struct ndpi_patricia_tree_stats *stats) {
if(tree) {
stats->n_search = tree->stats.n_search;
stats->n_found = tree->stats.n_found;
} else {
stats->n_search = 0;
stats->n_found = 0;
}
}
/* ******************************************************************** */
int ndpi_get_patricia_stats(struct ndpi_detection_module_struct *ndpi_struct,
ptree_type ptree_type,
struct ndpi_patricia_tree_stats *stats) {
if(!ndpi_struct || !stats)
return -1;
switch(ptree_type) {
case NDPI_PTREE_RISK_MASK:
if(!ndpi_struct->ip_risk_mask)
return -1;
ndpi_patricia_get_stats(ndpi_struct->ip_risk_mask->v4, stats);
return 0;
case NDPI_PTREE_RISK_MASK6:
if(!ndpi_struct->ip_risk_mask)
return -1;
ndpi_patricia_get_stats(ndpi_struct->ip_risk_mask->v6, stats);
return 0;
case NDPI_PTREE_RISK:
if(!ndpi_struct->ip_risk)
return -1;
ndpi_patricia_get_stats(ndpi_struct->ip_risk->v4, stats);
return 0;
case NDPI_PTREE_RISK6:
if(!ndpi_struct->ip_risk)
return -1;
ndpi_patricia_get_stats(ndpi_struct->ip_risk->v6, stats);
return 0;
case NDPI_PTREE_PROTOCOLS:
if(!ndpi_struct->protocols)
return -1;
ndpi_patricia_get_stats(ndpi_struct->protocols->v4, stats);
return 0;
case NDPI_PTREE_PROTOCOLS6:
if(!ndpi_struct->protocols)
return -1;
ndpi_patricia_get_stats(ndpi_struct->protocols->v6, stats);
return 0;
default:
return -1;
}
}
/* ****************************************************** */
int ndpi_fill_prefix_v4(ndpi_prefix_t *p, const struct in_addr *a, int b, int mb) {
memset(p, 0, sizeof(ndpi_prefix_t));
if(b < 0 || b > mb)
return(-1);
p->add.sin.s_addr = a->s_addr, p->family = AF_INET, p->bitlen = b, p->ref_count = 0;
return(0);
}
/* ******************************************* */
int ndpi_fill_prefix_v6(ndpi_prefix_t *prefix, const struct in6_addr *addr, int bits, int maxbits) {
memset(prefix, 0, sizeof(ndpi_prefix_t));
if(bits < 0 || bits > maxbits)
return -1;
memcpy(&prefix->add.sin6, addr, (maxbits + 7) / 8);
prefix->family = AF_INET6, prefix->bitlen = bits, prefix->ref_count = 0;
return 0;
}
/* ******************************************* */
int ndpi_fill_prefix_mac(ndpi_prefix_t *prefix, u_int8_t *mac, int bits, int maxbits) {
memset(prefix, 0, sizeof(ndpi_prefix_t));
if(bits < 0 || bits > maxbits)
return -1;
memcpy(prefix->add.mac, mac, 6);
prefix->family = AF_MAC, prefix->bitlen = bits, prefix->ref_count = 0;
return 0;
}
/* ******************************************* */
ndpi_prefix_t *ndpi_patricia_get_node_prefix(ndpi_patricia_node_t *node) {
return(node->prefix);
}
/* ******************************************* */
u_int16_t ndpi_patricia_get_node_bits(ndpi_patricia_node_t *node) {
return(node->bit);
}
/* ******************************************* */
void ndpi_patricia_set_node_data(ndpi_patricia_node_t *node, void *data) {
node->data = data;
}
/* ******************************************* */
void *ndpi_patricia_get_node_data(ndpi_patricia_node_t *node) {
return(node->data);
}
/* ******************************************* */
void ndpi_patricia_set_node_u64(ndpi_patricia_node_t *node, u_int64_t value) {
node->value.u.uv64 = value;
}
/* ******************************************* */
u_int64_t ndpi_patricia_get_node_u64(ndpi_patricia_node_t *node) {
return(node->value.u.uv64);
}
/* ******************************************* */
u_int8_t ndpi_is_public_ipv4(u_int32_t a /* host byte order */) {
if( ((a & 0xFF000000) == 0x0A000000 /* 10.0.0.0/8 */)
|| ((a & 0xFFF00000) == 0xAC100000 /* 172.16.0.0/12 */)
|| ((a & 0xFFFF0000) == 0xC0A80000 /* 192.168.0.0/16 */)
|| ((a & 0xFF000000) == 0x7F000000 /* 127.0.0.0/8 */)
|| ((a & 0xF0000000) == 0xE0000000 /* 224.0.0.0/4 */)
)
return(0);
else
return(1);
}
/* ******************************************* */
u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_str,
struct in_addr *pin /* network byte order */) {
ndpi_prefix_t prefix;
ndpi_patricia_node_t *node;
if(!ndpi_str || !ndpi_str->protocols)
return(NDPI_PROTOCOL_UNKNOWN);
if(ndpi_str->ndpi_num_custom_protocols == 0) {
/*
In case we don't have defined any custom protocol we check the ptree
only in case of public IP addresses as in ndpi_content_match.c.inc
we only have public IP addresses. Instead with custom protocols, users
might have defined private protocols hence we should not skip
the checks below
*/
if(ndpi_is_public_ipv4(ntohl(pin->s_addr)) == 0)
return(NDPI_PROTOCOL_UNKNOWN); /* Non public IP */
}
/* Make sure all in network byte order otherwise compares wont work */
ndpi_fill_prefix_v4(&prefix, pin, 32,
((ndpi_patricia_tree_t *) ndpi_str->protocols->v4)->maxbits);
node = ndpi_patricia_search_best(ndpi_str->protocols->v4, &prefix);
return(node ? node->value.u.uv16[0].user_value : NDPI_PROTOCOL_UNKNOWN);
}
/* ******************************************* */
u_int16_t ndpi_network_port_ptree_match(struct ndpi_detection_module_struct *ndpi_str,
struct in_addr *pin /* network byte order */,
u_int16_t port /* network byte order */) {
ndpi_prefix_t prefix;
ndpi_patricia_node_t *node;
if(!ndpi_str || !ndpi_str->protocols)
return(NDPI_PROTOCOL_UNKNOWN);
if(ndpi_str->ndpi_num_custom_protocols == 0) {
/*
In case we don't have defined any custom protocol we check the ptree
only in case of public IP addresses as in ndpi_content_match.c.inc
we only have public IP addresses. Instead with custom protocols, users
might have defined private protocols hence we should not skip
the checks below
*/
if(ndpi_is_public_ipv4(ntohl(pin->s_addr)) == 0)
return(NDPI_PROTOCOL_UNKNOWN); /* Non public IP */
}
/* Make sure all in network byte order otherwise compares wont work */
ndpi_fill_prefix_v4(&prefix, pin, 32,
((ndpi_patricia_tree_t *) ndpi_str->protocols->v4)->maxbits);
node = ndpi_patricia_search_best(ndpi_str->protocols->v4, &prefix);
if(node) {
int i;
struct patricia_uv16_list *item;
for(i=0; ivalue.u.uv16[i].additional_user_value == 0)
|| (node->value.u.uv16[i].additional_user_value == port))
return(node->value.u.uv16[i].user_value);
}
/*
If we're here it means that we don't have
enough room for our custom value so we need
to check the custom_user_data pointer.
*/
item = (struct patricia_uv16_list*)node->data;
while(item != NULL) {
if(item->value.additional_user_value == port)
return(item->value.user_value);
else
item = item->next;
}
}
return(NDPI_PROTOCOL_UNKNOWN);
}
/* ******************************************* */
u_int16_t ndpi_network_port_ptree6_match(struct ndpi_detection_module_struct *ndpi_str,
struct in6_addr *pin,
u_int16_t port /* network byte order */)
{
ndpi_prefix_t prefix;
ndpi_patricia_node_t *node;
if(!ndpi_str || !ndpi_str->protocols)
return(NDPI_PROTOCOL_UNKNOWN);
/* TODO: check on "private" addresses? */
/* Make sure all in network byte order otherwise compares wont work */
ndpi_fill_prefix_v6(&prefix, pin, 128,
((ndpi_patricia_tree_t *) ndpi_str->protocols->v6)->maxbits);
node = ndpi_patricia_search_best(ndpi_str->protocols->v6, &prefix);
if(node) {
int i;
struct patricia_uv16_list *item;
for(i=0; ivalue.u.uv16[i].additional_user_value == 0)
|| (node->value.u.uv16[i].additional_user_value == port))
return(node->value.u.uv16[i].user_value);
}
/*
If we're here it means that we don't have
enough room for our custom value so we need
to check the custom_user_data pointer.
