1/* 2 * 3 * Copyright (C) 2011-17 - ntop.org 4 * 5 * This file is part of nDPI, an open source deep packet inspection 6 * library based on the OpenDPI and PACE technology by ipoque GmbH 7 * 8 * nDPI is free software: you can redistribute it and/or modify 9 * it under the terms of the GNU Lesser General Public License as published by 10 * the Free Software Foundation, either version 3 of the License, or 11 * (at your option) any later version. 12 * 13 * nDPI is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU Lesser General Public License for more details. 17 * 18 * You should have received a copy of the GNU Lesser General Public License 19 * along with nDPI. If not, see <http://www.gnu.org/licenses/>. 20 * 21 */ 22 23#ifndef __NDPI_DEFINE_INCLUDE_FILE__ 24#define __NDPI_DEFINE_INCLUDE_FILE__ 25 26/* 27 gcc -E -dM - < /dev/null |grep ENDIAN 28*/ 29 30#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) 31#include <machine/endian.h> 32#endif 33 34#ifdef __OpenBSD__ 35#include <endian.h> 36#define __BYTE_ORDER BYTE_ORDER 37#if BYTE_ORDER == LITTLE_ENDIAN 38#ifndef __LITTLE_ENDIAN__ 39#define __LITTLE_ENDIAN__ 40#endif /* __LITTLE_ENDIAN__ */ 41#else 42#define __BIG_ENDIAN__ 43#endif/* BYTE_ORDER */ 44#endif/* __OPENBSD__ */ 45 46 47#if __BYTE_ORDER == __LITTLE_ENDIAN 48#ifndef __LITTLE_ENDIAN__ 49#define __LITTLE_ENDIAN__ 50#endif 51#else 52#ifndef __BIG_ENDIAN__ 53#define __BIG_ENDIAN__ 54#endif 55#endif 56 57#ifdef WIN32 58#ifndef __LITTLE_ENDIAN__ 59#define __LITTLE_ENDIAN__ 1 60#endif 61#endif 62 63#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) 64#if defined(__mips__) 65#undef __LITTLE_ENDIAN__ 66#undef __LITTLE_ENDIAN 67#define __BIG_ENDIAN__ 68#endif 69 70/* Everything else */ 71#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) 72#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 73#define __LITTLE_ENDIAN__ 74#else 75#define __BIG_ENDIAN__ 76#endif 77#endif 78 79#endif 80 81#define NDPI_USE_ASYMMETRIC_DETECTION 0 82#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t 83 84#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0) 85#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1) 86#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2) 87#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3) 88#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4) 89#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5) 90#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6) 91#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7) 92#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8) 93/* now combined detections */ 94 95/* v4 */ 96#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) 97#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) 98#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) 99 100/* v6 */ 101#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) 102#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) 103#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) 104 105/* v4 or v6 */ 106#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) 107#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) 108#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) 109 110 111#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 112#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 113#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 114 115/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ 116#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 117#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 118#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 119 120#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 121#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 122#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 123 124#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) 125#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) 126#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) 127 128#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) 129#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) 130#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) 131 132#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 133#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 134#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 135 136#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 137#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 138#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) 139 140/* safe src/dst protocol check macros... */ 141 142#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0) 143 144#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0) 145 146#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol)) 