本文整理汇总了C++中NDPI_ADD_PROTOCOL_TO_BITMASK函数的典型用法代码示例。如果您正苦于以下问题:C++ NDPI_ADD_PROTOCOL_TO_BITMASK函数的具体用法?C++ NDPI_ADD_PROTOCOL_TO_BITMASK怎么用?C++ NDPI_ADD_PROTOCOL_TO_BITMASK使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了NDPI_ADD_PROTOCOL_TO_BITMASK函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: ndpi_check_citrix
static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int32_t payload_len = packet->payload_packet_len;
#if 0
printf("[len=%u][%02X %02X %02X %02X]\n", payload_len,
packet->payload[0] & 0xFF,
packet->payload[1] & 0xFF,
packet->payload[2] & 0xFF,
packet->payload[3] & 0xFF);
#endif
if(packet->tcp != NULL) {
flow->l4.tcp.citrix_packet_id++;
if((flow->l4.tcp.citrix_packet_id == 3)
/* We have seen the 3-way handshake */
&& flow->l4.tcp.seen_syn
&& flow->l4.tcp.seen_syn_ack
&& flow->l4.tcp.seen_ack) {
if(payload_len == 6) {
char citrix_header[] = { 0x07, 0x07, 0x49, 0x43, 0x41, 0x00 };
if(memcmp(packet->payload, citrix_header, sizeof(citrix_header)) == 0) {
NDPI_LOG(NDPI_PROTOCOL_CITRIX, ndpi_struct, NDPI_LOG_DEBUG, "Found citrix.\n");
ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX, NDPI_REAL_PROTOCOL);
}
return;
} else if(payload_len > 4) {
char citrix_header[] = { 0x1a, 0x43, 0x47, 0x50, 0x2f, 0x30, 0x31 };
if((memcmp(packet->payload, citrix_header, sizeof(citrix_header)) == 0)
|| (ndpi_strnstr(packet->payload, "Citrix.TcpProxyService", payload_len) != NULL)) {
NDPI_LOG(NDPI_PROTOCOL_CITRIX, ndpi_struct, NDPI_LOG_DEBUG, "Found citrix.\n");
ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX, NDPI_REAL_PROTOCOL);
}
return;
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX);
} else if(flow->l4.tcp.citrix_packet_id > 3)
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX);
return;
}
}示例2: ndpi_search_collectd
void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int len = 0;
NDPI_LOG(NDPI_PROTOCOL_COLLECTD, ndpi_struct, NDPI_LOG_DEBUG, "search collectd.\n");
if (packet->udp == NULL) return;
while(len < packet->payload_packet_len) {
// u_int16_t elem_type = ntohs(*((u_int16_t*)&packet->payload[len]));
u_int16_t elem_len = ntohs(*((u_int16_t*)&packet->payload[len+2]));
if (elem_len == 0) break;
len += elem_len;
}
if(len == packet->payload_packet_len) {
NDPI_LOG(NDPI_PROTOCOL_COLLECTD, ndpi_struct, NDPI_LOG_DEBUG, "found COLLECTD.\n");
ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_COLLECTD, NDPI_REAL_PROTOCOL);
} else {
NDPI_LOG(NDPI_PROTOCOL_COLLECTD, ndpi_struct, NDPI_LOG_DEBUG, "exclude COLLECTD.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_COLLECTD);
}
}示例3: ndpi_search_rtcp
void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int16_t dport = 0, sport = 0;
NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "search for RTCP.\n");
if(packet->tcp != NULL) {
sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over tcp.\n");
if(packet->payload_packet_len > 13 && (sport == 554 || dport == 554) &&
packet->payload[0] == 0x00 && packet->payload[1] == 0x00 &&
packet->payload[2] == 0x01 && packet->payload[3] == 0x01 &&
packet->payload[4] == 0x08 && packet->payload[5] == 0x0a &&
packet->payload[6] == 0x00 && packet->payload[7] == 0x01) {
NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "found rtcp.\n");
ndpi_int_rtcp_add_connection(ndpi_struct, flow);
}
} else if(packet->udp != NULL) {
sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest);
NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over udp.\n");
if(((packet->payload_packet_len >= 28 || packet->payload_packet_len <= 1200) &&
((packet->payload[0] == 0x80) && ((packet->payload[1] == 0xc8) || (packet->payload[1] == 0xc9)) && (packet->payload[2] == 0x00)))
|| (((packet->payload[0] == 0x81) && ((packet->payload[1] == 0xc8) || (packet->payload[1] == 0xc9))
&& (packet->payload[2] == 0x00)))) {
NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "found rtcp.\n");
ndpi_int_rtcp_add_connection(ndpi_struct, flow);
}
} else {
NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude RTCP.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP);
}
}示例4: ndpi_search_fiesta
void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// struct ndpi_id_struct *src=ndpi_struct->src;
// struct ndpi_id_struct *dst=ndpi_struct->dst;
NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "search fiesta.\n");
if (flow->l4.tcp.fiesta_stage == 0 && packet->payload_packet_len == 5
&& get_u_int16_t(packet->payload, 0) == ntohs(0x0407)
&& (packet->payload[2] == 0x08)
&& (packet->payload[4] == 0x00 || packet->payload[4] == 0x01)) {
NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "maybe fiesta symmetric, first packet.\n");
flow->l4.tcp.fiesta_stage = 1 + packet->packet_direction;
goto maybe_fiesta;
}
if (flow->l4.tcp.fiesta_stage == (2 - packet->packet_direction)
&& ((packet->payload_packet_len > 1 && packet->payload_packet_len - 1 == packet->payload[0])
|| (packet->payload_packet_len > 3 && packet->payload[0] == 0
&& get_l16(packet->payload, 1) == packet->payload_packet_len - 3))) {
NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "Maybe fiesta.\n");
goto maybe_fiesta;
}
if (flow->l4.tcp.fiesta_stage == (1 + packet->packet_direction)) {
if (packet->payload_packet_len == 4 && get_u_int32_t(packet->payload, 0) == htonl(0x03050c01)) {
goto add_fiesta;
}
if (packet->payload_packet_len == 5 && get_u_int32_t(packet->payload, 0) == htonl(0x04030c01)
&& packet->payload[4] == 0) {
goto add_fiesta;
}
if (packet->payload_packet_len == 6 && get_u_int32_t(packet->payload, 0) == htonl(0x050e080b)) {
goto add_fiesta;
}
if (packet->payload_packet_len == 100 && packet->payload[0] == 0x63 && packet->payload[61] == 0x52
&& packet->payload[81] == 0x5a && get_u_int16_t(packet->payload, 1) == htons(0x3810)
&& get_u_int16_t(packet->payload, 62) == htons(0x6f75)) {
goto add_fiesta;
}
if (packet->payload_packet_len > 3 && packet->payload_packet_len - 1 == packet->payload[0]
&& get_u_int16_t(packet->payload, 1) == htons(0x140c)) {
goto add_fiesta;
}
}
NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "exclude fiesta.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FIESTA);
return;
maybe_fiesta:
NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "Stage is set to %d.\n", flow->l4.tcp.fiesta_stage);
return;
add_fiesta:
NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "detected fiesta.\n");
ndpi_int_fiesta_add_connection(ndpi_struct, flow);
return;
}示例5: ndpi_check_radius
static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// const u_int8_t *packet_payload = packet->payload;
u_int32_t payload_len = packet->payload_packet_len;
#if 0
printf("[len=%u][%02X %02X %02X %02X]\n", payload_len,
packet->payload[0] & 0xFF,
packet->payload[1] & 0xFF,
packet->payload[2] & 0xFF,
packet->payload[3] & 0xFF);
#endif
if(packet->udp != NULL) {
struct radius_header *h = (struct radius_header*)packet->payload;
h->len = ntohs(h->len);
if((payload_len > sizeof(struct radius_header))
&& (h->code <= 5)
&& (h->len == payload_len)) {
NDPI_LOG(NDPI_PROTOCOL_RADIUS, ndpi_struct, NDPI_LOG_DEBUG, "Found radius.\n");
ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RADIUS, NDPI_REAL_PROTOCOL);
return;
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RADIUS);
return;
}
}示例6: ndpi_search_twitter
void ndpi_search_twitter(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
/*
Twitter AS34702
http://bgp.he.net/AS13414
*/
if(flow->packet.iph) {
// IPv4
u_int32_t src = ntohl(flow->packet.iph->saddr);
u_int32_t dst = ntohl(flow->packet.iph->daddr);
if(ndpi_ips_match(src, dst, 0xC0854C00, 22) /* 192.133.76.0/22 */
|| ndpi_ips_match(src, dst, 0xC7109C00, 22) /* 199.16.156.0/22 */
|| ndpi_ips_match(src, dst, 0xC73B9400, 22) /* 199.59.148.0/22 */
|| ndpi_ips_match(src, dst, 0xC7603A00, 23) /* 199.96.58.0/23 */
|| ndpi_ips_match(src, dst, 0xC7603E00, 23) /* 199.96.62.0/23 */
) {
ndpi_int_twitter_add_connection(ndpi_struct, flow);
return;
}
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_SERVICE_TWITTER);
}示例7: ndpi_search_dhcp_udp
void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// struct ndpi_id_struct *src=ndpi_struct->src;
// struct ndpi_id_struct *dst=ndpi_struct->dst;
/* this detection also works for asymmetric dhcp traffic */
/*check standard DHCP 0.0.0.0:68 -> 255.255.255.255:67 */
if (packet->payload_packet_len >= 244
&& (packet->udp->source == htons(67)
|| packet->udp->source == htons(68))
&& (packet->udp->dest == htons(67)
|| packet->udp->dest == htons(68))
&& get_u_int32_t(packet->payload, 236) == htonl(0x63825363)
