/src/ndpi/src/lib/protocols/dnscrypt.c

Source (jump to first uncovered line)
/*
 * dnscrypt.c
 *
 * Copyright (C) 2020 - ntop.org
 *
 * nDPI is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * nDPI is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

#include "ndpi_protocol_ids.h"

#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DNSCRYPT

#include "ndpi_api.h"
#include "ndpi_private.h"

static void ndpi_int_dnscrypt_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
                                             struct ndpi_flow_struct *flow)
{
  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
}

static void ndpi_search_dnscrypt(struct ndpi_detection_module_struct *ndpi_struct,
                                 struct ndpi_flow_struct *flow)
{
  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
  static char const * const dnscrypt_initial = "2\rdnscrypt";

  NDPI_LOG_DBG(ndpi_struct, "search dnscrypt\n");

  /* dnscrypt protocol version 1: check magic */
  if (packet->payload_packet_len >= 64 &&
      strncmp((char*)packet->payload, "r6fnvWj8", strlen("r6fnvWj8")) == 0)
  {
    ndpi_int_dnscrypt_add_connection(ndpi_struct, flow);
    return;
  }
  
  /* dnscrypt protocol version 1 and 2: resolver ping */
  if (packet->payload_packet_len > 13 + strlen(dnscrypt_initial) &&
      strncasecmp((char*)packet->payload + 13, dnscrypt_initial, strlen(dnscrypt_initial)) == 0)
  {
    ndpi_int_dnscrypt_add_connection(ndpi_struct, flow);
    return;
  }

  if ((flow->packet_direction_counter[packet->packet_direction] >= 1 &&
       flow->packet_direction_counter[1 - packet->packet_direction] >= 1) ||
      flow->packet_counter >= 8) {
    /*
     * Wait for at least one packet per direction, up to a max
     * Required as we need to wait for the server response which contains the ASCII pattern below.
     */
    NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow);
    return;
  }
}

void init_dnscrypt_dissector(struct ndpi_detection_module_struct *ndpi_struct)
{
  register_dissector("DNScrypt", ndpi_struct,
                     ndpi_search_dnscrypt,
                     NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
                     1, NDPI_PROTOCOL_DNSCRYPT);
}


Line	Count	Source (jump to first uncovered line)
1		/*
2		* dnscrypt.c
3		*
4		* Copyright (C) 2020 - ntop.org
5		*
6		* nDPI is free software: you can redistribute it and/or modify
7		* it under the terms of the GNU Lesser General Public License as published by
8		* the Free Software Foundation, either version 3 of the License, or
9		* (at your option) any later version.
10		*
11		* nDPI is distributed in the hope that it will be useful,
12		* but WITHOUT ANY WARRANTY; without even the implied warranty of
13		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14		* GNU Lesser General Public License for more details.
15		*
16		* You should have received a copy of the GNU Lesser General Public License
17		* along with nDPI. If not, see <http://www.gnu.org/licenses/>.
18		*
19		*/
20
21		#include "ndpi_protocol_ids.h"
22
23		#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DNSCRYPT
24
25		#include "ndpi_api.h"
26		#include "ndpi_private.h"
27
28		static void ndpi_int_dnscrypt_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
29		struct ndpi_flow_struct *flow)
30	0	{
31	0	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
32	0	}
33
34		static void ndpi_search_dnscrypt(struct ndpi_detection_module_struct *ndpi_struct,
35		struct ndpi_flow_struct *flow)
36	0	{
37	0	struct ndpi_packet_struct *packet = &ndpi_struct->packet;
38	0	static char const * const dnscrypt_initial = "2\rdnscrypt";
39
40	0	NDPI_LOG_DBG(ndpi_struct, "search dnscrypt\n");
41
42		/* dnscrypt protocol version 1: check magic */
43	0	if (packet->payload_packet_len >= 64 &&
44	0	strncmp((char*)packet->payload, "r6fnvWj8", strlen("r6fnvWj8")) == 0)
45	0	{
46	0	ndpi_int_dnscrypt_add_connection(ndpi_struct, flow);
47	0	return;
48	0	}
49
50		/* dnscrypt protocol version 1 and 2: resolver ping */
51	0	if (packet->payload_packet_len > 13 + strlen(dnscrypt_initial) &&
52	0	strncasecmp((char*)packet->payload + 13, dnscrypt_initial, strlen(dnscrypt_initial)) == 0)
53	0	{
54	0	ndpi_int_dnscrypt_add_connection(ndpi_struct, flow);
55	0	return;
56	0	}
57
58	0	if ((flow->packet_direction_counter[packet->packet_direction] >= 1 &&
59	0	flow->packet_direction_counter[1 - packet->packet_direction] >= 1) \|\|
60	0	flow->packet_counter >= 8) {
61		/*
62		* Wait for at least one packet per direction, up to a max
63		* Required as we need to wait for the server response which contains the ASCII pattern below.
64		*/
65	0	NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow);
66	0	return;
67	0	}
68	0	}
69
70		void init_dnscrypt_dissector(struct ndpi_detection_module_struct *ndpi_struct)
71	1	{
72	1	register_dissector("DNScrypt", ndpi_struct,
73	1	ndpi_search_dnscrypt,
74	1	NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
75	1	1, NDPI_PROTOCOL_DNSCRYPT);
76	1	}
77

Coverage Report

Created: 2025-08-03 06:23