-
Notifications
You must be signed in to change notification settings - Fork 905
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
20 changed files
with
268 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -29,9 +29,13 @@ | |
#include "ndpi_api.h" | ||
#include "ndpi_private.h" | ||
|
||
static void search_metadata(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); | ||
|
||
static void ndpi_int_sip_add_connection(struct ndpi_detection_module_struct *ndpi_struct, | ||
struct ndpi_flow_struct *flow) { | ||
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SIP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); | ||
|
||
search_metadata(ndpi_struct, flow); | ||
} | ||
|
||
/* ********************************************************** */ | ||
|
@@ -128,9 +132,103 @@ static int search_cmd(struct ndpi_detection_module_struct *ndpi_struct) | |
return 0; | ||
} | ||
|
||
/* ********************************************************** */ | ||
|
||
static char *get_imsi(const char *str, int *imsi_len) | ||
{ | ||
char *s, *e, *c; | ||
|
||
/* Format: <sip:[email protected]>;tag=YpUNxYCzz0dMHM */ | ||
|
||
s = ndpi_strnstr(str, "<sip:", strlen(str)); | ||
if(!s) | ||
return NULL; | ||
e = ndpi_strnstr(s, "@", strlen(s)); | ||
if(!e) | ||
return NULL; | ||
*imsi_len = e - s - 5; | ||
/* IMSI is 14 or 15 digit length */ | ||
if(*imsi_len != 14 && *imsi_len != 15) | ||
return NULL; | ||
for(c = s + 5; c != e; c++) | ||
if(!isdigit(*c)) | ||
return NULL; | ||
return s + 5; | ||
} | ||
|
||
/* ********************************************************** */ | ||
|
||
static int metadata_enabled(struct ndpi_detection_module_struct *ndpi_struct) | ||
{ | ||
/* At least one */ | ||
return ndpi_struct->cfg.sip_attribute_from_enabled || | ||
ndpi_struct->cfg.sip_attribute_from_imsi_enabled || | ||
ndpi_struct->cfg.sip_attribute_to_enabled || | ||
ndpi_struct->cfg.sip_attribute_to_imsi_enabled; | ||
} | ||
|
||
/* ********************************************************** */ | ||
|
||
static void search_metadata(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) | ||
{ | ||
struct ndpi_packet_struct *packet = &ndpi_struct->packet; | ||
u_int16_t a; | ||
int str_len, imsi_len; | ||
char *str, *imsi; | ||
|
||
if(!metadata_enabled(ndpi_struct)) | ||
return; | ||
|
||
NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet); | ||
|
||
for(a = 0; a < packet->parsed_lines; a++) { | ||
/* From */ | ||
if(ndpi_struct->cfg.sip_attribute_from_enabled && | ||
flow->protos.sip.from == NULL && | ||
packet->line[a].len >= 5 && | ||
memcmp(packet->line[a].ptr, "From:", 5) == 0) { | ||
str_len = packet->line[a].len - 5; | ||
str = ndpi_strip_leading_trailing_spaces((char *)packet->line[a].ptr + 5, &str_len); | ||
if(str) { | ||
NDPI_LOG_DBG2(ndpi_struct, "Found From: %.*s\n", str_len, str); | ||
flow->protos.sip.from = ndpi_strndup(str, str_len); | ||
if(ndpi_struct->cfg.sip_attribute_from_imsi_enabled && | ||
flow->protos.sip.from) { | ||
imsi = get_imsi(flow->protos.sip.from, &imsi_len); | ||
if(imsi) { | ||
NDPI_LOG_DBG2(ndpi_struct, "Found From IMSI: %.*s\n", imsi_len, imsi); | ||
memcpy(flow->protos.sip.from_imsi, imsi, imsi_len); | ||
} | ||
} | ||
} | ||
} | ||
|
||
/* To */ | ||
if(ndpi_struct->cfg.sip_attribute_to_enabled && | ||
flow->protos.sip.to == NULL && | ||
packet->line[a].len >= 3 && | ||
memcmp(packet->line[a].ptr, "To:", 3) == 0) { | ||
str_len = packet->line[a].len - 3; | ||
str = ndpi_strip_leading_trailing_spaces((char *)packet->line[a].ptr + 3, &str_len); | ||
if(str) { | ||
NDPI_LOG_DBG2(ndpi_struct, "Found To: %.*s\n", str_len, str); | ||
flow->protos.sip.to = ndpi_strndup(str, str_len); | ||
if(ndpi_struct->cfg.sip_attribute_to_imsi_enabled && | ||
flow->protos.sip.to) { | ||
imsi = get_imsi(flow->protos.sip.to, &imsi_len); | ||
if(imsi) { | ||
NDPI_LOG_DBG2(ndpi_struct, "Found To IMSI: %.*s\n", imsi_len, imsi); | ||
memcpy(flow->protos.sip.to_imsi, imsi, imsi_len); | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} | ||
|
||
/* ********************************************************** */ | ||
|
||
void ndpi_search_sip(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { | ||
static void ndpi_search_sip(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { | ||
struct ndpi_packet_struct *packet = &ndpi_struct->packet; | ||
const u_int8_t *packet_payload = packet->payload; | ||
