├── AUTHORS ├── COPYING ├── ChangeLog ├── Makefile.am ├── NEWS ├── OpenDPI-Manual.pdf ├── README ├── autogen.sh ├── configure.ac └── src ├── .svn ├── all-wcprops └── entries ├── examples ├── .svn │ ├── all-wcprops │ └── entries └── OpenDPI_demo │ ├── .svn │ ├── all-wcprops │ ├── entries │ ├── prop-base │ │ ├── OpenDPI_demo.c.svn-base │ │ └── linux_compat.h.svn-base │ └── text-base │ │ ├── Makefile.am.svn-base │ │ ├── OpenDPI_demo.c.svn-base │ │ └── linux_compat.h.svn-base │ ├── Makefile.am │ ├── OpenDPI_demo.c │ └── linux_compat.h ├── include ├── .svn │ ├── all-wcprops │ ├── entries │ ├── prop-base │ │ ├── ipq_api.h.svn-base │ │ ├── ipq_basic_def.h.svn-base │ │ ├── ipq_debug_functions.h.svn-base │ │ ├── ipq_macros.h.svn-base │ │ ├── ipq_protocols_osdpi.h.svn-base │ │ └── ipq_public_functions.h.svn-base │ └── text-base │ │ ├── Makefile.am.svn-base │ │ ├── ipq_api.h.svn-base │ │ ├── ipq_basic_def.h.svn-base │ │ ├── ipq_debug_functions.h.svn-base │ │ ├── ipq_macros.h.svn-base │ │ ├── ipq_protocols_osdpi.h.svn-base │ │ └── ipq_public_functions.h.svn-base ├── Makefile.am ├── ipq_api.h ├── ipq_basic_def.h ├── ipq_debug_functions.h ├── ipq_macros.h ├── ipq_protocols_osdpi.h └── ipq_public_functions.h └── lib ├── .svn ├── all-wcprops ├── entries ├── prop-base │ ├── ipq_main.c.svn-base │ ├── ipq_main.h.svn-base │ ├── ipq_protocol_history.h.svn-base │ ├── ipq_protocols.h.svn-base │ ├── ipq_structs.h.svn-base │ ├── ipq_utils.h.svn-base │ └── linux_compat.h.svn-base └── text-base │ ├── Makefile.am.svn-base │ ├── ipq_main.c.svn-base │ ├── ipq_main.h.svn-base │ ├── ipq_protocol_history.h.svn-base │ ├── ipq_protocols.h.svn-base │ ├── ipq_structs.h.svn-base │ ├── ipq_utils.h.svn-base │ └── linux_compat.h.svn-base ├── Makefile.am ├── ipq_main.c ├── ipq_main.h ├── ipq_protocol_history.h ├── ipq_protocols.h ├── ipq_structs.h ├── ipq_utils.h ├── linux_compat.h └── protocols ├── .svn ├── all-wcprops ├── entries ├── prop-base │ ├── afp.c.svn-base │ ├── aimini.c.svn-base │ ├── applejuice.c.svn-base │ ├── armagetron.c.svn-base │ ├── battlefield.c.svn-base │ ├── bgp.c.svn-base │ ├── bittorrent.c.svn-base │ ├── crossfire.c.svn-base │ ├── dhcp.c.svn-base │ ├── dhcpv6.c.svn-base │ ├── directconnect.c.svn-base │ ├── directdownloadlink.c.svn-base │ ├── dns.c.svn-base │ ├── dofus.c.svn-base │ ├── edonkey.c.svn-base │ ├── fasttrack.c.svn-base │ ├── feidian.c.svn-base │ ├── fiesta.c.svn-base │ ├── filetopia.c.svn-base │ ├── flash.c.svn-base │ ├── florensia.c.svn-base │ ├── ftp.c.svn-base │ ├── gadu_gadu.c.svn-base │ ├── gnutella.c.svn-base │ ├── guildwars.c.svn-base │ ├── halflife2_and_mods.c.svn-base │ ├── http.c.svn-base │ ├── http_activesync.c.svn-base │ ├── i23v5.c.svn-base │ ├── iax.c.svn-base │ ├── icecast.c.svn-base │ ├── imesh.c.svn-base │ ├── ipp.c.svn-base │ ├── irc.c.svn-base │ ├── jabber.c.svn-base │ ├── kerberos.c.svn-base │ ├── kontiki.c.svn-base │ ├── ldap.c.svn-base │ ├── mail_imap.c.svn-base │ ├── mail_pop.c.svn-base │ ├── mail_smtp.c.svn-base │ ├── manolito.c.svn-base │ ├── maplestory.c.svn-base │ ├── mdns.c.svn-base │ ├── meebo.c.svn-base │ ├── mgcp.c.svn-base │ ├── mms.c.svn-base │ ├── msn.c.svn-base │ ├── mssql.c.svn-base │ ├── mysql.c.svn-base │ ├── netbios.c.svn-base │ ├── nfs.c.svn-base │ ├── non_tcp_udp.c.svn-base │ ├── ntp.c.svn-base │ ├── openft.c.svn-base │ ├── oscar.c.svn-base │ ├── pando.c.svn-base │ ├── pcanywhere.c.svn-base │ ├── popo.c.svn-base │ ├── postgres.c.svn-base │ ├── pplive.c.svn-base │ ├── ppstream.c.svn-base │ ├── pptp.c.svn-base │ ├── qq.c.svn-base │ ├── quake.c.svn-base │ ├── rdp.c.svn-base │ ├── rtp.c.svn-base │ ├── rtsp.c.svn-base │ ├── secondlife.c.svn-base │ ├── shoutcast.c.svn-base │ ├── sip.c.svn-base │ ├── smb.c.svn-base │ ├── snmp.c.svn-base │ ├── socrates.c.svn-base │ ├── sopcast.c.svn-base │ ├── soulseek.c.svn-base │ ├── ssdp.c.svn-base │ ├── ssh.c.svn-base │ ├── ssl.c.svn-base │ ├── stealthnet.c.svn-base │ ├── steam.c.svn-base │ ├── stun.c.svn-base │ ├── syslog.c.svn-base │ ├── tds.c.svn-base │ ├── telnet.c.svn-base │ ├── tftp.c.svn-base │ ├── thunder.c.svn-base │ ├── tvants.c.svn-base │ ├── tvuplayer.c.svn-base │ ├── usenet.c.svn-base │ ├── veohtv.c.svn-base │ ├── vnc.c.svn-base │ ├── warcraft3.c.svn-base │ ├── winmx.c.svn-base │ ├── world_of_kung_fu.c.svn-base │ ├── world_of_warcraft.c.svn-base │ ├── xbox.c.svn-base │ ├── xdmcp.c.svn-base │ ├── yahoo.c.svn-base │ └── zattoo.c.svn-base └── text-base │ ├── afp.c.svn-base │ ├── aimini.c.svn-base │ ├── applejuice.c.svn-base │ ├── armagetron.c.svn-base │ ├── battlefield.c.svn-base │ ├── bgp.c.svn-base │ ├── bittorrent.c.svn-base │ ├── crossfire.c.svn-base │ ├── dhcp.c.svn-base │ ├── dhcpv6.c.svn-base │ ├── directconnect.c.svn-base │ ├── directdownloadlink.c.svn-base │ ├── dns.c.svn-base │ ├── dofus.c.svn-base │ ├── edonkey.c.svn-base │ ├── fasttrack.c.svn-base │ ├── feidian.c.svn-base │ ├── fiesta.c.svn-base │ ├── filetopia.c.svn-base │ ├── flash.c.svn-base │ ├── florensia.c.svn-base │ ├── ftp.c.svn-base │ ├── gadu_gadu.c.svn-base │ ├── gnutella.c.svn-base │ ├── guildwars.c.svn-base │ ├── halflife2_and_mods.c.svn-base │ ├── http.c.svn-base │ ├── http_activesync.c.svn-base │ ├── i23v5.c.svn-base │ ├── iax.c.svn-base │ ├── icecast.c.svn-base │ ├── imesh.c.svn-base │ ├── ipp.c.svn-base │ ├── irc.c.svn-base │ ├── jabber.c.svn-base │ ├── kerberos.c.svn-base │ ├── kontiki.c.svn-base │ ├── ldap.c.svn-base │ ├── mail_imap.c.svn-base │ ├── mail_pop.c.svn-base │ ├── mail_smtp.c.svn-base │ ├── manolito.c.svn-base │ ├── maplestory.c.svn-base │ ├── mdns.c.svn-base │ ├── meebo.c.svn-base │ ├── mgcp.c.svn-base │ ├── mms.c.svn-base │ ├── msn.c.svn-base │ ├── mssql.c.svn-base │ ├── mysql.c.svn-base │ ├── netbios.c.svn-base │ ├── nfs.c.svn-base │ ├── non_tcp_udp.c.svn-base │ ├── ntp.c.svn-base │ ├── openft.c.svn-base │ ├── oscar.c.svn-base │ ├── pando.c.svn-base │ ├── pcanywhere.c.svn-base │ ├── popo.c.svn-base │ ├── postgres.c.svn-base │ ├── pplive.c.svn-base │ ├── ppstream.c.svn-base │ ├── pptp.c.svn-base │ ├── qq.c.svn-base │ ├── quake.c.svn-base │ ├── rdp.c.svn-base │ ├── rtp.c.svn-base │ ├── rtsp.c.svn-base │ ├── secondlife.c.svn-base │ ├── shoutcast.c.svn-base │ ├── sip.c.svn-base │ ├── smb.c.svn-base │ ├── snmp.c.svn-base │ ├── socrates.c.svn-base │ ├── sopcast.c.svn-base │ ├── soulseek.c.svn-base │ ├── ssdp.c.svn-base │ ├── ssh.c.svn-base │ ├── ssl.c.svn-base │ ├── stealthnet.c.svn-base │ ├── steam.c.svn-base │ ├── stun.c.svn-base │ ├── syslog.c.svn-base │ ├── tds.c.svn-base │ ├── telnet.c.svn-base │ ├── tftp.c.svn-base │ ├── thunder.c.svn-base │ ├── tvants.c.svn-base │ ├── tvuplayer.c.svn-base │ ├── usenet.c.svn-base │ ├── veohtv.c.svn-base │ ├── vnc.c.svn-base │ ├── warcraft3.c.svn-base │ ├── winmx.c.svn-base │ ├── world_of_kung_fu.c.svn-base │ ├── world_of_warcraft.c.svn-base │ ├── xbox.c.svn-base │ ├── xdmcp.c.svn-base │ ├── yahoo.c.svn-base │ └── zattoo.c.svn-base ├── afp.c ├── aimini.c ├── applejuice.c ├── armagetron.c ├── battlefield.c ├── bgp.c ├── bittorrent.c ├── crossfire.c ├── dhcp.c ├── dhcpv6.c ├── directconnect.c ├── directdownloadlink.c ├── dns.c ├── dofus.c ├── edonkey.c ├── fasttrack.c ├── feidian.c ├── fiesta.c ├── filetopia.c ├── flash.c ├── florensia.c ├── ftp.c ├── gadu_gadu.c ├── gnutella.c ├── guildwars.c ├── halflife2_and_mods.c ├── http.c ├── http_activesync.c ├── i23v5.c ├── iax.c ├── icecast.c ├── imesh.c ├── ipp.c ├── irc.c ├── jabber.c ├── kerberos.c ├── kontiki.c ├── ldap.c ├── mail_imap.c ├── mail_pop.c ├── mail_smtp.c ├── manolito.c ├── maplestory.c ├── mdns.c ├── meebo.c ├── mgcp.c ├── mms.c ├── msn.c ├── mssql.c ├── mysql.c ├── netbios.c ├── nfs.c ├── non_tcp_udp.c ├── ntp.c ├── openft.c ├── oscar.c ├── pando.c ├── pcanywhere.c ├── popo.c ├── postgres.c ├── pplive.c ├── ppstream.c ├── pptp.c ├── qq.c ├── quake.c ├── rdp.c ├── rtp.c ├── rtsp.c ├── secondlife.c ├── shoutcast.c ├── sip.c ├── smb.c ├── snmp.c ├── socrates.c ├── sopcast.c ├── soulseek.c ├── ssdp.c ├── ssh.c ├── ssl.c ├── stealthnet.c ├── steam.c ├── stun.c ├── syslog.c ├── tds.c ├── telnet.c ├── tftp.c ├── thunder.c ├── tvants.c ├── tvuplayer.c ├── usenet.c ├── veohtv.c ├── vnc.c ├── warcraft3.c ├── winmx.c ├── world_of_kung_fu.c ├── world_of_warcraft.c ├── xbox.c ├── xdmcp.c ├── yahoo.c └── zattoo.c /AUTHORS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomasbhatia/OpenDPI/a34a4534fb094e36bbf9aac303d3ab378950370f/AUTHORS -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomasbhatia/OpenDPI/a34a4534fb094e36bbf9aac303d3ab378950370f/ChangeLog -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = src/include src/lib src/examples/OpenDPI_demo 2 | ACLOCAL_AMFLAGS = -I m4 3 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- 1 | === OpenDPI 1.3 (2011/06/09) === 2 | 3 | * added IPv6 support 4 | * new protocols: DHCPv6, ICMPv6, Activesync, Armagetron, Crossfire, Dofus, Fiesta Online, Florensia, Guildwars, Kerberos, 5 | LDAP, Maplestory, MSSQL, PPTP, Warcraft 3, World of Kung Fu 6 | * improved protocols: Aimini, Battlefield, Bittorrent, DirectDownloadLink, eDonkey, FTP, GaduGadu, Gnutella, HTTP, Icecast, 7 | Imesh, IRC, Jabber, IMAP, POP, SMTP, MDNS, Meebo, MSN, Netbios, Oscar, PPLive, QQ, Quake, RTP, 8 | Secondlive, Shoutcast, SIP, SSL, STUN, Syslog, TVUplayer, Veohtv, World of Warcraft, Yahoo 9 | * added protocol history/real protocol feature 10 | * various improvements and fixes 11 | 12 | === OpenDPI 1.2 (2010/04/07) === 13 | 14 | * added new protocol Meebo 15 | * various improvements and fixes 16 | 17 | === OpenDPI 1.1.1 (2009/11/11) === 18 | 19 | * fixed a compilation error that occurred when debug messages were enabled 20 | 21 | === OpenDPI 1.1 (2009/11/10) === 22 | 23 | * OpenDPI is now built using autotools 24 | * OpenDPI now compiles on BSD-like systems 25 | * added 4 new protocols (AFP, Aimini, Stealthnet, TFTP) 26 | * Bittorrent detection has been fixed 27 | * FTP detection has been fixed 28 | * various small improvements and fixes 29 | 30 | === OpenDPI 1.0 (2009/09/07) === 31 | 32 | * initial release -------------------------------------------------------------------------------- /OpenDPI-Manual.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thomasbhatia/OpenDPI/a34a4534fb094e36bbf9aac303d3ab378950370f/OpenDPI-Manual.pdf -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | README for OpenDPI 2 | ================== 3 | 4 | OpenDPI is a software component for traffic classification based on deep packet inspection. 5 | 6 | Visit http://opendpi.org/ or http://code.google.com/p/opendpi/ for more information. 7 | 8 | 9 | 10 | Building OpenDPI 11 | ================ 12 | 13 | OpenDPI is built using autotools and a gnu compatible C compiler like gcc. 14 | To build the OpenDPI_demo application an installation of libpcap and the libpcap developer files are required. 15 | 16 | Building an OpenDPI release from the command line: 17 | 18 | $ tar xvfz opendpi-1.1.0.tar.gz 19 | $ cd opendpi-1.1.0 20 | $ ./configure 21 | $ make 22 | $ su (if necessary for the next line) 23 | $ make install 24 | 25 | 26 | Building OpenDPI from SVN (First Time): 27 | 28 | $ svn checkout http://opendpi.googlecode.com/svn/trunk/ opendpi 29 | $ cd opendpi 30 | $ ./autogen.sh 31 | $ make 32 | $ su (if necessary for the next line) 33 | $ make install 34 | 35 | 36 | Building OpenDPI from SVN (Updating): 37 | 38 | $ cd opendpi 39 | $ make clean 40 | $ svn up 41 | $ make 42 | $ su (if necessary for the next line) 43 | $ make install 44 | 45 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | mkdir m4; 4 | libtoolize; 5 | automake --gnu --add-missing --copy; 6 | automake --add-missing; 7 | autoreconf -fi; 8 | rm -Rf autom4te.cache; 9 | -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- 1 | AC_INIT([OpenDPI], [1.3.0]) 2 | AC_CONFIG_SRCDIR([src/lib/ipq_protocols.h]) 3 | 4 | AM_INIT_AUTOMAKE([-Wall]) 5 | AC_CONFIG_MACRO_DIR([m4]) 6 | AC_PROG_LIBTOOL 7 | 8 | AC_PROG_CC 9 | AC_PROG_INSTALL 10 | 11 | LT_INIT 12 | 13 | AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) 14 | 15 | AC_CONFIG_FILES([Makefile 16 | src/lib/Makefile 17 | src/include/Makefile 18 | src/examples/OpenDPI_demo/Makefile]) 19 | AC_OUTPUT 20 | -------------------------------------------------------------------------------- /src/.svn/all-wcprops: -------------------------------------------------------------------------------- 1 | K 25 2 | svn:wc:ra_dav:version-url 3 | V 26 4 | /svn/!svn/ver/34/trunk/src 5 | END 6 | -------------------------------------------------------------------------------- /src/.svn/entries: -------------------------------------------------------------------------------- 1 | 10 2 | 3 | dir 4 | 35 5 | http://opendpi.googlecode.com/svn/trunk/src 6 | http://opendpi.googlecode.com/svn 7 | 8 | 9 | 10 | 2011-06-09T14:33:49.488946Z 11 | 34 12 | martin.weiser@ipoque.com 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 87bad7a0-979b-11de-aa05-a1f2ad4bc971 28 | 29 | include 30 | dir 31 | 32 | lib 33 | dir 34 | 35 | examples 36 | dir 37 | 38 | -------------------------------------------------------------------------------- /src/examples/.svn/all-wcprops: -------------------------------------------------------------------------------- 1 | K 25 2 | svn:wc:ra_dav:version-url 3 | V 35 4 | /svn/!svn/ver/31/trunk/src/examples 5 | END 6 | -------------------------------------------------------------------------------- /src/examples/.svn/entries: -------------------------------------------------------------------------------- 1 | 10 2 | 3 | dir 4 | 35 5 | http://opendpi.googlecode.com/svn/trunk/src/examples 6 | http://opendpi.googlecode.com/svn 7 | 8 | 9 | 10 | 2011-06-09T12:15:41.855573Z 11 | 31 12 | martin.weiser@ipoque.com 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 87bad7a0-979b-11de-aa05-a1f2ad4bc971 28 | 29 | OpenDPI_demo 30 | dir 31 | 32 | -------------------------------------------------------------------------------- /src/examples/OpenDPI_demo/.svn/all-wcprops: -------------------------------------------------------------------------------- 1 | K 25 2 | svn:wc:ra_dav:version-url 3 | V 48 4 | /svn/!svn/ver/31/trunk/src/examples/OpenDPI_demo 5 | END 6 | OpenDPI_demo.c 7 | K 25 8 | svn:wc:ra_dav:version-url 9 | V 63 10 | /svn/!svn/ver/31/trunk/src/examples/OpenDPI_demo/OpenDPI_demo.c 11 | END 12 | linux_compat.h 13 | K 25 14 | svn:wc:ra_dav:version-url 15 | V 63 16 | /svn/!svn/ver/31/trunk/src/examples/OpenDPI_demo/linux_compat.h 17 | END 18 | Makefile.am 19 | K 25 20 | svn:wc:ra_dav:version-url 21 | V 60 22 | /svn/!svn/ver/12/trunk/src/examples/OpenDPI_demo/Makefile.am 23 | END 24 | -------------------------------------------------------------------------------- /src/examples/OpenDPI_demo/.svn/entries: -------------------------------------------------------------------------------- 1 | 10 2 | 3 | dir 4 | 35 5 | http://opendpi.googlecode.com/svn/trunk/src/examples/OpenDPI_demo 6 | http://opendpi.googlecode.com/svn 7 | 8 | 9 | 10 | 2011-06-09T12:15:41.855573Z 11 | 31 12 | martin.weiser@ipoque.com 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 87bad7a0-979b-11de-aa05-a1f2ad4bc971 28 | 29 | OpenDPI_demo.c 30 | file 31 | 32 | 33 | 34 | 35 | 2012-07-15T15:57:48.000000Z 36 | 6c82fd2734cfaec1acaa6fda6bcdf813 37 | 2011-06-09T12:15:41.855573Z 38 | 31 39 | martin.weiser@ipoque.com 40 | has-props 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 14097 62 | 63 | linux_compat.h 64 | file 65 | 66 | 67 | 68 | 69 | 2012-07-15T15:57:48.000000Z 70 | 4591b57fabefd5abc624dad7968d2022 71 | 2011-06-09T12:15:41.855573Z 72 | 31 73 | martin.weiser@ipoque.com 74 | has-props 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 2376 96 | 97 | Makefile.am 98 | file 99 | 100 | 101 | 102 | 103 | 2012-07-15T15:57:48.000000Z 104 | 73568f0dff19086affef88263983a072 105 | 2009-11-10T08:08:10.259393Z 106 | 12 107 | martin.weiser@ipoque.com 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 200 130 | 131 | -------------------------------------------------------------------------------- /src/examples/OpenDPI_demo/.svn/prop-base/OpenDPI_demo.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/examples/OpenDPI_demo/.svn/prop-base/linux_compat.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/examples/OpenDPI_demo/.svn/text-base/Makefile.am.svn-base: -------------------------------------------------------------------------------- 1 | AM_CPPFLAGS = -I$(top_srcdir)/src/include/ 2 | 3 | bin_PROGRAMS = OpenDPI_demo 4 | OpenDPI_demo_SOURCES = linux_compat.h \ 5 | OpenDPI_demo.c 6 | 7 | OpenDPI_demo_LDADD = $(top_builddir)/src/lib/libopendpi.la -lpcap 8 | -------------------------------------------------------------------------------- /src/examples/OpenDPI_demo/.svn/text-base/linux_compat.h.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * linux_compat.h 3 | * Copyright (C) 2009-2010 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #ifndef __IPOQUE_LINUX_COMPAT_H__ 25 | #define __IPOQUE_LINUX_COMPAT_H__ 26 | 27 | struct iphdr { 28 | #if BYTE_ORDER == LITTLE_ENDIAN 29 | uint8_t ihl:4, version:4; 30 | #elif BYTE_ORDER == BIG_ENDIAN 31 | uint8_t version:4, ihl:4; 32 | #else 33 | # error "BYTE_ORDER must be defined" 34 | #endif 35 | uint8_t tos; 36 | uint16_t tot_len; 37 | uint16_t id; 38 | uint16_t frag_off; 39 | uint8_t ttl; 40 | uint8_t protocol; 41 | uint16_t check; 42 | uint32_t saddr; 43 | uint32_t daddr; 44 | }; 45 | 46 | #include 47 | #define s6_addr16 __u6_addr.__u6_addr16 48 | #define s6_addr32 __u6_addr.