/src/ndpi/src/lib/protocols/activision.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * activision.c |
3 | | * |
4 | | * Copyright (C) 2022-23 - ntop.org |
5 | | * |
6 | | * nDPI is free software: you can redistribute it and/or modify |
7 | | * it under the terms of the GNU Lesser General Public License as published by |
8 | | * the Free Software Foundation, either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * nDPI is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU Lesser General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU Lesser General Public License |
17 | | * along with nDPI. If not, see <http://www.gnu.org/licenses/>. |
18 | | * |
19 | | */ |
20 | | |
21 | | |
22 | | #include "ndpi_protocol_ids.h" |
23 | | |
24 | | #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ACTIVISION |
25 | | |
26 | | #include "ndpi_api.h" |
27 | | #include "ndpi_private.h" |
28 | | |
29 | | static void ndpi_int_activision_add_connection(struct ndpi_detection_module_struct * const ndpi_struct, |
30 | | struct ndpi_flow_struct * const flow) |
31 | 0 | { |
32 | 0 | NDPI_LOG_INFO(ndpi_struct, "found activision\n"); |
33 | 0 | ndpi_set_detected_protocol(ndpi_struct, flow, |
34 | 0 | NDPI_PROTOCOL_ACTIVISION, |
35 | 0 | NDPI_PROTOCOL_UNKNOWN, |
36 | 0 | NDPI_CONFIDENCE_DPI); |
37 | 0 | } |
38 | | |
39 | | static void ndpi_search_activision(struct ndpi_detection_module_struct *ndpi_struct, |
40 | | struct ndpi_flow_struct *flow) |
41 | 645 | { |
42 | 645 | struct ndpi_packet_struct const * const packet = &ndpi_struct->packet; |
43 | | |
44 | 645 | NDPI_LOG_DBG(ndpi_struct, "search activision\n"); |
45 | | |
46 | 645 | if (packet->payload_packet_len < 18) |
47 | 47 | { |
48 | 47 | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
49 | 47 | return; |
50 | 47 | } |
51 | | |
52 | 598 | if (flow->packet_direction_counter[packet->packet_direction] == 1) |
53 | 598 | { |
54 | 598 | if (packet->packet_direction == 0) |
55 | 307 | { |
56 | 307 | if (ntohs(get_u_int16_t(packet->payload, 0)) != 0x0c02) |
57 | 307 | { |
58 | 307 | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
59 | 307 | return; |
60 | 307 | } |
61 | 307 | } else { |
62 | 291 | if (ntohs(get_u_int16_t(packet->payload, 0)) != 0x0d02) |
63 | 291 | { |
64 | 291 | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
65 | 291 | return; |
66 | 291 | } |
67 | 291 | } |
68 | | |
69 | 0 | if (packet->payload_packet_len < 29) |
70 | 0 | { |
71 | 0 | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
72 | 0 | return; |
73 | 0 | } |
74 | | |
75 | 0 | if (ntohs(get_u_int16_t(packet->payload, 17)) == 0xc0a8 && |
76 | 0 | ntohl(get_u_int32_t(packet->payload, 19)) == 0x0015020c) |
77 | 0 | { |
78 | 0 | ndpi_int_activision_add_connection(ndpi_struct, flow); |
79 | 0 | return; |
80 | 0 | } |
81 | 0 | } else if (packet->packet_direction == 0) { |
82 | 0 | if (packet->payload[0] != 0x29) |
83 | 0 | { |
84 | 0 | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
85 | 0 | return; |
86 | 0 | } |
87 | 0 | } else if (packet->packet_direction == 1) { |
88 | 0 | if (packet->payload[0] != 0x28) |
89 | 0 | { |
90 | 0 | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
91 | 0 | return; |
92 | 0 | } |
93 | 0 | } |
94 | | |
95 | 0 | if (flow->packet_counter > 4) |
96 | 0 | { |
97 | 0 | ndpi_int_activision_add_connection(ndpi_struct, flow); |
98 | 0 | } |
99 | 0 | } |
100 | | |
101 | | void init_activision_dissector(struct ndpi_detection_module_struct *ndpi_struct) |
102 | 7.49k | { |
103 | 7.49k | register_dissector("Activision", ndpi_struct, |
104 | 7.49k | ndpi_search_activision, |
105 | 7.49k | NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, |
106 | 7.49k | 1, NDPI_PROTOCOL_ACTIVISION); |
107 | 7.49k | } |