vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-19 07:54:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Have a clear distinction between public and private/internal API (#2137)

Browse source 
1) Public API/headers in `src/include/` [as it has always been]
2) Private API/headers in `src/lib/`

Try to keep the "ndpi_" prefix only for the public functions
This commit is contained in:
Ivan Nardi 2023-11-09 10:50:59 +01:00 committed by GitHub
parent 0673da54b5
commit b08c787fe2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
206 changed files with 621 additions and 424 deletions
Download patch file Download diff file Expand all files Collapse all files

8
fuzz/Makefile.am
View file

@ -65,7 +65,7 @@ fuzz_ndpi_reader_payload_analyzer_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTO
$(fuzz_ndpi_reader_payload_analyzer_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
fuzz_quic_get_crypto_data_SOURCES = fuzz_quic_get_crypto_data.c fuzz_common_code.c
fuzz_quic_get_crypto_data_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
fuzz_quic_get_crypto_data_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION
fuzz_quic_get_crypto_data_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
fuzz_quic_get_crypto_data_LDFLAGS = $(LIBS)
if HAS_FUZZLDFLAGS
@ -387,7 +387,7 @@ fuzz_binaryfusefilter_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(fuzz_binaryfusefilter_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
fuzz_tls_certificate_SOURCES = fuzz_tls_certificate.c fuzz_common_code.c
fuzz_tls_certificate_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
fuzz_tls_certificate_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION
fuzz_tls_certificate_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
fuzz_tls_certificate_LDFLAGS = $(LIBS)
if HAS_FUZZLDFLAGS
@ -413,7 +413,7 @@ fuzz_dga_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(fuzz_dga_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
fuzz_is_stun_udp_SOURCES = fuzz_is_stun.c fuzz_common_code.c
fuzz_is_stun_udp_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
fuzz_is_stun_udp_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION
fuzz_is_stun_udp_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
fuzz_is_stun_udp_LDFLAGS = $(LIBS)
if HAS_FUZZLDFLAGS
@ -426,7 +426,7 @@ fuzz_is_stun_udp_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(fuzz_is_stun_udp_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
fuzz_is_stun_tcp_SOURCES = fuzz_is_stun.c fuzz_common_code.c
fuzz_is_stun_tcp_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DSTUN_TCP
fuzz_is_stun_tcp_CFLAGS = -I../src/lib/ @NDPI_CFLAGS@ $(CXXFLAGS) -DNDPI_LIB_COMPILATION -DSTUN_TCP
fuzz_is_stun_tcp_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
fuzz_is_stun_tcp_LDFLAGS = $(LIBS)
if HAS_FUZZLDFLAGS

3
fuzz/fuzz_is_stun.c
View file

@ -1,6 +1,5 @@
#define NDPI_LIB_COMPILATION
#include "ndpi_api.h"
#include "ndpi_private.h"
#include "fuzz_common_code.h"
static struct ndpi_detection_module_struct *ndpi_struct = NULL;

17
fuzz/fuzz_quic_get_crypto_data.c
View file

@ -1,4 +1,5 @@
#include "ndpi_api.h"
#include "ndpi_private.h"
#include "fuzz_common_code.h"
#include <stdint.h>
@ -7,20 +8,6 @@
struct ndpi_detection_module_struct *ndpi_info_mod = NULL;
struct ndpi_flow_struct *flow = NULL;
extern const uint8_t *get_crypto_data(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int8_t *clear_payload, uint32_t clear_payload_len,
uint64_t *crypto_data_len);
extern void process_tls(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
const u_int8_t *crypto_data, uint32_t crypto_data_len,
uint32_t version);
extern void process_chlo(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
const u_int8_t *crypto_data, uint32_t crypto_data_len);
extern int is_version_with_tls(uint32_t version);
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
const u_int8_t *crypto_data;
uint64_t crypto_data_len;
@ -56,7 +43,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if(!is_version_with_tls(version)) {
process_chlo(ndpi_info_mod, flow, crypto_data, crypto_data_len);
} else {
process_tls(ndpi_info_mod, flow, crypto_data, crypto_data_len, version);
process_tls(ndpi_info_mod, flow, crypto_data, crypto_data_len);
}
}

6
fuzz/fuzz_tls_certificate.c
View file

@ -1,14 +1,10 @@
#define NDPI_LIB_COMPILATION
#include "ndpi_api.h"
#include "ndpi_private.h"
#include "fuzz_common_code.h"
#include <stdint.h>
#include <stdio.h>
extern void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int16_t p_offset, u_int16_t certificate_len);
struct ndpi_tcphdr tcph;
struct ndpi_iphdr iph;
struct ndpi_ipv6hdr iphv6;

5
python/ndpi/ndpi_build.py
View file

@ -91,9 +91,6 @@ NDPI_CDEF = subprocess.run(["gcc",
).stdout.decode('utf-8',
errors='ignore')
NDPI_MODULE_STRUCT_CDEF = NDPI_CDEF.split("//CFFI.NDPI_MODULE_STRUCT")[1]
NDPI_PACKED = subprocess.run(["gcc",
"-DNDPI_LIB_COMPILATION", "-DNDPI_CFFI_PREPROCESSING",
"-E", "-x", "c", "-P", "-C",
@ -104,7 +101,7 @@ NDPI_PACKED = subprocess.run(["gcc",
NDPI_PACKED_STRUCTURES = NDPI_PACKED.split("//CFFI.NDPI_PACKED_STRUCTURES")[1]
NDPI_SOURCE = NDPI_INCLUDES + NDPI_MODULE_STRUCT_CDEF + NDPI_HELPERS
NDPI_SOURCE = NDPI_INCLUDES + NDPI_HELPERS
ffi_builder.set_source("_ndpi",

