本文整理汇总了C++中NDPI_ADD_PROTOCOL_TO_BITMASK函数的典型用法代码示例。如果您正苦于以下问题:C++ NDPI_ADD_PROTOCOL_TO_BITMASK函数的具体用法?C++ NDPI_ADD_PROTOCOL_TO_BITMASK怎么用?C++ NDPI_ADD_PROTOCOL_TO_BITMASK使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了NDPI_ADD_PROTOCOL_TO_BITMASK函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: ndpi_check_citrix
static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int32_t payload_len = packet->payload_packet_len;
#if 0
printf("[len=%u][%02X %02X %02X %02X]\n", payload_len,
packet->payload[0] & 0xFF,
packet->payload[1] & 0xFF,
packet->payload[2] & 0xFF,
packet->payload[3] & 0xFF);
#endif
if(packet->tcp != NULL) {
flow->l4.tcp.citrix_packet_id++;
if((flow->l4.tcp.citrix_packet_id == 3)
/* We have seen the 3-way handshake */
&& flow->l4.tcp.seen_syn
&& flow->l4.tcp.seen_syn_ack
&& flow->l4.tcp.seen_ack) {
if(payload_len == 6) {
char citrix_header[] = { 0x07, 0x07, 0x49, 0x43, 0x41, 0x00 };
if(memcmp(packet->payload, citrix_header, sizeof(citrix_header)) == 0) {
NDPI_LOG(NDPI_PROTOCOL_CITRIX, ndpi_struct, NDPI_LOG_DEBUG, "Found citrix.\n");
ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX, NDPI_REAL_PROTOCOL);
}
return;
} else if(payload_len > 4) {
char citrix_header[] = { 0x1a, 0x43, 0x47, 0x50, 0x2f, 0x30, 0x31 };
if((memcmp(packet->payload, citrix_header, sizeof(citrix_header)) == 0)
|| (ndpi_strnstr(packet->payload, "Citrix.TcpProxyService", payload_len) != NULL)) {
NDPI_LOG(NDPI_PROTOCOL_CITRIX, ndpi_struct, NDPI_LOG_DEBUG, "Found citrix.\n");
ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX, NDPI_REAL_PROTOCOL);
}
return;
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX);
} else if(flow->l4.tcp.citrix_packet_id > 3)
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX);
return;
}
}
开发者ID:BenjaminUJun,项目名称:slick,代码行数:50,代码来源:citrix.c
示例2: ndpi_search_collectd
void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int len = 0;
NDPI_LOG(NDPI_PROTOCOL_COLLECTD, ndpi_struct, NDPI_LOG_DEBUG, "search collectd.\n");
if (packet->udp == NULL) return;
while(len < packet->payload_packet_len) {
// u_int16_t elem_type = ntohs(*((u_int16_t*)&packet->payload[len]));
u_int16_t elem_len = ntohs(*((u_int16_t*)&packet->payload[len+2]));
if (elem_len == 0) break;
len += elem_len;
}
if(len == packet->payload_packet_len) {
NDPI_LOG(NDPI_PROTOCOL_COLLECTD, ndpi_struct, NDPI_LOG_DEBUG, "found COLLECTD.\n");
ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_COLLECTD, NDPI_REAL_PROTOCOL);
} else {
NDPI_LOG(NDPI_PROTOCOL_COLLECTD, ndpi_struct, NDPI_LOG_DEBUG, "exclude COLLECTD.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_COLLECTD);
}
}
开发者ID:T-NOVA,项目名称:vTC,代码行数:27,代码来源:collectd.c
示例3: ndpi_search_rtcp
void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int16_t dport = 0, sport = 0;
NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "search for RTCP.\n");
if(packet->tcp != NULL) {
sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over tcp.\n");
if(packet->payload_packet_len > 13 && (sport == 554 || dport == 554) &&
packet->payload[0] == 0x00 && packet->payload[1] == 0x00 &&
packet->payload[2] == 0x01 && packet->payload[3] == 0x01 &&
packet->payload[4] == 0x08 && packet->payload[5] == 0x0a &&
packet->payload[6] == 0x00 && packet->payload[7] == 0x01) {
NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "found rtcp.\n");
ndpi_int_rtcp_add_connection(ndpi_struct, flow);
}
} else if(packet->udp != NULL) {
sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest);
NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over udp.\n");
if(((packet->payload_packet_len >= 28 || packet->payload_packet_len <= 1200) &&
((packet->payload[0] == 0x80) && ((packet->payload[1] == 0xc8) || (packet->payload[1] == 0xc9)) && (packet->payload[2] == 0x00)))
|| (((packet->payload[0] == 0x81) && ((packet->payload[1] == 0xc8) || (packet->payload[1] == 0xc9))
&& (packet->payload[2] == 0x00)))) {
NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "found rtcp.\n");
ndpi_int_rtcp_add_connection(ndpi_struct, flow);
}
} else {
NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude RTCP.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP);
}
}
开发者ID:BenjaminUJun,项目名称:slick,代码行数:34,代码来源:rtcp.c
示例4: ndpi_search_fiesta
void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// struct ndpi_id_struct *src=ndpi_struct->src;
// struct ndpi_id_struct *dst=ndpi_struct->dst;
NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "search fiesta.\n");
if (flow->l4.tcp.fiesta_stage == 0 && packet->payload_packet_len == 5
&& get_u_int16_t(packet->payload, 0) == ntohs(0x0407)
&& (packet->payload[2] == 0x08)
&& (packet->payload[4] == 0x00 || packet->payload[4] == 0x01)) {
NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "maybe fiesta symmetric, first packet.\n");
flow->l4.tcp.fiesta_stage = 1 + packet->packet_direction;
goto maybe_fiesta;
}
if (flow->l4.tcp.fiesta_stage == (2 - packet->packet_direction)
&& ((packet->payload_packet_len > 1 && packet->payload_packet_len - 1 == packet->payload[0])
|| (packet->payload_packet_len > 3 && packet->payload[0] == 0
&& get_l16(packet->payload, 1) == packet->payload_packet_len - 3))) {
NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "Maybe fiesta.\n");
goto maybe_fiesta;
}
if (flow->l4.tcp.fiesta_stage == (1 + packet->packet_direction)) {
if (packet->payload_packet_len == 4 && get_u_int32_t(packet->payload, 0) == htonl(0x03050c01)) {
goto add_fiesta;
}
if (packet->payload_packet_len == 5 && get_u_int32_t(packet->payload, 0) == htonl(0x04030c01)
&& packet->payload[4] == 0) {
goto add_fiesta;
}
if (packet->payload_packet_len == 6 && get_u_int32_t(packet->payload, 0) == htonl(0x050e080b)) {
goto add_fiesta;
}
if (packet->payload_packet_len == 100 && packet->payload[0] == 0x63 && packet->payload[61] == 0x52
&& packet->payload[81] == 0x5a && get_u_int16_t(packet->payload, 1) == htons(0x3810)
&& get_u_int16_t(packet->payload, 62) == htons(0x6f75)) {
goto add_fiesta;
}
if (packet->payload_packet_len > 3 && packet->payload_packet_len - 1 == packet->payload[0]
&& get_u_int16_t(packet->payload, 1) == htons(0x140c)) {
goto add_fiesta;
}
}
NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "exclude fiesta.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FIESTA);
return;
maybe_fiesta:
NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "Stage is set to %d.\n", flow->l4.tcp.fiesta_stage);
return;
add_fiesta:
NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "detected fiesta.\n");
ndpi_int_fiesta_add_connection(ndpi_struct, flow);
return;
}
开发者ID:betolj,项目名称:ndpi-netfilter,代码行数:60,代码来源:fiesta.c
示例5: ndpi_check_radius
static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// const u_int8_t *packet_payload = packet->payload;
u_int32_t payload_len = packet->payload_packet_len;
#if 0
printf("[len=%u][%02X %02X %02X %02X]\n", payload_len,
packet->payload[0] & 0xFF,
packet->payload[1] & 0xFF,
packet->payload[2] & 0xFF,
packet->payload[3] & 0xFF);
#endif
if(packet->udp != NULL) {
