mirror of
https://github.com/emanuele-f/PCAPdroid.git
synced 2026-05-08 21:12:26 +00:00
emanuele-f
@@ -93,6 +93,14 @@ static inline void* pd_ndpi_malloc(size_t size) {
|
||||
return _pcapdroid_malloc(size, MEMTRACK_NDPI);
|
||||
}
|
||||
|
||||
static inline void* pd_ndpi_calloc(size_t nmemb, size_t size) {
|
||||
return _pcapdroid_calloc(nmemb, size, MEMTRACK_NDPI);
|
||||
}
|
||||
|
||||
static inline void* pd_ndpi_realloc(void *ptr, size_t size) {
|
||||
return _pcapdroid_realloc(ptr, size, MEMTRACK_NDPI);
|
||||
}
|
||||
|
||||
static inline void pd_ndpi_free(void *ptr) {
|
||||
return _pcapdroid_free(ptr, MEMTRACK_NDPI);
|
||||
}
|
||||
|
||||
@@ -591,8 +591,9 @@ Java_com_emanuelef_remote_1capture_CaptureService_runPacketLoop(JNIEnv *env, jcl
|
||||
jobject vpn, jint sdk) {
|
||||
|
||||
#ifdef PCAPDROID_TRACK_ALLOCS
|
||||
set_ndpi_malloc(pd_ndpi_malloc);
|
||||
set_ndpi_free(pd_ndpi_free);
|
||||
ndpi_set_memory_alloction_functions(pd_ndpi_malloc, pd_ndpi_free,
|
||||
pd_ndpi_calloc, pd_ndpi_realloc, NULL, NULL,
|
||||
pd_ndpi_malloc, pd_ndpi_free);
|
||||
#endif
|
||||
|
||||
init_jni(env);
|
||||
@@ -1079,20 +1080,20 @@ Java_com_emanuelef_remote_1capture_CaptureService_getL7Protocols(JNIEnv *env, jc
|
||||
if(!ndpi)
|
||||
return(NULL);
|
||||
|
||||
NDPI_PROTOCOL_BITMASK protocols;
|
||||
NDPI_BITMASK_SET_ALL(protocols);
|
||||
ndpi_set_protocol_detection_bitmask2(ndpi, &protocols);
|
||||
ndpi_finalize_initialization(ndpi);
|
||||
|
||||
jobject plist = (*env)->NewObject(env, arrayListClass, arrayListNew);
|
||||
if((plist == NULL) || jniCheckException(env))
|
||||
if((plist == NULL) || jniCheckException(env)) {
|
||||
ndpi_exit_detection_module(ndpi);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
bool success = true;
|
||||
int num_protos = (int) ndpi_get_ndpi_num_supported_protocols(ndpi);
|
||||
int num_protos = (int) ndpi_get_num_protocols(ndpi);
|
||||
ndpi_proto_defaults_t* proto_defaults = ndpi_get_proto_defaults(ndpi);
|
||||
|
||||
ndpi_protocol_bitmask_struct_t unique_protos;
|
||||
NDPI_BITMASK_RESET(unique_protos);
|
||||
struct ndpi_bitmask unique_protos;
|
||||
ndpi_bitmask_alloc(&unique_protos, num_protos);
|
||||
|
||||
// NOTE: this does not currently exist as a protocol (see pd_get_proto_name)
|
||||
if(!arraylist_add_string(env, arrayListAdd, plist, "HTTPS")) {
|
||||
@@ -1101,12 +1102,15 @@ Java_com_emanuelef_remote_1capture_CaptureService_getL7Protocols(JNIEnv *env, jc
|
||||
}
|
||||
|
||||
for(int i=0; i<num_protos; i++) {
|
||||
ndpi_protocol n_proto = {proto_defaults[i].protoId, NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED};
|
||||
ndpi_protocol n_proto;
|
||||
memset(&n_proto, 0, sizeof(n_proto));
|
||||
n_proto.proto.master_protocol = proto_defaults[i].protoId;
|
||||
n_proto.proto.app_protocol = NDPI_PROTOCOL_UNKNOWN;
|
||||
uint16_t proto = pd_ndpi2proto(n_proto);
|
||||
//log_d("protos: %d -> %d -> %d", i, proto_defaults[i].protoId, proto);
|
||||
|
||||
if(!NDPI_ISSET(&unique_protos, proto)) {
|
||||
NDPI_SET(&unique_protos, proto);
|
||||
if(!ndpi_bitmask_is_set(&unique_protos, proto)) {
|
||||
ndpi_bitmask_set(&unique_protos, proto);
|
||||
const char *name = ndpi_get_proto_name(ndpi, proto);
|
||||
//log_d("proto: %d %s", proto, name);
|
||||
|
||||
@@ -1118,6 +1122,7 @@ Java_com_emanuelef_remote_1capture_CaptureService_getL7Protocols(JNIEnv *env, jc
|
||||
}
|
||||
|
||||
out:
|
||||
ndpi_bitmask_free(&unique_protos);
|
||||
if(!success) {
|
||||
(*env)->DeleteLocalRef(env, plist);
|
||||
plist = NULL;
|
||||
|
||||
@@ -20,93 +20,94 @@
|
||||
#include "ndpi_api.h"
|
||||
#include "ndpi_protocol_ids.h"
|
||||
|
||||
#define MASTER_PROTOS_MAX_BITS 1024
|
||||
|
||||
/* ******************************************************* */
|
||||
|
||||
// protocols which are not application protocols
|
||||
void init_ndpi_protocols_bitmask(ndpi_protocol_bitmask_struct_t *b) {
|
||||
NDPI_ZERO(b);
|
||||
void init_ndpi_protocols_bitmask(struct ndpi_bitmask *b) {
|
||||
ndpi_bitmask_alloc(b, MASTER_PROTOS_MAX_BITS);
|
||||
|
||||
// https://github.com/ntop/nDPI/blob/dev/src/include/ndpi_protocol_ids.h
|
||||
NDPI_SET(b, NDPI_PROTOCOL_FTP_CONTROL);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_MAIL_POP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_MAIL_SMTP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_MAIL_IMAP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_DNS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_IPP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_HTTP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_MDNS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_NTP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_NETBIOS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_NFS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_SSDP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_SNMP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_XDMCP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_SMBV1);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_SYSLOG);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_DHCP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_POSTGRES);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_MYSQL);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_MAIL_POPS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