u_int32_t payload_len = packet->payload_packet_len; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,7 +27,7 @@ Megaco 130 23570 1 | |
Acceptable 1552 259123 5 | ||
|
||
1 UDP 10.35.60.100:15580 <-> 10.23.1.52:16756 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 3][cat: Media/1][159 pkts/33872 bytes <-> 1171 pkts/148830 bytes][Goodput ratio: 80/66][37.44 sec][bytes ratio: -0.629 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/30 81/286 7/49][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 213/127 214/214 12/32][PLAIN TEXT (UUUUUU)][Plen Bins: 0,0,50,0,0,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] | ||
2 UDP 10.35.40.25:5060 <-> 10.35.40.200:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][22 pkts/13254 bytes <-> 24 pkts/13218 bytes][Goodput ratio: 93/92][83.79 sec][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3385/1643 27628/17187 8177/4202][Pkt Len c2s/s2c min/avg/max/stddev: 425/304 602/551 923/894 205/186][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,4,0,8,4,22,18,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] | ||
2 UDP 10.35.40.25:5060 <-> 10.35.40.200:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][22 pkts/13254 bytes <-> 24 pkts/13218 bytes][Goodput ratio: 93/92][83.79 sec][SIP From: <sip:unavailable@hostportion>;tag=00e9d478][SIP To: <sip:[email protected];user=phone>][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3385/1643 27628/17187 8177/4202][Pkt Len c2s/s2c min/avg/max/stddev: 425/304 602/551 923/894 205/186][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,4,0,8,4,22,18,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] | ||
3 UDP 10.35.40.22:2944 <-> 10.23.1.42:2944 [proto: 181/Megaco][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 181/Megaco, Confidence: DPI][DPI packets: 1][cat: VoIP/10][65 pkts/7788 bytes <-> 65 pkts/15782 bytes][Goodput ratio: 65/83][109.25 sec][bytes ratio: -0.339 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1409/1356 4370/4370 1953/1909][Pkt Len c2s/s2c min/avg/max/stddev: 77/101 120/243 583/561 107/94][PLAIN TEXT (555282713)][Plen Bins: 0,48,0,23,0,1,1,21,0,0,1,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] | ||
4 UDP 10.35.60.72:5060 <-> 10.35.60.100:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][11 pkts/6627 bytes <-> 12 pkts/6609 bytes][Goodput ratio: 93/92][83.79 sec][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/19 7451/3699 27579/17188 10544/5458][Pkt Len c2s/s2c min/avg/max/stddev: 425/304 602/551 923/894 205/186][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,4,0,8,4,22,18,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] | ||
5 UDP 138.132.169.101:5060 <-> 192.168.100.219:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][11 pkts/6498 bytes <-> 12 pkts/6645 bytes][Goodput ratio: 93/92][83.79 sec][bytes ratio: -0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 21/16 7450/3691 27580/17187 10543/5469][Pkt Len c2s/s2c min/avg/max/stddev: 380/339 591/554 926/875 214/174][PLAIN TEXT (mINVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,4,13,0,27,13,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] | ||
4 UDP 10.35.60.72:5060 <-> 10.35.60.100:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][11 pkts/6627 bytes <-> 12 pkts/6609 bytes][Goodput ratio: 93/92][83.79 sec][SIP From: <sip:unavailable@hostportion>;tag=00e9d478][SIP To: <sip:[email protected];user=phone>][bytes ratio: 0.001 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/19 7451/3699 27579/17188 10544/5458][Pkt Len c2s/s2c min/avg/max/stddev: 425/304 602/551 923/894 205/186][PLAIN TEXT (INVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,4,0,8,4,22,18,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] | ||
5 UDP 138.132.169.101:5060 <-> 192.168.100.219:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 100/SIP, Confidence: DPI][DPI packets: 1][cat: VoIP/10][11 pkts/6498 bytes <-> 12 pkts/6645 bytes][Goodput ratio: 93/92][83.79 sec][SIP From: <sip:unavailable@hostportion>;tag=SD4909701-00e9d478][SIP To: <sip:[email protected];user=phone>][bytes ratio: -0.011 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 21/16 7450/3691 27580/17187 10543/5469][Pkt Len c2s/s2c min/avg/max/stddev: 380/339 591/554 926/875 214/174][PLAIN TEXT (mINVITE sip)][Plen Bins: 0,0,0,0,0,0,0,0,0,4,13,0,27,13,4,0,8,0,0,0,0,0,0,4,8,4,4,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |
Oops, something went wrong.