struct radius_header *h = (struct radius_header*)packet->payload;
h->len = ntohs(h->len);
if((payload_len > sizeof(struct radius_header))
&& (h->code <= 5)
&& (h->len == payload_len)) {
NDPI_LOG(NDPI_PROTOCOL_RADIUS, ndpi_struct, NDPI_LOG_DEBUG, "Found radius.\n");
ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RADIUS, NDPI_REAL_PROTOCOL);
return;
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RADIUS);
return;
}
}
开发者ID:adi52980,项目名称:nDPI1,代码行数:32,代码来源:radius.c
示例6: ndpi_search_twitter
void ndpi_search_twitter(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
/*
Twitter AS34702
http://bgp.he.net/AS13414
*/
if(flow->packet.iph) {
// IPv4
u_int32_t src = ntohl(flow->packet.iph->saddr);
u_int32_t dst = ntohl(flow->packet.iph->daddr);
if(ndpi_ips_match(src, dst, 0xC0854C00, 22) /* 192.133.76.0/22 */
|| ndpi_ips_match(src, dst, 0xC7109C00, 22) /* 199.16.156.0/22 */
|| ndpi_ips_match(src, dst, 0xC73B9400, 22) /* 199.59.148.0/22 */
|| ndpi_ips_match(src, dst, 0xC7603A00, 23) /* 199.96.58.0/23 */
|| ndpi_ips_match(src, dst, 0xC7603E00, 23) /* 199.96.62.0/23 */
) {
ndpi_int_twitter_add_connection(ndpi_struct, flow);
return;
}
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_SERVICE_TWITTER);
}
开发者ID:houcy,项目名称:nDPI-1,代码行数:26,代码来源:twitter.c
示例7: ndpi_search_dhcp_udp
void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// struct ndpi_id_struct *src=ndpi_struct->src;
// struct ndpi_id_struct *dst=ndpi_struct->dst;
/* this detection also works for asymmetric dhcp traffic */
/*check standard DHCP 0.0.0.0:68 -> 255.255.255.255:67 */
if (packet->payload_packet_len >= 244
&& (packet->udp->source == htons(67)
|| packet->udp->source == htons(68))
&& (packet->udp->dest == htons(67)
|| packet->udp->dest == htons(68))
&& get_u_int32_t(packet->payload, 236) == htonl(0x63825363)
&& get_u_int16_t(packet->payload, 240) == htons(0x3501)) {
NDPI_LOG(NDPI_PROTOCOL_DHCP, ndpi_struct, NDPI_LOG_DEBUG,
"DHCP request\n");
ndpi_int_dhcp_add_connection(ndpi_struct, flow);
return;
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask,
NDPI_PROTOCOL_DHCP);
}
开发者ID:aming2007,项目名称:nDPI,代码行数:29,代码来源:dhcp.c
示例8: ndpi_int_search_thunder_udp
static inline
#else
__forceinline static
#endif
void ndpi_int_search_thunder_udp(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// struct ndpi_id_struct *src=ndpi_struct->src;
// struct ndpi_id_struct *dst=ndpi_struct->dst;
if (packet->payload_packet_len > 8 && packet->payload[0] >= 0x30
&& packet->payload[0] < 0x40 && packet->payload[1] == 0 && packet->payload[2] == 0 && packet->payload[3] == 0) {
if (flow->thunder_stage == 3) {
NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, "THUNDER udp detected\n");
ndpi_int_thunder_add_connection(ndpi_struct, flow, NDPI_REAL_PROTOCOL);
return;
}
flow->thunder_stage++;
NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG,
"maybe thunder udp packet detected, stage increased to %u\n", flow->thunder_stage);
return;
}
NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG,
"excluding thunder udp at stage %u\n", flow->thunder_stage);
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_THUNDER);
}
开发者ID:chenglong7997,项目名称:ndpi,代码行数:31,代码来源:thunder.c
示例9: ndpi_search_tftp
void ndpi_search_tftp(struct ndpi_detection_module_struct
*ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "search TFTP.\n");
if (packet->payload_packet_len > 3 && flow->l4.udp.tftp_stage == 0
&& ntohl(get_u_int32_t(packet->payload, 0)) == 0x00030001) {
NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "maybe tftp. need next packet.\n");
flow->l4.udp.tftp_stage = 1;
return;
}
if (packet->payload_packet_len > 3 && (flow->l4.udp.tftp_stage == 1)
&& ntohl(get_u_int32_t(packet->payload, 0)) == 0x00040001) {
NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "found tftp.\n");
ndpi_int_tftp_add_connection(ndpi_struct, flow);
return;
}
if (packet->payload_packet_len > 1
&& ((packet->payload[0] == 0 && packet->payload[packet->payload_packet_len - 1] == 0)
|| (packet->payload_packet_len == 4 && ntohl(get_u_int32_t(packet->payload, 0)) == 0x00040000))) {
NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "skip initial packet.\n");
return;
}
NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude TFTP.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TFTP);
}
开发者ID:houcy,项目名称:nDPI-1,代码行数:30,代码来源:tftp.c
示例10: ndpi_search_pando
void ndpi_search_pando(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
struct ndpi_packet_struct *packet = &flow->packet;
/* Break after 20 packets. */
if (flow->packet_counter > 20) {
NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_TRACE, "PANDO excluded.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PANDO);
return;
}
/* skip marked or retransmitted packets */
if (packet->tcp_retransmission != 0) {
return;
}
if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_PANDO) {
return;
}
NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_TRACE, "PANDO detection...\n");
ndpi_check_pando_tcp(ndpi_struct, flow);
if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_PANDO) {
return;
}
ndpi_check_pando_udp(ndpi_struct, flow);
}
开发者ID:chenglong7997,项目名称:ndpi,代码行数:28,代码来源:pando.c
示例11: ndpi_search_direct_download_link_tcp
void ndpi_search_direct_download_link_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// struct ndpi_id_struct *src=ndpi_struct->src;
// struct ndpi_id_struct *dst=ndpi_struct->dst;
#if 0
if (ndpi_struct->direct_download_link_counter_callback != NULL) {
if (packet->detected_protocol == NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) {
/* skip packets not requests from the client to the server */
if (packet->packet_direction == flow->l4.tcp.ddlink_server_direction) {
search_ddl_domains(ndpi_struct, flow); // do the detection again in order to get the URL in keep alive streams
} else {
// just count the packet
ndpi_struct->direct_download_link_counter_callback(flow->hash_id_number, packet->l3_packet_len);
}
}
return;
}
#endif
// do not detect again if it is already ddl
if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) {
if (search_ddl_domains(ndpi_struct, flow) != 0) {
return;
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK);
}
}
开发者ID:T-NOVA,项目名称:vTC,代码行数:29,代码来源:directdownloadlink.c
示例12: ndpi_search_telegram
void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int16_t dport /* , sport */;
NDPI_LOG(NDPI_PROTOCOL_TELEGRAM, ndpi_struct, NDPI_LOG_TRACE, "TELEGRAM detection...\n");
if (packet->payload_packet_len == 0)
return;
if (packet->tcp != NULL) {
if (packet->payload_packet_len > 56) {
dport = ntohs(packet->tcp->dest);
/* sport = ntohs(packet->tcp->source); */
if (packet->payload[0] == 0xef && (
dport == 443 || dport == 80 || dport == 25
)) {
if (packet->payload[1] == 0x7f) {
ndpi_int_telegram_add_connection(ndpi_struct, flow);
}
else if (packet->payload[1]*4 <= packet->payload_packet_len - 1) {
ndpi_int_telegram_add_connection(ndpi_struct, flow);
}
return;
}
}
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TELEGRAM);