__u6_addr32 49 | 50 | struct ip6_hdr { 51 | union { 52 | struct ip6_hdrctl { 53 | uint32_t ip6_un1_flow; 54 | uint16_t ip6_un1_plen; 55 | uint8_t ip6_un1_nxt; 56 | uint8_t ip6_un1_hlim; 57 | } ip6_un1; 58 | uint8_t ip6_un2_vfc; 59 | } ip6_ctlun; 60 | struct in6_addr ip6_src; 61 | struct in6_addr ip6_dst; 62 | }; 63 | 64 | struct tcphdr { 65 | uint16_t source; 66 | uint16_t dest; 67 | uint32_t seq; 68 | uint32_t ack_seq; 69 | #if BYTE_ORDER == LITTLE_ENDIAN 70 | uint16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1; 71 | #elif BYTE_ORDER == BIG_ENDIAN 72 | uint16_t doff:4, res1:4, cwr:1, ece:1, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1; 73 | #else 74 | # error "BYTE_ORDER must be defined" 75 | #endif 76 | uint16_t window; 77 | uint16_t check; 78 | uint16_t urg_ptr; 79 | }; 80 | 81 | struct udphdr { 82 | uint16_t source; 83 | uint16_t dest; 84 | uint16_t len; 85 | uint16_t check; 86 | }; 87 | 88 | #define ETH_P_IP 0x0800 89 | #define ETH_P_IPV6 0x86DD 90 | 91 | struct ethhdr { 92 | unsigned char h_dest[6]; 93 | unsigned char h_source[6]; 94 | uint16_t h_proto; 95 | }; 96 | 97 | #endif 98 | -------------------------------------------------------------------------------- /src/examples/OpenDPI_demo/Makefile.am: -------------------------------------------------------------------------------- 1 | AM_CPPFLAGS = -I$(top_srcdir)/src/include/ 2 | 3 | bin_PROGRAMS = OpenDPI_demo 4 | OpenDPI_demo_SOURCES = linux_compat.h \ 5 | OpenDPI_demo.c 6 | 7 | OpenDPI_demo_LDADD = $(top_builddir)/src/lib/libopendpi.la -lpcap 8 | -------------------------------------------------------------------------------- /src/examples/OpenDPI_demo/linux_compat.h: -------------------------------------------------------------------------------- 1 | /* 2 | * linux_compat.h 3 | * Copyright (C) 2009-2010 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #ifndef __IPOQUE_LINUX_COMPAT_H__ 25 | #define __IPOQUE_LINUX_COMPAT_H__ 26 | 27 | struct iphdr { 28 | #if BYTE_ORDER == LITTLE_ENDIAN 29 | uint8_t ihl:4, version:4; 30 | #elif BYTE_ORDER == BIG_ENDIAN 31 | uint8_t version:4, ihl:4; 32 | #else 33 | # error "BYTE_ORDER must be defined" 34 | #endif 35 | uint8_t tos; 36 | uint16_t tot_len; 37 | uint16_t id; 38 | uint16_t frag_off; 39 | uint8_t ttl; 40 | uint8_t protocol; 41 | uint16_t check; 42 | uint32_t saddr; 43 | uint32_t daddr; 44 | }; 45 | 46 | #include 47 | #define s6_addr16 __u6_addr.__u6_addr16 48 | #define s6_addr32 __u6_addr.__u6_addr32 49 | 50 | struct ip6_hdr { 51 | union { 52 | struct ip6_hdrctl { 53 | uint32_t ip6_un1_flow; 54 | uint16_t ip6_un1_plen; 55 | uint8_t ip6_un1_nxt; 56 | uint8_t ip6_un1_hlim; 57 | } ip6_un1; 58 | uint8_t ip6_un2_vfc; 59 | } ip6_ctlun; 60 | struct in6_addr ip6_src; 61 | struct in6_addr ip6_dst; 62 | }; 63 | 64 | struct tcphdr { 65 | uint16_t source; 66 | uint16_t dest; 67 | uint32_t seq; 68 | uint32_t ack_seq; 69 | #if BYTE_ORDER == LITTLE_ENDIAN 70 | uint16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1; 71 | #elif BYTE_ORDER == BIG_ENDIAN 72 | uint16_t doff:4, res1:4, cwr:1, ece:1, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1; 73 | #else 74 | # error "BYTE_ORDER must be defined" 75 | #endif 76 | uint16_t window; 77 | uint16_t check; 78 | uint16_t urg_ptr; 79 | }; 80 | 81 | struct udphdr { 82 | uint16_t source; 83 | uint16_t dest; 84 | uint16_t len; 85 | uint16_t check; 86 | }; 87 | 88 | #define ETH_P_IP 0x0800 89 | #define ETH_P_IPV6 0x86DD 90 | 91 | struct ethhdr { 92 | unsigned char h_dest[6]; 93 | unsigned char h_source[6]; 94 | uint16_t h_proto; 95 | }; 96 | 97 | #endif 98 | -------------------------------------------------------------------------------- /src/include/.svn/all-wcprops: -------------------------------------------------------------------------------- 1 | K 25 2 | svn:wc:ra_dav:version-url 3 | V 34 4 | /svn/!svn/ver/34/trunk/src/include 5 | END 6 | ipq_protocols_osdpi.h 7 | K 25 8 | svn:wc:ra_dav:version-url 9 | V 56 10 | /svn/!svn/ver/34/trunk/src/include/ipq_protocols_osdpi.h 11 | END 12 | ipq_macros.h 13 | K 25 14 | svn:wc:ra_dav:version-url 15 | V 47 16 | /svn/!svn/ver/31/trunk/src/include/ipq_macros.h 17 | END 18 | ipq_public_functions.h 19 | K 25 20 | svn:wc:ra_dav:version-url 21 | V 57 22 | /svn/!svn/ver/31/trunk/src/include/ipq_public_functions.h 23 | END 24 | ipq_api.h 25 | K 25 26 | svn:wc:ra_dav:version-url 27 | V 44 28 | /svn/!svn/ver/31/trunk/src/include/ipq_api.h 29 | END 30 | Makefile.am 31 | K 25 32 | svn:wc:ra_dav:version-url 33 | V 46 34 | /svn/!svn/ver/31/trunk/src/include/Makefile.am 35 | END 36 | ipq_debug_functions.h 37 | K 25 38 | svn:wc:ra_dav:version-url 39 | V 56 40 | /svn/!svn/ver/31/trunk/src/include/ipq_debug_functions.h 41 | END 42 | ipq_basic_def.h 43 | K 25 44 | svn:wc:ra_dav:version-url 45 | V 50 46 | /svn/!svn/ver/31/trunk/src/include/ipq_basic_def.h 47 | END 48 | -------------------------------------------------------------------------------- /src/include/.svn/entries: -------------------------------------------------------------------------------- 1 | 10 2 | 3 | dir 4 | 35 5 | http://opendpi.googlecode.com/svn/trunk/src/include 6 | http://opendpi.googlecode.com/svn 7 | 8 | 9 | 10 | 2011-06-09T14:33:49.488946Z 11 | 34 12 | martin.weiser@ipoque.com 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 87bad7a0-979b-11de-aa05-a1f2ad4bc971 28 | 29 | ipq_protocols_osdpi.h 30 | file 31 | 32 | 33 | 34 | 35 | 2012-07-15T15:57:47.000000Z 36 | 0871731fd0bc7ec03bc7a5449cac45d0 37 | 2011-06-09T14:33:49.488946Z 38 | 34 39 | martin.weiser@ipoque.com 40 | has-props 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 8242 62 | 63 | ipq_macros.h 64 | file 65 | 66 | 67 | 68 | 69 | 2012-07-15T15:57:47.000000Z 70 | b6ac7a0e1d1129db35e32ebe2555c4aa 71 | 2011-06-09T12:15:41.855573Z 72 | 31 73 | martin.weiser@ipoque.com 74 | has-props 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 8484 96 | 97 | ipq_public_functions.h 98 | file 99 | 100 | 101 | 102 | 103 | 2012-07-15T15:57:47.000000Z 104 | 4a80c2a3cdba1cab4456bc9266220bf0 105 | 2011-06-09T12:15:41.855573Z 106 | 31 107 | martin.weiser@ipoque.com 108 | has-props 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 8160 130 | 131 | ipq_api.h 132 | file 133 | 134 | 135 | 136 | 137 | 2012-07-15T15:57:47.000000Z 138 | ddc1ffd5b17d582bceeee5e58412da77 139 | 2011-06-09T12:15:41.855573Z 140 | 31 141 | martin.weiser@ipoque.com 142 | has-props 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 1309 164 | 165 | Makefile.am 166 | file 167 | 168 | 169 | 170 | 171 | 2012-07-15T15:57:47.000000Z 172 | c5cfe59e28fb2908304aabf47d9c4dd1 173 | 2011-06-09T12:15:41.855573Z 174 | 31 175 | martin.weiser@ipoque.com 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 223 198 | 199 | ipq_debug_functions.h 200 | file 201 | 202 | 203 | 204 | 205 | 2012-07-15T15:57:47.000000Z 206 | 8e28e59be6f6f96db11333cb39804e2e 207 | 2011-06-09T12:15:41.855573Z 208 | 31 209 | martin.weiser@ipoque.com 210 | has-props 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 1329 232 | 233 | ipq_basic_def.h 234 | file 235 | 236 | 237 | 238 | 239 | 2012-07-15T15:57:47.000000Z 240 | 0c02cb53261fc638d1d83f1a40acb2c4 241 | 2011-06-09T12:15:41.855573Z 242 | 31 243 | martin.weiser@ipoque.com 244 | has-props 245 | 246 | 247 | 248 | 249 | 250 | 251 | 252 | 253 | 254 | 255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | 263 | 264 | 265 | 1464 266 | 267 | -------------------------------------------------------------------------------- /src/include/.svn/prop-base/ipq_api.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/include/.svn/prop-base/ipq_basic_def.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/include/.svn/prop-base/ipq_debug_functions.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/include/.svn/prop-base/ipq_macros.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/include/.svn/prop-base/ipq_protocols_osdpi.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/include/.svn/prop-base/ipq_public_functions.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/include/.svn/text-base/Makefile.am.svn-base: -------------------------------------------------------------------------------- 1 | 2 | library_includedir=$(includedir)/libopendpi-1.3/libopendpi 3 | 4 | library_include_HEADERS = ipq_api.h \ 5 | ipq_basic_def.h \ 6 | ipq_debug_functions.h \ 7 | ipq_macros.h \ 8 | ipq_protocols_osdpi.h \ 9 | ipq_public_functions.h 10 | -------------------------------------------------------------------------------- /src/include/.svn/text-base/ipq_api.h.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * ipq_api.h 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #ifndef __IPOQUE_API_INCLUDE_FILE__ 25 | #define __IPOQUE_API_INCLUDE_FILE__ 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | /* basic definitions (u64, u32, timestamp size,...) */ 30 | #include "ipq_basic_def.h" 31 | #include "ipq_protocols_osdpi.h" 32 | /* macros for protocol / bitmask conversation if needed */ 33 | #include "ipq_macros.h" 34 | 35 | #include "ipq_public_functions.h" 36 | 37 | #include "ipq_debug_functions.h" 38 | #ifdef __cplusplus 39 | } 40 | #endif 41 | #endif /* __IPOQUE_API_INCLUDE_FILE__ */ 42 | -------------------------------------------------------------------------------- /src/include/.svn/text-base/ipq_basic_def.h.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * ipq_basic_def.h 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #ifndef __IPOQUE_API_INCLUDE_FILE__ 25 | #error CANNOT INCLUDE THIS .H FILE, INCLUDE IPQ_API.H 26 | #endif 27 | 28 | #ifndef __IPQ_BASIC_DEF_H__ 29 | #define __IPQ_BASIC_DEF_H__ 30 | 31 | #ifdef __cplusplus 32 | extern "C" { 33 | #endif 34 | 35 | /* define u64, u32, here 36 | * this is used for compatibility restrictions on different platforms 37 | * 38 | */ 39 | 40 | #ifndef u64 41 | #define u64 unsigned long long 42 | #endif 43 | #ifndef u32 44 | #define u32 unsigned int 45 | #endif 46 | #ifndef u16 47 | #define u16 unsigned short 48 | #endif 49 | #ifndef u8 50 | #define u8 unsigned char 51 | #endif 52 | 53 | 54 | /* generic timestamp counter size */ 55 | #define IPOQUE_TIMESTAMP_COUNTER_SIZE u32 56 | #ifdef __cplusplus 57 | } 58 | #endif 59 | #endif 60 | -------------------------------------------------------------------------------- /src/include/.svn/text-base/ipq_debug_functions.h.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * ipq_debug_functions.h 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #ifndef __IPOQUE_API_INCLUDE_FILE__ 25 | #error CANNOT INCLUDE THIS .H FILE, INCLUDE IPQ_API.H 26 | #endif 27 | 28 | #ifndef __IPQ_DEBUG_FUNCTIONS_H__ 29 | #define __IPQ_DEBUG_FUNCTIONS_H__ 30 | 31 | #ifdef __cplusplus 32 | extern "C" { 33 | #endif 34 | #ifdef IPOQUE_ENABLE_DEBUG_MESSAGES 35 | void ipoque_debug_get_last_log_function_line(struct 36 | ipoque_detection_module_struct 37 | *ipoque_struct, const char **file, const char **func, u32 * line); 38 | #endif 39 | #ifdef __cplusplus 40 | } 41 | #endif 42 | #endif 43 | -------------------------------------------------------------------------------- /src/include/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | library_includedir=$(includedir)/libopendpi-1.3/libopendpi 3 | 4 | library_include_HEADERS = ipq_api.h \ 5 | ipq_basic_def.h \ 6 | ipq_debug_functions.h \ 7 | ipq_macros.h \ 8 | ipq_protocols_osdpi.h \ 9 | ipq_public_functions.h 10 | -------------------------------------------------------------------------------- /src/include/ipq_api.h: -------------------------------------------------------------------------------- 1 | /* 2 | * ipq_api.h 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #ifndef __IPOQUE_API_INCLUDE_FILE__ 25 | #define __IPOQUE_API_INCLUDE_FILE__ 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | /* basic definitions (u64, u32, timestamp size,...) */ 30 | #include "ipq_basic_def.h" 31 | #include "ipq_protocols_osdpi.h" 32 | /* macros for protocol / bitmask conversation if needed */ 33 | #include "ipq_macros.h" 34 | 35 | #include "ipq_public_functions.h" 36 | 37 | #include "ipq_debug_functions.h" 38 | #ifdef __cplusplus 39 | } 40 | #endif 41 | #endif /* __IPOQUE_API_INCLUDE_FILE__ */ 42 | -------------------------------------------------------------------------------- /src/include/ipq_basic_def.h: -------------------------------------------------------------------------------- 1 | /* 2 | * ipq_basic_def.h 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #ifndef __IPOQUE_API_INCLUDE_FILE__ 25 | #error CANNOT INCLUDE THIS .H FILE, INCLUDE IPQ_API.H 26 | #endif 27 | 28 | #ifndef __IPQ_BASIC_DEF_H__ 29 | #define __IPQ_BASIC_DEF_H__ 30 | 31 | #ifdef __cplusplus 32 | extern "C" { 33 | #endif 34 | 35 | /* define u64, u32, here 36 | * this is used for compatibility restrictions on different platforms 37 | * 38 | */ 39 | 40 | #ifndef u64 41 | #define u64 unsigned long long 42 | #endif 43 | #ifndef u32 44 | #define u32 unsigned int 45 | #endif 46 | #ifndef u16 47 | #define u16 unsigned short 48 | #endif 49 | #ifndef u8 50 | #define u8 unsigned char 51 | #endif 52 | 53 | 54 | /* generic timestamp counter size */ 55 | #define IPOQUE_TIMESTAMP_COUNTER_SIZE u32 56 | #ifdef __cplusplus 57 | } 58 | #endif 59 | #endif 60 | -------------------------------------------------------------------------------- /src/include/ipq_debug_functions.h: -------------------------------------------------------------------------------- 1 | /* 2 | * ipq_debug_functions.h 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #ifndef __IPOQUE_API_INCLUDE_FILE__ 25 | #error CANNOT INCLUDE THIS .H FILE, INCLUDE IPQ_API.H 26 | #endif 27 | 28 | #ifndef __IPQ_DEBUG_FUNCTIONS_H__ 29 | #define __IPQ_DEBUG_FUNCTIONS_H__ 30 | 31 | #ifdef __cplusplus 32 | extern "C" { 33 | #endif 34 | #ifdef IPOQUE_ENABLE_DEBUG_MESSAGES 35 | void ipoque_debug_get_last_log_function_line(struct 36 | ipoque_detection_module_struct 37 | *ipoque_struct, const char **file, const char **func, u32 * line); 38 | #endif 39 | #ifdef __cplusplus 40 | } 41 | #endif 42 | #endif 43 | -------------------------------------------------------------------------------- /src/lib/.svn/all-wcprops: -------------------------------------------------------------------------------- 1 | K 25 2 | svn:wc:ra_dav:version-url 3 | V 30 4 | /svn/!svn/ver/34/trunk/src/lib 5 | END 6 | ipq_utils.h 7 | K 25 8 | svn:wc:ra_dav:version-url 9 | V 42 10 | /svn/!svn/ver/31/trunk/src/lib/ipq_utils.h 11 | END 12 | ipq_protocol_history.h 13 | K 25 14 | svn:wc:ra_dav:version-url 15 | V 53 16 | /svn/!svn/ver/31/trunk/src/lib/ipq_protocol_history.h 17 | END 18 | ipq_protocols.h 19 | K 25 20 | svn:wc:ra_dav:version-url 21 | V 46 22 | /svn/!svn/ver/34/trunk/src/lib/ipq_protocols.h 23 | END 24 | ipq_main.h 25 | K 25 26 | svn:wc:ra_dav:version-url 27 | V 41 28 | /svn/!svn/ver/34/trunk/src/lib/ipq_main.h 29 | END 30 | ipq_structs.h 31 | K 25 32 | svn:wc:ra_dav:version-url 33 | V 44 34 | /svn/!svn/ver/34/trunk/src/lib/ipq_structs.h 35 | END 36 | linux_compat.h 37 | K 25 38 | svn:wc:ra_dav:version-url 39 | V 45 40 | /svn/!svn/ver/34/trunk/src/lib/linux_compat.h 41 | END 42 | Makefile.am 43 | K 25 44 | svn:wc:ra_dav:version-url 45 | V 42 46 | /svn/!svn/ver/31/trunk/src/lib/Makefile.am 47 | END 48 | ipq_main.c 49 | K 25 50 | svn:wc:ra_dav:version-url 51 | V 41 52 | /svn/!svn/ver/34/trunk/src/lib/ipq_main.c 53 | END 54 | -------------------------------------------------------------------------------- /src/lib/.svn/prop-base/ipq_main.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/.svn/prop-base/ipq_main.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/.svn/prop-base/ipq_protocol_history.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/.svn/prop-base/ipq_protocols.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/.svn/prop-base/ipq_structs.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/.svn/prop-base/ipq_utils.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/.svn/prop-base/linux_compat.h.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/.svn/text-base/ipq_utils.h.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * ipq_utils.h 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | #ifndef _IPQ_UTILS_H_ 26 | #define _IPQ_UTILS_H_ 27 | 28 | #include "ipq_protocols.h" 29 | 30 | 31 | /** 32 | * macro for getting the string len of a static string 33 | * 34 | * use it instead of strlen to avoid runtime calculations 35 | */ 36 | #define IPQ_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) 37 | 38 | 39 | 40 | /** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ 41 | #define IPOQUE_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ 42 | ((((u64 *)(x))[0]) < (((u64 *)(y))[0]) || ( (((u64 *)(x))[0]) == (((u64 *)(y))[0]) && (((u64 *)(x))[1]) < (((u64 *)(y))[1])) ) 43 | 44 | 45 | #endif /* _IPQ_UTILS_H_ */ 46 | -------------------------------------------------------------------------------- /src/lib/.svn/text-base/linux_compat.h.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * linux_compat.h 3 | * Copyright (C) 2009-2010 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #ifndef __IPOQUE_LINUX_COMPAT_H__ 25 | #define __IPOQUE_LINUX_COMPAT_H__ 26 | 27 | #if defined(BYTE_ORDER) && !defined(__BYTE_ORDER) 28 | # define __BYTE_ORDER BYTE_ORDER 29 | #endif 30 | #if defined(LITTLE_ENDIAN) && !defined(__LITTLE_ENDIAN) 31 | # define __LITTLE_ENDIAN LITTLE_ENDIAN 32 | #endif 33 | #if defined(BIG_ENDIAN) && !defined(__BIG_ENDIAN) 34 | # define __BIG_ENDIAN BIG_ENDIAN 35 | #endif 36 | 37 | struct iphdr { 38 | #if BYTE_ORDER == LITTLE_ENDIAN 39 | uint8_t ihl:4, version:4; 40 | #elif BYTE_ORDER == BIG_ENDIAN 41 | uint8_t version:4, ihl:4; 42 | #else 43 | # error "BYTE_ORDER must be defined" 44 | #endif 45 | uint8_t tos; 46 | uint16_t tot_len; 47 | uint16_t id; 48 | uint16_t frag_off; 49 | uint8_t ttl; 50 | uint8_t protocol; 51 | uint16_t check; 52 | uint32_t saddr; 53 | uint32_t daddr; 54 | }; 55 | 56 | #include 57 | #define s6_addr16 __u6_addr.__u6_addr16 58 | #define s6_addr32 __u6_addr.