|
[-]
[+]
|
Changed |
nprobe.changes
|
|
|
|
[-]
[+]
|
Changed |
nprobe.spec
^
|
|
|
|
[-]
[+]
|
Added |
nprobe-6.12-GeoIPdat-dir.patch
^
|
| @@ -0,0 +1,20 @@
+--- nprobe.c.orig 2011-04-03 13:53:36.000000000 +0200
++++ nprobe.c 2011-04-04 10:44:26.309788419 +0200
+@@ -3601,7 +3601,7 @@
+
+ #ifdef HAVE_GEOIP
+ if(readOnlyGlobals.geo_ip_asn_db == NULL)
+- readASs("GeoIPASNum.dat");
++ readASs("/usr/lib/nprobe/GeoIPASNum.dat");
+
+ if(!readOnlyGlobals.enableGeoIP) {
+ if(readOnlyGlobals.geo_ip_city_db != NULL) {
+@@ -3610,7 +3610,7 @@
+ }
+ } else {
+ if(readOnlyGlobals.geo_ip_city_db == NULL)
+- readCities("GeoLiteCity.dat");
++ readCities("/usr/lib/nprobe/GeoLiteCity.dat");
+ }
+ #endif
+
|
|
[-]
[+]
|
Added |
nprobe-6.12-configure.in.patch
^
|
| @@ -0,0 +1,11 @@
+--- configure.in.orig 2012-12-17 23:15:51.344038582 +0100
++++ configure.in 2012-12-18 12:39:20.908040235 +0100
+@@ -363,7 +363,7 @@
+ PWD=`pwd`/..
+ LIBPCAP_ARM="${PWD}/libpcap-1.1.1-ARM"
+ PLATFORM=`uname -m`
+-PF_RING_HOME=${HOME}/PF_RING
++PF_RING_HOME=${PWD}/PF_RING
+
+ if test -d "${PF_RING_HOME}"; then
+ LDFLAGS="${LDFLAGS} -L${PWD}/PF_RING/userland/lib -L${PWD}/PF_RING/userland/libpcap"
|
|
|
Changed |
GeoIPASNum.dat.gz
^
|
|
|
Changed |
GeoIPASNumv6.dat.gz
^
|
|
|
Changed |
PF_RING-5.5.2-svn.tar.bz2
^
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/README.ntop
^
|
| @@ -3,6 +3,13 @@
OpenDPI source tree but nobody in answering emails so I have
decided to create my own source tree
+==========
+
+In case you want to add new protocols
+
+# autoreconf -ivf
+# ./configure
+# make
--------------------------
Luca Deri <deri@ntop.org>
\ No newline at end of file
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/example/Makefile
^
|
| @@ -1,8 +1,8 @@
INC=-I../src/include/
LIB=../src/lib/.libs/libndpi.a -lpcap
-
+FLAGS=-O2 -g
pcapReader: pcapReader.c Makefile ../src/lib/.libs/libndpi.a
- gcc -g $(INC) pcapReader.c -o pcapReader $(LIB)
+ gcc $(FLAGS) $(INC) pcapReader.c -o pcapReader $(LIB)
clean:
\/bin/rm -f pcapReader
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/example/pcapReader.c
^
|
| @@ -27,6 +27,7 @@
#include <netinet/in.h>
#include <search.h>
#include <pcap.h>
+#include <signal.h>
#include "linux_compat.h"
#include "ndpi_main.h"
@@ -35,6 +36,7 @@
// cli options
static char *_pcap_file = NULL;
+static char *_bpf_filter = NULL;
static char *_protoFilePath = NULL;
// pcap
@@ -45,10 +47,12 @@
static u_int32_t guessed_flow_protocols = 0;
static u_int16_t decode_tunnels = 0;
static u_int16_t num_loops = 1;
+static u_int8_t shutdown_app = 0;
// detection
static struct ndpi_detection_module_struct *ndpi_struct = NULL;
static u_int32_t detection_tick_resolution = 1000;
+static time_t capture_until = 0;
// results
static u_int64_t raw_packet_count = 0;
@@ -89,15 +93,20 @@
void *src_id, *dst_id;
} ndpi_flow_t;
+#define NUM_ROOTS 512
+
static u_int32_t size_flow_struct = 0;
-static struct ndpi_flow *ndpi_flows_root = NULL;
+static struct ndpi_flow *ndpi_flows_root[NUM_ROOTS] = { NULL };
static u_int32_t ndpi_flow_count = 0;
static void help(u_int long_help) {
- printf("pcapReader -f <file>.pcap [-p <protos>][-l <loops>[-d][-h][-t][-v]\n\n"
+ printf("pcapReader -i <file|device> [-f <filter>][-s <duration>]\n"
+ " [-p <protos>][-l <loops>[-d][-h][-t][-v]\n\n"
"Usage:\n"
- " -f <file>.pcap | Specify a pcap file to read packets from\n"
+ " -i <file.pcap|device> | Specify a pcap file to read packets from or a device for live capture\n"
+ " -f <BPF filter> | Specify a BPF filter for filtering selected traffic\n"
+ " -s <duration> | Maximum capture duration in seconds (live traffic capture only)\n"
" -p <file>.protos | Specify a protocol file (eg. protos.txt)\n"
" -l <num loops> | Number of detection loops (test only)\n"
" -d | Disable protocol guess and use only DPI\n"
@@ -118,16 +127,20 @@
{
int opt;
- while ((opt = getopt(argc, argv, "df:hp:l:tv")) != EOF) {
+ while ((opt = getopt(argc, argv, "df:i:hp:l:s:tv")) != EOF) {
switch (opt) {
case 'd':
enable_protocol_guess = 0;
break;
- case 'f':
+ case 'i':
_pcap_file = optarg;
break;
+ case 'f':
+ _bpf_filter = optarg;
+ break;
+
case 'l':
num_loops = atoi(optarg);
break;
@@ -136,6 +149,10 @@
_protoFilePath = optarg;
break;
+ case 's':
+ capture_until = atoi(optarg);
+ break;
+
case 't':
decode_tunnels = 1;
break;
@@ -253,6 +270,15 @@
printFlow(flow);
}
+static void node_print_known_proto_walker(const void *node, ndpi_VISIT which, int depth) {
+ struct ndpi_flow *flow = *(struct ndpi_flow**)node;
+
+ if (flow->detected_protocol == 0 /* UNKNOWN */) return;
+
+ if((which == preorder) || (which == leaf)) /* Avoid walking the same node multiple times */
+ printFlow(flow);
+}
+
static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int depth) {
struct ndpi_flow *flow = *(struct ndpi_flow**)node;
char buf1[32], buf2[32];
@@ -304,9 +330,11 @@
}
-static struct ndpi_flow *get_ndpi_flow(const struct ndpi_iphdr *iph, u_int16_t ipsize)
+static struct ndpi_flow *get_ndpi_flow(const struct ndpi_iphdr *iph, u_int16_t ipsize,
+ struct ndpi_id_struct **src,
+ struct ndpi_id_struct **dst)
{
- u_int32_t i;
+ u_int32_t i, idx;
u_int16_t l4_packet_len;
struct ndpi_tcphdr *tcph = NULL;
struct ndpi_udphdr *udph = NULL;
@@ -347,7 +375,7 @@
} else if (iph->protocol == 17 && l4_packet_len >= 8) {
// udp
udph = (struct ndpi_udphdr *) ((u_int8_t *) iph + iph->ihl * 4);
- if (iph->saddr < iph->daddr) {
+ if(iph->saddr < iph->daddr) {
lower_port = udph->source;
upper_port = udph->dest;
} else {
@@ -366,7 +394,8 @@
flow.lower_port = lower_port;
flow.upper_port = upper_port;
- ret = ndpi_tfind(&flow, (void*)&ndpi_flows_root, node_cmp);
+ idx = (lower_ip + upper_ip + iph->protocol + lower_port + upper_port) % NUM_ROOTS;
+ ret = ndpi_tfind(&flow, (void*)&ndpi_flows_root[idx], node_cmp);
if(ret == NULL) {
if (ndpi_flow_count == MAX_NDPI_FLOWS) {
@@ -379,7 +408,7 @@
printf("[NDPI] %s(1): not enough memory\n", __FUNCTION__);
return(NULL);
}
-
+
memset(newflow, 0, sizeof(struct ndpi_flow));
newflow->protocol = iph->protocol;
newflow->lower_ip = lower_ip, newflow->upper_ip = upper_ip;
@@ -400,15 +429,26 @@
return(NULL);
}
- ndpi_tsearch(newflow, (void*)&ndpi_flows_root, node_cmp); /* Add */
+ ndpi_tsearch(newflow, (void*)&ndpi_flows_root[idx], node_cmp); /* Add */
ndpi_flow_count += 1;
//printFlow(newflow);
+
+ *src = newflow->src_id, *dst = newflow->dst_id;
return(newflow);
}
- } else
- return *(struct ndpi_flow**)ret;
+ } else {
+ struct ndpi_flow *flow = *(struct ndpi_flow**)ret;
+
+ if(flow->lower_ip == lower_ip && flow->upper_ip == upper_ip
+ && flow->lower_port == lower_port && flow->upper_port == upper_port)
+ *src = flow->src_id, *dst = flow->dst_id;
+ else
+ *src = flow->dst_id, *dst = flow->src_id;
+
+ return flow;
+ }
}
static void setupDetection(void)
@@ -457,8 +497,13 @@
static void terminateDetection(void)
{
- ndpi_tdestroy(ndpi_flows_root, ndpi_flow_freer);
- ndpi_flows_root = NULL;
+ int i;
+
+ for(i=0; i<NUM_ROOTS; i++) {
+ ndpi_tdestroy(ndpi_flows_root[i], ndpi_flow_freer);
+ ndpi_flows_root[i] = NULL;
+ }
+
ndpi_exit_detection_module(ndpi_struct, free_wrapper);
}
@@ -471,16 +516,15 @@
u_int32_t protocol = 0;
u_int16_t frag_off = ntohs(iph->frag_off);
- flow = get_ndpi_flow(iph, ipsize);
+ flow = get_ndpi_flow(iph, ipsize, &src, &dst);
if (flow != NULL) {
ndpi_flow = flow->ndpi_flow;
flow->packets++, flow->bytes += rawsize;
- src = flow->src_id, dst = flow->dst_id;
} else
return;
ip_packet_count++;
- total_bytes += rawsize;
+ total_bytes += rawsize + 24 /* CRC etc */;
if(flow->detection_completed) return;
@@ -534,24 +578,81 @@
return 0;
}
-static void printResults(void)
+/* ****************************************************** */
+
+
+char* formatTraffic(float numBits, int bits, char *buf) {
+ char unit;
+
+ if(bits)
+ unit = 'b';
+ else
+ unit = 'B';
+
+ if(numBits < 1024) {
+ snprintf(buf, 32, "%lu %c", (unsigned long)numBits, unit);
+ } else if (numBits < 1048576) {
+ snprintf(buf, 32, "%.2f K%c", (float)(numBits)/1024, unit);
+ } else {
+ float tmpMBits = ((float)numBits)/1048576;
+
+ if(tmpMBits < 1024) {
+ snprintf(buf, 32, "%.2f M%c", tmpMBits, unit);
+ } else {
+ tmpMBits /= 1024;
+
+ if(tmpMBits < 1024) {
+ snprintf(buf, 32, "%.2f G%c", tmpMBits, unit);
+ } else {
+ snprintf(buf, 32, "%.2f T%c", (float)(tmpMBits)/1024, unit);
+ }
+ }
+ }
+
+ return(buf);
+}
+
+char* formatPackets(float numPkts, char *buf) {
+ if(numPkts < 1000) {
+ snprintf(buf, 32, "%.2f", numPkts);
+ } else if(numPkts < 1000000) {
+ snprintf(buf, 32, "%.2f K", numPkts/1000);
+ } else {
+ numPkts /= 1000000;
+ snprintf(buf, 32, "%.2f M", numPkts);
+ }
+
+ return(buf);
+}
+
+static void printResults(u_int64_t tot_usec)
{
u_int32_t i, j;
printf("\x1b[2K\n");
printf("pcap file contains\n");
- printf("\tip packets: \x1b[33m%-13llu\x1b[0m of %llu packets total\n",
+ printf("\tIP packets: \x1b[33m%-13llu\x1b[0m of %llu packets total\n",
(long long unsigned int)ip_packet_count,
(long long unsigned int)raw_packet_count);
- printf("\tip bytes: \x1b[34m%-13llu\x1b[0m\n",
+ printf("\tIP bytes: \x1b[34m%-13llu\x1b[0m\n",
(long long unsigned int)total_bytes);
- printf("\tunique flows: \x1b[36m%-13u\x1b[0m\n", ndpi_flow_count);
+ printf("\tUnique flows: \x1b[36m%-13u\x1b[0m\n", ndpi_flow_count);
+
+ if(tot_usec > 0) {
+ char buf[32], buf1[32];
+ float t = (float)(ip_packet_count*1000000)/(float)tot_usec;
+ float b = (float)(total_bytes * 8 *1000000)/(float)tot_usec;
+
+ printf("\tnDPI throughout: \x1b[36m%s pps / %s/sec\x1b[0m\n", formatPackets(t, buf), formatTraffic(b, 1, buf1));
+ }
+
+ for(i=0; i<NUM_ROOTS; i++)
+ ndpi_twalk(ndpi_flows_root[i], node_proto_guess_walker);
- ndpi_twalk(ndpi_flows_root, node_proto_guess_walker);
if(enable_protocol_guess)
- printf("\tguessed flow protocols: \x1b[35m%-13u\x1b[0m\n", guessed_flow_protocols);
+ printf("\tGuessed flow protocols: \x1b[35m%-13u\x1b[0m\n", guessed_flow_protocols);
- printf("\n\ndetected protocols:\n");
+ printf("\n\nDetected protocols:\n");
for (i = 0; i <= ndpi_get_num_supported_protocols(ndpi_struct); i++) {
if (protocol_counter[i] > 0) {
printf("\t\x1b[31m%-20s\x1b[0m packets: \x1b[33m%-13llu\x1b[0m bytes: \x1b[34m%-13llu\x1b[0m "
@@ -562,22 +663,56 @@
}
if(verbose && (protocol_counter[0] > 0)) {
- printf("\n\nundetected flows:\n");
- ndpi_twalk(ndpi_flows_root, node_print_unknown_proto_walker);
+ printf("\n");
+
+ for(i=0; i<NUM_ROOTS; i++)
+ ndpi_twalk(ndpi_flows_root[i], node_print_known_proto_walker);
+
+ printf("\n\nUndetected flows:\n");
+ for(i=0; i<NUM_ROOTS; i++)
+ ndpi_twalk(ndpi_flows_root[i], node_print_unknown_proto_walker);
}
printf("\n\n");
}
-static void openPcapFile(void)
+static void openPcapFileOrDevice(void)
{
- _pcap_handle = pcap_open_offline(_pcap_file, _pcap_error_buffer);
+ u_int snaplen = 1514;
+ int promisc = 1;
+ char errbuf[PCAP_ERRBUF_SIZE];
+
+ if((_pcap_handle = pcap_open_live(_pcap_file, snaplen, promisc, 500, errbuf)) == NULL) {
+ _pcap_handle = pcap_open_offline(_pcap_file, _pcap_error_buffer);
+ capture_until = 0;
+
+ if (_pcap_handle == NULL) {
+ printf("ERROR: could not open pcap file: %s\n", _pcap_error_buffer);
+ exit(-1);
+ } else
+ printf("Reading packets from pcap file %s...\n", _pcap_file);
+ } else
+ printf("Capturing live traffic from device %s...\n", _pcap_file);
- if (_pcap_handle == NULL) {
- printf("ERROR: could not open pcap file: %s\n", _pcap_error_buffer);
- exit(-1);
- }
_pcap_datalink_type = pcap_datalink(_pcap_handle);
+
+ if(_bpf_filter != NULL) {
+ struct bpf_program fcode;
+
+ if(pcap_compile(_pcap_handle, &fcode, _bpf_filter, 1, 0xFFFFFF00) < 0) {
+ printf("pcap_compile error: '%s'\n", pcap_geterr(_pcap_handle));
+ } else {
+ if(pcap_setfilter(_pcap_handle, &fcode) < 0) {
+ printf("pcap_setfilter error: '%s'\n", pcap_geterr(_pcap_handle));
+ } else
+ printf("Succesfully set BPF filter to '%s'\n", _bpf_filter);
+ }
+ }
+
+ if(capture_until > 0) {
+ printf("Capturing traffic up to %u seconds\n", (unsigned int)capture_until);
+ capture_until += time(NULL);
+ }
}
static void closePcapFile(void)
@@ -587,17 +722,37 @@
}
}
+void sigproc(int sig) {
+ static int called = 0;
+
+ if(called) return; else called = 1;
+ shutdown_app = 1;
+
+ closePcapFile();
+ printResults(0);
+ terminateDetection();
+ exit(0);
+}
+
+
// executed for each packet in the pcap file
static void pcap_packet_callback(u_char * args, const struct pcap_pkthdr *header, const u_char * packet)
{
- const struct ndpi_ethhdr *ethernet = (struct ndpi_ethhdr *) packet;
- struct ndpi_iphdr *iph = (struct ndpi_iphdr *) &packet[sizeof(struct ndpi_ethhdr)];
+ const struct ndpi_ethhdr *ethernet;
+ struct ndpi_iphdr *iph;
u_int64_t time;
static u_int64_t lasttime = 0;
u_int16_t type, ip_offset;
raw_packet_count++;
+ if((capture_until != 0) && (header->ts.tv_sec >= capture_until)) {
+ if(_pcap_handle != NULL)
+ pcap_breakloop(_pcap_handle);
+
+ return;
+ }
+
time = ((uint64_t) header->ts.tv_sec) * detection_tick_resolution +
header->ts.tv_usec / (1000000 / detection_tick_resolution);
if (lasttime > time) {
@@ -606,12 +761,25 @@
}
lasttime = time;
+ if(_pcap_datalink_type == DLT_EN10MB) {
+ ethernet = (struct ndpi_ethhdr *) packet;
+ ip_offset = sizeof(struct ndpi_ethhdr);
+ type = ntohs(ethernet->h_proto);
+ } else if(_pcap_datalink_type == 113 /* Linux Cooked Capture */) {
+ type = packet[14] << 8 + packet[15];
+ ip_offset = 16;
+ } else
+ return;
+
+ if(type == 0x8100 /* VLAN */) {
+ type = packet[ip_offset+2] << 8 + packet[ip_offset+3];
+ ip_offset += 4;
+ }
- type = ethernet->h_proto;
+ iph = (struct ndpi_iphdr *) &packet[ip_offset];
// just work on Ethernet packets that contain IP
- if (_pcap_datalink_type == DLT_EN10MB && type == htons(ETH_P_IP)
- && header->caplen >= sizeof(struct ndpi_ethhdr)) {
+ if (type == ETH_P_IP && header->caplen >= ip_offset) {
u_int16_t frag_off = ntohs(iph->frag_off);
if(header->caplen < header->len) {
@@ -633,20 +801,19 @@
return;
}
- ip_offset = sizeof(struct ndpi_ethhdr);
if(decode_tunnels && (iph->protocol == IPPROTO_UDP) && ((frag_off & 0x3FFF) == 0)) {
u_short ip_len = ((u_short)iph->ihl * 4);
- struct ndpi_udphdr *udp = (struct ndpi_udphdr *)&packet[sizeof(struct ndpi_ethhdr)+ip_len];