147 148/** 149 * convenience macro to check for excluded protocol 150 * a protocol is excluded if the flow is known and either the protocol is not detected at all 151 * or the excluded bitmask contains the protocol 152 */ 153#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \ 154 ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \ 155 NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) ) 156 157/* misc definitions */ 158#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 159 160 161/* TODO: rebuild all memory areas to have a more aligned memory block here */ 162 163/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */ 164#define NDPI_MAX_PARSE_LINES_PER_PACKET 64 165 166#define MAX_PACKET_COUNTER 65000 167#define MAX_DEFAULT_PORTS 5 168 169#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 170#define NDPI_IRC_CONNECTION_TIMEOUT 120 171#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 172#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 173#define NDPI_THUNDER_CONNECTION_TIMEOUT 30 174#define NDPI_RTSP_CONNECTION_TIMEOUT 5 175#define NDPI_TVANTS_CONNECTION_TIMEOUT 5 176#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 177#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 178#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 179#define NDPI_ZATTOO_FLASH_TIMEOUT 5 180#define NDPI_JABBER_STUN_TIMEOUT 30 181#define NDPI_JABBER_FT_TIMEOUT 5 182#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 183 184#ifndef _NDPI_CONFIG_H_ 185#include "ndpi_config.h" /* To have access to NDPI_ENABLE_DEBUG_MESSAGES */ 186#define _NDPI_CONFIG_H_ 187#endif 188 189#ifdef NDPI_ENABLE_DEBUG_MESSAGES 190 #define NDPI_LOG(proto, m, log_level, args...) \ 191 { \ 192 struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ 193 if(mod != NULL && mod->ndpi_debug_printf != NULL) \ 194 (*(mod->ndpi_debug_printf))(proto, mod, log_level, __FILE__, __FUNCTION__, __LINE__, args); \ 195 } 196 197 /* We must define NDPI_CURRENT_PROTO before include ndpi_main.h !!! 198 * 199 * #include "ndpi_protocol_ids.h" 200 * #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XXXX 201 * #include "ndpi_api.h" 202 * 203 */ 204 205 #ifndef NDPI_CURRENT_PROTO 206 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNKNOWN 207 #endif 208 209 #define NDPI_LOG_ERR(mod, args...) \ 210 if(mod && mod->ndpi_log_level >= NDPI_LOG_ERROR) { \ 211 if(mod != NULL && mod->ndpi_debug_printf != NULL) \ 212 (*(mod->ndpi_debug_printf))(NDPI_CURRENT_PROTO, mod, NDPI_LOG_ERROR , __FILE__, __FUNCTION__, __LINE__, args); \ 213 } 214 215 #define NDPI_LOG_INFO(mod, args...) \ 216 if(mod && mod->ndpi_log_level >= NDPI_LOG_TRACE) { \ 217 if(mod != NULL && mod->ndpi_debug_printf != NULL) \ 218 (*(mod->ndpi_debug_printf))(NDPI_CURRENT_PROTO, mod, NDPI_LOG_TRACE , __FILE__, __FUNCTION__, __LINE__, args); \ 219 } 220 221 #define NDPI_LOG_DBG(mod, args...) \ 222 if(mod && mod->ndpi_log_level >= NDPI_LOG_DEBUG) { \ 223 if(mod != NULL && mod->ndpi_debug_printf != NULL) \ 224 (*(mod->ndpi_debug_printf))(NDPI_CURRENT_PROTO, mod, NDPI_LOG_DEBUG , __FILE__, __FUNCTION__, __LINE__, args); \ 225 } 226 227 #define NDPI_LOG_DBG2(mod, args...) \ 228 if(mod && mod->ndpi_log_level >= NDPI_LOG_DEBUG_EXTRA) { \ 229 if(mod != NULL && mod->ndpi_debug_printf != NULL) \ 230 (*(mod->ndpi_debug_printf))(NDPI_CURRENT_PROTO, mod, NDPI_LOG_DEBUG_EXTRA , __FILE__, __FUNCTION__, __LINE__, args); \ 231 } 232 233#else /* not defined NDPI_ENABLE_DEBUG_MESSAGES */ 234# ifdef WIN32 235# define NDPI_LOG(...) {} 236# define NDPI_LOG_ERR(...) {} 237# define NDPI_LOG_INFO(...) {} 238# define NDPI_LOG_DBG(...) {} 239# define NDPI_LOG_DBG2(...) {} 240# else 241# define NDPI_LOG(proto, mod, log_level, args...) { /* printf(args); */ } 242# define NDPI_LOG_ERR(mod, args...) { printf(args); } 243# define NDPI_LOG_INFO(mod, args...) { /* printf(args); */ } 244# define NDPI_LOG_DBG(mod, args...) { /* printf(args); */ } 245# define NDPI_LOG_DBG2(mod, args...) { /* printf(args); */ } 246# endif 247#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ 248 249#define NDPI_EXCLUDE_PROTO(mod,flow) ndpi_exclude_protocol(mod, flow, NDPI_CURRENT_PROTO, __FILE__, __FUNCTION__, __LINE__) 250 251/** 252 * macro for getting the string len of a static string 253 * 254 * use it instead of strlen to avoid runtime calculations 255 */ 256#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) 257 258/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ 259#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ 260 ((x.u6_addr.u6_addr64[0] < y.u6_addr.u6_addr64[0]) || ((x.u6_addr.u6_addr64[0] == y.u6_addr.u6_addr64[0]) && (x.u6_addr.u6_addr64[1] < y.u6_addr.u6_addr64[1]))) 261 262#define