From 157bb01153b9dc6fe948ba66714f86786720d125 Mon Sep 17 00:00:00 2001 From: 0xA50C1A1 Date: Sat, 18 Nov 2023 00:12:22 +0300 Subject: [PATCH 1/3] Remove Google+ support Google+ was discontiued in 2019, so I think that its protocol id can be freed for reuse. --- src/include/ndpi_protocol_ids.h | 2 +- src/lib/ndpi_content_match.c.inc | 3 --- src/lib/ndpi_main.c | 4 ++++ 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 19eb60e3903..8da0fef8fd7 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -100,7 +100,7 @@ typedef enum { NDPI_PROTOCOL_AMONG_US = 69, NDPI_PROTOCOL_YAHOO = 70, NDPI_PROTOCOL_DISNEYPLUS = 71, - NDPI_PROTOCOL_GOOGLE_PLUS = 72, + NDPI_PROTOCOL_FREE_72 = 72, NDPI_PROTOCOL_IP_VRRP = 73, NDPI_PROTOCOL_STEAM = 74, NDPI_PROTOCOL_HALFLIFE2 = 75, diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 7481405c565..24850c586cd 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -617,9 +617,6 @@ static ndpi_protocol_match host_match[] = { ".googletagservices.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "mtalk.google.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "plus.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "plus.url.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL }, - { "googleusercontent.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 12860420233..a2e69780774 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1310,6 +1310,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp "DisneyPlus", NDPI_PROTOCOL_CATEGORY_STREAMING, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_72 + "Free72", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_VRRP, "VRRP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, From 9839234ff75d9a4b11ff21ef07e1e17407fd6c9c Mon Sep 17 00:00:00 2001 From: Vladimir Gavrilov <105977161+0xA50C1A1@users.noreply.github.com> Date: Sat, 18 Nov 2023 00:20:04 +0300 Subject: [PATCH 2/3] Fix typo --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index a2e69780774..418b233ac63 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1310,7 +1310,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp "DisneyPlus", NDPI_PROTOCOL_CATEGORY_STREAMING, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_72 + ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 1 /* app proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FREE_72, "Free72", NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); From c07717b7d1f1f72a460dd7143f869a010ea93f14 Mon Sep 17 00:00:00 2001 From: 0xA50C1A1 Date: Sat, 18 Nov 2023 02:27:22 +0300 Subject: [PATCH 3/3] Update tests --- tests/cfgs/default/result/sites.pcapng.out | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/cfgs/default/result/sites.pcapng.out b/tests/cfgs/default/result/sites.pcapng.out index f4e9eb37b6d..06d1e0b6604 100644 --- a/tests/cfgs/default/result/sites.pcapng.out +++ b/tests/cfgs/default/result/sites.pcapng.out @@ -30,10 +30,9 @@ Outlook 9 5954 1 Xbox 4 2245 1 TikTok 31 10560 1 DisneyPlus 29 9717 1 -GooglePlus 2 2798 1 TLS 4 2215 1 GoogleMaps 4 2215 1 -Google 2 2798 1 +Google 4 5596 2 LastFM 4 2215 1 Hulu 4 2245 1 Tuenti 16 9104 2 @@ -96,7 +95,7 @@ JA3 Host Stats: 18 TCP 192.168.1.128:53978 <-> 208.85.40.158:443 [proto: 91.187/TLS.Pandora][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: Streaming/17][3 pkts/849 bytes <-> 5 pkts/3932 bytes][Goodput ratio: 76/91][0.68 sec][Hostname/SNI: pandora.com][(Advertised) ALPNs: h2;http/1.1][(Negotiated) ALPN: h2][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.645 (Download)][IAT c2s/s2c min/avg/max/stddev: 170/0 254/127 339/173 84/73][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/786 583/1514 218/607][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.pandora.com,pandora.com][JA3S: 7047b9d842ee4b3fba6a86353828c915][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1][Subject: C=US, ST=California, L=Oakland, O=Pandora Media, LLC, CN=*.pandora.com][Certificate SHA-1: 40:BB:03:6C:E8:D4:7C:D7:72:59:2F:8D:DB:4B:64:4F:8F:C4:EB:AF][Firefox][Validity: 2021-05-12 00:00:00 - 2022-06-12 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 0,0,0,16,0,0,0,0,0,0,16,16,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] 19 TCP 192.168.1.128:39302 <-> 95.131.170.91:443 [proto: 91.149/TLS.Tuenti][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/849 bytes <-> 5 pkts/3703 bytes][Goodput ratio: 76/91][0.14 sec][Hostname/SNI: static.tuenti.