/src/ndpi/src/lib/protocols/fins.c

Source (jump to first uncovered line)
/*
 * fins.c
 *
 * Factory Interface Network Service
 *
 * Copyright (C) 2023 - ntop.org
 * Copyright (C) V.G <v.gavrilov@securitycode.ru>
 *
 * nDPI is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * nDPI is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

#include "ndpi_protocol_ids.h"

#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FINS

#include "ndpi_api.h"
#include "ndpi_private.h"

struct fins_hdr {
  u_int8_t icf; /* Information Control Field */
  u_int8_t rsv; /* Reserved, must be set to 0 */
  u_int8_t gct; /* Permissible number of gateways */
  u_int8_t dna; /* Destination network address */
  u_int8_t da1; /* Destination node address */
  u_int8_t da2; /* Destination unit address */
  u_int8_t sna; /* Source network address */
  u_int8_t sa1; /* Source node address */
  u_int8_t sa2; /* Source unit address */
  u_int8_t sid; /* Service ID */
};

static void ndpi_int_fins_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
                                         struct ndpi_flow_struct * const flow)
{
  ndpi_set_detected_protocol(ndpi_struct, flow,
                             NDPI_PROTOCOL_FINS,
                             NDPI_PROTOCOL_UNKNOWN,
                             NDPI_CONFIDENCE_DPI);
}

static void ndpi_search_fins(struct ndpi_detection_module_struct *ndpi_struct,
                             struct ndpi_flow_struct *flow)
{
  struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;

  NDPI_LOG_DBG(ndpi_struct, "search Omron FINS\n");

  /* FINS/TCP header is 20 bytes long, but it's usually followed
   * by 10 byte FINS header and command data
   */
  if (packet->tcp != NULL && packet->payload_packet_len >= 20) {
    /* The FINS/TCP header always contains the
     * 4 byte ASCII magic value 'FINS'
     */
    if (memcmp(packet->payload, "FINS", 4) == 0) {
      NDPI_LOG_INFO(ndpi_struct, "found FINS over TCP\n");
      ndpi_int_fins_add_connection(ndpi_struct, flow);
      return;
    }
  } else if ((packet->udp != NULL) &&
             (packet->payload_packet_len > sizeof(struct fins_hdr)))
  {
    struct fins_hdr const * const fins = (struct fins_hdr *)packet->payload;

    /* 0x80 - command, response required
     * 0xC0 - response, response not required
     * 0xC1 - response, response required
     */
    if ((fins->icf != 0x80) && (fins->icf != 0xC0) && 
        (fins->icf != 0xC1))
    {
      goto not_fins;
    }
    
    if ((fins->dna > 0x7F)  || (fins->sna > 0x7F) ||
        (fins->gct != 0x02) || (fins->rsv != 0)) 
    {
      goto not_fins;
    }

    if ((fins->da2 == 0x00) || (fins->da2 == 0xFE) ||
        (fins->da2 == 0xE1) || ((fins->da2 >= 0x10) && 
        (fins->da2 <= 0x1F)))
    {
      if ((fins->sa2 == 0x00) || (fins->sa2 == 0xFE) ||
          (fins->sa2 == 0xE1) || ((fins->sa2 >= 0x10) && 
          (fins->sa2 <= 0x1F)))
      {
        NDPI_LOG_INFO(ndpi_struct, "found FINS over UDP\n");
        ndpi_int_fins_add_connection(ndpi_struct, flow);
        return;
      }
    }
  }