&& get_u_int16_t(packet->payload, 240) == htons(0x3501)) {
NDPI_LOG(NDPI_PROTOCOL_DHCP, ndpi_struct, NDPI_LOG_DEBUG,
"DHCP request\n");
ndpi_int_dhcp_add_connection(ndpi_struct, flow);
return;
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask,
NDPI_PROTOCOL_DHCP);
}示例8: ndpi_int_search_thunder_udp
static inline
#else
__forceinline static
#endif
void ndpi_int_search_thunder_udp(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// struct ndpi_id_struct *src=ndpi_struct->src;
// struct ndpi_id_struct *dst=ndpi_struct->dst;
if (packet->payload_packet_len > 8 && packet->payload[0] >= 0x30
&& packet->payload[0] < 0x40 && packet->payload[1] == 0 && packet->payload[2] == 0 && packet->payload[3] == 0) {
if (flow->thunder_stage == 3) {
NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, "THUNDER udp detected\n");
ndpi_int_thunder_add_connection(ndpi_struct, flow, NDPI_REAL_PROTOCOL);
return;
}
flow->thunder_stage++;
NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG,
"maybe thunder udp packet detected, stage increased to %u\n", flow->thunder_stage);
return;
}
NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG,
"excluding thunder udp at stage %u\n", flow->thunder_stage);
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_THUNDER);
}示例9: ndpi_search_tftp
void ndpi_search_tftp(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "search TFTP.\n");
if (packet->payload_packet_len > 3 && flow->l4.udp.tftp_stage == 0
&& ntohl(get_u_int32_t(packet->payload, 0)) == 0x00030001) {
NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "maybe tftp. need next packet.\n");
flow->l4.udp.tftp_stage = 1;
return;
}
if (packet->payload_packet_len > 3 && (flow->l4.udp.tftp_stage == 1)
&& ntohl(get_u_int32_t(packet->payload, 0)) == 0x00040001) {
NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "found tftp.\n");
ndpi_int_tftp_add_connection(ndpi_struct, flow);
return;
}
if (packet->payload_packet_len > 1
&& ((packet->payload[0] == 0 && packet->payload[packet->payload_packet_len - 1] == 0)
|| (packet->payload_packet_len == 4 && ntohl(get_u_int32_t(packet->payload, 0)) == 0x00040000))) {
NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "skip initial packet.\n");
return;
}
NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude TFTP.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TFTP);
}示例10: ndpi_search_pando
void ndpi_search_pando(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
/* Break after 20 packets. */
if (flow->packet_counter > 20) {
NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_TRACE, "PANDO excluded.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PANDO);
return;
}
/* skip marked or retransmitted packets */
if (packet->tcp_retransmission != 0) {
return;
}
if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_PANDO) {
return;
}
NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_TRACE, "PANDO detection...\n");
ndpi_check_pando_tcp(ndpi_struct, flow);
if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_PANDO) {
return;
}
ndpi_check_pando_udp(ndpi_struct, flow);
}示例11: ndpi_search_direct_download_link_tcp
void ndpi_search_direct_download_link_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// struct ndpi_id_struct *src=ndpi_struct->src;
// struct ndpi_id_struct *dst=ndpi_struct->dst;
#if 0
if (ndpi_struct->direct_download_link_counter_callback != NULL) {
if (packet->detected_protocol == NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) {
/* skip packets not requests from the client to the server */
if (packet->packet_direction == flow->l4.tcp.ddlink_server_direction) {
search_ddl_domains(ndpi_struct, flow); // do the detection again in order to get the URL in keep alive streams
} else {
// just count the packet
ndpi_struct->direct_download_link_counter_callback(flow->hash_id_number, packet->l3_packet_len);
}
}
return;
}
#endif
// do not detect again if it is already ddl
if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) {
if (search_ddl_domains(ndpi_struct, flow) != 0) {
return;
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK);
}
}示例12: ndpi_search_telegram
void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int16_t dport /* , sport */;
NDPI_LOG(NDPI_PROTOCOL_TELEGRAM, ndpi_struct, NDPI_LOG_TRACE, "TELEGRAM detection...\n");