NDPI_NUM_BITS 512 263#define NDPI_NUM_BITS_MASK (512-1) 264 265#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */ 266#define howmanybits(x, y) (((x)+((y)-1))/(y)) 267 268 269#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1ul << (((u_int32_t)n) % NDPI_BITS))) 270#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1ul << (((u_int32_t)n) % NDPI_BITS))) 271#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1ul << (((u_int32_t)n) % NDPI_BITS))) 272#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) 273#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) 274 275#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS) 276 277#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t 278 279#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b) 280#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b) 281#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a) 282#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a) 283#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); } 284 285#define NDPI_SET_BIT(num, n) num |= 1ULL << ( n ) 286#define NDPI_CLR_BIT(num, n) num &= ~(1ULL << ( n )) 287#define NDPI_CLR_BIT(num, n) num &= ~(1ULL << ( n )) 288#define NDPI_ISSET_BIT(num, n) (num & (1ULL << ( n ))) 289#define NDPI_ZERO_BIT(num) num = 0 290 291/* this is a very very tricky macro *g*, 292 * the compiler will remove all shifts here if the protocol is static... 293 */ 294#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask, value & NDPI_NUM_BITS_MASK) 295#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask, value & NDPI_NUM_BITS_MASK) 296#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask, value & NDPI_NUM_BITS_MASK) 297 298#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); } 299 300 301#define ndpi_min(a,b) ((a < b) ? a : b) 302#define ndpi_max(a,b) ((a > b) ? a : b) 303 304#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \ 305 if (packet->packet_lines_parsed_complete != 1) { \ 306 ndpi_parse_packet_line_info(ndpi_struct,flow); \ 307 } \ 308 309#define NDPI_IPSEC_PROTOCOL_ESP 50 310#define NDPI_IPSEC_PROTOCOL_AH 51 311#define NDPI_GRE_PROTOCOL_TYPE 0x2F 312#define NDPI_ICMP_PROTOCOL_TYPE 0x01 313#define NDPI_IGMP_PROTOCOL_TYPE 0x02 314#define NDPI_EGP_PROTOCOL_TYPE 0x08 315#define NDPI_OSPF_PROTOCOL_TYPE 0x59 316#define NDPI_SCTP_PROTOCOL_TYPE 132 317#define NDPI_IPIP_PROTOCOL_TYPE 0x04 318#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a 319 320/* the get_uXX will return raw network packet bytes !! */ 321#define get_u_int8_t(X,O) (*(u_int8_t *)((&(((u_int8_t *)X)[O])))) 322#define get_u_int16_t(X,O) (*(u_int16_t *)((&(((u_int8_t *)X)[O])))) 323#define get_u_int32_t(X,O) (*(u_int32_t *)((&(((u_int8_t *)X)[O])))) 324#define get_u_int64_t(X,O) (*(u_int64_t *)((&(((u_int8_t *)X)[O])))) 325 326/* new definitions to get little endian from network bytes */ 327#define get_ul8(X,O) get_u_int8_t(X,O) 328 329 330#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) 331#define get_l16(X,O) get_u_int16_t(X,O) 332#define get_l32(X,O) get_u_int32_t(X,O) 333#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN) 334/* convert the bytes from big to little endian */ 335# define get_l16(X,O) bswap_16(get_u_int16_t(X,O)) 336# define get_l32(X,O) bswap_32(get_u_int32_t(X,O)) 337#else 338#error "__BYTE_ORDER MUST BE DEFINED !" 339#endif /* __BYTE_ORDER */ 340 341/* define memory callback function */ 342#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0) 343 344#if defined(WIN32) && !defined(snprintf) 345#define snprintf _snprintf 346#endif 347 348#define NDPI_MAX_DNS_REQUESTS 16 349#define NDPI_MIN_NUM_STUN_DETECTION 8 350 351#define NDPI_MAJOR @NDPI_MAJOR@ 352#define NDPI_MINOR @NDPI_MINOR@ 353#define NDPI_PATCH @NDPI_PATCH@ 354 355/* IMPORTANT: order according to its severity */ 356#define NDPI_CIPHER_SAFE 0 357#define NDPI_CIPHER_WEAK 1 358#define NDPI_CIPHER_INSECURE 2 359 360#define NDPI_OPTIMAL_HLL_NUM_BUCKETS 16 361 362#define NDPI_MAX_NUM_TLS_APPL_BLOCKS 8 363 364#ifdef __APPLE__ 365 366#include <libkern/OSByteOrder.h> 367 368#define htobe16(x) OSSwapHostToBigInt16(x) 369#define htole16(x) OSSwapHostToLittleInt16(x) 370#define be16toh(x) OSSwapBigToHostInt16(x) 371#define le16toh(x) OSSwapLittleToHostInt16(x) 372 373#define htobe32(x) OSSwapHostToBigInt32(x) 374#define htole32(x) OSSwapHostToLittleInt32(x) 375#define be32toh(x) OSSwapBigToHostInt32(x) 376#define le32toh(x) OSSwapLittleToHostInt32(x) 377 378#define htobe64(x) OSSwapHostToBigInt64(x) 379#define htole64(x) OSSwapHostToLittleInt64(x) 380#define be64toh(x) OSSwapBigToHostInt64(x) 381#define le64toh(x) OSSwapLittleToHostInt64(x) 382 383#endif /* __APPLE__ */ 384 385#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ 386