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 43/0 46/24 50/49 4/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/741 583/1514 218/647][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.tuenti.com,tuenti.com][JA3S: 61be9ce3d068c08ff99a857f62352f9d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com][Certificate SHA-1: 89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B][Firefox][Validity: 2021-04-05 00:00:00 - 2022-05-06 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] 20 TCP 192.168.1.128:51248 <-> 95.131.169.91:443 [proto: 91.149/TLS.Tuenti][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 6][cat: VoIP/10][3 pkts/849 bytes <-> 5 pkts/3703 bytes][Goodput ratio: 76/91][0.14 sec][Hostname/SNI: tuenti.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][bytes ratio: -0.627 (Download)][IAT c2s/s2c min/avg/max/stddev: 46/0 47/24 48/47 1/24][Pkt Len c2s/s2c min/avg/max/stddev: 74/74 283/741 583/1514 218/647][TLSv1.2][JA3C: 579ccef312d18482fc42e2b822ca2430][ServerNames: *.tuenti.com,tuenti.com][JA3S: 61be9ce3d068c08ff99a857f62352f9d][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=ES, L=Madrid, O=Tuenti Technologies S.L., CN=*.tuenti.com][Certificate SHA-1: 89:B8:FA:C7:22:04:D2:BE:C5:6E:59:10:31:67:42:B1:3F:6D:F8:3B][Firefox][Validity: 2021-04-05 00:00:00 - 2022-05-06 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,16,0,16,0,0,0,0,0,0,0,0,0,16,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,34,0,0] - 21 UDP 192.168.1.128:36832 <-> 142.250.181.238:443 [proto: 188.72/QUIC.GooglePlus][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: SocialNetwork/6][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.02 sec][Hostname/SNI: plus.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: b719940c5ab9a3373cb4475d8143ff88][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] + 21 UDP 192.168.1.128:36832 <-> 142.250.181.238:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.02 sec][Hostname/SNI: plus.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: b719940c5ab9a3373cb4475d8143ff88][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 22 UDP 192.168.1.128:38642 <-> 216.58.212.142:443 [proto: 188.126/QUIC.Google][IP: 126/Google][Encrypted][Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1399 bytes <-> 1 pkts/1399 bytes][Goodput ratio: 97/97][0.03 sec][Hostname/SNI: hangouts.google.com][(Advertised) ALPNs: h3][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: V-1][JA3C: 2a18e6bf307f97c5e27f0ab407dc65db][Firefox][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0] 23 TCP 192.168.1.128:40832 <-> 2.17.141.49:443 [proto: 91.179/TLS.eBay][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 4][cat: Shopping/27][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.04 sec][Hostname/SNI: www.ebay.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0] 24 TCP 192.168.1.128:42884 <-> 185.125.190.21:443 [proto: 91.169/TLS.UbuntuONE][IP: 169/UbuntuONE][Encrypted][Confidence: DPI][DPI packets: 4][cat: Cloud/13][2 pkts/657 bytes <-> 2 pkts/1588 bytes][Goodput ratio: 79/91][0.06 sec][Hostname/SNI: assets.ubuntu.com][(Advertised) ALPNs: h2;http/1.1][TLS Supported Versions: TLSv1.3;TLSv1.2][TLSv1.3][JA3C: 579ccef312d18482fc42e2b822ca2430][JA3S: 15af977ce25de452b96affa2addb1036][Firefox][Cipher: TLS_AES_256_GCM_SHA384][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0]