_TAILSCALE);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_COAP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_VMWARE);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_MAIL_SMTPS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_DTLS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_UBNTAC2);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_BITTORRENT);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_SMBV23);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_RTSP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_MAIL_IMAPS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_ICECAST);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_IRC);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_NATS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_TELNET);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_STUN);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_IPSEC);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_IP_GRE);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_RTP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_RDP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_VNC);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_TLS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_SSH);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_TFTP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_SIP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_DHCPV6);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_KERBEROS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_PPTP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_NETFLOW);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_SFLOW);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_HTTP_CONNECT);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_HTTP_PROXY);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_RADIUS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_TEAMVIEWER);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_OPENVPN);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_CISCOVPN);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_TOR);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_RTCP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_SOCKS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_RTMP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_FTP_DATA);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_ZMQ);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_RESP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_QUIC);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_WIREGUARD);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_DNSCRYPT);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_TINC);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_DNSCRYPT);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_MQTT);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_RX);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_GIT);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_DRDA);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_VALVE_SDR);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_WEBSOCKET);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_Z3950);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_MPEGDASH);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_FTPS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_NATPMP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_SRTP);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_HTTP2);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_PROTOBUF);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_RTPS);
|
||||
NDPI_SET(b, NDPI_PROTOCOL_TRDP);
|
||||
}
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_FTP_CONTROL);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_MAIL_POP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_MAIL_SMTP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_MAIL_IMAP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_DNS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_IPP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_HTTP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_MDNS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_NTP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_NETBIOS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_NFS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_SSDP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_SNMP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_XDMCP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_SMBV1);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_SYSLOG);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_DHCP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_POSTGRES);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_MYSQL);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_MAIL_POPS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_TAILSCALE);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_COAP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_VMWARE);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_MAIL_SMTPS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_DTLS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_UBNTAC2);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