From 6b6da26cfe129c2c576085cd5568721977990be7 Mon Sep 17 00:00:00 2001 From: 0xA50C1A1 Date: Tue, 23 Jan 2024 01:34:56 +0300 Subject: [PATCH 1/2] Improve MySQL detection --- src/lib/protocols/mysql.c | 64 +++++++-------------- tests/cfgs/default/pcap/mysql-8.pcap | Bin 7656 -> 0 bytes tests/cfgs/default/pcap/mysql.pcapng | Bin 0 -> 8544 bytes tests/cfgs/default/result/mysql-8.pcap.out | 29 ---------- tests/cfgs/default/result/mysql.pcapng.out | 29 ++++++++++ 5 files changed, 50 insertions(+), 72 deletions(-) delete mode 100644 tests/cfgs/default/pcap/mysql-8.pcap create mode 100644 tests/cfgs/default/pcap/mysql.pcapng delete mode 100644 tests/cfgs/default/result/mysql-8.pcap.out create mode 100644 tests/cfgs/default/result/mysql.pcapng.out diff --git a/src/lib/protocols/mysql.c b/src/lib/protocols/mysql.c index c3e04ef8bb0..bfeec84cbac 100644 --- a/src/lib/protocols/mysql.c +++ b/src/lib/protocols/mysql.c @@ -2,7 +2,8 @@ * mysql.c * * Copyright (C) 2009-11 - ipoque GmbH - * Copyright (C) 2011-22 - ntop.org + * Copyright (C) 2011-24 - ntop.org + * Copyright (C) 2023 - V.G * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -30,50 +31,27 @@ #include "ndpi_api.h" #include "ndpi_private.h" -static void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &ndpi_struct->packet; +static void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct const * const packet = &ndpi_struct->packet; - NDPI_LOG_DBG(ndpi_struct, "search MySQL\n"); - - if(packet->tcp) { - if(packet->payload_packet_len > 38) { //min length - u_int32_t length = (packet->payload[2] << 16) + (packet->payload[1] << 8) + packet->payload[0]; + if(packet->payload_packet_len > 70 && packet->payload_packet_len < 120) { + u_int32_t length = (packet->payload[2] << 16) + (packet->payload[1] << 8) + packet->payload[0]; - if(length == (u_int32_t)packet->payload_packet_len - 4 //first 3 bytes are length - && get_u_int8_t(packet->payload, 2) == 0x00 //3rd byte of packet length - && get_u_int8_t(packet->payload, 3) == 0x00 //packet sequence number is 0 for startup packet - && get_u_int8_t(packet->payload, 5) > 0x30 //server version > 0 - && get_u_int8_t(packet->payload, 5) < 0x39 //server version < 9 - && get_u_int8_t(packet->payload, 6) == 0x2e //dot - ) { -#if 0 - /* Old code */ - u_int32_t a; - - for(a = 7; a + 31 < packet->payload_packet_len; a++) { - if(packet->payload[a] == 0x00) { - if(get_u_int8_t(packet->payload, a + 13) == 0x00 // filler byte - && get_u_int64_t(packet->payload, a + 19) == 0x0ULL // 13 more - && get_u_int32_t(packet->payload, a + 27) == 0x0 // filler bytes - && get_u_int8_t(packet->payload, a + 31) == 0x0) { - NDPI_LOG_INFO(ndpi_struct, "found MySQL\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MYSQL, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); - return; - } - - break; - } - } -#else - if(strncmp((const char*)&packet->payload[packet->payload_packet_len-22], - "mysql_", 6) == 0 || - strncmp((const char*)&packet->payload[packet->payload_packet_len-22], - "caching_", 8) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found MySQL\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MYSQL, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); - return; - } -#endif + if ((u_int32_t)(packet->payload_packet_len-4) == length && + packet->payload[4] == 0x0A && ((memcmp(&packet->payload[5], "5.5.5-", 6) == 0) || + (packet->payload[5] > 0x33 && packet->payload[5] < 0x39))) + { + if ((memcmp(&packet->payload[packet->payload_packet_len-10], "_password", 9) == 0) || + (memcmp(&packet->payload[packet->payload_packet_len-10], "_kerberos", 9) == 0) || + (memcmp(&packet->payload[packet->payload_packet_len-9], "_windows", 8) == 0) || + (memcmp(&packet->payload[packet->payload_packet_len-8], "_simple", 7) == 0) || + (memcmp(&packet->payload[packet->payload_packet_len-8], "_gssapi", 7) == 0) || + (memcmp(&packet->payload[packet->payload_packet_len-5], "_pam", 4) == 0)) + { + NDPI_LOG_INFO(ndpi_struct, "found MySQL\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MYSQL, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + return; } } } diff --git a/tests/cfgs/default/pcap/mysql-8.pcap b/tests/cfgs/default/pcap/mysql-8.pcap deleted file mode 100644 index d20e621eb487942cdb15cfaaa740eaa825162745..