if (packet->payload_packet_len == 0)
return;
if (packet->tcp != NULL) {
if (packet->payload_packet_len > 56) {
dport = ntohs(packet->tcp->dest);
/* sport = ntohs(packet->tcp->source); */
if (packet->payload[0] == 0xef && (
dport == 443 || dport == 80 || dport == 25
)) {
if (packet->payload[1] == 0x7f) {
ndpi_int_telegram_add_connection(ndpi_struct, flow);
}
else if (packet->payload[1]*4 <= packet->payload_packet_len - 1) {
ndpi_int_telegram_add_connection(ndpi_struct, flow);
}
return;
}
}
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TELEGRAM);
}示例13: ndpi_search_skinny
void ndpi_search_skinny(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int16_t dport = 0, sport = 0;
const char pattern_9_bytes[9] = { 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
const char pattern_8_bytes[8] = { 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
const char keypadmsg_8_bytes[8] = { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
const char selectmsg_8_bytes[8] = { 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "search for SKINNY.\n");
if(packet->tcp != NULL) {
sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "calculating SKINNY over tcp.\n");
if (dport == 2000 && ((packet->payload_packet_len == 24 &&
memcmp(&packet->payload[0], keypadmsg_8_bytes, 8) == 0)
|| ((packet->payload_packet_len == 64) && memcmp(&packet->payload[0], pattern_8_bytes, 8) == 0))) {
NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "found skinny.\n");
ndpi_int_skinny_add_connection(ndpi_struct, flow);
} else if (sport == 2000 && ((packet->payload_packet_len == 28 &&
memcmp(&packet->payload[0], selectmsg_8_bytes, 8) == 0 ) ||
(packet->payload_packet_len == 44 &&
memcmp(&packet->payload[0], pattern_9_bytes, 9) == 0))) {
NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "found skinny.\n");
ndpi_int_skinny_add_connection(ndpi_struct, flow);
}
} else {
NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "exclude SKINNY.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKINNY);
}
}示例14: ndpi_search_rsync
void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int16_t dport = 0, sport = 0;
NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "search for RSYNC.\n");
if(packet->tcp != NULL) {
sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "calculating RSYNC over tcp.\n");
/*
* Should match: memcmp(packet->payload, "@RSYN NCD: 28", 14) == 0)
*/
if (packet->payload_packet_len == 12 && packet->payload[0] == 0x40 &&
packet->payload[1] == 0x52 && packet->payload[2] == 0x53 &&
packet->payload[3] == 0x59 && packet->payload[4] == 0x4e &&
packet->payload[5] == 0x43 && packet->payload[6] == 0x44 &&
packet->payload[7] == 0x3a ) {
NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "found rsync.\n");
ndpi_int_rsync_add_connection(ndpi_struct, flow);
}
} else {
NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "exclude RSYNC.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RSYNC);
}
}示例15: ndpi_search_oracle
void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int16_t dport = 0, sport = 0;
NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "search for ORACLE.\n");
if(packet->tcp != NULL) {
sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "calculating ORACLE over tcp.\n");
/* Oracle Database 9g,10g,11g */
if ((dport == 1521 || sport == 1521)
&& (((packet->payload[0] == 0x07) && (packet->payload[1] == 0xff) && (packet->payload[2] == 0x00))
|| ((packet->payload_packet_len >= 232) && ((packet->payload[0] == 0x00) || (packet->payload[0] == 0x01))
&& (packet->payload[1] != 0x00)
&& (packet->payload[2] == 0x00)
&& (packet->payload[3] == 0x00)))) {
NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "found oracle.\n");
ndpi_int_oracle_add_connection(ndpi_struct, flow);
} else if (packet->payload_packet_len == 213 && packet->payload[0] == 0x00 &&
packet->payload[1] == 0xd5 && packet->payload[2] == 0x00 &&
packet->payload[3] == 0x00 ) {
NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "found oracle.\n");
ndpi_int_oracle_add_connection(ndpi_struct, flow);
}
} else {
NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "exclude ORACLE.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ORACLE);
}
}