276
src/include/ndpi_typedefs.h
View file

@ -942,45 +942,9 @@ struct ndpi_flow_udp_struct {
/* ************************************************** */
#define LINE_EQUALS(ndpi_int_one_line_struct, string_to_compare) \
((ndpi_int_one_line_struct).len == strlen(string_to_compare) && \
LINE_CMP(ndpi_int_one_line_struct, string_to_compare, strlen(string_to_compare)) == 1)
#define LINE_STARTS(ndpi_int_one_line_struct, string_to_compare) \
((ndpi_int_one_line_struct).len >= strlen(string_to_compare) && \
LINE_CMP(ndpi_int_one_line_struct, string_to_compare, strlen(string_to_compare)) == 1)
#define LINE_ENDS(ndpi_int_one_line_struct, string_to_compare) \
((ndpi_int_one_line_struct).len >= strlen(string_to_compare) && \
memcmp((ndpi_int_one_line_struct).ptr + \
((ndpi_int_one_line_struct).len - strlen(string_to_compare)), \
string_to_compare, strlen(string_to_compare)) == 0)
#define LINE_CMP(ndpi_int_one_line_struct, string_to_compare, string_to_compare_length) \
((ndpi_int_one_line_struct).ptr != NULL && \
memcmp((ndpi_int_one_line_struct).ptr, string_to_compare, string_to_compare_length) == 0)
struct ndpi_int_one_line_struct {
const u_int8_t *ptr;
u_int16_t len;
};
struct ndpi_detection_module_struct;
struct ndpi_flow_struct;
struct ndpi_call_function_struct {
NDPI_PROTOCOL_BITMASK detection_bitmask;
NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask;
void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow);
NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask;
u_int16_t ndpi_protocol_id;
u_int8_t detection_feature;
};
struct ndpi_subprotocol_conf_struct {
void (*func) (struct ndpi_detection_module_struct *, char *attr, char *value, int protocol_id);
};
typedef struct {
u_int16_t port_low, port_high;
} ndpi_port_range;
@ -1130,11 +1094,6 @@ typedef struct ndpi_proto_defaults {
void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow);
} ndpi_proto_defaults_t;
typedef struct ndpi_default_ports_tree_node {
ndpi_proto_defaults_t *proto;
u_int8_t customUserProto;
u_int16_t default_port;
} ndpi_default_ports_tree_node_t;
typedef struct _ndpi_automa {
void *ac_automa; /* Real type is AC_AUTOMATA_t */
@ -1183,241 +1142,6 @@ typedef struct {
} classes[MAX_NUM_NDPI_DOMAIN_CLASSIFICATIONS];
} ndpi_domain_classify;
#ifdef NDPI_LIB_COMPILATION
/* Needed to have access to HAVE_* defines */
#ifndef _NDPI_CONFIG_H_
#include "ndpi_config.h"
#define _NDPI_CONFIG_H_
#endif
/* PLEASE DO NOT REMOVE OR CHANGE THE ORDER OF WHAT IS DELIMITED BY CFFI.NDPI_MODULE_STRUCT FLAG AS IT IS USED FOR
PYTHON BINDINGS AUTO GENERATION */
//CFFI.NDPI_MODULE_STRUCT
typedef struct ndpi_list_struct {
char *value;
struct ndpi_list_struct *next;
} ndpi_list;
#ifdef HAVE_NBPF
typedef struct {
void *tree; /* cast to nbpf_filter* */
u_int16_t l7_protocol;
} nbpf_filter;
#endif
struct ndpi_packet_struct {
const struct ndpi_iphdr *iph;
const struct ndpi_ipv6hdr *iphv6;
const struct ndpi_tcphdr *tcp;
const struct ndpi_udphdr *udp;
const u_int8_t *generic_l4_ptr; /* is set only for non tcp-udp traffic */
const u_int8_t *payload;
u_int64_t current_time_ms;
struct ndpi_int_one_line_struct line[NDPI_MAX_PARSE_LINES_PER_PACKET];
/* HTTP headers */
struct ndpi_int_one_line_struct host_line;
struct ndpi_int_one_line_struct forwarded_line;
struct ndpi_int_one_line_struct referer_line;
struct ndpi_int_one_line_struct content_line;
struct ndpi_int_one_line_struct content_disposition_line;
struct ndpi_int_one_line_struct accept_line;
struct ndpi_int_one_line_struct authorization_line;
struct ndpi_int_one_line_struct user_agent_line;
struct ndpi_int_one_line_struct http_url_name;
struct ndpi_int_one_line_struct http_encoding;
struct ndpi_int_one_line_struct http_transfer_encoding;
struct ndpi_int_one_line_struct http_contentlen;
struct ndpi_int_one_line_struct http_cookie;
struct ndpi_int_one_line_struct http_origin;
struct ndpi_int_one_line_struct http_x_session_type;
struct ndpi_int_one_line_struct server_line;
struct ndpi_int_one_line_struct http_method;
struct ndpi_int_one_line_struct http_response; /* the first "word" in this pointer is the
response code in the packet (200, etc) */
u_int8_t http_num_headers; /* number of found (valid) header lines in HTTP request or response */
u_int16_t l3_packet_len;
u_int16_t payload_packet_len;
u_int16_t parsed_lines;
u_int16_t empty_line_position;
u_int8_t tcp_retransmission;
u_int8_t packet_lines_parsed_complete:1,
packet_direction:1, empty_line_position_set:1, http_check_content:1, pad:4;
};
struct ndpi_detection_module_struct {
NDPI_PROTOCOL_BITMASK detection_bitmask;
u_int64_t current_ts;
u_int16_t max_packets_to_process;
u_int16_t num_tls_blocks_to_follow;
u_int8_t skip_tls_blocks_until_change_cipher:1, enable_ja3_plus:1, _notused:6;
u_int8_t tls_certificate_expire_in_x_days;
void *user_data;
char custom_category_labels[NUM_CUSTOM_CATEGORIES][CUSTOM_CATEGORY_LABEL_LEN];
/* callback function buffer */
struct ndpi_call_function_struct *callback_buffer;
struct ndpi_call_function_struct *callback_buffer_tcp_no_payload;
struct ndpi_call_function_struct *callback_buffer_tcp_payload;
struct ndpi_call_function_struct *callback_buffer_udp;
struct ndpi_call_function_struct *callback_buffer_non_tcp_udp;
u_int32_t callback_buffer_size;
u_int32_t callback_buffer_size_tcp_no_payload;
u_int32_t callback_buffer_size_tcp_payload;
u_int32_t callback_buffer_size_udp;
u_int32_t callback_buffer_size_non_tcp_udp;
ndpi_default_ports_tree_node_t *tcpRoot, *udpRoot;
ndpi_log_level_t ndpi_log_level; /* default error */
#ifdef NDPI_ENABLE_DEBUG_MESSAGES
/* debug callback, only set when debug is used */
ndpi_debug_function_ptr ndpi_debug_printf;
const char *ndpi_debug_print_file;
const char *ndpi_debug_print_function;
u_int32_t ndpi_debug_print_line;
NDPI_PROTOCOL_BITMASK debug_bitmask;
#endif
/* misc parameters */
u_int32_t tcp_max_retransmission_window_size;
/* subprotocol registration handler */
struct ndpi_subprotocol_conf_struct subprotocol_conf[NDPI_MAX_SUPPORTED_PROTOCOLS + 1];
u_int ndpi_num_supported_protocols;
u_int ndpi_num_custom_protocols;
int ac_automa_finalized;
/* HTTP/DNS/HTTPS/QUIC host matching */
ndpi_automa host_automa, /* Used for DNS/HTTPS */
risky_domain_automa, tls_cert_subject_automa,
host_risk_mask_automa, common_alpns_automa;
/* IMPORTANT: please, whenever you add a new automa:
* update ndpi_finalize_initialization()
* update automa_type above
*/
ndpi_str_hash *malicious_ja3_hashmap, *malicious_sha1_hashmap;
ndpi_list *trusted_issuer_dn;
/* Patricia trees */
ndpi_patricia_tree_t *ip_risk_mask_ptree;
ndpi_patricia_tree_t *ip_risk_mask_ptree6;
ndpi_patricia_tree_t *ip_risk_ptree;
ndpi_patricia_tree_t *ip_risk_ptree6;
ndpi_patricia_tree_t *protocols_ptree; /* IP-based protocol detection */
ndpi_patricia_tree_t *protocols_ptree6;
/* *** If you add a new Patricia tree, please update ptree_type above! *** */
struct {
#ifdef USE_LEGACY_AHO_CORASICK
ndpi_automa hostnames, hostnames_shadow;
#else
ndpi_domain_classify *sc_hostnames, *sc_hostnames_shadow;
#endif
void *ipAddresses, *ipAddresses_shadow; /* Patricia */
void *ipAddresses6, *ipAddresses6_shadow; /* Patricia IPv6*/
u_int8_t categories_loaded;
} custom_categories;
u_int8_t ip_version_limit;
/* NDPI_PROTOCOL_TINC */
struct cache *tinc_cache;
/* NDPI_PROTOCOL_OOKLA */
struct ndpi_lru_cache *ookla_cache;
u_int32_t ookla_cache_num_entries;
u_int32_t ookla_cache_ttl;
/* NDPI_PROTOCOL_BITTORRENT */
struct ndpi_lru_cache *bittorrent_cache;
u_int32_t bittorrent_cache_num_entries;
u_int32_t bittorrent_cache_ttl;
/* NDPI_PROTOCOL_ZOOM */
struct ndpi_lru_cache *zoom_cache;
u_int32_t zoom_cache_num_entries;
u_int32_t zoom_cache_ttl;
/* NDPI_PROTOCOL_STUN and subprotocols */
struct ndpi_lru_cache *stun_cache;
u_int32_t stun_cache_num_entries;
u_int32_t stun_cache_ttl;
struct ndpi_lru_cache *stun_zoom_cache;
u_int32_t stun_zoom_cache_num_entries;
u_int32_t stun_zoom_cache_ttl;
/* NDPI_PROTOCOL_TLS and subprotocols */
struct ndpi_lru_cache *tls_cert_cache;
u_int32_t tls_cert_cache_num_entries;
int32_t tls_cert_cache_ttl;
/* NDPI_PROTOCOL_MINING and subprotocols */
struct ndpi_lru_cache *mining_cache;
u_int32_t mining_cache_num_entries;
u_int32_t mining_cache_ttl;
/* NDPI_PROTOCOL_MSTEAMS */
struct ndpi_lru_cache *msteams_cache;
u_int32_t msteams_cache_num_entries;
u_int32_t msteams_cache_ttl;
/* *** If you add a new LRU cache, please update lru_cache_type above! *** */
int opportunistic_tls_smtp_enabled;
int opportunistic_tls_imap_enabled;
int opportunistic_tls_pop_enabled;
int opportunistic_tls_ftp_enabled;
int opportunistic_tls_stun_enabled;
u_int32_t monitoring_stun_pkts_to_process;
u_int32_t monitoring_stun_flags;
u_int32_t aggressiveness_ookla;
int tcp_ack_paylod_heuristic;
int fully_encrypted_based_on_first_pkt_heuristic;
u_int16_t ndpi_to_user_proto_id[NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; /* custom protocolId mapping */
ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS];
u_int8_t direction_detect_disable:1, /* disable internal detection of packet direction */ _pad:7;
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_typedefs.h"
#endif
/* GeoIP */
void *mmdb_city, *mmdb_as;
u_int8_t mmdb_city_loaded, mmdb_as_loaded;
/* Current packet */
struct ndpi_packet_struct packet;
const struct ndpi_flow_input_info *input_info;
#ifdef HAVE_NBPF
u_int8_t num_nbpf_custom_proto;
nbpf_filter nbpf_custom_proto[MAX_NBPF_CUSTOM_PROTO];
#endif
u_int16_t max_payload_track_len;
};
#endif /* NDPI_LIB_COMPILATION */
//CFFI.NDPI_MODULE_STRUCT
typedef enum {
ndpi_cipher_safe = NDPI_CIPHER_SAFE,
ndpi_cipher_weak = NDPI_CIPHER_WEAK,