*/
item = (struct patricia_uv16_list*)node->data;
while(item != NULL) {
if(item->value.additional_user_value == port)
return(item->value.user_value);
else
item = item->next;
}
}
return(NDPI_PROTOCOL_UNKNOWN);
}
/* ******************************************* */
ndpi_risk_enum ndpi_network_risk_ptree_match(struct ndpi_detection_module_struct *ndpi_str,
struct in_addr *pin /* network byte order */) {
ndpi_prefix_t prefix;
ndpi_patricia_node_t *node;
if(!ndpi_str || !ndpi_str->ip_risk)
return(NDPI_NO_RISK);
/* Make sure all in network byte order otherwise compares wont work */
ndpi_fill_prefix_v4(&prefix, pin, 32,
((ndpi_patricia_tree_t *) ndpi_str->ip_risk->v4)->maxbits);
node = ndpi_patricia_search_best(ndpi_str->ip_risk->v4, &prefix);
if(node)
return((ndpi_risk_enum)node->value.u.uv16[0].user_value);
return(NDPI_NO_RISK);
}
/* ******************************************* */
ndpi_risk_enum ndpi_network_risk_ptree_match6(struct ndpi_detection_module_struct *ndpi_str,
struct in6_addr *pin) {
ndpi_prefix_t prefix;
ndpi_patricia_node_t *node;
/* Make sure all in network byte order otherwise compares wont work */
ndpi_fill_prefix_v6(&prefix, pin, 128,
((ndpi_patricia_tree_t *) ndpi_str->ip_risk->v6)->maxbits);
node = ndpi_patricia_search_best(ndpi_str->ip_risk->v6, &prefix);
if(node)
return((ndpi_risk_enum)node->value.u.uv16[0].user_value);
return(NDPI_NO_RISK);
}
/* ******************************************* */
static ndpi_patricia_node_t* add_to_ptree(ndpi_patricia_tree_t *tree, int family, void *addr, int bits) {
ndpi_prefix_t prefix;
ndpi_patricia_node_t *node;
if(family == AF_INET)
ndpi_fill_prefix_v4(&prefix, (struct in_addr *) addr, bits, tree->maxbits);
else
ndpi_fill_prefix_v6(&prefix, (struct in6_addr *) addr, bits, tree->maxbits);
node = ndpi_patricia_lookup(tree, &prefix);
/* if(node) memset(&node->value, 0, sizeof(node->value)); */
return(node);
}
/* ******************************************* */
/*
Load a file containing IPv4 OR IPv6 addresses in CIDR format as 'protocol_id'
Return: the number of entries loaded or -1 in case of error
*/
int ndpi_load_ptree_file(ndpi_ptree_t *ptree,
const char *path,
u_int16_t protocol_id) {
char buffer[1024], *line, *addr, *cidr, *saveptr;
FILE *fd;
int len;
u_int num_loaded = 0;
if( !path || !ptree)
return(-1);
fd = fopen(path, "r");
if(fd == NULL) {
/* NDPI_LOG_ERR(NULL, "Unable to open file %s [%s]\n", path, strerror(errno)); */
return(-1);
}
while(1) {
line = fgets(buffer, sizeof(buffer), fd);
if(line == NULL)
break;
len = strlen(line);
if((len <= 1) || (line[0] == '#'))
continue;
line[len - 1] = '\0';
addr = strtok_r(line, "/", &saveptr);
if(addr) {
ndpi_patricia_node_t *node;
bool is_ipv4 = strchr(addr, ':') ? false : true;
cidr = strtok_r(NULL, "\n", &saveptr);
if(is_ipv4) {
struct in_addr addr4;
addr4.s_addr = inet_addr(addr);
/* printf("+ %s/%d\n", addr, cidr ? atoi(cidr) : 32); */
node = add_to_ptree(ptree->v4, AF_INET, &addr4, cidr ? atoi(cidr) : 32 /* bits */);
} else {
struct in6_addr addr6;
if(inet_pton(AF_INET6, addr, &addr6) == 1)
node = add_to_ptree(ptree->v6, AF_INET6, &addr6, cidr ? atoi(cidr) : 128);
else
node = NULL;
}
if(node != NULL) {
u_int i, found = 0;
for(i=0; ivalue.u.uv16[i].user_value == 0) {
node->value.u.uv16[i].user_value = protocol_id,
node->value.u.uv16[i].additional_user_value = 0 /* port */;
found = 1;
break;
}
}
if(found)
num_loaded++;
}
}
}
fclose(fd);
return(num_loaded);
}
/* ******************************************* */
/*
Load a file containing IPv4 addresses in CIDR format as 'protocol_id'
Return: the number of entries loaded or -1 in case of error
*/
int ndpi_load_ipv4_ptree(struct ndpi_detection_module_struct *ndpi_str,
const char *path, u_int16_t protocol_id) {
if(!ndpi_str)
return -1;
return(ndpi_load_ptree_file(ndpi_str->protocols, path, protocol_id));
}
/* ******************************************* */
static void ndpi_init_ptree_ipv4(ndpi_patricia_tree_t *ptree, ndpi_network host_list[]) {
int i;
for(i = 0; host_list[i].network != 0x0; i++) {
struct in_addr pin;
ndpi_patricia_node_t *node;
pin.s_addr = htonl(host_list[i].network);
if((node = add_to_ptree(ptree, AF_INET, &pin, host_list[i].cidr /* bits */)) != NULL) {
/*
Two main cases:
1) ip -> protocol: uv16[0].user_value = protocol; uv16[0].additional_user_value = 0;
2) ip -> risk: uv16[0].user_value = risk; uv16[0].additional_user_value = 0;
*/
node->value.u.uv16[0].user_value = host_list[i].value, node->value.u.uv16[0].additional_user_value = 0;
}
}
}
/* ******************************************* */
static void ndpi_init_ptree_ipv6(struct ndpi_detection_module_struct *ndpi_str,
ndpi_patricia_tree_t *ptree, ndpi_network6 host_list[]) {
int i;
for(i = 0; host_list[i].network != NULL; i++) {
int rc;
struct in6_addr pin;
ndpi_patricia_node_t *node;
rc = inet_pton(AF_INET6, host_list[i].network, &pin);
if (rc != 1) {
NDPI_LOG_ERR(ndpi_str, "Invalid ipv6 address [%s]: %d\n", host_list[i].network, rc);
continue;
}
if((node = add_to_ptree(ptree, AF_INET6, &pin, host_list[i].cidr /* bits */)) != NULL) {
node->value.u.uv16[0].user_value = host_list[i].value, node->value.u.uv16[0].additional_user_value = 0;
}
}
}
/* ******************************************* */
static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndpi_str,
char *value, u_int16_t protocol_id,
u_int8_t is_ipv6) {
ndpi_patricia_node_t *node;
struct in_addr pin;
struct in6_addr pin6;
int bits = 32;
char *ptr = strrchr(value, '/');
u_int16_t port = 0; /* Format ip:8.248.73.247 */
/* Format ipv6:[fe80::76ac:b9ff:fe6c:c124]/64 */
char *double_column = NULL;
bool value_ready = false;
struct addrinfo hints, *result, *rp;
if(value[0] == '[') {
is_ipv6 = 1;
bits = 128;
value += 1;
}
if(ptr) {
ptr[0] = '\0';
ptr++;
if((double_column = strrchr(ptr, ':')) != NULL) {
double_column[0] = '\0';
port = atoi(&double_column[1]);
}
if(!is_ipv6) {
if(atoi(ptr) >= 0 && atoi(ptr) <= 32)
bits = atoi(ptr);
} else {
if(atoi(ptr) >= 0 && atoi(ptr) <= 128)
bits = atoi(ptr);
ptr = strrchr(value, ']');
if(ptr)
*ptr = '\0';
}
} else {
/*
Let's check if there is the port defined
Example: ip:8.248.73.247:443@AmazonPrime
Example: ipv6:[fe80::76ac:b9ff:fe6c:c124]:36818@CustomProtocolF
*/
if(!is_ipv6) {
double_column = strrchr(value, ':');
} else {
ptr = strrchr(value, ']');
if(ptr) {
double_column = strrchr(ptr, ':');
*ptr = '\0';
}
}
if(double_column) {
double_column[0] = '\0';
port = atoi(&double_column[1]);
}
}
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = AI_CANONNAME;
if(!is_ipv6 && ndpi_str->protocols) {
/* Check if the IP address is symbolic or numeric */
unsigned int d[4];
char tail[16] = { '\0' };
int c = sscanf(value, "%3u.%3u.%3u.%3u%15s",
&d[0], &d[1], &d[2], &d[3], tail);
if ((c != 4) || tail[0]) {
/* This might be a symbolic IPv4 address */
if(getaddrinfo(value, NULL, &hints, &result) != 0)
return(-1);
for(rp = result; rp != NULL; rp = rp->ai_next) {
if(rp->ai_family == AF_INET) {
struct sockaddr_in *addr = (struct sockaddr_in *)rp->ai_addr;
memcpy(&pin, &(addr->sin_addr), sizeof(struct in_addr));
value_ready = true;
bits = 32;
break;
}
}
freeaddrinfo(result);
}
if(!value_ready) {
if(inet_pton(AF_INET, value, &pin) != 1)
return(-1);
}
node = add_to_ptree(ndpi_str->protocols->v4, AF_INET, &pin, bits);
} else if(is_ipv6 && ndpi_str->protocols) {
if(strchr(value, ':') == NULL) {
/* This might be a symbolic IPv6 address */
if(getaddrinfo(value, NULL, &hints, &result) != 0)
return(-1);
for(rp = result; rp != NULL; rp = rp->ai_next) {
if(rp->ai_family == AF_INET6) {
struct sockaddr_in6 *addr = (struct sockaddr_in6 *)rp->ai_addr;
memcpy(&pin6, &(addr->sin6_addr), sizeof(struct in6_addr));
value_ready = true;
bits = 128;
break;
}
}
freeaddrinfo(result);
}
if(!value_ready) {
if(inet_pton(AF_INET6, value, &pin6) != 1)
return(-1);
}
node = add_to_ptree(ndpi_str->protocols->v6, AF_INET6, &pin6, bits);
} else {
return(-1);
}
if(node != NULL) {
int i;
struct patricia_uv16_list *item;
for(i=0; ivalue.u.uv16[i].user_value == 0) {
node->value.u.uv16[i].user_value = protocol_id, node->value.u.uv16[i].additional_user_value = htons(port);
return(0);
}
} /* for */
/*
If we're here it means that we don't have
enough room for our custom value
*/
item = (struct patricia_uv16_list*)ndpi_malloc(sizeof(struct patricia_uv16_list));
if(item != NULL) {
item->value.user_value = protocol_id,
item->value.additional_user_value = htons(port),
item->next = (struct patricia_uv16_list*)node->data;
node->data = item;
return(0);
}
return(-1); /* All slots are full */
}
return(0);
}
void set_ndpi_flow_malloc(void *(*__ndpi_flow_malloc)(size_t size)) {
_ndpi_flow_malloc = __ndpi_flow_malloc;
}
void set_ndpi_flow_free(void (*__ndpi_flow_free)(void *ptr)) {
_ndpi_flow_free = __ndpi_flow_free;
}
#ifdef NDPI_ENABLE_DEBUG_MESSAGES
void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct *ndpi_str, ndpi_log_level_t log_level,
const char *file_name, const char *func_name, unsigned int line_number, const char *format, ...) {
va_list args;
#define MAX_STR_LEN 250
char str[MAX_STR_LEN];
if(ndpi_str != NULL && log_level > NDPI_LOG_ERROR && proto > 0 && proto < NDPI_MAX_SUPPORTED_PROTOCOLS &&
!NDPI_ISSET(&ndpi_str->cfg.debug_bitmask, proto))
return;
va_start(args, format);
ndpi_vsnprintf(str, sizeof(str) - 1, format, args);
va_end(args);
/* While fuzzing, we want to test log code, but we don't want to log anything! */
