Merge branch 'github.dev' into flow_info-4

example/ndpiReader.c

@@ -127,7 +127,6 @@ static struct ndpi_detection_module_struct *ndpi_info_mod = NULL;
 extern u_int8_t enable_doh_dot_detection;
 extern u_int32_t max_num_packets_per_flow, max_packet_payload_dissection, max_num_reported_top_payloads;
 extern u_int16_t min_pattern_len, max_pattern_len;
-extern void ndpi_self_check_host_match(); /* Self check function */
 u_int8_t dump_internal_stats;
 
 struct ndpi_bin malloc_bins;
@@ -819,7 +818,7 @@ static void parseOptions(int argc, char **argv) {
   for(i = 0; i < NDPI_MAX_SUPPORTED_PROTOCOLS; i++)
     aggressiveness[i] = -1; /* Use the default value */
 
-  while((opt = getopt_long(argc, argv, "a:Ab:B:e:Ec:C:dDf:g:i:Ij:k:K:S:hHp:pP:l:r:s:tu:v:V:n:rp:x:w:zZ:q0123:456:7:89:m:MT:U:",
+  while((opt = getopt_long(argc, argv, "a:Ab:B:e:Ec:C:dDFf:g:i:Ij:k:K:S:hHp:pP:l:r:s:tu:v:V:n:rp:x:w:zZ:q0123:456:7:89:m:MT:U:",
                            longopts, &option_idx)) != EOF) {
 #ifdef DEBUG_TRACE
     if(trace) fprintf(trace, " #### Handling option -%c [%s] #### \n", opt, optarg ? optarg : "");
@@ -828,7 +827,7 @@ static void parseOptions(int argc, char **argv) {
     switch (opt) {
     case 'a':
       ndpi_generate_options(atoi(optarg));
-      break;
+      exit(0);
 
     case 'A':
       dump_internal_stats = 1;
@@ -5217,7 +5216,7 @@ int main(int argc, char **argv) {
     bitmapUnitTest();
     automataUnitTest();
     analyzeUnitTest();
-    ndpi_self_check_host_match();
+    ndpi_self_check_host_match(stderr);
     analysisUnitTest();
     compressedBitmapUnitTest();
 #endif

example/reader_util.c

@@ -991,7 +991,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow
 	*src_to_dst_direction = 1;
     }
     if(enable_flow_stats) {
-      if(src_to_dst_direction) {
+      if(*src_to_dst_direction) {
         if(rflow->entropy->src2dst_pkt_count < max_num_packets_per_flow) {
           rflow->entropy->src2dst_pkt_len[rflow->entropy->src2dst_pkt_count] = l4_data_len;
           rflow->entropy->src2dst_pkt_time[rflow->entropy->src2dst_pkt_count] = when;

fuzz/fuzz_config.cpp

@@ -6,8 +6,6 @@
 #include <assert.h>
 #include "fuzzer/FuzzedDataProvider.h"
 
-extern "C" void ndpi_self_check_host_match(); /* Self check function */
-
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   FuzzedDataProvider fuzzed_data(data, size);
   struct ndpi_detection_module_struct *ndpi_info_mod;
@@ -136,7 +134,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   ndpi_get_num_supported_protocols(ndpi_info_mod);
   ndpi_get_ndpi_num_custom_protocols(ndpi_info_mod);
 
-  ndpi_self_check_host_match();
+  ndpi_self_check_host_match(stderr);
 
   /* Basic code to try testing this "config" */
   bool_value = fuzzed_data.ConsumeBool();
@@ -156,14 +154,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   ndpi_get_flow_risk_info(&flow, out, sizeof(out), 1);
   ndpi_get_flow_ndpi_proto(ndpi_info_mod, &flow, &p2);
   ndpi_is_proto(p, NDPI_PROTOCOL_TLS);
-  /* ndpi_guess_undetected_protocol() is a "strange" function (since is ipv4 only)
-     but it is exported by the library and it is used by ntopng. Try fuzzing it, here */
+  /* ndpi_guess_undetected_protocol() is a "strange" function. Try fuzzing it, here */
   if(!ndpi_is_protocol_detected(ndpi_info_mod, p)) {
+    ndpi_guess_undetected_protocol(ndpi_info_mod, bool_value ? &flow : NULL,
+                                   flow.l4_proto);
     if(!flow.is_ipv6) {
-      ndpi_guess_undetected_protocol(ndpi_info_mod, bool_value ? &flow : NULL,
-                                     flow.l4_proto,
-                                     flow.c_address.v4, flow.s_address.v4,
-                                     flow.c_port, flow.s_port);
       /* Another "strange" function (ipv4 only): fuzz it here, for lack of a better alternative */
       ndpi_find_ipv4_category_userdata(ndpi_info_mod, flow.c_address.v4);
     }

