/src/ndpi/src/lib/protocols/activision.c
Line | Count | Source |
1 | | /* |
2 | | * activision.c |
3 | | * |
4 | | * Copyright (C) 2022-23 - ntop.org |
5 | | * |
6 | | * nDPI is free software: you can redistribute it and/or modify |
7 | | * it under the terms of the GNU Lesser General Public License as published by |
8 | | * the Free Software Foundation, either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * nDPI is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU Lesser General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU Lesser General Public License |
17 | | * along with nDPI. If not, see <http://www.gnu.org/licenses/>. |
18 | | * |
19 | | */ |
20 | | |
21 | | |
22 | | #include "ndpi_protocol_ids.h" |
23 | | |
24 | | #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ACTIVISION |
25 | | |
26 | | #include "ndpi_api.h" |
27 | | #include "ndpi_private.h" |
28 | | |
29 | | static void ndpi_int_activision_add_connection(struct ndpi_detection_module_struct * const ndpi_struct, |
30 | | struct ndpi_flow_struct * const flow) |
31 | 249 | { |
32 | 249 | NDPI_LOG_INFO(ndpi_struct, "found activision\n"); |
33 | 249 | ndpi_set_detected_protocol(ndpi_struct, flow, |
34 | 249 | NDPI_PROTOCOL_ACTIVISION, |
35 | 249 | NDPI_PROTOCOL_UNKNOWN, |
36 | 249 | NDPI_CONFIDENCE_DPI); |
37 | 249 | } |
38 | | |
39 | | static void ndpi_search_activision(struct ndpi_detection_module_struct *ndpi_struct, |
40 | | struct ndpi_flow_struct *flow) |
41 | 529k | { |
42 | 529k | struct ndpi_packet_struct const * const packet = &ndpi_struct->packet; |
43 | | |
44 | 529k | NDPI_LOG_DBG(ndpi_struct, "search activision\n"); |
45 | | |
46 | 529k | if (packet->payload_packet_len < 18) |
47 | 101k | { |
48 | 101k | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
49 | 101k | return; |
50 | 101k | } |
51 | | |
52 | 428k | if (flow->packet_direction_counter[packet->packet_direction] == 1) |
53 | 427k | { |
54 | 427k | if (packet->packet_direction == 0) |
55 | 218k | { |
56 | 218k | if (ntohs(get_u_int16_t(packet->payload, 0)) != 0x0c02) |
57 | 218k | { |
58 | 218k | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
59 | 218k | return; |
60 | 218k | } |
61 | 218k | } else { |
62 | 209k | if (ntohs(get_u_int16_t(packet->payload, 0)) != 0x0d02) |
63 | 208k | { |
64 | 208k | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
65 | 208k | return; |
66 | 208k | } |
67 | 209k | } |
68 | | |
69 | 1.03k | if (packet->payload_packet_len < 29) |
70 | 133 | { |
71 | 133 | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
72 | 133 | return; |
73 | 133 | } |
74 | | |
75 | 902 | if (ntohs(get_u_int16_t(packet->payload, 17)) == 0xc0a8 && |
76 | 902 | ntohl(get_u_int32_t(packet->payload, 19)) == 0x0015020c) |
77 | 207 | { |
78 | 207 | ndpi_int_activision_add_connection(ndpi_struct, flow); |
79 | 207 | return; |
80 | 207 | } |
81 | 902 | } else if (packet->packet_direction == 0) { |
82 | 244 | if (packet->payload[0] != 0x29) |
83 | 90 | { |
84 | 90 | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
85 | 90 | return; |
86 | 90 | } |
87 | 401 | } else if (packet->packet_direction == 1) { |
88 | 401 | if (packet->payload[0] != 0x28) |
89 | 134 | { |
90 | 134 | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
91 | 134 | return; |
92 | 134 | } |
93 | 401 | } |
94 | | |
95 | 1.11k | if (flow->packet_counter > 4) |
96 | 42 | { |
97 | 42 | ndpi_int_activision_add_connection(ndpi_struct, flow); |
98 | 42 | } |
99 | 1.11k | } |
100 | | |
101 | | void init_activision_dissector(struct ndpi_detection_module_struct *ndpi_struct) |
102 | 10.7k | { |
103 | 10.7k | register_dissector("Activision", ndpi_struct, |
104 | 10.7k | ndpi_search_activision, |
105 | 10.7k | NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, |
106 | 10.7k | 1, NDPI_PROTOCOL_ACTIVISION); |
107 | 10.7k | } |