Add fallback protocol analysis for unavailable nDPI analyzer

2025-08-29 01:44:42 +01:00
parent 7a7503d474
commit b03378c99d
1 changed files with 53 additions and 0 deletions
--- a/lib/services/protocol_blocking_service.dart
+++ b/lib/services/protocol_blocking_service.dart
@@ -376,6 +376,14 @@ class ProtocolBlockingService {
    print('🔢 Analyzing ${hexBytes.length} bytes of packet data');
    
    try {
+      // First check if the protocol analyzer exists
+      final analyzerCheck = await Process.run('ls', ['-la', './protocol_analyzer']);
+      if (analyzerCheck.exitCode != 0) {
+        print('⚠️  nDPI protocol analyzer not available - using basic pattern matching');
+        await _basicProtocolAnalysis(hexBytes, conn);
+        return;
+      }
+      
      // Call our C nDPI analyzer
      final result = await Process.run('./protocol_analyzer', [hexString]);
      
@@ -436,6 +444,51 @@ class ProtocolBlockingService {
           blockedCategories.contains(category);
  }
  
+  static Future<void> _basicProtocolAnalysis(List<String> hexBytes, Connection conn) async {
+    print('🔍 Using basic pattern matching fallback');
+    
+    // Convert hex to ASCII for pattern matching
+    final asciiData = _extractAsciiFromHex(hexBytes);
+    final hexString = hexBytes.join('').toLowerCase();
+    
+    String? detectedProtocol;
+    
+    // BitTorrent detection
+    if (asciiData.contains('BitTorrent protocol') || hexString.contains('13426974546f7272656e742070726f746f636f6c')) {
+      detectedProtocol = 'BitTorrent';
+    }
+    // SSH detection
+    else if (asciiData.contains('SSH-2.0') || asciiData.contains('SSH-1.')) {
+      detectedProtocol = 'SSH';
+    }
+    // HTTP detection
+    else if (asciiData.toLowerCase().contains('get ') || asciiData.toLowerCase().contains('post ') || asciiData.toLowerCase().contains('http/')) {
+      detectedProtocol = 'HTTP';
+    }
+    // TLS/SSL detection (0x16 = handshake record type)
+    else if (hexBytes.isNotEmpty && hexBytes.first.toLowerCase() == '16') {
+      detectedProtocol = 'TLS/SSL';
+    }
+    // SMTP detection
+    else if (asciiData.contains('220 ') && conn.remotePort == 25) {
+      detectedProtocol = 'SMTP';
+    }
+    
+    if (detectedProtocol != null) {
+      print('🎯 BASIC DETECTION: $detectedProtocol');
+      
+      // Simple blocking logic for basic patterns
+      if (['BitTorrent', 'eMule'].contains(detectedProtocol)) {
+        print('🚫 BLOCKING PROTOCOL: $detectedProtocol');
+      } else {
+        print('✅ ALLOWING PROTOCOL: $detectedProtocol');
+      }
+    } else {
+      print('❓ UNKNOWN PROTOCOL (basic analysis)');
+      print('🔤 ASCII sample: ${asciiData.replaceAll(RegExp(r'[^\x20-\x7E]'), '.').substring(0, 50)}...');
+    }
+  }
+  
  static List<String> _extractHexBytes(String tcpdumpOutput) {
    final hexPattern = RegExp(r'0x[0-9a-f]+:\s*([0-9a-f\s]+)', caseSensitive: false);
    final matches = hexPattern.allMatches(tcpdumpOutput);