__u6_addr32 59 | 60 | struct ip6_hdr { 61 | union { 62 | struct ip6_hdrctl { 63 | uint32_t ip6_un1_flow; 64 | uint16_t ip6_un1_plen; 65 | uint8_t ip6_un1_nxt; 66 | uint8_t ip6_un1_hlim; 67 | } ip6_un1; 68 | uint8_t ip6_un2_vfc; 69 | } ip6_ctlun; 70 | struct in6_addr ip6_src; 71 | struct in6_addr ip6_dst; 72 | }; 73 | 74 | struct tcphdr { 75 | uint16_t source; 76 | uint16_t dest; 77 | uint32_t seq; 78 | uint32_t ack_seq; 79 | #if BYTE_ORDER == LITTLE_ENDIAN 80 | uint16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1; 81 | #elif BYTE_ORDER == BIG_ENDIAN 82 | uint16_t doff:4, res1:4, cwr:1, ece:1, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1; 83 | #else 84 | # error "BYTE_ORDER must be defined" 85 | #endif 86 | uint16_t window; 87 | uint16_t check; 88 | uint16_t urg_ptr; 89 | }; 90 | 91 | struct udphdr { 92 | uint16_t source; 93 | uint16_t dest; 94 | uint16_t len; 95 | uint16_t check; 96 | }; 97 | 98 | #endif 99 | -------------------------------------------------------------------------------- /src/lib/ipq_utils.h: -------------------------------------------------------------------------------- 1 | /* 2 | * ipq_utils.h 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | #ifndef _IPQ_UTILS_H_ 26 | #define _IPQ_UTILS_H_ 27 | 28 | #include "ipq_protocols.h" 29 | 30 | 31 | /** 32 | * macro for getting the string len of a static string 33 | * 34 | * use it instead of strlen to avoid runtime calculations 35 | */ 36 | #define IPQ_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) 37 | 38 | 39 | 40 | /** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ 41 | #define IPOQUE_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ 42 | ((((u64 *)(x))[0]) < (((u64 *)(y))[0]) || ( (((u64 *)(x))[0]) == (((u64 *)(y))[0]) && (((u64 *)(x))[1]) < (((u64 *)(y))[1])) ) 43 | 44 | 45 | #endif /* _IPQ_UTILS_H_ */ 46 | -------------------------------------------------------------------------------- /src/lib/linux_compat.h: -------------------------------------------------------------------------------- 1 | /* 2 | * linux_compat.h 3 | * Copyright (C) 2009-2010 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #ifndef __IPOQUE_LINUX_COMPAT_H__ 25 | #define __IPOQUE_LINUX_COMPAT_H__ 26 | 27 | #if defined(BYTE_ORDER) && !defined(__BYTE_ORDER) 28 | # define __BYTE_ORDER BYTE_ORDER 29 | #endif 30 | #if defined(LITTLE_ENDIAN) && !defined(__LITTLE_ENDIAN) 31 | # define __LITTLE_ENDIAN LITTLE_ENDIAN 32 | #endif 33 | #if defined(BIG_ENDIAN) && !defined(__BIG_ENDIAN) 34 | # define __BIG_ENDIAN BIG_ENDIAN 35 | #endif 36 | 37 | struct iphdr { 38 | #if BYTE_ORDER == LITTLE_ENDIAN 39 | uint8_t ihl:4, version:4; 40 | #elif BYTE_ORDER == BIG_ENDIAN 41 | uint8_t version:4, ihl:4; 42 | #else 43 | # error "BYTE_ORDER must be defined" 44 | #endif 45 | uint8_t tos; 46 | uint16_t tot_len; 47 | uint16_t id; 48 | uint16_t frag_off; 49 | uint8_t ttl; 50 | uint8_t protocol; 51 | uint16_t check; 52 | uint32_t saddr; 53 | uint32_t daddr; 54 | }; 55 | 56 | #include 57 | #define s6_addr16 __u6_addr.__u6_addr16 58 | #define s6_addr32 __u6_addr.__u6_addr32 59 | 60 | struct ip6_hdr { 61 | union { 62 | struct ip6_hdrctl { 63 | uint32_t ip6_un1_flow; 64 | uint16_t ip6_un1_plen; 65 | uint8_t ip6_un1_nxt; 66 | uint8_t ip6_un1_hlim; 67 | } ip6_un1; 68 | uint8_t ip6_un2_vfc; 69 | } ip6_ctlun; 70 | struct in6_addr ip6_src; 71 | struct in6_addr ip6_dst; 72 | }; 73 | 74 | struct tcphdr { 75 | uint16_t source; 76 | uint16_t dest; 77 | uint32_t seq; 78 | uint32_t ack_seq; 79 | #if BYTE_ORDER == LITTLE_ENDIAN 80 | uint16_t res1:4, doff:4, fin:1, syn:1, rst:1, psh:1, ack:1, urg:1, ece:1, cwr:1; 81 | #elif BYTE_ORDER == BIG_ENDIAN 82 | uint16_t doff:4, res1:4, cwr:1, ece:1, urg:1, ack:1, psh:1, rst:1, syn:1, fin:1; 83 | #else 84 | # error "BYTE_ORDER must be defined" 85 | #endif 86 | uint16_t window; 87 | uint16_t check; 88 | uint16_t urg_ptr; 89 | }; 90 | 91 | struct udphdr { 92 | uint16_t source; 93 | uint16_t dest; 94 | uint16_t len; 95 | uint16_t check; 96 | }; 97 | 98 | #endif 99 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/afp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/aimini.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/applejuice.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/armagetron.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/battlefield.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/bgp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/bittorrent.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/crossfire.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/dhcp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/dhcpv6.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/directconnect.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/directdownloadlink.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/dns.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/dofus.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/edonkey.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/fasttrack.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/feidian.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/fiesta.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/filetopia.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/flash.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/florensia.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/ftp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/gadu_gadu.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/gnutella.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/guildwars.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/halflife2_and_mods.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/http.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/http_activesync.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/i23v5.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/iax.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/icecast.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/imesh.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/ipp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/irc.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/jabber.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/kerberos.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/kontiki.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/ldap.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/mail_imap.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/mail_pop.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/mail_smtp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/manolito.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/maplestory.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/mdns.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/meebo.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/mgcp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/mms.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/msn.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/mssql.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/mysql.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/netbios.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/nfs.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/non_tcp_udp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/ntp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/openft.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/oscar.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/pando.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/pcanywhere.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/popo.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/postgres.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/pplive.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/ppstream.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/pptp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/qq.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/quake.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/rdp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/rtp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/rtsp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/secondlife.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/shoutcast.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/sip.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/smb.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/snmp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/socrates.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/sopcast.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/soulseek.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/ssdp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/ssh.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/ssl.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/stealthnet.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/steam.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/stun.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/syslog.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/tds.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/telnet.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/tftp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/thunder.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/tvants.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/tvuplayer.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/usenet.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/veohtv.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/vnc.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/warcraft3.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/winmx.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/world_of_kung_fu.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/world_of_warcraft.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/xbox.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/xdmcp.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/yahoo.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/prop-base/zattoo.c.svn-base: -------------------------------------------------------------------------------- 1 | K 13 2 | svn:mime-type 3 | V 10 4 | text/plain 5 | END 6 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/afp.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * afp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_AFP 26 | 27 | static void ipoque_int_afp_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_AFP, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | 34 | void ipoque_search_afp(struct ipoque_detection_module_struct *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src = ipoque_struct->src; 39 | // struct ipoque_id_struct *dst = ipoque_struct->dst; 40 | 41 | 42 | /* 43 | * this will detect the OpenSession command of the Data Stream Interface (DSI) protocol 44 | * which is exclusively used by the Apple Filing Protocol (AFP) on TCP/IP networks 45 | */ 46 | if (packet->payload_packet_len >= 22 && get_u16(packet->payload, 0) == htons(0x0004) && 47 | get_u16(packet->payload, 2) == htons(0x0001) && get_u32(packet->payload, 4) == 0 && 48 | get_u32(packet->payload, 8) == htonl(packet->payload_packet_len - 16) && 49 | get_u32(packet->payload, 12) == 0 && get_u16(packet->payload, 16) == htons(0x0104)) { 50 | 51 | IPQ_LOG(IPOQUE_PROTOCOL_AFP, ipoque_struct, IPQ_LOG_DEBUG, "AFP: DSI OpenSession detected.\n"); 52 | ipoque_int_afp_add_connection(ipoque_struct); 53 | return; 54 | } 55 | 56 | /* 57 | * detection of GetStatus command of DSI protocl 58 | */ 59 | if (packet->payload_packet_len >= 18 && get_u16(packet->payload, 0) == htons(0x0003) && 60 | get_u16(packet->payload, 2) == htons(0x0001) && get_u32(packet->payload, 4) == 0 && 61 | get_u32(packet->payload, 8) == htonl(packet->payload_packet_len - 16) && 62 | get_u32(packet->payload, 12) == 0 && get_u16(packet->payload, 16) == htons(0x0f00)) { 63 | 64 | IPQ_LOG(IPOQUE_PROTOCOL_AFP, ipoque_struct, IPQ_LOG_DEBUG, "AFP: DSI GetStatus detected.\n"); 65 | ipoque_int_afp_add_connection(ipoque_struct); 66 | return; 67 | } 68 | 69 | 70 | IPQ_LOG(IPOQUE_PROTOCOL_AFP, ipoque_struct, IPQ_LOG_DEBUG, "AFP excluded.\n"); 71 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_AFP); 72 | } 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/applejuice.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * applejuice.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_APPLEJUICE 26 | 27 | 28 | static void ipoque_int_applejuice_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_APPLEJUICE, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | void ipoque_search_applejuice_tcp(struct ipoque_detection_module_struct 35 | *ipoque_struct) 36 | { 37 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 38 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 39 | // struct ipoque_id_struct *src=ipoque_struct->src; 40 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 41 | 42 | IPQ_LOG(IPOQUE_PROTOCOL_APPLEJUICE, ipoque_struct, IPQ_LOG_DEBUG, "search applejuice.\n"); 43 | 44 | if ((packet->payload_packet_len > 7) && (packet->payload[6] == 0x0d) 45 | && (packet->payload[7] == 0x0a) 46 | && (ipq_mem_cmp(packet->payload, "ajprot", 6) == 0)) { 47 | IPQ_LOG(IPOQUE_PROTOCOL_APPLEJUICE, ipoque_struct, IPQ_LOG_DEBUG, "detected applejuice.\n"); 48 | ipoque_int_applejuice_add_connection(ipoque_struct); 49 | return; 50 | } 51 | 52 | IPQ_LOG(IPOQUE_PROTOCOL_APPLEJUICE, ipoque_struct, IPQ_LOG_DEBUG, "exclude applejuice.\n"); 53 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_APPLEJUICE); 54 | } 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/bgp.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * bgp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_BGP 26 | 27 | 28 | static void ipoque_int_bgp_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | 32 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_BGP, IPOQUE_REAL_PROTOCOL); 33 | } 34 | 35 | /* this detection also works asymmetrically */ 36 | void ipoque_search_bgp(struct ipoque_detection_module_struct *ipoque_struct) 37 | { 38 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 39 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 40 | // struct ipoque_id_struct *src=ipoque_struct->src; 41 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 42 | 43 | if (packet->payload_packet_len > 18 && 44 | get_u64(packet->payload, 0) == 0xffffffffffffffffULL && 45 | get_u64(packet->payload, 8) == 0xffffffffffffffffULL && 46 | ntohs(get_u16(packet->payload, 16)) <= packet->payload_packet_len && 47 | (packet->tcp->dest == htons(179) || packet->tcp->source == htons(179)) 48 | && packet->payload[18] < 5) { 49 | IPQ_LOG(IPOQUE_PROTOCOL_BGP, ipoque_struct, IPQ_LOG_DEBUG, "BGP detected.\n"); 50 | ipoque_int_bgp_add_connection(ipoque_struct); 51 | return; 52 | } 53 | 54 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_BGP); 55 | } 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/dhcp.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * dhcp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | 26 | #ifdef IPOQUE_PROTOCOL_DHCP 27 | 28 | static void ipoque_int_dhcp_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | 32 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_DHCP, IPOQUE_REAL_PROTOCOL); 33 | } 34 | 35 | 36 | void ipoque_search_dhcp_udp(struct ipoque_detection_module_struct *ipoque_struct) 37 | { 38 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 39 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 40 | // struct ipoque_id_struct *src=ipoque_struct->src; 41 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 42 | 43 | /* this detection also works for asymmetric dhcp traffic */ 44 | 45 | /*check standard DHCP 0.0.0.0:68 -> 255.255.255.255:67 */ 46 | if (packet->payload_packet_len >= 244 && (packet->udp->source == htons(67) 47 | || packet->udp->source == htons(68)) 48 | && (packet->udp->dest == htons(67) || packet->udp->dest == htons(68)) 49 | && get_u32(packet->payload, 236) == htonl(0x63825363) 50 | && get_u16(packet->payload, 240) == htons(0x3501)) { 51 | 52 | IPQ_LOG(IPOQUE_PROTOCOL_DHCP, ipoque_struct, IPQ_LOG_DEBUG, "DHCP request\n"); 53 | 54 | ipoque_int_dhcp_add_connection(ipoque_struct); 55 | return; 56 | } 57 | 58 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_DHCP); 59 | } 60 | #endif 61 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/dhcpv6.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * dhcpv6.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | /* include files */ 26 | 27 | #include "ipq_protocols.h" 28 | #ifdef IPOQUE_PROTOCOL_DHCPV6 29 | 30 | static void ipoque_int_dhcpv6_add_connection(struct ipoque_detection_module_struct 31 | *ipoque_struct) 32 | { 33 | 34 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_DHCPV6, IPOQUE_REAL_PROTOCOL); 35 | } 36 | 37 | void ipoque_search_dhcpv6_udp(struct ipoque_detection_module_struct *ipoque_struct) 38 | { 39 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 40 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 41 | // struct ipoque_id_struct *src=ipoque_struct->src; 42 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 43 | 44 | if (packet->payload_packet_len >= 4 && 45 | (packet->udp->source == htons(546) || packet->udp->source == htons(547)) && 46 | (packet->udp->dest == htons(546) || packet->udp->dest == htons(547)) && 47 | packet->payload[0] >= 1 && packet->payload[0] <= 13) { 48 | 49 | IPQ_LOG(IPOQUE_PROTOCOL_DHCPV6, ipoque_struct, IPQ_LOG_DEBUG, "DHCPv6 detected.