vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-17 03:56:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Improve IPv6 support, enabling IPv6 traffic on (almost) all dissectors. (#1406)

Browse source 
Follow-up of 7cba34a1
This commit is contained in:
Ivan Nardi 2022-01-15 17:34:56 +01:00 committed by GitHub
parent 7f69de0b51
commit 20b5f6d7cc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 65 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/lib/protocols/amazon_video.c
View file

@ -71,7 +71,7 @@ void init_amazon_video_dissector(struct ndpi_detection_module_struct *ndpi_struc
ndpi_set_bitmask_protocol_detection("AMAZON_VIDEO", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_AMAZON_VIDEO,
ndpi_search_amazon_video,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);
*id += 1;

64
src/lib/protocols/apple_push.c
View file

@ -27,26 +27,58 @@
#include "ndpi_api.h"
static int is_apple_push_addr(const struct ndpi_packet_struct *packet)
{
if(packet->iph) {
/* 17.0.0.0/8 */
if(((ntohl(packet->iph->saddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000) ||
((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000))
return 1;
} else if(packet->iphv6) {
/* 2620:149:a44::/48 */
if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x26200149)) &&
((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a440000))) ||
((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x26200149)) &&
((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a440000))))
return 1;
/* 2403:300:a42::/48 */
if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x24030300)) &&
((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))) ||
((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x24030300)) &&
((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))))
return 1;
/* 2403:300:a51::/48 */
if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x24030300)) &&
((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a510000))) ||
((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x24030300)) &&
((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a510000))))
return 1;
/* 2a01:b740:a42::/48 */
if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x2a0ab740)) &&
((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))) ||
((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x2a0ab740)) &&
((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))))
return 1;
}
return 0;
}
static void ndpi_check_apple_push(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &ndpi_struct->packet;
if(packet->iph) {
/* https://support.apple.com/en-us/HT203609 */
if(((ntohl(packet->iph->saddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0/8 */)
|| ((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0/8 */)) {
u_int16_t apple_push_port = ntohs(5223);
u_int16_t notification_apn_port = ntohs(2195);
u_int16_t apn_feedback_port = ntohs(2196);
/* https://support.apple.com/en-us/HT203609 */
if(is_apple_push_addr(packet)) {
u_int16_t apple_push_port = ntohs(5223);
u_int16_t notification_apn_port = ntohs(2197);
if(((packet->tcp->source == apple_push_port) || (packet->tcp->dest == apple_push_port))
|| ((packet->tcp->source == notification_apn_port) || (packet->tcp->dest == notification_apn_port))
|| ((packet->tcp->source == apn_feedback_port) || (packet->tcp->dest == apn_feedback_port))
) {
NDPI_LOG_INFO(ndpi_struct, "found apple_push\n");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
return;
}
if((packet->tcp->source == apple_push_port) || (packet->tcp->dest == apple_push_port) ||
(packet->tcp->source == notification_apn_port) || (packet->tcp->dest == notification_apn_port)) {
NDPI_LOG_INFO(ndpi_struct, "found apple_push\n");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
return;
}
}
@ -68,7 +100,7 @@ void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_set_bitmask_protocol_detection("APPLE_PUSH", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_APPLE_PUSH,
ndpi_search_apple_push,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);
*id += 1;

4
src/lib/protocols/bittorrent.c
View file

@ -481,7 +481,7 @@ static void ndpi_skip_bittorrent(struct ndpi_detection_module_struct *ndpi_struc
else
sport = packet->tcp->source, dport = packet->tcp->dest;
if(ndpi_search_into_bittorrent_cache(ndpi_struct, flow, packet->iph->saddr, sport, packet->iph->daddr, dport))
if(packet->iph && ndpi_search_into_bittorrent_cache(ndpi_struct, flow, packet->iph->saddr, sport, packet->iph->daddr, dport))
ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 0,
NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION);
else
@ -625,7 +625,7 @@ void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_set_bitmask_protocol_detection("BitTorrent", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_BITTORRENT,
ndpi_search_bittorrent,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);
*id += 1;

