1 /*
2 * qq.c
3 *
4 * Copyright (C) 2011-21 - ntop.org
5 *
6 * This file is part of nDPI, an open source deep packet inspection
7 * library based on the OpenDPI and PACE technology by ipoque GmbH
8 *
9 * nDPI is free software: you can redistribute it and/or modify
10 * it under the terms of the GNU Lesser General Public License as published by
11 * the Free Software Foundation, either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * nDPI is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24 #include "ndpi_protocol_ids.h"
25
26 /* CPHA - CheckPoint High Availability Protocol */
27
28 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CPHA
29
30 #include "ndpi_api.h"
31
32
ndpi_search_cpha(struct ndpi_detection_module_struct * ndpi_struct,struct ndpi_flow_struct * flow)33 void ndpi_search_cpha(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
34 struct ndpi_packet_struct *packet = &flow->packet;
35 const u_int16_t cpha_port = htons(8116);
36
37 NDPI_LOG_DBG(ndpi_struct, "search CPHA\n");
38
39 if((packet->payload_packet_len > 20)
40 && (packet->payload[0] == 0x1a)
41 && (packet->payload[1] == 0x90)
42 && packet->udp
43 && packet->iph
44 && (packet->udp->source == cpha_port)
45 && (packet->udp->dest == cpha_port)
46 && packet->iph->saddr == 0 /* 0.0.0.0 */
47 ) {
48 ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CPHA, NDPI_PROTOCOL_UNKNOWN);
49 } else
50 NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
51 }
52
53
init_cpha_dissector(struct ndpi_detection_module_struct * ndpi_struct,u_int32_t * id,NDPI_PROTOCOL_BITMASK * detection_bitmask)54 void init_cpha_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id,
55 NDPI_PROTOCOL_BITMASK *detection_bitmask) {
56 ndpi_set_bitmask_protocol_detection("CPHA", ndpi_struct, detection_bitmask, *id,
57 NDPI_PROTOCOL_CPHA,
58 ndpi_search_cpha,
59 NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
60 SAVE_DETECTION_BITMASK_AS_UNKNOWN,
61 ADD_TO_DETECTION_BITMASK);
62
63 *id += 1;
64 }
65