+ struct ndpi_udphdr *udp = (struct ndpi_udphdr *)&packet[ip_offset+ip_len];
u_int16_t sport = ntohs(udp->source), dport = ntohs(udp->dest);
if((sport == GTP_U_V1_PORT) || (dport == GTP_U_V1_PORT)) {
/* Check if it's GTPv1 */
- u_int offset = sizeof(struct ndpi_ethhdr)+ip_len+sizeof(struct ndpi_udphdr);
+ u_int offset = ip_offset+ip_len+sizeof(struct ndpi_udphdr);
u_int8_t flags = packet[offset];
u_int8_t message_type = packet[offset+1];
if((((flags & 0xE0) >> 5) == 1 /* GTPv1 */) && (message_type == 0xFF /* T-PDU */)) {
- ip_offset = sizeof(struct ndpi_ethhdr)+ip_len+sizeof(struct ndpi_udphdr)+8 /* GTPv1 header len */;
+ ip_offset = ip_offset+ip_len+sizeof(struct ndpi_udphdr)+8 /* GTPv1 header len */;
if(flags & 0x04) ip_offset += 1; /* next_ext_header is present */
if(flags & 0x02) ip_offset += 4; /* sequence_number is present (it also includes next_ext_header and pdu_number) */
@@ -666,21 +833,29 @@
// process the packet
packet_processing(time, iph, header->len - ip_offset, header->len);
}
-
}
static void runPcapLoop(void)
{
- if (_pcap_handle != NULL)
+ if((!shutdown_app) && (_pcap_handle != NULL))
pcap_loop(_pcap_handle, -1, &pcap_packet_callback, NULL);
}
void test_lib() {
+ struct timeval begin, end;
+ u_int64_t tot_usec;
+
setupDetection();
- openPcapFile();
+ openPcapFileOrDevice();
+ signal(SIGINT, sigproc);
+
+ gettimeofday(&begin, NULL);
runPcapLoop();
+ gettimeofday(&end, NULL);
+
+ tot_usec = end.tv_sec*1000000 + end.tv_usec - (begin.tv_sec*1000000 + begin.tv_usec);
closePcapFile();
- printResults();
+ printResults(tot_usec);
terminateDetection();
}
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/include/ndpi_main.h
^
|
| @@ -34,14 +34,18 @@
#endif
#ifndef WIN32
+#ifndef __KERNEL__
#include <sys/time.h>
+#endif
+
#if 1 && !defined __APPLE__ && !defined __FreeBSD__
#ifndef __KERNEL__
-# include <endian.h>
-# include <byteswap.h>
+#include <endian.h>
+#include <byteswap.h>
#else
-# include <asm/byteorder.h>
+#include <asm/byteorder.h>
+#include <linux/ctype.h>
#endif
#endif
@@ -75,13 +79,13 @@
#ifndef WIN32
#ifndef __KERNEL__
-# include <netinet/ip.h>
-# include <netinet/tcp.h>
-# include <netinet/udp.h>
+#include <netinet/ip.h>
+#include <netinet/tcp.h>
+#include <netinet/udp.h>
#else
-# include <linux/ip.h>
-# include <linux/tcp.h>
-# include <linux/udp.h>
+#include <linux/ip.h>
+#include <linux/tcp.h>
+#include <linux/udp.h>
#endif
#endif
@@ -98,8 +102,8 @@
void *ndpi_tdelete(const void * __restrict, void ** __restrict,
int (*)(const void *, const void *));
-void *ndpi_tfind(const void *, void * const *, int (*)(const void *, const void *));
-void *ndpi_tsearch(const void *, void **, int (*)(const void *, const void *));
+void *ndpi_tfind(const void *, void *, int (*)(const void *, const void *));
+void *ndpi_tsearch(const void *, void**, int (*)(const void *, const void *));
void ndpi_twalk(const void *, void (*)(const void *, ndpi_VISIT, int));
void ndpi_tdestroy(void *vrootp, void (*freefct)(void *));
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/include/ndpi_protocols.h
^
|
| @@ -160,9 +160,12 @@
void ndpi_search_filetopia_tcp(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow);
-/* manolito entry */
-void ndpi_search_manolito_tcp_udp(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow);
+/* vmware entry */
+void ndpi_search_vmware(struct ndpi_detection_module_struct
+ *ndpi_struct, struct ndpi_flow_struct *flow);
+
+void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct
+ *ndpi_struct, struct ndpi_flow_struct *flow);
/* imesh entry */
void ndpi_search_imesh_tcp_udp(struct ndpi_detection_module_struct
@@ -337,6 +340,17 @@
void ndpi_search_lotus_notes(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
void ndpi_search_gtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
void ndpi_search_spotify(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
-
+void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_openvpn(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_teamspeak(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_corba(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_skinny(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
+void ndpi_search_tor(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
#endif /* __NDPI_PROTOCOLS_INCLUDE_FILE__ */
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/include/ndpi_protocols_osdpi.h
^
|
| @@ -67,7 +67,7 @@
#define NDPI_PROTOCOL_DIRECTCONNECT 25
#define NDPI_PROTOCOL_SOCRATES 26
#define NDPI_PROTOCOL_WINMX 27
-#define NDPI_PROTOCOL_MANOLITO 28
+#define NDPI_PROTOCOL_VMWARE 28
#define NDPI_PROTOCOL_PANDO 29
#define NDPI_PROTOCOL_FILETOPIA 30
#define NDPI_PROTOCOL_IMESH 31
@@ -112,7 +112,7 @@
#define NDPI_PROTOCOL_YAHOO 70
#define NDPI_PROTOCOL_BATTLEFIELD 71
#define NDPI_PROTOCOL_QUAKE 72
-#define NDPI_PROTOCOL_SECONDLIFE 73
+#define NDPI_PROTOCOL_VRRP 73
#define NDPI_PROTOCOL_STEAM 74
#define NDPI_PROTOCOL_HALFLIFE2 75
#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76
@@ -196,9 +196,23 @@
#define NDPI_PROTOCOL_LLMNR 154
#define NDPI_PROTOCOL_REMOTE_SCAN 155
#define NDPI_PROTOCOL_SPOTIFY 156
+#define NDPI_PROTOCOL_WEBM 157
+#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay <mudingay@ill.fr> */
+#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay <mudingay@ill.fr> */
+
/* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */
-#define NDPI_LAST_IMPLEMENTED_PROTOCOL 156
+#define NDPI_LAST_IMPLEMENTED_PROTOCOL 169
#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1)
#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS 128
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/include/ndpi_structs.h
^
|
| @@ -137,9 +137,6 @@
#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER
u_int32_t jabber_stun_or_ft_ts;
#endif
-#ifdef NDPI_PROTOCOL_MANOLITO
- u_int32_t manolito_last_pkt_arrival_time;
-#endif
#ifdef NDPI_PROTOCOL_DIRECTCONNECT
u_int32_t directconnect_last_safe_access_time;
#endif
@@ -259,9 +256,6 @@
#ifdef NDPI_PROTOCOL_FILETOPIA
u_int32_t filetopia_stage:2;
#endif
-#ifdef NDPI_PROTOCOL_MANOLITO
- u_int32_t manolito_stage:4;
-#endif
#ifdef NDPI_PROTOCOL_TDS
u_int32_t tds_stage:3;
#endif
@@ -612,7 +606,6 @@
u_int32_t zattoo_connection_timeout;
u_int32_t jabber_stun_timeout;
u_int32_t jabber_file_transfer_timeout;
- u_int32_t manolito_subscriber_timeout;
#ifdef NDPI_ENABLE_DEBUG_MESSAGES
#define NDPI_IP_STRING_SIZE 40
char ip_string[NDPI_IP_STRING_SIZE];
@@ -663,9 +656,17 @@
/* protocols which have marked a connection as this connection cannot be protocol XXX, multiple u_int64_t */
NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask;
+#if 0
#ifdef NDPI_PROTOCOL_RTP
u_int32_t rtp_ssid[2];
+ u_int16_t rtp_seqnum[2]; /* current highest sequence number (only goes forwards, is not decreased by retransmissions) */
+ /* tcp and udp */
+ u_int8_t rtp_payload_type[2];
+ u_int32_t rtp_stage1:2; //0-3
+ u_int32_t rtp_stage2:2;
+#endif
#endif
+
#ifdef NDPI_PROTOCOL_I23V5
u_int32_t i23v5_len1;
u_int32_t i23v5_len2;
@@ -674,21 +675,10 @@
u_int16_t packet_counter; // can be 0-65000
u_int16_t packet_direction_counter[2];
u_int16_t byte_counter[2];
-#ifdef NDPI_PROTOCOL_RTP
- u_int16_t rtp_seqnum[2]; /* current highest sequence number (only goes forwards, is not decreased by retransmissions) */
-#endif
-#ifdef NDPI_PROTOCOL_RTP
- /* tcp and udp */
- u_int8_t rtp_payload_type[2];
-#endif
#ifdef NDPI_PROTOCOL_BITTORRENT
u_int8_t bittorrent_stage; // can be 0-255
#endif
-#ifdef NDPI_PROTOCOL_RTP
- u_int32_t rtp_stage1:2; //0-3
- u_int32_t rtp_stage2:2;
-#endif
#ifdef NDPI_PROTOCOL_EDONKEY
u_int32_t edk_stage:5; // 0-17
#endif
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/Makefile.am
^
|
| @@ -65,7 +65,7 @@
protocols/mail_imap.c \
protocols/mail_pop.c \
protocols/mail_smtp.c \
- protocols/manolito.c \
+ protocols/vmware.c \
protocols/maplestory.c \
protocols/mdns.c \
protocols/meebo.c \
@@ -77,6 +77,7 @@
protocols/netbios.c \
protocols/nfs.c \
protocols/non_tcp_udp.c \
+ protocols/tcp_udp.c \
protocols/ntp.c \
protocols/openft.c \
protocols/oscar.c \
@@ -92,7 +93,6 @@
protocols/rdp.c \
protocols/rtp.c \
protocols/rtsp.c \
- protocols/secondlife.c \
protocols/shoutcast.c \
protocols/sip.c \
protocols/smb.c \
@@ -134,6 +134,18 @@
protocols/radius.c \
protocols/teamviewer.c \
protocols/lotus_notes.c \
- protocols/gtp.c
+ protocols/gtp.c \
+ protocols/h323.c \
+ protocols/noe.c \
+ protocols/ciscovpn.c \
+ protocols/teamspeak.c \
+ protocols/viber.c \
+ protocols/openvpn.c \
+ protocols/corba.c \
+ protocols/oracle.c \
+ protocols/rsync.c \
+ protocols/rtcp.c \
+ protocols/skinny.c \
+ protocols/tor.c
# NTOP protocols are at the end
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/Makefile.in
^
|
| @@ -114,20 +114,19 @@
libndpi_la-jabber.lo libndpi_la-kerberos.lo \
libndpi_la-kontiki.lo libndpi_la-ldap.lo \
libndpi_la-mail_imap.lo libndpi_la-mail_pop.lo \
- libndpi_la-mail_smtp.lo libndpi_la-manolito.lo \
+ libndpi_la-mail_smtp.lo libndpi_la-vmware.lo \
libndpi_la-maplestory.lo libndpi_la-mdns.lo \
libndpi_la-meebo.lo libndpi_la-mgcp.lo libndpi_la-mms.lo \
libndpi_la-msn.lo libndpi_la-mssql.lo libndpi_la-mysql.lo \
libndpi_la-netbios.lo libndpi_la-nfs.lo \
- libndpi_la-non_tcp_udp.lo libndpi_la-ntp.lo \
- libndpi_la-openft.lo libndpi_la-oscar.lo libndpi_la-pando.lo \
- libndpi_la-pcanywhere.lo libndpi_la-popo.lo \
- libndpi_la-postgres.lo libndpi_la-pplive.lo \
+ libndpi_la-non_tcp_udp.lo libndpi_la-tcp_udp.lo \
+ libndpi_la-ntp.lo libndpi_la-openft.lo libndpi_la-oscar.lo \
+ libndpi_la-pando.lo libndpi_la-pcanywhere.lo \
+ libndpi_la-popo.lo libndpi_la-postgres.lo libndpi_la-pplive.lo \
libndpi_la-ppstream.lo libndpi_la-pptp.lo libndpi_la-qq.lo \
libndpi_la-quake.lo libndpi_la-rdp.lo libndpi_la-rtp.lo \
- libndpi_la-rtsp.lo libndpi_la-secondlife.lo \
- libndpi_la-shoutcast.lo libndpi_la-sip.lo libndpi_la-smb.lo \
- libndpi_la-snmp.lo libndpi_la-socrates.lo \
+ libndpi_la-rtsp.lo libndpi_la-shoutcast.lo libndpi_la-sip.lo \
+ libndpi_la-smb.lo libndpi_la-snmp.lo libndpi_la-socrates.lo \
libndpi_la-sopcast.lo libndpi_la-soulseek.lo \
libndpi_la-spotify.lo libndpi_la-ssdp.lo libndpi_la-ssh.lo \
libndpi_la-ssl.lo libndpi_la-stealthnet.lo libndpi_la-steam.lo \
@@ -142,7 +141,11 @@
libndpi_la-citrix.lo libndpi_la-dcerpc.lo \
libndpi_la-netflow.lo libndpi_la-sflow.lo libndpi_la-radius.lo \
libndpi_la-teamviewer.lo libndpi_la-lotus_notes.lo \
- libndpi_la-gtp.lo
+ libndpi_la-gtp.lo libndpi_la-h323.lo libndpi_la-noe.lo \
+ libndpi_la-ciscovpn.lo libndpi_la-teamspeak.lo \
+ libndpi_la-viber.lo libndpi_la-openvpn.lo libndpi_la-corba.lo \
+ libndpi_la-oracle.lo libndpi_la-rsync.lo libndpi_la-rtcp.lo \
+ libndpi_la-skinny.lo libndpi_la-tor.lo
libndpi_la_OBJECTS = $(am_libndpi_la_OBJECTS)
libndpi_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
@@ -348,7 +351,7 @@
protocols/mail_imap.c \
protocols/mail_pop.c \
protocols/mail_smtp.c \
- protocols/manolito.c \
+ protocols/vmware.c \
protocols/maplestory.c \
protocols/mdns.c \
protocols/meebo.c \
@@ -360,6 +363,7 @@
protocols/netbios.c \
protocols/nfs.c \
protocols/non_tcp_udp.c \
+ protocols/tcp_udp.c \
protocols/ntp.c \
protocols/openft.c \
protocols/oscar.c \
@@ -375,7 +379,6 @@
protocols/rdp.c \
protocols/rtp.c \
protocols/rtsp.c \
- protocols/secondlife.c \
protocols/shoutcast.c \
protocols/sip.c \
protocols/smb.c \
@@ -417,7 +420,19 @@
protocols/radius.c \
protocols/teamviewer.c \
protocols/lotus_notes.c \
- protocols/gtp.c
+ protocols/gtp.c \
+ protocols/h323.c \
+ protocols/noe.c \
+ protocols/ciscovpn.c \
+ protocols/teamspeak.c \
+ protocols/viber.c \
+ protocols/openvpn.c \
+ protocols/corba.c \
+ protocols/oracle.c \
+ protocols/rsync.c \
+ protocols/rtcp.c \
+ protocols/skinny.c \
+ protocols/tor.c
all: all-am
@@ -504,7 +519,9 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-battlefield.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-bgp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-bittorrent.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-ciscovpn.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-citrix.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-corba.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-crossfire.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-dcerpc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-dhcp.Plo@am__quote@
@@ -526,6 +543,7 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-gnutella.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-gtp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-guildwars.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-h323.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-halflife2_and_mods.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-http.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-http_activesync.Plo@am__quote@
@@ -543,7 +561,6 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-mail_imap.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-mail_pop.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-mail_smtp.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-manolito.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-maplestory.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-mdns.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-meebo.Plo@am__quote@
@@ -557,9 +574,12 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-netflow.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-nfs.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-node.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-noe.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-non_tcp_udp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-ntp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-openft.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-openvpn.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-oracle.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-oscar.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-pando.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-pcanywhere.Plo@am__quote@