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
if(ndpi_str != NULL || (file_name != NULL && func_name != NULL)) {
printf("%s:%s:%-3d - [%u]: %s", file_name, func_name, line_number, proto, str);
} else {
printf("Proto: %u, %s", proto, str);
}
#else
(void)file_name;
(void)func_name;
(void)line_number;
#endif
}
#endif
/* ****************************************** */
void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi_debug_function_ptr ndpi_debug_printf) {
#ifdef NDPI_ENABLE_DEBUG_MESSAGES
if(ndpi_str)
ndpi_str->ndpi_debug_printf = ndpi_debug_printf;
#else
(void)ndpi_str;
(void)ndpi_debug_printf;
#endif
}
/* ****************************************** */
/* Keep it in order and in sync with ndpi_protocol_category_t in ndpi_typedefs.h */
static const char *categories[] = {
"Unspecified",
"Media",
"VPN",
"Email",
"DataTransfer",
"Web",
"SocialNetwork",
"Download",
"Game",
"Chat",
"VoIP",
"Database",
"RemoteAccess",
"Cloud",
"Network",
"Collaborative",
"RPC",
"Streaming",
"System",
"SoftwareUpdate",
"",
"",
"",
"",
"",
"Music",
"Video",
"Shopping",
"Productivity",
"FileSharing",
"ConnCheck",
"IoT-Scada",
"VirtAssistant",
"Cybersecurity",
"AdultContent",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"",
"Mining", /* 99 */
"Malware",
"Advertisement",
"Banned_Site",
"Site_Unavailable",
"Allowed_Site",
"Antimalware",
"Crypto_Currency",
"Gambling"
};
#if !defined(NDPI_CFFI_PREPROCESSING) && defined(__linux__)
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
_Static_assert(sizeof(categories) / sizeof(char *) == NDPI_PROTOCOL_NUM_CATEGORIES,
"Invalid categories length. Do you need to update 'categories' array or 'ndpi_protocol_category_t'?");
#endif
#endif
/* *********************************************** */
static void free_ptree_data(void *data) {
struct patricia_uv16_list *item = (struct patricia_uv16_list *)data;
while(item != NULL) {
struct patricia_uv16_list *next = item->next;
ndpi_free(item);
item = next;
}
}
struct ndpi_global_context *ndpi_global_init(void) {
#ifndef USE_GLOBAL_CONTEXT
return NULL;
#else
struct ndpi_global_context *g_ctx = ndpi_calloc(1, sizeof(struct ndpi_global_context));
if(g_ctx == NULL)
return(NULL);
/* Global caches (if any) are initialized during the initialization
of the local context(s) */
/* Note that we don't have yet an easy way to log from this function */
return g_ctx;
#endif
}
/* ******************************************************************** */
void ndpi_global_deinit(struct ndpi_global_context *g_ctx) {
/* Note that we don't have yet an easy way to log from this function */
if(g_ctx) {
/* Global caches are freed here, so that we are able to get statistics even
after the uninitialization of all the local contexts */
if(g_ctx->ookla_global_cache)
ndpi_lru_free_cache(g_ctx->ookla_global_cache);
if(g_ctx->bittorrent_global_cache)
ndpi_lru_free_cache(g_ctx->bittorrent_global_cache);
if(g_ctx->stun_global_cache)
ndpi_lru_free_cache(g_ctx->stun_global_cache);
if(g_ctx->stun_zoom_global_cache)
ndpi_lru_free_cache(g_ctx->stun_zoom_global_cache);
if(g_ctx->tls_cert_global_cache)
ndpi_lru_free_cache(g_ctx->tls_cert_global_cache);
if(g_ctx->mining_global_cache)
ndpi_lru_free_cache(g_ctx->mining_global_cache);
if(g_ctx->msteams_global_cache)
ndpi_lru_free_cache(g_ctx->msteams_global_cache);
ndpi_free(g_ctx);
}
}
/* ******************************************************************** */
struct ndpi_detection_module_struct *ndpi_init_detection_module(struct ndpi_global_context *g_ctx) {
struct ndpi_detection_module_struct *ndpi_str = ndpi_malloc(sizeof(struct ndpi_detection_module_struct));
int i;
if(ndpi_str == NULL) {
/* Logging this error is a bit tricky. At this point, we can't use NDPI_LOG*
functions yet, we don't have a custom log function and, as a library,
we shouldn't use stdout/stderr. Since this error is quite unlikely,
simply avoid any logs at all */
return(NULL);
}
#ifdef WIN32
/* Required to use getaddrinfo on Windows */
WSADATA wsaData;
WSAStartup(MAKEWORD(2, 2), &wsaData);
#endif
memset(ndpi_str, 0, sizeof(struct ndpi_detection_module_struct));
#ifdef NDPI_ENABLE_DEBUG_MESSAGES
set_ndpi_debug_function(ndpi_str, (ndpi_debug_function_ptr) ndpi_debug_printf);
#endif /* NDPI_ENABLE_DEBUG_MESSAGES */
if((ndpi_str->protocols = ndpi_ptree_create()) == NULL) {
NDPI_LOG_ERR(ndpi_str, "[NDPI] Error allocating tree\n");
ndpi_exit_detection_module(ndpi_str);
return NULL;
}
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, host_protocol_list);
ndpi_str->ip_risk_mask = ndpi_ptree_create();
ndpi_str->g_ctx = g_ctx;
set_default_config(&ndpi_str->cfg);
NDPI_BITMASK_SET_ALL(ndpi_str->detection_bitmask);
ndpi_str->user_data = NULL;
ndpi_str->tcp_max_retransmission_window_size = NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE;
ndpi_str->ndpi_num_supported_protocols = NDPI_MAX_SUPPORTED_PROTOCOLS;
ndpi_str->ndpi_num_custom_protocols = 0;
ndpi_str->host_automa.ac_automa = ac_automata_init(ac_domain_match_handler);
if(!ndpi_str->host_automa.ac_automa) {
ndpi_exit_detection_module(ndpi_str);
return(NULL);
}
ndpi_str->host_risk_mask_automa.ac_automa = ac_automata_init(ac_domain_match_handler);
if(!ndpi_str->host_risk_mask_automa.ac_automa) {
ndpi_exit_detection_module(ndpi_str);
return(NULL);
}
ndpi_str->common_alpns_automa.ac_automa = ac_automata_init(ac_domain_match_handler);
if(!ndpi_str->common_alpns_automa.ac_automa) {
ndpi_exit_detection_module(ndpi_str);
return(NULL);
}
load_common_alpns(ndpi_str);
ndpi_str->tls_cert_subject_automa.ac_automa = ac_automata_init(NULL);
if(!ndpi_str->tls_cert_subject_automa.ac_automa) {
ndpi_exit_detection_module(ndpi_str);
return(NULL);
}
ndpi_str->malicious_ja3_hashmap = NULL; /* Initialized on demand */
ndpi_str->malicious_sha1_hashmap = NULL; /* Initialized on demand */
ndpi_str->risky_domain_automa.ac_automa = NULL; /* Initialized on demand */
ndpi_str->trusted_issuer_dn = NULL;
#ifdef USE_LEGACY_AHO_CORASICK
ndpi_str->custom_categories.hostnames.ac_automa = ac_automata_init(ac_domain_match_handler);
if(!ndpi_str->custom_categories.hostnames.ac_automa) {
ndpi_exit_detection_module(ndpi_str);
return(NULL);
}
ndpi_str->custom_categories.hostnames_shadow.ac_automa = ac_automata_init(ac_domain_match_handler);
if(!ndpi_str->custom_categories.hostnames_shadow.ac_automa) {
ndpi_exit_detection_module(ndpi_str);
return(NULL);
}
if(ndpi_str->custom_categories.hostnames.ac_automa)
ac_automata_feature(ndpi_str->custom_categories.hostnames.ac_automa, AC_FEATURE_LC);
if(ndpi_str->custom_categories.hostnames_shadow.ac_automa)
ac_automata_feature(ndpi_str->custom_categories.hostnames_shadow.ac_automa, AC_FEATURE_LC);
if(ndpi_str->custom_categories.hostnames.ac_automa)
ac_automata_name(ndpi_str->custom_categories.hostnames.ac_automa, "ccat", 0);
if(ndpi_str->custom_categories.hostnames_shadow.ac_automa)
ac_automata_name(ndpi_str->custom_categories.hostnames_shadow.ac_automa, "ccat_sh", 0);
#else
ndpi_str->custom_categories.sc_hostnames = ndpi_domain_classify_alloc();
if(!ndpi_str->custom_categories.sc_hostnames) {
ndpi_exit_detection_module(ndpi_str);
return(NULL);
}
ndpi_str->custom_categories.sc_hostnames_shadow = ndpi_domain_classify_alloc();
if(!ndpi_str->custom_categories.sc_hostnames_shadow) {
ndpi_exit_detection_module(ndpi_str);
return(NULL);
}
#endif
ndpi_str->custom_categories.ipAddresses = ndpi_patricia_new(32 /* IPv4 */);
ndpi_str->custom_categories.ipAddresses_shadow = ndpi_patricia_new(32 /* IPv4 */);
ndpi_str->custom_categories.ipAddresses6 = ndpi_patricia_new(128 /* IPv6 */);
ndpi_str->custom_categories.ipAddresses6_shadow = ndpi_patricia_new(128 /* IPv6 */);
if(ndpi_str->host_automa.ac_automa)
ac_automata_feature(ndpi_str->host_automa.ac_automa,AC_FEATURE_LC);
if(ndpi_str->tls_cert_subject_automa.ac_automa)
ac_automata_feature(ndpi_str->tls_cert_subject_automa.ac_automa,AC_FEATURE_LC);
if(ndpi_str->host_risk_mask_automa.ac_automa)
ac_automata_feature(ndpi_str->host_risk_mask_automa.ac_automa,AC_FEATURE_LC);
if(ndpi_str->common_alpns_automa.ac_automa)
ac_automata_feature(ndpi_str->common_alpns_automa.ac_automa,AC_FEATURE_LC);
/* ahocorasick debug */
/* Needed ac_automata_enable_debug(1) for show debug */
if(ndpi_str->host_automa.ac_automa)
ac_automata_name(ndpi_str->host_automa.ac_automa,"host",AC_FEATURE_DEBUG);
if(ndpi_str->tls_cert_subject_automa.ac_automa)
ac_automata_name(ndpi_str->tls_cert_subject_automa.ac_automa,"tls_cert",AC_FEATURE_DEBUG);
if(ndpi_str->host_risk_mask_automa.ac_automa)
ac_automata_name(ndpi_str->host_risk_mask_automa.ac_automa,"content",AC_FEATURE_DEBUG);
if(ndpi_str->common_alpns_automa.ac_automa)
ac_automata_name(ndpi_str->common_alpns_automa.ac_automa,"content",AC_FEATURE_DEBUG);
if((ndpi_str->custom_categories.ipAddresses == NULL) || (ndpi_str->custom_categories.ipAddresses_shadow == NULL) ||
(ndpi_str->custom_categories.ipAddresses6 == NULL) || (ndpi_str->custom_categories.ipAddresses6_shadow == NULL)) {
NDPI_LOG_ERR(ndpi_str, "[NDPI] Error allocating Patricia trees\n");
ndpi_exit_detection_module(ndpi_str);
return(NULL);
}
for(i = 0; i < NUM_CUSTOM_CATEGORIES; i++)
ndpi_snprintf(ndpi_str->custom_category_labels[i], CUSTOM_CATEGORY_LABEL_LEN, "User custom category %u",
(unsigned int) (i + 1));
return(ndpi_str);
}
/* *********************************************** */
