/src/ndpi/src/lib/protocols/ciscovpn.c
Line | Count | Source |
1 | | /* |
2 | | * ciscovpn.c |
3 | | * |
4 | | * Copyright (C) 2013-22 - ntop.org |
5 | | * |
6 | | * nDPI is free software: you can redistribute it and/or modify |
7 | | * it under the terms of the GNU Lesser General Public License as published by |
8 | | * the Free Software Foundation, either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * nDPI is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU Lesser General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU Lesser General Public License |
17 | | * along with nDPI. If not, see <http://www.gnu.org/licenses/>. |
18 | | * |
19 | | * Dissector developed by Remy Mudingay <mudingay@ill.fr> |
20 | | * |
21 | | */ |
22 | | |
23 | | #include "ndpi_protocol_ids.h" |
24 | | |
25 | | #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CISCOVPN |
26 | | |
27 | | #include "ndpi_api.h" |
28 | | #include "ndpi_private.h" |
29 | | |
30 | | /* ****************************************************************** */ |
31 | | |
32 | | static void ndpi_int_ciscovpn_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) |
33 | 0 | { |
34 | 0 | ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CISCOVPN, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); |
35 | 0 | } |
36 | | |
37 | | /* ****************************************************************** */ |
38 | | |
39 | | static void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) |
40 | 0 | { |
41 | 0 | struct ndpi_packet_struct *packet = &ndpi_struct->packet; |
42 | 0 | u_int16_t udport, usport; |
43 | |
|
44 | 0 | NDPI_LOG_DBG(ndpi_struct, "search CISCOVPN\n"); |
45 | |
|
46 | 0 | usport = ntohs(packet->udp->source), udport = ntohs(packet->udp->dest); |
47 | |
|
48 | 0 | if((usport == 10000 && udport == 10000)) { |
49 | 0 | if((packet->payload_packet_len >= 4) && |
50 | 0 | (packet->payload[0] == 0xfe && |
51 | 0 | packet->payload[1] == 0x57 && |
52 | 0 | packet->payload[2] == 0x7e && |
53 | 0 | packet->payload[3] == 0x2b) |
54 | 0 | ) { |
55 | | /* This is a good query fe577e2b */ |
56 | 0 | NDPI_LOG_INFO(ndpi_struct, "found CISCOVPN\n"); |
57 | 0 | ndpi_int_ciscovpn_add_connection(ndpi_struct, flow); |
58 | 0 | return; |
59 | 0 | } |
60 | | |
61 | 0 | if(flow->num_processed_pkts > 5) |
62 | 0 | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
63 | 0 | } else |
64 | 0 | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
65 | 0 | } |
66 | | |
67 | | |
68 | | void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct) |
69 | 1 | { |
70 | 1 | register_dissector("CiscoVPN", ndpi_struct, |
71 | 1 | ndpi_search_ciscovpn, |
72 | 1 | NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, |
73 | 1 | 1, NDPI_PROTOCOL_CISCOVPN); |
74 | 1 | } |