Merge remote-tracking branch 'upstream/dev' into dev

src/include/ndpi_protocol_ids.h

@@ -172,9 +172,9 @@
 #define NDPI_PROTOCOL_NETFLIX               133
 #define NDPI_PROTOCOL_LASTFM                134
 #define NDPI_PROTOCOL_WAZE                  135
-#define NDPI_PROTOCOL_SKYFILE_PREPAID       136
-#define NDPI_PROTOCOL_SKYFILE_RUDICS        137
-#define NDPI_PROTOCOL_SKYFILE_POSTPAID      138
+#define NDPI_PROTOCOL_SKYFILE_PREPAID       136 /* free for future use */
+#define NDPI_PROTOCOL_SKYFILE_RUDICS        137 /* free for future use */
+#define NDPI_PROTOCOL_SKYFILE_POSTPAID      138 /* free for future use */
 #define NDPI_PROTOCOL_CITRIX_ONLINE         139
 #define NDPI_PROTOCOL_APPLE                 140
 #define NDPI_PROTOCOL_WEBEX                 141

src/include/ndpi_typedefs.h

@@ -747,8 +747,7 @@ typedef enum {
   NDPI_PROTOCOL_CATEGORY_UNSPECIFIED = 0,   /* For general services and unknown protocols */
   NDPI_PROTOCOL_CATEGORY_MEDIA,             /* Multimedia and streaming */
   NDPI_PROTOCOL_CATEGORY_VPN,               /* Virtual Private Networks */
-  NDPI_PROTOCOL_CATEGORY_MAIL_SEND,         /* Protocols to send emails */
-  NDPI_PROTOCOL_CATEGORY_MAIL_SYNC,         /* Protocols to receive or sync emails */
+  NDPI_PROTOCOL_CATEGORY_MAIL,              /* Protocols to send/receive/sync emails */
   NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER,     /* FTP and similar protocols */
   NDPI_PROTOCOL_CATEGORY_WEB,               /* Web protocols and services */
   NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK,    /* Social networks */

src/lib/ndpi_main.c

@@ -716,32 +716,32 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP,
 			    no_master,
-			    no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC,
+			    no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_POPS,
 			    no_master,
-			    no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC,
+			    no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_SMTP,
 			    no_master,
-			    no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL_SEND,
+			    no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 25, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_SMTPS,
 			    no_master,
-			    no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL_SEND,
+			    no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP,
 			    no_master,
-			    no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC,
+			    no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_IMAPS,
 			    no_master,
-			    no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC,
+			    no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 993, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS,
@@ -1322,17 +1322,17 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_PREPAID,
 			    no_master,
-			    no_master, "SkyFile_PrePaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC,
+			    no_master, "SkyFile_PrePaid", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_RUDICS,
 			    no_master,
-			    no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC,
+			    no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_POSTPAID,
 			    no_master,
-			    no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC,
+			    no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL,
 			    ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			    ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
     ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX_ONLINE,
@@ -4534,11 +4534,8 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) {
   case NDPI_PROTOCOL_CATEGORY_VPN:
     return("VPN");
     break;
-  case NDPI_PROTOCOL_CATEGORY_MAIL_SEND:
-    return("EmailSend");
-    break;
-  case NDPI_PROTOCOL_CATEGORY_MAIL_SYNC:
-    return("EmailSync");
+  case NDPI_PROTOCOL_CATEGORY_MAIL:
+    return("Email");
     break;
   case NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER:
     return("FileTransfer");

src/lib/protocols/socks45.c

@@ -48,18 +48,15 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct,
   /* Check if we so far detected the protocol in the request or not. */
   if(flow->socks4_stage == 0) {
     NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage 0: \n");
-
-    /*Octets 3 and 4 contain the port number, port 80 and 25 for now. */
-    if((payload_len == 9) &&
-	(((packet->payload[0] == 0x04) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x50))
-	 ||
-	 ((packet->payload[0] == 0x04) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x19)))) {
+    
+    if(payload_len >= 9 && packet->payload[0] == 0x04 && 
+      (packet->payload[1] == 0x01 || packet->payload[1] == 0x02) &&
+      packet->payload[payload_len - 1] == 0x00)  {
       NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Possible SOCKS4 request detected, we will look further for the response...\n");
-
+      /* TODO: check port and ip address is valid */
       /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */
       flow->socks4_stage = packet->packet_direction + 1;
     }
-
   } else {
     NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage %u: \n", flow->socks4_stage);
 
@@ -67,16 +64,14 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct,
     if((flow->socks4_stage - packet->packet_direction) == 1) {
       return;
     }
-
     /* This is a packet in another direction. Check if we find the proper response. */
-    if(payload_len == 0) {
+    if(payload_len == 8 && packet->payload[0] == 0x00 && packet->payload[1] >= 0x5a && packet->payload[1] <= 0x5d) {
       NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Found SOCKS4.\n");
       ndpi_int_socks_add_connection(ndpi_struct, flow);
     } else {
       NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to SOCKS4, resetting the stage to 0...\n");
       flow->socks4_stage = 0;
     }
-
   }
 }