From b03378c99dd7555c34f301e133af878db74384fa Mon Sep 17 00:00:00 2001
From: ImBenji <benjamin.watt@imbenji.net>
Date: Fri, 29 Aug 2025 01:44:42 +0100
Subject: [PATCH] Add fallback protocol analysis for unavailable nDPI analyzer

---
 lib/services/protocol_blocking_service.dart | 53 +++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/lib/services/protocol_blocking_service.dart b/lib/services/protocol_blocking_service.dart
index 3cc686c..0e97cba 100644
--- a/lib/services/protocol_blocking_service.dart
+++ b/lib/services/protocol_blocking_service.dart
@@ -376,6 +376,14 @@ class ProtocolBlockingService {
     print('🔢 Analyzing ${hexBytes.length} bytes of packet data');
     
     try {
+      // First check if the protocol analyzer exists
+      final analyzerCheck = await Process.run('ls', ['-la', './protocol_analyzer']);
+      if (analyzerCheck.exitCode != 0) {
+        print('⚠️  nDPI protocol analyzer not available - using basic pattern matching');
+        await _basicProtocolAnalysis(hexBytes, conn);
+        return;
+      }
+      
       // Call our C nDPI analyzer
       final result = await Process.run('./protocol_analyzer', [hexString]);
       
@@ -436,6 +444,51 @@ class ProtocolBlockingService {
            blockedCategories.contains(category);
   }
   
+  static Future<void> _basicProtocolAnalysis(List<String> hexBytes, Connection conn) async {
+    print('🔍 Using basic pattern matching fallback');
+    
+    // Convert hex to ASCII for pattern matching
+    final asciiData = _extractAsciiFromHex(hexBytes);
+    final hexString = hexBytes.join('').toLowerCase();
+    
+    String? detectedProtocol;
+    
+    // BitTorrent detection
+    if (asciiData.contains('BitTorrent protocol') || hexString.contains('13426974546f7272656e742070726f746f636f6c')) {
+      detectedProtocol = 'BitTorrent';
+    }
+    // SSH detection
+    else if (asciiData.contains('SSH-2.0') || asciiData.contains('SSH-1.')) {
+      detectedProtocol = 'SSH';
+    }
+    // HTTP detection
+    else if (asciiData.toLowerCase().contains('get ') || asciiData.toLowerCase().contains('post ') || asciiData.toLowerCase().contains('http/')) {
+      detectedProtocol = 'HTTP';
+    }
+    // TLS/SSL detection (0x16 = handshake record type)
+    else if (hexBytes.isNotEmpty && hexBytes.first.toLowerCase() == '16') {
+      detectedProtocol = 'TLS/SSL';
+    }
+    // SMTP detection
+    else if (asciiData.contains('220 ') && conn.remotePort == 25) {
+      detectedProtocol = 'SMTP';
+    }
+    
+    if (detectedProtocol != null) {
+      print('🎯 BASIC DETECTION: $detectedProtocol');
+      
+      // Simple blocking logic for basic patterns
+      if (['BitTorrent', 'eMule'].contains(detectedProtocol)) {
+        print('🚫 BLOCKING PROTOCOL: $detectedProtocol');
+      } else {
+        print('✅ ALLOWING PROTOCOL: $detectedProtocol');
+      }
+    } else {
+      print('❓ UNKNOWN PROTOCOL (basic analysis)');
+      print('🔤 ASCII sample: ${asciiData.replaceAll(RegExp(r'[^\x20-\x7E]'), '.').substring(0, 50)}...');
+    }
+  }
+  
   static List<String> _extractHexBytes(String tcpdumpOutput) {
     final hexPattern = RegExp(r'0x[0-9a-f]+:\s*([0-9a-f\s]+)', caseSensitive: false);
     final matches = hexPattern.allMatches(tcpdumpOutput);