_BITTORRENT);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_SMBV23);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_RTSP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_MAIL_IMAPS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_ICECAST);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_IRC);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_NATS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_TELNET);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_STUN);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_IPSEC);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_IP_GRE);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_RTP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_RDP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_VNC);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_TLS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_SSH);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_TFTP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_SIP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_DHCPV6);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_KERBEROS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_PPTP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_NETFLOW);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_SFLOW);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_HTTP_CONNECT);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_HTTP_PROXY);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_RADIUS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_TEAMVIEWER);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_OPENVPN);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_CISCOVPN);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_TOR);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_RTCP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_SOCKS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_RTMP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_FTP_DATA);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_ZMQ);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_RESP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_QUIC);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_WIREGUARD);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_DNSCRYPT);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_TINC);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_MQTT);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_RX);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_GIT);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_DRDA);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_VALVE_SDR);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_WEBSOCKET);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_Z3950);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_MPEGDASH);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_FTPS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_NATPMP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_SRTP);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_HTTP2);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_PROTOBUF);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_RTPS);
|
||||
ndpi_bitmask_set(b, NDPI_PROTOCOL_TRDP);
|
||||
}
|
||||
|
||||
@@ -47,7 +47,7 @@ char *pd_appver = (char*) "";
|
||||
char *pd_device = (char*) "";
|
||||
char *pd_os = (char*) "";
|
||||
|
||||
static ndpi_protocol_bitmask_struct_t masterProtos;
|
||||
static struct ndpi_bitmask masterProtos;
|
||||
static bool masterProtosInit = false;
|
||||
|
||||
/* ******************************************************* */
|
||||
@@ -85,7 +85,7 @@ uint16_t pd_ndpi2proto(ndpi_protocol nproto) {
|
||||
|
||||
// nDPI will still return a disabled protocol (via the bitmask) if it matches some
|
||||
// metadata for it (e.g. the SNI)
|
||||
if(!NDPI_ISSET(&masterProtos, l7proto))
|
||||
if(!ndpi_bitmask_is_set(&masterProtos, l7proto))
|
||||
l7proto = NDPI_PROTOCOL_UNKNOWN;
|
||||
|
||||
//log_d("PROTO: %d/%d -> %d", proto.master_protocol, proto.app_protocol, l7proto);
|
||||
@@ -97,7 +97,7 @@ uint16_t pd_ndpi2proto(ndpi_protocol nproto) {
|
||||
|
||||
static bool is_encrypted_l7(struct ndpi_detection_module_struct *ndpi_str, uint16_t l7proto) {
|
||||
// The ndpi_is_encrypted_proto API does not work reliably as it mixes master protocols with apps
|
||||
if(l7proto >= (NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS))
|
||||
if(l7proto >= ndpi_get_num_protocols(ndpi_str))
|
||||
return false;
|
||||
|
||||
ndpi_proto_defaults_t *proto_defaults = ndpi_get_proto_defaults(ndpi_str);
|
||||
@@ -226,34 +226,37 @@ struct ndpi_detection_module_struct* init_ndpi() {
|
||||
#endif
|
||||
|
||||
struct ndpi_detection_module_struct *ndpi = ndpi_init_detection_module(NULL);
|
||||
NDPI_PROTOCOL_BITMASK protocols;
|
||||
|
||||
if(!ndpi)
|
||||
if(!ndpi) {
|
||||
log_e("ndpi_init_detection_module returned NULL");
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
// needed by pd_get_proto_name
|
||||
// nDPI 5.0: all protocols are enabled by default, no need to set a bitmask
|
||||
|
||||
#ifdef FUZZING
|
||||
// nDPI has a big performance impact on fuzzing.
|
||||
// Only enable some protocols to extract the metadata for use in
|
||||
// PCAPdroid, we are not fuzzing nDPI!