/*
This function adds some exceptions for popular domain names
in order to avoid "false" positives and avoid polluting
results
*/
static void ndpi_add_domain_risk_exceptions(struct ndpi_detection_module_struct *ndpi_str) {
const char *domains[] = {
".local",
".work",
/* DGA's are used for caching */
"akamaihd.net",
"dropboxusercontent.com",
NULL /* End */
};
const ndpi_risk risks_to_mask[] = {
NDPI_SUSPICIOUS_DGA_DOMAIN,
NDPI_BINARY_APPLICATION_TRANSFER,
NDPI_NUMERIC_IP_HOST,
NDPI_MALICIOUS_JA3,
NDPI_NO_RISK /* End */
};
u_int i;
ndpi_risk mask = ((ndpi_risk)-1);
for(i=0; risks_to_mask[i] != NDPI_NO_RISK; i++)
mask &= ~(1ULL << risks_to_mask[i]);
for(i=0; domains[i] != NULL; i++)
ndpi_add_host_risk_mask(ndpi_str, (char*)domains[i], mask);
for(i=0; host_match[i].string_to_match != NULL; i++) {
switch(host_match[i].protocol_category) {
case NDPI_PROTOCOL_CATEGORY_CONNECTIVITY_CHECK:
case NDPI_PROTOCOL_CATEGORY_CYBERSECURITY:
ndpi_add_host_risk_mask(ndpi_str, (char*)host_match[i].string_to_match, mask);
break;
default:
/* Nothing to do */
break;
}
}
}
/* *********************************************** */
static int is_ip_list_enabled(struct ndpi_detection_module_struct *ndpi_str, int protoId)
{
if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_str->cfg.ip_list_bitmask, protoId) == 0)
return 0;
return 1;
}
/* *********************************************** */
int ndpi_finalize_initialization(struct ndpi_detection_module_struct *ndpi_str) {
u_int i;
if(!ndpi_str)
return -1;
if(!ndpi_str->custom_categories.categories_loaded)
ndpi_enable_loaded_categories(ndpi_str);
if(ndpi_str->finalized) /* Already finalized */
return 0;
if(ndpi_str->cfg.libgcrypt_init) {
if(!gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) {
const char *gcrypt_ver = gcry_check_version(NULL);
if(!gcrypt_ver) {
NDPI_LOG_ERR(ndpi_str, "Error initializing libgcrypt\n");
}
NDPI_LOG_DBG(ndpi_str, "Libgcrypt %s\n", gcrypt_ver);
/* Tell Libgcrypt that initialization has completed. */
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
}
} else {
NDPI_LOG_DBG(ndpi_str, "Libgcrypt initialization skipped\n");
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_AMAZON_AWS)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_amazon_aws_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_amazon_aws_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_MICROSOFT_AZURE)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_microsoft_azure_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_microsoft_azure_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_CACHEFLY)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_cachefly_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_cachefly_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_CLOUDFLARE)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_cloudflare_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_cloudflare_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_GOOGLE)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_google_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_google_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_GOOGLE_CLOUD)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_google_cloud_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_google_cloud_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_MICROSOFT_365)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_microsoft_365_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_microsoft_365_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_MS_ONE_DRIVE)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_ms_one_drive_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_ms_one_drive_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_MS_OUTLOOK)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_ms_outlook_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_ms_outlook_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_SKYPE_TEAMS)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_skype_teams_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_skype_teams_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_PROTONVPN)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_protonvpn_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_protonvpn_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_TOR)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_tor_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_tor_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_WHATSAPP)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_whatsapp_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_whatsapp_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_ETHEREUM)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_ethereum_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_ethereum_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_ZOOM)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_zoom_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_zoom_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_MULLVAD)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_mullvad_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_mullvad_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_TELEGRAM)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_telegram_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_telegram_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_APPLE)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_apple_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_apple_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_TWITTER)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_twitter_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_twitter_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_NETFLIX)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_netflix_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_netflix_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_WEBEX)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_webex_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_webex_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_TEAMVIEWER)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_teamviewer_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_teamviewer_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_FACEBOOK)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_facebook_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_facebook_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_TENCENT)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_tencent_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_tencent_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_OPENDNS)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_opendns_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_opendns_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_DROPBOX)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_dropbox_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_dropbox_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_STARCRAFT)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_starcraft_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_starcraft_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_UBUNTUONE)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_ubuntuone_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_ubuntuone_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_TWITCH)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_twitch_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_twitch_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_HOTSPOT_SHIELD)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_hotspot_shield_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_hotspot_shield_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_GITHUB)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_github_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_github_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_STEAM)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_steam_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_steam_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_BLOOMBERG)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_bloomberg_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_bloomberg_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_EDGECAST)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_edgecast_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_edgecast_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_GOTO)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_goto_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_goto_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_RIOTGAMES)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_riotgames_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_riotgames_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_THREEMA)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_threema_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_threema_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_ALIBABA)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_alibaba_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