UBNTAC2: rework detection (#2744)

ntop · Feb 23, 2025 · 084a580 · 084a580
1 parent 5858e1d
commit 084a580
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 51 deletions.
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
@@ -1526,7 +1526,7 @@ struct ndpi_flow_struct {
     } discord;
 
     struct {
-      char version[32];
+      char version[64];
     } ubntac2;
 
     /* In TLS.Bittorent flows there is no hash.

diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c
@@ -35,47 +35,37 @@ static void ndpi_int_ubntac2_add_connection(struct ndpi_detection_module_struct
 static void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
 {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
+  u_int8_t tlv_type;
+  u_int16_t tlv_length, version_len;
+  int off;
 
   NDPI_LOG_DBG(ndpi_struct, "search ubntac2\n");
-  NDPI_LOG_DBG2(ndpi_struct, "UBNTAC2 detection... plen:%i %i:%i\n", packet->payload_packet_len, ntohs(packet->udp->source), ntohs(packet->udp->dest));
-
-  if(packet->udp) {
-    if(packet->payload_packet_len >= 135 &&
-       (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001))) {
-      int found = 0;
-
-      if(memcmp(&(packet->payload[36]), "UBNT", 4) == 0) {
-	found = 36+5;
-      } else if(memcmp(&(packet->payload[49]), "ubnt", 4) == 0) {
-	found = 49+5;
-      }
 
-      if(found) {
-	found += packet->payload[found+1] + 4; /* Skip model name */
-	found++; /* Skip len */
-
-	if(found < packet->payload_packet_len) {
-	  char version[256];
-	  int len;
-	  u_int i, j;
-
-	  for(i=found, j=0; (i < packet->payload_packet_len)
-		&& (i < (sizeof(version)-1))
-		&& (packet->payload[i] != 0); i++)
-	    version[j++] = packet->payload[i];
-
-	  version[j] = '\0';
-
-	  len = ndpi_min(sizeof(flow->protos.ubntac2.version) - 1, j);
-	  memcpy(flow->protos.ubntac2.version, (const char *)version, len);
-	  flow->protos.ubntac2.version[len] = '\0';
-	}
-
-	NDPI_LOG_INFO(ndpi_struct, "UBNT AirControl 2 request\n");
-
-	ndpi_int_ubntac2_add_connection(ndpi_struct, flow);
+  if(packet->payload_packet_len >= 4 &&
+     (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001)) &&
+     packet->payload[0] == 0x02 &&
+     packet->payload[1] == 0x06 &&
+     (4 + ntohs(*(u_int16_t *)&packet->payload[2]) == packet->payload_packet_len)) {
+    NDPI_LOG_INFO(ndpi_struct, "UBNT AirControl 2 request\n");
+    ndpi_int_ubntac2_add_connection(ndpi_struct, flow);
+
+    /* Parse TLV list: 1 byte type + 2 byte length + (optional) data */
+    off = 4;
+    while (off + 3 < packet->payload_packet_len) {
+      tlv_type = packet->payload[off];
+      tlv_length = ntohs(*(u_int16_t *)&packet->payload[off + 1]);
+
+      NDPI_LOG_DBG2(ndpi_struct, "0x%x Len %d\n", tlv_type, tlv_length);
+
+      if(tlv_type == 0x03 && off + 3 + tlv_length < packet->payload_packet_len) {
+	version_len = ndpi_min(sizeof(flow->protos.ubntac2.version) - 1, tlv_length);
+	memcpy(flow->protos.ubntac2.version, (const char *)&packet->payload[off + 3], version_len);
+	flow->protos.ubntac2.version[version_len] = '\0';
       }
+
+      off += 3 + tlv_length;
     }
+    return;
   }
 
   NDPI_EXCLUDE_PROTO(ndpi_struct, flow);

diff --git a/tests/cfgs/default/pcap/ubntac2.pcap b/tests/cfgs/default/pcap/ubntac2.pcap
diff --git a/tests/cfgs/default/result/ubntac2.pcap.out b/tests/cfgs/default/result/ubntac2.pcap.out
@@ -1,6 +1,6 @@
-DPI Packets (UDP):	8	(1.00 pkts/flow)
-Confidence DPI              : 8 (flows)
-Num dissector calls: 8 (1.00 diss/flow)
+DPI Packets (UDP):	9	(1.00 pkts/flow)
+Confidence DPI              : 9 (flows)
+Num dissector calls: 9 (1.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
@@ -17,18 +17,19 @@ Patricia risk mask:   0/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        0/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   16/0 (search/found)
+Patricia protocols:   18/0 (search/found)
 Patricia protocols IPv6: 0/0 (search/found)
 
-UBNTAC2	8	1736	8
+UBNTAC2	9	2032	9
 
-Safe                             8 1736          8            
+Safe                             9 2032          9            
 
-	1	UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	5	UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	6	UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	7	UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	8	UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 192.168.1.138:60790 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/296 bytes -> 0 pkts/0 bytes][Goodput ratio: 86/0][< 1 sec][BZ.qca956x_6.6.77+15402.240813.0934][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.1.1:34085 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP 192.168.1.1:42838 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 192.168.1.1:44641 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP 192.168.1.1:47746 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	6	UDP 192.168.1.1:47871 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	UDP 192.168.1.1:52220 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	8	UDP 192.168.1.1:55321 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	9	UDP 192.168.1.1:59772 -> 255.255.255.255:10001 [proto: 31/UBNTAC2][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 31/UBNTAC2, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/217 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031][PLAIN TEXT (UniFiSecurityGateway.ER)][Plen Bins: 0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]