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7656 zcmai&2{=^W|Htnb%a{$-$lr>%I1^m{h2*t*?iVue7ANq^!84i2wS}?H&BQeXzD}4nm+C z5ZouYKRbW#AwXR}*4cE81R{eRJiKLOz%@$n3reu3`lIiP|MeYw4Z*)B2h9yW0UNm` z60((#>o^FG;l@MQGzl9D(t;pm%yuL;?uRAZCRqY_QfSYs57c1gSx)!kMAr6aBv#zqJ^F zyPz@Ra^kYGVv-{E4z?IyDM$cZl(KU15ytW8LaPfX5@>rk1Gx5kQ`@6*g4;?#{-A-} zamYQ;+sn<`1MB1B=U{yj>+S9Di6dA7_jx@FxVC%@4Vg+4OM}*Php2=?_MQWuNAsfA zvY4-d{kb}W&);bPnp>uoBKa|0sI-yAEle9He0^&caQ^G8p7Dy!EI?T! zZse{;o>&5NU>?$(4-OLo4N zplgXpmjd8ff!yZ{!El0ehZ!(yBlm_)j7N^$!P(#(ZfmY>(vyr*gc&iMM0%`XJ>krV zmDJ)jMgqkIEzB_oHvzdzipxlgNv_QilHzN#gfv7AzQo{kXesUZ>EStw1X_K+DSuu! zl%5TZy{P#iStG~}Yv=6Z;baXaCFw2s!+nSI-|W*Bk(a^$@aYl3r^UbcR7>R3K3Kkdcs+Kq3$sDUuY4gv1~c1OmVXAU<$o zt_1ya)T!7*A!7+9rZolzDMcxXV^4WgsuVP}O-gxIyrCG-A>yoA7C-$fYb8R~!GC7W z9uBhp$q0r7JpMrjJK!ufvi^$N$lCAyLhy5N4maZQkE%r}!;CO^?%X_|fqDWAX2j2X zU^@QIpobZZKzR@e1o-5QuVxk?_SBuJLa`Tu53 z5AGul3?)I50v`!3TI(mXI=w*+7#4R6wwxC{%~53(`X!2GTWb|%Y@!^k!%l!lAeg`> z(>LAGnH#$+R^x>7wWoE3Qc7oO_L$k|z~8C(u{=mPTGwJhm9V$ZE!4Y@F58-x^Rr}g%;cqMntNQ~ zb>e4PGaGWt_2iwej3%0Ra+DW)MnRd>Z(P+>oC@q%ELL`EeHuyi8O@i#A|KuTzO)c8 z(o}*WX<@W->TVory**yb(;}ypoR)Zw5nY?0rq?)i=R{%IcKc&0TFsVea!=S5jAzmc(>zxQ8XhWWUq%0!6pZhCzJ?Y;$3Ef&a?zHj9Q^d!%_-%WkJM zXpFx|W#MNz=5k+4RmOwMGTNqAc(hbnSyY9WVHLMK6%%srYyV-on32Nsp+D>bEA~Y- zomojCahb&X|I$vPA`K3>l=Zw3`{+_j+)xTCBHiDt@ueGL+6~GmDGzp0rj=9jUzOpg znD_GIdZlz+b5=E@&0%g)S+D^^T_w2a{`_cR!>x>2r7pI#q$|S1bZ2McT(2A-Z9dF4 zR&~6$M)vZf3DmE8IL$Y?Nz4mMlqjwjVCU5xw}3aH52&w?a8y<^`n%W3~4$2&I@C4 zY&LIa`MXxwHQC6I1d^7y8b%h7jL@Jt&lJ+NN)|`rI|8}=e3zE@b+&YuA3b;^SKA}) zfc%}GzQT^KF+1z`ArhuTCwlMSX*}a;Wg(2bHqhMhO_j8*NGZ&=f-HMiL-rCMLv9bQ z^WmM!palz!OupTh&XQ1sGEKSre7#bbSTl6_a!Y^yP0wOXfW@_rrK$2+LrRgZ`_|}E z=^fnW$wK2(y);dOJ!11J$LM+^Cf#1hd@r6pX3>OmmoZ{;TZXo zJMD9SulN3&I&<^+O$LZbe$$Lq+^cVD27xyW-#RRz!!Pl8VjP3?AMzQ_4JH@{Mn(ID zwq?E8JI8K{TWNf(C2v{a|FSPfQQ#GHQ=nA)I{s-NxBo>&9tpFf3pYB9^Y6+HrhO1n z^)f_zq&jOkaRE_GE zqr)|Y5kcY)mg?iRw7L(tj`dinxsmty*vDiIAH00XUZN4+-%vd60c5y5%n_!}!@>RGuav&)8KlK|s#MfmQ)<}J z8IjZ9$T$)9A+cFeGyaYO-K`J_;bHj;6s5<*5ylo@s6J?LMFjj{junl29;Jw?$=_@B z@@Y0x=e<{@MrO*6+M#57-VLCS1eggdSaX%<(6tSi{%kV7e zKlZ&yFQ@0>V30A%n$4Y2jw0;c08OS0I0On}zgV zes@=!+U@g}Q-u|AY!=h`zMiz2PY(O2dOmYH9`u=0V9t)4mTVW#zJs@dW1VH5Ydm_^ zca~{vq))VkMOzvoc)={JZQ%w(S$v|v6R&Jk5D)hT?|di z%%WNhv>QSw#ySrMs>I1vxT+KC!