not_fins:
  NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow);
}

void init_fins_dissector(struct ndpi_detection_module_struct *ndpi_struct)
{
  register_dissector("FINS", ndpi_struct,
                     ndpi_search_fins,
                     NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
                     1, NDPI_PROTOCOL_FINS);
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* fins.c
3		*
4		* Factory Interface Network Service
5		*
6		* Copyright (C) 2023 - ntop.org
7		* Copyright (C) V.G <v.gavrilov@securitycode.ru>
8		*
9		* nDPI is free software: you can redistribute it and/or modify
10		* it under the terms of the GNU Lesser General Public License as published by
11		* the Free Software Foundation, either version 3 of the License, or
12		* (at your option) any later version.
13		*
14		* nDPI is distributed in the hope that it will be useful,
15		* but WITHOUT ANY WARRANTY; without even the implied warranty of
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17		* GNU Lesser General Public License for more details.
18		*
19		* You should have received a copy of the GNU Lesser General Public License
20		* along with nDPI. If not, see <http://www.gnu.org/licenses/>.
21		*
22		*/
23
24		#include "ndpi_protocol_ids.h"
25
26		#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FINS
27
28		#include "ndpi_api.h"
29		#include "ndpi_private.h"
30
31		struct fins_hdr {
32		u_int8_t icf; /* Information Control Field */
33		u_int8_t rsv; /* Reserved, must be set to 0 */
34		u_int8_t gct; /* Permissible number of gateways */
35		u_int8_t dna; /* Destination network address */
36		u_int8_t da1; /* Destination node address */
37		u_int8_t da2; /* Destination unit address */
38		u_int8_t sna; /* Source network address */
39		u_int8_t sa1; /* Source node address */
40		u_int8_t sa2; /* Source unit address */
41		u_int8_t sid; /* Service ID */
42		};
43
44		static void ndpi_int_fins_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
45		struct ndpi_flow_struct * const flow)
46	0	{
47	0	ndpi_set_detected_protocol(ndpi_struct, flow,
48	0	NDPI_PROTOCOL_FINS,
49	0	NDPI_PROTOCOL_UNKNOWN,
50	0	NDPI_CONFIDENCE_DPI);
51	0	}
52
53		static void ndpi_search_fins(struct ndpi_detection_module_struct *ndpi_struct,
54		struct ndpi_flow_struct *flow)
55	0	{
56	0	struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;
57
58	0	NDPI_LOG_DBG(ndpi_struct, "search Omron FINS\n");
59
60		/* FINS/TCP header is 20 bytes long, but it's usually followed
61		* by 10 byte FINS header and command data
62		*/
63	0	if (packet->tcp != NULL && packet->payload_packet_len >= 20) {
64		/* The FINS/TCP header always contains the
65		* 4 byte ASCII magic value 'FINS'
66		*/
67	0	if (memcmp(packet->payload, "FINS", 4) == 0) {
68	0	NDPI_LOG_INFO(ndpi_struct, "found FINS over TCP\n");
69	0	ndpi_int_fins_add_connection(ndpi_struct, flow);
70	0	return;
71	0	}
72	0	} else if ((packet->udp != NULL) &&
73	0	(packet->payload_packet_len > sizeof(struct fins_hdr)))
74	0	{
75	0	struct fins_hdr const * const fins = (struct fins_hdr *)packet->payload;
76
77		/* 0x80 - command, response required
78		* 0xC0 - response, response not required
79		* 0xC1 - response, response required
80		*/
81	0	if ((fins->icf != 0x80) && (fins->icf != 0xC0) &&
82	0	(fins->icf != 0xC1))
83	0	{
84	0	goto not_fins;
85	0	}
86
87	0	if ((fins->dna > 0x7F) \|\| (fins->sna > 0x7F) \|\|
88	0	(fins->gct != 0x02) \|\| (fins->rsv != 0))
89	0	{
90	0	goto not_fins;
91	0	}
92
93	0	if ((fins->da2 == 0x00) \|\| (fins->da2 == 0xFE) \|\|
94	0	(fins->da2 == 0xE1) \|\| ((fins->da2 >= 0x10) &&
95	0	(fins->da2 <= 0x1F)))
96	0	{
97	0	if ((fins->sa2 == 0x00) \|\| (fins->sa2 == 0xFE) \|\|
98	0	(fins->sa2 == 0xE1) \|\| ((fins->sa2 >= 0x10) &&
99	0	(fins->sa2 <= 0x1F)))
100	0	{
101	0	NDPI_LOG_INFO(ndpi_struct, "found FINS over UDP\n");
102	0	ndpi_int_fins_add_connection(ndpi_struct, flow);
103	0	return;
104	0	}
105	0	}
106	0	}
107
108	0	not_fins:
109	0	NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow);
110	0	}
111
112		void init_fins_dissector(struct ndpi_detection_module_struct *ndpi_struct)
113	0	{
114	0	register_dissector("FINS", ndpi_struct,
115	0	ndpi_search_fins,
116	0	NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
117	0	1, NDPI_PROTOCOL_FINS);
118	0	}

Coverage Report

Created: 2025-06-13 06:05