@@ -572,12 +592,14 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-quake.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-radius.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-rdp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-rsync.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-rtcp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-rtp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-rtsp.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-secondlife.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-sflow.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-shoutcast.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-sip.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-skinny.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-skype.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-smb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-snmp.Plo@am__quote@
@@ -593,15 +615,20 @@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-steam.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-stun.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-syslog.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-tcp_udp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-tds.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-teamspeak.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-teamviewer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-telnet.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-tftp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-thunder.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-tor.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-tvants.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-tvuplayer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-usenet.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-veohtv.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-viber.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-vmware.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-vnc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-warcraft3.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libndpi_la-winmx.Plo@am__quote@
@@ -948,12 +975,12 @@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-mail_smtp.lo `test -f 'protocols/mail_smtp.c' || echo '$(srcdir)/'`protocols/mail_smtp.c
-libndpi_la-manolito.lo: protocols/manolito.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-manolito.lo -MD -MP -MF $(DEPDIR)/libndpi_la-manolito.Tpo -c -o libndpi_la-manolito.lo `test -f 'protocols/manolito.c' || echo '$(srcdir)/'`protocols/manolito.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-manolito.Tpo $(DEPDIR)/libndpi_la-manolito.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/manolito.c' object='libndpi_la-manolito.lo' libtool=yes @AMDEPBACKSLASH@
+libndpi_la-vmware.lo: protocols/vmware.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-vmware.lo -MD -MP -MF $(DEPDIR)/libndpi_la-vmware.Tpo -c -o libndpi_la-vmware.lo `test -f 'protocols/vmware.c' || echo '$(srcdir)/'`protocols/vmware.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-vmware.Tpo $(DEPDIR)/libndpi_la-vmware.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/vmware.c' object='libndpi_la-vmware.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-manolito.lo `test -f 'protocols/manolito.c' || echo '$(srcdir)/'`protocols/manolito.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-vmware.lo `test -f 'protocols/vmware.c' || echo '$(srcdir)/'`protocols/vmware.c
libndpi_la-maplestory.lo: protocols/maplestory.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-maplestory.lo -MD -MP -MF $(DEPDIR)/libndpi_la-maplestory.Tpo -c -o libndpi_la-maplestory.lo `test -f 'protocols/maplestory.c' || echo '$(srcdir)/'`protocols/maplestory.c
@@ -1032,6 +1059,13 @@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-non_tcp_udp.lo `test -f 'protocols/non_tcp_udp.c' || echo '$(srcdir)/'`protocols/non_tcp_udp.c
+libndpi_la-tcp_udp.lo: protocols/tcp_udp.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-tcp_udp.lo -MD -MP -MF $(DEPDIR)/libndpi_la-tcp_udp.Tpo -c -o libndpi_la-tcp_udp.lo `test -f 'protocols/tcp_udp.c' || echo '$(srcdir)/'`protocols/tcp_udp.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-tcp_udp.Tpo $(DEPDIR)/libndpi_la-tcp_udp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/tcp_udp.c' object='libndpi_la-tcp_udp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-tcp_udp.lo `test -f 'protocols/tcp_udp.c' || echo '$(srcdir)/'`protocols/tcp_udp.c
+
libndpi_la-ntp.lo: protocols/ntp.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-ntp.lo -MD -MP -MF $(DEPDIR)/libndpi_la-ntp.Tpo -c -o libndpi_la-ntp.lo `test -f 'protocols/ntp.c' || echo '$(srcdir)/'`protocols/ntp.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-ntp.Tpo $(DEPDIR)/libndpi_la-ntp.Plo
@@ -1137,13 +1171,6 @@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-rtsp.lo `test -f 'protocols/rtsp.c' || echo '$(srcdir)/'`protocols/rtsp.c
-libndpi_la-secondlife.lo: protocols/secondlife.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-secondlife.lo -MD -MP -MF $(DEPDIR)/libndpi_la-secondlife.Tpo -c -o libndpi_la-secondlife.lo `test -f 'protocols/secondlife.c' || echo '$(srcdir)/'`protocols/secondlife.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-secondlife.Tpo $(DEPDIR)/libndpi_la-secondlife.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/secondlife.c' object='libndpi_la-secondlife.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-secondlife.lo `test -f 'protocols/secondlife.c' || echo '$(srcdir)/'`protocols/secondlife.c
-
libndpi_la-shoutcast.lo: protocols/shoutcast.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-shoutcast.lo -MD -MP -MF $(DEPDIR)/libndpi_la-shoutcast.Tpo -c -o libndpi_la-shoutcast.lo `test -f 'protocols/shoutcast.c' || echo '$(srcdir)/'`protocols/shoutcast.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-shoutcast.Tpo $(DEPDIR)/libndpi_la-shoutcast.Plo
@@ -1438,6 +1465,90 @@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-gtp.lo `test -f 'protocols/gtp.c' || echo '$(srcdir)/'`protocols/gtp.c
+libndpi_la-h323.lo: protocols/h323.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-h323.lo -MD -MP -MF $(DEPDIR)/libndpi_la-h323.Tpo -c -o libndpi_la-h323.lo `test -f 'protocols/h323.c' || echo '$(srcdir)/'`protocols/h323.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-h323.Tpo $(DEPDIR)/libndpi_la-h323.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/h323.c' object='libndpi_la-h323.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-h323.lo `test -f 'protocols/h323.c' || echo '$(srcdir)/'`protocols/h323.c
+
+libndpi_la-noe.lo: protocols/noe.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-noe.lo -MD -MP -MF $(DEPDIR)/libndpi_la-noe.Tpo -c -o libndpi_la-noe.lo `test -f 'protocols/noe.c' || echo '$(srcdir)/'`protocols/noe.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-noe.Tpo $(DEPDIR)/libndpi_la-noe.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/noe.c' object='libndpi_la-noe.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-noe.lo `test -f 'protocols/noe.c' || echo '$(srcdir)/'`protocols/noe.c
+
+libndpi_la-ciscovpn.lo: protocols/ciscovpn.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-ciscovpn.lo -MD -MP -MF $(DEPDIR)/libndpi_la-ciscovpn.Tpo -c -o libndpi_la-ciscovpn.lo `test -f 'protocols/ciscovpn.c' || echo '$(srcdir)/'`protocols/ciscovpn.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-ciscovpn.Tpo $(DEPDIR)/libndpi_la-ciscovpn.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/ciscovpn.c' object='libndpi_la-ciscovpn.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-ciscovpn.lo `test -f 'protocols/ciscovpn.c' || echo '$(srcdir)/'`protocols/ciscovpn.c
+
+libndpi_la-teamspeak.lo: protocols/teamspeak.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-teamspeak.lo -MD -MP -MF $(DEPDIR)/libndpi_la-teamspeak.Tpo -c -o libndpi_la-teamspeak.lo `test -f 'protocols/teamspeak.c' || echo '$(srcdir)/'`protocols/teamspeak.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-teamspeak.Tpo $(DEPDIR)/libndpi_la-teamspeak.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/teamspeak.c' object='libndpi_la-teamspeak.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-teamspeak.lo `test -f 'protocols/teamspeak.c' || echo '$(srcdir)/'`protocols/teamspeak.c
+
+libndpi_la-viber.lo: protocols/viber.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-viber.lo -MD -MP -MF $(DEPDIR)/libndpi_la-viber.Tpo -c -o libndpi_la-viber.lo `test -f 'protocols/viber.c' || echo '$(srcdir)/'`protocols/viber.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-viber.Tpo $(DEPDIR)/libndpi_la-viber.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/viber.c' object='libndpi_la-viber.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-viber.lo `test -f 'protocols/viber.c' || echo '$(srcdir)/'`protocols/viber.c
+
+libndpi_la-openvpn.lo: protocols/openvpn.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-openvpn.lo -MD -MP -MF $(DEPDIR)/libndpi_la-openvpn.Tpo -c -o libndpi_la-openvpn.lo `test -f 'protocols/openvpn.c' || echo '$(srcdir)/'`protocols/openvpn.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-openvpn.Tpo $(DEPDIR)/libndpi_la-openvpn.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/openvpn.c' object='libndpi_la-openvpn.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-openvpn.lo `test -f 'protocols/openvpn.c' || echo '$(srcdir)/'`protocols/openvpn.c
+
+libndpi_la-corba.lo: protocols/corba.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-corba.lo -MD -MP -MF $(DEPDIR)/libndpi_la-corba.Tpo -c -o libndpi_la-corba.lo `test -f 'protocols/corba.c' || echo '$(srcdir)/'`protocols/corba.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-corba.Tpo $(DEPDIR)/libndpi_la-corba.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/corba.c' object='libndpi_la-corba.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-corba.lo `test -f 'protocols/corba.c' || echo '$(srcdir)/'`protocols/corba.c
+
+libndpi_la-oracle.lo: protocols/oracle.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-oracle.lo -MD -MP -MF $(DEPDIR)/libndpi_la-oracle.Tpo -c -o libndpi_la-oracle.lo `test -f 'protocols/oracle.c' || echo '$(srcdir)/'`protocols/oracle.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-oracle.Tpo $(DEPDIR)/libndpi_la-oracle.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/oracle.c' object='libndpi_la-oracle.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-oracle.lo `test -f 'protocols/oracle.c' || echo '$(srcdir)/'`protocols/oracle.c
+
+libndpi_la-rsync.lo: protocols/rsync.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-rsync.lo -MD -MP -MF $(DEPDIR)/libndpi_la-rsync.Tpo -c -o libndpi_la-rsync.lo `test -f 'protocols/rsync.c' || echo '$(srcdir)/'`protocols/rsync.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-rsync.Tpo $(DEPDIR)/libndpi_la-rsync.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/rsync.c' object='libndpi_la-rsync.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-rsync.lo `test -f 'protocols/rsync.c' || echo '$(srcdir)/'`protocols/rsync.c
+
+libndpi_la-rtcp.lo: protocols/rtcp.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-rtcp.lo -MD -MP -MF $(DEPDIR)/libndpi_la-rtcp.Tpo -c -o libndpi_la-rtcp.lo `test -f 'protocols/rtcp.c' || echo '$(srcdir)/'`protocols/rtcp.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-rtcp.Tpo $(DEPDIR)/libndpi_la-rtcp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/rtcp.c' object='libndpi_la-rtcp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-rtcp.lo `test -f 'protocols/rtcp.c' || echo '$(srcdir)/'`protocols/rtcp.c
+
+libndpi_la-skinny.lo: protocols/skinny.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-skinny.lo -MD -MP -MF $(DEPDIR)/libndpi_la-skinny.Tpo -c -o libndpi_la-skinny.lo `test -f 'protocols/skinny.c' || echo '$(srcdir)/'`protocols/skinny.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-skinny.Tpo $(DEPDIR)/libndpi_la-skinny.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/skinny.c' object='libndpi_la-skinny.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-skinny.lo `test -f 'protocols/skinny.c' || echo '$(srcdir)/'`protocols/skinny.c
+
+libndpi_la-tor.lo: protocols/tor.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libndpi_la-tor.lo -MD -MP -MF $(DEPDIR)/libndpi_la-tor.Tpo -c -o libndpi_la-tor.lo `test -f 'protocols/tor.c' || echo '$(srcdir)/'`protocols/tor.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libndpi_la-tor.Tpo $(DEPDIR)/libndpi_la-tor.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='protocols/tor.c' object='libndpi_la-tor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libndpi_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libndpi_la-tor.lo `test -f 'protocols/tor.c' || echo '$(srcdir)/'`protocols/tor.c
+
mostlyclean-libtool:
-rm -f *.lo
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/ndpi_main.c
^
|
| @@ -53,7 +53,7 @@
/* find or insert datum into search tree */
void *
ndpi_tsearch(const void *vkey, void **vrootp,
- int (*compar)(const void *, const void *))
+ int (*compar)(const void *, const void *))
{
ndpi_node *q;
char *key = (char *)vkey;
@@ -82,7 +82,7 @@
/* delete node with given key */
void *
ndpi_tdelete(const void *vkey, void **vrootp,
- int (*compar)(const void *, const void *))
+ int (*compar)(const void *, const void *))
{
ndpi_node **rootp = (ndpi_node **)vrootp;
char *key = (char *)vkey;
@@ -150,8 +150,8 @@
/* find a node, or return 0 */
void *
-ndpi_tfind(const void *vkey, void * const *vrootp,
- int (*compar)(const void *, const void *))
+ndpi_tfind(const void *vkey, void *vrootp,
+ int (*compar)(const void *, const void *))
{
char *key = (char *)vkey;
ndpi_node **rootp = (ndpi_node **)vrootp;
@@ -199,79 +199,79 @@
#ifdef WIN32
/* http://opensource.apple.com/source/Libc/Libc-186/string.subproj/strcasecmp.c */
-/*
- * This array is designed for mapping upper and lower case letter
- * together for a case independent comparison. The mappings are
- * based upon ascii character sequences.