-A8+d1Z!MMe&{O_J6=Y57G)TF`i^X7Ixf@AFtxtXCBcK5X@kf9|E@yMnXE zi=)f02(1#4&fw?U*r<~ZvMBCrGVFJFqmhF*`TXKFsa`5Zv(r0ctrebNpT$n3r$3ToTrF9S^jJ(+ z0}l@bi-#N^1??-SSpQ7O=N{|+Z}#5$&Avsg>`@-YE~7memx}|!kHnd9PER+nsZrOq zwuai|)qLvH&OLn5Q7O+mfb>ci>xH3?6#6dXni%iU#I_S^_td}EASmX~hv@}fmmUr{ z)TSf0Tdbx+tg`Ti(RPbN+~@T9B)H_B+~c*+^N&jYSTFeSSR`Jh<5;MA1)Xl-1IP0B zju)8vibAZAX3R55#*~xwJ zOJlpTS0C0zz8{_~h|d~n|Dy7J^-a6E72l)RIXN8kN)CJ`?iZSL-!o9-Ec3Z2=k&|% z?pBVc*@&i3b#lgG!=JQTy z@;2uUnrW!s#6NG3w#<9iPWvhy(ftmetK$a7}vcMKyOl#dw*# zO$>t9IK=Czm4U_0>#42(6J_V?;I+=xxvlG3_Hak%_WfWzHNENolonW1(QmA$I>6Ei zUMj=?MO8jggxm$ka3fwjLpk$L2#m9TWiTV=3bWVNQ(!H%A7*SUXjs(lBrv8ubRRh! zWsX~I?KKs1a&P53)bz2NVA@yGfU7HcQ+-RlU8-ODyh%cJN}Ls(n8TL)g|D}lzcpqT z3eAx{h~{>)q>4?hp1nl*^881N57DC`bD`Ywr>cijvVP`lhjqZ782~ZsdPoK+L&U%d z+=%rcIOppLdQe1qCJCMaJw+T_^}u}{WwL7YD7U$llPs`5ru2^0{k>xrV<)vag(0#Z z3Q?>cq#c-!qMz)#0qkRdd)RkyH06yGE4?fwoQ|kBP%m|tLiD4$@x*9zq&9e zTJ*uC42u}|>4+j^0{`|?D~?Z|@VvH6$~B<-`67H&_;l{Cva>kvssr|D#Z^TIG~svkVw*-3gHP)El3mXHc@Rp|9_c+Tf6Lx?CQNofBhT%#lku|)P4mBf zB(A|rlT;yKVNQ6LL%iOGWKk-xpD}@3*W2y;!FqcVUei-+ulWgTV<%iA8#TE3|L_4M z^}iUZ1V+H0432)lSf;Z4pA1j~a2ddL&TPChL>-*KjaUal2BiiwqW{idMlAQG{>NZ| zb-;D;BaZ9d8_E3a7^;D29>WGkiI=nV>6g=7aS~mh!W?WBVw@_C)vG2V>J1NG5>Y(u zZe!`klo`2A$WPdk53x&~GM1_?~cdl#}x5@L}Bayqx6c~Un<$}O!l;lQVAD*dMlWDFSY5Qo@sEH?6;7e~19 z^Uah)UD2=WSR4&6&h3nyE)u)I81K+|O~;4t%QcX<4{`#PdexAj{@4P5kU?fcr`Oj+3L` z(YaF-jOn>e&n|5+cYwEU@O%L?5UNnjZMl>x?Be8qnZMp!qjnN1)=(a^T}hrsZp)@}RuW!TgAs*T%!#Z&cfOK}CS zq1JR}f&F?Pj64KG!oWG){_x#v{wcwC@P2=@@0=7M+aiMRAgYi3lbMip-8o}QDj=aGiOXuscy!TchqD1ANoQT z#!wdM0&xzD55@kKgBHOf9Fa#wAP2bimMLSmc%-wD10Jx}Jy4R74T0Hk`y+=W)P4ek z{;v#>1M`9Z7)&4s!fPH=>DxK`JS~cyZhmd~_~rfCMugrB#n@uHruT(N=G>GS3^Z=0 zINKKfq_8M1%!0f*d4?YUMY;TlA%j^z&Aso57SY;qyC%_my|iu4nlWwGKiMZNcc-?R zQ`zA`7l}PG6SyC?>A6lkKA#aXoFd9l)6uz$l4yK-gABoYNBiH5aIl9x@&(TW!6g%Z z@NkCU_D7xQ&o>bmMDL(E*BJ2l)LZlD7N%bhX25mA2+fE!6phrHpY_xhHcSxIE~%H4 zrhfr$9}e1PjW9p!lPUi{G&U3X6GR%V2^#4(&p~Va4UMqYb&ZK{EH*QU$GkS74o+^Z zgDy%?Yu0eBeJ5S7gT-C2&c8DfhHU@E&>=89|H7~drvnVo)wOq?i){a!fl#*F%pk6Z Y7J^q_iM+A_UZJ}DWo;3ns6Vk zNw!2K6%|?Db4JMMeg3DS z1NdYmWF@2s;sLTmKN;}=Yd4a+trUV#A+(5zlb4;hqqUa{_&eBOKd_HIzhB{}&xttn3M zJ?iV`<4cf`mX;t8C8Q8O@Y$UX1}glbhPuf74{mu#wU3jZou!Ahx3|B$mn~Tb)bpojJb(35ZlfSX8U1MDN&(YZPuCBcl? z9;LGMaI&S5laZ5`l3u^`89zHOZzp#*Y8eR`2_mhfhpV-Zy}K8QCO}@+QkKZz;pOh& zWlbV?MNK9%SbE!efxohJbocgQl2VYCkdl>`ke8Q`CP+cgDD$&5VC!;z*3=tuwh($p z&qh&ik)YlN!