Add Service Location Protocol dissector.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
ntop · Jul 7, 2023 · 5332479 · 5332479
1 parent bdd295b
commit 5332479
Show file tree

Hide file tree

Showing 151 changed files with 3,037 additions and 2,067 deletions.
diff --git a/doc/protocols.rst b/doc/protocols.rst
@@ -1,5 +1,5 @@
 nDPI Protocols List
-####################
+###################
 
 This page provides the list of the protocols/applications supported by nDPI. For each protocol there is a brief description, some links to further, more detailed information and, optionally, some notes that might be useful when handling such a protocol (from the application/integrator point of view)
 
@@ -49,7 +49,7 @@ References: `Main site <https://www.nvidia.com>`_.
 .. _Proto 343:
 
 `NDPI_PROTOCOL_BITCOIN`
-======================
+=======================
 Bitcoin is one of the most common crypto currencies.
 
 References: `Main site <https://en.bitcoin.it/wiki/Protocol_documentation>`_.
@@ -64,7 +64,7 @@ Notes:
 .. _Proto 344:
 
 `NDPI_PROTOCOL_PROTONVPN`
-========================
+=========================
 Proton VPN is a VPN service operated by the Swiss company Proton AG, the company behind the email service Proton Mail
 
 References: `Main site https://protonvpn.com/`
@@ -73,7 +73,16 @@ References: `Main site https://protonvpn.com/`
 .. _Proto 345:
 
 `NDPI_PROTOCOL_THRIFT`
-========================
+======================
 Apache Thrift is a generic data interchange framework that supports a bunch of different languages and platforms.
 
 References: `Official site <https://thrift.apache.org>`_ `Github <https://github.com/apache/thrift>`_.
+
+
+.. _Proto 346:
+
+`NDPI_PROTOCOL_SERVICE_LOCATION`
+================================
+The Service Location Protocol is a service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration.
+
+References: `SLPv1 <https://datatracker.ietf.org/doc/html/rfc2165>`_ `SLPv2 <https://datatracker.ietf.org/doc/html/rfc2608>`_.
diff --git a/example/reader_util.c b/example/reader_util.c
@@ -1198,6 +1198,21 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
     ndpi_snprintf(flow->softether.fqdn, sizeof(flow->softether.fqdn), "%s",
                   flow->ndpi_flow->protos.softether.fqdn);
   }
+  /* SERVICE_LOCATION */
+  else if(is_ndpi_proto(flow, NDPI_PROTOCOL_SERVICE_LOCATION)) {
+    flow->info_type = INFO_GENERIC;
+    flow->info[0] = 0;
+    if (flow->ndpi_flow->protos.slp.url_count > 0)
+      strncat(flow->info, "URL: ", sizeof(flow->info));
+    for (size_t i = 0; i < flow->ndpi_flow->protos.slp.url_count; ++i) {
+      size_t length = strlen(flow->info);
+      strncat(flow->info + length, flow->ndpi_flow->protos.slp.url[i],
+              sizeof(flow->info) - length);
+      length = strlen(flow->info);
+      if (i < (size_t)flow->ndpi_flow->protos.slp.url_count - 1)
+        strncat(flow->info + length, ", ", sizeof(flow->info) - length);
+    }
+  }
   /* NATPMP */
   else if(is_ndpi_proto(flow, NDPI_PROTOCOL_NATPMP)) {
     flow->info_type = INFO_NATPMP;

diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
@@ -374,6 +374,7 @@ typedef enum {
   NDPI_PROTOCOL_BITCOIN               = 343, 
   NDPI_PROTOCOL_PROTONVPN             = 344,
   NDPI_PROTOCOL_APACHE_THRIFT         = 345,
+  NDPI_PROTOCOL_SERVICE_LOCATION      = 346,
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"

diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
@@ -243,6 +243,7 @@ void init_oicq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int
 void init_epicgames_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_bitcoin_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_apache_thrift_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
+void init_slp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 
 /* ndpi_main.c */
 extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port);

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
@@ -1595,6 +1595,11 @@ struct ndpi_flow_struct {
       u_int8_t message_type;
       char method[64];
     } thrift;
+
+    struct {
+      u_int8_t url_count;
+      char url[4][48];
+    } slp;
   } protos;
 
   /*** ALL protocol specific 64 bit variables here ***/

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
@@ -2102,6 +2102,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  "Thrift", NDPI_PROTOCOL_CATEGORY_RPC,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
+  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SERVICE_LOCATION,
+			  "Service_Location_Protocol", NDPI_PROTOCOL_CATEGORY_RPC,
+			  ndpi_build_default_ports(ports_a, 427, 0, 0, 0, 0) /* TCP */,
+			  ndpi_build_default_ports(ports_b, 427, 0, 0, 0, 0) /* UDP */);
 
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
@@ -4981,6 +4985,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
   /* Apache Thrift */
   init_apache_thrift_dissector(ndpi_str, &a);
 
+  /* Service Location Protocol */
+  init_slp_dissector(ndpi_str, &a);
+
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main_init.c"
 #endif