IPv6: add support for custom rules

example/protos.txt

@@ -27,6 +27,7 @@ host:"api-global.netflix.com"@Netflix
 #  IP based Subprotocols
 #  Format:
 #  ip:<value>,ip:<value>,.....@<subproto>
+#  ipv6:[<value>],ipv6:[<value>],.....@<subproto>
 
 #
 # NOTES
@@ -54,6 +55,12 @@ ip:3.3.3.3:443@CustomProtocolA
 ip:3.3.3.3:444@CustomProtocolB
 ip:3.3.3.3:446@CustomProtocolC=400
 
+ipv6:[3ffe:507:0:1:200:86ff:fe05:80da]@CustomProtocolD
+ipv6:[247f:855b:5e16:3caf::]/64:100@CustomProtocolE
+ipv6:[247f:855b:5e16:3caf::]/64@CustomProtocolF
+ipv6:[fe80::76ac:b9ff:fe6c:c124]:12717@CustomProtocolG
+ipv6:[fe80::76ac:b9ff:fe6c:c124]:12718@CustomProtocolH
+
 #
 # Risk Exceptions
 #

fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_1.txt

@@ -0,0 +1 @@
+ipv6:[3ffe:507:0:1:200:86ff:fe05:80da]@CustomProtocolD

fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_2.txt

@@ -0,0 +1 @@
+ipv6:[247f:855b:5e16:3caf::]/64:100@CustomProtocolE

fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_3.txt

@@ -0,0 +1 @@
+ipv6:[247f:855b:5e16:3caf::]/64@CustomProtocolF

fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_4.txt

@@ -0,0 +1 @@
+ipv6:[fe80::76ac:b9ff:fe6c:c124]:12717@CustomProtocolG

fuzz/corpus/fuzz_filecfg_protocols/custom_ipv6_5.txt

@@ -0,0 +1 @@
+ipv6:[fe80::76ac:b9ff:fe6c:c124]:12718@CustomProtocolH

src/lib/ndpi_main.c

@@ -2697,14 +2697,23 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp
 					char *value, u_int16_t protocol_id) {
   ndpi_patricia_node_t *node;
   struct in_addr pin;
+  struct in6_addr pin6;
   int bits = 32;
+  int is_ipv6 = 0;
   char *ptr = strrchr(value, '/');
-  u_int16_t port = 0; /* Format ip:8.248.73.247:443 */
-  char *double_column;
+  u_int16_t port = 0; /* Format ip:8.248.73.247 */
+                      /* Format ipv6:[fe80::76ac:b9ff:fe6c:c124]/64 */
+  char *double_column = NULL;
 
   if(!ndpi_str->protocols_ptree)
     return(-1);
 
+  if(value[0] == '[') {
+    is_ipv6 = 1;
+    bits = 128;
+    value += 1;
+  }
+
   if(ptr) {
     ptr[0] = '\0';
     ptr++;
@@ -2714,25 +2723,50 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp
       port = atoi(&double_column[1]);
     }
 
-    if(atoi(ptr) >= 0 && atoi(ptr) <= 32)
-      bits = atoi(ptr);
+    if(!is_ipv6) {
+      if(atoi(ptr) >= 0 && atoi(ptr) <= 32)
+        bits = atoi(ptr);
+    } else {
+      if(atoi(ptr) >= 0 && atoi(ptr) <= 128)
+        bits = atoi(ptr);
+
+      ptr = strrchr(value, ']');
+      if(ptr)
+        *ptr = '\0';
+    }
   } else {
     /*
       Let's check if there is the port defined
       Example: ip:8.248.73.247:443@AmazonPrime
+      Example: ipv6:[fe80::76ac:b9ff:fe6c:c124]:36818@CustomProtocolF
     */
-    double_column = strrchr(value, ':');
+    if(!is_ipv6) {
+      double_column = strrchr(value, ':');
+    } else {
+      ptr = strrchr(value, ']');
+      if(ptr) {
+        double_column = strrchr(ptr, ':');
+        *ptr = '\0';
+      }
+    }
 
     if(double_column) {
       double_column[0] = '\0';
       port = atoi(&double_column[1]);
     }
   }
 
-  if(inet_pton(AF_INET, value, &pin) != 1)
-    return(-1);
+  if(!is_ipv6) {
+    if(inet_pton(AF_INET, value, &pin) != 1)
+      return(-1);
+    node = add_to_ptree(ndpi_str->protocols_ptree, AF_INET, &pin, bits);
+  } else {
+    if(inet_pton(AF_INET6, value, &pin6) != 1)
+      return(-1);
+    node = add_to_ptree(ndpi_str->protocols_ptree6, AF_INET6, &pin6, bits);
+  }
 
-  if((node = add_to_ptree(ndpi_str->protocols_ptree, AF_INET, &pin, bits)) != NULL) {
+  if(node != NULL) {
     int i;
     struct patricia_uv16_list *item;
 
@@ -4227,6 +4261,8 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_str,
       is_tcp = 1, value = &attr[4];
     else if(strncmp(attr, "udp:", 4) == 0)
       is_udp = 1, value = &attr[4];
+    else if(strncmp(attr, "ipv6:", 5) == 0)
+      is_ip = 1, value = &attr[5];
     else if(strncmp(attr, "ip:", 3) == 0)
       is_ip = 1, value = &attr[3];
     else if(strncmp(attr, "host:", 5) == 0) {

tests/cfgs/default/result/custom_rules_ipv6.pcapng.out

@@ -0,0 +1,35 @@
+Guessed flow protos:	0
+
+DPI Packets (UDP):	5	(1.00 pkts/flow)
+Confidence Unknown          : 5 (flows)
+Num dissector calls: 0 (0.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   0/0 (search/found)
+Patricia protocols IPv6: 9/5 (search/found)
+
+CustomProtocolD	2	600	1
+CustomProtocolE	1	1287	1
+CustomProtocolF	1	1287	1
+CustomProtocolG	1	318	1
+CustomProtocolH	1	318	1
+
+	1	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 365/CustomProtocolE][IP: 365/CustomProtocolE][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+	2	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 366/CustomProtocolF][IP: 366/CustomProtocolF][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+	3	UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 364/CustomProtocolD][IP: 364/CustomProtocolD][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP [fe80::76ac:b9ff:fe6c:c124]:12717 -> [ff02::1]:64315 [proto: 367/CustomProtocolG][IP: 367/CustomProtocolG][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP [fe80::76ac:b9ff:fe6c:c124]:12718 -> [ff02::1]:26993 [proto: 368/CustomProtocolH][IP: 368/CustomProtocolH][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]