#AMjwzw^Nw^VN{HSO`+HJG1woZA%i!99#M47J&dWCrbD8Jws&yvb?? zSO`GI$N^p;2WpA~0UP9b$tWl|fNL0(^?;alt3jT)F-1KLf_Zu}9Mpph80PPJItz8d z8o+qlx!T$I@Tsf+PKc$AJBb96$mi-ra`NGmBJ<%mZi9dgj>ADlNg)+n!&sv`e)bX^ z2VE_N?vs8h1T2`#b6sbab-w}Y(k!`5QD6~4V{Gm0L6^*HMgx{?enb$wHHRQu5ri5H zd>%T*2v&FoBl3LbBTskm4mJ55@^~q0g5Y>d39fN4*7!&4Rww%xwAw!c7Wg-?dd^M> z0sr2t)Py7G4>srxYY3rkC%A^OhM~}{L1y^;l>u`kzLcZ6PRIa-4fZV9KcyDA5<=a7 zXwf8d0w_3)WG&2puGx#66)k_RaaYo1mKkgEOq{(88T2d^c^&|HW(sFU&9N#j<$1oy zY4=>`-x(c4D~vUM5xcd>I{YbgFaaH4o>J3Gv8N=9s&EZ+_;l+Jh5|rBSecL?OmIeNP^EwgKK8+_!V1S6J`4slGzqYSvPIpe_sj&jxE??TWUY7y_h{H4qa@wV@HDuFu|`j1y$EDz@21cr4E4Z$JHdOA@t&KS z%z+u8lb0Y!$jE|I7=lRo_&NkwZZ?L;KCmzM{oa?sJBWvXDv`8aHbhFmIRvq>wsCZF zbFc)bJ?WKw8IJSMc>%|(b=S`DKRhWSd&2b>Py8u75rt!3@gxq82{g!1p|UrG3l)qt z^<;{_3K{Pw|H^=KeD|{NWCkC&jVWE=0-d22z>mK-$fwj=m}I}Kbxm%F^`hk5q*3I? zf57GlKiK2uTjf{fMs!7M0bF)KgId41s~AOtdl-~jQGWPh$QXICTI&&hP-FgZ&mlT3 zYgK@LvSUyv6%>L}z+etDABxa*(QPrqiLxFJ@O-Que?+jfaOP>Oz{uIBA8DERIQGx? zNHqt~lOA4}PHD`-mGt`4=WsSpXDf)k+7uj3LUdWttQb~QooJm{on+nSx~+ADI>EYa z$ay3WY?10nKH`EnBNyse>uBpX*3lu-hzuf+C?MOBXhZ|aLb4HML1TTW2vyzSQ;u6HHrpI zQw$1&rb1JrY0!u$LQRFC!e9__1dT!g@J{fIz=3E`nOSrnM*C3_tsPCc^>Q9Q+stFF zJ0AO5G>`VjKE*E#_RZhRkOKpz|E7)fplj4h!kWgbW%a%_HI|vWdGYRKI0$n?SqEp# zRE?Hu{x5YPMy`X@wRK=&1L|P5rDwSgxWHPVuu=yM@L>rwSO-}wMn)g82m*tWfqhdi z4jD=x|H|M*%_?;)Gq@px9XOMT1}6v%#_(2n-nl*tHii%Ob3U2!$#fo?oLtPM&u#D- zq4I?nP5x&cu!4T}0mIQ4D&X^?%dRaJ0*B;6#J=jMUFIKrh0=8xVP!)zGlC@c z^*41{y=m{(v9c5yO8o}kQ>7io?DO-~wY#h}c0M;Qt|fT>*(<3-oxJrrg({=AW>r=( zbP6Y0Z#TA~yo6t0H4{%uaQ~tA&f*+*@7L(dexM5)`6K%GU0Qo-CKIm@N1yFAiPEhR zOMP9Kt0@utc!Q(H)@oDZ>^#dj#n1H3uKot=4hu{sBShXK-%aGq#hv}>F6gToU3nd5 zTyGKZMM>eM zFB_MAd?RTA*W1VFf9?f#m!bI6vZ1~8eH~oc@fQ+zZqLkVC_H{Hr1zeAz=Ld|?>vF0 z+`<#T>VF{yG;EaqAg(I8oAG+e{cXH5J9WM%|9Vgwm{VB55_PzGn9I208LJIGoTV=9 zQNA9lq(s^4&~KfDtv7fj@$AQaQ1|Cnt0x!gu`?GScy-1i|w2(>ZrdCk36&F&Eibd zxcPRCs>ob6IccGtnmDxi1I5oZoZkk5&@Mky=NdQH?r@A8Qw|@po3TuxDmWlk5$m&H zn=dArjE;FUv5U#pH|eWDM$gz|22GY zXkV>AUBz7H&v@o?ruthov)UTXT$!8I+F`>@+HczW(YY}^$()y62%G?!u zkIL_HU|#LByC~H<+EIOP_tW3(LI0$R_Tqc^Q04w@vo?