2
src/lib/protocols/ciscovpn.c
View file

@ -138,7 +138,7 @@ void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u
ndpi_set_bitmask_protocol_detection("CiscoVPN", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_CISCOVPN,
ndpi_search_ciscovpn,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);
*id += 1;

2
src/lib/protocols/h323.c
View file

@ -122,7 +122,7 @@ void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
ndpi_set_bitmask_protocol_detection("H323", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_H323,
ndpi_search_h323,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);

2
src/lib/protocols/hangout.c
View file

@ -129,7 +129,7 @@ void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
ndpi_set_bitmask_protocol_detection("GoogleHangout", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_HANGOUT_DUO,
ndpi_search_hangout,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, /* TODO: IPv6? */
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);

2
src/lib/protocols/netbios.c
View file

@ -418,7 +418,7 @@ void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
ndpi_set_bitmask_protocol_detection("NETBIOS", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_NETBIOS,
ndpi_search_netbios,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);

2
src/lib/protocols/noe.c
View file

@ -75,7 +75,7 @@ void init_noe_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3
ndpi_set_bitmask_protocol_detection("NOE", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_NOE,
ndpi_search_noe,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);

2
src/lib/protocols/openvpn.c
View file

@ -181,7 +181,7 @@ void init_openvpn_dissector(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_set_bitmask_protocol_detection("OpenVPN", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_OPENVPN,
ndpi_search_openvpn,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);

2
src/lib/protocols/rtcp.c
View file

@ -76,7 +76,7 @@ void init_rtcp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
ndpi_set_bitmask_protocol_detection("RTCP", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_RTCP,
ndpi_search_rtcp,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);

2
src/lib/protocols/skype.c
View file

@ -189,7 +189,7 @@ void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_in
ndpi_set_bitmask_protocol_detection("Skype", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_SKYPE_TEAMS,
ndpi_search_skype,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);

2
src/lib/protocols/spotify.c
View file

@ -135,7 +135,7 @@ void init_spotify_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_
ndpi_set_bitmask_protocol_detection("SPOTIFY", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_SPOTIFY,
ndpi_search_spotify,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);

2
src/lib/protocols/targus_getdata.c
View file

@ -68,7 +68,7 @@ void init_targus_getdata_dissector(struct ndpi_detection_module_struct *ndpi_str
ndpi_set_bitmask_protocol_detection("TARGUS_GETDATA", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_TARGUS_GETDATA,
ndpi_search_targus_getdata,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);
*id += 1;

2
src/lib/protocols/teamspeak.c
View file

@ -65,7 +65,7 @@ void init_teamspeak_dissector(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_set_bitmask_protocol_detection("TeamSpeak", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_TEAMSPEAK,
ndpi_search_teamspeak,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);

2
src/lib/protocols/tinc.c
View file

@ -141,7 +141,7 @@ void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
ndpi_set_bitmask_protocol_detection("TINC", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_TINC,
ndpi_search_tinc,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION, /* TODO: IPv6? */
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);

2
src/lib/protocols/zattoo.c
View file

@ -223,7 +223,7 @@ void init_zattoo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i
ndpi_set_bitmask_protocol_detection("Zattoo", ndpi_struct, detection_bitmask, *id,
NDPI_PROTOCOL_ZATTOO,
ndpi_search_zattoo,
NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD,
NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD,
SAVE_DETECTION_BITMASK_AS_UNKNOWN,
ADD_TO_DETECTION_BITMASK);

2
tests/result/anyconnect-vpn.pcap.out
View file

@ -1,6 +1,6 @@
Guessed flow protos: 17
DPI Packets (TCP): 173 (7.86 pkts/flow)
DPI Packets (TCP): 174 (7.91 pkts/flow)
DPI Packets (UDP): 90 (2.43 pkts/flow)
DPI Packets (other): 10 (1.00 pkts/flow)
Confidence Unknown : 2 (flows)