2
src/lib/Makefile.in
View file

@ -22,7 +22,7 @@ LDFLAGS += @NDPI_LDFLAGS@
LIBS = @ADDITIONAL_LIBS@ @LIBS@ @GPROF_LIBS@
OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) $(patsubst third_party/src/hll/%.c, third_party/src/hll/%.o, $(wildcard third_party/src/hll/*.c)) $(patsubst ./%.c, ./%.o, $(wildcard ./*.c))
HEADERS = $(wildcard ../include/*.h) $(wildcard ../include/*.h)
HEADERS = $(wildcard ../include/*.h) $(wildcard *.h)
NDPI_VERSION_MAJOR = @NDPI_MAJOR@
NDPI_LIB_STATIC = libndpi.a
NDPI_LIB_SHARED_BASE = libndpi.so

1
src/lib/ndpi_geoip.c
View file

@ -27,6 +27,7 @@
#include <stdint.h>
#include "ndpi_api.h"
#include "ndpi_private.h"
#include "ndpi_config.h"
#ifdef HAVE_MAXMINDDB

104
src/lib/ndpi_main.c
View file

@ -33,6 +33,7 @@
#include "ndpi_config.h"
#include "ndpi_api.h"
#include "ndpi_private.h"
#include "ahocorasick.h"
#include "libcache.h"
@ -208,21 +209,10 @@ _Static_assert(sizeof(ndpi_known_risks) / sizeof(ndpi_risk_info) == NDPI_MAX_RIS
/* ****************************************** */
extern void ndpi_unset_risk(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow, ndpi_risk_enum r);
extern u_int32_t make_mining_key(struct ndpi_flow_struct *flow);
extern u_int32_t make_bittorrent_host_key(struct ndpi_flow_struct *flow, int client, int offset);
extern u_int32_t make_bittorrent_peers_key(struct ndpi_flow_struct *flow);
extern int stun_search_into_zoom_cache(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
extern void ookla_add_to_cache(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
extern int ookla_search_into_cache(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
/* Forward */
static int addDefaultPort(struct ndpi_detection_module_struct *ndpi_str,
ndpi_port_range *range, ndpi_proto_defaults_t *def,
u_int8_t customUserProto, ndpi_default_ports_tree_node_t **root,
u_int8_t customUserProto, default_ports_tree_node_t **root,
const char *_func, int _line);
static void ndpi_reset_packet_line_info(struct ndpi_packet_struct *packet);
@ -623,9 +613,9 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_str,
/* ******************************************************************** */
static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) {
ndpi_default_ports_tree_node_t *fa = (ndpi_default_ports_tree_node_t *) a;
ndpi_default_ports_tree_node_t *fb = (ndpi_default_ports_tree_node_t *) b;
static int default_ports_tree_node_t_cmp(const void *a, const void *b) {
default_ports_tree_node_t *fa = (default_ports_tree_node_t *) a;
default_ports_tree_node_t *fb = (default_ports_tree_node_t *) b;
//printf("[NDPI] %s(%d, %d)\n", __FUNCTION__, fa->default_port, fb->default_port);
@ -638,15 +628,15 @@ static int addDefaultPort(struct ndpi_detection_module_struct *ndpi_str,
ndpi_port_range *range,
ndpi_proto_defaults_t *def,
u_int8_t customUserProto,
ndpi_default_ports_tree_node_t **root,
default_ports_tree_node_t **root,
const char *_func,
int _line) {
u_int32_t port;
for(port = range->port_low; port <= range->port_high; port++) {
ndpi_default_ports_tree_node_t *node =
(ndpi_default_ports_tree_node_t *) ndpi_malloc(sizeof(ndpi_default_ports_tree_node_t));
ndpi_default_ports_tree_node_t *ret;
default_ports_tree_node_t *node =
(default_ports_tree_node_t *) ndpi_malloc(sizeof(default_ports_tree_node_t));
default_ports_tree_node_t *ret;
if(!node) {
NDPI_LOG_ERR(ndpi_str, "%s:%d not enough memory\n", _func, _line);
@ -654,9 +644,9 @@ static int addDefaultPort(struct ndpi_detection_module_struct *ndpi_str,
}
node->proto = def, node->default_port = port, node->customUserProto = customUserProto;
ret = (ndpi_default_ports_tree_node_t *) ndpi_tsearch(node,
(void *) root,
ndpi_default_ports_tree_node_t_cmp); /* Add it to the tree */
ret = (default_ports_tree_node_t *) ndpi_tsearch(node,
(void *) root,
default_ports_tree_node_t_cmp); /* Add it to the tree */
if(ret == NULL) {
NDPI_LOG_DBG(ndpi_str, "[NDPI] %s:%d error searching for port %u\n", _func, _line, port);
@ -3912,25 +3902,25 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) {
/* ****************************************************** */
static ndpi_default_ports_tree_node_t *ndpi_get_guessed_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
u_int8_t proto, u_int16_t sport, u_int16_t dport) {
ndpi_default_ports_tree_node_t node;
static default_ports_tree_node_t *ndpi_get_guessed_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
u_int8_t proto, u_int16_t sport, u_int16_t dport) {
default_ports_tree_node_t node;
if(sport && dport) {
const void *ret;
node.default_port = dport; /* Check server port first */
ret = ndpi_tfind(&node, (proto == IPPROTO_TCP) ? (void *) &ndpi_str->tcpRoot : (void *) &ndpi_str->udpRoot,
ndpi_default_ports_tree_node_t_cmp);
default_ports_tree_node_t_cmp);
if(ret == NULL) {
node.default_port = sport;
ret = ndpi_tfind(&node, (proto == IPPROTO_TCP) ? (void *) &ndpi_str->tcpRoot : (void *) &ndpi_str->udpRoot,
ndpi_default_ports_tree_node_t_cmp);
default_ports_tree_node_t_cmp);
}
if(ret)
return(*(ndpi_default_ports_tree_node_t **) ret);
return(*(default_ports_tree_node_t **) ret);
}
return(NULL);
@ -3962,7 +3952,7 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
*user_defined_proto = 0; /* Default */
if(sport && dport) {
ndpi_default_ports_tree_node_t *found = ndpi_get_guessed_protocol_id(ndpi_str, proto, sport, dport);
default_ports_tree_node_t *found = ndpi_get_guessed_protocol_id(ndpi_str, proto, sport, dport);
if(found != NULL) {
u_int16_t guessed_proto = found->proto->protoId;
@ -4977,12 +4967,12 @@ void ndpi_set_bitmask_protocol_detection(char *label, struct ndpi_detection_modu
static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
NDPI_PROTOCOL_BITMASK *detection_bitmask = &ndpi_str->detection_bitmask;
struct ndpi_call_function_struct *all_cb = NULL;
struct call_function_struct *all_cb = NULL;
u_int32_t a = 0;
if(ndpi_str->callback_buffer) return 0;
ndpi_str->callback_buffer = ndpi_calloc(NDPI_MAX_SUPPORTED_PROTOCOLS+1,sizeof(struct ndpi_call_function_struct));
ndpi_str->callback_buffer = ndpi_calloc(NDPI_MAX_SUPPORTED_PROTOCOLS+1,sizeof(struct call_function_struct));
if(!ndpi_str->callback_buffer) return 1;
/* set this here to zero to be interrupt safe */
@ -5575,9 +5565,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
ndpi_str->callback_buffer_size = a;
/* Resize callback_buffer */
all_cb = ndpi_calloc(a+1,sizeof(struct ndpi_call_function_struct));
all_cb = ndpi_calloc(a+1,sizeof(struct call_function_struct));
if(all_cb) {
memcpy((char *)all_cb,(char *)ndpi_str->callback_buffer, (a+1) * sizeof(struct ndpi_call_function_struct));
memcpy((char *)all_cb,(char *)ndpi_str->callback_buffer, (a+1) * sizeof(struct call_function_struct));
ndpi_free(ndpi_str->callback_buffer);
ndpi_str->callback_buffer = all_cb;
}
@ -5589,7 +5579,7 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
ndpi_str->callback_buffer_size_tcp_no_payload +
ndpi_str->callback_buffer_size_udp +
ndpi_str->callback_buffer_size_non_tcp_udp,
sizeof(struct ndpi_call_function_struct));
sizeof(struct call_function_struct));
if(!all_cb) return 1;
ndpi_str->callback_buffer_tcp_payload = all_cb;
@ -5665,7 +5655,7 @@ static void ndpi_enabled_callbacks_init(struct ndpi_detection_module_struct *ndp
NDPI_LOG_DBG2(ndpi_str, "callback_buffer_tcp_payload, adding buffer %u as entry %u\n", a,