- */
-static const u_char charmap[] = {
- '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
- '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
- '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
- '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
- '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
- '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
- '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
- '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
- '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
- '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
- '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
- '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
- '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
- '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
- '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
- '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
- '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
- '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
- '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
- '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
- '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
- '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
- '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
- '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
- '\300', '\301', '\302', '\303', '\304', '\305', '\306', '\307',
- '\310', '\311', '\312', '\313', '\314', '\315', '\316', '\317',
- '\320', '\321', '\322', '\323', '\324', '\325', '\326', '\327',
- '\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337',
- '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
- '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
- '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
- '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
-};
-
-int
-strcasecmp(s1, s2)
- const char *s1, *s2;
-{
- register const u_char *cm = charmap,
- *us1 = (const u_char *)s1,
- *us2 = (const u_char *)s2;
-
- while (cm[*us1] == cm[*us2++])
- if (*us1++ == '\0')
- return (0);
- return (cm[*us1] - cm[*--us2]);
-}
-
-int
-strncasecmp(s1, s2, n)
- const char *s1, *s2;
- register size_t n;
-{
- if (n != 0) {
- register const u_char *cm = charmap,
- *us1 = (const u_char *)s1,
- *us2 = (const u_char *)s2;
-
- do {
- if (cm[*us1] != cm[*us2++])
- return (cm[*us1] - cm[*--us2]);
- if (*us1++ == '\0')
- break;
- } while (--n != 0);
- }
- return (0);
-}
+/*
+ * This array is designed for mapping upper and lower case letter
+ * together for a case independent comparison. The mappings are
+ * based upon ascii character sequences.
+ */
+static const u_char charmap[] = {
+ '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
+ '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
+ '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
+ '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
+ '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
+ '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
+ '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
+ '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
+ '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
+ '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
+ '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
+ '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
+ '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
+ '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
+ '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
+ '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
+ '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
+ '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
+ '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
+ '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
+ '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
+ '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
+ '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
+ '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
+ '\300', '\301', '\302', '\303', '\304', '\305', '\306', '\307',
+ '\310', '\311', '\312', '\313', '\314', '\315', '\316', '\317',
+ '\320', '\321', '\322', '\323', '\324', '\325', '\326', '\327',
+ '\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337',
+ '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
+ '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
+ '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
+ '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
+};
+
+int
+strcasecmp(s1, s2)
+ const char *s1, *s2;
+{
+ register const u_char *cm = charmap,
+ *us1 = (const u_char *)s1,
+ *us2 = (const u_char *)s2;
+
+ while (cm[*us1] == cm[*us2++])
+ if (*us1++ == '\0')
+ return (0);
+ return (cm[*us1] - cm[*--us2]);
+}
+
+int
+strncasecmp(s1, s2, n)
+ const char *s1, *s2;
+ register size_t n;
+{
+ if (n != 0) {
+ register const u_char *cm = charmap,
+ *us1 = (const u_char *)s1,
+ *us2 = (const u_char *)s2;
+
+ do {
+ if (cm[*us1] != cm[*us2++])
+ return (cm[*us1] - cm[*--us2]);
+ if (*us1++ == '\0')
+ break;
+ } while (--n != 0);
+ }
+ return (0);
+}
#endif
@@ -553,13 +553,13 @@
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FTP, "FTP",
ndpi_build_default_ports(ports_a, 20, 21, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_MAIL_POP, "MAIL_POP",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_MAIL_POP, "Mail_POP",
ndpi_build_default_ports(ports_a, 110, 995, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_MAIL_SMTP, "MAIL_SMTP",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_MAIL_SMTP, "Mail_SMTP",
ndpi_build_default_ports(ports_a, 25, 465, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_MAIL_IMAP, "MAIL_IMAP",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_MAIL_IMAP, "Mail_IMAP",
ndpi_build_default_ports(ports_a, 143, 993, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_DNS, "DNS",
@@ -613,7 +613,7 @@
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_TDS, "TDS",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, "DIRECT_DOWNLOAD_LINK",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, "Direct_Download_Link",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_I23V5, "I23V5",
@@ -631,9 +631,9 @@
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_WINMX, "WinMX",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_MANOLITO, "Manolito",
- ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
- ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_VMWARE, "VMware",
+ ndpi_build_default_ports(ports_a, 903, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_PANDO, "Pando",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
@@ -688,7 +688,7 @@
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_MMS, "MMS",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_XBOX, "XBOX",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_XBOX, "Xbox",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_QQ, "QQ",
@@ -748,7 +748,7 @@
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POPO, "POPO",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNENCRYPED_JABBER, "UNENCRYPED_JABBER",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNENCRYPED_JABBER, "Unencryped_Jabber",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_MSN, "MSN",
@@ -766,13 +766,13 @@
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_QUAKE, "Quake",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SECONDLIFE, "Secondlife",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_VRRP, "VRRP",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_STEAM, "Steam",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_HALFLIFE2, "Halflife2",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_HALFLIFE2, "HalfLife2",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_WORLDOFWARCRAFT, "WorldOfWarcraft",
@@ -805,7 +805,7 @@
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_OSPF, "OSPF",
ndpi_build_default_ports(ports_a, 2604, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_IP_IN_IP, "IP_IN_IP",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_IP_IN_IP, "IPinIP",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_RTP, "RTP",
@@ -898,7 +898,7 @@
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_WARCRAFT3, "Warcraft3",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_WORLD_OF_KUNG_FU, "WORLD_OF_KUNG_FU",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_WORLD_OF_KUNG_FU, "WorldOfKungFu",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_MEEBO, "Meebo",
@@ -919,13 +919,13 @@
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_NETFLOW, "NetFlow",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 2055, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SFLOW, "SFLOW",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SFLOW, "sFlow",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 6343, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_HTTP_CONNECT, "HTTP_CONNECT",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_HTTP_CONNECT, "HTTP_Connect",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_HTTP_PROXY, "HTTP_PROXY",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_HTTP_PROXY, "HTTP_Proxy",
ndpi_build_default_ports(ports_a, 8080, 3128, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_CITRIX, "Citrix",
@@ -934,13 +934,13 @@
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_NETFLIX, "NetFlix",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SKYFILE_PREPAID, "SKYFILE_PREPAID",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SKYFILE_PREPAID, "SkyFile_PrePaid",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SKYFILE_RUDICS, "SKYFILE_RUDICS",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SKYFILE_RUDICS, "SkyFile_Rudics",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SKYFILE_POSTPAID, "SKYFILE_POSTPAID",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SKYFILE_POSTPAID, "SkyFile_PostPaid",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_CITRIX_ONLINE, "Citrix_Online",
@@ -949,7 +949,7 @@
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_APPLE, "Apple",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
- ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_WEBEX, "WebEX",
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_WEBEX, "Webex",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_WHATSAPP, "WhatsApp",
@@ -987,6 +987,45 @@
ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SPOTIFY, "Spotify",
ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_WEBM, "WebM", /* Courtesy of Shreeram Ramamoorthy Swaminathan <shreeram <shreeram1985@yahoo.co.in> */
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_H323, "H323",
+ ndpi_build_default_ports(ports_a, 1719, 1720, 3478, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 1719, 1720, 3478, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_OPENVPN, "OpenVPN",
+ ndpi_build_default_ports(ports_a, 1194, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 1194, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_NOE, "NOE",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_CISCOVPN, "CiscoVPN",
+ ndpi_build_default_ports(ports_a, 10000, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_TEAMSPEAK, "TeamSpeak",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_TOR, "Tor",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SKINNY, "CiscoSkinny",
+ ndpi_build_default_ports(ports_a, 2000, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_RTCP, "RTCP",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_RSYNC, "RSYNC",
+ ndpi_build_default_ports(ports_a, 873, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ORACLE, "Oracle",
+ ndpi_build_default_ports(ports_a, 1521, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_CORBA, "Corba",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UBUNTUONE, "UbuntuONE",
+ ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
init_string_based_protocols(ndpi_mod);
@@ -1062,7 +1101,6 @@
ndpi_str->jabber_stun_timeout = NDPI_JABBER_STUN_TIMEOUT * ticks_per_second;
ndpi_str->jabber_file_transfer_timeout = NDPI_JABBER_FT_TIMEOUT * ticks_per_second;
ndpi_str->soulseek_connection_ip_tick_timeout = NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT * ticks_per_second;
- ndpi_str->manolito_subscriber_timeout = NDPI_MANOLITO_SUBSCRIBER_TIMEOUT;
ndpi_str->ndpi_num_supported_protocols = NDPI_MAX_SUPPORTED_PROTOCOLS;
ndpi_str->ndpi_num_custom_protocols = 0;
@@ -1216,7 +1254,6 @@
elem = strtok_r(line, ",", &holder);
while(elem != NULL) {
char *attr = elem, *value;
- char *port;
ndpi_port_range range;
int is_tcp = 0, is_udp = 0;
@@ -1446,12 +1483,11 @@
if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_RTP) != 0) {
ndpi_struct->callback_buffer[a].func = ndpi_search_rtp;
ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD;
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD;
NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
#ifdef NDPI_PROTOCOL_STUN
NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_STUN);
-
#endif
NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_RTP);
@@ -1805,16 +1841,14 @@
a++;
}
#endif
-#ifdef NDPI_PROTOCOL_MANOLITO
- if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_MANOLITO) != 0) {
- ndpi_struct->callback_buffer[a].func = ndpi_search_manolito_tcp_udp;
+#ifdef NDPI_PROTOCOL_VMWARE
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_VMWARE) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_vmware;
ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD;
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD;
NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
-
- NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_MANOLITO);
-
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_VMWARE);
a++;
}
#endif
@@ -1928,6 +1962,12 @@
a++;
}
#endif
+
+ ndpi_struct->callback_buffer[a].func = ndpi_search_tcp_or_udp;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask = NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP;
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ a++;
+
#ifdef NDPI_PROTOCOL_SOPCAST
if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_SOPCAST) != 0) {
ndpi_struct->callback_buffer[a].func = ndpi_search_sopcast;
@@ -2378,23 +2418,6 @@
}
#endif
-#ifdef NDPI_PROTOCOL_SECONDLIFE
- if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_SECONDLIFE) != 0) {
- ndpi_struct->callback_buffer[a].func = ndpi_search_secondlife;
- ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION;
-
- NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
-
-#ifdef NDPI_PROTOCOL_SSL
- NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_SSL);
-
-#endif
-
- NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_SECONDLIFE);
- a++;
- }
-#endif
#ifdef NDPI_PROTOCOL_PCANYWHERE
if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_PCANYWHERE) != 0) {
ndpi_struct->callback_buffer[a].func = ndpi_search_pcanywhere;
@@ -2945,7 +2968,7 @@
if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_GTP) != 0) {
ndpi_struct->callback_buffer[a].func = ndpi_search_gtp;
ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
- NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION;
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD;
NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_GTP);
@@ -2993,6 +3016,187 @@
}
#endif
+#ifdef NDPI_PROTOCOL_H323
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_H323) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_h323;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD;
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_H323);
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_H323);
+ a++;
+ }
+#endif
+
+#ifdef NDPI_PROTOCOL_OPENVPN
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_OPENVPN) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_openvpn;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD;
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_OPENVPN);
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_OPENVPN);
+ a++;
+ }
+#endif
+
+#ifdef NDPI_PROTOCOL_NOE
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_NOE) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_noe;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD;
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_NOE);
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_NOE);
+ a++;
+ }
+#endif
+
+#ifdef NDPI_PROTOCOL_CISCOVPN
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_CISCOVPN) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_ciscovpn;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD;
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_CISCOVPN);
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_CISCOVPN);
+ a++;
+ }
+#endif
+
+#ifdef NDPI_PROTOCOL_TEAMSPEAK
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_TEAMSPEAK) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_teamspeak;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
+ NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD;
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_TEAMSPEAK);
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_TEAMSPEAK);
+ a++;
+ }
+#endif
+
+#ifdef NDPI_PROTOCOL_VIBER
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_VIBER) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_viber;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD;
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_VIBER);
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_VIBER);
+ a++;
+ }
+#endif
+
+#ifdef NDPI_PROTOCOL_TOR
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_TOR) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_tor;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION;
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_TOR);
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_TOR);
+ a++;
+ }
+#endif
+
+#ifdef NDPI_PROTOCOL_SKINNY
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_SKINNY) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_skinny;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION;
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_SKINNY);
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_SKINNY);
+ a++;
+ }
+#endif
+
+#ifdef NDPI_PROTOCOL_RTCP
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_RTCP) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_rtcp;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
+ NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD;
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_RTCP);
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP);
+ a++;
+ }
+#endif
+
+#ifdef NDPI_PROTOCOL_RSYNC
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_RSYNC) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_rsync;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION;
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_RSYNC);
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_RSYNC);
+ a++;
+ }
+#endif
+
+#ifdef NDPI_PROTOCOL_ORACLE
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_ORACLE) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_oracle;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION;
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_ORACLE);
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_ORACLE);
+ a++;
+ }
+#endif
+
+#ifdef NDPI_PROTOCOL_CORBA
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, NDPI_PROTOCOL_CORBA) != 0) {
+ ndpi_struct->callback_buffer[a].func = ndpi_search_corba;
+ ndpi_struct->callback_buffer[a].ndpi_selection_bitmask =
+ NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION;
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_UNKNOWN);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(ndpi_struct->callback_buffer[a].detection_bitmask, NDPI_PROTOCOL_CORBA);
+
+ NDPI_SAVE_AS_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_CORBA);
+ a++;
+ }
+#endif
+
+
+
+
+
+
+
+
+
+
+
+
+
+
ndpi_struct->callback_buffer_size = a;
NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG,
@@ -4861,7 +5065,3 @@
return(NDPI_PROTOCOL_UNKNOWN);
}
-
-
-
-
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/attic
^
|
| +(directory)
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/protocols/attic/manolito.c
^
|
| (renamed to src/lib/protocols/attic/manolito.c)
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/protocols/attic/manolito.c
^
|
| (renamed to src/lib/protocols/attic/manolito.c)
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/protocols/attic/secondlife.c
^
|
| (renamed to src/lib/protocols/attic/secondlife.c)
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/protocols/attic/secondlife.c
^
|
| (renamed to src/lib/protocols/attic/secondlife.c)
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/ciscovpn.c
^
|
| @@ -0,0 +1,70 @@
+/*
+ * ciscovpn.c
+ * Copyright (C) 2013 by Remy Mudingay <mudingay@ill.fr>
+ *
+ */
+
+
+#include "ndpi_protocols.h"
+#ifdef NDPI_PROTOCOL_CISCOVPN
+
+static void ndpi_int_ciscovpn_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_CISCOVPN, NDPI_REAL_PROTOCOL);
+}
+
+void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int16_t udport = 0, usport = 0;
+ u_int16_t tdport = 0, tsport = 0;
+
+
+ NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "search CISCOVPN.\n");
+
+ if(packet->tcp != NULL) {
+ tsport = ntohs(packet->tcp->source), tdport = ntohs(packet->tcp->dest);
+ NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "calculated CISCOVPN over tcp ports.\n");
+ }
+ if(packet->udp != NULL) {
+ usport = ntohs(packet->udp->source), udport = ntohs(packet->udp->dest);
+ NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "calculated CISCOVPN over udp ports.\n");
+ }
+
+ if((tdport == 10000 && tsport == 10000) ||
+ ((tsport == 443 || tdport == 443) &&
+ (packet->payload[0] == 0x17 &&
+ packet->payload[1] == 0x01 &&
+ packet->payload[2] == 0x00 &&
+ packet->payload[3] == 0x00)
+ )
+ )
+
+ {
+ /* This is a good query 17010000*/
+ NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "found CISCOVPN.\n");
+ ndpi_int_ciscovpn_add_connection(ndpi_struct, flow);
+ }
+ else if(
+ (
+ (usport == 10000 && udport == 10000)
+ &&
+ (packet->payload[0] == 0xfe &&
+ packet->payload[1] == 0x57 &&
+ packet->payload[2] == 0x7e &&
+ packet->payload[3] == 0x2b)
+ )
+ )
+ {
+
+
+ /* This is a good query fe577e2b */
+ NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "found CISCOVPN.\n");
+ ndpi_int_ciscovpn_add_connection(ndpi_struct, flow);
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "exclude CISCOVPN.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CISCOVPN);
+ }
+
+}
+#endif
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/corba.c
^
|
| @@ -0,0 +1,49 @@
+/*
+ * corba.c
+ *
+ * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
+ *
+ * This module is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This module is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License.