^Ph@qq z9_kHIRULq_%fJ@D>|k~;m*6#h78 ztfpiAPOrBjKFZ&)f#G+9hT~@E8eJcQT@6HVN{O6KHCD;4fe6iMnkIH9n{oLnk^j$U^_0K$8!VBGC zsvYZWMH(i&uE~Wfrx6UQhr++__;DxkoO!#R@8*W`@7%_PI=id392!>B|L|qD5nDa) zeC(v|`f8iAeN$>_ecGR&b6NHb@*28e&Tuma+kOlztBmJW>&l>qUf42|bDATNm+sce2)Jj0@iCkW>!Og8W61ygfuF z`7S9%`&ajs_p`7vrfdxCWZJ^?>Jcr?z*tW#ONiV(zi9^=+|k~HQ(57MMW<^+ST@Hq z?C)*ts|-u!J~F&}?3U`BU^)wnS##}ah7rS7^n_}&>Pz~}e;=}+79LEN-ym=g(`^&d z-{|fU_FcEN!}~m5w;>~7&hy2`n)n*ULsudL67EdrO%&NLHj#auWfp+zzyrPGdGIZx+MEb76#ocR&8M7=l3(Ttp)*=MDA_7AYk@Bcc^ zQYc|uYnjiTaXm^sX6k%f4eQkWmePswe|FfM;a7dgcsVjsp#FmD9nRa@Y%&v3wO9QM zVmZL(f#R}vdOUf4G-|%4yNtM{t%wyffZWd~6e(KxyN?PQO_Y0kZYretQ5M{PcPG1` zzV&um#t?6Y{rBlh?cPQ6{WKfqT7S^>T>8~AwJx9Wm{S?w-P&sP0@dSW8&l1?BJ#wj zQ6!ZSUcz(MC(7vkZ%6ZYzrKIiOI0Ajkue3gP3A>>mu|V0YbIywmuul4&YPah8WTHW zgmHW}YMW5elWlL(fiZ|4<^S9f5$f)l~;M|Q&%d9+iDS%$@E4Q{deyxUsycd(M}zLj zr_h3cGdOl$O zuaWf#Qt0U*dj|9n!3q5Lvnp8+9P0;EFWWz|LB)sn4B~RP35<*1GgJ9&Ry2)cp0DgQ zXT)%v`&5H+)2lA$6dm06V13Gw0nt>#_&;<_tzlg{DT$-*&Iz4~Q`^}+Ll}-1ojLue zLBCJ>CKvO#x5<^3qW%&NLV-Y2Ub4%<<_7CyB~Rz92Kju%u9rIW<{#Oc)O{x+JHjCN zP{OR-Woah8qzV7T?Lj8kxr@^aqFJJH2h!7CT4}eg7qm4oHO)#2tto$(!zSRp`*_Vr zIICm*Sc%S_8-$a(l?*KmX&6~gA+&|a*LQt>vCRF?Pv9jPWZmvv4(1M%<>?#0{MuMg zt>em~m*hJ9!&5E~8zT*H4}#=#fH$w_vk8qoY1VdPz!$WMB?OU9AjpKlU)hV$Bj3QYQ=3n>D$^^X7mXC6ps@in+)f3vq@pH>)8V>IeBiIBwT7ZMnpQ;-^%^Z2-Bj%(wdEHm?{ zm+h%o-j+)4(Z?5aovg2w2gG(~w;y0Vo6#S`KNe|zF+r$W+Oj8ckJ#h5RQxzg8mLoS z;3K8S@eBXyF@fxH%4&~|`IbE1BC-73v*PjnK4V2Ib4M8(O;M=wdxaqO}>lbJVr zL-JwErSAQ?Z!5Ov58#9=nJwL^uMB2ftD35e5M>*h-%H(6f~qeVpDY^=mD;|A&H&F7 zTB>VglhkyOg)qg4^K9se)(`jXeYYUerE*Gu^`-iauOTYmuEh|kUw%&R?c{rPps$yt zDSC%j^GX)|lmX|g*-S_TO&jm0C+3&cL+nRUO^J2uk2OaL=Y{RX2|txPo_|v9SI2AR zUEgo^pLysY?CA0dkB+K&eLAjdBFq28X$=GahNgSMt`-MVN^mMg$9nI&zbKnvyng$j zh;!-l_)p?RuOAkU9@1h|j63tQH~zZEpB}@70W`Qahzr{O*Lqq8J*NDA&hmcloXIAN z^;8+Gr#vg`X*ij%$gm2uHL?KrFev8=Vo)yy8QOlU^JubZDUa8||JK3v2ll@-S2#8Y z1emFv9pXDl(%%uV$*RqH#7w9)uM|Nb7uFGcg$-)dtytkxu78LDz8v!3e_y@+ku@rT z?@^{@w3gRDvPL*pIX*?CS2;cpI$P}+`S=`;$ClmPQ}xmeDCBU!g#2g_ut9!NafFc# zxQ4Mtzfrw3S-%H`ekGv47p@g4=a%*3fPQ7j=k?s(SG<2ab80+l?30;J-j1^+EHjFR z9?4Y)3p>bcIEEY$u)#4{iANfRfom9RJn+O{CwtII;XyCR^I@_Fw#y!