_alibaba_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_AVAST)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_avast_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_avast_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_DISCORD)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_discord_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_discord_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_LINE)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_line_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_line_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_VK)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_vk_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_vk_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_YANDEX)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_yandex_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_yandex_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_YANDEX_CLOUD)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_yandex_cloud_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_yandex_cloud_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_DISNEYPLUS)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_disneyplus_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_disneyplus_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_HULU)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_hulu_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_hulu_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_EPICGAMES)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_epicgames_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_epicgames_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_NVIDIA)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_nvidia_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_nvidia_protocol_list_6);
}
if(is_ip_list_enabled(ndpi_str, NDPI_PROTOCOL_ROBLOX)) {
ndpi_init_ptree_ipv4(ndpi_str->protocols->v4, ndpi_protocol_roblox_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->protocols->v6, ndpi_protocol_roblox_protocol_list_6);
}
if(ndpi_str->cfg.flow_risk_lists_enabled) {
if((ndpi_str->ip_risk = ndpi_ptree_create()) == NULL) {
NDPI_LOG_ERR(ndpi_str, "[NDPI] Error allocating risk tree\n");
return -1;
}
if(ndpi_str->cfg.risk_anonymous_subscriber_list_icloudprivaterelay_enabled) {
ndpi_init_ptree_ipv4(ndpi_str->ip_risk->v4, ndpi_anonymous_subscriber_icloud_private_relay_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->ip_risk->v6, ndpi_anonymous_subscriber_icloud_private_relay_protocol_list_6);
}
if(ndpi_str->cfg.risk_anonymous_subscriber_list_protonvpn_enabled) {
ndpi_init_ptree_ipv4(ndpi_str->ip_risk->v4, ndpi_anonymous_subscriber_protonvpn_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->ip_risk->v6, ndpi_anonymous_subscriber_protonvpn_protocol_list_6);
}
if(ndpi_str->cfg.risk_crawler_bot_list_enabled) {
ndpi_init_ptree_ipv4(ndpi_str->ip_risk->v4, ndpi_http_crawler_bot_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->ip_risk->v6, ndpi_http_crawler_bot_protocol_list_6);
}
}
ndpi_add_domain_risk_exceptions(ndpi_str);
if(ndpi_str->cfg.ookla_cache_num_entries > 0) {
if(ndpi_str->cfg.ookla_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) {
if(!ndpi_str->g_ctx->ookla_global_cache) {
ndpi_str->g_ctx->ookla_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.ookla_cache_num_entries,
ndpi_str->cfg.ookla_cache_ttl, 1);
}
ndpi_str->ookla_cache = ndpi_str->g_ctx->ookla_global_cache;
} else {
ndpi_str->ookla_cache = ndpi_lru_cache_init(ndpi_str->cfg.ookla_cache_num_entries,
ndpi_str->cfg.ookla_cache_ttl, 0);
}
if(!ndpi_str->ookla_cache) {
NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n",
ndpi_str->cfg.ookla_cache_num_entries);
}
}
if(ndpi_str->cfg.bittorrent_cache_num_entries > 0) {
if(ndpi_str->cfg.bittorrent_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) {
if(!ndpi_str->g_ctx->bittorrent_global_cache) {
ndpi_str->g_ctx->bittorrent_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.bittorrent_cache_num_entries,
ndpi_str->cfg.bittorrent_cache_ttl, 1);
}
ndpi_str->bittorrent_cache = ndpi_str->g_ctx->bittorrent_global_cache;
} else {
ndpi_str->bittorrent_cache = ndpi_lru_cache_init(ndpi_str->cfg.bittorrent_cache_num_entries,
ndpi_str->cfg.bittorrent_cache_ttl, 0);
}
if(!ndpi_str->bittorrent_cache) {
NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n",
ndpi_str->cfg.bittorrent_cache_num_entries);
}
}
if(ndpi_str->cfg.stun_cache_num_entries > 0) {
if(ndpi_str->cfg.stun_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) {
if(!ndpi_str->g_ctx->stun_global_cache) {
ndpi_str->g_ctx->stun_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.stun_cache_num_entries,
ndpi_str->cfg.stun_cache_ttl, 1);
}
ndpi_str->stun_cache = ndpi_str->g_ctx->stun_global_cache;
} else {
ndpi_str->stun_cache = ndpi_lru_cache_init(ndpi_str->cfg.stun_cache_num_entries,
ndpi_str->cfg.stun_cache_ttl, 0);
}
if(!ndpi_str->stun_cache) {
NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n",
ndpi_str->cfg.stun_cache_num_entries);
}
}
if(ndpi_str->cfg.tls_cert_cache_num_entries > 0) {
if(ndpi_str->cfg.tls_cert_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) {
if(!ndpi_str->g_ctx->tls_cert_global_cache) {
ndpi_str->g_ctx->tls_cert_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.tls_cert_cache_num_entries,
ndpi_str->cfg.tls_cert_cache_ttl, 1);
}
ndpi_str->tls_cert_cache = ndpi_str->g_ctx->tls_cert_global_cache;
} else {
ndpi_str->tls_cert_cache = ndpi_lru_cache_init(ndpi_str->cfg.tls_cert_cache_num_entries,
ndpi_str->cfg.tls_cert_cache_ttl, 0);
}
if(!ndpi_str->tls_cert_cache) {
NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n",
ndpi_str->cfg.tls_cert_cache_num_entries);
}
}
if(ndpi_str->cfg.mining_cache_num_entries > 0) {
if(ndpi_str->cfg.mining_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) {
if(!ndpi_str->g_ctx->mining_global_cache) {
ndpi_str->g_ctx->mining_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.mining_cache_num_entries,
ndpi_str->cfg.mining_cache_ttl, 1);
}
ndpi_str->mining_cache = ndpi_str->g_ctx->mining_global_cache;
} else {
ndpi_str->mining_cache = ndpi_lru_cache_init(ndpi_str->cfg.mining_cache_num_entries,
ndpi_str->cfg.mining_cache_ttl, 0);
}
if(!ndpi_str->mining_cache) {
NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n",
ndpi_str->cfg.mining_cache_num_entries);
}
}
if(ndpi_str->cfg.msteams_cache_num_entries > 0) {
if(ndpi_str->cfg.msteams_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) {
if(!ndpi_str->g_ctx->msteams_global_cache) {
ndpi_str->g_ctx->msteams_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.msteams_cache_num_entries,
ndpi_str->cfg.msteams_cache_ttl, 1);
}
ndpi_str->msteams_cache = ndpi_str->g_ctx->msteams_global_cache;
} else {
ndpi_str->msteams_cache = ndpi_lru_cache_init(ndpi_str->cfg.msteams_cache_num_entries,
ndpi_str->cfg.msteams_cache_ttl, 0);
}
if(!ndpi_str->msteams_cache) {
NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n",
ndpi_str->cfg.msteams_cache_num_entries);
}
}
if(ndpi_str->cfg.stun_zoom_cache_num_entries > 0) {
if(ndpi_str->cfg.stun_zoom_cache_scope == NDPI_LRUCACHE_SCOPE_GLOBAL) {
if(!ndpi_str->g_ctx->stun_zoom_global_cache) {
ndpi_str->g_ctx->stun_zoom_global_cache = ndpi_lru_cache_init(ndpi_str->cfg.stun_zoom_cache_num_entries,
ndpi_str->cfg.stun_zoom_cache_ttl, 1);
}
ndpi_str->stun_zoom_cache = ndpi_str->g_ctx->stun_zoom_global_cache;
} else {
ndpi_str->stun_zoom_cache = ndpi_lru_cache_init(ndpi_str->cfg.stun_zoom_cache_num_entries,
ndpi_str->cfg.stun_zoom_cache_ttl, 0);
}
if(!ndpi_str->stun_zoom_cache) {
NDPI_LOG_ERR(ndpi_str, "Error allocating lru cache (num_entries %u)\n",
ndpi_str->cfg.stun_zoom_cache_num_entries);
}
}
ndpi_automa * const automa[] = { &ndpi_str->host_automa,
&ndpi_str->tls_cert_subject_automa,
&ndpi_str->host_risk_mask_automa,
&ndpi_str->common_alpns_automa };
for(i = 0; i < NDPI_ARRAY_LENGTH(automa); ++i) {
ndpi_automa *a = automa[i];
if(a && a->ac_automa)
ac_automata_finalize((AC_AUTOMATA_t *) a->ac_automa);
}
if(ndpi_str->cfg.tls_app_blocks_tracking_enabled) {
ndpi_str->num_tls_blocks_to_follow = NDPI_MAX_NUM_TLS_APPL_BLOCKS;
ndpi_str->skip_tls_blocks_until_change_cipher = 1;
}
if(ndpi_str->cfg.track_payload_enabled)
ndpi_str->max_payload_track_len = 1024; /* track up to X payload bytes */
ndpi_str->finalized = 1;
return 0;
}
/* *********************************************** */
/* Wrappers */
void *ndpi_init_automa(void) {
return(ac_automata_init(NULL));
}
/* ****************************************************** */
void *ndpi_init_automa_domain(void) {
return(ac_automata_init(ac_domain_match_handler));
}
/* ****************************************************** */
int ndpi_add_string_value_to_automa(void *_automa, char *str, u_int32_t num) {
AC_PATTERN_t ac_pattern;
AC_AUTOMATA_t *automa = (AC_AUTOMATA_t *) _automa;
AC_ERROR_t rc;
if(automa == NULL)
return(-1);
memset(&ac_pattern, 0, sizeof(ac_pattern));
ac_pattern.astring = str;
ac_pattern.rep.number = num;
ac_pattern.length = strlen(ac_pattern.astring);
rc = ac_automata_add(automa, &ac_pattern);
return(rc == ACERR_SUCCESS ? 0 : (rc == ACERR_DUPLICATE_PATTERN ? -2 : -1));
}
/* ****************************************************** */
int ndpi_add_string_to_automa(void *_automa, char *str) {