+ * If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#include "ndpi_utils.h"
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_CORBA
+static void ndpi_int_corba_add_connection(struct ndpi_detection_module_struct
+ *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_CORBA, NDPI_CORRELATED_PROTOCOL);
+}
+void ndpi_search_corba(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+
+ NDPI_LOG(NDPI_PROTOCOL_CORBA, ndpi_struct, NDPI_LOG_DEBUG, "search for CORBA.\n");
+ if(packet->tcp != NULL) {
+ NDPI_LOG(NDPI_PROTOCOL_CORBA, ndpi_struct, NDPI_LOG_DEBUG, "calculating CORBA over tcp.\n");
+ /* Corba General Inter-ORB Protocol -> GIOP */
+ if ((packet->payload_packet_len >= 24 && packet->payload_packet_len <= 144) &&
+ memcmp(packet->payload, "GIOP", 4) == 0) {
+ NDPI_LOG(NDPI_PROTOCOL_CORBA, ndpi_struct, NDPI_LOG_DEBUG, "found corba.\n");
+ ndpi_int_corba_add_connection(ndpi_struct, flow);
+ }
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_CORBA, ndpi_struct, NDPI_LOG_DEBUG, "exclude CORBA.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CORBA);
+ }
+}
+#endif
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/protocols/gtp.c
^
|
| @@ -50,10 +50,12 @@
if((packet->udp->source == gtp_u) || (packet->udp->dest == gtp_u)
|| (packet->udp->source == gtp_c) || (packet->udp->dest == gtp_c)) {
struct gtp_header_generic *gtp = (struct gtp_header_generic*)packet->payload;
- u_int8_t gtp_version = gtp->flags & 0xE0;
+ u_int8_t gtp_version = (gtp->flags & 0xE0) >> 5;
- if((gtp_version == 1) || (gtp_version == 2)) {
- if(ntohs(gtp->message_len) <= (payload_len+sizeof(struct gtp_header_generic))) {
+ if((gtp_version == 0) || (gtp_version == 1) || (gtp_version == 2)) {
+ u_int16_t message_len = ntohs(gtp->message_len);
+
+ if(message_len <= (payload_len-sizeof(struct gtp_header_generic))) {
NDPI_LOG(NDPI_PROTOCOL_GTP, ndpi_struct, NDPI_LOG_DEBUG, "Found gtp.\n");
ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_GTP, NDPI_REAL_PROTOCOL);
return;
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/h323.c
^
|
| @@ -0,0 +1,67 @@
+/*
+ * h323.c
+ *
+ * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
+ *
+ */
+
+
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_H323
+
+void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int16_t dport = 0, sport = 0;
+
+ NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "search H323.\n");
+
+ if(packet->tcp != NULL) {
+ NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "calculated dport over tcp.\n");
+
+ /* H323 */
+ if(packet->payload[0] == 0x03 && packet->payload[1] == 0x00 && packet->payload[2] == 0x00)
+ {
+ NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "found H323 broadcast.\n");
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_REAL_PROTOCOL);
+ return;
+ }
+ }
+
+ if(packet->udp != NULL) {
+ sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest);
+ NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "calculated dport over udp.\n");
+
+ if(packet->payload[0] == 0x80 && packet->payload[1] == 0x08 && (packet->payload[2] == 0xe7 || packet->payload[2] == 0x26) &&
+ packet->payload[4] == 0x00 && packet->payload[5] == 0x00)
+ {
+ NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "found H323 broadcast.\n");
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_REAL_PROTOCOL);
+ return;
+ }
+ /* H323 */
+ if(sport == 1719 || dport == 1719)
+ {
+ if(packet->payload[0] == 0x16 && packet->payload[1] == 0x80 && packet->payload[4] == 0x06 && packet->payload[5] == 0x00)
+ {
+ NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "found H323 broadcast.\n");
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_REAL_PROTOCOL);
+ return;
+ }
+ else if(packet->payload_packet_len >= 20 || packet->payload_packet_len <= 117)
+ {
+ NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "found H323 broadcast.\n");
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_REAL_PROTOCOL);
+ return;
+ }
+ else
+ {
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_H323);
+ return;
+ }
+ }
+ }
+
+}
+#endif
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/protocols/http.c
^
|
| @@ -179,6 +179,12 @@
"FLASH: Content-Type: flv-application/octet-stream.\n");
ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_FLASH);
return;
+ }
+ if (packet->content_line.len >= 24 && memcmp(packet->content_line.ptr, "application/futuresplash", 24) == 0) {
+ NDPI_LOG(NDPI_PROTOCOL_FLASH, ndpi_struct, NDPI_LOG_DEBUG,
+ "FLASH: Content-Type: application/futuresplash.\n");
+ ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_FLASH);
+ return;
}
}
#endif
@@ -443,6 +449,24 @@
}
#endif
+#ifdef NDPI_PROTOCOL_WEBM
+static void webm_parse_packet_contentline(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+
+ if (packet->content_line.len >= 10 && memcmp(packet->content_line.ptr, "audio/webm", 10) == 0) {
+ NDPI_LOG(NDPI_PROTOCOL_OGG, ndpi_struct, NDPI_LOG_DEBUG, "OGG: Content-Type: audio/webm found.\n");
+ ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_WEBM);
+ return;
+ }
+ if (packet->content_line.len >= 10 && memcmp(packet->content_line.ptr, "video/webm", 10) == 0) {
+ NDPI_LOG(NDPI_PROTOCOL_OGG, ndpi_struct, NDPI_LOG_DEBUG, "OGG: Content-Type: video/webm found.\n");
+ ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_WEBM);
+ return;
+ }
+}
+#endif
+
#ifdef NDPI_PROTOCOL_RTSP
static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
@@ -541,6 +565,10 @@
if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_MOVE) != 0)
move_parse_packet_contentline(ndpi_struct, flow);
#endif
+#ifdef NDPI_PROTOCOL_WEBM
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_WEBM) != 0)
+ webm_parse_packet_contentline(ndpi_struct, flow);
+#endif
}
/* check user agent here too */
if (packet->user_agent_line.ptr != NULL && packet->user_agent_line.len != 0) {
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/noe.c
^
|
| @@ -0,0 +1,54 @@
+/*
+ * noe.c (Alcatel new office environment)
+ *
+ * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
+ *
+ */
+
+
+#include "ndpi_utils.h"
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_NOE
+static void ndpi_int_noe_add_connection(struct ndpi_detection_module_struct
+ *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_NOE, NDPI_CORRELATED_PROTOCOL);
+}
+
+void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int16_t dport = 0, sport = 0;
+
+ NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "search for NOE.\n");
+
+ if(packet->udp != NULL) {
+ sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest);
+ NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over udp.\n");
+
+ if (packet->payload_packet_len == 1 && ( packet->payload[0] == 0x05 || packet->payload[0] == 0x04 )) {
+ NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "found noe.\n");
+ ndpi_int_noe_add_connection(ndpi_struct, flow);
+ return;
+ } else if((packet->payload_packet_len == 5 || packet->payload_packet_len == 12) &&
+ (packet->payload[0] == 0x07 ) &&
+ (packet->payload[1] == 0x00 ) &&
+ (packet->payload[2] != 0x00 ) &&
+ (packet->payload[3] == 0x00 )) {
+ NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "found noe.\n");
+ ndpi_int_noe_add_connection(ndpi_struct, flow);
+ } else if((packet->payload_packet_len >= 25) &&
+ (packet->payload[0] == 0x00 &&
+ packet->payload[1] == 0x06 &&
+ packet->payload[2] == 0x62 &&
+ packet->payload[3] == 0x6c)) {
+ NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "found noe.\n");
+ ndpi_int_noe_add_connection(ndpi_struct, flow);
+ }
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "exclude NOE.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NOE);
+ }
+}
+#endif
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/protocols/non_tcp_udp.c
^
|
| @@ -47,76 +47,82 @@
#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a
-#define set_protocol_and_bmask(nprot) \
-{ \
- if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask,nprot) != 0) \
- { \
- ndpi_int_add_connection(ndpi_struct, flow, \
- nprot, \
- NDPI_REAL_PROTOCOL); \
- } \
-}
+#define set_protocol_and_bmask(nprot) \
+ { \
+ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask,nprot) != 0) \
+ { \
+ ndpi_int_add_connection(ndpi_struct, flow, \
+ nprot, \
+ NDPI_REAL_PROTOCOL); \
+ } \
+ }
void ndpi_search_in_non_tcp_udp(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
+ *ndpi_struct, struct ndpi_flow_struct *flow)
{
- struct ndpi_packet_struct *packet = &flow->packet;
+ struct ndpi_packet_struct *packet = &flow->packet;
- if (packet->iph == NULL) {
+ if (packet->iph == NULL) {
#ifdef NDPI_DETECTION_SUPPORT_IPV6
- if (packet->iphv6 == NULL)
+ if (packet->iphv6 == NULL)
#endif
- return;
- }
- switch (packet->l4_protocol) {
+ return;
+ }
+
+ switch (packet->l4_protocol) {
#ifdef NDPI_PROTOCOL_IPSEC
- case NDPI_IPSEC_PROTOCOL_ESP:
- case NDPI_IPSEC_PROTOCOL_AH:
- set_protocol_and_bmask(NDPI_PROTOCOL_IPSEC);
- break;
+ case NDPI_IPSEC_PROTOCOL_ESP:
+ case NDPI_IPSEC_PROTOCOL_AH:
+ set_protocol_and_bmask(NDPI_PROTOCOL_IPSEC);
+ break;
#endif /* NDPI_PROTOCOL_IPSEC */
#ifdef NDPI_PROTOCOL_GRE
- case NDPI_GRE_PROTOCOL_TYPE:
- set_protocol_and_bmask(NDPI_PROTOCOL_GRE);
- break;
+ case NDPI_GRE_PROTOCOL_TYPE:
+ set_protocol_and_bmask(NDPI_PROTOCOL_GRE);
+ break;
#endif /* NDPI_PROTOCOL_GRE */
#ifdef NDPI_PROTOCOL_ICMP
- case NDPI_ICMP_PROTOCOL_TYPE:
- set_protocol_and_bmask(NDPI_PROTOCOL_ICMP);
- break;
+ case NDPI_ICMP_PROTOCOL_TYPE:
+ set_protocol_and_bmask(NDPI_PROTOCOL_ICMP);
+ break;
#endif /* NDPI_PROTOCOL_ICMP */
#ifdef NDPI_PROTOCOL_IGMP
- case NDPI_IGMP_PROTOCOL_TYPE:
- set_protocol_and_bmask(NDPI_PROTOCOL_IGMP);
- break;
+ case NDPI_IGMP_PROTOCOL_TYPE:
+ set_protocol_and_bmask(NDPI_PROTOCOL_IGMP);
+ break;
#endif /* NDPI_PROTOCOL_IGMP */
#ifdef NDPI_PROTOCOL_EGP
- case NDPI_EGP_PROTOCOL_TYPE:
- set_protocol_and_bmask(NDPI_PROTOCOL_EGP);
- break;
+ case NDPI_EGP_PROTOCOL_TYPE:
+ set_protocol_and_bmask(NDPI_PROTOCOL_EGP);
+ break;
#endif /* NDPI_PROTOCOL_EGP */
#ifdef NDPI_PROTOCOL_SCTP
- case NDPI_SCTP_PROTOCOL_TYPE:
- set_protocol_and_bmask(NDPI_PROTOCOL_SCTP);
- break;
+ case NDPI_SCTP_PROTOCOL_TYPE:
+ set_protocol_and_bmask(NDPI_PROTOCOL_SCTP);
+ break;
#endif /* NDPI_PROTOCOL_SCTP */
#ifdef NDPI_PROTOCOL_OSPF
- case NDPI_OSPF_PROTOCOL_TYPE:
- set_protocol_and_bmask(NDPI_PROTOCOL_OSPF);
- break;
+ case NDPI_OSPF_PROTOCOL_TYPE:
+ set_protocol_and_bmask(NDPI_PROTOCOL_OSPF);
+ break;
#endif /* NDPI_PROTOCOL_OSPF */
#ifdef NDPI_PROTOCOL_IP_IN_IP
- case NDPI_IPIP_PROTOCOL_TYPE:
- set_protocol_and_bmask(NDPI_PROTOCOL_IP_IN_IP);
- break;
+ case NDPI_IPIP_PROTOCOL_TYPE:
+ set_protocol_and_bmask(NDPI_PROTOCOL_IP_IN_IP);
+ break;
#endif /* NDPI_PROTOCOL_IP_IN_IP */
#ifdef NDPI_PROTOCOL_ICMPV6
- case NDPI_ICMPV6_PROTOCOL_TYPE:
- set_protocol_and_bmask(NDPI_PROTOCOL_ICMPV6);
- break;
+ case NDPI_ICMPV6_PROTOCOL_TYPE:
+ set_protocol_and_bmask(NDPI_PROTOCOL_ICMPV6);
+ break;
#endif /* NDPI_PROTOCOL_ICMPV6 */
- }
+#ifdef NDPI_PROTOCOL_VRRP
+ case 112:
+ set_protocol_and_bmask(NDPI_PROTOCOL_VRRP);
+ break;
+#endif /* NDPI_PROTOCOL_VRRP */
+ }
}
#endif
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/openvpn.c
^
|
| @@ -0,0 +1,44 @@
+/*
+ * h323.c
+ *
+ * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
+ *
+ */
+
+
+
+#include "ndpi_utils.h"
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_OPENVPN
+
+void ndpi_search_openvpn(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int16_t dport = 0, sport = 0;
+
+ if(packet->udp != NULL) {
+ sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest);
+ if ((packet->payload_packet_len >= 25) && (sport == 443 || dport == 443) &&
+ (packet->payload[0] == 0x17 && packet->payload[1] == 0x01 &&
+ packet->payload[2] == 0x00 && packet->payload[3] == 0x00)) {
+ NDPI_LOG(NDPI_PROTOCOL_OPENVPN, ndpi_struct, NDPI_LOG_DEBUG, "found openvpn udp 443.\n");
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_OPENVPN, NDPI_REAL_PROTOCOL);
+ return;
+ }
+
+ if ((packet->payload_packet_len >= 40) &&
+ (sport == 1194 || dport == 1194) &&
+ (packet->payload[0] == 0x30 || packet->payload[0] == 0x31 || packet->payload[0] == 0x32 || packet->payload[0] == 0x33 || packet->payload[0] == 0x34 ||
+ packet->payload[0] == 0x35 || packet->payload[0] == 0x36 || packet->payload[0] == 0x37 || packet->payload[0] == 0x38 || packet->payload[0] == 0x39)) {
+ NDPI_LOG(NDPI_PROTOCOL_OPENVPN, ndpi_struct, NDPI_LOG_DEBUG, "found openvpn broadcast udp STD.\n");
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_OPENVPN, NDPI_REAL_PROTOCOL);
+ return;
+ }
+ }
+
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OPENVPN);
+}
+
+#endif
+
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/oracle.c
^
|
| @@ -0,0 +1,62 @@
+/*
+ * oracle.c
+ *
+ * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
+ *
+ * This module is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This module is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License.