ndpi_str->callback_buffer_size_tcp_payload);
memcpy(&ndpi_str->callback_buffer_tcp_payload[ndpi_str->callback_buffer_size_tcp_payload],
&ndpi_str->callback_buffer[a], sizeof(struct ndpi_call_function_struct));
&ndpi_str->callback_buffer[a], sizeof(struct call_function_struct));
}
ndpi_str->callback_buffer_size_tcp_payload++;
}
@ -5676,7 +5666,7 @@ static void ndpi_enabled_callbacks_init(struct ndpi_detection_module_struct *ndp
NDPI_LOG_DBG2(ndpi_str,
"\tcallback_buffer_tcp_no_payload, additional adding buffer %u to no_payload process\n", a);
memcpy(&ndpi_str->callback_buffer_tcp_no_payload[ndpi_str->callback_buffer_size_tcp_no_payload],
&ndpi_str->callback_buffer[a], sizeof(struct ndpi_call_function_struct));
&ndpi_str->callback_buffer[a], sizeof(struct call_function_struct));
}
ndpi_str->callback_buffer_size_tcp_no_payload++;
}
@ -5689,7 +5679,7 @@ static void ndpi_enabled_callbacks_init(struct ndpi_detection_module_struct *ndp
NDPI_LOG_DBG2(ndpi_str, "callback_buffer_size_udp: adding buffer : %u\n", a);
memcpy(&ndpi_str->callback_buffer_udp[ndpi_str->callback_buffer_size_udp], &ndpi_str->callback_buffer[a],
sizeof(struct ndpi_call_function_struct));
sizeof(struct call_function_struct));
}
ndpi_str->callback_buffer_size_udp++;
}
@ -5702,7 +5692,7 @@ static void ndpi_enabled_callbacks_init(struct ndpi_detection_module_struct *ndp
NDPI_LOG_DBG2(ndpi_str, "callback_buffer_non_tcp_udp: adding buffer : %u\n", a);
memcpy(&ndpi_str->callback_buffer_non_tcp_udp[ndpi_str->callback_buffer_size_non_tcp_udp],
&ndpi_str->callback_buffer[a], sizeof(struct ndpi_call_function_struct));
&ndpi_str->callback_buffer[a], sizeof(struct call_function_struct));
}
ndpi_str->callback_buffer_size_non_tcp_udp++;
}
@ -5787,7 +5777,7 @@ int ndpi_handle_ipv6_extension_headers(u_int16_t l3len, const u_int8_t **l4ptr,
/* ******************************************************************** */
/* Used by dns.c */
u_int8_t ndpi_iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *iph, const u_int16_t ipsize) {
u_int8_t iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *iph, const u_int16_t ipsize) {
/*
returned value:
0: fragmented
@ -5855,7 +5845,7 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru
}
/* 0: fragmented; 1: not fragmented */
if(iph != NULL && ndpi_iph_is_valid_and_not_fragmented(iph, l3_len)) {
if(iph != NULL && iph_is_valid_and_not_fragmented(iph, l3_len)) {
u_int16_t len = ndpi_min(ntohs(iph->tot_len), l3_len);
u_int16_t hlen = (iph->ihl * 4);
@ -6228,16 +6218,16 @@ static int fully_enc_heuristic(struct ndpi_detection_module_struct *ndpi_str,
/* ************************************************ */
int ndpi_current_pkt_from_client_to_server(const struct ndpi_detection_module_struct *ndpi_str,
const struct ndpi_flow_struct *flow)
int current_pkt_from_client_to_server(const struct ndpi_detection_module_struct *ndpi_str,
const struct ndpi_flow_struct *flow)
{
return ndpi_str->packet.packet_direction == flow->client_packet_direction;
}
/* ******************************************************************** */
int ndpi_current_pkt_from_server_to_client(const struct ndpi_detection_module_struct *ndpi_str,
const struct ndpi_flow_struct *flow)
int current_pkt_from_server_to_client(const struct ndpi_detection_module_struct *ndpi_str,
const struct ndpi_flow_struct *flow)
{
return ndpi_str->packet.packet_direction != flow->client_packet_direction;
}
@ -6447,7 +6437,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_str,
}
}
if(ndpi_current_pkt_from_client_to_server(ndpi_str, flow)) {
if(current_pkt_from_client_to_server(ndpi_str, flow)) {
if(flow->is_ipv6 == 0) {
flow->c_address.v4 = packet->iph->saddr;
flow->s_address.v4 = packet->iph->daddr;
@ -6546,7 +6536,7 @@ static u_int32_t check_ndpi_subprotocols(struct ndpi_detection_module_struct * c
static u_int32_t check_ndpi_detection_func(struct ndpi_detection_module_struct * const ndpi_str,
struct ndpi_flow_struct * const flow,
NDPI_SELECTION_BITMASK_PROTOCOL_SIZE const ndpi_selection_packet,
struct ndpi_call_function_struct const * const callback_buffer,
struct call_function_struct const * const callback_buffer,
uint32_t callback_buffer_size,
int is_tcp_without_payload)
{
@ -6956,11 +6946,11 @@ u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port) {
/* #define BITTORRENT_CACHE_DEBUG */
int ndpi_search_into_bittorrent_cache(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
int search_into_bittorrent_cache(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {
#ifdef BITTORRENT_CACHE_DEBUG
printf("[%s:%u] ndpi_search_into_bittorrent_cache(%u, %u) [bt_check_performed=%d]\n",
printf("[%s:%u] search_into_bittorrent_cache(%u, %u) [bt_check_performed=%d]\n",
__FILE__, __LINE__, ntohs(flow->c_port), ntohs(flow->s_port),
flow->bt_check_performed);
#endif
@ -7109,7 +7099,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
/* Does it looks like BitTorrent? */
if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN &&
ndpi_search_into_bittorrent_cache(ndpi_str, flow)) {
search_into_bittorrent_cache(ndpi_str, flow)) {
ndpi_set_detected_protocol(ndpi_str, flow, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_PARTIAL_CACHE);
ret.app_protocol = flow->detected_protocol_stack[0];
}
@ -7572,7 +7562,7 @@ static int ndpi_is_ntop_protocol(ndpi_protocol *ret) {
static int ndpi_check_protocol_port_mismatch_exceptions(struct ndpi_detection_module_struct *ndpi_str,
struct ndpi_flow_struct *flow,
ndpi_default_ports_tree_node_t *expected_proto,
default_ports_tree_node_t *expected_proto,
ndpi_protocol *returned_proto) {
/*
For TLS (and other protocols) it is not simple to guess the exact protocol so before
@ -7816,7 +7806,7 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
if((!flow->risk_checked)
&& ((ret.master_protocol != NDPI_PROTOCOL_UNKNOWN) || (ret.app_protocol != NDPI_PROTOCOL_UNKNOWN))
) {
ndpi_default_ports_tree_node_t *found;
default_ports_tree_node_t *found;
u_int16_t *default_ports;
if(packet->udp)
@ -7855,8 +7845,8 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
} /* for */
if(!found) {
ndpi_default_ports_tree_node_t *r = ndpi_get_guessed_protocol_id(ndpi_str, packet->udp ? IPPROTO_UDP : IPPROTO_TCP,
ntohs(flow->c_port), ntohs(flow->s_port));
default_ports_tree_node_t *r = ndpi_get_guessed_protocol_id(ndpi_str, packet->udp ? IPPROTO_UDP : IPPROTO_TCP,
ntohs(flow->c_port), ntohs(flow->s_port));
if((r == NULL)
|| ((r->proto->protoId != ret.app_protocol) && (r->proto->protoId != ret.master_protocol))) {
@ -7904,8 +7894,8 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
}
if(!found) {
ndpi_default_ports_tree_node_t *r = ndpi_get_guessed_protocol_id(ndpi_str, packet->udp ? IPPROTO_UDP : IPPROTO_TCP,
ntohs(flow->c_port), ntohs(flow->s_port));
default_ports_tree_node_t *r = ndpi_get_guessed_protocol_id(ndpi_str, packet->udp ? IPPROTO_UDP : IPPROTO_TCP,
ntohs(flow->c_port), ntohs(flow->s_port));
if((r == NULL)
|| ((r->proto->protoId != ret.app_protocol) && (r->proto->protoId != ret.master_protocol)))
@ -8783,7 +8773,7 @@ static ndpi_protocol ndpi_internal_guess_undetected_protocol(struct ndpi_detecti
}
if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN &&
ndpi_search_into_bittorrent_cache(ndpi_str, flow)) {
search_into_bittorrent_cache(ndpi_str, flow)) {
/* This looks like BitTorrent */
ret.app_protocol = NDPI_PROTOCOL_BITTORRENT;
}