return(ndpi_add_string_value_to_automa(_automa, str, 1));
}
/* ****************************************************** */
void ndpi_free_automa(void *_automa) {
ac_automata_release((AC_AUTOMATA_t *) _automa, 1);
}
/* ****************************************************** */
void ndpi_finalize_automa(void *_automa) {
ac_automata_finalize((AC_AUTOMATA_t *) _automa);
}
/* ****************************************************** */
void ndpi_automa_get_stats(void *_automa, struct ndpi_automa_stats *stats) {
struct ac_stats ac_stats;
ac_automata_get_stats((AC_AUTOMATA_t *) _automa, &ac_stats);
stats->n_search = ac_stats.n_search;
stats->n_found = ac_stats.n_found;
}
/* ****************************************************** */
int ndpi_get_automa_stats(struct ndpi_detection_module_struct *ndpi_struct,
automa_type automa_type,
struct ndpi_automa_stats *stats)
{
if(!ndpi_struct || !stats)
return -1;
switch(automa_type) {
case NDPI_AUTOMA_HOST:
ndpi_automa_get_stats(ndpi_struct->host_automa.ac_automa, stats);
return 0;
case NDPI_AUTOMA_DOMAIN:
ndpi_automa_get_stats(ndpi_struct->risky_domain_automa.ac_automa, stats);
return 0;
case NDPI_AUTOMA_TLS_CERT:
ndpi_automa_get_stats(ndpi_struct->tls_cert_subject_automa.ac_automa, stats);
return 0;
case NDPI_AUTOMA_RISK_MASK:
ndpi_automa_get_stats(ndpi_struct->host_risk_mask_automa.ac_automa, stats);
return 0;
case NDPI_AUTOMA_COMMON_ALPNS:
ndpi_automa_get_stats(ndpi_struct->common_alpns_automa.ac_automa, stats);
return 0;
default:
return -1;
}
}
/* ****************************************************** */
static int ndpi_match_string_common(AC_AUTOMATA_t *automa, char *string_to_match,size_t string_len,
u_int32_t *protocol_id, ndpi_protocol_category_t *category,
ndpi_protocol_breed_t *breed) {
AC_REP_t match = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_UNRATED, 0, 0, 0, 0, 0 };
AC_TEXT_t ac_input_text;
int rc;
if(protocol_id) *protocol_id = NDPI_PROTOCOL_UNKNOWN;
if((automa == NULL) || (string_to_match == NULL) || (string_to_match[0] == '\0')) {
return(-2);
}
if(automa->automata_open) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
printf("[%s:%d] [NDPI] Internal error: please call ndpi_finalize_initialization()\n", __FILE__, __LINE__);
#endif
return(-1);
}
ac_input_text.astring = string_to_match, ac_input_text.length = string_len;
ac_input_text.option = 0;
rc = ac_automata_search(automa, &ac_input_text, &match);
if(protocol_id)
*protocol_id = rc ? match.number : NDPI_PROTOCOL_UNKNOWN;
if(category)
*category = rc ? match.category : 0;
if(breed)
*breed = rc ? match.breed : 0;
return rc;
}
/* ****************************************************** */
int ndpi_match_string(void *_automa, char *string_to_match) {
uint32_t proto_id;
int rc;
if(!string_to_match)
return(-2);
rc = ndpi_match_string_common(_automa, string_to_match,
strlen(string_to_match),
&proto_id, NULL, NULL);
if(rc < 0) return rc;
return rc ? proto_id : NDPI_PROTOCOL_UNKNOWN;
}
/* ****************************************************** */
int ndpi_match_string_protocol_id(void *automa, char *string_to_match,
u_int match_len, u_int16_t *protocol_id,
ndpi_protocol_category_t *category,
ndpi_protocol_breed_t *breed) {
u_int32_t proto_id;
int rc = ndpi_match_string_common((AC_AUTOMATA_t*)automa, string_to_match,
match_len, &proto_id, category, breed);
if(rc < 0) return rc;
*protocol_id = (u_int16_t)proto_id;
return(proto_id != NDPI_PROTOCOL_UNKNOWN ? 0 : -1);
}
/* ****************************************************** */
int ndpi_match_string_value(void *automa, char *string_to_match,
u_int match_len, u_int32_t *num) {
int rc = ndpi_match_string_common((AC_AUTOMATA_t *)automa, string_to_match,
match_len, num, NULL, NULL);
if(rc < 0) return rc;
return rc ? 0 : -1;
}
/* *********************************************** */
int ndpi_match_custom_category(struct ndpi_detection_module_struct *ndpi_str,
char *name, u_int name_len,
ndpi_protocol_category_t *category) {
#ifdef USE_LEGACY_AHO_CORASICK
u_int32_t id;
int rc = ndpi_match_string_common(ndpi_str->custom_categories.hostnames.ac_automa,
name, name_len, &id, category, NULL);
if(rc < 0) return rc;
return(id != NDPI_PROTOCOL_UNKNOWN ? 0 : -1);
#else
char buf[128];
u_int16_t class_id;
u_int max_len = sizeof(buf)-1;
if(!ndpi_str->custom_categories.categories_loaded)
ndpi_enable_loaded_categories(ndpi_str);
if(name_len > max_len) name_len = max_len;
memcpy(buf, name, name_len);
buf[name_len] = '\0';
if(ndpi_domain_classify_hostname(ndpi_str, ndpi_str->custom_categories.sc_hostnames,
&class_id, buf)) {
*category = (ndpi_protocol_category_t)class_id;
return(0);
} else
return(-1); /* Not found */
#endif
}
/* *********************************************** */
int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_str,
char *name_or_ip, u_int name_len,
ndpi_protocol_category_t *id) {
char ipbuf[64], *ptr;
struct in_addr pin;
struct in6_addr pin6;
ndpi_prefix_t prefix;
ndpi_patricia_node_t *node;
u_int cp_len = ndpi_min(sizeof(ipbuf) - 1, name_len);
*id = 0;
if(!ndpi_str->custom_categories.categories_loaded)
ndpi_enable_loaded_categories(ndpi_str);
if(cp_len > 0) {
memcpy(ipbuf, name_or_ip, cp_len);
ipbuf[cp_len] = '\0';
} else {
ipbuf[0] = '\0';
}
ptr = strrchr(ipbuf, '/');
if(ptr)
ptr[0] = '\0';
if(inet_pton(AF_INET, ipbuf, &pin) == 1) {
/* Search IPv4 */
/* Make sure all in network byte order otherwise compares wont work */
ndpi_fill_prefix_v4(&prefix, &pin, 32,
((ndpi_patricia_tree_t *) ndpi_str->custom_categories.ipAddresses)->maxbits);
node = ndpi_patricia_search_best(ndpi_str->custom_categories.ipAddresses, &prefix);
if(node) {
*id = node->value.u.uv32.user_value;
return(0);
}
return(-1);
} else if(inet_pton(AF_INET6, ipbuf, &pin6) == 1) {
/* Search IPv6 */
ndpi_fill_prefix_v6(&prefix, &pin6, 128,
((ndpi_patricia_tree_t *) ndpi_str->custom_categories.ipAddresses6)->maxbits);
node = ndpi_patricia_search_best(ndpi_str->custom_categories.ipAddresses6, &prefix);
if(node) {
*id = node->value.u.uv32.user_value;
return(0);
}
return(-1);
} else {
/* Search Host */
return(ndpi_match_custom_category(ndpi_str, name_or_ip, name_len, id));
}
}
/* ****************************************************** */
void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) {
if(ndpi_str != NULL) {
int i;
for (i = 0; i < (NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS); i++) {
if(ndpi_str->proto_defaults[i].protoName)
ndpi_free(ndpi_str->proto_defaults[i].protoName);
if(ndpi_str->proto_defaults[i].subprotocols != NULL)
ndpi_free(ndpi_str->proto_defaults[i].subprotocols);
}
#ifdef HAVE_NBPF
for(i = 0; (i < MAX_NBPF_CUSTOM_PROTO) && (ndpi_str->nbpf_custom_proto[i].tree != NULL); i++)
nbpf_free(ndpi_str->nbpf_custom_proto[i].tree);
#endif
/* NDPI_PROTOCOL_TINC */
if(ndpi_str->tinc_cache)
cache_free((cache_t)(ndpi_str->tinc_cache));
if(!ndpi_str->cfg.ookla_cache_scope &&
ndpi_str->ookla_cache)
ndpi_lru_free_cache(ndpi_str->ookla_cache);
if(!ndpi_str->cfg.bittorrent_cache_scope &&
ndpi_str->bittorrent_cache)
ndpi_lru_free_cache(ndpi_str->bittorrent_cache);
if(!ndpi_str->cfg.stun_cache_scope &&
ndpi_str->stun_cache)
ndpi_lru_free_cache(ndpi_str->stun_cache);
if(!ndpi_str->cfg.stun_zoom_cache_scope &&
ndpi_str->stun_zoom_cache)
ndpi_lru_free_cache(ndpi_str->stun_zoom_cache);
if(!ndpi_str->cfg.tls_cert_cache_scope &&
ndpi_str->tls_cert_cache)
ndpi_lru_free_cache(ndpi_str->tls_cert_cache);
if(!ndpi_str->cfg.mining_cache_scope &&
ndpi_str->mining_cache)
ndpi_lru_free_cache(ndpi_str->mining_cache);
if(!ndpi_str->cfg.msteams_cache_scope &&
ndpi_str->msteams_cache)
ndpi_lru_free_cache(ndpi_str->msteams_cache);
if(ndpi_str->protocols) ndpi_ptree_destroy(ndpi_str->protocols);
if(ndpi_str->ip_risk_mask) ndpi_ptree_destroy(ndpi_str->ip_risk_mask);
if(ndpi_str->ip_risk) ndpi_ptree_destroy(ndpi_str->ip_risk);
if(ndpi_str->udpRoot != NULL) ndpi_tdestroy(ndpi_str->udpRoot, ndpi_free);
if(ndpi_str->tcpRoot != NULL) ndpi_tdestroy(ndpi_str->tcpRoot, ndpi_free);
if(ndpi_str->host_automa.ac_automa != NULL)
ac_automata_release((AC_AUTOMATA_t *) ndpi_str->host_automa.ac_automa,
1 /* free patterns strings memory */);
if(ndpi_str->risky_domain_automa.ac_automa != NULL)
ac_automata_release((AC_AUTOMATA_t *) ndpi_str->risky_domain_automa.ac_automa,
1 /* free patterns strings memory */);
if(ndpi_str->tls_cert_subject_automa.ac_automa != NULL)
ac_automata_release((AC_AUTOMATA_t *) ndpi_str->tls_cert_subject_automa.ac_automa, 0);
if(ndpi_str->malicious_ja3_hashmap != NULL)
ndpi_hash_free(&ndpi_str->malicious_ja3_hashmap);
if(ndpi_str->malicious_sha1_hashmap != NULL)
ndpi_hash_free(&ndpi_str->malicious_sha1_hashmap);
#ifdef USE_LEGACY_AHO_CORASICK
if(ndpi_str->custom_categories.hostnames.ac_automa != NULL)
ac_automata_release((AC_AUTOMATA_t *) ndpi_str->custom_categories.hostnames.ac_automa,
1 /* free patterns strings memory */);
if(ndpi_str->custom_categories.hostnames_shadow.ac_automa != NULL)
ac_automata_release((AC_AUTOMATA_t *) ndpi_str->custom_categories.hostnames_shadow.ac_automa,
1 /* free patterns strings memory */);
#else
ndpi_domain_classify_free(ndpi_str->custom_categories.sc_hostnames_shadow);
ndpi_domain_classify_free(ndpi_str->custom_categories.sc_hostnames);
#endif
if(ndpi_str->custom_categories.ipAddresses != NULL)
ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->custom_categories.ipAddresses, free_ptree_data);