}
开发者ID:houcy,项目名称:nDPI-1,代码行数:30,代码来源:telegram.c
示例13: ndpi_search_skinny
void ndpi_search_skinny(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int16_t dport = 0, sport = 0;
const char pattern_9_bytes[9] = { 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
const char pattern_8_bytes[8] = { 0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
const char keypadmsg_8_bytes[8] = { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
const char selectmsg_8_bytes[8] = { 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "search for SKINNY.\n");
if(packet->tcp != NULL) {
sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "calculating SKINNY over tcp.\n");
if (dport == 2000 && ((packet->payload_packet_len == 24 &&
memcmp(&packet->payload[0], keypadmsg_8_bytes, 8) == 0)
|| ((packet->payload_packet_len == 64) && memcmp(&packet->payload[0], pattern_8_bytes, 8) == 0))) {
NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "found skinny.\n");
ndpi_int_skinny_add_connection(ndpi_struct, flow);
} else if (sport == 2000 && ((packet->payload_packet_len == 28 &&
memcmp(&packet->payload[0], selectmsg_8_bytes, 8) == 0 ) ||
(packet->payload_packet_len == 44 &&
memcmp(&packet->payload[0], pattern_9_bytes, 9) == 0))) {
NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "found skinny.\n");
ndpi_int_skinny_add_connection(ndpi_struct, flow);
}
} else {
NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "exclude SKINNY.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKINNY);
}
}
开发者ID:houcy,项目名称:nDPI-1,代码行数:31,代码来源:skinny.c
示例14: ndpi_search_rsync
void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int16_t dport = 0, sport = 0;
NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "search for RSYNC.\n");
if(packet->tcp != NULL) {
sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "calculating RSYNC over tcp.\n");
/*
* Should match: memcmp(packet->payload, "@RSYN NCD: 28", 14) == 0)
*/
if (packet->payload_packet_len == 12 && packet->payload[0] == 0x40 &&
packet->payload[1] == 0x52 && packet->payload[2] == 0x53 &&
packet->payload[3] == 0x59 && packet->payload[4] == 0x4e &&
packet->payload[5] == 0x43 && packet->payload[6] == 0x44 &&
packet->payload[7] == 0x3a ) {
NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "found rsync.\n");
ndpi_int_rsync_add_connection(ndpi_struct, flow);
}
} else {
NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "exclude RSYNC.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RSYNC);
}
}
开发者ID:unusedPhD,项目名称:ndpi,代码行数:26,代码来源:rsync.c
示例15: ndpi_search_oracle
void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
u_int16_t dport = 0, sport = 0;
NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "search for ORACLE.\n");
if(packet->tcp != NULL) {
sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "calculating ORACLE over tcp.\n");
/* Oracle Database 9g,10g,11g */
if ((dport == 1521 || sport == 1521)
&& (((packet->payload[0] == 0x07) && (packet->payload[1] == 0xff) && (packet->payload[2] == 0x00))
|| ((packet->payload_packet_len >= 232) && ((packet->payload[0] == 0x00) || (packet->payload[0] == 0x01))
&& (packet->payload[1] != 0x00)
&& (packet->payload[2] == 0x00)
&& (packet->payload[3] == 0x00)))) {
NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "found oracle.\n");
ndpi_int_oracle_add_connection(ndpi_struct, flow);
} else if (packet->payload_packet_len == 213 && packet->payload[0] == 0x00 &&
packet->payload[1] == 0xd5 && packet->payload[2] == 0x00 &&