\n"); 50 | ipoque_int_dhcpv6_add_connection(ipoque_struct); 51 | return; 52 | } 53 | 54 | IPQ_LOG(IPOQUE_PROTOCOL_DHCPV6, ipoque_struct, IPQ_LOG_DEBUG, "DHCPv6 excluded.\n"); 55 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_DHCPV6); 56 | } 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/guildwars.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * guildwars.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | /* include files */ 26 | #include "ipq_protocols.h" 27 | #ifdef IPOQUE_PROTOCOL_GUILDWARS 28 | 29 | 30 | static void ipoque_int_guildwars_add_connection(struct ipoque_detection_module_struct 31 | *ipoque_struct) 32 | { 33 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_GUILDWARS, IPOQUE_REAL_PROTOCOL); 34 | } 35 | 36 | void ipoque_search_guildwars_tcp(struct ipoque_detection_module_struct 37 | *ipoque_struct) 38 | { 39 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 40 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 41 | // struct ipoque_id_struct *src=ipoque_struct->src; 42 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 43 | 44 | IPQ_LOG(IPOQUE_PROTOCOL_GUILDWARS, ipoque_struct, IPQ_LOG_DEBUG, "search guildwars.\n"); 45 | 46 | if (packet->payload_packet_len == 64 && get_u16(packet->payload, 1) == ntohs(0x050c) 47 | && memcmp(&packet->payload[50], "@2&P", 4) == 0) { 48 | IPQ_LOG(IPOQUE_PROTOCOL_GUILDWARS, ipoque_struct, IPQ_LOG_DEBUG, "GuildWars version 29.350: found.\n"); 49 | ipoque_int_guildwars_add_connection(ipoque_struct); 50 | return; 51 | } 52 | if (packet->payload_packet_len == 16 && get_u16(packet->payload, 1) == ntohs(0x040c) 53 | && get_u16(packet->payload, 4) == ntohs(0xa672) 54 | && packet->payload[8] == 0x01 && packet->payload[12] == 0x04) { 55 | IPQ_LOG(IPOQUE_PROTOCOL_GUILDWARS, ipoque_struct, IPQ_LOG_DEBUG, "GuildWars version 29.350: found.\n"); 56 | ipoque_int_guildwars_add_connection(ipoque_struct); 57 | return; 58 | } 59 | if (packet->payload_packet_len == 21 && get_u16(packet->payload, 0) == ntohs(0x0100) 60 | && get_u32(packet->payload, 5) == ntohl(0xf1001000) 61 | && packet->payload[9] == 0x01) { 62 | IPQ_LOG(IPOQUE_PROTOCOL_GUILDWARS, ipoque_struct, IPQ_LOG_DEBUG, "GuildWars version 216.107.245.50: found.\n"); 63 | ipoque_int_guildwars_add_connection(ipoque_struct); 64 | return; 65 | } 66 | 67 | IPQ_LOG(IPOQUE_PROTOCOL_GUILDWARS, ipoque_struct, IPQ_LOG_DEBUG, "exclude guildwars.\n"); 68 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_GUILDWARS); 69 | } 70 | 71 | #endif 72 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/halflife2_and_mods.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * halflife2_and_mods.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_HALFLIFE2 26 | 27 | 28 | static void ipoque_int_halflife2_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_HALFLIFE2, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | void ipoque_search_halflife2(struct ipoque_detection_module_struct *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src=ipoque_struct->src; 39 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 40 | 41 | if (flow->l4.udp.halflife2_stage == 0) { 42 | if (packet->payload_packet_len >= 20 43 | && get_u32(packet->payload, 0) == 0xFFFFFFFF 44 | && get_u32(packet->payload, packet->payload_packet_len - 4) == htonl(0x30303000)) { 45 | flow->l4.udp.halflife2_stage = 1 + packet->packet_direction; 46 | IPQ_LOG(IPOQUE_PROTOCOL_HALFLIFE2, ipoque_struct, IPQ_LOG_DEBUG, 47 | "halflife2 client req detected, waiting for server reply\n"); 48 | return; 49 | } 50 | } else if (flow->l4.udp.halflife2_stage == 2 - packet->packet_direction) { 51 | if (packet->payload_packet_len >= 20 52 | && get_u32(packet->payload, 0) == 0xFFFFFFFF 53 | && get_u32(packet->payload, packet->payload_packet_len - 4) == htonl(0x30303000)) { 54 | ipoque_int_halflife2_add_connection(ipoque_struct); 55 | IPQ_LOG(IPOQUE_PROTOCOL_HALFLIFE2, ipoque_struct, IPQ_LOG_DEBUG, "halflife2 server reply detected\n"); 56 | return; 57 | } 58 | } 59 | 60 | 61 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_HALFLIFE2); 62 | } 63 | 64 | #endif 65 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/http_activesync.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * http_activesync.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | #include "ipq_protocols.h" 26 | #ifdef IPOQUE_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 27 | static void ipoque_int_activesync_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, IPOQUE_CORRELATED_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_activesync(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | if (packet->tcp != NULL) { 38 | 39 | if (packet->payload_packet_len > 150 40 | && ((memcmp(packet->payload, "OPTIONS /Microsoft-Server-ActiveSync?", 37) == 0) 41 | || (memcmp(packet->payload, "POST /Microsoft-Server-ActiveSync?", 34) == 0))) { 42 | ipoque_int_activesync_add_connection(ipoque_struct); 43 | IPQ_LOG(IPOQUE_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, ipoque_struct, IPQ_LOG_DEBUG, 44 | " flow marked as ActiveSync \n"); 45 | return; 46 | } 47 | } 48 | 49 | IPQ_LOG(IPOQUE_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, ipoque_struct, IPQ_LOG_DEBUG, "exclude activesync\n"); 50 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC); 51 | 52 | } 53 | #endif 54 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/kerberos.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * kerberos.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | /* include files */ 26 | 27 | #include "ipq_protocols.h" 28 | #ifdef IPOQUE_PROTOCOL_KERBEROS 29 | 30 | static void ipoque_int_kerberos_add_connection(struct ipoque_detection_module_struct 31 | *ipoque_struct) 32 | { 33 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_KERBEROS, IPOQUE_REAL_PROTOCOL); 34 | } 35 | 36 | 37 | void ipoque_search_kerberos(struct ipoque_detection_module_struct 38 | *ipoque_struct) 39 | { 40 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 41 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 42 | // struct ipoque_id_struct *src=ipoque_struct->src; 43 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 44 | 45 | 46 | /* I have observed 0a,0c,0d,0e at packet->payload[19/21], maybe there are other possibilities */ 47 | if (packet->payload_packet_len >= 4 && ntohl(get_u32(packet->payload, 0)) == packet->payload_packet_len - 4) { 48 | if (packet->payload_packet_len > 19 && 49 | packet->payload[14] == 0x05 && 50 | (packet->payload[19] == 0x0a || 51 | packet->payload[19] == 0x0c || packet->payload[19] == 0x0d || packet->payload[19] == 0x0e)) { 52 | IPQ_LOG(IPOQUE_PROTOCOL_KERBEROS, ipoque_struct, IPQ_LOG_DEBUG, "found KERBEROS\n"); 53 | ipoque_int_kerberos_add_connection(ipoque_struct); 54 | return; 55 | 56 | } 57 | if (packet->payload_packet_len > 21 && 58 | packet->payload[16] == 0x05 && 59 | (packet->payload[21] == 0x0a || 60 | packet->payload[21] == 0x0c || packet->payload[21] == 0x0d || packet->payload[21] == 0x0e)) { 61 | IPQ_LOG(IPOQUE_PROTOCOL_KERBEROS, ipoque_struct, IPQ_LOG_DEBUG, "found KERBEROS\n"); 62 | ipoque_int_kerberos_add_connection(ipoque_struct); 63 | return; 64 | 65 | } 66 | 67 | 68 | 69 | } 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | IPQ_LOG(IPOQUE_PROTOCOL_KERBEROS, ipoque_struct, IPQ_LOG_DEBUG, "no KERBEROS detected.\n"); 79 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_KERBEROS); 80 | } 81 | 82 | #endif 83 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/kontiki.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * kontiki.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_KONTIKI 26 | 27 | static void ipoque_int_kontiki_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_KONTIKI, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_kontiki(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | // struct ipoque_id_struct *src=ipoque_struct->src; 38 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 39 | 40 | 41 | if (packet->payload_packet_len == 4 && (get_u32(packet->payload, 0) == htonl(0x02010100))) { 42 | IPQ_LOG(IPOQUE_PROTOCOL_KONTIKI, ipoque_struct, IPQ_LOG_DEBUG, "Kontiki UDP detected.\n"); 43 | ipoque_int_kontiki_add_connection(ipoque_struct); 44 | return; 45 | } 46 | if (packet->payload_packet_len > 0 && packet->payload[0] == 0x02) { 47 | 48 | if (packet->payload_packet_len == 20 && (get_u32(packet->payload, 16) == htonl(0x02040100))) { 49 | IPQ_LOG(IPOQUE_PROTOCOL_KONTIKI, ipoque_struct, IPQ_LOG_DEBUG, "Kontiki UDP detected.\n"); 50 | ipoque_int_kontiki_add_connection(ipoque_struct); 51 | return; 52 | } 53 | if (packet->payload_packet_len == 16 && (get_u32(packet->payload, 12) == htonl(0x000004e4))) { 54 | IPQ_LOG(IPOQUE_PROTOCOL_KONTIKI, ipoque_struct, IPQ_LOG_DEBUG, "Kontiki UDP detected.\n"); 55 | ipoque_int_kontiki_add_connection(ipoque_struct); 56 | return; 57 | } 58 | } 59 | 60 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_KONTIKI); 61 | } 62 | 63 | #endif 64 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/mssql.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * mssql.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | /* include files */ 26 | 27 | #include "ipq_protocols.h" 28 | #ifdef IPOQUE_PROTOCOL_MSSQL 29 | 30 | static void ipoque_int_mssql_add_connection(struct ipoque_detection_module_struct 31 | *ipoque_struct) 32 | { 33 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_MSSQL, IPOQUE_REAL_PROTOCOL); 34 | } 35 | 36 | void ipoque_search_mssql(struct ipoque_detection_module_struct 37 | *ipoque_struct) 38 | { 39 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 40 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 41 | 42 | 43 | 44 | IPQ_LOG(IPOQUE_PROTOCOL_MSSQL, ipoque_struct, IPQ_LOG_DEBUG, "search mssql.\n"); 45 | 46 | 47 | if (packet->payload_packet_len > 51 && ntohs(get_u32(packet->payload, 0)) == 0x1201 48 | && ntohs(get_u16(packet->payload, 2)) == packet->payload_packet_len 49 | && ntohl(get_u32(packet->payload, 4)) == 0x00000100 && memcmp(&packet->payload[41], "sqlexpress", 10) == 0) { 50 | IPQ_LOG(IPOQUE_PROTOCOL_MSSQL, ipoque_struct, IPQ_LOG_DEBUG, "found mssql.\n"); 51 | ipoque_int_mssql_add_connection(ipoque_struct); 52 | return; 53 | } 54 | 55 | 56 | IPQ_LOG(IPOQUE_PROTOCOL_MSSQL, ipoque_struct, IPQ_LOG_DEBUG, "exclude mssql.\n"); 57 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_MSSQL); 58 | } 59 | #endif 60 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/mysql.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * mysql.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_MYSQL 26 | 27 | static void ipoque_int_mysql_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_MYSQL, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_mysql_tcp(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | // struct ipoque_id_struct *src=ipoque_struct->src; 38 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 39 | 40 | if (packet->payload_packet_len > 37 //min length 41 | && get_u16(packet->payload, 0) == packet->payload_packet_len - 4 //first 3 bytes are length 42 | && get_u8(packet->payload, 2) == 0x00 //3rd byte of packet length 43 | && get_u8(packet->payload, 3) == 0x00 //packet sequence number is 0 for startup packet 44 | && get_u8(packet->payload, 5) > 0x30 //server version > 0 45 | && get_u8(packet->payload, 5) < 0x37 //server version < 7 46 | && get_u8(packet->payload, 6) == 0x2e //dot 47 | ) { 48 | u32 a; 49 | for (a = 7; a + 31 < packet->payload_packet_len; a++) { 50 | if (packet->payload[a] == 0x00) { 51 | if (get_u8(packet->payload, a + 13) == 0x00 //filler byte 52 | && get_u64(packet->payload, a + 19) == 0x0ULL //13 more 53 | && get_u32(packet->payload, a + 27) == 0x0 //filler bytes 54 | && get_u8(packet->payload, a + 31) == 0x0) { 55 | IPQ_LOG(IPOQUE_PROTOCOL_MYSQL, ipoque_struct, IPQ_LOG_DEBUG, "MySQL detected.\n"); 56 | ipoque_int_mysql_add_connection(ipoque_struct); 57 | return; 58 | } 59 | break; 60 | } 61 | } 62 | } 63 | 64 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_MYSQL); 65 | 66 | } 67 | 68 | #endif 69 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/nfs.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * nfs.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_NFS 26 | 27 | static void ipoque_int_nfs_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_NFS, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_nfs(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | // struct ipoque_id_struct *src=ipoque_struct->src; 38 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 39 | 40 | u8 offset = 0; 41 | if (packet->tcp != NULL) 42 | offset = 4; 43 | 44 | if (packet->payload_packet_len < (40 + offset)) 45 | goto exclude_nfs; 46 | 47 | IPQ_LOG(IPOQUE_PROTOCOL_NFS, ipoque_struct, IPQ_LOG_DEBUG, "NFS user match stage 1\n"); 48 | 49 | 50 | if (offset != 0 && get_u32(packet->payload, 0) != htonl(0x80000000 + packet->payload_packet_len - 4)) 51 | goto exclude_nfs; 52 | 53 | IPQ_LOG(IPOQUE_PROTOCOL_NFS, ipoque_struct, IPQ_LOG_DEBUG, "NFS user match stage 2\n"); 54 | 55 | if (get_u32(packet->payload, 4 + offset) != 0) 56 | goto exclude_nfs; 57 | 58 | IPQ_LOG(IPOQUE_PROTOCOL_NFS, ipoque_struct, IPQ_LOG_DEBUG, "NFS user match stage 3\n"); 59 | 60 | if (get_u32(packet->payload, 8 + offset) != htonl(0x02)) 61 | goto exclude_nfs; 62 | 63 | IPQ_LOG(IPOQUE_PROTOCOL_NFS, ipoque_struct, IPQ_LOG_DEBUG, "NFS match stage 3\n"); 64 | 65 | if (get_u32(packet->payload, 12 + offset) != htonl(0x000186a5) 66 | && get_u32(packet->payload, 12 + offset) != htonl(0x000186a3) 67 | && get_u32(packet->payload, 12 + offset) != htonl(0x000186a0)) 68 | goto exclude_nfs; 69 | 70 | IPQ_LOG(IPOQUE_PROTOCOL_NFS, ipoque_struct, IPQ_LOG_DEBUG, "NFS match stage 4\n"); 71 | 72 | if (ntohl(get_u32(packet->payload, 16 + offset)) > 4) 73 | goto exclude_nfs; 74 | 75 | IPQ_LOG(IPOQUE_PROTOCOL_NFS, ipoque_struct, IPQ_LOG_DEBUG, "NFS match\n"); 76 | 77 | ipoque_int_nfs_add_connection(ipoque_struct); 78 | return; 79 | 80 | exclude_nfs: 81 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_NFS); 82 | } 83 | 84 | #endif 85 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/ntp.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * ntp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_NTP 26 | 27 | static void ipoque_int_ntp_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_NTP, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | /* detection also works asymmetrically */ 34 | 35 | void ipoque_search_ntp_udp(struct ipoque_detection_module_struct *ipoque_struct) 36 | { 37 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 38 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 39 | // struct ipoque_id_struct *src=ipoque_struct->src; 40 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 41 | 42 | if (!(packet->udp->dest == htons(123) || packet->udp->source == htons(123))) 43 | goto exclude_ntp; 44 | 45 | IPQ_LOG(IPOQUE_PROTOCOL_NTP, ipoque_struct, IPQ_LOG_DEBUG, "NTP port detected\n"); 46 | 47 | if (packet->payload_packet_len != 48) 48 | goto exclude_ntp; 49 | 50 | IPQ_LOG(IPOQUE_PROTOCOL_NTP, ipoque_struct, IPQ_LOG_DEBUG, "NTP length detected\n"); 51 | 52 | 53 | if ((((packet->payload[0] & 0x38) >> 3) <= 4)) { 54 | IPQ_LOG(IPOQUE_PROTOCOL_NTP, ipoque_struct, IPQ_LOG_DEBUG, "detected NTP."); 55 | ipoque_int_ntp_add_connection(ipoque_struct); 56 | return; 57 | } 58 | 59 | 60 | 61 | exclude_ntp: 62 | IPQ_LOG(IPOQUE_PROTOCOL_NTP, ipoque_struct, IPQ_LOG_DEBUG, "NTP excluded.\n"); 63 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_NTP); 64 | } 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/openft.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * openft.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_OPENFT 26 | 27 | static void ipoque_int_openft_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_OPENFT, IPOQUE_CORRELATED_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_openft_tcp(struct ipoque_detection_module_struct 34 | *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src=ipoque_struct->src; 39 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 40 | 41 | if (packet->payload_packet_len > 5 && memcmp(packet->payload, "GET /", 5) == 0) { 42 | IPQ_LOG(IPOQUE_PROTOCOL_OPENFT, ipoque_struct, IPQ_LOG_DEBUG, "HTTP packet detected.\n"); 43 | ipq_parse_packet_line_info(ipoque_struct); 44 | if (packet->parsed_lines >= 2 45 | && packet->line[1].len > 13 && ipq_mem_cmp(packet->line[1].ptr, "X-OpenftAlias:", 14) == 0) { 46 | IPQ_LOG(IPOQUE_PROTOCOL_OPENFT, ipoque_struct, IPQ_LOG_DEBUG, "OpenFT detected.\n"); 47 | ipoque_int_openft_add_connection(ipoque_struct); 48 | return; 49 | } 50 | } 51 | 52 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_OPENFT); 53 | } 54 | #endif 55 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/pcanywhere.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * pcanywhere.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_PCANYWHERE 26 | 27 | static void ipoque_int_pcanywhere_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_PCANYWHERE, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_pcanywhere(struct ipoque_detection_module_struct 34 | *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src=ipoque_struct->src; 39 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 40 | 41 | if (packet->udp != NULL && packet->udp->dest == htons(5632) 42 | && packet->payload_packet_len == 2 43 | && (ipq_mem_cmp(packet->payload, "NQ", 2) == 0 || ipq_mem_cmp(packet->payload, "ST", 2) == 0)) { 44 | IPQ_LOG(IPOQUE_PROTOCOL_PCANYWHERE, ipoque_struct, IPQ_LOG_DEBUG, 45 | "PC Anywhere name or status query detected.\n"); 46 | ipoque_int_pcanywhere_add_connection(ipoque_struct); 47 | return; 48 | } 49 | 50 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_PCANYWHERE); 51 | } 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/pptp.