|
||||
ndpi_set_config(ndpi, "all", "enable", "0");
|
||||
ndpi_set_config(ndpi, "DNS", "enable", "1");
|
||||
ndpi_set_config(ndpi, "HTTP", "enable", "1");
|
||||
//ndpi_set_config(ndpi, "TLS", "enable", "1");
|
||||
#endif
|
||||
|
||||
int rc = ndpi_finalize_initialization(ndpi);
|
||||
if(rc != 0) {
|
||||
log_e("ndpi_finalize_initialization failed: %d", rc);
|
||||
ndpi_exit_detection_module(ndpi);
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
// needed by pd_get_proto_name (must be after finalize)
|
||||
if(!masterProtosInit) {
|
||||
init_ndpi_protocols_bitmask(&masterProtos);
|
||||
masterProtosInit = true;
|
||||
}
|
||||
|
||||
#ifndef FUZZING
|
||||
// enable all the protocols
|
||||
NDPI_BITMASK_SET_ALL(protocols);
|
||||
#else
|
||||
// nDPI has a big performance impact on fuzzing.
|
||||
// Only enable some protocols to extract the metadata for use in
|
||||
// PCAPdroid, we are not fuzzing nDPI!
|
||||
NDPI_BITMASK_RESET(protocols);
|
||||
NDPI_BITMASK_ADD(protocols, NDPI_PROTOCOL_DNS);
|
||||
NDPI_BITMASK_ADD(protocols, NDPI_PROTOCOL_HTTP);
|
||||
//NDPI_BITMASK_ADD(protocols, NDPI_PROTOCOL_TLS);
|
||||
#endif
|
||||
|
||||
ndpi_set_protocol_detection_bitmask2(ndpi, &protocols);
|
||||
|
||||
ndpi_finalize_initialization(ndpi);
|
||||
|
||||
#ifdef FUZZING
|
||||
ndpi_cache = ndpi;
|
||||
#endif
|
||||
@@ -570,9 +573,7 @@ void pd_giveup_dpi(pcapdroid_t *pd, pd_conn_t *data, const zdtun_5tuple_t *tuple
|
||||
return;
|
||||
|
||||
if(data->l7proto == NDPI_PROTOCOL_UNKNOWN) {
|
||||
uint8_t proto_guessed;
|
||||
struct ndpi_proto n_proto = ndpi_detection_giveup(pd->ndpi, data->ndpi_flow,
|
||||
&proto_guessed);
|
||||
struct ndpi_proto n_proto = ndpi_detection_giveup(pd->ndpi, data->ndpi_flow);
|
||||
data->l7proto = pd_ndpi2proto(n_proto);
|
||||
data->encrypted_l7 = is_encrypted_l7(pd->ndpi, data->l7proto);
|
||||
}
|
||||
@@ -754,7 +755,7 @@ static void perform_dpi(pcapdroid_t *pd, pkt_context_t *pctx) {
|
||||
process_dns_reply(data, pd, pkt);
|
||||
|
||||
if(giveup || ((data->l7proto != NDPI_PROTOCOL_UNKNOWN) &&
|
||||
!ndpi_extra_dissection_possible(pd->ndpi, data->ndpi_flow)))
|
||||
(n_proto.state >= NDPI_STATE_MONITORING)))
|
||||
pd_giveup_dpi(pd, data, &pkt->tuple); // calls process_ndpi_data
|
||||
else
|
||||
process_ndpi_data(pd, &pkt->tuple, data);
|
||||
|
||||
@@ -452,7 +452,7 @@ bool getCountryCode(pcapdroid_t *pd, const char *host, char out[3]);
|
||||
#endif // ANDROID
|
||||
|
||||
// Internals
|
||||
void init_ndpi_protocols_bitmask(ndpi_protocol_bitmask_struct_t *b);
|
||||
void init_ndpi_protocols_bitmask(struct ndpi_bitmask *b);
|
||||
void load_ndpi_hosts(struct ndpi_detection_module_struct *ndpi);
|
||||
uint32_t crc32(u_char *buf, size_t len, uint32_t crc);
|
||||
char* get_allocs_summary();
|
||||
|
||||
@@ -103,9 +103,6 @@
|
||||
/* Define to 1 if you have the <linux/usbdevice_fs.h> header file. */
|
||||
/* #undef HAVE_LINUX_USBDEVICE_FS_H */
|
||||
|
||||
/* Define to 1 if you have the <linux/wireless.h> header file. */
|
||||
#define HAVE_LINUX_WIRELESS_H 1
|
||||
|
||||
/* Define to 1 if you have the <netpacket/packet.h> header file. */
|
||||
#define HAVE_NETPACKET_PACKET_H 1
|
||||
|
||||
@@ -139,7 +136,7 @@
|
||||
/* Use OpenSSL */
|
||||
/* #undef HAVE_OPENSSL */
|
||||
|
||||
/* if there's an os_proto.h for this platform, to use additional prototypes */
|
||||