packet->payload[3] == 0x00 ) {
NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "found oracle.\n");
ndpi_int_oracle_add_connection(ndpi_struct, flow);
}
} else {
NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "exclude ORACLE.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ORACLE);
}
}
开发者ID:BenjaminUJun,项目名称:slick,代码行数:30,代码来源:oracle.c
示例16: ndpi_search_vnc_tcp
void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// struct ndpi_id_struct *src=ndpi_struct->src;
// struct ndpi_id_struct *dst=ndpi_struct->dst;
if (flow->l4.tcp.vnc_stage == 0) {
if (packet->payload_packet_len == 12
&& memcmp(packet->payload, "RFB 003.00", 10) == 0 && packet->payload[11] == 0x0a) {
NDPI_LOG(NDPI_PROTOCOL_VNC, ndpi_struct, NDPI_LOG_DEBUG, "reached vnc stage one\n");
flow->l4.tcp.vnc_stage = 1 + packet->packet_direction;
return;
}
} else if (flow->l4.tcp.vnc_stage == 2 - packet->packet_direction) {
if (packet->payload_packet_len == 12
&& memcmp(packet->payload, "RFB 003.00", 10) == 0 && packet->payload[11] == 0x0a) {
NDPI_LOG(NDPI_PROTOCOL_VNC, ndpi_struct, NDPI_LOG_DEBUG, "found vnc\n");
ndpi_int_vnc_add_connection(ndpi_struct, flow);
return;
}
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VNC);
}
开发者ID:chenglong7997,项目名称:ndpi,代码行数:26,代码来源:vnc.c
示例17: ndpi_search_guildwars_tcp
void ndpi_search_guildwars_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// struct ndpi_id_struct *src=ndpi_struct->src;
// struct ndpi_id_struct *dst=ndpi_struct->dst;
NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "search guildwars.\n");
if (packet->payload_packet_len == 64 && get_u_int16_t(packet->payload, 1) == ntohs(0x050c)
&& memcmp(&packet->payload[50], "@2&P", 4) == 0) {
NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "GuildWars version 29.350: found.\n");
ndpi_int_guildwars_add_connection(ndpi_struct, flow);
return;
}
if (packet->payload_packet_len == 16 && get_u_int16_t(packet->payload, 1) == ntohs(0x040c)
&& get_u_int16_t(packet->payload, 4) == ntohs(0xa672)
&& packet->payload[8] == 0x01 && packet->payload[12] == 0x04) {
NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "GuildWars version 29.350: found.\n");
ndpi_int_guildwars_add_connection(ndpi_struct, flow);
return;
}
if (packet->payload_packet_len == 21 && get_u_int16_t(packet->payload, 0) == ntohs(0x0100)
&& get_u_int32_t(packet->payload, 5) == ntohl(0xf1001000)
&& packet->payload[9] == 0x01) {
NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "GuildWars version 216.107.245.50: found.\n");
ndpi_int_guildwars_add_connection(ndpi_struct, flow);
return;
}
NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "exclude guildwars.\n");
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_GUILDWARS);
}
开发者ID:BenjaminUJun,项目名称:slick,代码行数:33,代码来源:guildwars.c
示例18: ndpi_search_ayiya
void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
if(packet->udp && (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) {
/* Ayiya is udp based, port 5072 */
if ((packet->udp->source == htons(5072) || packet->udp->dest == htons(5072))
/* check for ayiya new packet */
&& (packet->payload_packet_len > 44)
) {
/* FINISH */
struct ayiya *a = (struct ayiya*)packet->payload;
u_int32_t epoch = ntohl(a->epoch), now;
u_int32_t fireyears = 86400 * 365 * 5;
now = flow->packet.tick_timestamp;
if((epoch >= (now - fireyears)) && (epoch <= (now+86400 /* 1 day */)))
ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_AYIYA, NDPI_REAL_PROTOCOL);
return;