if(ndpi_str->custom_categories.ipAddresses_shadow != NULL)
ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->custom_categories.ipAddresses_shadow, free_ptree_data);
if(ndpi_str->custom_categories.ipAddresses6 != NULL)
ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->custom_categories.ipAddresses6, free_ptree_data);
if(ndpi_str->custom_categories.ipAddresses6_shadow != NULL)
ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->custom_categories.ipAddresses6_shadow, free_ptree_data);
if(ndpi_str->host_risk_mask_automa.ac_automa != NULL)
ac_automata_release((AC_AUTOMATA_t *) ndpi_str->host_risk_mask_automa.ac_automa,
1 /* free patterns strings memory */);
if(ndpi_str->common_alpns_automa.ac_automa != NULL)
ac_automata_release((AC_AUTOMATA_t *) ndpi_str->common_alpns_automa.ac_automa,
1 /* free patterns strings memory */);
if(ndpi_str->trusted_issuer_dn) {
ndpi_list *head = ndpi_str->trusted_issuer_dn;
while(head != NULL) {
ndpi_list *next;
if(head->value) ndpi_free(head->value);
next = head->next;
ndpi_free(head);
head = next;
}
}
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/ndpi_exit_detection_module.c"
#endif
ndpi_free_geoip(ndpi_str);
if(ndpi_str->callback_buffer)
ndpi_free(ndpi_str->callback_buffer);
if(ndpi_str->callback_buffer_tcp_payload)
ndpi_free(ndpi_str->callback_buffer_tcp_payload);
if(ndpi_str->public_domain_suffixes)
ndpi_hash_free(&ndpi_str->public_domain_suffixes);
ndpi_free(ndpi_str);
}
#ifdef WIN32
WSACleanup();
#endif
}
/* ****************************************************** */
static default_ports_tree_node_t *ndpi_get_guessed_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
u_int8_t proto, u_int16_t sport, u_int16_t dport) {
default_ports_tree_node_t node;
if(sport && dport) {
const void *ret;
node.default_port = dport; /* Check server port first */
ret = ndpi_tfind(&node, (proto == IPPROTO_TCP) ? (void *) &ndpi_str->tcpRoot : (void *) &ndpi_str->udpRoot,
default_ports_tree_node_t_cmp);
if(ret == NULL) {
node.default_port = sport;
ret = ndpi_tfind(&node, (proto == IPPROTO_TCP) ? (void *) &ndpi_str->tcpRoot : (void *) &ndpi_str->udpRoot,
default_ports_tree_node_t_cmp);
}
if(ret)
return(*(default_ports_tree_node_t **) ret);
}
return(NULL);
}
/* ****************************************************** */
/*
These are UDP protocols that must fit a single packet
and thus that if have NOT been detected they cannot be guessed
as they have been excluded
*/
u_int8_t is_udp_not_guessable_protocol(u_int16_t l7_guessed_proto) {
switch(l7_guessed_proto) {
case NDPI_PROTOCOL_SNMP:
case NDPI_PROTOCOL_NETFLOW:
/* TODO: add more protocols (if any missing) */
return(1);
}
return(0);
}
/* ****************************************************** */
static u_int16_t guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow,
u_int8_t proto, u_int16_t sport, u_int16_t dport, u_int8_t *user_defined_proto) {
struct ndpi_packet_struct *packet = &ndpi_str->packet;
*user_defined_proto = 0; /* Default */
if(sport && dport) {
default_ports_tree_node_t *found = ndpi_get_guessed_protocol_id(ndpi_str, proto, sport, dport);
if(found != NULL) {
u_int16_t guessed_proto = found->proto->protoId;
*user_defined_proto = found->customUserProto;
return(guessed_proto);
}
} else {
/* No TCP/UDP */
switch(proto) {
case NDPI_IPSEC_PROTOCOL_ESP:
case NDPI_IPSEC_PROTOCOL_AH:
return(NDPI_PROTOCOL_IPSEC);
case NDPI_GRE_PROTOCOL_TYPE:
return(NDPI_PROTOCOL_IP_GRE);
case NDPI_PGM_PROTOCOL_TYPE:
return(NDPI_PROTOCOL_IP_PGM);
case NDPI_PIM_PROTOCOL_TYPE:
return(NDPI_PROTOCOL_IP_PIM);
case NDPI_ICMP_PROTOCOL_TYPE:
if(flow) {
flow->entropy = 0.0f;
/* Run some basic consistency tests */
if(packet->payload_packet_len < sizeof(struct ndpi_icmphdr)) {
ndpi_set_risk(flow, NDPI_MALFORMED_PACKET, NULL);
} else {
u_int8_t icmp_type = (u_int8_t)packet->payload[0];
u_int8_t icmp_code = (u_int8_t)packet->payload[1];
/* https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml */
if(((icmp_type >= 44) && (icmp_type <= 252))
|| (icmp_code > 15))
ndpi_set_risk(flow, NDPI_MALFORMED_PACKET, NULL);
if(packet->payload_packet_len > sizeof(struct ndpi_icmphdr)) {
if(ndpi_str->cfg.compute_entropy && (flow->skip_entropy_check == 0)) {
flow->entropy = ndpi_entropy(packet->payload + sizeof(struct ndpi_icmphdr),
packet->payload_packet_len - sizeof(struct ndpi_icmphdr));
ndpi_entropy2risk(flow);
}
u_int16_t chksm = icmp4_checksum(packet->payload, packet->payload_packet_len);
if(chksm) {
ndpi_set_risk(flow, NDPI_MALFORMED_PACKET, NULL);
}
}
}
}
return(NDPI_PROTOCOL_IP_ICMP);
case NDPI_IGMP_PROTOCOL_TYPE:
return(NDPI_PROTOCOL_IP_IGMP);
case NDPI_EGP_PROTOCOL_TYPE:
return(NDPI_PROTOCOL_IP_EGP);
case NDPI_SCTP_PROTOCOL_TYPE:
return(NDPI_PROTOCOL_IP_SCTP);
case NDPI_OSPF_PROTOCOL_TYPE:
return(NDPI_PROTOCOL_IP_OSPF);
case NDPI_IPIP_PROTOCOL_TYPE:
return(NDPI_PROTOCOL_IP_IP_IN_IP);
case NDPI_ICMPV6_PROTOCOL_TYPE:
if(flow) {
/* Run some basic consistency tests */
if(packet->payload_packet_len < sizeof(struct ndpi_icmp6hdr))
ndpi_set_risk(flow, NDPI_MALFORMED_PACKET, NULL);
else {
u_int8_t icmp6_type = (u_int8_t)packet->payload[0];
u_int8_t icmp6_code = (u_int8_t)packet->payload[1];
/* https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol_for_IPv6 */
if(((icmp6_type >= 5) && (icmp6_type <= 127))
|| ((icmp6_code >= 156) && (icmp6_type != 255)))
ndpi_set_risk(flow, NDPI_MALFORMED_PACKET, NULL);
}
}
return(NDPI_PROTOCOL_IP_ICMPV6);
case NDPI_VRRP_PROTOCOL_TYPE:
return(NDPI_PROTOCOL_IP_VRRP);
}
}
return(NDPI_PROTOCOL_UNKNOWN);
}
/* ******************************************************************** */
u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_str) {
return(ndpi_str ? ndpi_str->ndpi_num_supported_protocols : 0);
}
/* ******************************************************************** */
#ifdef WIN32
char *strsep(char **sp, char *sep) {
char *p, *s;
if(sp == NULL || *sp == NULL || **sp == '\0')
return(NULL);
s = *sp;
p = s + strcspn(s, sep);
if(*p != '\0')
*p++ = '\0';
*sp = p;
return(s);
}
#endif
/* ******************************************************************** */
int ndpi_add_ip_risk_mask(struct ndpi_detection_module_struct *ndpi_str,
char *ip, ndpi_risk mask) {
char *cidr, *saveptr, *addr = strtok_r(ip, "/", &saveptr);
int is_ipv6 = 0;
ndpi_patricia_node_t *node = NULL;
if(!addr || strlen(addr) == 0)
return(-2);
if(ip[0] == '[') {
is_ipv6 = 1;
addr += 1;
addr[strlen(addr) - 1] = '\0'; /* strip ']' */
}
cidr = strtok_r(NULL, "\n", &saveptr);
if(!is_ipv6 && ndpi_str->ip_risk_mask && ndpi_str->ip_risk_mask->v4) {
struct in_addr pin;
if(inet_pton(AF_INET, addr, &pin) != 1)
return(-1);
node = add_to_ptree(ndpi_str->ip_risk_mask->v4, AF_INET,
&pin, cidr ? atoi(cidr) : 32 /* bits */);
} else if(is_ipv6 && ndpi_str->ip_risk_mask && ndpi_str->ip_risk_mask->v6) {
struct in6_addr pin6;
if(inet_pton(AF_INET6, addr, &pin6) != 1)
return(-1);
node = add_to_ptree(ndpi_str->ip_risk_mask->v6, AF_INET6,
&pin6, cidr ? atoi(cidr) : 128 /* bits */);
} else {
return(-2);
}
if(node) {
node->value.u.uv64 = (u_int64_t)mask;
return(0);
}
return(-1);
}
/* ******************************************************************** */
int ndpi_add_host_risk_mask(struct ndpi_detection_module_struct *ndpi_str,
char *host, ndpi_risk mask) {
AC_PATTERN_t ac_pattern;
AC_ERROR_t rc;
u_int len;
char *host_dup = NULL;
if((ndpi_str == NULL) || (ndpi_str->host_risk_mask_automa.ac_automa == NULL) || (host == NULL))
return(-2);
/* Zap heading/trailing quotes */
switch(host[0]) {
case '"':
case '\'':
{
int len;
host = &host[1];
len = strlen(host);
if(len > 0)
host[len-1] = '\0';
}
break;
}
host_dup = ndpi_strdup(host);
if(!host_dup)
return(-1);
memset(&ac_pattern, 0, sizeof(ac_pattern));
len = strlen(host);
ac_pattern.astring = host_dup;
ac_pattern.length = len;
ac_pattern.rep.number64 = (ndpi_risk)mask;
ac_pattern.rep.level = ndpi_domain_level(host);
ac_pattern.rep.at_end = 0;
ac_pattern.rep.dot = memchr(host,'.',len) != NULL;
rc = ac_automata_add(ndpi_str->host_risk_mask_automa.ac_automa, &ac_pattern);
if(rc != ACERR_SUCCESS) {
ndpi_free(host_dup);
if(rc != ACERR_DUPLICATE_PATTERN)
return (-2);
}
return(0);
}
/* ******************************************************************** */
int ndpi_add_trusted_issuer_dn(struct ndpi_detection_module_struct *ndpi_str, char *dn) {
ndpi_list *head;
if(dn == NULL)
return(-1);
else
head = (ndpi_list*)ndpi_malloc(sizeof(ndpi_list));
if(head == NULL) return(-2);
if(dn[0] == '"') {
char buf[128], *quote;
ndpi_snprintf(buf, sizeof(buf), "%s", &dn[1]);
if((quote = strchr(buf, '"')) != NULL)
quote[0] = '\0';
head->value = ndpi_strdup(buf);
} else
head->value = ndpi_strdup(dn);
if(head->value == NULL) {
ndpi_free(head);
return(-3);
}
head->next = ndpi_str->trusted_issuer_dn;
ndpi_str->trusted_issuer_dn = head;
return(0);
}
/* ******************************************************************** */
static int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_str,
char *rule) {
char *at, *proto, *elem;
ndpi_proto_defaults_t *def;
u_int subprotocol_id, i;
int id, ret = 0;
at = strrchr(rule, '@');
if(at == NULL) {
/* This looks like a mask rule or an invalid rule */
char _rule[256], *rule_type, *key;
ndpi_snprintf(_rule, sizeof(_rule), "%s", rule);
rule_type = strtok(rule, ":");
if(!rule_type) {
NDPI_LOG_ERR(ndpi_str, "Invalid rule '%s'\n", rule);
return(-1);
