From 59288b583d234e40a39da3e76f3260bebdd457e1 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Thu, 3 Feb 2022 16:58:07 +0100 Subject: [PATCH] Update to nDPI 4.2 Relevant changes: - Reduced memory footprint - Fix some memory issues - Improved protocols dissection --- app/src/main/jni/core/pcapdroid.c | 37 +++----- generated/nDPI/ndpi_api.h | 141 ++++++++++++++++++------------ generated/nDPI/ndpi_config.h | 47 ++++++---- generated/nDPI/ndpi_define.h | 106 +++++++++++++++++++--- submodules/nDPI | 2 +- 5 files changed, 222 insertions(+), 111 deletions(-) diff --git a/app/src/main/jni/core/pcapdroid.c b/app/src/main/jni/core/pcapdroid.c index 26f3d9c4..593b010d 100644 --- a/app/src/main/jni/core/pcapdroid.c +++ b/app/src/main/jni/core/pcapdroid.c @@ -19,6 +19,7 @@ #include #include // NOTE: look for "assertion" in logcat +#include #include "pcapdroid.h" #include "pcap_utils.h" #include "common/utils.h" @@ -55,14 +56,6 @@ static void conn_free_ndpi(pd_conn_t *data) { ndpi_free_flow(data->ndpi_flow); data->ndpi_flow = NULL; } - if(data->src_id) { - ndpi_free(data->src_id); - data->src_id = NULL; - } - if(data->dst_id) { - ndpi_free(data->dst_id); - data->dst_id = NULL; - } } /* ******************************************************* */ @@ -71,7 +64,12 @@ static uint16_t ndpi2proto(ndpi_protocol proto) { // The nDPI master/app protocol logic is not clear (e.g. the first packet of a DNS flow has // master_protocol unknown whereas the second has master_protocol set to DNS). We are not interested // in the app protocols, so just take the one that's not unknown. - return((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) ? proto.master_protocol : proto.app_protocol); + uint16_t l7proto = ((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) ? proto.master_protocol : proto.app_protocol); + + if((l7proto == NDPI_PROTOCOL_HTTP_CONNECT) || (l7proto == NDPI_PROTOCOL_HTTP_PROXY)) + l7proto = NDPI_PROTOCOL_HTTP; + + return l7proto; } /* ******************************************************* */ @@ -287,16 +285,6 @@ pd_conn_t* pd_new_connection(pcapdroid_t *pd, const zdtun_5tuple_t *tuple, int u conn_free_ndpi(data); } - if((data->src_id = ndpi_calloc(1, SIZEOF_ID_STRUCT)) == NULL) { - log_e("ndpi_malloc(src_id) failed"); - conn_free_ndpi(data); - } - - if((data->dst_id = ndpi_calloc(1, SIZEOF_ID_STRUCT)) == NULL) { - log_e("ndpi_malloc(dst_id) failed"); - conn_free_ndpi(data); - } - data->uid = uid; data->incr_id = pd->new_conn_id++; @@ -429,6 +417,7 @@ static void process_ndpi_data(pcapdroid_t *pd, const zdtun_5tuple_t *tuple, pd_c char *found_info = NULL; switch(data->l7proto) { + case NDPI_PROTOCOL_TLS: case NDPI_PROTOCOL_DNS: if(data->ndpi_flow->host_server_name[0]) found_info = (char*)data->ndpi_flow->host_server_name; @@ -444,10 +433,6 @@ static void process_ndpi_data(pcapdroid_t *pd, const zdtun_5tuple_t *tuple, pd_c } break; - case NDPI_PROTOCOL_TLS: - if(data->ndpi_flow->protos.tls_quic_stun.tls_quic.client_requested_server_name[0]) - found_info = (char*)data->ndpi_flow->protos.tls_quic_stun.tls_quic.client_requested_server_name; - break; } if(found_info && (!data->info || data->info_from_lru)) { @@ -615,14 +600,12 @@ static void perform_dpi(pcapdroid_t *pd, pkt_context_t *pctx) { uint16_t old_proto = data->l7proto; data->l7proto = ndpi2proto(ndpi_detection_process_packet(pd->ndpi, data->ndpi_flow, (const u_char *)pkt->buf, - pkt->len, data->last_seen, - is_tx ? data->src_id : data->dst_id, - is_tx ? data->dst_id : data->src_id)); + pkt->len, data->last_seen)); if(old_proto != data->l7proto) data->update_type |= CONN_UPDATE_INFO; - if((!data->request_done) && !data->ndpi_flow->packet.tcp_retransmission) + if((!data->request_done) && !pd->ndpi->packet.tcp_retransmission) process_request_data(pd, pctx); if(!is_tx && (data->l7proto == NDPI_PROTOCOL_DNS)) diff --git a/generated/nDPI/ndpi_api.h b/generated/nDPI/ndpi_api.h index d223d073..df729da3 100644 --- a/generated/nDPI/ndpi_api.h +++ b/generated/nDPI/ndpi_api.h @@ -34,9 +34,8 @@ extern "C" { /* The #define below is used for apps that dynamically link with nDPI to make sure that datastructures and in sync across versions */ -#define NDPI_API_VERSION 4817 +#define NDPI_API_VERSION 5710 -#define SIZEOF_ID_STRUCT ( sizeof(struct ndpi_id_struct) ) #define SIZEOF_FLOW_STRUCT ( sizeof(struct ndpi_flow_struct) ) #define NDPI_DETECTION_ONLY_IPV4 ( 1 << 0 ) @@ -75,15 +74,6 @@ extern "C" { u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void); - /** - * Get the size of the id struct - * - * @return the size of the id struct - * - */ - u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void); - - /** * Get the size of the flow tcp struct * @@ -118,7 +108,8 @@ extern "C" { void ndpi_free(void *ptr); void * ndpi_flow_malloc(size_t size); void ndpi_flow_free(void *ptr); - + u_int32_t ndpi_get_tot_allocated_memory(void); + /** * Search the first occurrence of substring -find- in -s- * The search is limited to the first -slen- characters of the string @@ -302,8 +293,6 @@ extern "C" { * @par packet = unsigned char pointer to the Layer 3 (IP header) * @par packetlen = the length of the packet * @par packet_time_ms = the current timestamp for the packet (expressed in msec) - * @par src = pointer to the source subscriber state machine - * @par dst = pointer to the destination subscriber state machine * @return void * */ @@ -311,9 +300,7 @@ extern "C" { struct ndpi_flow_struct *flow, const unsigned char *packet, const unsigned short packetlen, - const u_int64_t packet_time_ms, - struct ndpi_id_struct *src, - struct ndpi_id_struct *dst); + const u_int64_t packet_time_ms); /** * Processes one packet and returns the ID of the detected protocol. @@ -324,8 +311,6 @@ extern "C" { * @par packet = unsigned char pointer to the Layer 3 (IP header) * @par packetlen = the length of the packet * @par packet_time_ms = the current timestamp for the packet (expressed in msec) - * @par src = pointer to the source subscriber state machine - * @par dst = pointer to the destination subscriber state machine * @return the detected ID of the protocol * */ @@ -333,9 +318,7 @@ extern "C" { struct ndpi_flow_struct *flow, const unsigned char *packet, const unsigned short packetlen, - const u_int64_t packet_time_ms, - struct ndpi_id_struct *src, - struct ndpi_id_struct *dst); + const u_int64_t packet_time_ms); /** * Get the main protocol of the passed flows for the detected module * @@ -424,7 +407,6 @@ extern "C" { * @par string_to_match = the string to match * @par string_to_match_len = the length of the string * @par ret_match = completed returned match information - * @par is_host_match = value of the second field of struct ndpi_automa * @return the ID of the matched subprotocol; * -1 if automa is not finalized; * -2 if automa==NULL or string_to_match==NULL or empty string_to_match @@ -433,8 +415,7 @@ extern "C" { int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *string_to_match, u_int string_to_match_len, - ndpi_protocol_match_result *ret_match, - u_int8_t is_host_match); + ndpi_protocol_match_result *ret_match); /** * Check if the host passed match with a protocol * @@ -464,24 +445,6 @@ extern "C" { void ndpi_check_subprotocol_risk(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow, u_int16_t subprotocol_id); - /** - * Check if the string content passed match with a protocol - * - * @par ndpi_struct = the detection module - * @par flow = the flow where match the host - * @par string_to_match = the string to match - * @par string_to_match_len = the length of the string - * @par ret_match = completed returned match information - * @par master_protocol_id = value of the ID associated to the master protocol detected - * @return the ID of the matched subprotocol - * - */ - u_int16_t ndpi_match_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - char *string_to_match, - u_int string_to_match_len, - ndpi_protocol_match_result *ret_match, - u_int16_t master_protocol_id); /** * Exclude protocol from search * @@ -601,6 +564,15 @@ extern "C" { const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_category_t category); + /** + * Get classification confidence as string + * + * @par confidence = the confidence value + * @return the string name of the confidence result + * + */ + const char* ndpi_confidence_get_name(ndpi_confidence_t confidence); + /** * Set protocol category string * @@ -682,12 +654,19 @@ extern "C" { */ void ndpi_dump_protocols(struct ndpi_detection_module_struct *mod); + /** + * Generate Options list used in OPNsense firewall plugin + * + * @par opt = The Option list to generate + */ + void ndpi_generate_options(u_int opt); + /** * Write the list of the scores and their associated risks * * @par ndpi_mod = the detection module */ - void ndpi_dump_risks_score(); + void ndpi_dump_risks_score(void); /** * Read a file and load the protocols @@ -729,6 +708,15 @@ extern "C" { */ int ndpi_add_host_risk_mask(struct ndpi_detection_module_struct *ndpi_mod, char *host, ndpi_risk mask); + /** + * Add a trusted certificate issuer DN + * + * @par ndpi_mod = the detection module + * @par dn = the issuer DN as it appears in the certificate (example "CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US") + * @return 0 if the rule is loaded correctly; < 0 in case an error is detected + */ + int ndpi_add_trusted_issuer_dn(struct ndpi_detection_module_struct *ndpi_mod, char *dn); + /** * Read a file and load the categories * @@ -958,6 +946,18 @@ extern "C" { ndpi_protocol_category_t *category, ndpi_protocol_breed_t *breed); + /** + * Specifies the threshold used to trigger the NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE + * flow risk