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_AYIYA);
}
}
开发者ID:jnicholls,项目名称:nDPI,代码行数:26,代码来源:ayiya.c
示例19: ndpi_search_justin_twitch
void ndpi_search_justin_twitch(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
register u_int16_t ii;
static u_int16_t flag=0;
u_int16_t dport=0,sport=0;
if(packet->tcp!=NULL){
sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest);
if((sport==1935||dport==1935)&&flag==1){
ndpi_int_justin_add_connection(ndpi_struct, flow);
return ;
}
if ((packet->payload_packet_len > NDPI_STATICSTRING_LEN("POST /") &&
memcmp(packet->payload, "POST /", NDPI_STATICSTRING_LEN("POST /")) == 0)||
(packet->payload_packet_len > NDPI_STATICSTRING_LEN("GET /") &&
memcmp(packet->payload, "GET /", NDPI_STATICSTRING_LEN("GET /")) == 0)){
ndpi_parse_packet_line_info(ndpi_struct, flow);
if(packet->host_line.ptr!=NULL&&packet->host_line.len== NDPI_STATICSTRING_LEN("www.twitch.tv")&&
memcmp(packet->host_line.ptr,"www.twitch.tv",NDPI_STATICSTRING_LEN("www.twitch.tv"))==0){
flow->l4.tcp.justin_twitch_stage=1;
flag=1;
ndpi_int_justin_add_connection(ndpi_struct, flow);
return ;
}
}
}
for(ii=0;ii<packet->payload_packet_len; ++ii){
if(packet->payload[ii]=='a'){
if(memcmp(&packet->payload[ii + 1], "pi.twitch.tv",12)==0){
NDPI_LOG(NDPI_PROTOCOL_JUSTIN_TWITCH, ndpi_struct, NDPI_LOG_DEBUG, "twitch detected.\n");
ndpi_int_justin_add_connection(ndpi_struct, flow);
return ;
}
}
if(packet->payload[ii]=='t'){
if(memcmp(&packet->payload[ii + 1], "witch.tv", 8)==0){
NDPI_LOG(NDPI_PROTOCOL_JUSTIN_TWITCH, ndpi_struct, NDPI_LOG_DEBUG, "twitch detected.\n");
ndpi_int_justin_add_connection(ndpi_struct, flow);
return ;
}
}
}
for (ii = 0; ii < packet->payload_packet_len ; ++ii){
if(packet->payload[ii]=='j'){
if (memcmp(&packet->payload[ii + 1], "ustin.tv/", 9)==0){
NDPI_LOG(NDPI_PROTOCOL_JUSTIN_TWITCH, ndpi_struct, NDPI_LOG_DEBUG, "justin detected.\n");
ndpi_int_justin_add_connection(ndpi_struct, flow);
return ;
}
}
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_JUSTIN_TWITCH);
}
开发者ID:adi52980,项目名称:nDPI1,代码行数:60,代码来源:justin_twitch.c
示例20: ndpi_search_mysql_tcp
static void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct *packet = &flow->packet;
// struct ndpi_id_struct *src=ndpi_struct->src;
// struct ndpi_id_struct *dst=ndpi_struct->dst;
if (packet->payload_packet_len > 37 //min length
&& get_u_int16_t(packet->payload, 0) == packet->payload_packet_len - 4 //first 3 bytes are length
&& get_u_int8_t(packet->payload, 2) == 0x00 //3rd byte of packet length
&& get_u_int8_t(packet->payload, 3) == 0x00 //packet sequence number is 0 for startup packet
&& get_u_int8_t(packet->payload, 5) > 0x30 //server version > 0
&& get_u_int8_t(packet->payload, 5) < 0x37 //server version < 7
&& get_u_int8_t(packet->payload, 6) == 0x2e //dot
) {
u_int32_t a;
for (a = 7; a + 31 < packet->payload_packet_len; a++) {
if (packet->payload[a] == 0x00) {
if (get_u_int8_t(packet->payload, a + 13) == 0x00 //filler byte
&& get_u_int64_t(packet->payload, a + 19) == 0x0ULL //13 more
&& get_u_int32_t(packet->payload, a + 27) == 0x0 //filler bytes
&& get_u_int8_t(packet->payload, a + 31) == 0x0) {
NDPI_LOG(NDPI_PROTOCOL_MYSQL, ndpi_struct, NDPI_LOG_DEBUG, "MySQL detected.\n");
ndpi_int_mysql_add_connection(ndpi_struct, flow);
return;
}
break;
}
}
}
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MYSQL);
}
开发者ID:rogerhu,项目名称:dd-wrt,代码行数:34,代码来源:mysql.c
注:本文中的NDPI_ADD_PROTOCOL_TO_BITMASK函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论