ndpi-netfilter/src/main.c

@@ -999,8 +999,8 @@ ndpi_process_packet(struct ndpi_net *n, struct nf_conn * ct, struct nf_ct_ext_nd
                     const struct sk_buff *skb,int dir, ndpi_protocol *proto)
 {
         struct ndpi_flow_struct * flow;
-	uint32_t low_ip, up_ip, tmp_ip;
-	uint16_t low_port, up_port, tmp_port, protocol;
+	uint32_t low_ip, up_ip;
+	uint16_t low_port, up_port, protocol;
 	const struct iphdr *iph = NULL;
 #ifdef NDPI_DETECTION_SUPPORT_IPV6
 	const struct ipv6hdr *ip6h;
@@ -1085,11 +1085,10 @@ ndpi_process_packet(struct ndpi_net *n, struct nf_conn * ct, struct nf_ct_ext_nd
 		    }
 		}
 		if(0 && l_conf == NDPI_CONFIDENCE_UNKNOWN) {
-			if(low_ip > up_ip) { tmp_ip = low_ip; low_ip=up_ip; up_ip = tmp_ip; }
-			if(low_port > up_port) { tmp_port = low_port; low_port=up_port; up_port = tmp_port; }
-			    *proto = ndpi_guess_undetected_protocol (
-					n->ndpi_struct,flow,protocol,low_ip,low_port,up_ip,up_port);
-			    if(_DBG_TRACE_GUESSED)
+			//if(low_ip > up_ip) { uint32_t tmp_ip = low_ip; low_ip=up_ip; up_ip = tmp_ip; }
+			//if(low_port > up_port) { uint16_t tmp_port = low_port; low_port=up_port; up_port = tmp_port; }
+			*proto = ndpi_guess_undetected_protocol (n->ndpi_struct,flow,protocol);
+			if(_DBG_TRACE_GUESSED)
 				packet_trace(skb,ct,ct_ndpi," guess_undet "," [%d,%d]",
 						proto->app_protocol,proto->master_protocol);
 		}

src/include/ndpi_api.h

@@ -432,20 +432,12 @@ extern "C" {
    * @par    ndpi_struct  = the detection module
    * @par    flow         = the flow we're trying to guess, NULL if not available
    * @par    proto        = the l4 protocol number
-   * @par    shost        = source address in host byte order
-   * @par    sport        = source port number
-   * @par    dhost        = destination address in host byte order
-   * @par    dport        = destination port number
    * @return the struct ndpi_protocol that match the port base protocol
    *
    */
   ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct,
 					       struct ndpi_flow_struct *flow,
-					       u_int8_t proto,
-					       u_int32_t shost,
-					       u_int16_t sport,
-					       u_int32_t dhost,
-					       u_int16_t dport);
+					       u_int8_t proto);
   /**
    * Check if the string passed match with a protocol
    *
@@ -992,6 +984,7 @@ extern "C" {
   int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_struct,
 				     char *name_or_ip, u_int name_len,
 				     ndpi_protocol_category_t *id);
+  void ndpi_self_check_host_match(FILE *error_out);
 #endif
   void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct,
 				   struct ndpi_flow_struct *flow,

src/include/ndpi_protocol_ids.h

@@ -363,6 +363,8 @@ typedef enum {
   NDPI_PROTOCOL_TPLINK_SHP            = 332, /* TP-LINK Smart Home Protocol */
   NDPI_PROTOCOL_SOURCE_ENGINE         = 333,
   NDPI_PROTOCOL_BACNET                = 334,
+  NDPI_PROTOCOL_OICQ                  = 335,
+  NDPI_PROTOCOL_HOTS                  = 336, /* Heroes of the Storm */
 
 
 #ifdef CUSTOM_NDPI_PROTOCOLS

src/include/ndpi_protocols.h

@@ -46,8 +46,7 @@ ndpi_port_range* ndpi_build_default_ports(ndpi_port_range *ports,
 u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct,
 				 struct ndpi_flow_struct *flow,
 				 u_int8_t protocol,
-				 u_int32_t saddr, u_int32_t daddr,
-				 u_int16_t sport, u_int16_t dport);
+				 u_int32_t saddr, u_int32_t daddr);
 
 
 void ndpi_bittorrent_init(struct ndpi_detection_module_struct *ndpi_struct,
@@ -85,6 +84,7 @@ void init_hsrp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_halflife2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
+void init_hots_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
@@ -244,6 +244,7 @@ void init_merakicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct
 void init_tailscale_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_source_engine_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_bacnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
+void init_oicq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 
 /* ndpi_main.c */
 extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port);

src/lib/Makefile.am

@@ -86,6 +86,7 @@ libndpi_a_SOURCES = ndpi_content_match.c.inc \
 		     protocols/halflife2_and_mods.c \
 		     protocols/hpvirtgrp.c \
 		     protocols/hsrp.c \
+		     protocols/hots.c \
 		     protocols/http.c \
 		     protocols/iax.c \
 		     protocols/icecast.c \
@@ -131,6 +132,7 @@ libndpi_a_SOURCES = ndpi_content_match.c.inc \
 		     protocols/noe.c \
 		     protocols/non_tcp_udp.c \
 		     protocols/ntp.c \
+		     protocols/oicq.c \
 		     protocols/openvpn.c \
 		     protocols/ookla.c \
 		     protocols/oracle.c \