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * pptp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | /* include files */ 26 | 27 | #include "ipq_protocols.h" 28 | #ifdef IPOQUE_PROTOCOL_PPTP 29 | 30 | static void ipoque_int_pptp_add_connection(struct ipoque_detection_module_struct 31 | *ipoque_struct) 32 | { 33 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_PPTP, IPOQUE_REAL_PROTOCOL); 34 | } 35 | 36 | void ipoque_search_pptp(struct ipoque_detection_module_struct 37 | *ipoque_struct) 38 | { 39 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 40 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 41 | 42 | // struct ipoque_id_struct *src=ipoque_struct->src; 43 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 44 | 45 | if (packet->payload_packet_len >= 10 && get_u16(packet->payload, 0) == htons(packet->payload_packet_len) 46 | && get_u16(packet->payload, 2) == htons(0x0001) /* message type: control message */ 47 | &&get_u32(packet->payload, 4) == htonl(0x1a2b3c4d) /* cookie: correct */ 48 | &&(get_u16(packet->payload, 8) == htons(0x0001) /* control type: start-control-connection-request */ 49 | )) { 50 | 51 | IPQ_LOG(IPOQUE_PROTOCOL_PPTP, ipoque_struct, IPQ_LOG_DEBUG, "found pptp.\n"); 52 | ipoque_int_pptp_add_connection(ipoque_struct); 53 | return; 54 | } 55 | 56 | IPQ_LOG(IPOQUE_PROTOCOL_PPTP, ipoque_struct, IPQ_LOG_DEBUG, "exclude pptp.\n"); 57 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_PPTP); 58 | } 59 | #endif 60 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/rdp.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * rdp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_RDP 26 | 27 | static void ipoque_int_rdp_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_RDP, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_rdp(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | // struct ipoque_id_struct *src=ipoque_struct->src; 38 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 39 | 40 | if (packet->payload_packet_len > 10 41 | && get_u8(packet->payload, 0) > 0 42 | && get_u8(packet->payload, 0) < 4 && get_u16(packet->payload, 2) == ntohs(packet->payload_packet_len) 43 | && get_u8(packet->payload, 4) == packet->payload_packet_len - 5 44 | && get_u8(packet->payload, 5) == 0xe0 45 | && get_u16(packet->payload, 6) == 0 && get_u16(packet->payload, 8) == 0 && get_u8(packet->payload, 10) == 0) { 46 | IPQ_LOG(IPOQUE_PROTOCOL_RDP, ipoque_struct, IPQ_LOG_DEBUG, "RDP detected.\n"); 47 | ipoque_int_rdp_add_connection(ipoque_struct); 48 | return; 49 | } 50 | 51 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_RDP); 52 | } 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/smb.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * smb.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_SMB 26 | 27 | static void ipoque_int_smb_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_SMB, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_smb_tcp(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | // struct ipoque_id_struct *src=ipoque_struct->src; 38 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 39 | 40 | IPQ_LOG(IPOQUE_PROTOCOL_SMB, ipoque_struct, IPQ_LOG_DEBUG, "search SMB.\n"); 41 | 42 | 43 | if (packet->tcp->dest == htons(445) 44 | && packet->payload_packet_len > (32 + 4 + 4) 45 | && (packet->payload_packet_len - 4) == ntohl(get_u32(packet->payload, 0)) 46 | && get_u32(packet->payload, 4) == htonl(0xff534d42)) { 47 | IPQ_LOG(IPOQUE_PROTOCOL_SMB, ipoque_struct, IPQ_LOG_DEBUG, "found SMB.\n"); 48 | ipoque_int_smb_add_connection(ipoque_struct); 49 | return; 50 | 51 | } 52 | 53 | 54 | IPQ_LOG(IPOQUE_PROTOCOL_SMB, ipoque_struct, IPQ_LOG_DEBUG, "exclude SMB.\n"); 55 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_SMB); 56 | } 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/socrates.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * socrates.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_SOCRATES 26 | 27 | 28 | static void ipoque_socrates_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_SOCRATES, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | void ipoque_search_socrates(struct ipoque_detection_module_struct 35 | *ipoque_struct) 36 | { 37 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 38 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 39 | // struct ipoque_id_struct *src=ipoque_struct->src; 40 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 41 | 42 | 43 | 44 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "search socrates.\n"); 45 | if (packet->udp != NULL) { 46 | if (packet->payload_packet_len > 9 && packet->payload[0] == 0xfe 47 | && packet->payload[packet->payload_packet_len - 1] == 0x05) { 48 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "found fe.\n"); 49 | 50 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "len match.\n"); 51 | if (memcmp(&packet->payload[2], "socrates", 8) == 0) { 52 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "found socrates udp.\n"); 53 | ipoque_socrates_add_connection(ipoque_struct); 54 | } 55 | 56 | } 57 | } else if (packet->tcp != NULL) { 58 | if (packet->payload_packet_len > 13 && packet->payload[0] == 0xfe 59 | && packet->payload[packet->payload_packet_len - 1] == 0x05) { 60 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "found fe.\n"); 61 | if (packet->payload_packet_len == ntohl(get_u32(packet->payload, 2))) { 62 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "len match.\n"); 63 | if (memcmp(&packet->payload[6], "socrates", 8) == 0) { 64 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "found socrates tcp.\n"); 65 | ipoque_socrates_add_connection(ipoque_struct); 66 | } 67 | } 68 | } 69 | } 70 | 71 | 72 | 73 | 74 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "exclude socrates.\n"); 75 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_SOCRATES); 76 | } 77 | 78 | #endif 79 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/ssdp.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * ssdp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_SSDP 26 | 27 | 28 | static void ipoque_int_ssdp_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_SSDP, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | /* this detection also works asymmetrically */ 35 | void ipoque_search_ssdp(struct ipoque_detection_module_struct *ipoque_struct) 36 | { 37 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 38 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 39 | // struct ipoque_id_struct *src=ipoque_struct->src; 40 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 41 | 42 | IPQ_LOG(IPOQUE_PROTOCOL_SSDP, ipoque_struct, IPQ_LOG_DEBUG, "search ssdp.\n"); 43 | if (packet->udp != NULL) { 44 | 45 | if (packet->payload_packet_len > 100) { 46 | if ((memcmp(packet->payload, "M-SEARCH * HTTP/1.1", 19) == 0) 47 | || memcmp(packet->payload, "NOTIFY * HTTP/1.1", 17) == 0) { 48 | 49 | 50 | IPQ_LOG(IPOQUE_PROTOCOL_SSDP, ipoque_struct, IPQ_LOG_DEBUG, "found ssdp.\n"); 51 | ipoque_int_ssdp_add_connection(ipoque_struct); 52 | return; 53 | } 54 | } 55 | } 56 | 57 | IPQ_LOG(IPOQUE_PROTOCOL_SSDP, ipoque_struct, IPQ_LOG_DEBUG, "ssdp excluded.\n"); 58 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_SSDP); 59 | } 60 | 61 | #endif 62 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/ssh.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * ssh.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_SSH 26 | 27 | static void ipoque_int_ssh_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_SSH, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_ssh_tcp(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | // struct ipoque_id_struct *src=ipoque_struct->src; 38 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 39 | 40 | 41 | 42 | if (flow->l4.tcp.ssh_stage == 0) { 43 | if (packet->payload_packet_len > 7 && packet->payload_packet_len < 100 44 | && memcmp(packet->payload, "SSH-", 4) == 0) { 45 | IPQ_LOG(IPOQUE_PROTOCOL_SSH, ipoque_struct, IPQ_LOG_DEBUG, "ssh stage 0 passed\n"); 46 | flow->l4.tcp.ssh_stage = 1 + packet->packet_direction; 47 | return; 48 | } 49 | } else if (flow->l4.tcp.ssh_stage == (2 - packet->packet_direction)) { 50 | if (packet->payload_packet_len > 7 && packet->payload_packet_len < 100 51 | && memcmp(packet->payload, "SSH-", 4) == 0) { 52 | IPQ_LOG(IPOQUE_PROTOCOL_SSH, ipoque_struct, IPQ_LOG_DEBUG, "found ssh\n"); 53 | ipoque_int_ssh_add_connection(ipoque_struct); 54 | return; 55 | 56 | } 57 | 58 | 59 | } 60 | 61 | IPQ_LOG(IPOQUE_PROTOCOL_SSH, ipoque_struct, IPQ_LOG_DEBUG, "excluding ssh at stage %d\n", flow->l4.tcp.ssh_stage); 62 | 63 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_SSH); 64 | } 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/stealthnet.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * stealthnet.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | 26 | #ifdef IPOQUE_PROTOCOL_STEALTHNET 27 | 28 | 29 | static void ipoque_int_stealthnet_add_connection(struct ipoque_detection_module_struct 30 | *ipoque_struct) 31 | { 32 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_STEALTHNET, IPOQUE_REAL_PROTOCOL); 33 | } 34 | 35 | void ipoque_search_stealthnet(struct ipoque_detection_module_struct 36 | *ipoque_struct) 37 | { 38 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 39 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 40 | 41 | // struct ipoque_id_struct *src = ipoque_struct->src; 42 | // struct ipoque_id_struct *dst = ipoque_struct->dst; 43 | 44 | 45 | if (packet->payload_packet_len > 40 46 | && memcmp(packet->payload, "LARS REGENSBURGER'S FILE SHARING PROTOCOL", 41) == 0) { 47 | IPQ_LOG(IPOQUE_PROTOCOL_STEALTHNET, ipoque_struct, IPQ_LOG_DEBUG, "found stealthnet\n"); 48 | ipoque_int_stealthnet_add_connection(ipoque_struct); 49 | return; 50 | } 51 | 52 | IPQ_LOG(IPOQUE_PROTOCOL_STEALTHNET, ipoque_struct, IPQ_LOG_DEBUG, "exclude stealthnet.\n"); 53 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_STEALTHNET); 54 | 55 | } 56 | #endif 57 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/steam.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * steam.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_STEAM 26 | 27 | 28 | static void ipoque_int_steam_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_STEAM, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | void ipoque_search_steam(struct ipoque_detection_module_struct *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src=ipoque_struct->src; 39 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 40 | 41 | if (flow->l4.tcp.steam_stage == 0) { 42 | if (packet->payload_packet_len == 4 43 | && ntohl(get_u32(packet->payload, 0)) <= 0x07 44 | && ntohs(packet->tcp->dest) >= 27030 && ntohs(packet->tcp->dest) <= 27040) { 45 | flow->l4.tcp.steam_stage = 1 + packet->packet_direction; 46 | IPQ_LOG(IPOQUE_PROTOCOL_STEAM, ipoque_struct, IPQ_LOG_DEBUG, "steam stage 1\n"); 47 | return; 48 | } 49 | 50 | } else if (flow->l4.tcp.steam_stage == 2 - packet->packet_direction) { 51 | if ((packet->payload_packet_len == 1 || packet->payload_packet_len == 5) 52 | && packet->payload[0] == 0x01) { 53 | ipoque_int_steam_add_connection(ipoque_struct); 54 | IPQ_LOG(IPOQUE_PROTOCOL_STEAM, ipoque_struct, IPQ_LOG_DEBUG, "steam detected\n"); 55 | return; 56 | } 57 | } 58 | 59 | IPQ_LOG(IPOQUE_PROTOCOL_STEAM, ipoque_struct, IPQ_LOG_DEBUG, "steam excluded.\n"); 60 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_STEAM); 61 | } 62 | 63 | #endif 64 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/tds.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * tds.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_TDS 26 | 27 | static void ipoque_int_tds_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_TDS, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_tds_tcp(struct ipoque_detection_module_struct 34 | *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src=ipoque_struct->src; 39 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 40 | 41 | if (packet->payload_packet_len > 8 42 | && packet->payload_packet_len < 512 43 | && packet->payload[1] < 0x02 44 | && ntohs(get_u16(packet->payload, 2)) == packet->payload_packet_len && get_u16(packet->payload, 4) == 0x0000) { 45 | 46 | if (flow->l4.tcp.tds_stage == 0) { 47 | if (packet->payload[0] != 0x02 && packet->payload[0] != 0x07 && packet->payload[0] != 0x12) { 48 | goto exclude_tds; 49 | } else { 50 | flow->l4.tcp.tds_stage = 1 + packet->packet_direction; 51 | flow->l4.tcp.tds_login_version = packet->payload[0]; 52 | return; 53 | } 54 | } else if (flow->l4.tcp.tds_stage == 2 - packet->packet_direction) { 55 | switch (flow->l4.tcp.tds_login_version) { 56 | case 0x12: 57 | if (packet->payload[0] == 0x04) { 58 | flow->l4.tcp.tds_stage = 3 + packet->packet_direction; 59 | return; 60 | } else { 61 | goto exclude_tds; 62 | } 63 | //TODO: add more cases for other versions 64 | default: 65 | goto exclude_tds; 66 | } 67 | } else if (flow->l4.tcp.tds_stage == 4 - packet->packet_direction) { 68 | switch (flow->l4.tcp.tds_login_version) { 69 | case 0x12: 70 | if (packet->payload[0] == 0x12) { 71 | IPQ_LOG(IPOQUE_PROTOCOL_TDS, ipoque_struct, IPQ_LOG_DEBUG, "TDS detected\n"); 72 | ipoque_int_tds_add_connection(ipoque_struct); 73 | return; 74 | } else { 75 | goto exclude_tds; 76 | } 77 | //TODO: add more cases for other versions 78 | default: 79 | goto exclude_tds; 80 | } 81 | } 82 | } 83 | 84 | exclude_tds: 85 | 86 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_TDS); 87 | } 88 | 89 | #endif 90 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/tftp.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * tftp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_TFTP 26 | 27 | static void ipoque_int_tftp_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_TFTP, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_tftp(struct ipoque_detection_module_struct 34 | *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | 39 | 40 | 41 | IPQ_LOG(IPOQUE_PROTOCOL_TFTP, ipoque_struct, IPQ_LOG_DEBUG, "search TFTP.\n"); 42 | 43 | 44 | 45 | if (packet->payload_packet_len > 3 && flow->l4.udp.tftp_stage == 0 46 | && ntohl(get_u32(packet->payload, 0)) == 0x00030001) { 47 | IPQ_LOG(IPOQUE_PROTOCOL_TFTP, ipoque_struct, IPQ_LOG_DEBUG, "maybe tftp. need next packet.\n"); 48 | flow->l4.udp.tftp_stage = 1; 49 | return; 50 | } 51 | if (packet->payload_packet_len > 3 && (flow->l4.udp.tftp_stage == 1) 52 | && ntohl(get_u32(packet->payload, 0)) == 0x00040001) { 53 | 54 | IPQ_LOG(IPOQUE_PROTOCOL_TFTP, ipoque_struct, IPQ_LOG_DEBUG, "found tftp.\n"); 55 | ipoque_int_tftp_add_connection(ipoque_struct); 56 | return; 57 | } 58 | if (packet->payload_packet_len > 1 59 | && ((packet->payload[0] == 0 && packet->payload[packet->payload_packet_len - 1] == 0) 60 | || (packet->payload_packet_len == 4 && ntohl(get_u32(packet->payload, 0)) == 0x00040000))) { 61 | IPQ_LOG(IPOQUE_PROTOCOL_TFTP, ipoque_struct, IPQ_LOG_DEBUG, "skip initial packet.\n"); 62 | return; 63 | } 64 | 65 | IPQ_LOG(IPOQUE_PROTOCOL_TFTP, ipoque_struct, IPQ_LOG_DEBUG, "exclude TFTP.\n"); 66 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_TFTP); 67 | } 68 | #endif 69 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/vnc.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * vnc.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | 26 | #ifdef IPOQUE_PROTOCOL_VNC 27 | 28 | static void ipoque_int_vnc_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_VNC, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | /* 35 | return 0 if nothing has been detected 36 | return 1 if it is a http packet 37 | */ 38 | 39 | void ipoque_search_vnc_tcp(struct ipoque_detection_module_struct *ipoque_struct) 40 | { 41 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 42 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 43 | // struct ipoque_id_struct *src=ipoque_struct->src; 44 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 45 | 46 | 47 | if (flow->l4.tcp.vnc_stage == 0) { 48 | if (packet->payload_packet_len == 12 49 | && memcmp(packet->payload, "RFB 003.00", 10) == 0 && packet->payload[11] == 0x0a) { 50 | IPQ_LOG(IPOQUE_PROTOCOL_POPO, ipoque_struct, IPQ_LOG_DEBUG, "reached vnc stage one\n"); 51 | flow->l4.tcp.vnc_stage = 1 + packet->packet_direction; 52 | return; 53 | } 54 | } else if (flow->l4.tcp.vnc_stage == 2 - packet->packet_direction) { 55 | if (packet->payload_packet_len == 12 56 | && memcmp(packet->payload, "RFB 003.00", 10) == 0 && packet->payload[11] == 0x0a) { 57 | IPQ_LOG(IPOQUE_PROTOCOL_VNC, ipoque_struct, IPQ_LOG_DEBUG, "found vnc\n"); 58 | ipoque_int_vnc_add_connection(ipoque_struct); 59 | return; 60 | } 61 | } 62 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_VNC); 63 | 64 | } 65 | #endif 66 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/world_of_kung_fu.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * world_of_kung_fu.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | /* include files */ 26 | #include "ipq_protocols.h" 27 | #ifdef IPOQUE_PROTOCOL_WORLD_OF_KUNG_FU 28 | 29 | static void ipoque_int_world_of_kung_fu_add_connection(struct ipoque_detection_module_struct *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_WORLD_OF_KUNG_FU, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | void ipoque_search_world_of_kung_fu(struct ipoque_detection_module_struct *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src=ipoque_struct->src; 39 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 40 | 41 | IPQ_LOG(IPOQUE_PROTOCOL_WORLD_OF_KUNG_FU, ipoque_struct, IPQ_LOG_DEBUG, "search world_of_kung_fu.