1 /*
2  * hpvirtgrp.c
3  *
4  * Copyright (C) 2012-21 - ntop.org
5  *
6  * This module is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU Lesser General Public License as published by
8  * the Free Software Foundation, either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This module is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public License.
17  * If not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #include "ndpi_protocol_ids.h"
22 
23 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HPVIRTGRP
24 
25 #include "ndpi_api.h"
26 
27 
ndpi_int_hpvirtgrp_add_connection(struct ndpi_detection_module_struct * ndpi_struct,struct ndpi_flow_struct * flow)28 static void ndpi_int_hpvirtgrp_add_connection(
29                 struct ndpi_detection_module_struct *ndpi_struct,
30                 struct ndpi_flow_struct *flow)
31 {
32   ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HPVIRTGRP, NDPI_PROTOCOL_UNKNOWN);
33 }
34 
ndpi_search_hpvirtgrp(struct ndpi_detection_module_struct * ndpi_struct,struct ndpi_flow_struct * flow)35 static void ndpi_search_hpvirtgrp(struct ndpi_detection_module_struct *ndpi_struct,
36                                   struct ndpi_flow_struct *flow)
37 {
38   struct ndpi_packet_struct * packet = &flow->packet;
39 
40   NDPI_LOG_DBG(ndpi_struct, "search hpvirtgrp\n");
41 
42   if (packet->tcp != NULL)
43   {
44     if (flow->packet_counter == 1 && packet->payload_packet_len >= 4 &&
45         packet->payload_packet_len == ntohs(*(u_int16_t*)&packet->payload[1]) &&
46         packet->payload[0] == 0x16 && packet->payload[3] == 0x00)
47     {
48       ndpi_int_hpvirtgrp_add_connection(ndpi_struct, flow);
49       return;
50     }
51   }
52 
53   NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
54 }
55 
56 
57 /* ***************************************************************** */
58 
init_hpvirtgrp_dissector(struct ndpi_detection_module_struct * ndpi_struct,u_int32_t * id,NDPI_PROTOCOL_BITMASK * detection_bitmask)59 void init_hpvirtgrp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id,
60                               NDPI_PROTOCOL_BITMASK *detection_bitmask)
61 {
62   ndpi_set_bitmask_protocol_detection("HP Virtual Machine Group Management",
63                                       ndpi_struct, detection_bitmask, *id,
64                                       NDPI_PROTOCOL_HPVIRTGRP,
65                                       ndpi_search_hpvirtgrp,
66                                       NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD,
67                                       SAVE_DETECTION_BITMASK_AS_UNKNOWN,
68                                       ADD_TO_DETECTION_BITMASK);
69 
70   *id += 1;
71 }
72