Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve TencentGames detection #2353

Merged
merged 2 commits into from
Mar 20, 2024
Merged

Improve TencentGames detection #2353

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6e05330
Improve TencentGames detection
0xA50C1A1 Mar 20, 2024
20b4387
Add more signatures
0xA50C1A1 Mar 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 31 additions & 3 deletions src/lib/protocols/tencent_games.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,14 @@
#include "ndpi_api.h"
#include "ndpi_private.h"

static void ndpi_int_tencent_games_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
NDPI_LOG_INFO(ndpi_struct, "found Tencent Games\n");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TENCENTGAMES,
NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
}

static void ndpi_search_tencent_games(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
Expand All @@ -40,9 +48,29 @@ static void ndpi_search_tencent_games(struct ndpi_detection_module_struct *ndpi_
if (ntohl(get_u_int32_t(packet->payload, 0)) == 0x3366000B &&
ntohs(get_u_int16_t(packet->payload, 4)) == 0xB)
{
NDPI_LOG_INFO(ndpi_struct, "found Tencent Games\n");
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TENCENTGAMES,
NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
ndpi_int_tencent_games_add_connection(ndpi_struct, flow);
return;
}

if (ntohl(get_u_int32_t(packet->payload, 0)) == 0x4366AA00 &&
ntohl(get_u_int32_t(packet->payload, 12)) == 0x10E68601)
{
ndpi_int_tencent_games_add_connection(ndpi_struct, flow);
return;
}

if (ntohl(get_u_int32_t(packet->payload, 0)) == 0xAA000000 &&
ntohl(get_u_int32_t(packet->payload, 10)) == 0x10E68601)
{
ndpi_int_tencent_games_add_connection(ndpi_struct, flow);
return;
}

if (get_u_int16_t(packet->payload, 0) == 0 &&
ntohs(get_u_int16_t(packet->payload, 2)) == (u_int16_t)(packet->payload_packet_len-4) &&
ntohs(get_u_int16_t(packet->payload, 4)) == 0x7801)
{
ndpi_int_tencent_games_add_connection(ndpi_struct, flow);
return;
}
}
Expand Down
Binary file modified tests/cfgs/default/pcap/tencent_games.pcap
View file
Open in desktop
Binary file not shown.
16 changes: 9 additions & 7 deletions tests/cfgs/default/result/tencent_games.pcap.out
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
DPI Packets (TCP): 4 (4.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 144 (144.00 diss/flow)
DPI Packets (TCP): 12 (4.00 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 432 (144.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand All @@ -18,11 +18,13 @@ Patricia risk mask: 0/0 (search/found)
Patricia risk mask IPv6: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 1/1 (search/found)
Patricia protocols: 3/3 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

TencentGames 10 818 1
TencentGames 22 2400 3

Fun 10 818 1
Fun 22 2400 3

1 TCP 10.215.173.1:43300 <-> 43.130.19.227:65010 [proto: 395/TencentGames][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][5 pkts/413 bytes <-> 5 pkts/405 bytes][Goodput ratio: 47/49][0.61 sec][bytes ratio: 0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 103/104 200/200 95/96][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 83/81 157/173 46/52][PLAIN TEXT (9089499565149320430)][Plen Bins: 0,0,50,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
1 TCP 10.215.173.1:42864 <-> 162.62.116.201:20731 [proto: 395/TencentGames][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][4 pkts/951 bytes <-> 2 pkts/88 bytes][Goodput ratio: 81/0][0.23 sec][bytes ratio: 0.831 (Upload)][IAT c2s/s2c min/avg/max/stddev: 32/124 75/124 124/124 38/0][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 238/44 473/48 191/4][Plen Bins: 0,0,0,0,0,0,0,0,0,0,50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 TCP 10.215.173.1:43300 <-> 43.130.19.227:65010 [proto: 395/TencentGames][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][5 pkts/413 bytes <-> 5 pkts/405 bytes][Goodput ratio: 47/49][0.61 sec][bytes ratio: 0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/4 103/104 200/200 95/96][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 83/81 157/173 46/52][PLAIN TEXT (9089499565149320430)][Plen Bins: 0,0,50,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
3 TCP 10.215.173.1:46658 <-> 162.62.97.166:8085 [proto: 395/TencentGames][IP: 285/Tencent][ClearText][Confidence: DPI][DPI packets: 4][cat: Game/8][3 pkts/290 bytes <-> 3 pkts/253 bytes][Goodput ratio: 52/49][0.17 sec][bytes ratio: 0.068 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 7/8 51/40 95/71 44/32][Pkt Len c2s/s2c min/avg/max/stddev: 40/40 97/84 190/165 66/57][PLAIN TEXT (gcloud)][Plen Bins: 0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Loading