\n"); 42 | 43 | if ((packet->payload_packet_len == 16) 44 | && ntohl(get_u32(packet->payload, 0)) == 0x0c000000 && ntohl(get_u32(packet->payload, 4)) == 0xd2000c00 45 | && (packet->payload[9] 46 | == 0x16) && ntohs(get_u16(packet->payload, 10)) == 0x0000 && ntohs(get_u16(packet->payload, 14)) == 0x0000) { 47 | IPQ_LOG(IPOQUE_PROTOCOL_WORLD_OF_KUNG_FU, ipoque_struct, IPQ_LOG_DEBUG, "detected world_of_kung_fu.\n"); 48 | ipoque_int_world_of_kung_fu_add_connection(ipoque_struct); 49 | return; 50 | } 51 | 52 | IPQ_LOG(IPOQUE_PROTOCOL_WORLD_OF_KUNG_FU, ipoque_struct, IPQ_LOG_DEBUG, "exclude world_of_kung_fu.\n"); 53 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_WORLD_OF_KUNG_FU); 54 | } 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /src/lib/protocols/.svn/text-base/xdmcp.c.svn-base: -------------------------------------------------------------------------------- 1 | /* 2 | * xdmcp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_XDMCP 26 | 27 | 28 | static void ipoque_int_xdmcp_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_XDMCP, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | void ipoque_search_xdmcp(struct ipoque_detection_module_struct 35 | *ipoque_struct) 36 | { 37 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 38 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 39 | // struct ipoque_id_struct *src=ipoque_struct->src; 40 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 41 | 42 | IPQ_LOG(IPOQUE_PROTOCOL_XDMCP, ipoque_struct, IPQ_LOG_DEBUG, "search xdmcp.\n"); 43 | 44 | if (packet->tcp != NULL && (ntohs(packet->tcp->dest) >= 6000 && ntohs(packet->tcp->dest) <= 6005) 45 | && packet->payload_packet_len == 48 46 | && packet->payload[0] == 0x6c && packet->payload[1] == 0x00 47 | && ntohs(get_u16(packet->payload, 6)) == 0x1200 && ntohs(get_u16(packet->payload, 8)) == 0x1000) { 48 | 49 | IPQ_LOG(IPOQUE_PROTOCOL_XDMCP, ipoque_struct, IPQ_LOG_DEBUG, "found xdmcp over tcp.\n"); 50 | ipoque_int_xdmcp_add_connection(ipoque_struct); 51 | return; 52 | } 53 | if (packet->udp != NULL && ntohs(packet->udp->dest) == 177 54 | && packet->payload_packet_len >= 6 && packet->payload_packet_len == 6 + ntohs(get_u16(packet->payload, 4)) 55 | && ntohs(get_u16(packet->payload, 0)) == 0x0001 && ntohs(get_u16(packet->payload, 2)) == 0x0002) { 56 | 57 | IPQ_LOG(IPOQUE_PROTOCOL_XDMCP, ipoque_struct, IPQ_LOG_DEBUG, "found xdmcp over udp.\n"); 58 | ipoque_int_xdmcp_add_connection(ipoque_struct); 59 | return; 60 | } 61 | 62 | 63 | IPQ_LOG(IPOQUE_PROTOCOL_XDMCP, ipoque_struct, IPQ_LOG_DEBUG, "exclude xdmcp.\n"); 64 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_XDMCP); 65 | } 66 | 67 | #endif 68 | -------------------------------------------------------------------------------- /src/lib/protocols/afp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * afp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_AFP 26 | 27 | static void ipoque_int_afp_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_AFP, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | 34 | void ipoque_search_afp(struct ipoque_detection_module_struct *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src = ipoque_struct->src; 39 | // struct ipoque_id_struct *dst = ipoque_struct->dst; 40 | 41 | 42 | /* 43 | * this will detect the OpenSession command of the Data Stream Interface (DSI) protocol 44 | * which is exclusively used by the Apple Filing Protocol (AFP) on TCP/IP networks 45 | */ 46 | if (packet->payload_packet_len >= 22 && get_u16(packet->payload, 0) == htons(0x0004) && 47 | get_u16(packet->payload, 2) == htons(0x0001) && get_u32(packet->payload, 4) == 0 && 48 | get_u32(packet->payload, 8) == htonl(packet->payload_packet_len - 16) && 49 | get_u32(packet->payload, 12) == 0 && get_u16(packet->payload, 16) == htons(0x0104)) { 50 | 51 | IPQ_LOG(IPOQUE_PROTOCOL_AFP, ipoque_struct, IPQ_LOG_DEBUG, "AFP: DSI OpenSession detected.\n"); 52 | ipoque_int_afp_add_connection(ipoque_struct); 53 | return; 54 | } 55 | 56 | /* 57 | * detection of GetStatus command of DSI protocl 58 | */ 59 | if (packet->payload_packet_len >= 18 && get_u16(packet->payload, 0) == htons(0x0003) && 60 | get_u16(packet->payload, 2) == htons(0x0001) && get_u32(packet->payload, 4) == 0 && 61 | get_u32(packet->payload, 8) == htonl(packet->payload_packet_len - 16) && 62 | get_u32(packet->payload, 12) == 0 && get_u16(packet->payload, 16) == htons(0x0f00)) { 63 | 64 | IPQ_LOG(IPOQUE_PROTOCOL_AFP, ipoque_struct, IPQ_LOG_DEBUG, "AFP: DSI GetStatus detected.\n"); 65 | ipoque_int_afp_add_connection(ipoque_struct); 66 | return; 67 | } 68 | 69 | 70 | IPQ_LOG(IPOQUE_PROTOCOL_AFP, ipoque_struct, IPQ_LOG_DEBUG, "AFP excluded.\n"); 71 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_AFP); 72 | } 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /src/lib/protocols/applejuice.c: -------------------------------------------------------------------------------- 1 | /* 2 | * applejuice.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_APPLEJUICE 26 | 27 | 28 | static void ipoque_int_applejuice_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_APPLEJUICE, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | void ipoque_search_applejuice_tcp(struct ipoque_detection_module_struct 35 | *ipoque_struct) 36 | { 37 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 38 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 39 | // struct ipoque_id_struct *src=ipoque_struct->src; 40 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 41 | 42 | IPQ_LOG(IPOQUE_PROTOCOL_APPLEJUICE, ipoque_struct, IPQ_LOG_DEBUG, "search applejuice.\n"); 43 | 44 | if ((packet->payload_packet_len > 7) && (packet->payload[6] == 0x0d) 45 | && (packet->payload[7] == 0x0a) 46 | && (ipq_mem_cmp(packet->payload, "ajprot", 6) == 0)) { 47 | IPQ_LOG(IPOQUE_PROTOCOL_APPLEJUICE, ipoque_struct, IPQ_LOG_DEBUG, "detected applejuice.\n"); 48 | ipoque_int_applejuice_add_connection(ipoque_struct); 49 | return; 50 | } 51 | 52 | IPQ_LOG(IPOQUE_PROTOCOL_APPLEJUICE, ipoque_struct, IPQ_LOG_DEBUG, "exclude applejuice.\n"); 53 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_APPLEJUICE); 54 | } 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /src/lib/protocols/bgp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * bgp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_BGP 26 | 27 | 28 | static void ipoque_int_bgp_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | 32 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_BGP, IPOQUE_REAL_PROTOCOL); 33 | } 34 | 35 | /* this detection also works asymmetrically */ 36 | void ipoque_search_bgp(struct ipoque_detection_module_struct *ipoque_struct) 37 | { 38 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 39 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 40 | // struct ipoque_id_struct *src=ipoque_struct->src; 41 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 42 | 43 | if (packet->payload_packet_len > 18 && 44 | get_u64(packet->payload, 0) == 0xffffffffffffffffULL && 45 | get_u64(packet->payload, 8) == 0xffffffffffffffffULL && 46 | ntohs(get_u16(packet->payload, 16)) <= packet->payload_packet_len && 47 | (packet->tcp->dest == htons(179) || packet->tcp->source == htons(179)) 48 | && packet->payload[18] < 5) { 49 | IPQ_LOG(IPOQUE_PROTOCOL_BGP, ipoque_struct, IPQ_LOG_DEBUG, "BGP detected.\n"); 50 | ipoque_int_bgp_add_connection(ipoque_struct); 51 | return; 52 | } 53 | 54 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_BGP); 55 | } 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /src/lib/protocols/dhcp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * dhcp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | 26 | #ifdef IPOQUE_PROTOCOL_DHCP 27 | 28 | static void ipoque_int_dhcp_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | 32 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_DHCP, IPOQUE_REAL_PROTOCOL); 33 | } 34 | 35 | 36 | void ipoque_search_dhcp_udp(struct ipoque_detection_module_struct *ipoque_struct) 37 | { 38 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 39 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 40 | // struct ipoque_id_struct *src=ipoque_struct->src; 41 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 42 | 43 | /* this detection also works for asymmetric dhcp traffic */ 44 | 45 | /*check standard DHCP 0.0.0.0:68 -> 255.255.255.255:67 */ 46 | if (packet->payload_packet_len >= 244 && (packet->udp->source == htons(67) 47 | || packet->udp->source == htons(68)) 48 | && (packet->udp->dest == htons(67) || packet->udp->dest == htons(68)) 49 | && get_u32(packet->payload, 236) == htonl(0x63825363) 50 | && get_u16(packet->payload, 240) == htons(0x3501)) { 51 | 52 | IPQ_LOG(IPOQUE_PROTOCOL_DHCP, ipoque_struct, IPQ_LOG_DEBUG, "DHCP request\n"); 53 | 54 | ipoque_int_dhcp_add_connection(ipoque_struct); 55 | return; 56 | } 57 | 58 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_DHCP); 59 | } 60 | #endif 61 | -------------------------------------------------------------------------------- /src/lib/protocols/dhcpv6.c: -------------------------------------------------------------------------------- 1 | /* 2 | * dhcpv6.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | /* include files */ 26 | 27 | #include "ipq_protocols.h" 28 | #ifdef IPOQUE_PROTOCOL_DHCPV6 29 | 30 | static void ipoque_int_dhcpv6_add_connection(struct ipoque_detection_module_struct 31 | *ipoque_struct) 32 | { 33 | 34 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_DHCPV6, IPOQUE_REAL_PROTOCOL); 35 | } 36 | 37 | void ipoque_search_dhcpv6_udp(struct ipoque_detection_module_struct *ipoque_struct) 38 | { 39 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 40 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 41 | // struct ipoque_id_struct *src=ipoque_struct->src; 42 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 43 | 44 | if (packet->payload_packet_len >= 4 && 45 | (packet->udp->source == htons(546) || packet->udp->source == htons(547)) && 46 | (packet->udp->dest == htons(546) || packet->udp->dest == htons(547)) && 47 | packet->payload[0] >= 1 && packet->payload[0] <= 13) { 48 | 49 | IPQ_LOG(IPOQUE_PROTOCOL_DHCPV6, ipoque_struct, IPQ_LOG_DEBUG, "DHCPv6 detected.\n"); 50 | ipoque_int_dhcpv6_add_connection(ipoque_struct); 51 | return; 52 | } 53 | 54 | IPQ_LOG(IPOQUE_PROTOCOL_DHCPV6, ipoque_struct, IPQ_LOG_DEBUG, "DHCPv6 excluded.\n"); 55 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_DHCPV6); 56 | } 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /src/lib/protocols/guildwars.c: -------------------------------------------------------------------------------- 1 | /* 2 | * guildwars.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | /* include files */ 26 | #include "ipq_protocols.h" 27 | #ifdef IPOQUE_PROTOCOL_GUILDWARS 28 | 29 | 30 | static void ipoque_int_guildwars_add_connection(struct ipoque_detection_module_struct 31 | *ipoque_struct) 32 | { 33 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_GUILDWARS, IPOQUE_REAL_PROTOCOL); 34 | } 35 | 36 | void ipoque_search_guildwars_tcp(struct ipoque_detection_module_struct 37 | *ipoque_struct) 38 | { 39 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 40 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 41 | // struct ipoque_id_struct *src=ipoque_struct->src; 42 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 43 | 44 | IPQ_LOG(IPOQUE_PROTOCOL_GUILDWARS, ipoque_struct, IPQ_LOG_DEBUG, "search guildwars.\n"); 45 | 46 | if (packet->payload_packet_len == 64 && get_u16(packet->payload, 1) == ntohs(0x050c) 47 | && memcmp(&packet->payload[50], "@2&P", 4) == 0) { 48 | IPQ_LOG(IPOQUE_PROTOCOL_GUILDWARS, ipoque_struct, IPQ_LOG_DEBUG, "GuildWars version 29.350: found.\n"); 49 | ipoque_int_guildwars_add_connection(ipoque_struct); 50 | return; 51 | } 52 | if (packet->payload_packet_len == 16 && get_u16(packet->payload, 1) == ntohs(0x040c) 53 | && get_u16(packet->payload, 4) == ntohs(0xa672) 54 | && packet->payload[8] == 0x01 && packet->payload[12] == 0x04) { 55 | IPQ_LOG(IPOQUE_PROTOCOL_GUILDWARS, ipoque_struct, IPQ_LOG_DEBUG, "GuildWars version 29.350: found.\n"); 56 | ipoque_int_guildwars_add_connection(ipoque_struct); 57 | return; 58 | } 59 | if (packet->payload_packet_len == 21 && get_u16(packet->payload, 0) == ntohs(0x0100) 60 | && get_u32(packet->payload, 5) == ntohl(0xf1001000) 61 | && packet->payload[9] == 0x01) { 62 | IPQ_LOG(IPOQUE_PROTOCOL_GUILDWARS, ipoque_struct, IPQ_LOG_DEBUG, "GuildWars version 216.107.245.50: found.\n"); 63 | ipoque_int_guildwars_add_connection(ipoque_struct); 64 | return; 65 | } 66 | 67 | IPQ_LOG(IPOQUE_PROTOCOL_GUILDWARS, ipoque_struct, IPQ_LOG_DEBUG, "exclude guildwars.\n"); 68 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_GUILDWARS); 69 | } 70 | 71 | #endif 72 | -------------------------------------------------------------------------------- /src/lib/protocols/halflife2_and_mods.c: -------------------------------------------------------------------------------- 1 | /* 2 | * halflife2_and_mods.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_HALFLIFE2 26 | 27 | 28 | static void ipoque_int_halflife2_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_HALFLIFE2, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | void ipoque_search_halflife2(struct ipoque_detection_module_struct *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src=ipoque_struct->src; 39 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 40 | 41 | if (flow->l4.udp.halflife2_stage == 0) { 42 | if (packet->payload_packet_len >= 20 43 | && get_u32(packet->payload, 0) == 0xFFFFFFFF 44 | && get_u32(packet->payload, packet->payload_packet_len - 4) == htonl(0x30303000)) { 45 | flow->l4.udp.halflife2_stage = 1 + packet->packet_direction; 46 | IPQ_LOG(IPOQUE_PROTOCOL_HALFLIFE2, ipoque_struct, IPQ_LOG_DEBUG, 47 | "halflife2 client req detected, waiting for server reply\n"); 48 | return; 49 | } 50 | } else if (flow->l4.udp.halflife2_stage == 2 - packet->packet_direction) { 51 | if (packet->payload_packet_len >= 20 52 | && get_u32(packet->payload, 0) == 0xFFFFFFFF 53 | && get_u32(packet->payload, packet->payload_packet_len - 4) == htonl(0x30303000)) { 54 | ipoque_int_halflife2_add_connection(ipoque_struct); 55 | IPQ_LOG(IPOQUE_PROTOCOL_HALFLIFE2, ipoque_struct, IPQ_LOG_DEBUG, "halflife2 server reply detected\n"); 56 | return; 57 | } 58 | } 59 | 60 | 61 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_HALFLIFE2); 62 | } 63 | 64 | #endif 65 | -------------------------------------------------------------------------------- /src/lib/protocols/http_activesync.c: -------------------------------------------------------------------------------- 1 | /* 2 | * http_activesync.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | #include "ipq_protocols.h" 26 | #ifdef IPOQUE_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 27 | static void ipoque_int_activesync_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, IPOQUE_CORRELATED_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_activesync(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | if (packet->tcp != NULL) { 38 | 39 | if (packet->payload_packet_len > 150 40 | && ((memcmp(packet->payload, "OPTIONS /Microsoft-Server-ActiveSync?", 37) == 0) 41 | || (memcmp(packet->payload, "POST /Microsoft-Server-ActiveSync?", 34) == 0))) { 42 | ipoque_int_activesync_add_connection(ipoque_struct); 43 | IPQ_LOG(IPOQUE_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, ipoque_struct, IPQ_LOG_DEBUG, 44 | " flow marked as ActiveSync \n"); 45 | return; 46 | } 47 | } 48 | 49 | IPQ_LOG(IPOQUE_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, ipoque_struct, IPQ_LOG_DEBUG, "exclude activesync\n"); 50 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC); 51 | 52 | } 53 | #endif 54 | -------------------------------------------------------------------------------- /src/lib/protocols/kerberos.c: -------------------------------------------------------------------------------- 1 | /* 2 | * kerberos.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | /* include files */ 26 | 27 | #include "ipq_protocols.h" 28 | #ifdef IPOQUE_PROTOCOL_KERBEROS 29 | 30 | static void ipoque_int_kerberos_add_connection(struct ipoque_detection_module_struct 31 | *ipoque_struct) 32 | { 33 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_KERBEROS, IPOQUE_REAL_PROTOCOL); 34 | } 35 | 36 | 37 | void ipoque_search_kerberos(struct ipoque_detection_module_struct 38 | *ipoque_struct) 39 | { 40 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 41 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 42 | // struct ipoque_id_struct *src=ipoque_struct->src; 43 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 44 | 45 | 46 | /* I have observed 0a,0c,0d,0e at packet->payload[19/21], maybe there are other possibilities */ 47 | if (packet->payload_packet_len >= 4 && ntohl(get_u32(packet->payload, 0)) == packet->payload_packet_len - 4) { 48 | if (packet->payload_packet_len > 19 && 49 | packet->payload[14] == 0x05 && 50 | (packet->payload[19] == 0x0a || 51 | packet->payload[19] == 0x0c || packet->payload[19] == 0x0d || packet->payload[19] == 0x0e)) { 52 | IPQ_LOG(IPOQUE_PROTOCOL_KERBEROS, ipoque_struct, IPQ_LOG_DEBUG, "found KERBEROS\n"); 53 | ipoque_int_kerberos_add_connection(ipoque_struct); 54 | return; 55 | 56 | } 57 | if (packet->payload_packet_len > 21 && 58 | packet->payload[16] == 0x05 && 59 | (packet->payload[21] == 0x0a || 60 | packet->payload[21] == 0x0c || packet->payload[21] == 0x0d || packet->payload[21] == 0x0e)) { 61 | IPQ_LOG(IPOQUE_PROTOCOL_KERBEROS, ipoque_struct, IPQ_LOG_DEBUG, "found KERBEROS\n"); 62 | ipoque_int_kerberos_add_connection(ipoque_struct); 63 | return; 64 | 65 | } 66 | 67 | 68 | 69 | } 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | IPQ_LOG(IPOQUE_PROTOCOL_KERBEROS, ipoque_struct, IPQ_LOG_DEBUG, "no KERBEROS detected.