/* if there's an os-proto.h for this platform, to use additional prototypes */
|
||||
/* #undef HAVE_OS_PROTO_H */
|
||||
|
||||
/* Define to 1 if you have a POSIX-style `strerror_r' function. */
|
||||
@@ -257,6 +254,9 @@
|
||||
/* Define to 1 if you have the 'vsyslog' function. */
|
||||
#define HAVE_VSYSLOG 1
|
||||
|
||||
/* Define to 1 if you have the <zone.h> header file. */
|
||||
/* #undef HAVE_ZONE_H */
|
||||
|
||||
/* Define to 1 if you have the '_wcserror_s' function. */
|
||||
/* #undef HAVE__WCSERROR_S */
|
||||
|
||||
@@ -288,7 +288,7 @@
|
||||
#define PACKAGE_NAME "pcap"
|
||||
|
||||
/* Define to the full name and version of this package. */
|
||||
#define PACKAGE_STRING "pcap 1.10.5"
|
||||
#define PACKAGE_STRING "pcap 1.10.6"
|
||||
|
||||
/* Define to the one symbol short name of this package. */
|
||||
#define PACKAGE_TARNAME "pcap"
|
||||
@@ -297,7 +297,7 @@
|
||||
#define PACKAGE_URL ""
|
||||
|
||||
/* Define to the version of this package. */
|
||||
#define PACKAGE_VERSION "1.10.5"
|
||||
#define PACKAGE_VERSION "1.10.6"
|
||||
|
||||
/* target host supports Bluetooth sniffing */
|
||||
/* #undef PCAP_SUPPORT_BT */
|
||||
|
||||
+448
-461
File diff suppressed because it is too large
Load Diff
@@ -183,7 +183,7 @@ extern int pcap_debug;
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
union YYSTYPE
|
||||
{
|
||||
#line 357 "grammar.y"
|
||||
#line 344 "grammar.y"
|
||||
|
||||
int i;
|
||||
bpf_u_int32 h;
|
||||
|
||||
+194
-216
File diff suppressed because it is too large
Load Diff
@@ -761,7 +761,7 @@ extern int yylex \
|
||||
#undef yyTABLES_NAME
|
||||
#endif
|
||||
|
||||
#line 504 "scanner.l"
|
||||
#line 482 "scanner.l"
|
||||
|
||||
|
||||
#line 767 "scanner.h"
|
||||
|
||||
+442
-229
File diff suppressed because it is too large
Load Diff
@@ -95,16 +95,16 @@
|
||||
/* #undef NDPI_ENABLE_DEBUG_MESSAGES */
|
||||
|
||||
/* Last GIT change */
|
||||
#define NDPI_GIT_DATE "Sat Mar 22 16:35:45 2025 +0100"
|
||||
#define NDPI_GIT_DATE "Sat Feb 28 23:29:08 2026 +0100"
|
||||
|
||||
/* GIT Release */
|
||||
#define NDPI_GIT_RELEASE "4.12.0-5035-ce606bf"
|
||||
#define NDPI_GIT_RELEASE "5.0.0-5584-ab51f43"
|
||||
|
||||
/* nDPI major release */
|
||||
#define NDPI_MAJOR_RELEASE "4"
|
||||
#define NDPI_MAJOR_RELEASE "5"
|
||||
|
||||
/* nDPI minor release */
|
||||
#define NDPI_MINOR_RELEASE "12"
|
||||
#define NDPI_MINOR_RELEASE "0"
|
||||
|
||||
/* nDPI patch level */
|
||||
#define NDPI_PATCH_LEVEL "0"
|
||||
@@ -122,7 +122,7 @@
|
||||
#define PACKAGE_NAME "libndpi"
|
||||
|
||||
/* Define to the full name and version of this package. */
|
||||
#define PACKAGE_STRING "libndpi 4.12.0"
|
||||
#define PACKAGE_STRING "libndpi 5.0.0"
|
||||
|
||||
/* Define to the one symbol short name of this package. */
|
||||
#define PACKAGE_TARNAME "libndpi"
|
||||
@@ -131,7 +131,7 @@
|
||||
#define PACKAGE_URL ""
|
||||
|
||||
/* Define to the version of this package. */
|
||||
#define PACKAGE_VERSION "4.12.0"
|
||||
#define PACKAGE_VERSION "5.0.0"
|
||||
|
||||
/* Define to necessary symbol if this constant uses a non-standard name on
|
||||
your system. */
|
||||
@@ -145,11 +145,8 @@
|
||||
/* Use locally installed libgcrypt instead of builtin gcrypt-light */
|
||||
/* #undef USE_HOST_LIBGCRYPT */
|
||||
|
||||
/* Use CRoaring 2.1.x */
|
||||
/* #undef USE_ROARING_V2 */
|
||||
|
||||
/* Version number of package */
|
||||