that by default is set to 30 days + * + * @par ndpi_struct = the struct created for the protocol detection + * @par days = the number of days threshold for emitting the alert + * + */ + void ndpi_set_tls_cert_expire_days(struct ndpi_detection_module_struct *ndpi_str, + u_int8_t days); + + /* Utility functions to set ndpi malloc/free/print wrappers */ void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)); void set_ndpi_free(void (*__ndpi_free)(void *ptr)); @@ -988,7 +988,7 @@ extern "C" { /* Return a flow info string (summarized). Does only work for DNS/HTTP/TLS/QUIC. */ const char* ndpi_get_flow_info(struct ndpi_flow_struct const * const flow, ndpi_protocol const * const l7_protocol); - char* ndpi_ssl_version2str(struct ndpi_flow_struct *flow, + char* ndpi_ssl_version2str(char *buf, int buf_len, u_int16_t version, u_int8_t *unknown_tls_version); int ndpi_netbios_name_interpret(u_char *in, u_int in_len, u_char *out, u_int out_len); void ndpi_patchIPv6Address(char *str); @@ -1007,7 +1007,7 @@ extern "C" { int ndpi_flow2json(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t ip_version, - u_int8_t l4_protocol, u_int16_t vlan_id, + u_int8_t l4_protocol, u_int32_t src_v4, u_int32_t dst_v4, struct ndpi_in6_addr *src_v6, struct ndpi_in6_addr *dst_v6, u_int16_t src_port, u_int16_t dst_port, @@ -1093,6 +1093,12 @@ extern "C" { */ void ndpi_reset_serializer(ndpi_serializer *serializer); + /** + * Hint to not create the header (used to avoid creaign the header when not used) + * @param serializer The serializer handle + */ + void ndpi_serializer_skip_header(ndpi_serializer *serializer); + /** * Serialize a 32-bit unsigned int key and a 32-bit unsigned int value * @param serializer The serializer handle @@ -1521,12 +1527,14 @@ extern "C" { int ndpi_ses_init(struct ndpi_ses_struct *ses, double alpha, float significance); int ndpi_ses_add_value(struct ndpi_ses_struct *ses, const u_int64_t _value, double *forecast, double *confidence_band); - + void ndpi_ses_fitting(double *values, u_int32_t num_values, float *ret_alpha); + /* ******************************* */ int ndpi_des_init(struct ndpi_des_struct *des, double alpha, double beta, float significance); int ndpi_des_add_value(struct ndpi_des_struct *des, const u_int64_t _value, double *forecast, double *confidence_band); - + void ndpi_des_fitting(double *values, u_int32_t num_values, float *ret_alpha, float *ret_beta); + /* ******************************* */ int ndpi_jitter_init(struct ndpi_jitter_struct *hw, u_int16_t num_periods); @@ -1543,8 +1551,10 @@ extern "C" { u_int8_t ndpi_is_protocol_detected(struct ndpi_detection_module_struct *ndpi_str, ndpi_protocol proto); - void ndpi_serialize_risk(ndpi_serializer *serializer, struct ndpi_flow_struct *flow); - + void ndpi_serialize_risk(ndpi_serializer *serializer, ndpi_risk_enum risk); + void ndpi_serialize_proto(struct ndpi_detection_module_struct *ndpi_struct, + ndpi_serializer *serializer, ndpi_risk_enum risk, + ndpi_protocol l7_protocol); const char* ndpi_risk2str(ndpi_risk_enum risk); const char* ndpi_severity2str(ndpi_risk_severity s); ndpi_risk_info* ndpi_risk2severity(ndpi_risk_enum risk); @@ -1569,16 +1579,17 @@ extern "C" { /* ******************************* */ - int ndpi_init_bin(struct ndpi_bin *b, enum ndpi_bin_family f, u_int8_t num_bins); + int ndpi_init_bin(struct ndpi_bin *b, enum ndpi_bin_family f, u_int16_t num_bins); void ndpi_free_bin(struct ndpi_bin *b); struct ndpi_bin* ndpi_clone_bin(struct ndpi_bin *b); - void ndpi_inc_bin(struct ndpi_bin *b, u_int8_t slot_id, u_int32_t val); - void ndpi_set_bin(struct ndpi_bin *b, u_int8_t slot_id, u_int32_t value); - u_int32_t ndpi_get_bin_value(struct ndpi_bin *b, u_int8_t slot_id); + void ndpi_inc_bin(struct ndpi_bin *b, u_int16_t slot_id, u_int32_t val); + void ndpi_set_bin(struct ndpi_bin *b, u_int16_t slot_id, u_int32_t value); + u_int32_t ndpi_get_bin_value(struct ndpi_bin *b, u_int16_t slot_id); void ndpi_reset_bin(struct ndpi_bin *b); void ndpi_normalize_bin(struct ndpi_bin *b); char* ndpi_print_bin(struct ndpi_bin *b, u_int8_t normalize_first, char *out_buf, u_int out_buf_len); - float ndpi_bin_similarity(struct ndpi_bin *b1, struct ndpi_bin *b2, u_int8_t normalize_first); + float ndpi_bin_similarity(struct ndpi_bin *b1, struct ndpi_bin *b2, + u_int8_t normalize_first, float similarity_max_threshold); int ndpi_cluster_bins(struct ndpi_bin *bins, u_int16_t num_bins, u_int8_t num_clusters, u_int16_t *cluster_ids, struct ndpi_bin *centroids); @@ -1610,6 +1621,26 @@ extern "C" { char* ndpi_get_flow_name(struct ndpi_flow_struct *flow); /* ******************************* */ + + ndpi_bitmap* ndpi_bitmap_alloc(void); + void ndpi_bitmap_free(ndpi_bitmap* b); + u_int64_t ndpi_bitmap_cardinality(ndpi_bitmap* b); + void ndpi_bitmap_set(ndpi_bitmap* b, u_int32_t value); + void ndpi_bitmap_unset(ndpi_bitmap* b, u_int32_t value); + bool ndpi_bitmap_isset(ndpi_bitmap* b, u_int32_t value); + void ndpi_bitmap_clear(ndpi_bitmap* b); + + size_t ndpi_bitmap_serialize(ndpi_bitmap* b, char **buf); + ndpi_bitmap* ndpi_bitmap_deserialize(char *buf); + + void ndpi_bitmap_and(ndpi_bitmap* a, ndpi_bitmap* b_and); + void ndpi_bitmap_or(ndpi_bitmap* a, ndpi_bitmap* b_or); + + ndpi_bitmap_iterator* ndpi_bitmap_iterator_alloc(ndpi_bitmap* b); + void ndpi_bitmap_iterator_free(ndpi_bitmap* b); + bool ndpi_bitmap_iterator_next(ndpi_bitmap_iterator* i, uint32_t *value); + + /* ******************************* */ #ifdef __cplusplus } diff --git a/generated/nDPI/ndpi_config.h b/generated/nDPI/ndpi_config.h index 1c759596..28fe9b9c 100644 --- a/generated/nDPI/ndpi_config.h +++ b/generated/nDPI/ndpi_config.h @@ -4,21 +4,30 @@ /* Define to 1 if you have the header file. */ #define HAVE_DLFCN_H 1 +/* Define to 1 if you have the header file. */ +#define HAVE_FLOAT_H 1 + /* Define to 1 if you have the header file. */ #define HAVE_INTTYPES_H 1 -/* Define to 1 if you have the header file. */ -/* #undef HAVE_JSON_H */ - /* Define to 1 if you have the `gcrypt' library (-lgcrypt). */ /* #undef HAVE_LIBGCRYPT */ /* Define to 1 if you have the `gpg-error' library (-lgpg-error). */ /* #undef HAVE_LIBGPG_ERROR */ +/* Define to 1 if you have the `json-c' library (-ljson-c). */ +/* #undef HAVE_LIBJSON_C */ + +/* Define to 1 if you have the `m' library (-lm). */ +/* #undef HAVE_LIBM */ + /* Define to 1 if you have the `maxminddb' library (-lmaxminddb). */ /* #undef HAVE_LIBMAXMINDDB */ +/* Define to 1 if you