\n"); 79 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_KERBEROS); 80 | } 81 | 82 | #endif 83 | -------------------------------------------------------------------------------- /src/lib/protocols/kontiki.c: -------------------------------------------------------------------------------- 1 | /* 2 | * kontiki.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_KONTIKI 26 | 27 | static void ipoque_int_kontiki_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_KONTIKI, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_kontiki(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | // struct ipoque_id_struct *src=ipoque_struct->src; 38 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 39 | 40 | 41 | if (packet->payload_packet_len == 4 && (get_u32(packet->payload, 0) == htonl(0x02010100))) { 42 | IPQ_LOG(IPOQUE_PROTOCOL_KONTIKI, ipoque_struct, IPQ_LOG_DEBUG, "Kontiki UDP detected.\n"); 43 | ipoque_int_kontiki_add_connection(ipoque_struct); 44 | return; 45 | } 46 | if (packet->payload_packet_len > 0 && packet->payload[0] == 0x02) { 47 | 48 | if (packet->payload_packet_len == 20 && (get_u32(packet->payload, 16) == htonl(0x02040100))) { 49 | IPQ_LOG(IPOQUE_PROTOCOL_KONTIKI, ipoque_struct, IPQ_LOG_DEBUG, "Kontiki UDP detected.\n"); 50 | ipoque_int_kontiki_add_connection(ipoque_struct); 51 | return; 52 | } 53 | if (packet->payload_packet_len == 16 && (get_u32(packet->payload, 12) == htonl(0x000004e4))) { 54 | IPQ_LOG(IPOQUE_PROTOCOL_KONTIKI, ipoque_struct, IPQ_LOG_DEBUG, "Kontiki UDP detected.\n"); 55 | ipoque_int_kontiki_add_connection(ipoque_struct); 56 | return; 57 | } 58 | } 59 | 60 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_KONTIKI); 61 | } 62 | 63 | #endif 64 | -------------------------------------------------------------------------------- /src/lib/protocols/mms.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mms.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | 26 | #ifdef IPOQUE_PROTOCOL_MMS 27 | 28 | 29 | static void ipoque_int_mms_add_connection(struct ipoque_detection_module_struct 30 | *ipoque_struct) 31 | { 32 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_MMS, IPOQUE_REAL_PROTOCOL); 33 | } 34 | 35 | 36 | void ipoque_search_mms_tcp(struct ipoque_detection_module_struct *ipoque_struct) 37 | { 38 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 39 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 40 | // struct ipoque_id_struct *src=ipoque_struct->src; 41 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 42 | 43 | 44 | /* search MSMMS packets */ 45 | if (packet->payload_packet_len >= 20) { 46 | 47 | if (flow->l4.tcp.mms_stage == 0 && packet->payload[4] == 0xce 48 | && packet->payload[5] == 0xfa && packet->payload[6] == 0x0b 49 | && packet->payload[7] == 0xb0 && packet->payload[12] == 0x4d 50 | && packet->payload[13] == 0x4d && packet->payload[14] == 0x53 && packet->payload[15] == 0x20) { 51 | IPQ_LOG(IPOQUE_PROTOCOL_MMS, ipoque_struct, IPQ_LOG_DEBUG, "MMS: MSMMS Request found \n"); 52 | flow->l4.tcp.mms_stage = 1 + packet->packet_direction; 53 | return; 54 | } 55 | 56 | if (flow->l4.tcp.mms_stage == 2 - packet->packet_direction 57 | && packet->payload[4] == 0xce && packet->payload[5] == 0xfa 58 | && packet->payload[6] == 0x0b && packet->payload[7] == 0xb0 59 | && packet->payload[12] == 0x4d && packet->payload[13] == 0x4d 60 | && packet->payload[14] == 0x53 && packet->payload[15] == 0x20) { 61 | IPQ_LOG(IPOQUE_PROTOCOL_MMS, ipoque_struct, IPQ_LOG_DEBUG, "MMS: MSMMS Response found \n"); 62 | ipoque_int_mms_add_connection(ipoque_struct); 63 | return; 64 | } 65 | } 66 | #ifdef IPOQUE_PROTOCOL_HTTP 67 | if (IPOQUE_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_HTTP) != 0) { 68 | #endif /* IPOQUE_PROTOCOL_HTTP */ 69 | IPQ_LOG(IPOQUE_PROTOCOL_MMS, ipoque_struct, IPQ_LOG_DEBUG, "MMS: exclude\n"); 70 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_MMS); 71 | 72 | #ifdef IPOQUE_PROTOCOL_HTTP 73 | } else { 74 | IPQ_LOG(IPOQUE_PROTOCOL_MMS, ipoque_struct, IPQ_LOG_DEBUG, "MMS avoid early exclude from http\n"); 75 | } 76 | #endif /* IPOQUE_PROTOCOL_HTTP */ 77 | 78 | } 79 | #endif 80 | -------------------------------------------------------------------------------- /src/lib/protocols/mssql.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mssql.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | /* include files */ 26 | 27 | #include "ipq_protocols.h" 28 | #ifdef IPOQUE_PROTOCOL_MSSQL 29 | 30 | static void ipoque_int_mssql_add_connection(struct ipoque_detection_module_struct 31 | *ipoque_struct) 32 | { 33 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_MSSQL, IPOQUE_REAL_PROTOCOL); 34 | } 35 | 36 | void ipoque_search_mssql(struct ipoque_detection_module_struct 37 | *ipoque_struct) 38 | { 39 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 40 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 41 | 42 | 43 | 44 | IPQ_LOG(IPOQUE_PROTOCOL_MSSQL, ipoque_struct, IPQ_LOG_DEBUG, "search mssql.\n"); 45 | 46 | 47 | if (packet->payload_packet_len > 51 && ntohs(get_u32(packet->payload, 0)) == 0x1201 48 | && ntohs(get_u16(packet->payload, 2)) == packet->payload_packet_len 49 | && ntohl(get_u32(packet->payload, 4)) == 0x00000100 && memcmp(&packet->payload[41], "sqlexpress", 10) == 0) { 50 | IPQ_LOG(IPOQUE_PROTOCOL_MSSQL, ipoque_struct, IPQ_LOG_DEBUG, "found mssql.\n"); 51 | ipoque_int_mssql_add_connection(ipoque_struct); 52 | return; 53 | } 54 | 55 | 56 | IPQ_LOG(IPOQUE_PROTOCOL_MSSQL, ipoque_struct, IPQ_LOG_DEBUG, "exclude mssql.\n"); 57 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_MSSQL); 58 | } 59 | #endif 60 | -------------------------------------------------------------------------------- /src/lib/protocols/mysql.c: -------------------------------------------------------------------------------- 1 | /* 2 | * mysql.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_MYSQL 26 | 27 | static void ipoque_int_mysql_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_MYSQL, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_mysql_tcp(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | // struct ipoque_id_struct *src=ipoque_struct->src; 38 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 39 | 40 | if (packet->payload_packet_len > 37 //min length 41 | && get_u16(packet->payload, 0) == packet->payload_packet_len - 4 //first 3 bytes are length 42 | && get_u8(packet->payload, 2) == 0x00 //3rd byte of packet length 43 | && get_u8(packet->payload, 3) == 0x00 //packet sequence number is 0 for startup packet 44 | && get_u8(packet->payload, 5) > 0x30 //server version > 0 45 | && get_u8(packet->payload, 5) < 0x37 //server version < 7 46 | && get_u8(packet->payload, 6) == 0x2e //dot 47 | ) { 48 | u32 a; 49 | for (a = 7; a + 31 < packet->payload_packet_len; a++) { 50 | if (packet->payload[a] == 0x00) { 51 | if (get_u8(packet->payload, a + 13) == 0x00 //filler byte 52 | && get_u64(packet->payload, a + 19) == 0x0ULL //13 more 53 | && get_u32(packet->payload, a + 27) == 0x0 //filler bytes 54 | && get_u8(packet->payload, a + 31) == 0x0) { 55 | IPQ_LOG(IPOQUE_PROTOCOL_MYSQL, ipoque_struct, IPQ_LOG_DEBUG, "MySQL detected.\n"); 56 | ipoque_int_mysql_add_connection(ipoque_struct); 57 | return; 58 | } 59 | break; 60 | } 61 | } 62 | } 63 | 64 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_MYSQL); 65 | 66 | } 67 | 68 | #endif 69 | -------------------------------------------------------------------------------- /src/lib/protocols/nfs.c: -------------------------------------------------------------------------------- 1 | /* 2 | * nfs.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_NFS 26 | 27 | static void ipoque_int_nfs_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_NFS, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_nfs(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | // struct ipoque_id_struct *src=ipoque_struct->src; 38 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 39 | 40 | u8 offset = 0; 41 | if (packet->tcp != NULL) 42 | offset = 4; 43 | 44 | if (packet->payload_packet_len < (40 + offset)) 45 | goto exclude_nfs; 46 | 47 | IPQ_LOG(IPOQUE_PROTOCOL_NFS, ipoque_struct, IPQ_LOG_DEBUG, "NFS user match stage 1\n"); 48 | 49 | 50 | if (offset != 0 && get_u32(packet->payload, 0) != htonl(0x80000000 + packet->payload_packet_len - 4)) 51 | goto exclude_nfs; 52 | 53 | IPQ_LOG(IPOQUE_PROTOCOL_NFS, ipoque_struct, IPQ_LOG_DEBUG, "NFS user match stage 2\n"); 54 | 55 | if (get_u32(packet->payload, 4 + offset) != 0) 56 | goto exclude_nfs; 57 | 58 | IPQ_LOG(IPOQUE_PROTOCOL_NFS, ipoque_struct, IPQ_LOG_DEBUG, "NFS user match stage 3\n"); 59 | 60 | if (get_u32(packet->payload, 8 + offset) != htonl(0x02)) 61 | goto exclude_nfs; 62 | 63 | IPQ_LOG(IPOQUE_PROTOCOL_NFS, ipoque_struct, IPQ_LOG_DEBUG, "NFS match stage 3\n"); 64 | 65 | if (get_u32(packet->payload, 12 + offset) != htonl(0x000186a5) 66 | && get_u32(packet->payload, 12 + offset) != htonl(0x000186a3) 67 | && get_u32(packet->payload, 12 + offset) != htonl(0x000186a0)) 68 | goto exclude_nfs; 69 | 70 | IPQ_LOG(IPOQUE_PROTOCOL_NFS, ipoque_struct, IPQ_LOG_DEBUG, "NFS match stage 4\n"); 71 | 72 | if (ntohl(get_u32(packet->payload, 16 + offset)) > 4) 73 | goto exclude_nfs; 74 | 75 | IPQ_LOG(IPOQUE_PROTOCOL_NFS, ipoque_struct, IPQ_LOG_DEBUG, "NFS match\n"); 76 | 77 | ipoque_int_nfs_add_connection(ipoque_struct); 78 | return; 79 | 80 | exclude_nfs: 81 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_NFS); 82 | } 83 | 84 | #endif 85 | -------------------------------------------------------------------------------- /src/lib/protocols/ntp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * ntp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_NTP 26 | 27 | static void ipoque_int_ntp_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_NTP, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | /* detection also works asymmetrically */ 34 | 35 | void ipoque_search_ntp_udp(struct ipoque_detection_module_struct *ipoque_struct) 36 | { 37 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 38 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 39 | // struct ipoque_id_struct *src=ipoque_struct->src; 40 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 41 | 42 | if (!(packet->udp->dest == htons(123) || packet->udp->source == htons(123))) 43 | goto exclude_ntp; 44 | 45 | IPQ_LOG(IPOQUE_PROTOCOL_NTP, ipoque_struct, IPQ_LOG_DEBUG, "NTP port detected\n"); 46 | 47 | if (packet->payload_packet_len != 48) 48 | goto exclude_ntp; 49 | 50 | IPQ_LOG(IPOQUE_PROTOCOL_NTP, ipoque_struct, IPQ_LOG_DEBUG, "NTP length detected\n"); 51 | 52 | 53 | if ((((packet->payload[0] & 0x38) >> 3) <= 4)) { 54 | IPQ_LOG(IPOQUE_PROTOCOL_NTP, ipoque_struct, IPQ_LOG_DEBUG, "detected NTP."); 55 | ipoque_int_ntp_add_connection(ipoque_struct); 56 | return; 57 | } 58 | 59 | 60 | 61 | exclude_ntp: 62 | IPQ_LOG(IPOQUE_PROTOCOL_NTP, ipoque_struct, IPQ_LOG_DEBUG, "NTP excluded.\n"); 63 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_NTP); 64 | } 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /src/lib/protocols/openft.c: -------------------------------------------------------------------------------- 1 | /* 2 | * openft.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_OPENFT 26 | 27 | static void ipoque_int_openft_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_OPENFT, IPOQUE_CORRELATED_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_openft_tcp(struct ipoque_detection_module_struct 34 | *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src=ipoque_struct->src; 39 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 40 | 41 | if (packet->payload_packet_len > 5 && memcmp(packet->payload, "GET /", 5) == 0) { 42 | IPQ_LOG(IPOQUE_PROTOCOL_OPENFT, ipoque_struct, IPQ_LOG_DEBUG, "HTTP packet detected.\n"); 43 | ipq_parse_packet_line_info(ipoque_struct); 44 | if (packet->parsed_lines >= 2 45 | && packet->line[1].len > 13 && ipq_mem_cmp(packet->line[1].ptr, "X-OpenftAlias:", 14) == 0) { 46 | IPQ_LOG(IPOQUE_PROTOCOL_OPENFT, ipoque_struct, IPQ_LOG_DEBUG, "OpenFT detected.\n"); 47 | ipoque_int_openft_add_connection(ipoque_struct); 48 | return; 49 | } 50 | } 51 | 52 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_OPENFT); 53 | } 54 | #endif 55 | -------------------------------------------------------------------------------- /src/lib/protocols/pcanywhere.c: -------------------------------------------------------------------------------- 1 | /* 2 | * pcanywhere.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_PCANYWHERE 26 | 27 | static void ipoque_int_pcanywhere_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_PCANYWHERE, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_pcanywhere(struct ipoque_detection_module_struct 34 | *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src=ipoque_struct->src; 39 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 40 | 41 | if (packet->udp != NULL && packet->udp->dest == htons(5632) 42 | && packet->payload_packet_len == 2 43 | && (ipq_mem_cmp(packet->payload, "NQ", 2) == 0 || ipq_mem_cmp(packet->payload, "ST", 2) == 0)) { 44 | IPQ_LOG(IPOQUE_PROTOCOL_PCANYWHERE, ipoque_struct, IPQ_LOG_DEBUG, 45 | "PC Anywhere name or status query detected.\n"); 46 | ipoque_int_pcanywhere_add_connection(ipoque_struct); 47 | return; 48 | } 49 | 50 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_PCANYWHERE); 51 | } 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /src/lib/protocols/pptp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * pptp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | /* include files */ 26 | 27 | #include "ipq_protocols.h" 28 | #ifdef IPOQUE_PROTOCOL_PPTP 29 | 30 | static void ipoque_int_pptp_add_connection(struct ipoque_detection_module_struct 31 | *ipoque_struct) 32 | { 33 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_PPTP, IPOQUE_REAL_PROTOCOL); 34 | } 35 | 36 | void ipoque_search_pptp(struct ipoque_detection_module_struct 37 | *ipoque_struct) 38 | { 39 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 40 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 41 | 42 | // struct ipoque_id_struct *src=ipoque_struct->src; 43 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 44 | 45 | if (packet->payload_packet_len >= 10 && get_u16(packet->payload, 0) == htons(packet->payload_packet_len) 46 | && get_u16(packet->payload, 2) == htons(0x0001) /* message type: control message */ 47 | &&get_u32(packet->payload, 4) == htonl(0x1a2b3c4d) /* cookie: correct */ 48 | &&(get_u16(packet->payload, 8) == htons(0x0001) /* control type: start-control-connection-request */ 49 | )) { 50 | 51 | IPQ_LOG(IPOQUE_PROTOCOL_PPTP, ipoque_struct, IPQ_LOG_DEBUG, "found pptp.\n"); 52 | ipoque_int_pptp_add_connection(ipoque_struct); 53 | return; 54 | } 55 | 56 | IPQ_LOG(IPOQUE_PROTOCOL_PPTP, ipoque_struct, IPQ_LOG_DEBUG, "exclude pptp.\n"); 57 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_PPTP); 58 | } 59 | #endif 60 | -------------------------------------------------------------------------------- /src/lib/protocols/rdp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * rdp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_RDP 26 | 27 | static void ipoque_int_rdp_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_RDP, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_rdp(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | // struct ipoque_id_struct *src=ipoque_struct->src; 38 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 39 | 40 | if (packet->payload_packet_len > 10 41 | && get_u8(packet->payload, 0) > 0 42 | && get_u8(packet->payload, 0) < 4 && get_u16(packet->payload, 2) == ntohs(packet->payload_packet_len) 43 | && get_u8(packet->payload, 4) == packet->payload_packet_len - 5 44 | && get_u8(packet->payload, 5) == 0xe0 45 | && get_u16(packet->payload, 6) == 0 && get_u16(packet->payload, 8) == 0 && get_u8(packet->payload, 10) == 0) { 46 | IPQ_LOG(IPOQUE_PROTOCOL_RDP, ipoque_struct, IPQ_LOG_DEBUG, "RDP detected.\n"); 47 | ipoque_int_rdp_add_connection(ipoque_struct); 48 | return; 49 | } 50 | 51 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_RDP); 52 | } 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /src/lib/protocols/smb.c: -------------------------------------------------------------------------------- 1 | /* 2 | * smb.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_SMB 26 | 27 | static void ipoque_int_smb_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_SMB, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_smb_tcp(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | // struct ipoque_id_struct *src=ipoque_struct->src; 38 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 39 | 40 | IPQ_LOG(IPOQUE_PROTOCOL_SMB, ipoque_struct, IPQ_LOG_DEBUG, "search SMB.\n"); 41 | 42 | 43 | if (packet->tcp->dest == htons(445) 44 | && packet->payload_packet_len > (32 + 4 + 4) 45 | && (packet->payload_packet_len - 4) == ntohl(get_u32(packet->payload, 0)) 46 | && get_u32(packet->payload, 4) == htonl(0xff534d42)) { 47 | IPQ_LOG(IPOQUE_PROTOCOL_SMB, ipoque_struct, IPQ_LOG_DEBUG, "found SMB.\n"); 48 | ipoque_int_smb_add_connection(ipoque_struct); 49 | return; 50 | 51 | } 52 | 53 | 54 | IPQ_LOG(IPOQUE_PROTOCOL_SMB, ipoque_struct, IPQ_LOG_DEBUG, "exclude SMB.\n"); 55 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_SMB); 56 | } 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /src/lib/protocols/socrates.c: -------------------------------------------------------------------------------- 1 | /* 2 | * socrates.