359
src/lib/ndpi_private.h Normal file
View file

@ -0,0 +1,359 @@
#ifndef __NDPI_PRIVATE_H__
#define __NDPI_PRIVATE_H__
#ifdef __cplusplus
extern "C" {
#endif
/* Not sure if we still need it.. keep it for the time being */
#ifdef NDPI_LIB_COMPILATION
/* Needed to have access to HAVE_* defines */
#ifndef _NDPI_CONFIG_H_
#include "ndpi_config.h"
#define _NDPI_CONFIG_H_
#endif
struct call_function_struct {
NDPI_PROTOCOL_BITMASK detection_bitmask;
NDPI_PROTOCOL_BITMASK excluded_protocol_bitmask;
void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow);
NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask;
u_int16_t ndpi_protocol_id;
u_int8_t detection_feature;
};
struct subprotocol_conf_struct {
void (*func) (struct ndpi_detection_module_struct *, char *attr, char *value, int protocol_id);
};
typedef struct default_ports_tree_node {
ndpi_proto_defaults_t *proto;
u_int8_t customUserProto;
u_int16_t default_port;
} default_ports_tree_node_t;
#define LINE_EQUALS(ndpi_int_one_line_struct, string_to_compare) \
((ndpi_int_one_line_struct).len == strlen(string_to_compare) && \
LINE_CMP(ndpi_int_one_line_struct, string_to_compare, strlen(string_to_compare)) == 1)
#define LINE_STARTS(ndpi_int_one_line_struct, string_to_compare) \
((ndpi_int_one_line_struct).len >= strlen(string_to_compare) && \
LINE_CMP(ndpi_int_one_line_struct, string_to_compare, strlen(string_to_compare)) == 1)
#define LINE_ENDS(ndpi_int_one_line_struct, string_to_compare) \
((ndpi_int_one_line_struct).len >= strlen(string_to_compare) && \
memcmp((ndpi_int_one_line_struct).ptr + \
((ndpi_int_one_line_struct).len - strlen(string_to_compare)), \
string_to_compare, strlen(string_to_compare)) == 0)
#define LINE_CMP(ndpi_int_one_line_struct, string_to_compare, string_to_compare_length) \
((ndpi_int_one_line_struct).ptr != NULL && \
memcmp((ndpi_int_one_line_struct).ptr, string_to_compare, string_to_compare_length) == 0)
struct ndpi_int_one_line_struct {
const u_int8_t *ptr;
u_int16_t len;
};
struct ndpi_packet_struct {
const struct ndpi_iphdr *iph;
const struct ndpi_ipv6hdr *iphv6;
const struct ndpi_tcphdr *tcp;
const struct ndpi_udphdr *udp;
const u_int8_t *generic_l4_ptr; /* is set only for non tcp-udp traffic */
const u_int8_t *payload;
u_int64_t current_time_ms;
struct ndpi_int_one_line_struct line[NDPI_MAX_PARSE_LINES_PER_PACKET];
/* HTTP headers */
struct ndpi_int_one_line_struct host_line;
struct ndpi_int_one_line_struct forwarded_line;
struct ndpi_int_one_line_struct referer_line;
struct ndpi_int_one_line_struct content_line;
struct ndpi_int_one_line_struct content_disposition_line;
struct ndpi_int_one_line_struct accept_line;
struct ndpi_int_one_line_struct authorization_line;
struct ndpi_int_one_line_struct user_agent_line;
struct ndpi_int_one_line_struct http_url_name;
struct ndpi_int_one_line_struct http_encoding;
struct ndpi_int_one_line_struct http_transfer_encoding;
struct ndpi_int_one_line_struct http_contentlen;
struct ndpi_int_one_line_struct http_cookie;
struct ndpi_int_one_line_struct http_origin;
struct ndpi_int_one_line_struct http_x_session_type;
struct ndpi_int_one_line_struct server_line;
struct ndpi_int_one_line_struct http_method;
struct ndpi_int_one_line_struct http_response; /* the first "word" in this pointer is the
response code in the packet (200, etc) */
u_int8_t http_num_headers; /* number of found (valid) header lines in HTTP request or response */
u_int16_t l3_packet_len;
u_int16_t payload_packet_len;
u_int16_t parsed_lines;
u_int16_t empty_line_position;
u_int8_t tcp_retransmission;
u_int8_t packet_lines_parsed_complete:1,
packet_direction:1, empty_line_position_set:1, http_check_content:1, pad:4;
};
typedef struct ndpi_list_struct {
char *value;
struct ndpi_list_struct *next;
} ndpi_list;
#ifdef HAVE_NBPF
typedef struct {
void *tree; /* cast to nbpf_filter* */
u_int16_t l7_protocol;
} nbpf_filter;
#endif
struct ndpi_detection_module_struct {
NDPI_PROTOCOL_BITMASK detection_bitmask;
u_int64_t current_ts;
u_int16_t max_packets_to_process;
u_int16_t num_tls_blocks_to_follow;
u_int8_t skip_tls_blocks_until_change_cipher:1, enable_ja3_plus:1, _notused:6;
u_int8_t tls_certificate_expire_in_x_days;
void *user_data;
char custom_category_labels[NUM_CUSTOM_CATEGORIES][CUSTOM_CATEGORY_LABEL_LEN];
/* callback function buffer */
struct call_function_struct *callback_buffer;
struct call_function_struct *callback_buffer_tcp_no_payload;
struct call_function_struct *callback_buffer_tcp_payload;
struct call_function_struct *callback_buffer_udp;
struct call_function_struct *callback_buffer_non_tcp_udp;
u_int32_t callback_buffer_size;
u_int32_t callback_buffer_size_tcp_no_payload;
u_int32_t callback_buffer_size_tcp_payload;
u_int32_t callback_buffer_size_udp;
u_int32_t callback_buffer_size_non_tcp_udp;
default_ports_tree_node_t *tcpRoot, *udpRoot;
ndpi_log_level_t ndpi_log_level; /* default error */
#ifdef NDPI_ENABLE_DEBUG_MESSAGES
/* debug callback, only set when debug is used */
ndpi_debug_function_ptr ndpi_debug_printf;
const char *ndpi_debug_print_file;
const char *ndpi_debug_print_function;
u_int32_t ndpi_debug_print_line;
NDPI_PROTOCOL_BITMASK debug_bitmask;
#endif
/* misc parameters */
u_int32_t tcp_max_retransmission_window_size;
/* subprotocol registration handler */
struct subprotocol_conf_struct subprotocol_conf[NDPI_MAX_SUPPORTED_PROTOCOLS + 1];
u_int ndpi_num_supported_protocols;
u_int ndpi_num_custom_protocols;
int ac_automa_finalized;
/* HTTP/DNS/HTTPS/QUIC host matching */
ndpi_automa host_automa, /* Used for DNS/HTTPS */
risky_domain_automa, tls_cert_subject_automa,
host_risk_mask_automa, common_alpns_automa;
/* IMPORTANT: please, whenever you add a new automa:
* update ndpi_finalize_initialization()
* update automa_type above
*/
ndpi_str_hash *malicious_ja3_hashmap, *malicious_sha1_hashmap;
ndpi_list *trusted_issuer_dn;
/* Patricia trees */
ndpi_patricia_tree_t *ip_risk_mask_ptree;
ndpi_patricia_tree_t *ip_risk_mask_ptree6;
ndpi_patricia_tree_t *ip_risk_ptree;
ndpi_patricia_tree_t *ip_risk_ptree6;
ndpi_patricia_tree_t *protocols_ptree; /* IP-based protocol detection */
ndpi_patricia_tree_t *protocols_ptree6;
/* *** If you add a new Patricia tree, please update ptree_type above! *** */
struct {
#ifdef USE_LEGACY_AHO_CORASICK
ndpi_automa hostnames, hostnames_shadow;
#else
ndpi_domain_classify *sc_hostnames, *sc_hostnames_shadow;
#endif
void *ipAddresses, *ipAddresses_shadow; /* Patricia */
void *ipAddresses6, *ipAddresses6_shadow; /* Patricia IPv6*/
u_int8_t categories_loaded;
} custom_categories;
u_int8_t ip_version_limit;
/* NDPI_PROTOCOL_TINC */
struct cache *tinc_cache;
