1 /*
2 * usenet.c
3 *
4 * Copyright (C) 2009-11 - ipoque GmbH
5 * Copyright (C) 2011-21 - ntop.org
6 *
7 * This file is part of nDPI, an open source deep packet inspection
8 * library based on the OpenDPI and PACE technology by ipoque GmbH
9 *
10 * nDPI is free software: you can redistribute it and/or modify
11 * it under the terms of the GNU Lesser General Public License as published by
12 * the Free Software Foundation, either version 3 of the License, or
13 * (at your option) any later version.
14 *
15 * nDPI is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public License
21 * along with nDPI. If not, see <http://www.gnu.org/licenses/>.
22 *
23 */
24
25
26 #include "ndpi_protocol_ids.h"
27
28 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_USENET
29
30 #include "ndpi_api.h"
31
ndpi_int_usenet_add_connection(struct ndpi_detection_module_struct * ndpi_struct,struct ndpi_flow_struct * flow)32 static void ndpi_int_usenet_add_connection(struct ndpi_detection_module_struct
33 *ndpi_struct, struct ndpi_flow_struct *flow)
34 {
35 ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_USENET, NDPI_PROTOCOL_UNKNOWN);
36 }
37
38
39
ndpi_search_usenet_tcp(struct ndpi_detection_module_struct * ndpi_struct,struct ndpi_flow_struct * flow)40 void ndpi_search_usenet_tcp(struct ndpi_detection_module_struct
41 *ndpi_struct, struct ndpi_flow_struct *flow)
42 {
43 struct ndpi_packet_struct *packet = &flow->packet;
44
45 NDPI_LOG_DBG(ndpi_struct, "search usenet\n");
46
47 NDPI_LOG_DBG2(ndpi_struct, "STAGE IS %u\n", flow->l4.tcp.usenet_stage);
48
49 // check for the first server replay
50 /*
51 200 Service available, posting allowed
52 201 Service available, posting prohibited
53 */
54 if (flow->l4.tcp.usenet_stage == 0 && packet->payload_packet_len > 10
55 && ((memcmp(packet->payload, "200 ", 4) == 0)
56 || (memcmp(packet->payload, "201 ", 4) == 0))) {
57
58 NDPI_LOG_DBG2(ndpi_struct, "found 200 or 201\n");
59 flow->l4.tcp.usenet_stage = 1 + packet->packet_direction;
60
61 NDPI_LOG_DBG2(ndpi_struct, "maybe hit\n");
62 return;
63 }
64
65 /*
66 [C] AUTHINFO USER fred
67 [S] 381 Enter passphrase
68 [C] AUTHINFO PASS flintstone
69 [S] 281 Authentication accepted
70 */
71 // check for client username
72 if (flow->l4.tcp.usenet_stage == 2 - packet->packet_direction) {
73 if (packet->payload_packet_len > 20 && (memcmp(packet->payload, "AUTHINFO USER ", 14) == 0)) {
74 NDPI_LOG_DBG2(ndpi_struct, "username found\n");
75 flow->l4.tcp.usenet_stage = 3 + packet->packet_direction;
76
77 NDPI_LOG_INFO(ndpi_struct, "found usenet\n");
78 ndpi_int_usenet_add_connection(ndpi_struct, flow);
79 return;
80 } else if (packet->payload_packet_len == 13 && (memcmp(packet->payload, "MODE READER\r\n", 13) == 0)) {
81 NDPI_LOG_DBG2(ndpi_struct,
82 "no login necessary but we are a client.\n");
83
84 NDPI_LOG_INFO(ndpi_struct, "found usenet\n");
85 ndpi_int_usenet_add_connection(ndpi_struct, flow);
86 return;
87 }
88 }
89
90 NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
91 }
92
93
init_usenet_dissector(struct ndpi_detection_module_struct * ndpi_struct,u_int32_t * id,NDPI_PROTOCOL_BITMASK * detection_bitmask)94 void init_usenet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask)
95 {
96 ndpi_set_bitmask_protocol_detection("Usenet", ndpi_struct, detection_bitmask, *id,
97 NDPI_PROTOCOL_USENET,
98 ndpi_search_usenet_tcp,
99 NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
100 SAVE_DETECTION_BITMASK_AS_UNKNOWN,
101 ADD_TO_DETECTION_BITMASK);
102
103 *id += 1;
104 }
105