-%vSPI7 zOOKJq1;+=zmL@kiJ_Y`0qY7{bV~s}_>t)Cu;VC>iJYZwR4L!nLTIG=n93RPd6Wdd& zbeoab2UW@rH>H)CTD2}zB}#^crZsm5s~VVE;=?)kMsE$Rw?xytGVP9f7s(!cWM@Iu z&nKP^alW_?7q83sfnyB~2MVb87P!i*_T0#Ek(27iR>th08*q#YQ@q%AEi)=PidkB{ zs19m@nt)N{1~o~QvzRV@H?+ocBK`){G`eB6=T_Xn^QRPZ%L#h^_qoO2X#DO7Ai`L~ z*oUtm=au67(BBML+hBN$dpoImDX;9}n@bfwOE*2P1_JS)ikBb*@M?@41;W7a9KtA)QJF literal 0 HcmV?d00001 diff --git a/tests/cfgs/default/result/mysql-8.pcap.out b/tests/cfgs/default/result/mysql-8.pcap.out deleted file mode 100644 index 0d47e05f131..00000000000 --- a/tests/cfgs/default/result/mysql-8.pcap.out +++ /dev/null @@ -1,29 +0,0 @@ -DPI Packets (TCP): 8 (4.00 pkts/flow) -Confidence DPI : 2 (flows) -Num dissector calls: 2 (1.00 diss/flow) -LRU cache ookla: 0/0/0 (insert/search/found) -LRU cache bittorrent: 0/0/0 (insert/search/found) -LRU cache zoom: 0/0/0 (insert/search/found) -LRU cache stun: 0/0/0 (insert/search/found) -LRU cache tls_cert: 0/0/0 (insert/search/found) -LRU cache mining: 0/0/0 (insert/search/found) -LRU cache msteams: 0/0/0 (insert/search/found) -LRU cache stun_zoom: 0/0/0 (insert/search/found) -Automa host: 0/0 (search/found) -Automa domain: 0/0 (search/found) -Automa tls cert: 0/0 (search/found) -Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) -Patricia risk mask: 0/0 (search/found) -Patricia risk mask IPv6: 0/0 (search/found) -Patricia risk: 0/0 (search/found) -Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 4/0 (search/found) -Patricia protocols IPv6: 0/0 (search/found) - -MySQL 35 6224 2 - -Acceptable 35 6224 2 - - 1 TCP 192.168.20.80:47044 <-> 192.168.20.108:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][15 pkts/1806 bytes <-> 16 pkts/4051 bytes][Goodput ratio: 45/74][2.86 sec][bytes ratio: -0.383 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 260/238 2778/2821 797/779][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 120/253 359/2251 88/522][PLAIN TEXT (8.0.32)][Plen Bins: 7,28,21,7,0,0,0,21,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7] - 2 TCP 192.168.1.105:8738 <-> 10.42.18.198:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][2 pkts/140 bytes <-> 2 pkts/227 