/* NDPI_PROTOCOL_OOKLA */
struct ndpi_lru_cache *ookla_cache;
u_int32_t ookla_cache_num_entries;
u_int32_t ookla_cache_ttl;
/* NDPI_PROTOCOL_BITTORRENT */
struct ndpi_lru_cache *bittorrent_cache;
u_int32_t bittorrent_cache_num_entries;
u_int32_t bittorrent_cache_ttl;
/* NDPI_PROTOCOL_ZOOM */
struct ndpi_lru_cache *zoom_cache;
u_int32_t zoom_cache_num_entries;
u_int32_t zoom_cache_ttl;
/* NDPI_PROTOCOL_STUN and subprotocols */
struct ndpi_lru_cache *stun_cache;
u_int32_t stun_cache_num_entries;
u_int32_t stun_cache_ttl;
struct ndpi_lru_cache *stun_zoom_cache;
u_int32_t stun_zoom_cache_num_entries;
u_int32_t stun_zoom_cache_ttl;
/* NDPI_PROTOCOL_TLS and subprotocols */
struct ndpi_lru_cache *tls_cert_cache;
u_int32_t tls_cert_cache_num_entries;
int32_t tls_cert_cache_ttl;
/* NDPI_PROTOCOL_MINING and subprotocols */
struct ndpi_lru_cache *mining_cache;
u_int32_t mining_cache_num_entries;
u_int32_t mining_cache_ttl;
/* NDPI_PROTOCOL_MSTEAMS */
struct ndpi_lru_cache *msteams_cache;
u_int32_t msteams_cache_num_entries;
u_int32_t msteams_cache_ttl;
/* *** If you add a new LRU cache, please update lru_cache_type above! *** */
int opportunistic_tls_smtp_enabled;
int opportunistic_tls_imap_enabled;
int opportunistic_tls_pop_enabled;
int opportunistic_tls_ftp_enabled;
int opportunistic_tls_stun_enabled;
u_int32_t monitoring_stun_pkts_to_process;
u_int32_t monitoring_stun_flags;
u_int32_t aggressiveness_ookla;
int tcp_ack_paylod_heuristic;
int fully_encrypted_based_on_first_pkt_heuristic;
u_int16_t ndpi_to_user_proto_id[NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; /* custom protocolId mapping */
ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS];
u_int8_t direction_detect_disable:1, /* disable internal detection of packet direction */ _pad:7;
#ifdef CUSTOM_NDPI_PROTOCOLS
#include "../../../nDPI-custom/custom_ndpi_typedefs.h"
#endif
/* GeoIP */
void *mmdb_city, *mmdb_as;
u_int8_t mmdb_city_loaded, mmdb_as_loaded;
/* Current packet */
struct ndpi_packet_struct packet;
const struct ndpi_flow_input_info *input_info;
#ifdef HAVE_NBPF
u_int8_t num_nbpf_custom_proto;
nbpf_filter nbpf_custom_proto[MAX_NBPF_CUSTOM_PROTO];
#endif
u_int16_t max_payload_track_len;
};
/* Generic */
char *strptime(const char *s, const char *format, struct tm *tm);
u_int8_t iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *iph, const u_int16_t ipsize);
int current_pkt_from_client_to_server(const struct ndpi_detection_module_struct *ndpi_str, const struct ndpi_flow_struct *flow);
int current_pkt_from_server_to_client(const struct ndpi_detection_module_struct *ndpi_str, const struct ndpi_flow_struct *flow);
/* TLS */
int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow, uint32_t quic_version);
void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int16_t p_offset, u_int16_t certificate_len);
void switch_to_tls(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
int is_dtls(const u_int8_t *buf, u_int32_t buf_len, u_int32_t *block_len);
void switch_extra_dissection_to_tls(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
/* HTTP */
void http_process_user_agent(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
const u_int8_t *ua_ptr, u_int16_t ua_ptr_len);
/* OOKLA */
int ookla_search_into_cache(struct ndpi_detection_module_struct* ndpi_struct,
struct ndpi_flow_struct* flow);
void ookla_add_to_cache(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
/* QUIC */
int quic_len(const uint8_t *buf, uint64_t *value);
int quic_len_buffer_still_required(uint8_t value);
int is_version_with_var_int_transport_params(uint32_t version);
int is_version_with_tls(uint32_t version);
void process_chlo(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
const u_int8_t *crypto_data, uint32_t crypto_data_len);
void process_tls(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
const u_int8_t *crypto_data, uint32_t crypto_data_len);
const uint8_t *get_crypto_data(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
u_int8_t *clear_payload, uint32_t clear_payload_len,
uint64_t *crypto_data_len);
/* RTP */
int is_valid_rtp_payload_type(uint8_t type);
int is_rtp_or_rtcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
u_int8_t rtp_get_stream_type(u_int8_t payloadType, ndpi_multimedia_flow_type *s_type);
/* Bittorrent */
u_int32_t make_bittorrent_host_key(struct ndpi_flow_struct *flow, int client, int offset);
u_int32_t make_bittorrent_peers_key(struct ndpi_flow_struct *flow);
int search_into_bittorrent_cache(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
/* Mining */
u_int32_t make_mining_key(struct ndpi_flow_struct *flow);
/* Stun */
int stun_search_into_zoom_cache(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow);
#endif
#ifdef __cplusplus
}
#endif
#endif

1
src/lib/ndpi_utils.c
View file

@ -34,6 +34,7 @@
#include "ndpi_api.h"
#include "ndpi_includes.h"
#include "ndpi_encryption.h"
#include "ndpi_private.h"
#include "ahocorasick.h"
#include "libcache.h"

1
src/lib/protocols/activision.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ACTIVISION
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_activision_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
struct ndpi_flow_struct * const flow)

1
src/lib/protocols/afp.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AFP
#include "ndpi_api.h"
#include "ndpi_private.h"
struct afpHeader {
u_int8_t flags, command;

1
src/lib/protocols/ajp.c
View file

@ -25,6 +25,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AJP
#include "ndpi_api.h"
#include "ndpi_private.h"
enum ajp_direction {
AJP_SERVER_TO_CONTAINER = 0x1234,

1
src/lib/protocols/alicloud.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ALICLOUD
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_alicloud_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
struct ndpi_flow_struct * const flow)

1
src/lib/protocols/amazon_video.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AMAZON_VIDEO
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_check_amazon_video(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {

1
src/lib/protocols/among_us.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AMONG_US
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_among_us_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)

1
src/lib/protocols/amqp.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AMQP
#include "ndpi_api.h"
#include "ndpi_private.h"
PACK_ON

1
src/lib/protocols/apple_push.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLE_PUSH
#include "ndpi_api.h"
#include "ndpi_private.h"
static int is_apple_push_addr(const struct ndpi_packet_struct *packet)
{