+ * If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#include "ndpi_utils.h"
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_ORACLE
+static void ndpi_int_oracle_add_connection(struct ndpi_detection_module_struct
+ *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_ORACLE, NDPI_CORRELATED_PROTOCOL);
+}
+
+void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int16_t dport = 0, sport = 0;
+
+ NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "search for ORACLE.\n");
+
+ if(packet->tcp != NULL) {
+ sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
+ NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "calculating ORACLE over tcp.\n");
+ /* Oracle Database 9g,10g,11g */
+ if ((dport == 1521 || sport == 1521)
+ && (((packet->payload[0] == 0x07) && (packet->payload[1] == 0xff) && (packet->payload[2] == 0x00))
+ || ((packet->payload_packet_len >= 232) && ((packet->payload[0] == 0x00) || (packet->payload[0] == 0x01))
+ && (packet->payload[1] != 0x00)
+ && (packet->payload[2] == 0x00)
+ && (packet->payload[3] == 0x00)))) {
+ NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "found oracle.\n");
+ ndpi_int_oracle_add_connection(ndpi_struct, flow);
+ } else if (packet->payload_packet_len == 213 && packet->payload[0] == 0x00 &&
+ packet->payload[1] == 0xd5 && packet->payload[2] == 0x00 &&
+ packet->payload[3] == 0x00 ) {
+ NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "found oracle.\n");
+ ndpi_int_oracle_add_connection(ndpi_struct, flow);
+ }
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "exclude ORACLE.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ORACLE);
+ }
+}
+#endif
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/protocols/radius.c
^
|
| @@ -45,12 +45,11 @@
if(packet->udp != NULL) {
struct radius_header *h = (struct radius_header*)packet->payload;
-
- h->len = ntohs(h->len);
+ u_int len = ntohs(h->len);
if((payload_len > sizeof(struct radius_header))
&& (h->code <= 5)
- && (h->len == payload_len)) {
+ && (len == payload_len)) {
NDPI_LOG(NDPI_PROTOCOL_RADIUS, ndpi_struct, NDPI_LOG_DEBUG, "Found radius.\n");
ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RADIUS, NDPI_REAL_PROTOCOL);
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/rsync.c
^
|
| @@ -0,0 +1,58 @@
+/*
+ * rsync.c
+ *
+ * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
+ *
+ * This module is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This module is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License.
+ * If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#include "ndpi_utils.h"
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_RSYNC
+static void ndpi_int_rsync_add_connection(struct ndpi_detection_module_struct
+ *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RSYNC, NDPI_CORRELATED_PROTOCOL);
+}
+
+void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int16_t dport = 0, sport = 0;
+
+ NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "search for RSYNC.\n");
+
+ if(packet->tcp != NULL) {
+ sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
+ NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "calculating RSYNC over tcp.\n");
+ /*
+ * Should match: memcmp(packet->payload, "@RSYN NCD: 28", 14) == 0)
+ */
+ if (packet->payload_packet_len == 12 && packet->payload[0] == 0x40 &&
+ packet->payload[1] == 0x52 && packet->payload[2] == 0x53 &&
+ packet->payload[3] == 0x59 && packet->payload[4] == 0x4e &&
+ packet->payload[5] == 0x43 && packet->payload[6] == 0x44 &&
+ packet->payload[7] == 0x3a ) {
+ NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "found rsync.\n");
+ ndpi_int_rsync_add_connection(ndpi_struct, flow);
+ }
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "exclude RSYNC.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RSYNC);
+ }
+}
+#endif
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/rtcp.c
^
|
| @@ -0,0 +1,53 @@
+/*
+ * rtcp.c (RTP Control Protocol)
+ *
+ * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
+ *
+ */
+
+
+#include "ndpi_utils.h"
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_RTCP
+static void ndpi_int_rtcp_add_connection(struct ndpi_detection_module_struct
+ *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RTCP, NDPI_CORRELATED_PROTOCOL);
+}
+
+void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int16_t dport = 0, sport = 0;
+
+ NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "search for RTCP.\n");
+
+ if(packet->tcp != NULL) {
+ sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
+ NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over tcp.\n");
+
+ if(packet->payload_packet_len > 13 && (sport == 554 || dport == 554) &&
+ packet->payload[0] == 0x00 && packet->payload[1] == 0x00 &&
+ packet->payload[2] == 0x01 && packet->payload[3] == 0x01 &&
+ packet->payload[4] == 0x08 && packet->payload[5] == 0x0a &&
+ packet->payload[6] == 0x00 && packet->payload[7] == 0x01) {
+ NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "found rtcp.\n");
+ ndpi_int_rtcp_add_connection(ndpi_struct, flow);
+ }
+ } else if(packet->udp != NULL) {
+ sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest);
+ NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over udp.\n");
+ if((packet->payload_packet_len >= 28 || packet->payload_packet_len <= 1200) &&
+ ((packet->payload[0] == 0x80) && ((packet->payload[1] == 0xc8) || (packet->payload[1] == 0xc9)) && (packet->payload[2] == 0x00))
+ || ((packet->payload[0] == 0x81) && ((packet->payload[1] == 0xc8) || (packet->payload[1] == 0xc9))
+ && (packet->payload[2] == 0x00))) {
+ NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "found rtcp.\n");
+ ndpi_int_rtcp_add_connection(ndpi_struct, flow);
+ }
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude RTCP.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP);
+ }
+}
+#endif
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/protocols/rtp.c
^
|
| @@ -26,12 +26,42 @@
#include "ndpi_utils.h"
#ifdef NDPI_PROTOCOL_RTP
+
+static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow,
+ const u_int8_t * payload, const u_int16_t payload_len)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int8_t payload_type = payload[1] & 0x7F;
+
+ /* Check whether this is an RTP flow */
+ if((payload_len >= 12)
+ && ((payload[0] & 0xFF) == 0x80) /* RTP magic byte[1] */
+ && ((payload_type <= 34 /* PT_H263 */))) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found rtp.\n");
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_REAL_PROTOCOL);
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP);
+ }
+}
+
+void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+
+ ndpi_rtp_search(ndpi_struct, flow, packet->payload, packet->payload_packet_len);
+}
+
+#if 0
+/* Original (messy) OpenDPI code */
+
#define RTP_MAX_OUT_OF_ORDER 11
static void ndpi_int_rtp_add_connection(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
+ *ndpi_struct, struct ndpi_flow_struct *flow)
{
- ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_REAL_PROTOCOL);
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_REAL_PROTOCOL);
}
/*
@@ -51,236 +81,237 @@
*/
#if !defined(WIN32)
- static inline
+static inline
#else
__forceinline static
#endif
- void init_seq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
- u_int8_t direction, u_int16_t seq, u_int8_t include_current_packet)
+void init_seq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
+ u_int8_t direction, u_int16_t seq, u_int8_t include_current_packet)
{
- flow->rtp_seqnum[direction] = seq;
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "rtp_seqnum[%u] = %u\n", direction, seq);
+ flow->rtp_seqnum[direction] = seq;
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "rtp_seqnum[%u] = %u\n", direction, seq);
}
/* returns difference between old and new highest sequence number */
#if !defined(WIN32)
- static inline
+static inline
#else
__forceinline static
#endif
- u_int16_t update_seq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
- u_int8_t direction, u_int16_t seq)
+u_int16_t update_seq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
+ u_int8_t direction, u_int16_t seq)
{
- u_int16_t delta = seq - flow->rtp_seqnum[direction];
+ u_int16_t delta = seq - flow->rtp_seqnum[direction];
- if (delta < RTP_MAX_OUT_OF_ORDER) { /* in order, with permissible gap */
- flow->rtp_seqnum[direction] = seq;
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "rtp_seqnum[%u] = %u (increased by %u)\n",
- direction, seq, delta);
- return delta;
- } else {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "retransmission (dir %u, seqnum %u)\n",
- direction, seq);
- return 0;
- }
+ if (delta < RTP_MAX_OUT_OF_ORDER) { /* in order, with permissible gap */
+ flow->rtp_seqnum[direction] = seq;
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "rtp_seqnum[%u] = %u (increased by %u)\n",
+ direction, seq, delta);
+ return delta;
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "retransmission (dir %u, seqnum %u)\n",
+ direction, seq);
+ return 0;
+ }
}
-
static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
const u_int8_t * payload, const u_int16_t payload_len)
{
- struct ndpi_packet_struct *packet = &flow->packet;
+ struct ndpi_packet_struct *packet = &flow->packet;
- u_int8_t stage;
- u_int16_t seqnum = ntohs(get_u_int16_t(payload, 2));
+ u_int8_t stage;
+ u_int16_t seqnum = ntohs(get_u_int16_t(payload, 2));
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "search rtp.\n");
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "search rtp.\n");
- if (payload_len == 4 && get_u_int32_t(packet->payload, 0) == 0 && flow->packet_counter < 8) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "need next packet, maybe ClearSea out calls.\n");
- return;
- }
-
- if (payload_len == 5 && memcmp(payload, "hello", 5) == 0) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG,
- "need next packet, initial hello packet of SIP out calls.\n");
- return;
- }
-
- if (payload_len == 1 && payload[0] == 0) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG,
- "need next packet, payload_packet_len == 1 && payload[0] == 0.\n");
- return;
- }
-
- if (payload_len == 3 && memcmp(payload, "png", 3) == 0) {
- /* weird packet found in Ninja GlobalIP trace */
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "skipping packet with len = 3 and png payload.\n");
- return;
- }
-
- if (payload_len < 12) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "minimal packet size for rtp packets: 12.\n");
- goto exclude_rtp;
- }
-
- if (payload_len == 12 && get_u_int32_t(payload, 0) == 0 && get_u_int32_t(payload, 4) == 0 && get_u_int32_t(payload, 8) == 0) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "skipping packet with len = 12 and only 0-bytes.\n");
- return;
- }
-
- if ((payload[0] & 0xc0) == 0xc0 || (payload[0] & 0xc0) == 0x40 || (payload[0] & 0xc0) == 0x00) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "version = 3 || 1 || 0, maybe first rtp packet.\n");
- return;
- }
-
- if ((payload[0] & 0xc0) != 0x80) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct,
- NDPI_LOG_DEBUG, "rtp version must be 2, first two bits of a packets must be 10.\n");
- goto exclude_rtp;
- }
-
- /* rtp_payload_type are the last seven bits of the second byte */
- if (flow->rtp_payload_type[packet->packet_direction] != (payload[1] & 0x7F)) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "payload_type has changed, reset stages.\n");
- packet->packet_direction == 0 ? (flow->rtp_stage1 = 0) : (flow->rtp_stage2 = 0);
- }
- /* first bit of first byte is not part of payload_type */
- flow->rtp_payload_type[packet->packet_direction] = payload[1] & 0x7F;
-
- stage = (packet->packet_direction == 0 ? flow->rtp_stage1 : flow->rtp_stage2);
-
- if (stage > 0) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct,
- NDPI_LOG_DEBUG, "stage = %u.\n", packet->packet_direction == 0 ? flow->rtp_stage1 : flow->rtp_stage2);
- if (flow->rtp_ssid[packet->packet_direction] != get_u_int32_t(payload, 8)) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "ssid has changed, goto exclude rtp.\n");
- goto exclude_rtp;
- }
-
- if (seqnum == flow->rtp_seqnum[packet->packet_direction]) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "maybe \"retransmission\", need next packet.\n");
- return;
- } else if ((u_int16_t) (seqnum - flow->rtp_seqnum[packet->packet_direction]) < RTP_MAX_OUT_OF_ORDER) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG,
- "new packet has larger sequence number (within valid range)\n");
- update_seq(ndpi_struct, flow, packet->packet_direction, seqnum);
- } else if ((u_int16_t) (flow->rtp_seqnum[packet->packet_direction] - seqnum) < RTP_MAX_OUT_OF_ORDER) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG,
- "new packet has smaller sequence number (within valid range)\n");
- init_seq(ndpi_struct, flow, packet->packet_direction, seqnum, 1);
- } else {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG,
- "sequence number diff is too big, goto exclude rtp.\n");
- goto exclude_rtp;
- }
- } else {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct,
- NDPI_LOG_DEBUG, "rtp_ssid[%u] = %u.\n", packet->packet_direction,
- flow->rtp_ssid[packet->packet_direction]);
- flow->rtp_ssid[packet->packet_direction] = get_u_int32_t(payload, 8);
- if (flow->packet_counter < 3) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "packet_counter < 3, need next packet.\n");
- }
- init_seq(ndpi_struct, flow, packet->packet_direction, seqnum, 1);
- }
- if (seqnum <= 3) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct,
- NDPI_LOG_DEBUG, "sequence_number = %u, too small, need next packet, return.\n", seqnum);
- return;
- }
-
- if (stage == 3) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "add connection I.\n");
- ndpi_int_rtp_add_connection(ndpi_struct, flow);
- } else {
- packet->packet_direction == 0 ? flow->rtp_stage1++ : flow->rtp_stage2++;
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "stage[%u]++; need next packet.\n",
- packet->packet_direction);
- }
- return;
+ if (payload_len == 4 && get_u_int32_t(packet->payload, 0) == 0 && flow->packet_counter < 8) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "need next packet, maybe ClearSea out calls.\n");
+ return;
+ }
+
+ if (payload_len == 5 && memcmp(payload, "hello", 5) == 0) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG,
+ "need next packet, initial hello packet of SIP out calls.\n");
+ return;
+ }
+
+ if (payload_len == 1 && payload[0] == 0) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG,
+ "need next packet, payload_packet_len == 1 && payload[0] == 0.\n");
+ return;
+ }
+
+ if (payload_len == 3 && memcmp(payload, "png", 3) == 0) {
+ /* weird packet found in Ninja GlobalIP trace */
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "skipping packet with len = 3 and png payload.\n");
+ return;
+ }
+
+ if (payload_len < 12) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "minimal packet size for rtp packets: 12.\n");
+ goto exclude_rtp;
+ }
+
+ if (payload_len == 12 && get_u_int32_t(payload, 0) == 0 && get_u_int32_t(payload, 4) == 0 && get_u_int32_t(payload, 8) == 0) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "skipping packet with len = 12 and only 0-bytes.\n");
+ return;
+ }
+
+ if ((payload[0] & 0xc0) == 0xc0 || (payload[0] & 0xc0) == 0x40 || (payload[0] & 0xc0) == 0x00) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "version = 3 || 1 || 0, maybe first rtp packet.\n");
+ return;
+ }
+
+ if ((payload[0] & 0xc0) != 0x80) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct,
+ NDPI_LOG_DEBUG, "rtp version must be 2, first two bits of a packets must be 10.\n");
+ goto exclude_rtp;
+ }
+
+ /* rtp_payload_type are the last seven bits of the second byte */
+ if (flow->rtp_payload_type[packet->packet_direction] != (payload[1] & 0x7F)) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "payload_type has changed, reset stages.\n");
+ packet->packet_direction == 0 ? (flow->rtp_stage1 = 0) : (flow->rtp_stage2 = 0);
+ }
+ /* first bit of first byte is not part of payload_type */
+ flow->rtp_payload_type[packet->packet_direction] = payload[1] & 0x7F;
+
+ stage = (packet->packet_direction == 0 ? flow->rtp_stage1 : flow->rtp_stage2);
+
+ if (stage > 0) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct,
+ NDPI_LOG_DEBUG, "stage = %u.\n", packet->packet_direction == 0 ? flow->rtp_stage1 : flow->rtp_stage2);
+ if (flow->rtp_ssid[packet->packet_direction] != get_u_int32_t(payload, 8)) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "ssid has changed, goto exclude rtp.\n");
+ goto exclude_rtp;
+ }
+
+ if (seqnum == flow->rtp_seqnum[packet->packet_direction]) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "maybe \"retransmission\", need next packet.\n");
+ return;
