/src/ndpi/src/lib/protocols/avast_securedns.c
Line | Count | Source |
1 | | /* |
2 | | * avast_securedns.c |
3 | | * |
4 | | * Copyright (C) 2012-22 - ntop.org |
5 | | * |
6 | | * This module is free software: you can redistribute it and/or modify |
7 | | * it under the terms of the GNU Lesser General Public License as published by |
8 | | * the Free Software Foundation, either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * This module is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU Lesser General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU Lesser General Public License. |
17 | | * If not, see <http://www.gnu.org/licenses/>. |
18 | | * |
19 | | */ |
20 | | |
21 | | #include "ndpi_protocol_ids.h" |
22 | | |
23 | | #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AVAST_SECUREDNS |
24 | | |
25 | | #include <stdlib.h> |
26 | | #include "ndpi_api.h" |
27 | | #include "ndpi_private.h" |
28 | | |
29 | | static void ndpi_int_avast_securedns_add_connection(struct ndpi_detection_module_struct *ndpi_struct, |
30 | | struct ndpi_flow_struct *flow) |
31 | 2.02k | { |
32 | 2.02k | ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AVAST_SECUREDNS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); |
33 | 2.02k | } |
34 | | |
35 | | static void ndpi_search_avast_securedns(struct ndpi_detection_module_struct *ndpi_struct, |
36 | | struct ndpi_flow_struct *flow) |
37 | 561k | { |
38 | 561k | struct ndpi_packet_struct * packet = &ndpi_struct->packet; |
39 | | |
40 | 561k | if (packet->payload_packet_len < 34 || |
41 | 561k | ntohl(get_u_int32_t(packet->payload, 11)) != 0x00013209 || |
42 | 2.60k | flow->packet_counter > 1) |
43 | 558k | { |
44 | 558k | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
45 | 558k | return; |
46 | 558k | } |
47 | | |
48 | 2.60k | if (strncasecmp((char *)&packet->payload[15], "securedns", NDPI_STATICSTRING_LEN("securedns")) == 0) |
49 | 2.02k | { |
50 | 2.02k | ndpi_int_avast_securedns_add_connection(ndpi_struct, flow); |
51 | 2.02k | return; |
52 | 2.02k | } |
53 | | |
54 | 575 | NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow); |
55 | 575 | } |
56 | | |
57 | | void init_avast_securedns_dissector(struct ndpi_detection_module_struct *ndpi_struct) |
58 | 8.07k | { |
59 | 8.07k | register_dissector("AVAST SecureDNS", ndpi_struct, |
60 | 8.07k | ndpi_search_avast_securedns, |
61 | 8.07k | NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, |
62 | 8.07k | 1, NDPI_PROTOCOL_AVAST_SECUREDNS); |
63 | 8.07k | } |