1
src/lib/protocols/armagetron.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ARMAGETRON
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_armagetron_add_connection(struct ndpi_detection_module_struct *ndpi_struct,

1
src/lib/protocols/avast.c
View file

@ -24,6 +24,7 @@
#include <stdlib.h>
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_avast_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)

1
src/lib/protocols/avast_securedns.c
View file

@ -24,6 +24,7 @@
#include <stdlib.h>
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_avast_securedns_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)

1
src/lib/protocols/bacnet.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BACNET
#include "ndpi_api.h"
#include "ndpi_private.h"
// BVLC (BACnet Virtual Link Control) Annex is part of BVLL (BACnet Virtual Link Layer).
// See: https://www.ashrae.org/file%20library/technical%20resources/standards%20and%20guidelines/standards%20addenda/135-1995_addendum-a.pdf

1
src/lib/protocols/bgp.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BGP
#include "ndpi_api.h"
#include "ndpi_private.h"
/* this detection also works asymmetrically */

1
src/lib/protocols/bitcoin.c
View file

@ -23,6 +23,7 @@
#include "ndpi_protocol_ids.h"
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BITCOIN
#include "ndpi_api.h"
#include "ndpi_private.h"
/*https://en.bitcoin.it/wiki/Protocol_documentation*/
#define MAIN_NET_MAGIC 0xF9BEB4D9

5
src/lib/protocols/bittorrent.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BITTORRENT
#include "ndpi_api.h"
#include "ndpi_private.h"
#define BITTORRENT_PROTO_STRING "BitTorrent protocol"
@ -40,8 +41,6 @@ struct ndpi_utp_hdr {
u_int16_t sequence_nr, ack_nr;
};
extern int ndpi_search_into_bittorrent_cache(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
/* Forward declaration */
static void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct,
@ -467,7 +466,7 @@ static u_int8_t is_port(u_int16_t a, u_int16_t b, u_int16_t what) {
static void ndpi_skip_bittorrent(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,
struct ndpi_packet_struct *packet) {
if(ndpi_search_into_bittorrent_cache(ndpi_struct, flow))
if(search_into_bittorrent_cache(ndpi_struct, flow))
ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 0, NDPI_CONFIDENCE_DPI_CACHE);
else
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);

1
src/lib/protocols/bjnp.c
View file

@ -3,6 +3,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BJNP
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_bjnp_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow,

1
src/lib/protocols/can.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CAN
#include "ndpi_api.h"
#include "ndpi_private.h"
PACK_ON
struct can_hdr {

1
src/lib/protocols/capwap.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CAPWAP
#include "ndpi_api.h"
#include "ndpi_private.h"
#define NDPI_CAPWAP_CONTROL_PORT 5246
#define NDPI_CAPWAP_DATA_PORT 5247

1
src/lib/protocols/cassandra.c
View file

@ -24,6 +24,7 @@
#include "ndpi_protocol_ids.h"
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CASSANDRA
#include "ndpi_api.h"
#include "ndpi_private.h"
#define CASSANDRA_HEADER_LEN 9
#define CASSANDRA_MAX_BODY_SIZE 268435456 //256MB (256 * 1024^2)

1
src/lib/protocols/checkmk.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CHECKMK
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct *ndpi_struct,

1
src/lib/protocols/ciscovpn.c
View file

@ -25,6 +25,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CISCOVPN
#include "ndpi_api.h"
#include "ndpi_private.h"
/* ****************************************************************** */

1
src/lib/protocols/citrix.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CITRIX
#include "ndpi_api.h"
#include "ndpi_private.h"
/* ************************************ */

1
src/lib/protocols/coap.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_COAP
#include "ndpi_api.h"
#include "ndpi_private.h"
#define CON 0

1
src/lib/protocols/collectd.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_COLLECTD
#include "ndpi_api.h"
#include "ndpi_private.h"
#define COLLECTD_MIN_BLOCKS_REQUIRED 3
#define COLLECTD_MAX_BLOCKS_TO_DISSECT 5

1
src/lib/protocols/corba.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CORBA
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_corba_add_connection(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)

1
src/lib/protocols/cpha.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CPHA
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_search_cpha(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {

1
src/lib/protocols/crossfire.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CROSSFIRE
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_crossfire_add_connection(struct ndpi_detection_module_struct *ndpi_struct,

1
src/lib/protocols/crynet.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CRYNET
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_crynet_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
struct ndpi_flow_struct * const flow)

1
src/lib/protocols/csgo.c
View file

@ -25,6 +25,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CSGO
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) {
struct ndpi_packet_struct* packet = &ndpi_struct->packet;

1
src/lib/protocols/dcerpc.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RPC
#include "ndpi_api.h"
#include "ndpi_private.h"
#include <stdbool.h>
static void ndpi_int_dcerpc_add_connection(struct ndpi_detection_module_struct

1
src/lib/protocols/dhcp.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCP
#include "ndpi_api.h"
#include "ndpi_private.h"
/* freeradius/src/lib/dhcp.c */
#define DHCP_CHADDR_LEN 6

1
src/lib/protocols/dhcpv6.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCPV6
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_dhcpv6_add_connection(struct ndpi_detection_module_struct *ndpi_struct,

1
src/lib/protocols/diameter.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIAMETER
#include "ndpi_api.h"
#include "ndpi_private.h"
// Header Flags possibile values

1
src/lib/protocols/discord.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DISCORD
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_discord_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
struct ndpi_flow_struct * const flow)

1
src/lib/protocols/dnp3.c
View file

@ -23,6 +23,7 @@
#include "ndpi_protocol_ids.h"
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DNP3
#include "ndpi_api.h"
#include "ndpi_private.h"
/*
https://www.ixiacom.com/company/blog/scada-distributed-network-protocol-dnp3

5
src/lib/protocols/dns.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DNS
#include "ndpi_api.h"
#include "ndpi_private.h"
#define FLAGS_MASK 0x8000
@ -37,8 +38,6 @@
#define PKT_LEN_ALERT 512
/* ndpi_main.c */
extern u_int8_t ndpi_iph_is_valid_and_not_fragmented(const struct ndpi_iphdr *iph, const u_int16_t ipsize);
static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
@ -869,7 +868,7 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
/* 0: fragmented; 1: not fragmented */
if((flags & 0x20)
|| (ndpi_iph_is_valid_and_not_fragmented(packet->iph, packet->l3_packet_len) == 0)) {
|| (iph_is_valid_and_not_fragmented(packet->iph, packet->l3_packet_len) == 0)) {
ndpi_set_risk(ndpi_struct, flow, NDPI_DNS_FRAGMENTED, NULL);
}
} else if(packet->iphv6 != NULL) {

1
src/lib/protocols/dnscrypt.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DNSCRYPT
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_dnscrypt_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)

1
src/lib/protocols/dofus.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DOFUS
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_dofus_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{

1
src/lib/protocols/drda.c
View file

@ -22,6 +22,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DRDA
#include "ndpi_api.h"
#include "ndpi_private.h"
struct ndpi_drda_hdr {
u_int16_t length;

1
src/lib/protocols/dropbox.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DROPBOX
#include "ndpi_api.h"
#include "ndpi_private.h"
#define DB_LSP_PORT 17500

1
src/lib/protocols/eaq.c
View file

@ -30,6 +30,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EAQ
#include "ndpi_api.h"
#include "ndpi_private.h"
#define EAQ_DEFAULT_PORT 6000
#define EAQ_DEFAULT_SIZE 16

1
src/lib/protocols/edonkey.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EDONKEY
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_edonkey_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {

1
src/lib/protocols/elastic_search.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ELASTICSEARCH
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_elasticsearch_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
struct ndpi_flow_struct * const flow)

1
src/lib/protocols/epicgames.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EPICGAMES
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_epicgames_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
struct ndpi_flow_struct * const flow)

1
src/lib/protocols/ethereum.c
View file

@ -23,6 +23,7 @@
#include "ndpi_protocol_ids.h"
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ETHEREUM
#include "ndpi_api.h"
#include "ndpi_private.h"
/* ************************************************************************** */

1
src/lib/protocols/ethernet_ip.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ETHERNET_IP
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_ethernet_ip_add_connection(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow) {

1
src/lib/protocols/fastcgi.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FASTCGI
#include "ndpi_api.h"
#include "ndpi_private.h"
/* Reference: http://www.mit.edu/~yandros/doc/specs/fcgi-spec.html */