bytes][Goodput ratio: 0/38][0.00 sec][PLAIN TEXT (DDDDDD)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/mysql.pcapng.out b/tests/cfgs/default/result/mysql.pcapng.out new file mode 100644 index 00000000000..113f39ead73 --- /dev/null +++ b/tests/cfgs/default/result/mysql.pcapng.out @@ -0,0 +1,29 @@ +DPI Packets (TCP): 8 (4.00 pkts/flow) +Confidence DPI : 2 (flows) +Num dissector calls: 2 (1.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 0/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 4/0 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +MySQL 41 7009 2 + +Acceptable 41 7009 2 + + 1 TCP 192.168.88.231:36272 <-> 192.168.88.200:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][15 pkts/1822 bytes <-> 11 pkts/3715 bytes][Goodput ratio: 45/80][2.47 sec][bytes ratio: -0.342 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 202/6 2386/24 659/9][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 121/338 388/2284 94/622][PLAIN TEXT (8.0.36)][Plen Bins: 21,21,7,14,0,0,0,21,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7] + 2 TCP 192.168.88.231:36732 <-> 192.168.88.201:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Database/11][9 pkts/862 bytes <-> 6 pkts/610 bytes][Goodput ratio: 30/34][2.27 sec][bytes ratio: 0.171 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 318/0 2222/1 777/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 96/102 284/176 67/44][PLAIN TEXT (10.6.12)][Plen Bins: 34,16,16,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] From 1f354770fbc466f2b725c2bdc52211f14ec568e5 Mon Sep 17 00:00:00 2001 From: Vladimir Gavrilov <105977161+0xA50C1A1@users.noreply.github.com> Date: Tue, 23 Jan 2024 01:41:45 +0300 Subject: [PATCH 2/2] Update copyright --- src/lib/protocols/mysql.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/protocols/mysql.c b/src/lib/protocols/mysql.c index bfeec84cbac..7560f6030ef 100644 --- a/src/lib/protocols/mysql.c +++ b/src/lib/protocols/mysql.c @@ -3,7 +3,7 @@ * * Copyright (C) 2009-11 - ipoque GmbH * Copyright (C) 2011-24 - ntop.org - * Copyright (C) 2023 - V.G + * Copyright (C) 2024 - V.G * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH