1 /*
2  * qq.c
3  *
4  * Copyright (C) 2011-21 - ntop.org
5  *
6  * This file is part of nDPI, an open source deep packet inspection
7  * library based on the OpenDPI and PACE technology by ipoque GmbH
8  *
9  * nDPI is free software: you can redistribute it and/or modify
10  * it under the terms of the GNU Lesser General Public License as published by
11  * the Free Software Foundation, either version 3 of the License, or
12  * (at your option) any later version.
13  *
14  * nDPI is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU Lesser General Public License for more details.
18  *
19  * You should have received a copy of the GNU Lesser General Public License
20  * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
21  *
22  */
23 
24 #include "ndpi_protocol_ids.h"
25 
26 /* CPHA - CheckPoint High Availability Protocol */
27 
28 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CPHA
29 
30 #include "ndpi_api.h"
31 
32 
ndpi_search_cpha(struct ndpi_detection_module_struct * ndpi_struct,struct ndpi_flow_struct * flow)33 void ndpi_search_cpha(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
34   struct ndpi_packet_struct *packet = &flow->packet;
35   const u_int16_t cpha_port = htons(8116);
36 
37   NDPI_LOG_DBG(ndpi_struct, "search CPHA\n");
38 
39   if((packet->payload_packet_len > 20)
40      && (packet->payload[0] == 0x1a)
41      && (packet->payload[1] == 0x90)
42      && packet->udp
43      && packet->iph
44      && (packet->udp->source == cpha_port)
45      && (packet->udp->dest   == cpha_port)
46      && packet->iph->saddr   == 0 /* 0.0.0.0 */
47      ) {
48     ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CPHA, NDPI_PROTOCOL_UNKNOWN);
49   } else
50     NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
51 }
52 
53 
init_cpha_dissector(struct ndpi_detection_module_struct * ndpi_struct,u_int32_t * id,NDPI_PROTOCOL_BITMASK * detection_bitmask)54 void init_cpha_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id,
55 			 NDPI_PROTOCOL_BITMASK *detection_bitmask) {
56   ndpi_set_bitmask_protocol_detection("CPHA", ndpi_struct, detection_bitmask, *id,
57 				      NDPI_PROTOCOL_CPHA,
58 				      ndpi_search_cpha,
59 				      NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD,
60 				      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
61 				      ADD_TO_DETECTION_BITMASK);
62 
63   *id += 1;
64 }
65