1
src/lib/protocols/fix.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FIX
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)

5
src/lib/protocols/ftp_control.c
View file

@ -26,13 +26,10 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FTP_CONTROL
#include "ndpi_api.h"
#include "ndpi_private.h"
// #define FTP_DEBUG
extern void switch_extra_dissection_to_tls(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
/* *************************************************************** */
static void ndpi_int_ftp_control_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {

1
src/lib/protocols/ftp_data.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FTP_DATA
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_ftp_data_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FTP_DATA, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);

1
src/lib/protocols/genshin_impact.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GENSHIN_IMPACT
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_genshin_impact_add_connection(

1
src/lib/protocols/git.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GIT
#include "ndpi_api.h"
#include "ndpi_private.h"
#define GIT_PORT 9418

1
src/lib/protocols/gnutella.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GNUTELLA
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct *ndpi_struct,

1
src/lib/protocols/gtp.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GTP
#include "ndpi_api.h"
#include "ndpi_private.h"
/* This code handles: GTP-U (port 2152), GTP-C (v1 and v2; port 2123) and GTP-PRIME

1
src/lib/protocols/guildwars.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GUILDWARS
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_guildwars_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)

1
src/lib/protocols/h323.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_H323
#include "ndpi_api.h"
#include "ndpi_private.h"
struct tpkt {

1
src/lib/protocols/halflife2_and_mods.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HALFLIFE2
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_halflife2_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)

1
src/lib/protocols/haproxy.c
View file

@ -22,6 +22,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HAPROXY
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_haproxy_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{

1
src/lib/protocols/hots.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HOTS
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_hots_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{

1
src/lib/protocols/hpvirtgrp.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HPVIRTGRP
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_hpvirtgrp_add_connection(

1
src/lib/protocols/hsrp.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HSRP
#include "ndpi_api.h"
#include "ndpi_private.h"
#define HSRP_PORT 1985
#define HSRP_PORT_V6 2029

4
src/lib/protocols/http.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP
#include "ndpi_api.h"
#include "ndpi_private.h"
static const char* binary_file_mimes_e[] = { "exe", NULL };
static const char* binary_file_mimes_j[] = { "java-vm", NULL };
@ -46,9 +47,6 @@ static const char* binary_file_ext[] = {
NULL
};
extern void ookla_add_to_cache(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
static void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
static void ndpi_check_http_header(struct ndpi_detection_module_struct *ndpi_struct,

1
src/lib/protocols/http2.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP2
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_http2_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
struct ndpi_flow_struct * const flow)

1
src/lib/protocols/i3d.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_I3D
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_i3d_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
struct ndpi_flow_struct * const flow)

1
src/lib/protocols/iax.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IAX
#include "ndpi_api.h"
#include "ndpi_private.h"
#define NDPI_IAX_MAX_INFORMATION_ELEMENTS 15

8
src/lib/protocols/icecast.c
View file

@ -27,9 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ICECAST
#include "ndpi_api.h"
extern int ndpi_current_pkt_from_client_to_server(const struct ndpi_detection_module_struct *ndpi_str, const struct ndpi_flow_struct *flow);
extern int ndpi_current_pkt_from_server_to_client(const struct ndpi_detection_module_struct *ndpi_str, const struct ndpi_flow_struct *flow);
#include "ndpi_private.h"
static void ndpi_int_icecast_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
@ -63,12 +61,12 @@ static void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_st
}
}
if(ndpi_current_pkt_from_client_to_server(ndpi_struct, flow)
if(current_pkt_from_client_to_server(ndpi_struct, flow)
&& (flow->packet_counter < 10)) {
return;
}
if(ndpi_current_pkt_from_server_to_client(ndpi_struct, flow)) {
if(current_pkt_from_server_to_client(ndpi_struct, flow)) {
/* server answer, now test Server for Icecast */
ndpi_parse_packet_line_info(ndpi_struct, flow);

1
src/lib/protocols/iec60870-5-104.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IEC60870
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_search_iec60870_tcp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow) {

1
src/lib/protocols/imo.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IMO
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_imo_add_connection(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow) {

1
src/lib/protocols/ipp.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IPP
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_ipp_add_connection(struct ndpi_detection_module_struct *ndpi_struct,

1
src/lib/protocols/ipsec.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IPSEC
#include "ndpi_api.h"
#include "ndpi_private.h"
enum isakmp_type {
ISAKMP_INVALID = 0,

1
src/lib/protocols/irc.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IRC
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_irc_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, ndpi_confidence_t confidence)
{

1
src/lib/protocols/jabber.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_JABBER
#include "ndpi_api.h"
#include "ndpi_private.h"
struct jabber_string {
char *string;

1
src/lib/protocols/kakaotalk_voice.c
View file

@ -29,6 +29,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KAKAOTALK_VOICE
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {

1
src/lib/protocols/kerberos.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KERBEROS
#include "ndpi_api.h"
#include "ndpi_private.h"
/* #define KERBEROS_DEBUG 1 */

1
src/lib/protocols/kismet.c
View file

@ -24,6 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KISMET
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_kismet_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
struct ndpi_flow_struct * const flow)

1
src/lib/protocols/kontiki.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KONTIKI
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_kontiki_add_connection(struct ndpi_detection_module_struct *ndpi_struct,

1
src/lib/protocols/ldap.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LDAP
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_ldap_add_connection(struct ndpi_detection_module_struct *ndpi_struct,

3
src/lib/protocols/line.c
View file

@ -24,8 +24,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LINE_CALL
#include "ndpi_api.h"
extern int is_valid_rtp_payload_type(uint8_t type);
#include "ndpi_private.h"
static void ndpi_int_line_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
struct ndpi_flow_struct * const flow)

1
src/lib/protocols/lisp.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LISP
#include "ndpi_api.h"
#include "ndpi_private.h"
#define LISP_PORT 4341 /* Only UDP */
#define LISP_PORT1 4342 /* TCP and UDP */

1
src/lib/protocols/lotus_notes.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LOTUS_NOTES
#include "ndpi_api.h"
#include "ndpi_private.h"
/* ************************************ */

4
src/lib/protocols/mail_imap.c
View file

@ -27,12 +27,10 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_IMAP
#include "ndpi_api.h"
#include "ndpi_private.h"
/* #define IMAP_DEBUG 1*/
extern void switch_extra_dissection_to_tls(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
static void ndpi_int_mail_imap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow,
u_int16_t protocol) {
flow->guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; /* Avoid IMAPS to be used s sub-protocol */

4
src/lib/protocols/mail_pop.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_POP
#include "ndpi_api.h"
#include "ndpi_private.h"
#define POP_BIT_AUTH 0x0001
@ -43,9 +44,6 @@
#define POP_BIT_STLS 0x0400
extern void switch_extra_dissection_to_tls(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
static void ndpi_int_mail_pop_add_connection(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow,
u_int16_t protocol) {

3
src/lib/protocols/mail_smtp.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_SMTP
#include "ndpi_api.h"
#include "ndpi_private.h"
#define SMTP_BIT_220 0x01
@ -48,8 +49,6 @@
/* #define SMTP_DEBUG 1 */
extern void switch_extra_dissection_to_tls(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow);
static void ndpi_int_mail_smtp_add_connection(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow) {

1
src/lib/protocols/maplestory.c
View file

@ -27,6 +27,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAPLESTORY
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_maplestory_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{

1
src/lib/protocols/megaco.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MEGACO
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct,

1
src/lib/protocols/memcached.c
View file

@ -28,6 +28,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MEMCACHED
#include "ndpi_api.h"
#include "ndpi_private.h"
#define MCDC_SET "set "
#define MCDC_SET_LEN (sizeof(MCDC_SET) - 1)

1
src/lib/protocols/merakicloud.c
View file

@ -23,6 +23,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MERAKI_CLOUD
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_merakicloud_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
struct ndpi_flow_struct * const flow)

1
src/lib/protocols/mgcp.c
View file

@ -26,6 +26,7 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MGCP
#include "ndpi_api.h"
#include "ndpi_private.h"
static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)

1
src/lib/protocols/mining.c
View file

@ -23,6 +23,7 @@
#include "ndpi_protocol_ids.h"
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MINING
#include "ndpi_api.h"
#include "ndpi_private.h"
/* ************************************************************************** */

Some files were not shown because too many files have changed in this diff Show more