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_SOCRATES 26 | 27 | 28 | static void ipoque_socrates_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_SOCRATES, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | void ipoque_search_socrates(struct ipoque_detection_module_struct 35 | *ipoque_struct) 36 | { 37 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 38 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 39 | // struct ipoque_id_struct *src=ipoque_struct->src; 40 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 41 | 42 | 43 | 44 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "search socrates.\n"); 45 | if (packet->udp != NULL) { 46 | if (packet->payload_packet_len > 9 && packet->payload[0] == 0xfe 47 | && packet->payload[packet->payload_packet_len - 1] == 0x05) { 48 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "found fe.\n"); 49 | 50 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "len match.\n"); 51 | if (memcmp(&packet->payload[2], "socrates", 8) == 0) { 52 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "found socrates udp.\n"); 53 | ipoque_socrates_add_connection(ipoque_struct); 54 | } 55 | 56 | } 57 | } else if (packet->tcp != NULL) { 58 | if (packet->payload_packet_len > 13 && packet->payload[0] == 0xfe 59 | && packet->payload[packet->payload_packet_len - 1] == 0x05) { 60 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "found fe.\n"); 61 | if (packet->payload_packet_len == ntohl(get_u32(packet->payload, 2))) { 62 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "len match.\n"); 63 | if (memcmp(&packet->payload[6], "socrates", 8) == 0) { 64 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "found socrates tcp.\n"); 65 | ipoque_socrates_add_connection(ipoque_struct); 66 | } 67 | } 68 | } 69 | } 70 | 71 | 72 | 73 | 74 | IPQ_LOG(IPOQUE_PROTOCOL_SOCRATES, ipoque_struct, IPQ_LOG_DEBUG, "exclude socrates.\n"); 75 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_SOCRATES); 76 | } 77 | 78 | #endif 79 | -------------------------------------------------------------------------------- /src/lib/protocols/ssdp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * ssdp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_SSDP 26 | 27 | 28 | static void ipoque_int_ssdp_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_SSDP, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | /* this detection also works asymmetrically */ 35 | void ipoque_search_ssdp(struct ipoque_detection_module_struct *ipoque_struct) 36 | { 37 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 38 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 39 | // struct ipoque_id_struct *src=ipoque_struct->src; 40 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 41 | 42 | IPQ_LOG(IPOQUE_PROTOCOL_SSDP, ipoque_struct, IPQ_LOG_DEBUG, "search ssdp.\n"); 43 | if (packet->udp != NULL) { 44 | 45 | if (packet->payload_packet_len > 100) { 46 | if ((memcmp(packet->payload, "M-SEARCH * HTTP/1.1", 19) == 0) 47 | || memcmp(packet->payload, "NOTIFY * HTTP/1.1", 17) == 0) { 48 | 49 | 50 | IPQ_LOG(IPOQUE_PROTOCOL_SSDP, ipoque_struct, IPQ_LOG_DEBUG, "found ssdp.\n"); 51 | ipoque_int_ssdp_add_connection(ipoque_struct); 52 | return; 53 | } 54 | } 55 | } 56 | 57 | IPQ_LOG(IPOQUE_PROTOCOL_SSDP, ipoque_struct, IPQ_LOG_DEBUG, "ssdp excluded.\n"); 58 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_SSDP); 59 | } 60 | 61 | #endif 62 | -------------------------------------------------------------------------------- /src/lib/protocols/ssh.c: -------------------------------------------------------------------------------- 1 | /* 2 | * ssh.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_SSH 26 | 27 | static void ipoque_int_ssh_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_SSH, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_ssh_tcp(struct ipoque_detection_module_struct *ipoque_struct) 34 | { 35 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 36 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 37 | // struct ipoque_id_struct *src=ipoque_struct->src; 38 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 39 | 40 | 41 | 42 | if (flow->l4.tcp.ssh_stage == 0) { 43 | if (packet->payload_packet_len > 7 && packet->payload_packet_len < 100 44 | && memcmp(packet->payload, "SSH-", 4) == 0) { 45 | IPQ_LOG(IPOQUE_PROTOCOL_SSH, ipoque_struct, IPQ_LOG_DEBUG, "ssh stage 0 passed\n"); 46 | flow->l4.tcp.ssh_stage = 1 + packet->packet_direction; 47 | return; 48 | } 49 | } else if (flow->l4.tcp.ssh_stage == (2 - packet->packet_direction)) { 50 | if (packet->payload_packet_len > 7 && packet->payload_packet_len < 100 51 | && memcmp(packet->payload, "SSH-", 4) == 0) { 52 | IPQ_LOG(IPOQUE_PROTOCOL_SSH, ipoque_struct, IPQ_LOG_DEBUG, "found ssh\n"); 53 | ipoque_int_ssh_add_connection(ipoque_struct); 54 | return; 55 | 56 | } 57 | 58 | 59 | } 60 | 61 | IPQ_LOG(IPOQUE_PROTOCOL_SSH, ipoque_struct, IPQ_LOG_DEBUG, "excluding ssh at stage %d\n", flow->l4.tcp.ssh_stage); 62 | 63 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_SSH); 64 | } 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /src/lib/protocols/stealthnet.c: -------------------------------------------------------------------------------- 1 | /* 2 | * stealthnet.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | 26 | #ifdef IPOQUE_PROTOCOL_STEALTHNET 27 | 28 | 29 | static void ipoque_int_stealthnet_add_connection(struct ipoque_detection_module_struct 30 | *ipoque_struct) 31 | { 32 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_STEALTHNET, IPOQUE_REAL_PROTOCOL); 33 | } 34 | 35 | void ipoque_search_stealthnet(struct ipoque_detection_module_struct 36 | *ipoque_struct) 37 | { 38 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 39 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 40 | 41 | // struct ipoque_id_struct *src = ipoque_struct->src; 42 | // struct ipoque_id_struct *dst = ipoque_struct->dst; 43 | 44 | 45 | if (packet->payload_packet_len > 40 46 | && memcmp(packet->payload, "LARS REGENSBURGER'S FILE SHARING PROTOCOL", 41) == 0) { 47 | IPQ_LOG(IPOQUE_PROTOCOL_STEALTHNET, ipoque_struct, IPQ_LOG_DEBUG, "found stealthnet\n"); 48 | ipoque_int_stealthnet_add_connection(ipoque_struct); 49 | return; 50 | } 51 | 52 | IPQ_LOG(IPOQUE_PROTOCOL_STEALTHNET, ipoque_struct, IPQ_LOG_DEBUG, "exclude stealthnet.\n"); 53 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_STEALTHNET); 54 | 55 | } 56 | #endif 57 | -------------------------------------------------------------------------------- /src/lib/protocols/steam.c: -------------------------------------------------------------------------------- 1 | /* 2 | * steam.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_STEAM 26 | 27 | 28 | static void ipoque_int_steam_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_STEAM, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | void ipoque_search_steam(struct ipoque_detection_module_struct *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src=ipoque_struct->src; 39 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 40 | 41 | if (flow->l4.tcp.steam_stage == 0) { 42 | if (packet->payload_packet_len == 4 43 | && ntohl(get_u32(packet->payload, 0)) <= 0x07 44 | && ntohs(packet->tcp->dest) >= 27030 && ntohs(packet->tcp->dest) <= 27040) { 45 | flow->l4.tcp.steam_stage = 1 + packet->packet_direction; 46 | IPQ_LOG(IPOQUE_PROTOCOL_STEAM, ipoque_struct, IPQ_LOG_DEBUG, "steam stage 1\n"); 47 | return; 48 | } 49 | 50 | } else if (flow->l4.tcp.steam_stage == 2 - packet->packet_direction) { 51 | if ((packet->payload_packet_len == 1 || packet->payload_packet_len == 5) 52 | && packet->payload[0] == 0x01) { 53 | ipoque_int_steam_add_connection(ipoque_struct); 54 | IPQ_LOG(IPOQUE_PROTOCOL_STEAM, ipoque_struct, IPQ_LOG_DEBUG, "steam detected\n"); 55 | return; 56 | } 57 | } 58 | 59 | IPQ_LOG(IPOQUE_PROTOCOL_STEAM, ipoque_struct, IPQ_LOG_DEBUG, "steam excluded.\n"); 60 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_STEAM); 61 | } 62 | 63 | #endif 64 | -------------------------------------------------------------------------------- /src/lib/protocols/tds.c: -------------------------------------------------------------------------------- 1 | /* 2 | * tds.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_TDS 26 | 27 | static void ipoque_int_tds_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_TDS, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_tds_tcp(struct ipoque_detection_module_struct 34 | *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src=ipoque_struct->src; 39 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 40 | 41 | if (packet->payload_packet_len > 8 42 | && packet->payload_packet_len < 512 43 | && packet->payload[1] < 0x02 44 | && ntohs(get_u16(packet->payload, 2)) == packet->payload_packet_len && get_u16(packet->payload, 4) == 0x0000) { 45 | 46 | if (flow->l4.tcp.tds_stage == 0) { 47 | if (packet->payload[0] != 0x02 && packet->payload[0] != 0x07 && packet->payload[0] != 0x12) { 48 | goto exclude_tds; 49 | } else { 50 | flow->l4.tcp.tds_stage = 1 + packet->packet_direction; 51 | flow->l4.tcp.tds_login_version = packet->payload[0]; 52 | return; 53 | } 54 | } else if (flow->l4.tcp.tds_stage == 2 - packet->packet_direction) { 55 | switch (flow->l4.tcp.tds_login_version) { 56 | case 0x12: 57 | if (packet->payload[0] == 0x04) { 58 | flow->l4.tcp.tds_stage = 3 + packet->packet_direction; 59 | return; 60 | } else { 61 | goto exclude_tds; 62 | } 63 | //TODO: add more cases for other versions 64 | default: 65 | goto exclude_tds; 66 | } 67 | } else if (flow->l4.tcp.tds_stage == 4 - packet->packet_direction) { 68 | switch (flow->l4.tcp.tds_login_version) { 69 | case 0x12: 70 | if (packet->payload[0] == 0x12) { 71 | IPQ_LOG(IPOQUE_PROTOCOL_TDS, ipoque_struct, IPQ_LOG_DEBUG, "TDS detected\n"); 72 | ipoque_int_tds_add_connection(ipoque_struct); 73 | return; 74 | } else { 75 | goto exclude_tds; 76 | } 77 | //TODO: add more cases for other versions 78 | default: 79 | goto exclude_tds; 80 | } 81 | } 82 | } 83 | 84 | exclude_tds: 85 | 86 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_TDS); 87 | } 88 | 89 | #endif 90 | -------------------------------------------------------------------------------- /src/lib/protocols/tftp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * tftp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_TFTP 26 | 27 | static void ipoque_int_tftp_add_connection(struct ipoque_detection_module_struct 28 | *ipoque_struct) 29 | { 30 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_TFTP, IPOQUE_REAL_PROTOCOL); 31 | } 32 | 33 | void ipoque_search_tftp(struct ipoque_detection_module_struct 34 | *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | 39 | 40 | 41 | IPQ_LOG(IPOQUE_PROTOCOL_TFTP, ipoque_struct, IPQ_LOG_DEBUG, "search TFTP.\n"); 42 | 43 | 44 | 45 | if (packet->payload_packet_len > 3 && flow->l4.udp.tftp_stage == 0 46 | && ntohl(get_u32(packet->payload, 0)) == 0x00030001) { 47 | IPQ_LOG(IPOQUE_PROTOCOL_TFTP, ipoque_struct, IPQ_LOG_DEBUG, "maybe tftp. need next packet.\n"); 48 | flow->l4.udp.tftp_stage = 1; 49 | return; 50 | } 51 | if (packet->payload_packet_len > 3 && (flow->l4.udp.tftp_stage == 1) 52 | && ntohl(get_u32(packet->payload, 0)) == 0x00040001) { 53 | 54 | IPQ_LOG(IPOQUE_PROTOCOL_TFTP, ipoque_struct, IPQ_LOG_DEBUG, "found tftp.\n"); 55 | ipoque_int_tftp_add_connection(ipoque_struct); 56 | return; 57 | } 58 | if (packet->payload_packet_len > 1 59 | && ((packet->payload[0] == 0 && packet->payload[packet->payload_packet_len - 1] == 0) 60 | || (packet->payload_packet_len == 4 && ntohl(get_u32(packet->payload, 0)) == 0x00040000))) { 61 | IPQ_LOG(IPOQUE_PROTOCOL_TFTP, ipoque_struct, IPQ_LOG_DEBUG, "skip initial packet.\n"); 62 | return; 63 | } 64 | 65 | IPQ_LOG(IPOQUE_PROTOCOL_TFTP, ipoque_struct, IPQ_LOG_DEBUG, "exclude TFTP.\n"); 66 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_TFTP); 67 | } 68 | #endif 69 | -------------------------------------------------------------------------------- /src/lib/protocols/vnc.c: -------------------------------------------------------------------------------- 1 | /* 2 | * vnc.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | 26 | #ifdef IPOQUE_PROTOCOL_VNC 27 | 28 | static void ipoque_int_vnc_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_VNC, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | /* 35 | return 0 if nothing has been detected 36 | return 1 if it is a http packet 37 | */ 38 | 39 | void ipoque_search_vnc_tcp(struct ipoque_detection_module_struct *ipoque_struct) 40 | { 41 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 42 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 43 | // struct ipoque_id_struct *src=ipoque_struct->src; 44 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 45 | 46 | 47 | if (flow->l4.tcp.vnc_stage == 0) { 48 | if (packet->payload_packet_len == 12 49 | && memcmp(packet->payload, "RFB 003.00", 10) == 0 && packet->payload[11] == 0x0a) { 50 | IPQ_LOG(IPOQUE_PROTOCOL_POPO, ipoque_struct, IPQ_LOG_DEBUG, "reached vnc stage one\n"); 51 | flow->l4.tcp.vnc_stage = 1 + packet->packet_direction; 52 | return; 53 | } 54 | } else if (flow->l4.tcp.vnc_stage == 2 - packet->packet_direction) { 55 | if (packet->payload_packet_len == 12 56 | && memcmp(packet->payload, "RFB 003.00", 10) == 0 && packet->payload[11] == 0x0a) { 57 | IPQ_LOG(IPOQUE_PROTOCOL_VNC, ipoque_struct, IPQ_LOG_DEBUG, "found vnc\n"); 58 | ipoque_int_vnc_add_connection(ipoque_struct); 59 | return; 60 | } 61 | } 62 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_VNC); 63 | 64 | } 65 | #endif 66 | -------------------------------------------------------------------------------- /src/lib/protocols/world_of_kung_fu.c: -------------------------------------------------------------------------------- 1 | /* 2 | * world_of_kung_fu.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | 25 | /* include files */ 26 | #include "ipq_protocols.h" 27 | #ifdef IPOQUE_PROTOCOL_WORLD_OF_KUNG_FU 28 | 29 | static void ipoque_int_world_of_kung_fu_add_connection(struct ipoque_detection_module_struct *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_WORLD_OF_KUNG_FU, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | void ipoque_search_world_of_kung_fu(struct ipoque_detection_module_struct *ipoque_struct) 35 | { 36 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 37 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 38 | // struct ipoque_id_struct *src=ipoque_struct->src; 39 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 40 | 41 | IPQ_LOG(IPOQUE_PROTOCOL_WORLD_OF_KUNG_FU, ipoque_struct, IPQ_LOG_DEBUG, "search world_of_kung_fu.\n"); 42 | 43 | if ((packet->payload_packet_len == 16) 44 | && ntohl(get_u32(packet->payload, 0)) == 0x0c000000 && ntohl(get_u32(packet->payload, 4)) == 0xd2000c00 45 | && (packet->payload[9] 46 | == 0x16) && ntohs(get_u16(packet->payload, 10)) == 0x0000 && ntohs(get_u16(packet->payload, 14)) == 0x0000) { 47 | IPQ_LOG(IPOQUE_PROTOCOL_WORLD_OF_KUNG_FU, ipoque_struct, IPQ_LOG_DEBUG, "detected world_of_kung_fu.\n"); 48 | ipoque_int_world_of_kung_fu_add_connection(ipoque_struct); 49 | return; 50 | } 51 | 52 | IPQ_LOG(IPOQUE_PROTOCOL_WORLD_OF_KUNG_FU, ipoque_struct, IPQ_LOG_DEBUG, "exclude world_of_kung_fu.\n"); 53 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_WORLD_OF_KUNG_FU); 54 | } 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /src/lib/protocols/xdmcp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * xdmcp.c 3 | * Copyright (C) 2009-2011 by ipoque GmbH 4 | * 5 | * This file is part of OpenDPI, an open source deep packet inspection 6 | * library based on the PACE technology by ipoque GmbH 7 | * 8 | * OpenDPI is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * OpenDPI is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with OpenDPI. If not, see . 20 | * 21 | */ 22 | 23 | 24 | #include "ipq_protocols.h" 25 | #ifdef IPOQUE_PROTOCOL_XDMCP 26 | 27 | 28 | static void ipoque_int_xdmcp_add_connection(struct ipoque_detection_module_struct 29 | *ipoque_struct) 30 | { 31 | ipoque_int_add_connection(ipoque_struct, IPOQUE_PROTOCOL_XDMCP, IPOQUE_REAL_PROTOCOL); 32 | } 33 | 34 | void ipoque_search_xdmcp(struct ipoque_detection_module_struct 35 | *ipoque_struct) 36 | { 37 | struct ipoque_packet_struct *packet = &ipoque_struct->packet; 38 | struct ipoque_flow_struct *flow = ipoque_struct->flow; 39 | // struct ipoque_id_struct *src=ipoque_struct->src; 40 | // struct ipoque_id_struct *dst=ipoque_struct->dst; 41 | 42 | IPQ_LOG(IPOQUE_PROTOCOL_XDMCP, ipoque_struct, IPQ_LOG_DEBUG, "search xdmcp.\n"); 43 | 44 | if (packet->tcp != NULL && (ntohs(packet->tcp->dest) >= 6000 && ntohs(packet->tcp->dest) <= 6005) 45 | && packet->payload_packet_len == 48 46 | && packet->payload[0] == 0x6c && packet->payload[1] == 0x00 47 | && ntohs(get_u16(packet->payload, 6)) == 0x1200 && ntohs(get_u16(packet->payload, 8)) == 0x1000) { 48 | 49 | IPQ_LOG(IPOQUE_PROTOCOL_XDMCP, ipoque_struct, IPQ_LOG_DEBUG, "found xdmcp over tcp.\n"); 50 | ipoque_int_xdmcp_add_connection(ipoque_struct); 51 | return; 52 | } 53 | if (packet->udp != NULL && ntohs(packet->udp->dest) == 177 54 | && packet->payload_packet_len >= 6 && packet->payload_packet_len == 6 + ntohs(get_u16(packet->payload, 4)) 55 | && ntohs(get_u16(packet->payload, 0)) == 0x0001 && ntohs(get_u16(packet->payload, 2)) == 0x0002) { 56 | 57 | IPQ_LOG(IPOQUE_PROTOCOL_XDMCP, ipoque_struct, IPQ_LOG_DEBUG, "found xdmcp over udp.\n"); 58 | ipoque_int_xdmcp_add_connection(ipoque_struct); 59 | return; 60 | } 61 | 62 | 63 | IPQ_LOG(IPOQUE_PROTOCOL_XDMCP, ipoque_struct, IPQ_LOG_DEBUG, "exclude xdmcp.\n"); 64 | IPOQUE_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, IPOQUE_PROTOCOL_XDMCP); 65 | } 66 | 67 | #endif 68 | --------------------------------------------------------------------------------