have the header file. */ +#define HAVE_MATH_H 1 + /* MaxMind DB support */ /* #undef HAVE_MAXMINDDB */ @@ -32,14 +41,17 @@ /* #undef HAVE_PCRE */ /* Define if you have POSIX threads libraries and header files. */ -#define HAVE_PTHREAD 1 +/* #undef HAVE_PTHREAD */ /* Have PTHREAD_PRIO_INHERIT. */ -#define HAVE_PTHREAD_PRIO_INHERIT 1 +/* #undef HAVE_PTHREAD_PRIO_INHERIT */ /* libc has pthread_setaffinity_np */ /* #undef HAVE_PTHREAD_SETAFFINITY_NP */ +/* rrdtool is present */ +/* #undef HAVE_RRDTOOL */ + /* Define to 1 if you have the header file. */ #define HAVE_STDINT_H 1 @@ -71,40 +83,43 @@ /* #undef NDPI_ENABLE_DEBUG_MESSAGES */ /* Last GIT change */ -#define NDPI_GIT_DATE "Thu Oct 14 14:31:59 2021 +0200" +#define NDPI_GIT_DATE "Tue Feb 1 09:14:05 2022 +0100" /* GIT Release */ -#define NDPI_GIT_RELEASE "4.0.0-3212-f732a761" +#define NDPI_GIT_RELEASE "4.2.0-3463-8b5c6af7" /* nDPI major release */ #define NDPI_MAJOR_RELEASE "4" /* nDPI minor release */ -#define NDPI_MINOR_RELEASE "0" +#define NDPI_MINOR_RELEASE "2" /* nDPI patch level */ #define NDPI_PATCH_LEVEL "0" +/* Define to 1 if your C compiler doesn't accept -c and -o together. */ +/* #undef NO_MINUS_C_MINUS_O */ + /* Name of package */ -/* #undef PACKAGE */ +#define PACKAGE "libndpi" /* Define to the address where bug reports for this package should be sent. */ -/* #undef PACKAGE_BUGREPORT */ +#define PACKAGE_BUGREPORT "" /* Define to the full name of this package. */ -/* #undef PACKAGE_NAME */ +#define PACKAGE_NAME "libndpi" /* Define to the full name and version of this package. */ -/* #undef PACKAGE_STRING */ +#define PACKAGE_STRING "libndpi 4.2.0" /* Define to the one symbol short name of this package. */ -/* #undef PACKAGE_TARNAME */ +#define PACKAGE_TARNAME "libndpi" /* Define to the home page for this package. */ -/* #undef PACKAGE_URL */ +#define PACKAGE_URL "" /* Define to the version of this package. */ -/* #undef PACKAGE_VERSION */ +#define PACKAGE_VERSION "4.2.0" /* Define to necessary symbol if this constant uses a non-standard name on your system. */ @@ -116,4 +131,4 @@ #define STDC_HEADERS 1 /* Version number of package */ -/* #undef VERSION */ +#define VERSION "4.2.0" diff --git a/generated/nDPI/ndpi_define.h b/generated/nDPI/ndpi_define.h index 51361176..c8716038 100644 --- a/generated/nDPI/ndpi_define.h +++ b/generated/nDPI/ndpi_define.h @@ -27,8 +27,8 @@ gcc -E -dM - < /dev/null |grep ENDIAN */ -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) -#include +#if defined(__FreeBSD__) || defined(__NetBSD__) +#include #endif #ifdef __OpenBSD__ @@ -156,6 +156,7 @@ /* misc definitions */ #define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 +#define NDPI_MAX_NUM_PKTS_PER_FLOW_TO_DISSECT 32 /* TODO: rebuild all memory areas to have a more aligned memory block here */ @@ -171,20 +172,11 @@ #define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 #define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 #define NDPI_THUNDER_CONNECTION_TIMEOUT 30 -#define NDPI_RTSP_CONNECTION_TIMEOUT 5 #define NDPI_TVANTS_CONNECTION_TIMEOUT 5 -#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 -#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 #define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 #define NDPI_ZATTOO_FLASH_TIMEOUT 5 #define NDPI_JABBER_STUN_TIMEOUT 30 #define NDPI_JABBER_FT_TIMEOUT 5 -#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 - -#ifndef _NDPI_CONFIG_H_ -#include "ndpi_config.h" /* To have access to NDPI_ENABLE_DEBUG_MESSAGES */ -#define _NDPI_CONFIG_H_ -#endif #ifdef NDPI_ENABLE_DEBUG_MESSAGES #define NDPI_LOG(proto, m, log_level, args...) \ @@ -321,7 +313,16 @@ #define get_u_int8_t(X,O) (*(u_int8_t *)((&(((u_int8_t *)X)[O])))) #define get_u_int16_t(X,O) (*(u_int16_t *)((&(((u_int8_t *)X)[O])))) #define get_u_int32_t(X,O) (*(u_int32_t *)((&(((u_int8_t *)X)[O])))) +#if defined(__arm__) +static inline u_int64_t get_u_int64_t(const u_int8_t* X, int O) +{ + u_int64_t tmp; + memcpy(&tmp, X + O, sizeof(tmp)); + return tmp; +} +#else #define get_u_int64_t(X,O) (*(u_int64_t *)((&(((u_int8_t *)X)[O])))) +#endif // __arm__ /* new definitions to get little endian from network bytes */ #define get_ul8(X,O) get_u_int8_t(X,O) @@ -345,11 +346,24 @@ #define snprintf _snprintf #endif +#if defined(WIN32) +#undef strtok_r +#define strtok_r strtok_s + +#if BYTE_ORDER == LITTLE_ENDIAN +#define le16toh(x) (x) +#define le32toh(x) (x) +#else +#error "byte order not supported" +#endif + +#endif /* WIN32 */ + #define NDPI_MAX_DNS_REQUESTS 16 #define NDPI_MIN_NUM_STUN_DETECTION 8 #define NDPI_MAJOR 4 -#define NDPI_MINOR 0 +#define NDPI_MINOR 2 #define NDPI_PATCH 0 /* IMPORTANT: order according to its severity */ @@ -382,4 +396,72 @@ #endif /* __APPLE__ */ + +#if defined(__MINGW32__) + +#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + +#define htobe16(x) htons(x) +#define htole16(x) (x) +#define be16toh(x) ntohs(x) +#define le16toh(x) (x) +#define htobe32(x) htonl(x) +#define htole32(x) (x) +#define be32toh(x) ntohl(x) +#define le32toh(x) (x) +#define htobe64(x) htonll(x) +#define htole64(x) (x) +#define be64toh(x) ntohll(x) +#define le64toh(x) (x) + +#elif __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ + +#define htobe16(x) (x) +#define htole16(x) __builtin_bswap16(x) +#define be16toh(x) (x) +#define le16toh(x) __builtin_bswap16(x) +#define htobe32(x) (x) +#define htole32(x) __builtin_bswap32(x) +#define be32toh(x) (x) +#define le32toh(x) __builtin_bswap32(x) +#define htobe64(x) (x) +#define htole64(x) __builtin_bswap64(x) +#define be64toh(x) (x) +#define le64toh(x) __builtin_bswap64(x) + +#else +#error Unexpected __BYTE_ORDER__ + +#endif /* __BYTE_ORDER__ */ +#endif /* __MINGW32__ */ + + +#ifndef ETH_ARP +#define ETH_ARP 0x0806 +#endif + +#ifndef ETH_P_IP +#define ETH_P_IP 0x0800 /* IPv4 */ +#endif + +#ifndef ETH_P_IPV6 +#define ETH_P_IPV6 0x86dd /* IPv6 */ +#endif + +#ifndef ETH_P_VLAN +#define ETH_P_VLAN 0x8100 +#endif + +#ifndef ETH_P_MPLS_UNI +#define ETH_P_MPLS_UNI 0x8847 +#endif + +#ifndef ETH_P_MPLS_MULTI +#define ETH_P_MPLS_MULTI 0x8848 +#endif + +#ifndef ETH_P_PPPoE +#define ETH_P_PPPoE 0x8864 +#endif + #endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ diff --git a/submodules/nDPI b/submodules/nDPI index 21b4b8bc..d67dba69 160000 --- a/submodules/nDPI +++ b/submodules/nDPI @@ -1 +1 @@ -Subproject commit 21b4b8bc223953c9e7ea709c1eaa5cbf5eab079d +Subproject commit d67dba69b74ffcec937f25eb1b4cc83755f4b1ac