/src/ndpi/src/lib/protocols/monero.c

Source
/*
 * monero.c
 *
 * Copyright (C) 2023 - ntop.org
 *
 * This file is part of nDPI, an open source deep packet inspection
 * library based on the OpenDPI and PACE technology by ipoque GmbH
 *
 * nDPI is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * nDPI is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

#include "ndpi_protocol_ids.h"

#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MONERO

#include "ndpi_api.h"
#include "ndpi_private.h"

static void ndpi_int_monero_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
                                           struct ndpi_flow_struct *flow)
{
  NDPI_LOG_INFO(ndpi_struct, "found Monero Protocol\n");

  ndpi_set_detected_protocol(ndpi_struct, flow,
                             NDPI_PROTOCOL_MONERO, NDPI_PROTOCOL_UNKNOWN,
                             NDPI_CONFIDENCE_DPI);

  if(ndpi_struct->mining_cache)
  {
    ndpi_lru_add_to_cache(ndpi_struct->mining_cache,
                          mining_make_lru_cache_key(flow),
                          NDPI_PROTOCOL_MONERO,
                          ndpi_get_current_time(flow));
  }
}

static void ndpi_search_monero(struct ndpi_detection_module_struct *ndpi_struct,
                               struct ndpi_flow_struct *flow)
{
  struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;

  NDPI_LOG_DBG(ndpi_struct, "search Monero Protocol\n");

  if (packet->payload_packet_len < 8)
  {
    NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow);
    return;
  }

  if (get_u_int64_t(packet->payload, 0) == ndpi_htonll(0x0121010101010101))
  {
    ndpi_int_monero_add_connection(ndpi_struct, flow);
    return;
  }

  NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow);
}

void init_monero_dissector(struct ndpi_detection_module_struct *ndpi_struct)
{
  register_dissector("Monero", ndpi_struct,
                     ndpi_search_monero,
                     NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
                      1, NDPI_PROTOCOL_MONERO);
}

Line	Count	Source
1		/*
2		* monero.c
3		*
4		* Copyright (C) 2023 - ntop.org
5		*
6		* This file is part of nDPI, an open source deep packet inspection
7		* library based on the OpenDPI and PACE technology by ipoque GmbH
8		*
9		* nDPI is free software: you can redistribute it and/or modify
10		* it under the terms of the GNU Lesser General Public License as published by
11		* the Free Software Foundation, either version 3 of the License, or
12		* (at your option) any later version.
13		*
14		* nDPI is distributed in the hope that it will be useful,
15		* but WITHOUT ANY WARRANTY; without even the implied warranty of
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17		* GNU Lesser General Public License for more details.
18		*
19		* You should have received a copy of the GNU Lesser General Public License
20		* along with nDPI. If not, see <http://www.gnu.org/licenses/>.
21		*
22		*/
23
24		#include "ndpi_protocol_ids.h"
25
26		#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MONERO
27
28		#include "ndpi_api.h"
29		#include "ndpi_private.h"
30
31		static void ndpi_int_monero_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
32		struct ndpi_flow_struct *flow)
33	114	{
34	114	NDPI_LOG_INFO(ndpi_struct, "found Monero Protocol\n");
35
36	114	ndpi_set_detected_protocol(ndpi_struct, flow,
37	114	NDPI_PROTOCOL_MONERO, NDPI_PROTOCOL_UNKNOWN,
38	114	NDPI_CONFIDENCE_DPI);
39
40	114	if(ndpi_struct->mining_cache)
41	114	{
42	114	ndpi_lru_add_to_cache(ndpi_struct->mining_cache,
43	114	mining_make_lru_cache_key(flow),
44	114	NDPI_PROTOCOL_MONERO,
45	114	ndpi_get_current_time(flow));
46	114	}
47	114	}
48
49		static void ndpi_search_monero(struct ndpi_detection_module_struct *ndpi_struct,
50		struct ndpi_flow_struct *flow)
51	1.66M	{
52	1.66M	struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;
53
54	1.66M	NDPI_LOG_DBG(ndpi_struct, "search Monero Protocol\n");
55
56	1.66M	if (packet->payload_packet_len < 8)
57	480k	{
58	480k	NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow);
59	480k	return;
60	480k	}
61
62	1.18M	if (get_u_int64_t(packet->payload, 0) == ndpi_htonll(0x0121010101010101))
63	114	{
64	114	ndpi_int_monero_add_connection(ndpi_struct, flow);
65	114	return;
66	114	}
67
68	1.18M	NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow);
69	1.18M	}
70
71		void init_monero_dissector(struct ndpi_detection_module_struct *ndpi_struct)
72	679	{
73	679	register_dissector("Monero", ndpi_struct,
74	679	ndpi_search_monero,
75	679	NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
76	679	1, NDPI_PROTOCOL_MONERO);
77	679	}

Coverage Report

Created: 2025-06-13 07:05