}
if(!strcmp(rule_type, "trusted_issuer_dn"))
return(ndpi_add_trusted_issuer_dn(ndpi_str, strtok(NULL, ":")));
key = strtok(NULL, "=");
if(key) {
char *value = strtok(NULL, "=");
if(value) {
ndpi_risk risk_mask = (ndpi_risk)atoll(value);
if(!strcmp(rule_type, "ip_risk_mask") ||
!strcmp(rule_type, "ipv6_risk_mask")) {
return(ndpi_add_ip_risk_mask(ndpi_str, key, risk_mask));
} else if(!strcmp(rule_type, "host_risk_mask")) {
return(ndpi_add_host_risk_mask(ndpi_str, key, risk_mask));
}
}
}
NDPI_LOG_ERR(ndpi_str, "Unknown rule '%s'\n", rule);
return(-1);
} else
at[0] = 0, proto = &at[1];
for(i = 0; proto[i] != '\0'; i++) {
switch(proto[i]) {
case '/':
case '&':
case '^':
case ':':
case ';':
case '\'':
case '"':
case ' ':
proto[i] = '_';
break;
}
}
if((id = ndpi_get_protocol_id(ndpi_str, proto)) != -1) {
subprotocol_id = (u_int)id;
def = &ndpi_str->proto_defaults[subprotocol_id];
} else
def = NULL;
if(def == NULL) {
ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS];
char *equal = strchr(proto, '=');
u_int16_t user_proto_id = ndpi_str->ndpi_num_supported_protocols;
if(equal != NULL) {
/* PROTO=VALUE */
equal[0] = '\0';
user_proto_id = atoi(&equal[1]);
/* NOTE: ndpi_str->ndpi_num_supported_protocols >= NDPI_MAX_SUPPORTED_PROTOCOLS */
ndpi_add_user_proto_id_mapping(ndpi_str, ndpi_str->ndpi_num_supported_protocols, user_proto_id);
/* printf("***** ADDING MAPPING %s: %u -> %u\n", proto, ndpi_str->ndpi_num_supported_protocols, user_proto_id); */
} else
ndpi_add_user_proto_id_mapping(ndpi_str, ndpi_str->ndpi_num_supported_protocols,
ndpi_str->ndpi_num_supported_protocols);
if(ndpi_str->ndpi_num_custom_protocols >= (NDPI_MAX_NUM_CUSTOM_PROTOCOLS - 1)) {
NDPI_LOG_ERR(ndpi_str, "Too many protocols defined (%u): skipping protocol %s\n",
ndpi_str->ndpi_num_custom_protocols, proto);
return(-2);
}
ndpi_set_proto_defaults(ndpi_str, 1 /* is_cleartext */,
1 /* is_app_protocol */,
NDPI_PROTOCOL_ACCEPTABLE, /* breed*/
ndpi_str->ndpi_num_supported_protocols /* protoId */,
proto, /* protoName */
NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, /* TODO add protocol category support in rules */
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
def = &ndpi_str->proto_defaults[ndpi_str->ndpi_num_supported_protocols];
subprotocol_id = ndpi_str->ndpi_num_supported_protocols;
ndpi_str->ndpi_num_supported_protocols++, ndpi_str->ndpi_num_custom_protocols++;
}
while((elem = strsep(&rule, ",")) != NULL) {
char *attr = elem, *value = NULL;
ndpi_port_range range;
int is_tcp = 0, is_udp = 0, is_ip = 0;
u_int8_t is_ipv6_ip = 0;
if(strncmp(attr, "tcp:", 4) == 0)
is_tcp = 1, value = &attr[4];
else if(strncmp(attr, "udp:", 4) == 0)
is_udp = 1, value = &attr[4];
else if(strncmp(attr, "ipv6:", 5) == 0)
is_ip = 1, is_ipv6_ip = 1, value = &attr[5];
else if(strncmp(attr, "ip:", 3) == 0)
is_ip = 1, value = &attr[3];
else if(strncmp(attr, "host:", 5) == 0) {
/* host:"",host:"",.....@ */
value = &attr[5];
if(value[0] == '"')
value++; /* remove leading " */
if(value[0] != '\0') {
u_int i, max_len = strlen(value) - 1;
if(value[max_len] == '"')
value[max_len] = '\0'; /* remove trailing " */
for(i=0; inum_nbpf_custom_proto >= MAX_NBPF_CUSTOM_PROTO) {
NDPI_LOG_ERR(ndpi_str, "nBPF: too many protocols\n");
return(-4); /* Too many protocols */
}
if(filter[0] == '"') {
u_int len;
filter = &filter[1];
len = strlen(filter);
if(len > 0)
filter[len-1] = '\0';
}
if((ndpi_str->nbpf_custom_proto[ndpi_str->num_nbpf_custom_proto].tree =
nbpf_parse(filter, NULL)) == NULL) {
NDPI_LOG_ERR(ndpi_str, "nBPF invalid filter: %s\n", filter)
return(-5); /* Invalid filter */
} else
ndpi_str->nbpf_custom_proto[ndpi_str->num_nbpf_custom_proto].l7_protocol = subprotocol_id;
ndpi_str->num_nbpf_custom_proto++;
#else
NDPI_LOG_INFO(ndpi_str, "nDPI compiled without nBPF support: skipping rule\n");
return(-6);
#endif
}
if(is_tcp || is_udp) {
u_int p_low, p_high;
int rc;
if(sscanf(value, "%u-%u", &p_low, &p_high) == 2)
range.port_low = p_low, range.port_high = p_high;
else
range.port_low = range.port_high = atoi(&elem[4]);
rc = addDefaultPort(ndpi_str, &range, def, 1 /* Custom user proto */,
is_tcp ? &ndpi_str->tcpRoot : &ndpi_str->udpRoot, __FUNCTION__, __LINE__);
if(rc != 0) ret = rc;
} else if(is_ip) {
int rc = ndpi_add_host_ip_subprotocol(ndpi_str, value, subprotocol_id, is_ipv6_ip);
if(rc != 0)
return(rc);
} else {
ndpi_add_host_url_subprotocol(ndpi_str, value, subprotocol_id, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED,
NDPI_PROTOCOL_ACCEPTABLE, 0);
}
}
return(ret);
}
/* ******************************************************************** */
/*
* Format:
*
*
*
* Notes:
* - proto might be empty
* - empty lines or lines starting with # are ignored
*/
int load_config_file_fd(struct ndpi_detection_module_struct *ndpi_str, FILE *fd) {
char buffer[512], *line, *proto, *param = NULL, *value, *saveptr;
int len, i, num_commas;
ndpi_cfg_error rc;
if(!ndpi_str || !fd)
return -1;
while(1) {
line = fgets(buffer, sizeof(buffer), fd);
if(line == NULL)
break;
len = strlen(line);
if((len <= 1) || (line[0] == '#'))
continue;
line[len - 1] = '\0';
/* First parameter might be missing */
num_commas = 0;
for(i = 0; i < len; i++) {
if(line[i] == ',')
num_commas++;
}
if(num_commas == 1) {
proto = NULL;
param = strtok_r(line, ",", &saveptr);
} else if(num_commas == 2) {
proto = strtok_r(line, ",", &saveptr);
if(proto) {
param = strtok_r(NULL, ",", &saveptr);
}
} else {
NDPI_LOG_ERR(ndpi_str, "Error parsing [%s]\n", line);
continue;
}
if(param) {
value = strtok_r(NULL, ",", &saveptr);
if(value) {
rc = ndpi_set_config(ndpi_str, proto, param, value);
if(rc != NDPI_CFG_OK) {
NDPI_LOG_ERR(ndpi_str, "Error ndpi_set_config [%s/%s/%s]: %d\n",
proto, param, value, rc);
return rc;
}
continue;
}
}
NDPI_LOG_ERR(ndpi_str, "Error parsing [%s]\n", line);
return -2;
}
return 0;
}
/* ******************************************************************** */
/*
* Format:
*
*
*
* Notes:
* - host and category are separated by a single TAB
* - empty lines or lines starting with # are ignored
*/
int ndpi_load_categories_file(struct ndpi_detection_module_struct *ndpi_str,
const char *path, void *user_data) {
int rc;
FILE *fd;
if(!ndpi_str || !path)
return(-1);
fd = fopen(path, "r");
if(fd == NULL) {
NDPI_LOG_ERR(ndpi_str, "Unable to open file %s [%s]\n", path, strerror(errno));
return -1;
}
rc = load_categories_file_fd(ndpi_str, fd, user_data);
fclose(fd);
return rc;
}
/* ******************************************************************** */
int load_categories_file_fd(struct ndpi_detection_module_struct *ndpi_str,
FILE *fd, void *user_data) {
char buffer[512], *line, *name, *category, *saveptr;
int len, num = 0, cat_id;
if(!ndpi_str || !fd)
return(-1);
while(1) {
line = fgets(buffer, sizeof(buffer), fd);
if(line == NULL)
break;
len = strlen(line);
if((len <= 1) || (line[0] == '#'))
continue;
line[len - 1] = '\0';
name = strtok_r(line, "\t", &saveptr);
if(name) {
category = strtok_r(NULL, "\t", &saveptr);
if(category) {
const char *errstrp;
cat_id = ndpi_strtonum(category, 1, NDPI_PROTOCOL_NUM_CATEGORIES - 1, &errstrp, 10);
if(errstrp == NULL) {
int rc = ndpi_load_category(ndpi_str, name,
(ndpi_protocol_category_t)cat_id,
user_data);
if(rc >= 0)
num++;
}
}
}
}
/*
Not necessay to call ndpi_enable_loaded_categories() as
ndpi_set_protocol_detection_bitmask2() will do that
*/
/* ndpi_enable_loaded_categories(ndpi_str); */
return(num);
}
/* ******************************************************************** */
/*
Loads a file (separated by ) of domain names associated with the
specified category
*/
int ndpi_load_category_file(struct ndpi_detection_module_struct *ndpi_str,
char *path, ndpi_protocol_category_t category_id) {
int rc;
FILE *fd;
if(!ndpi_str || !path)
return(-1);
fd = fopen(path, "r");
if(fd == NULL) {
NDPI_LOG_ERR(ndpi_str, "Unable to open file %s [%s]\n", path, strerror(errno));
return -1;
}
rc = load_category_file_fd(ndpi_str, fd, category_id);
fclose(fd);
return rc;
}
/* ******************************************************************** */
int load_category_file_fd(struct ndpi_detection_module_struct *ndpi_str,
FILE *fd, ndpi_protocol_category_t category_id) {
char buffer[256], *line;
u_int num_loaded = 0;
unsigned int failed_lines = 0;
unsigned int lines_read = 0;
(void)lines_read;
if(!ndpi_str || !fd || !ndpi_str->protocols)
return(0);
while(1) {
int len;
line = fgets(buffer, sizeof(buffer), fd);
if(line == NULL)
break;
lines_read++;
len = strlen(line);
if(len <= 1 || len == sizeof(buffer) - 1) {
NDPI_LOG_ERR(ndpi_str, "[NDPI] Failed to read file line #%u, line too short/long\n",
lines_read);
failed_lines++;
continue;
} else if (line[0] == '#')
continue;
int i = 0;
for (i = 0; i < len; ++i) {
if (line[i] == '\r' || line[i] == '\n') {
line[i] = '\0';
break;
}
if (line[i] != '-' && line[i] != '.' && ndpi_isalnum(line[i]) == 0
/* non standard checks for the sake of compatibility */
&& line[i] != '_')
break;
}
if (i != len - 2 && i != len - 1)
{
NDPI_LOG_ERR(ndpi_str, "[NDPI] Failed to read file line #%u, invalid characters found\n",
lines_read);
failed_lines++;
continue;
}
if(ndpi_load_category(ndpi_str, line, category_id, NULL) > 0)
num_loaded++;
}
if(failed_lines)
return(-1 * failed_lines);
return(num_loaded);
}
/* ******************************************************************** */
/*
Load files (whose name is _