#define VERSION "4.12.0"
|
||||
#define VERSION "5.0.0"
|
||||
|
||||
/* Define to '__inline__' or '__inline' if that's what the C compiler
|
||||
calls it, or to nothing if 'inline' is not supported under any name. */
|
||||
|
||||
@@ -30,7 +30,7 @@
|
||||
* The #define below is used for apps that dynamically link with nDPI to make
|
||||
* sure that datastructures and in sync across versions
|
||||
*/
|
||||
#define NDPI_API_VERSION 11721
|
||||
#define NDPI_API_VERSION 13709
|
||||
|
||||
/*
|
||||
gcc -E -dM - < /dev/null |grep ENDIAN
|
||||
@@ -89,19 +89,9 @@
|
||||
|
||||
#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t
|
||||
|
||||
/**
|
||||
* convenience macro to check for excluded protocol
|
||||
* a protocol is excluded if the flow is known and either the protocol is not detected at all
|
||||
* or the excluded bitmask contains the protocol
|
||||
*/
|
||||
#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \
|
||||
( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \
|
||||
NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) )
|
||||
|
||||
#define MAX_DEFAULT_PORTS 5
|
||||
|
||||
#define NDPI_EXCLUDE_PROTO(mod,flow) ndpi_exclude_protocol(mod, flow, NDPI_CURRENT_PROTO, __FILE__, __FUNCTION__, __LINE__)
|
||||
#define NDPI_EXCLUDE_PROTO_EXT(mod,flow,proto) ndpi_exclude_protocol(mod, flow, proto, __FILE__, __FUNCTION__, __LINE__)
|
||||
#define NDPI_EXCLUDE_DISSECTOR(mod,flow) exclude_dissector(mod, flow, mod->current_dissector_idx, __FILE__, __FUNCTION__, __LINE__)
|
||||
|
||||
/**
|
||||
* macro for getting the string len of a static string
|
||||
@@ -114,44 +104,14 @@
|
||||
#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \
|
||||
((x.u6_addr.u6_addr64[0] < y.u6_addr.u6_addr64[0]) || ((x.u6_addr.u6_addr64[0] == y.u6_addr.u6_addr64[0]) && (x.u6_addr.u6_addr64[1] < y.u6_addr.u6_addr64[1])))
|
||||
|
||||
#define NDPI_NUM_BITS 512
|
||||
#define NDPI_NUM_BITS_MASK (512-1)
|
||||
|
||||
#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */
|
||||
#define howmanybits(x, y) (((x)+((y)-1))/(y))
|
||||
|
||||
|
||||
#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1ul << (((u_int32_t)n) % NDPI_BITS)))
|
||||
#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1ul << (((u_int32_t)n) % NDPI_BITS)))
|
||||
#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1ul << (((u_int32_t)n) % NDPI_BITS)))
|
||||
#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p)))
|
||||
#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p)))
|
||||
|
||||
#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS)
|
||||
|
||||
#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t
|
||||
|
||||
#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b)
|
||||
#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b)
|
||||
#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a)
|
||||
#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a)
|
||||
#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); }
|
||||
|
||||
#define NDPI_SET_BIT(num, n) num |= 1ULL << ( n )
|
||||
#define NDPI_CLR_BIT(num, n) num &= ~(1ULL << ( n ))
|
||||
#define NDPI_CLR_BIT(num, n) num &= ~(1ULL << ( n ))
|
||||
#define NDPI_ISSET_BIT(num, n) (num & (1ULL << ( n )))
|
||||
#define NDPI_ZERO_BIT(num) num = 0
|
||||
|
||||
/* this is a very very tricky macro *g*,
|
||||
* the compiler will remove all shifts here if the protocol is static...
