IMBENJI.NET/waylume_server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add fallback protocol analysis for unavailable nDPI analyzer

Browse Source
This commit is contained in:
ImBenji
2025-08-29 01:44:42 +01:00
parent 7a7503d474
commit b03378c99d
1 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
lib/services/protocol_blocking_service.dart
View File

@@ -376,6 +376,14 @@ class ProtocolBlockingService {
print('🔢 Analyzing ${hexBytes.length} bytes of packet data'); print('🔢 Analyzing ${hexBytes.length} bytes of packet data');
try { try {
// First check if the protocol analyzer exists
final analyzerCheck = await Process.run('ls', ['-la', './protocol_analyzer']);
if (analyzerCheck.exitCode != 0) {
print('⚠️ nDPI protocol analyzer not available - using basic pattern matching');
await _basicProtocolAnalysis(hexBytes, conn);
return;
}
// Call our C nDPI analyzer // Call our C nDPI analyzer
final result = await Process.run('./protocol_analyzer', [hexString]); final result = await Process.run('./protocol_analyzer', [hexString]);
@@ -436,6 +444,51 @@ class ProtocolBlockingService {
blockedCategories.contains(category); blockedCategories.contains(category);
} }
static Future<void> _basicProtocolAnalysis(List<String> hexBytes, Connection conn) async {
print('🔍 Using basic pattern matching fallback');
// Convert hex to ASCII for pattern matching
final asciiData = _extractAsciiFromHex(hexBytes);
final hexString = hexBytes.join('').toLowerCase();
String? detectedProtocol;
// BitTorrent detection
if (asciiData.contains('BitTorrent protocol') || hexString.contains('13426974546f7272656e742070726f746f636f6c')) {
detectedProtocol = 'BitTorrent';
}
// SSH detection
else if (asciiData.contains('SSH-2.0') || asciiData.contains('SSH-1.')) {
detectedProtocol = 'SSH';
}
// HTTP detection
else if (asciiData.toLowerCase().contains('get ') || asciiData.toLowerCase().contains('post ') || asciiData.toLowerCase().contains('http/')) {
detectedProtocol = 'HTTP';
}
// TLS/SSL detection (0x16 = handshake record type)
else if (hexBytes.isNotEmpty && hexBytes.first.toLowerCase() == '16') {
detectedProtocol = 'TLS/SSL';
}
// SMTP detection
else if (asciiData.contains('220 ') && conn.remotePort == 25) {
detectedProtocol = 'SMTP';
}
if (detectedProtocol != null) {
print('🎯 BASIC DETECTION: $detectedProtocol');
// Simple blocking logic for basic patterns
if (['BitTorrent', 'eMule'].contains(detectedProtocol)) {
print('🚫 BLOCKING PROTOCOL: $detectedProtocol');
} else {
print('✅ ALLOWING PROTOCOL: $detectedProtocol');
}
} else {
print('❓ UNKNOWN PROTOCOL (basic analysis)');
print('🔤 ASCII sample: ${asciiData.replaceAll(RegExp(r'[^\x20-\x7E]'), '.').substring(0, 50)}...');
}
}
static List<String> _extractHexBytes(String tcpdumpOutput) { static List<String> _extractHexBytes(String tcpdumpOutput) {
final hexPattern = RegExp(r'0x[0-9a-f]+:\s*([0-9a-f\s]+)', caseSensitive: false); final hexPattern = RegExp(r'0x[0-9a-f]+:\s*([0-9a-f\s]+)', caseSensitive: false);
final matches = hexPattern.allMatches(tcpdumpOutput); final matches = hexPattern.allMatches(tcpdumpOutput);