4
* Copyright (C) 2009-2011 by ipoque GmbH
5
* Copyright (C) 2011-13 - ntop.org
7
* This file is part of nDPI, an open source deep packet inspection
8
* library based on the OpenDPI and PACE technology by ipoque GmbH
10
* nDPI is free software: you can redistribute it and/or modify
11
* it under the terms of the GNU Lesser General Public License as published by
12
* the Free Software Foundation, either version 3 of the License, or
13
* (at your option) any later version.
15
* nDPI is distributed in the hope that it will be useful,
16
* but WITHOUT ANY WARRANTY; without even the implied warranty of
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18
* GNU Lesser General Public License for more details.
20
* You should have received a copy of the GNU Lesser General Public License
21
* along with nDPI. If not, see <http://www.gnu.org/licenses/>.
29
#include "ndpi_protocols.h"
30
#ifdef NDPI_PROTOCOL_KERBEROS
32
static void ndpi_int_kerberos_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
33
struct ndpi_flow_struct *flow)
35
ndpi_int_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_KERBEROS, NDPI_REAL_PROTOCOL);
39
void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
41
struct ndpi_packet_struct *packet = &flow->packet;
42
// struct ndpi_id_struct *src=ndpi_struct->src;
43
// struct ndpi_id_struct *dst=ndpi_struct->dst;
46
/* I have observed 0a,0c,0d,0e at packet->payload[19/21], maybe there are other possibilities */
47
if (packet->payload_packet_len >= 4 && ntohl(get_u_int32_t(packet->payload, 0)) == packet->payload_packet_len - 4) {
48
if (packet->payload_packet_len > 19 &&
49
packet->payload[14] == 0x05 &&
50
(packet->payload[19] == 0x0a ||
51
packet->payload[19] == 0x0c || packet->payload[19] == 0x0d || packet->payload[19] == 0x0e)) {
52
NDPI_LOG(NDPI_PROTOCOL_KERBEROS, ndpi_struct, NDPI_LOG_DEBUG, "found KERBEROS\n");
53
ndpi_int_kerberos_add_connection(ndpi_struct, flow);
57
if (packet->payload_packet_len > 21 &&
58
packet->payload[16] == 0x05 &&
59
(packet->payload[21] == 0x0a ||
60
packet->payload[21] == 0x0c || packet->payload[21] == 0x0d || packet->payload[21] == 0x0e)) {
61
NDPI_LOG(NDPI_PROTOCOL_KERBEROS, ndpi_struct, NDPI_LOG_DEBUG, "found KERBEROS\n");
62
ndpi_int_kerberos_add_connection(ndpi_struct, flow);
78
NDPI_LOG(NDPI_PROTOCOL_KERBEROS, ndpi_struct, NDPI_LOG_DEBUG, "no KERBEROS detected.\n");
79
NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_KERBEROS);