|
||||
*/
|
||||
#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask, value & NDPI_NUM_BITS_MASK)
|
||||
#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask, value & NDPI_NUM_BITS_MASK)
|
||||
#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask, value & NDPI_NUM_BITS_MASK)
|
||||
|
||||
#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); }
|
||||
|
||||
#define NDPI_ONES_BIT(num) num = -1;
|
||||
|
||||
#define ndpi_min(a,b) ((a < b) ? a : b)
|
||||
#define ndpi_max(a,b) ((a > b) ? a : b)
|
||||
@@ -176,7 +136,16 @@
|
||||
|
||||
/* the get_uXX will return raw network packet bytes !! */
|
||||
#define get_u_int8_t(X,O) (*(u_int8_t *)((&(((u_int8_t *)X)[O]))))
|
||||
#if defined(__arm__)
|
||||
static inline uint16_t get_u_int16_t(const uint8_t* X, int O)
|
||||
{
|
||||
uint16_t tmp;
|
||||
memcpy(&tmp, X + O, sizeof(tmp));
|
||||
return tmp;
|
||||
}
|
||||
#else
|
||||
#define get_u_int16_t(X,O) (*(u_int16_t *)((&(((u_int8_t *)X)[O]))))
|
||||
#endif // __arm__
|
||||
#if defined(__arm__)
|
||||
static inline uint32_t get_u_int32_t(const uint8_t* X, int O)
|
||||
{
|
||||
@@ -188,8 +157,6 @@ static inline uint32_t get_u_int32_t(const uint8_t* X, int O)
|
||||
#define get_u_int32_t(X,O) (*(u_int32_t *)((&(((u_int8_t *)X)[O]))))
|
||||
#endif // __arm__
|
||||
#if defined(__arm__)
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
static inline uint64_t get_u_int64_t(const uint8_t* X, int O)
|
||||
{
|
||||
uint64_t tmp;
|
||||
@@ -230,13 +197,13 @@ static inline uint64_t get_u_int64_t(const uint8_t* X, int O)
|
||||
|
||||
#endif /* WIN32 */
|
||||
|
||||
#define NDPI_MAX_DNS_REQUESTS 16
|
||||
#define NDPI_MIN_NUM_STUN_DETECTION 8
|
||||
|
||||
#define NDPI_MAJOR 4
|
||||
#define NDPI_MINOR 12
|
||||
#define NDPI_MAJOR 5
|
||||
#define NDPI_MINOR 0
|
||||
#define NDPI_PATCH 0
|
||||
|
||||
#define NDPI_MAX_DNS_REQUESTS 48
|
||||
#define NDPI_MIN_NUM_STUN_DETECTION 8
|
||||
|
||||
/* IMPORTANT: order according to its severity */
|
||||
#define NDPI_CIPHER_SAFE 0
|
||||
#define NDPI_CIPHER_WEAK 1
|
||||
@@ -409,4 +376,7 @@ static inline uint64_t get_u_int64_t(const uint8_t* X, int O)
|
||||
|
||||
#define MAX_NBPF_CUSTOM_PROTO 8
|
||||
|
||||
/* Unused parameters can be silenced as follows */
|
||||
#define __ndpi_unused_param(x) (void)(x)
|
||||
|
||||
#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */
|
||||
|
||||
+1
-1
Submodule submodules/nDPI updated: 2083215659...40a1605bf7
Reference in New Issue
Block a user