+ } else if ((u_int16_t) (seqnum - flow->rtp_seqnum[packet->packet_direction]) < RTP_MAX_OUT_OF_ORDER) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG,
+ "new packet has larger sequence number (within valid range)\n");
+ update_seq(ndpi_struct, flow, packet->packet_direction, seqnum);
+ } else if ((u_int16_t) (flow->rtp_seqnum[packet->packet_direction] - seqnum) < RTP_MAX_OUT_OF_ORDER) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG,
+ "new packet has smaller sequence number (within valid range)\n");
+ init_seq(ndpi_struct, flow, packet->packet_direction, seqnum, 1);
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG,
+ "sequence number diff is too big, goto exclude rtp.\n");
+ goto exclude_rtp;
+ }
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct,
+ NDPI_LOG_DEBUG, "rtp_ssid[%u] = %u.\n", packet->packet_direction,
+ flow->rtp_ssid[packet->packet_direction]);
+ flow->rtp_ssid[packet->packet_direction] = get_u_int32_t(payload, 8);
+ if (flow->packet_counter < 3) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "packet_counter < 3, need next packet.\n");
+ }
+ init_seq(ndpi_struct, flow, packet->packet_direction, seqnum, 1);
+ }
+ if (seqnum <= 3) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct,
+ NDPI_LOG_DEBUG, "sequence_number = %u, too small, need next packet, return.\n", seqnum);
+ return;
+ }
+
+ if (stage == 3) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "add connection I.\n");
+ ndpi_int_rtp_add_connection(ndpi_struct, flow);
+ } else {
+ packet->packet_direction == 0 ? flow->rtp_stage1++ : flow->rtp_stage2++;
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "stage[%u]++; need next packet.\n",
+ packet->packet_direction);
+ }
+ return;
- exclude_rtp:
+ exclude_rtp:
#ifdef NDPI_PROTOCOL_STUN
- if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN
- || packet->real_protocol_read_only == NDPI_PROTOCOL_STUN) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "STUN: is detected, need next packet.\n");
- return;
- }
+ if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN
+ || packet->real_protocol_read_only == NDPI_PROTOCOL_STUN) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "STUN: is detected, need next packet.\n");
+ return;
+ }
#endif /* NDPI_PROTOCOL_STUN */
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n");
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP);
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP);
}
void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
- struct ndpi_packet_struct *packet = &flow->packet;
+ struct ndpi_packet_struct *packet = &flow->packet;
- if (packet->udp) {
- ndpi_rtp_search(ndpi_struct, flow, packet->payload, packet->payload_packet_len);
- } else if (packet->tcp) {
-
- /* skip special packets seen at yahoo traces */
- if (packet->payload_packet_len >= 20 && ntohs(get_u_int16_t(packet->payload, 2)) + 20 == packet->payload_packet_len &&
- packet->payload[0] == 0x90 && packet->payload[1] >= 0x01 && packet->payload[1] <= 0x07) {
- if (flow->packet_counter == 2)
- flow->l4.tcp.rtp_special_packets_seen = 1;
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG,
- "skipping STUN-like, special yahoo packets with payload[0] == 0x90.\n");
- return;
- }
+ if (packet->udp) {
+ ndpi_rtp_search(ndpi_struct, flow, packet->payload, packet->payload_packet_len);
+ } else if (packet->tcp) {
+
+ /* skip special packets seen at yahoo traces */
+ if (packet->payload_packet_len >= 20 && ntohs(get_u_int16_t(packet->payload, 2)) + 20 == packet->payload_packet_len &&
+ packet->payload[0] == 0x90 && packet->payload[1] >= 0x01 && packet->payload[1] <= 0x07) {
+ if (flow->packet_counter == 2)
+ flow->l4.tcp.rtp_special_packets_seen = 1;
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG,
+ "skipping STUN-like, special yahoo packets with payload[0] == 0x90.\n");
+ return;
+ }
#ifdef NDPI_PROTOCOL_STUN
- /* TODO the rtp detection sometimes doesn't exclude rtp
- * so for TCP flows only run the detection if STUN has been
- * detected (or RTP is already detected)
- * If flows will be seen which start directly with RTP
- * we can remove this restriction
- */
+ /* TODO the rtp detection sometimes doesn't exclude rtp
+ * so for TCP flows only run the detection if STUN has been
+ * detected (or RTP is already detected)
+ * If flows will be seen which start directly with RTP
+ * we can remove this restriction
+ */
- if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN
- || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_RTP) {
+ if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN
+ || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_RTP) {
- /* RTP may be encapsulated in TCP packets */
+ /* RTP may be encapsulated in TCP packets */
- if (packet->payload_packet_len >= 2 && ntohs(get_u_int16_t(packet->payload, 0)) + 2 == packet->payload_packet_len) {
+ if (packet->payload_packet_len >= 2 && ntohs(get_u_int16_t(packet->payload, 0)) + 2 == packet->payload_packet_len) {
- /* TODO there could be several RTP packets in a single TCP packet so maybe the detection could be
- * improved by checking only the RTP packet of given length */
+ /* TODO there could be several RTP packets in a single TCP packet so maybe the detection could be
+ * improved by checking only the RTP packet of given length */
- ndpi_rtp_search(ndpi_struct, flow, packet->payload + 2, packet->payload_packet_len - 2);
+ ndpi_rtp_search(ndpi_struct, flow, packet->payload + 2, packet->payload_packet_len - 2);
- return;
- }
- }
- if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN && flow->l4.tcp.rtp_special_packets_seen == 1) {
+ return;
+ }
+ }
+ if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN && flow->l4.tcp.rtp_special_packets_seen == 1) {
- if (packet->payload_packet_len >= 4 && ntohl(get_u_int32_t(packet->payload, 0)) + 4 == packet->payload_packet_len) {
+ if (packet->payload_packet_len >= 4 && ntohl(get_u_int32_t(packet->payload, 0)) + 4 == packet->payload_packet_len) {
- /* TODO there could be several RTP packets in a single TCP packet so maybe the detection could be
- * improved by checking only the RTP packet of given length */
+ /* TODO there could be several RTP packets in a single TCP packet so maybe the detection could be
+ * improved by checking only the RTP packet of given length */
- ndpi_rtp_search(ndpi_struct, flow, packet->payload + 4, packet->payload_packet_len - 4);
+ ndpi_rtp_search(ndpi_struct, flow, packet->payload + 4, packet->payload_packet_len - 4);
- return;
- }
- }
+ return;
+ }
+ }
- if (NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct, flow, NDPI_PROTOCOL_STUN)) {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n");
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP);
- } else {
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "STUN not yet excluded, need next packet.\n");
- }
+ if (NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct, flow, NDPI_PROTOCOL_STUN)) {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP);
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "STUN not yet excluded, need next packet.\n");
+ }
#else
- NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n");
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP);
+ NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP);
#endif
- }
+ }
}
+#endif
#endif /* NDPI_PROTOCOL_RTP */
+
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/skinny.c
^
|
| @@ -0,0 +1,64 @@
+/*
+ * skinny.c
+ *
+ * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
+ *
+ * This module is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This module is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License.
+ * If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#include "ndpi_utils.h"
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_SKINNY
+static void ndpi_int_skinny_add_connection(struct ndpi_detection_module_struct
+ *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SKINNY, NDPI_CORRELATED_PROTOCOL);
+}
+
+void ndpi_search_skinny(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int16_t dport = 0, sport = 0;
+ const char pattern_9_bytes[9] = { 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ const char pattern_8_bytes[8] = { 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ const char keypadmsg_8_bytes[8] = { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ const char selectmsg_8_bytes[8] = { 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+
+ NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "search for SKINNY.\n");
+
+ if(packet->tcp != NULL) {
+ sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
+ NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "calculating SKINNY over tcp.\n");
+ if (dport == 2000 && (packet->payload_packet_len == 24 &&
+ memcmp(&packet->payload[0], keypadmsg_8_bytes, 8) == 0) ||
+ (packet->payload_packet_len == 64 &&
+ memcmp(&packet->payload[0], pattern_8_bytes, 8) == 0)) {
+ NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "found skinny.\n");
+ ndpi_int_skinny_add_connection(ndpi_struct, flow);
+ } else if (sport == 2000 && (packet->payload_packet_len == 28 &&
+ memcmp(&packet->payload[0], selectmsg_8_bytes, 8) == 0 ) ||
+ (packet->payload_packet_len == 44 &&
+ memcmp(&packet->payload[0], pattern_9_bytes, 9) == 0 )) {
+ NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "found skinny.\n");
+ ndpi_int_skinny_add_connection(ndpi_struct, flow);
+ }
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "exclude SKINNY.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKINNY);
+ }
+}
+#endif
|
|
[-]
[+]
|
Changed |
nDPI.tar.bz2/src/lib/protocols/ssl.c
^
|
| @@ -63,113 +63,121 @@
}
}
-int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
+/* Code fixes courtesy of Alexsandro Brahm <alex@digistar.com.br> */
+int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct,
+ struct ndpi_flow_struct *flow,
char *buffer, int buffer_len) {
struct ndpi_packet_struct *packet = &flow->packet;
/* Nothing matched so far: let's decode the certificate with some heuristics */
if(packet->payload[0] == 0x16 /* Handshake */) {
- u_int16_t total_len = packet->payload[4] + 5 /* SSL Header */;
+ u_int16_t total_len = (packet->payload[3] << 8) + packet->payload[4] + 5 /* SSL Header */;
u_int8_t handshake_protocol = packet->payload[5];
memset(buffer, 0, buffer_len);
- if(handshake_protocol == 0x02 /* Server Hello */) {
+ if(total_len <= packet->payload_packet_len) {
int i;
- for(i=total_len; i < packet->payload_packet_len-3; i++) {
- if((packet->payload[i] == 0x04)
- && (packet->payload[i+1] == 0x03)
- && (packet->payload[i+2] == 0x0c)) {
- u_int8_t server_len = packet->payload[i+3];
-
- if(server_len+i+3 < packet->payload_packet_len) {
- char *server_name = (char*)&packet->payload[i+4];
- u_int8_t begin = 0, len, j, num_dots;
-
- while(begin < server_len) {
- if(!ndpi_isprint(server_name[begin]))
- begin++;
- else
- break;
- }
+ if(handshake_protocol == 0x02 /* Server Hello */) {
- len = ndpi_min(server_len-begin, buffer_len-1);
- strncpy(buffer, &server_name[begin], len);
- buffer[len] = '\0';
-
- /* We now have to check if this looks like an IP address or host name */
- for(j=0, num_dots = 0; j<len; j++) {
- if(!ndpi_isprint((buffer[j]))) {
- num_dots = 0; /* This is not what we look for */
- break;
- } else if(buffer[j] == '.') {
- num_dots++;
- if(num_dots >=2) break;
+ for(i=total_len; i < packet->payload_packet_len-3; i++) {
+ if((packet->payload[i] == 0x04)
+ && (packet->payload[i+1] == 0x03)
+ && (packet->payload[i+2] == 0x0c)) {
+ u_int8_t server_len = packet->payload[i+3];
+
+ if(server_len+i+3 < packet->payload_packet_len) {
+ char *server_name = (char*)&packet->payload[i+4];
+ u_int8_t begin = 0, len, j, num_dots;
+
+ while(begin < server_len) {
+ if(!ndpi_isprint(server_name[begin]))
+ begin++;
+ else
+ break;
}
- }
- if(num_dots >= 2) {
- stripCertificateTrailer(buffer, buffer_len);
-
- return(1 /* Server Certificate */);
- }
- }
- }
- }
- } else if(handshake_protocol == 0x01 /* Client Hello */) {
- u_int offset, base_offset = 43;
- u_int16_t session_id_len = packet->payload[base_offset];
- if((session_id_len+base_offset+2) >= total_len) {
- u_int16_t cypher_len = packet->payload[session_id_len+base_offset+2];
-
- offset = base_offset + session_id_len + cypher_len + 2;
-
- if(offset < total_len) {
- u_int16_t compression_len;
- u_int16_t extensions_len;
-
- compression_len = packet->payload[offset+1];
- offset += compression_len + 3;
- extensions_len = packet->payload[offset];
-
- if((extensions_len+offset) < total_len) {
- u_int16_t extension_offset = 1; /* Move to the first extension */
-
- while(extension_offset < extensions_len) {
- u_int16_t extension_id, extension_len;
-
- memcpy(&extension_id, &packet->payload[offset+extension_offset], 2);
- extension_offset += 2;
-
- memcpy(&extension_len, &packet->payload[offset+extension_offset], 2);
- extension_offset += 2;
-
- extension_id = ntohs(extension_id), extension_len = ntohs(extension_len);
-
- if(extension_id == 0) {
- u_int begin = 0,len;
- char *server_name = (char*)&packet->payload[offset+extension_offset];
-
- while(begin < extension_len) {
- if((!ndpi_isprint(server_name[begin]))
- || ndpi_ispunct(server_name[begin])
- || ndpi_isspace(server_name[begin]))
- begin++;
- else
- break;
+ len = ndpi_min(server_len-begin, buffer_len-1);
+ strncpy(buffer, &server_name[begin], len);
+ buffer[len] = '\0';
+
+ /* We now have to check if this looks like an IP address or host name */
+ for(j=0, num_dots = 0; j<len; j++) {
+ if(!ndpi_isprint((buffer[j]))) {
+ num_dots = 0; /* This is not what we look for */
+ break;
+ } else if(buffer[j] == '.') {
+ num_dots++;
+ if(num_dots >=2) break;
}
+ }
- len = ndpi_min(extension_len-begin, buffer_len-1);
- strncpy(buffer, &server_name[begin], len);
- buffer[len] = '\0';
+ if(num_dots >= 2) {
stripCertificateTrailer(buffer, buffer_len);
- /* We're happy now */
- return(2 /* Client Certificate */);
+ return(1 /* Server Certificate */);
}
+ }
+ }
+ }
+ } else if(handshake_protocol == 0x01 /* Client Hello */) {
+ u_int offset, base_offset = 43;
+ u_int16_t session_id_len = packet->payload[base_offset];
+
+ if((session_id_len+base_offset+2) <= total_len) {
+ u_int16_t cypher_len = packet->payload[session_id_len+base_offset+2] + (packet->payload[session_id_len+base_offset+1] << 8);
+ offset = base_offset + session_id_len + cypher_len + 2;
+
+ if(offset < total_len) {
+ u_int16_t compression_len;
+ u_int16_t extensions_len;
+
+ compression_len = packet->payload[offset+1];
+ offset += compression_len + 3;
+
+ if(offset < total_len) {
+ extensions_len = packet->payload[offset];
+
+ if((extensions_len+offset) < total_len) {
+ u_int16_t extension_offset = 1; /* Move to the first extension */
+
+ while(extension_offset < extensions_len) {
+ u_int16_t extension_id, extension_len;
+
+ memcpy(&extension_id, &packet->payload[offset+extension_offset], 2);
+ extension_offset += 2;
+
+ memcpy(&extension_len, &packet->payload[offset+extension_offset], 2);
+ extension_offset += 2;
+
+ extension_id = ntohs(extension_id), extension_len = ntohs(extension_len);
+
+ if(extension_id == 0) {
+ u_int begin = 0,len;
+ char *server_name = (char*)&packet->payload[offset+extension_offset];
+
+ while(begin < extension_len) {
+ if((!ndpi_isprint(server_name[begin]))
+ || ndpi_ispunct(server_name[begin])
+ || ndpi_isspace(server_name[begin]))
+ begin++;
+ else
+ break;
+ }
+
+ len = ndpi_min(extension_len-begin, buffer_len-1);
+ strncpy(buffer, &server_name[begin], len);
+ buffer[len] = '\0';
+ stripCertificateTrailer(buffer, buffer_len);
+
+ /* We're happy now */
+ return(2 /* Client Certificate */);
+ }
- extension_offset += extension_len;
+ extension_offset += extension_len;
+ }
+ }
}
}
}
@@ -287,62 +295,8 @@
no_check_for_ssl_payload:
#endif
NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "found ssl connection.\n");
-
sslDetectProtocolFromCertificate(ndpi_struct, flow);
- if(packet->iph /* IPv4 Only: we need to support packet->iphv6 at some point */) {
- if((packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
- || (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL)) {
- /*
- Citrix GotoMeeting (AS16815, AS21866)
- 216.115.208.0/20
- 216.219.112.0/20
- */
-
- /* printf("[SSL] %08X / %08X\n", ntohl(packet->iph->saddr) , ntohl(packet->iph->daddr)); */
-
- if(((ntohl(packet->iph->saddr) & 0xFFFFF000 /* 255.255.240.0 */) == 0xD873D000 /* 216.115.208.0 */)
- || ((ntohl(packet->iph->daddr) & 0xFFFFF000 /* 255.255.240.0 */) == 0xD873D000 /* 216.115.208.0 */)
-
- || ((ntohl(packet->iph->saddr) & 0xFFFFF000 /* 255.255.240.0 */) == 0xD8DB7000 /* 216.219.112.0 */)
- || ((ntohl(packet->iph->daddr) & 0xFFFFF000 /* 255.255.240.0 */) == 0xD8DB7000 /* 216.219.112.0 */)
- ) {
- ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX_ONLINE, NDPI_REAL_PROTOCOL);
- return;
- }
-
- /*
- Apple (FaceTime, iMessage,...)
- 17.0.0.0/8
- */
- if(((ntohl(packet->iph->saddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0 */)
- || ((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0 */)) {
- ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_APPLE, NDPI_REAL_PROTOCOL);
- return;
- }
-
- /*
- Webex
- 66.114.160.0/20
- */
- if(((ntohl(packet->iph->saddr) & 0xFFFFF000 /* 255.255.240.0 */) == 0x4272A000 /* 66.114.160.0 */)
- || ((ntohl(packet->iph->daddr) & 0xFFFFF000 /* 255.255.240.0 */) ==0x4272A000 /* 66.114.160.0 */)) {
- ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_WEBEX, NDPI_REAL_PROTOCOL);
- return;
- }
-
- /*
- Google
- 173.194.0.0/16
- */
- if(((ntohl(packet->iph->saddr) & 0xFFFF0000 /* 255.255.0.0 */) == 0xADC20000 /* 66.114.160.0 */)
- || ((ntohl(packet->iph->daddr) & 0xFFFF0000 /* 255.255.0.0 */) ==0xDC20000 /* 66.114.160.0 */)) {
- ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_GOOGLE, NDPI_REAL_PROTOCOL);
- return;
- }
- }
- }
-
ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL);
}
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/tcp_udp.c
^
|
| @@ -0,0 +1,94 @@
+/*
+ * tcp_or_udp.c
+ *
+ * Copyright (C) 2011-13 - ntop.org
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#include "ndpi_utils.h"
+
+
+void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+
+ if(packet->iph /* IPv4 Only: we need to support packet->iphv6 at some point */) {
+ if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
+
+ /*
+ Citrix GotoMeeting (AS16815, AS21866)
+ 216.115.208.0/20
+ 216.219.112.0/20
+ */
+
+ /* printf("[SSL] %08X / %08X\n", ntohl(packet->iph->saddr) , ntohl(packet->iph->daddr)); */
+
+ if(((ntohl(packet->iph->saddr) & 0xFFFFF000 /* 255.255.240.0 */) == 0xD873D000 /* 216.115.208.0 */)
+ || ((ntohl(packet->iph->daddr) & 0xFFFFF000 /* 255.255.240.0 */) == 0xD873D000 /* 216.115.208.0 */)
+
+ || ((ntohl(packet->iph->saddr) & 0xFFFFF000 /* 255.255.240.0 */) == 0xD8DB7000 /* 216.219.112.0 */)
+ || ((ntohl(packet->iph->daddr) & 0xFFFFF000 /* 255.255.240.0 */) == 0xD8DB7000 /* 216.219.112.0 */)
+ ) {
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX_ONLINE, NDPI_REAL_PROTOCOL);
+ return;
+ }
+
+ /*
+ Webex
+ 66.114.160.0/20
+ */
+ if(((ntohl(packet->iph->saddr) & 0xFFFFF000 /* 255.255.240.0 */) == 0x4272A000 /* 66.114.160.0 */)
+ || ((ntohl(packet->iph->daddr) & 0xFFFFF000 /* 255.255.240.0 */) ==0x4272A000 /* 66.114.160.0 */)) {
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_WEBEX, NDPI_REAL_PROTOCOL);
+ return;
+ }
+
+ /*
+ Apple (FaceTime, iMessage,...)
+ 17.0.0.0/8
+ */
+ if(((ntohl(packet->iph->saddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0 */)
+ || ((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0 */)) {
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_APPLE, NDPI_REAL_PROTOCOL);
+ return;
+ }
+
+ /*
+ Google
+ 173.194.0.0/16
+ */
+ if(((ntohl(packet->iph->saddr) & 0xFFFF0000 /* 255.255.0.0 */) == 0xADC20000 /* 66.114.160.0 */)
+ || ((ntohl(packet->iph->daddr) & 0xFFFF0000 /* 255.255.0.0 */) ==0xDC20000 /* 66.114.160.0 */)) {
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_GOOGLE, NDPI_REAL_PROTOCOL);
+ return;
+ }
+
+ /*
+ * Ubunut One
+ * 91.189.89.0/21
+ * 255.255.248.0
+ */
+ if(((ntohl(packet->iph->saddr) & 0xFFFFF800 /* 255.255.248.0 */) == 0x5BBD5900 /* 91.189.89.0*/)
+ || ((ntohl(packet->iph->daddr) & 0xFFFFF800 /* 255.255.248.0 */) == 0x5BBD5900 /* 91.189.89.0 */)) {
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UBUNTUONE, NDPI_REAL_PROTOCOL);
+ return;
+ }
+ }
+ }
+}
+
+
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/teamspeak.c
^
|
| @@ -0,0 +1,65 @@
+/*
+ * viber.c
+ *
+ * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
+ *
+ * This module is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This module is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License.
+ * If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "ndpi_utils.h"
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_TEAMSPEAK
+
+static void ndpi_int_teamspeak_add_connection(struct ndpi_detection_module_struct
+ *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TEAMSPEAK, NDPI_REAL_PROTOCOL);
+}
+ u_int16_t tdport = 0, tsport = 0;
+ u_int16_t udport = 0, usport = 0;
+
+
+void ndpi_search_teamspeak(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+
+if (packet->udp != NULL) {
+ usport = ntohs(packet->udp->source), udport = ntohs(packet->udp->dest);
+ /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */
+ if (((usport == 9987 || udport == 9987) || (usport == 8767 || udport == 8767)) && packet->payload_packet_len >= 20) {
+ NDPI_LOG(NDPI_PROTOCOL_TEAMSPEAK, ndpi_struct, NDPI_LOG_DEBUG, "found TEAMSPEAK udp.\n");
+ ndpi_int_teamspeak_add_connection(ndpi_struct, flow);
+ }
+}
+else if (packet->tcp != NULL) {
+ tsport = ntohs(packet->tcp->source), tdport = ntohs(packet->tcp->dest);
+ /* https://github.com/Youx/soliloque-server/wiki/Connection-packet */
+ if(packet->payload_packet_len >= 20) {
+ if (((memcmp(packet->payload, "\xf4\xbe\x03\x00", 4) == 0)) ||
+ ((memcmp(packet->payload, "\xf4\xbe\x02\x00", 4) == 0)) ||
+ ((memcmp(packet->payload, "\xf4\xbe\x01\x00", 4) == 0))) {
+ NDPI_LOG(NDPI_PROTOCOL_TEAMSPEAK, ndpi_struct, NDPI_LOG_DEBUG, "found TEAMSPEAK tcp.\n");
+ ndpi_int_teamspeak_add_connection(ndpi_struct, flow);
+ } /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */
+ } else if ((tsport == 14534 || tdport == 14534) || (tsport == 51234 || tdport == 51234)) {
+ NDPI_LOG(NDPI_PROTOCOL_TEAMSPEAK, ndpi_struct, NDPI_LOG_DEBUG, "found TEAMSPEAK.\n");
+ ndpi_int_teamspeak_add_connection(ndpi_struct, flow);
+ }
+ }
+ NDPI_LOG(NDPI_PROTOCOL_TEAMSPEAK, ndpi_struct, NDPI_LOG_DEBUG, "TEAMSPEAK excluded.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TEAMSPEAK);
+ return;
+}
+#endif
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/tor.c
^
|
| @@ -0,0 +1,42 @@
+/*
+ * tor.c
+ *
+ * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
+ *
+ */
+
+
+#include "ndpi_utils.h"
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_TOR
+static void ndpi_int_tor_add_connection(struct ndpi_detection_module_struct
+ *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TOR, NDPI_CORRELATED_PROTOCOL);
+}
+
+void ndpi_search_tor(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int16_t dport = 0, sport = 0;
+
+ NDPI_LOG(NDPI_PROTOCOL_TOR, ndpi_struct, NDPI_LOG_DEBUG, "search for TOR.\n");
+
+ if(packet->tcp != NULL) {
+ sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
+ NDPI_LOG(NDPI_PROTOCOL_TOR, ndpi_struct, NDPI_LOG_DEBUG, "calculating TOR over tcp.\n");
+
+ if (((dport == 9001) || (sport == 9001)) || ((dport == 9030) || (sport == 9030)) &&
+ ((packet->payload[0] == 0x17) || (packet->payload[0] == 0x16)) &&
+ (packet->payload[1] == 0x03) && (packet->payload[2] == 0x01) &&
+ (packet->payload[3] == 0x00)) {
+ NDPI_LOG(NDPI_PROTOCOL_TOR, ndpi_struct, NDPI_LOG_DEBUG, "found tor.\n");
+ ndpi_int_tor_add_connection(ndpi_struct, flow);
+ }
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_TOR, ndpi_struct, NDPI_LOG_DEBUG, "exclude TOR.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TOR);
+ }
+}
+#endif
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/viber.c
^
|
| @@ -0,0 +1,51 @@
+/*
+ * viber.c
+ *
+ * Copyright (C) 2013 Remy Mudingay <mudingay@ill.fr>
+ * Copyright (C) 2013 ntop.org
+ *
+ * This module is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This module is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License.
+ * If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include "ndpi_utils.h"
+#include "ndpi_protocols.h"
+
+#ifdef NDPI_PROTOCOL_VIBER
+
+void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+ u_int16_t dport = 0, sport = 0;
+
+ NDPI_LOG(NDPI_PROTOCOL_VIBER, ndpi_struct, NDPI_LOG_DEBUG, "search for VIBER.\n");
+
+ if(packet->udp != NULL) {
+ sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest);
+ NDPI_LOG(NDPI_PROTOCOL_VIBER, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over udp.\n");
+
+ if((packet->payload_packet_len == 12 && packet->payload[2] == 0x03 && packet->payload[3] == 0x00)
+ || (packet->payload_packet_len == 20 && packet->payload[2] == 0x09 && packet->payload[3] == 0x00)
+ || ((packet->payload_packet_len < 135) && (packet->payload[0] == 0x11))) {
+ NDPI_LOG(NDPI_PROTOCOL_VIBER, ndpi_struct, NDPI_LOG_DEBUG, "found VIBER.\n");
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_VIBER, NDPI_REAL_PROTOCOL);
+ return;
+ }
+ }
+
+ NDPI_LOG(NDPI_PROTOCOL_VIBER, ndpi_struct, NDPI_LOG_DEBUG, "exclude VIBER.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VIBER);
+}
+
+#endif
|
|
[-]
[+]
|
Added |
nDPI.tar.bz2/src/lib/protocols/vmware.c
^
|
| @@ -0,0 +1,44 @@
+/*
+ * vmware.c
+ *
+ * Copyright (C) 2011-13 - ntop.org
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#include "ndpi_utils.h"
+#ifdef NDPI_PROTOCOL_VMWARE
+
+
+void ndpi_search_vmware(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
+{
+ struct ndpi_packet_struct *packet = &flow->packet;
+
+ /* Check whether this is an VMWARE flow */
+ if((packet->payload_packet_len == 66)
+ && (ntohs(packet->udp->dest) == 902)
+ && ((packet->payload[0] & 0xFF) == 0xA4)) {
+ NDPI_LOG(NDPI_PROTOCOL_VMWARE, ndpi_struct, NDPI_LOG_DEBUG, "Found vmware.\n");
+ ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_VMWARE, NDPI_REAL_PROTOCOL);
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_VMWARE, ndpi_struct, NDPI_LOG_DEBUG, "exclude vmware.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VMWARE);
+ }
+}
+
+
+#endif /* NDPI_PROTOCOL_VMWARE */
+
|
|
|
Added |
nprobe_6.12.130315_svn3294_proplugins.tgz
^
|
